Connect with us

Technology

Who, Me? When the wrong tool is used by a right tool • The Register

Voice Of EU

Published

on

Who, Me? The right tool for the job is a motto to live by. But in this week’s Who, Me? a Register reader recalls what happens when the wrong tool is used by a right tool.

Today’s story, from “Keith”, takes us back to the heady days of the 1990s and the expensive funnelling of market data to customers keen to maintain their edge.

The markets were about to close on the day in question when all the alarms in the world seemed to go off at once on Keith’s console. Important customers had suddenly lost connectivity and that vital data had stopped flowing. He glanced at the time – maintenance windows never opened earlier than half an hour after the markets had closed – so something bad must have happened.

He sprinted to the communications room, flung open the door … and found the head of comms standing sheepishly beside a rack of suddenly dead modems and multiplexers and a screeching UPS. A screwdriver was in his hand. Oh dear.

The targeted job? Changing a modem. Simple enough, but thanks to the evolutionary manner in which the cabling had been built up over the years, not as straightforward as one might have hoped. All the power leads had been cable-tied into a bundle.

No matter, the comms boss had decided to get ahead of the game and remove the cable tie. Sure, the markets were still open, but it wasn’t as if he was going to unplug anything, right? Just a bit of prep work.

Of course, the cutters were on the other side of the room. But he had a screwdriver, so to save time he had opted to break the tie by just inserting the screwdriver, twisting, and … oops.

“The tip of the driver had slipped,” said Keith, “and cut through a random power cord and sent a spike through that whole rack, and the UPS was complaining about an over/under voltage spike, shrieking to wake the dead.”

Usually, the circuit breaker in the power strip would have prevented too much damage, but so severe was the shock that even that had been broken. Keith’s team broke into two groups – one to find a spare strip and reconnect it, the other to recover the hardware.

“Many of them were single power,” he said ruefully. “Not only that, but almost every device had a blown fuse in it.”

The newer devices had their own circuit breakers, but much of the kit was of the “replacement deferred due to budget” variety; technically still within their lifespan, but very long in the tooth.

“Not a problem, right?” thought Keith. “We had a box full of fuses lying around somewhere?”

No, they did not. What they did find – after scouring the stores, closets, and basements – were fuses of entirely the wrong type and rating. In the end, decommissioned devices were torn open and their fuses scavenged.

“I think we finally got that rack fully back up at about 8pm, some four hours after the market close,” recalled Keith, “and that had included upgrading two devices from new install hardware that had been slated for other use.

“Several devices required a reconfiguration by hand since of course we had no backups of the configs, except a few random printouts.”

The following morning a meeting was convened that featured the very biggest of cheeses, including the CEO and president. As head of operations, Keith was present. As was Sir Screwdriver himself, the head of comms.

Unsurprisingly, the action items came thick and fast. “Comms and ops had to check each other’s wiring for compliance to the standards,” remembered Keith, “which I got the job of writing down from the word-of-mouth lore that we had been using.”

The work included checking out the devices and power supplies. Not a problem for the 100 or so servers in the ops room and their tidy cabling. It was an altogether different challenge for Keith in the comms room and its less-than-structured approach to cable management, however. He turned up a dozen miswired devices and racks running from two power strips on the same UPS – all thankfully fixed and documented before Sir Screwdriver could return to his time-saving ways.

Some things really weren’t better in the old days.

Have you ever stuck a screwdriver where you shouldn’t? Or tried to recover a configuration located only in the memory of the longest serving member of staff? Tell us your story with an email to Who, Me? ®

Source link

Technology

Molly Russell inquest: social media ‘almost impossible’ to keep track of, says teacher | UK news

Voice Of EU

Published

on

The headteacher of Molly Russell’s secondary school has told an inquest into the teenager’s death it is “almost impossible” to keep track of the risks posed to pupils by social media.

North London coroner’s court heard of the “complete and terrible shock” at Molly’s school after the 14-year-old killed herself in November 2017. Molly, from Harrow in north-west London, killed herself after viewing extensive amounts of online content related to suicide, depression, self-harm and anxiety.

Sue Maguire, the headteacher at Hatch End high school in Harrow, was asked how difficult it was for a school to stay on top of dangerous social media content.

She said: “There is a level where I want to say it is almost impossible to keep track of social media but we have to try, and we have to respond to the information as we receive it.”

Describing the school’s “shock” at Molly’s death, Maguire added that teachers had warned students about the “dangers of social media for a long time”.

She said: “Our experience of young people is that social media plays a hugely dominant role in their lives and it causes no end of issues. But we don’t present a stance that they should not use it. But it presents challenges to schools that we simply didn’t have 10 or 15 years ago.”

Oliver Sanders KC, representing the Russell family, asked Maguire whether the school was aware of the suicide and self-harm-related content available to students on sites such as Instagram.

Maguire said: “At the time, we were shocked when we saw it. But to say that we were completely shocked would be wrong because we had been warning young people about the dangers of social media for a long time.”

The deputy headteacher, Rebecca Cozens, who is also head of safeguarding at the school, told the inquest once young people had gone “down the rabbit hole” on social media, it was a “deep one”.

Asked by Sanders whether there was an awareness of the type of material Molly had engaged with, Cozens said: “I don’t think at that time an awareness of the depth of it and how quickly it would snowball … and the intensity then, when you’re going down that rabbit hole it is a deep one.”

On Monday a senior executive at Meta, the owner of Instagram, apologised after acknowledging that Molly had viewed content that breached the platform’s content guidelines. Elizabeth Lagone, the head of health and wellbeing policy at Meta, said: “We are sorry that Molly saw content that violated our policies, and we don’t want that on the platform.”

Last week an executive at Pinterest, another platform Molly interacted with heavily before her death, said the site was not safe when the teenager used it.

The senior coroner, Andrew Walker, told the Russell family he would deliver his conclusions by the end of the week.

  • In the UK, the youth suicide charity Papyrus can be contacted on 0800 068 4141 or email pat@papyrus-uk.org, and in the UK and Ireland Samaritans can be contacted on freephone 116 123, or email jo@samaritans.org or jo@samaritans.ie. In the US, the National Suicide Prevention Lifeline is at 800-273-8255 or chat for support. You can also text HOME to 741741 to connect with a crisis text line counsellor. In Australia, the crisis support service Lifeline is 13 11 14. Other international helplines can be found at befrienders.org

Source link

Continue Reading

Technology

Microsoft to kill off old access rules in Exchange Online • The Register

Voice Of EU

Published

on

Microsoft next month will start phasing out Client Access Rules (CARs) in Exchange Online – and will do away with this means for controlling access altogether within a year.

CARs are being replaced with Continuous Access Evaluation (CAE) for Azure Active Directory, which can apparently in “near-real time” pick up changes to access controls, user accounts, and the network environment and enforce the latest rules and policies as needed, according to a notice this week from Microsoft’s Exchange Team.

That might be useful if suspicious activity is detected, or a user account needs to be suspended, and changes to access need to be immediate.

“Today, we are announcing the retirement of CARs in Exchange Online, to be fully deprecated by September 2023,” the advisory read. “We will send Message Center posts to tenants using client access rules to start the planning process to migrate their rules.”

CARs is used by Microsoft 365 administrators to allow or block client connections to Exchange Online based on a variety of characteristics set forth in policies and rules.

“You can prevent clients from connecting to Exchange Online based on their IP address (IPv4 and IPv6), authentication type, and user property values, and the protocol, application, service, or resource that they’re using to connect,” according to a Microsoft document from earlier this year.

For example, access can be granted to Exchange resources from specific IP address, and all other clients blocked. Similarly, the system can filter access to Exchange services by department or location, or based on usernames.

Microsoft announced the replacement CAE in January, touting its ability to act fast on account revocation, disablement, or deletion; password or user location changes; the detection of nefarious activity; and other such updates, according to a blog post at the time by Alex Simons, corporate vice president of product management for the Windows giant’s identity and network access division.

“On receiving such events, app sessions are immediately interrupted and users are redirected back to Azure AD to reauthenticate or reevaluate policy,” Simons wrote. “With CAE, we have introduced a new concept of zero trust authentication session management that is built on the foundation of zero trust principles – verify explicitly and assume breach.”

With this zero-trust focus, session integrity – rather than a set session duration – is what dictates a user’s authentication lifespan, we’re told.

CAE not only aims to give enterprises greater and more immediate control over access and events, but users and managers may appreciate the speed at which changes are adopted, Microsoft claims.

“Continuous access evaluation is implemented by enabling services, like Exchange Online, SharePoint Online, and Teams, to subscribe to critical Azure AD events,” Microsoft added earlier this month. “Those events can then be evaluated and enforced near real time. Critical event evaluation doesn’t rely on Conditional Access policies so it’s available in any tenant.”

Critical events can include a user account being deleted or disabled, a user password is changed or reset, or multifactor authentication is enabled for a user. There also are other events, such as when an administrator explicitly revokes all refresh tokens for a user or a rogue insider is detected by Azure AD Identity Protection.

Finally, for workload identities, CAE enforces token revocation for workloads, among other things, according to Microsoft. ®

Source link

Continue Reading

Technology

EU proposes new liability rules around AI tech to protect consumers

Voice Of EU

Published

on

The current EU rules around product liability are more than 40 years old, meaning they do not cover harm caused by drones and other AI tech.

The European Commission has outlined a set of new proposals to enable people who are harmed by AI tech products to seek and receive compensation.

The proposals were published today (28 September). They are designed to comply with the EU’s 2021 AI Act proposal, which set out a framework for trust in AI-related technology.

Today’s AI Liability Directive aims to provide a clear and comprehensive structure for all Europeans to claim compensation in the event they are harmed by AI tech products, such as drones and robots.

The EU’s directive includes rules for businesses and consumers alike to abide by. Those who are harmed by AI products or tech can seek compensation just as they would if they were in harmed any other way.

The rules will make it easier for people who have been discriminated against by AI technology as part of the recruitment process, for example, to pursue legal action.

An example of harm that may be caused by tech products is data loss. Robots, drones, smart-home systems and other similar digital products must also comply with cybersecurity regulations around addressing vulnerabilities.

The directive builds on existing rules that manufacturers must follow around unsafe products ­– no matter how high or low-tech they are.

It is proposing a number of different strategies to modernise and adapt liability rules specifically for digital products. The existing rules around product liability in the EU are almost 40 years old, and do not cover advanced technologies such as AI.

European commissioner for internal market, Thierry Breton, said that the existing rules have “been a cornerstone of the internal market for four decades”.

“Today’s proposal will make it fit to respond to the challenges of the decades to come. The new rules will reflect global value chains, foster innovation and consumer trust, and provide stronger legal certainty for businesses involved in the green and digital transition.”

Vice-president for values and transparency, Věra Jourová, said that for AI tech to thrive in the EU, it is important for people to trust digital innovation.

She added that the new proposals would give customers “tools for remedies in case of damage caused by AI so that they have the same level of protection as with traditional technologies”. The rules will also “ensure legal certainty” for the EU’s internal market.

As well as consumer protection, the proposals are designed to foster innovation. They have laid down guarantees for the AI sector through the introduction of measures such as the right to fight a liability claim based on a presumption of causality.

The AI Liability Directive will need to be agreed with EU countries and lawmakers before it can become law.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!