|
https://twitter.com/xorrior/status/1000053217298997257
|
# ? May 25, 2018 17:50 |
|
|
# ? Apr 29, 2024 18:18 |
|
admittedly i havent followed very closely but kinda perplexed as to what CPU manufacturers are expected to do to be "secure", are they supposed to abolish all out of order execution so that the processor can never do anything clever???
|
# ? May 25, 2018 18:09 |
|
lemme tell ya there's nothing i like more than simpletons thinking up security mandates in committee and then piling them on me until I literally have no discretion to develop any product features
|
# ? May 25, 2018 18:22 |
|
IT big boss: "if i have to shut down a system to meet security requirements, then i will shut it down" well fine, enjoy having the most secure Nothing in the world
|
# ? May 25, 2018 18:23 |
|
Gazpacho posted:admittedly i havent followed very closely but kinda perplexed as to what companies are expected to do to be "gdor compliant", are they supposed to abolish all access to pii so that the employees can never do anything clever???
|
# ? May 25, 2018 18:30 |
|
eu law does not actually apply to people outside the eu just because they’re an eu citizen, that is not how international law works. a tourist is subject to the laws of the place they’re visiting
|
# ? May 25, 2018 18:42 |
|
i work specifically in the software domain of identifying and tracking people and first there was this equifax breach which sent a shitload of security mandates my way and now there's the facebook and GDPR blowup and in the same time frame our headcount has been slashhed, idk how i can take another month of this but none of these stupid mandates has changed my conviction that the software i worked on provided value to customers and end users Gazpacho fucked around with this message at 18:48 on May 25, 2018 |
# ? May 25, 2018 18:45 |
|
rjmccall posted:eu law does not actually apply to people outside the eu just because they’re an eu citizen, that is not how international law works. a tourist is subject to the laws of the place they’re visiting
|
# ? May 25, 2018 18:54 |
|
rjmccall posted:eu law does not actually apply to people outside the eu just because they’re an eu citizen, that is not how international law works. a tourist is subject to the laws of the place they’re visiting the same principle is why Americans aren't taxed for income earned in other countries
|
# ? May 25, 2018 19:00 |
|
as an american citizen my 2nd amendment constitutional rights allow me to open carry my ar-15 worldwide
|
# ? May 25, 2018 19:01 |
|
evil_bunnY posted:That's not what people are saying. If you're doing business with EU citizens (residing in the EU at the time of transaction) then you're effectively doing business in the EU. In that sense, your compliance with GDPR is not contingent on your business being in the EU. Shifty Pony posted:that's the best drat part of gpdr. my understanding is that even those "block the entire EU IP space" things won't make you compliant because an EU citizen could access your service while vacationing. evil_bunnY posted:If you service EU citizens, you gotta be compliant. If you're not an EU entity you can still be found non-compliant and fined, tho enforcement might be problematic. it's not just a matter of enforcement, eu rules do not apply outside the eu as a matter of law
|
# ? May 25, 2018 19:03 |
|
like if you're a non-eu entity servicing eu citizens in the eu that's different, as is an eu entity servicing whomever outside the eu. but a non-eu entity is not subject to eu law outside the eu just because their client is an eu citizen
|
# ? May 25, 2018 19:07 |
|
Gazpacho posted:i work specifically in the software domain of identifying and tracking people and first there was this equifax breach which sent a shitload of security mandates my way and now there's the facebook and GDPR blowup and in the same time frame our headcount has been slashhed, idk how i can take another month of this that software is bad and you are bad for choosing to work on it and no amount of suffering for you is too much as long as you continue to work on it sure i built a pervasive surveillance state that facilitated horrible poo poo but I think the people i tracked appreciates the personalized ad experiences we were able to deliver
|
# ? May 25, 2018 19:14 |
|
PCjr sidecar posted:that software is bad and you are bad for choosing to work on it and no amount of suffering for you is too much as long as you continue to work on it
|
# ? May 25, 2018 19:17 |
|
Gazpacho posted:say all that after someone who isn't you successfully gains access to your online banking, you jackass The legislation seems to have pretty big get out clauses for legal and financially obligated data collection, doesn't that apply here?
|
# ? May 25, 2018 19:20 |
|
it's ok, i use a password manager and two... wait, is that your bank that allows only 6 character pin with only alphanumeric characters that constantly gets posted in here?
|
# ? May 25, 2018 19:21 |
|
Chalks posted:The legislation seems to have pretty big get out clauses for legal and financially obligated data collection, doesn't that apply here?
|
# ? May 25, 2018 19:23 |
|
So you're providing fraud protection but a bank cannot argue that fraud prevention is an essential part of their service or that they're legally/financially obligated to perform it?
|
# ? May 25, 2018 19:25 |
|
Gazpacho posted:i work specifically in the software domain of identifying and tracking people and first there was this equifax breach which sent a shitload of security mandates my way and now there's the facebook and GDPR blowup and in the same time frame our headcount has been slashhed, idk how i can take another month of this
|
# ? May 25, 2018 19:27 |
|
Chalks posted:So you're providing fraud protection but a bank cannot argue that fraud prevention is an essential part of their service or that they're legally/financially obligated to perform it? if the fraud prevention is mandated by law then you must do it and you can keep the data for that, but if you have some kind of internal fraud or quality system that isn't mandated by law the data related to that is subject to gdpr protections
|
# ? May 25, 2018 19:31 |
|
Chalks posted:So you're providing fraud protection but a bank cannot argue that fraud prevention is an essential part of their service or that they're legally/financially obligated to perform it?
|
# ? May 25, 2018 19:31 |
|
https://twitter.com/andrewrstine/status/1000079766123245568
|
# ? May 25, 2018 19:33 |
|
rjmccall posted:like if you're a non-eu entity servicing eu citizens in the eu that's different, as is an eu entity servicing whomever outside the eu. but a non-eu entity is not subject to eu law outside the eu just because their client is an eu citizen Gazpacho posted:say all that after someone who isn't you successfully gains access to your online banking, you jackass evil_bunnY fucked around with this message at 19:37 on May 25, 2018 |
# ? May 25, 2018 19:34 |
|
evil_bunnY posted:people in civilized countries DGAF because they're not liable, and banks have actual standards to begin with.
|
# ? May 25, 2018 19:39 |
|
Gazpacho posted:i didn't say what countries we provide service in Which bit of the legislation is it that's causing headaches for you? It seems like fraud prevention would only really be concerned with the stuff about storing data securely.
|
# ? May 25, 2018 19:45 |
|
Chalks posted:Which bit of the legislation is it that's causing headaches for you? It seems like fraud prevention would only really be concerned with the stuff about storing data securely.
|
# ? May 25, 2018 19:51 |
|
Gazpacho posted:fraud prevention is a problem of verifying an actor's trustworthiness, not of providing a super-slick system for the actor to lie to I clearly don't understand enough about the methods being used here, and maybe you can't discuss them, but holding user data for your purposes seems to be fine by my understanding of it, and gathering information is presumably a case of requiring people to consent to fraud protection measures which seems straight forward to obtain. I guess you're monitoring people who aren't the legitimate user but are impersonating the legitimate user - but surely you're not responsible for collecting data about people who are pretending to be people who have given consent? I'm obviously missing some huge piece of the puzzle here but I'm legitimately interested in situations where non advertising companies are being hosed over by this legislation so if you're able to explain I'd be interested to hear it.
|
# ? May 25, 2018 19:58 |
|
there are no specific mandates regarding gdpr or data management yet but the previous round of mandates showed that the management is inclined to overreact blindly with zero fucks given about resources or preserving the system fucnctions that we need to develop and maintain product features
Gazpacho fucked around with this message at 20:31 on May 25, 2018 |
# ? May 25, 2018 20:28 |
|
Gazpacho posted:i work specifically in the software domain of identifying and tracking people and first there was this equifax breach which sent a shitload of security mandates my way and now there's the facebook and GDPR blowup and in the same time frame our headcount has been slashhed, idk how i can take another month of this External mandates are just the pain of life but for internal stuff if you dont have a story about how to respond to things someone else is going to make one (and that person will be an exec and dumb)
|
# ? May 25, 2018 20:30 |
|
Gazpacho posted:there are no specific mandates regarding gdpr or data management yet but the previous round of mandates showed that the management is inclined to overreact blindly with zero fucks given about resources or preserving the system fucnctions that we need to develop and maintain product features
|
# ? May 25, 2018 20:55 |
|
i have considered it throughout my employment here and have consistently been told "doesn't fit in the time frame" or "we don't sell that" and eventually stopped making suggestions leaving it to the idiot big boss to finally come in and drive things after we'd accumulated shitloads of debt. (gfys)
|
# ? May 25, 2018 20:59 |
|
gee whiz it's like i'm the only person in yospos who ever worked under management who thought basic best practices were "not a priority" (until they were, and then having resources to deploy them was not a priority)
|
# ? May 25, 2018 21:55 |
|
Gazpacho posted:gee whiz it's like i'm the only person in yospos who ever worked under management who thought basic best practices were "not a priority" (until they were, and then having resources to deploy them was not a priority)
|
# ? May 25, 2018 22:08 |
|
anthonypants posted:no but you did come in here to lay the blame squarely at the feet of the regulations, of which the rest of the world has known about for uhhhhhhhhhhhhhh two years? i mean, nobody thought they'd actually do it
|
# ? May 25, 2018 22:20 |
|
not being a european resident i had never heard a peep about gdpr until it came up obliquely in the zuckerberg testimony, my "blame" is directed at the magical idea that a data management utopia can be created by blasting out blind mandates (legal or corporate) without regard for resource availability or the continuity of existing services
|
# ? May 25, 2018 22:21 |
|
sounds like whoever it is in your company that deals with european customers is a real fuckup
|
# ? May 25, 2018 22:34 |
|
i mean if they're getting blindsided by new laws on the day enforcement begins it sounds like their company might not even have a legal department
|
# ? May 25, 2018 22:51 |
|
Gazpacho posted:gee whiz it's like i'm the only person in yospos who ever worked under management who thought basic best practices were "not a priority" (until they were, and then having resources to deploy them was not a priority) You're complaining about GDPR (because you see it creating headaches for you), but it sounds like your job is the root cause to your problems. Have you considered fixing that, or are you stuck where you are for the foreseeable future for external reasons?
|
# ? May 25, 2018 23:13 |
|
Gazpacho posted:not being a european resident i had never heard a peep about gdpr until it came up obliquely in the zuckerberg testimony, my "blame" is directed at the magical idea that a data management utopia can be created by blasting out blind mandates (legal or corporate) without regard for resource availability or the continuity of existing services if you don't have assets in the EU ur all good.
|
# ? May 25, 2018 23:16 |
|
|
# ? Apr 29, 2024 18:18 |
|
Shaggar posted:if you don't have assets in the EU ur all good. what if that's true of your company but not the clients you provide services to, and those clients are sending out forms to all their vendors requesting certification of gdpr compliance, because apparently gdpr says something about getting your vendors to comply?
|
# ? May 25, 2018 23:19 |