My main concern is that, with ID, it becomes possible to do a Sim swap or number port, which would be the start of a heap of nightmares. Luckily, buried at the bottom of Optus' announcement, they mention that (for the moment) those can now only be done in person, in-store, with physical ID.
For the other stuff (address, name, DoB)...what are the things nearly everyone asks when you ring to make account changes, to verify you are you..
I'd be careful with the home address too (although you should be ok). I moved around a bit a few years ago, and lost track of where I'd updated my address. It was usually as simple as 'I think my most recent address with you is X, can you please update it to Y', and as long as the other stuff checked out, no questions were asked.
And yeah, I had to laugh about that press release :/
Still no email this side. No news is good news, right?
Ah man, I'm sorry to hear that. No emails here yet, but not to say I'm not in the category one down yet (which is only slightly less bad).
I'm starting to worry about the general public's understanding of the ramifications of this. When it first broke, I was pretty upset, and my partner (well educated, and with me long enough to understand some things about breaches) thought my concerns and anger at optus was excessive. It's only after I explained to her in some detail a few scenarios of what could happen with the information, that she asked questions about what we should be doing.
I think we'll be seeing fallout from this for years to come.
Based on one newer article I've seen, leaked data dates back to 2017, so...
No idea how accurate this is just yet though.
They claim to have started notifying people today (Saturday), with customers with most amount of info leaked being prioritised. Supposedly if you've had ID information stolen, you'll know today. Fingers crossed.
All it takes to register a new number here, are your details including name, DoB, physical address (all the complete ones leaked), the type of ID used (passport, drivers license) and the number on that ID. You can do it in about 5 minutes online, and the number is then active (but not before).
Not even a copy of the document is required, and it doesn't have to be sighted by anyone. From memory, you don't even have to supply the expiry date on the document (and driver's license numbers remain static).
One of the first things I see happening, is criminals using this to obtain burner numbers not traceable to them.
This just twigged something for me - there is now enough information available to easily do number ports, giving someone else control of the number used for MFA. Anything that relies on your number to verify account actions, transactions, etc is now at risk.
I'm pretty certain I'll get burned at the stake for saying this, but similar to another poster - the one that works.
I spent hundreds playing with mechanical keyboards, used company issued ones, etc... But I'm now on my second Apple magic (on non-apple machines), and won't go back. Good tactile feedback, quiet (for my coworkers), flat (easy on my wrists), loooong battery life (no cables), light & small (to take home with my laptop).
Check the terms - if you already own them, you're grandfathered into the Connect (highest tier) package for free (for now, at any rate).
I recently got a second hand remarkable, and absolutely love it, but not sure how I feel about them pulling this sneaky (however justified it may be). It's not that my assets are in jeopardy, but I'm slowly developing a whole new workflow, which I don't want upended 12 months from now if they decide to charge everyone...
Oddly, to your first point, I've had exactly the opposite experience. Came from a company that used sharepoint for almost everything, that I referred to as /dev/null - if you didn't know EXACTLY what you were looking for, search was useless after you uploaded or created something. It was not uncommon for the document with matching search terms in the title, to show up on page 3 of the results.
Moved to a company that used Confluence for almost everything (there was already a fair bit of content), and search was an absolute dream. Even with terrible search terms, the page (or document) you were looking for was invariably in the first 3 results.
Orbiting the Giant Hairball (Gordon MacKenzie). I gave my copy to someone, and never got it back, but would love to read it again. Not one thing in particular stuck, but the book as a whole provided some interesting insights on working for big companies as a 'creative' (yes, programmers are creative) individual.
Awesome link! I'll definitely check it out. I recently got myself a reMarkable 2, and was looking for a PDF diary template (which I then annotate), in lieu of the ability to update actual notebook templates on the reMarkable. This also gives me a full diary, rather than having to create one as I go.
I think it was Scott Adams that had the discussion about being the best at one thing, vs being (very) good at more than one thing, and in that nexus you can shine.
I too very much enjoyed your writing style - have you considered going into technical writing of some description? For sure, I would read a lot more documentation/articles/blogs/howots if they were actually engaging reads...
A number of people have touched on the fact that comments (even 'obvious' ones) provide boundaries, context and intent. I very much agree with this, with a couple of additional comments somewhat particular to embedded development:
- Compared to most user facing development, where probably >75% of code is purely for interaction (and potentially more repetitive, obvious, and readable), a LOT of embedded code is not so readable, and quite often context is key. Good comments (even on apparently obvious code) almost always carry some context (why do this here, and why in this order, why the specific delay before reading the ADC, etc)
- Because almost all the code is in some way business logic, it is definitely easier at times to read the flow of comments, rather than work out directly from the code which register someone is trying to set, and why, or why some seemingly arbitrary value is being incremented (that is actually being read by a parallel task somewhere else)
- As always, good comments are as much for yourself six months from now, as for the guy replacing you 6 years from now. Sometimes, it is just a good way to document your thought process, as well as provide reasonably up to date system documentation, since ACTUAL design documentation almost always gets neglected.
Basically - comment as much as you can, and as much as you need. Try and keep it up to date. It doesn't matter if it's seemingly obvious, or discussing the reasoning behind a particular architectural decision. Nobody I know has ever complained about too many comments, and if anything, more would have always been better.
At a previous company I worked at in a niche field, we had several field specific control units used for development and debugging (you pretty much couldn't work without these). They were just expensive enough to have to jump through hoops to buy them, and just cheap enough that all hell didn't break loose if one got lost, loaned (permanently) to a client, etc. Consequently, we were always short, and people tended to furiously guard 'their' equipment (to the point of lying about having one on hand, when asked). Due to testing during development the units were also quite prone to being blown (usually easily repaired, but enough of a nuisance for a pile of broken ones to be around, in case of absolute emergency).
How did one of my co-workers solve the problem? Labeled all his equipment as 'Broken' in his handwriting...
If I read correctly between the lines, while the FBI had 'the lead' on the app, the ability to decrypt was made possible by amendments to Australian Telecoms legislation (TOLA) in 2018, and hence the Australia (via the AFP) was the only country legally allowed to intercept this communication ('AFP provided the technical ability'). Can someone with more in-depth knowledge confirm if this is accurate?
There is one other elephant in the room that doesn't seem to be discussed much - lack of a code read protect feature (primarily, I guess, because lack of onboard flash).
I've ordered my first pico, and am really looking forward to playing with it (having done a lot of ARM work commercially lately), and from a maker's point, I think the foundation have it absolutely nailed feature-wise. In fact, I'm considering using the pico for a (potentially commercial) side project I've been wanting to do for years, but haven't found a cheap, powerful platform to do it on.
However, for anything that wants to transition to a commercial product, lack of CRP is a major roadblock. Yes, I know we all should/want to make our code open source, and have a support model for revenue. For most embedded sellable products, the core IP is the code that runs on the micro, the development of which will be the main driver for product cost. If someone can easily lift that, hardware is easy(ish) to copy, and can potentially significantly undercut your product cost (and your ability to run a viable business).