Posts by Scotech

Re: Treasury Security

I think (as the article alluded, but didn't explicitly state) that was mandarin for "It's a cloud service and we've got on-prem stuff that will stay on-prem, but we'd love to have it made accessible to Copilot for RAG please." Copilot agents can connect to a lot of data sources without needing much (if any) pro development, but to my knowledge those are mostly just cloud sources - if you have on-prem data, you're stuck. I know MS have on-prem gateways and other such tools specifically for this kind of low/no code integration, but I don't think any of the Copilot-branded tools can work with that yet. Or if they can, it's going to be extremely limited in scope. If you need to connect to on-prem data sources, especially ones with complex security requirements or exotic data formats, your best bet is still going to be going down the route of creating custom agents in Azure, which gets complicated and pricey. I think the idea here was to assess the usefulness of an off-the-shelf product, which obviously is going to be limited if it can't access the same context as the human user can.

Re: I hope those VPN services have beefed up their capacity.

Indeed. If one were feeling especially cynical, you might suspect that the whole reason much of the responsibility for enforcement was pushed to Ofcom, an arms-length quango, was precisely so that the incoming Labour administration wouldn't be able to let it wither on the vine while getting on with stuff that actually protects kids, like implementing the recommendations from the child sex abuse scandal. I'm not saying that Labour don't do performative politics, but the stunt the Tories pulled on that Bill last week was particularly low, even by their recent standards. To then have the temerity to say that they're the real champions of children's safety because of crap like this beggars belief.

Re: Age verification

Most network operators block adult sites by default. However, removing that block is usually trivial for the account holder, as operators just assume all account holders are adults, since it says in their ToS that they must be. Simple to close that loophole - don't allow the block to be lifted on PAYG accounts that don't have a credit card associated, or some other form of strong age-verification.

Re: Time to produce the audit trail

They definitely did know, because their staff were called as expert witnesses to testify to the workings of the system in a number of prosecutions. Note that it was just the workings though - the law only required them to demonstrate that the computer system was capable of providing the digital evidence submitted to the court, not to attest to the accuracy of that evidence. There was a presumption in favour of digital evidence that means the burden of proof was effectively reversed in these cases, and it's up to the accused party to prove the evidence is incorrect, rather than the other way around. To my knowledge, I think that might even still be the case in English criminal law.

Re: the usual state sponsored suspects

The amusing thing here is that most of the usual state-actor suspects when it comes to little acts of cyber-vandalism are probably the least likely to be involved in this kind of thing. Russia? China? Iran? North Korea? All huge fans of open-source. Its not in their interests to sabotage it, not when it provides their cheapest and easiest means of achieving parity with their rivals. As for the idea that western governments could be behind it, surely their efforts would be better spent infiltrating the project, than on stupid stuff like this? It makes no sense.

No, this smacks more of either people chasing bug bounties for minimal effort, or trying to generate 'activity' to pad out a CV for a tech job, but again, with minimum effort. Or they're just trolling, which is motive enough, for some people.

Re: WYF!

Yes, schools should definitely have switched to teaching cryptocurrency. NFTs and blockchains, which have turned out to be so important.

If students don't study it, how are they supposed to understand why they're not?

Re: WYF!

Snap! I did a L2 BTEC Certificate in Digital Applications course in Y10 & 11, and my school's head of IT also sneakily signed me up to do the GCSE alongside it, as my school offered both options. That BTEC was still the more useful of my two courses - although we used Dreamweaver for our Web design unit, I still got exposed to HTML, CSS, and crucially, JavaScript. Also, while yes, we were using MS Access for the unit on databases, the fundamentals were all there - keys, relationships, normalisation, queries, etc. And as a learning tool, access wasn't that bad, certainly better than either of Microsoft's modern 'alternatives' they're pushing (Lists and Dataverse for Teams). The GCSE, on the other hand, opened with an essay comparing the features available in Google versus Windows Live Search, then moved on to an essay about how to use a spreadsheet to handle personal finances. I dropped it halfway through that exercise. I later tried to take an A-level course in IT too, and dropped that after it immediately started heading the same direction. And our IT teachers were at least dedicated members of the IT department... shame they just weren't dedicated teachers too, besides a few good ones who left the faculty between my Y11 & 12.

Re: Another "R" - suggestions @Scotech

I completely understand the concern about people not understanding the fundamentals or underpinnings before moving on to abstractions. I came into an IT career the long way round - after becoming disillusioned in school due to the terrible way it was taught at the time, I went towards engineering, then fell out of love with that too, and took up a career in the voluntary sector, where my skills saw me slowly drifting back towards IT again, specifically Power Platform, MS's low-code stuff. I regularly encounter people who struggle to understand that these tools aren't built on thin air, there are logical underpinnings that you have to dig into and engage with in order to solve real problems, and if you don't understand them, you'll never understand the capabilities and limitations of the tools you're using.

One thing I've been glad to see in my own area of specialism is that Microsoft are finally putting in the work to bridge the gap between the people they call 'Makers' (people who know how to push buttons in the low-code interface to make stuff happen, without any real understanding of how it works) and their 'Developers' (people who work in code and infrastructure and don't, or barely, touch low-code tools at all). This is a vital niche I've been glad to see them working to fill, but it's just one product area in one company, and I think we need to see more effort being put in across the board by companies to peel back the veneer and let people see underneath to what their products are actually made of if they really want quality candidates coming into their recruitment pipelines.

Regarding the pace of changes, that's where I feel the role for coursework comes in. Part and parcel of IT as a field is keeping up with the constant changes coming at breakneck pace. Students should be expected to do an independent research assignment where they choose an emerging technology and discuss it in detail, or better yet, do a comparative analysis assignment where they discuss emerging technologies at the start of a course, then produce another analysis at the end in the context of the original, discussing how those technologies have evolved. In most fields, that wouldn't work, but in IT, 18 months is a long time - sufficient for something of note to have changed.

Re: taught to get the best out of tools like ChatGPT so they can succeed in life and modern careers

To be fair, I think BCS have some of the best materials out there for teaching the fundamentals of AI, with a strong focus on the importance of understanding how it works under the hood, how to determine if its an effective approach to solving a particular problem (and by extension, what kinds of problems it's a bad or unnecessary solution for) and the ethical considerations involved. They approach the subject with nuance, and don't shy away from the pitfalls. They also don't make the mistake of conflating AI and LLMs, and recognise that the field is broader than just a limited set of GPT models. I recommend checking them out: https://www.bcs.org/qualifications-and-certifications/certifications-for-professionals/artificial-intelligence-ai-certifications/

Re: Another "R" - suggestions

I'd actually expect it to be incorporated to a degree into all of those other subjects:

Reading - this is an obvious candidate, as one of the best things about computers is their ability to help us organise, search, parse and reference vast amounts of information. When I was in school, we were taught to do things like scan a text for key terms to find relevant information quickly, use the table of contents, index, glossary and references, etc. All of these tasks can be done more quickly and efficiently with the aid of computers, and it could even be extended to include one of the very few things LLMs are actually good for - extracting and summarising relevant portions of text from a larger body - plus, you then get to teach the importance of critical reading and checking your sources...

Writing - Typing skills and word processors, 'nuff said. Who writes anything by hand anymore? I regularly go for weeks at a time between hand-writing things, and I appreciate I might be an extreme case, and that its still a vital skill to teach, but even when I was in school, the majority of writing was done on a PC, and that was two decades ago. And then there's the plethora of digital writing aids out there, including (whisper it, so we don't upset the cranks like me!) AI. Writing, these days, is an IT skill.

Arithmetic - Do I even need to argue this one? We already had calculator exams well before I was in school, and perhaps there's space here for a segment looking specifically at the use of more advanced stuff like python scripting to solve maths problems? Would seem a good avenue to expose kids to coding, at least.

The key thing here is that, digital skills aren't a thing. We need to teach kids to approach things and think about everyday tasks and problems in a digital-first context, not keep treating them as a separate class of skills on top of classical approaches to things

Re: WYF!

Ridiculous that this is still an issue. When I was in school 20 years ago, we had the opposite problem - tons of qualifications that amounted to little more than a certificate of competence in using MS Office and Google, but very little of substance for those wanting to pursue a proper career in IT. Now it seems the pendulum has swung back in the opposite direction. How hard is it to grasp that both approaches have their place? We need qualifications that are focused on practical applications of digital technology, with separate skills pathways that can support people to become end-users, administrators or developers.

And our education system needs to stop treating studying emerging technologies as optional! Today's novelties quickly become tomorrow's essential tools in tech, the field moves at a pace few other school subjects can match, save perhaps for 'modern studies'. I get that it can be hard to figure out which things are fads, and which will catch on, but it's surely possible to allow some space in the curriculum to let teachers lead a study on this stuff... Or is lab-based coursework no longer a thing?

Re: About Enforcement And Verification And Safety....

The kind of organisations that think on that level when it comes to breaking cryptography aren't the ones this law is aiming to help. It's less for MI5&6's benefit than it is for the likes of Essex constabulary, or other forces whose forensic data specialists do the job on Sundays as a nice break from their 9-5 job installing McAfee on little old ladies' PCs. The plod in this country seem to only have about five actual experts who they share around the various forces, and the rest are folks who took a course on how to use Excel, which immediately makes them head and shoulders more qualified than everyone else in their forensics team. Under those circumstances, I'm not all that surprised that these forces are begging for laws like this, however unrealistic its ambitions are. They're in for a rude awakening though, when they realise that it'll have bugger-all impact on their backlogs.

Re: But...HOW?

If they had a sufficient method to reliably crack E2E encryption (classified or not) there'd be no need for this law, because the pre-existing setup for 'lawful intercept' via ISPs and network operators would be all they need to obtain the data in-transit. The specific issue this law is attempting (and utterly failing) to address is that proper E2E services can't be intercepted, even by the platform operator, especially if the comms are P2P and don't run through any form of centralised server. The only way this can possibly be addressed is to in some way compromise the encryption, either by breaking the E2E by effectively forcing providers to route all comms through their own servers where they can selectively MITM any and all of the messages, or else by breaking the encryption itself by adding in some kind of backdoor, which would likely be spotted by some bad actor and used to compromise all messages sent on that service. There is no secret 'decrypt this instantly' button or technology that works on properly encrypted data - this law's existence is proof of that.

But then he'd be no better than the likes of HashiCorp and RedHat!

If there's one thing Matt loves, it's pretending he's a White Knight. Admitting this is all just about money would feel too grubby for him to contemplate, hence this fudge.

Yeah, it's not the first time they've said that in a response, and it had me scratching my head too. I don't understand on what possible interpretation of the facts they can base that assertion. All I can conclude is that Automattic has joined the post-truth brigade, rendering any statement of theirs immediately dismissable. They can go deny reality with the other fruitcakes and the cheeto's mob, I've lost interest in anything they have to say on the matter at this point. WPE have them bang to rights, and Matt's expensive lawyers are milking him for all they can - feeding his delusions, when the most he can hope to achieve here is damage limitation.

This is a man who puts his blog on the homepage of the dashboard of his product (and gets pissy if anyone ever removes it) and who embedded his own name into the name of his company. He's been an egotistical narcissist all along, but usually he's confined that to relatively harmless spats. This time, I guess he's just off his meds or something?

Re: The Community Team...

They can just call it the 'WordPress Users Sydney' conference, or something similar. Automattic can scream 'til they're blue in the face about their commercial rights to the trademark, but this would be a fairly clear-cut case of fair use, since there's no other way of referring to the primary subject-matter of the conference. So long as the name doesn't use the official 'WordCamp' brand, and so long as it doesn't use the WordPress logo or branding in any way that might imply it's directly affiliated with Automattic or the WordPress Foundation, it's fair game. Taking a stand is the only way Matt's going to be reined in here. Unfortunately I don't think most volunteer organisers would have the stomach for a fight like that, and I don't blame them.

For a trademark to be enforceable, it must be actively defended. The "WordPress" trademark has been minimally defended since its inception, and the WP trademark is basically non-existent. Sure, WordPress has a logomark featuring those letters, but my understanding is that those two concepts aren't cognate in IP law - the logomark doesn't equate to the letters it bears any more than the McDonald's 'golden arches' logomark grants them exclusive rights to the letter "M" in the fast food industry. The law here is clear - unless WordPress a) actively used the 'WP' letters as an integral part of its branding, b) used them as such prior to any other claims being made over their use in a trade context, and c) actively defended their exclusive rights to use said trademark against infringement by other parties; there simply isn't a legal trademark to be defended. Again, the same could probably be argued regarding the rest of the WordPress brand as a whole, given how freely it's been bandied around for the past decade and a half, with little to no enforcement of any rights (commercial or otherwise) until very recently. Matt is an idiot for trying this tactic, as it's very likely to blow up in his face. Add to that the mess of potential tortious interference claims he's racking up, all with measurable monetary damages, and he's created a legal minefield for himself, his business, and the WordPress foundation he effectively owns.

So no, it's nothing like the situation with Microsoft and its trademarks, all of which have been vigorously defended from the very beginning. Oh, and they also do allow others to brand themselves using the letters 'MS', which they don't consider to be a trademark, and don't use officially for that reason. See 'MSCRM-ADDONS' for a real-life example.

Re: Well...

According to the article, ~80% of the people who took the deal were from the WordPress/ecosystem division, it doesn't necessarily translate that 80% of the staff in that division left. I believe its a significant chunk of the staff, but nowhere near four-fifths of them.