* Posts by Mike 137

760 posts • joined 10 Sep 2009


UN warns of global e-waste wave as amount of gadgets dumped jumps 21% in 5 years

Mike 137 Silver badge

Re: So start legislation...

The fundamental problem is that to keep device prices as they are, churn is essential. Otherwise the revenue dries up.

In the days of mainframes, we leased hardware and paid for maintenance and support. That both provided a continuous revenue stream and allowed the hardware to remain in service for decades, but if you're paying once off to own, either the price has to be very high or the lifespan short. We've chosen the latter option, so there's inevitably a stream of waste, and because technological advances lead to obsolescence recycling has limited potential.

Humans are very good at cornering themselves.

Mike 137 Silver badge

Re: Someone's confused

Not necessarily confused. The per capita figures may be correct, and the total depends on how many people are contributing at the given rate in each nation. We don't have the total for Oceania.

Consumer orgs ask world's competition watchdogs: Are you really going to let Google walk off with all Fitbit's data?

Mike 137 Silver badge

Re: Alternative Issue....

"any product/device MUST allow the owner/user to use it without the requirement for ANY internet connection or service"

That's an excellent ideal, but unfortunately the only real commercial advantage is in the data. Mostly the hardware is sold at break even so they can get at the data stream where the profit lies.

Cisco SMB kit harbors cross-site scripting bug: One wrong link click... and that's your router pwned remotely

Mike 137 Silver badge

Old as the hills and still being perpetrated

"The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software."

When, oh when, will developers accept that specific white list based context dependent validation is essential for every input?

It's far from sufficient to declare that you "haven't heard of our cock-up being abused", particularly as it's so simple to avoid making it in the first place.

Anyone heard of OWASP?

Brit MPs vote down bid to delay IR35 reforms, press ahead with new tax rules for private-sector contractors

Mike 137 Silver badge

In the foreseeable future ...

I anticipate a near future where the majority if not all of new hires are contracts under IR35. As this absolves the employer from paying for pensions, holiday and sickness benefits and permits dismissal at a moment's notice it's likely to catch on quickly. The "employee" is still likely to be expected to provide professional indemnity and public liability insurance and to travel on the employer's business at their own expense.

This could well be the future for all of us not just the much maligned "contractor".

Never knowingly under-digitally transformed: Retailer John Lewis outsources tech function to Wipro

Mike 137 Silver badge

Re: JL is supposed to be a staff owned enterprise

So does that mean 244 partners stripped of their partnership without their consent?

Interesting how this might pan out if challenged. TUPE applies to employees - not at all clear whether it applies to partners.

Someone must be bricking it: UK govt website for first-time home buyers snapped up for £40,000 after left to expire

Mike 137 Silver badge

Re: Some junior management grade messed up...

Not necessarily a junior, maybe the process.

On assignment in a senior management role, I was asked to buy a digital certificate for a government department personally using my own credit card and then get a refund on expenses. They had no formal mechanism for this.

Academics call for UK's Computer Misuse Act 1990 to be reformed

Mike 137 Silver badge

Re: Wording Mistake to Avoid

Not even really "what they should be interested in" but what it in their best interest, i.e. what is conducive to the common good - a completely different meaning of the word "interest" that has nothing at all to do with whether we want to know about something.

Remember when we warned in February Apple will crack down on long-life HTTPS certs? It's happening: Chrome, Firefox ready to join in, too

Mike 137 Silver badge

Re: Will this be a problem for embedded device certs?

"Browsers at a minimum need to have a setting that allows long lifetime certificates to be used."

Perfectly valid comment - in fact browsers should have a setting that allows the user to decide which certificates (and indeed which TLS versions) to accept. I'm getting utterly frustrated with browser vendors making these decisions for me - I should be allowed to be in charge of my own security.

By all means have such measures enabled by default, but we should be able to turn them off if we want. In our lab, we're stuck with using some "unsupported" browsers due to compatibility issues, and are finding that increasing numbers of perfectly safe sites are no longer accessible due to certification "advances".

Google to 'surface' friendly banks' business loans through Pay app

Mike 137 Silver badge

Roll on unregulated

It took over a hundred years to establish the regulatory frameworks for reasonably safe banking services. Now we're throwing all that away and allowing all and sundry to operate without adequate oversight. But of course it must be OK because it's "online".

You'd think lockdown would be heaven for us layabouts – but half the UK has actually started 'exercising more'

Mike 137 Silver badge

"course the entire point of meditation is to not move around and just relax"

Actually, the point of meditation is supposed to be working towards enlightenment. Stasis and relaxation are merely means of entering a state where the mind becomes more receptive.

California Attorney General asks judge to force Lyft and Uber to classify drivers as employees – or else

Mike 137 Silver badge

Whereas in the UK ...

Unfortunately these excellent arguments cut no ice in respect of IR35. Courtesy of an inexplicable bigotry here in Blighty, as soon as hirers catch on to the advantages, we likely face a future of "Uberized" employment where every new hire is a "contractor" under IR35, saving the hirer all the costs of pensions, sickness and holiday pay and allowing staff to be dismissed on a whim. They've set the clock back 200 years to the days of the early Industrial revolution.

Section 230 authors despair of Trump, Barr, Biden, US Congress’ aggressive ignorance of critical tech law

Mike 137 Silver badge

Re: Trump & Co don't know?

"culture that favors not intelligence, but bluster and machismo"

The media have for ages seemed to think the populace is unintelligent. I recently picked up both the Outer Limits and the Twilight Zone DVD sets dating from 1959 onwards. In both, the essence of the story is in the surprise punch line. However all the Outer Limits episodes include a preview of the surprise before the titles, and all the Twilight Zone episodes include a trailer in which the story line of the next episode is described in detail. So no surprises are allowed.

I believe that the average American is vastly smarter than the media folks are prepared to admit.

GitHub redesign goes mobile-friendly – to chagrin of devs who shockingly do a lot of work on proper computers

Mike 137 Silver badge

Qui bono?

"I think it's just a design that we will keep iterating."

I have two questions:

[1] you "think" you'll keep iterating - are you not sure?

[2] Why keep iterating? Most developers want familiar non-intrusive tools so they can get on with concentrating on their development, not constantly running up a learning curve for the tools.

To me, this sounds like nonsense akin to the infamous "ribbon".

UK police's face recognition tech breaks human rights laws. Outlaw it, civil rights group urges Court of Appeal

Mike 137 Silver badge

Scary precedent?

"The hearing began as a YouTube livestream ..."

Quite apart from the issues of reliability and maintenance of the public record,. using "social media" to conduct court proceedings seems just a little inappropriate, given the attitude to both user rights and truth of most social media providers.

Carbon-based vuln hunters will always be better at infosec than AI, insist puny humans

Mike 137 Silver badge

Vive la difference

"attack vector that AI would likely miss without the creative flexibility of human decision-making."

That sums up exactly what the difference is between artificial and real intelligence. AI is essentially token matching (mentation at the level of the bumble bee) whereas the human can be creative. We don't understand the mechanism of creativity - we can only infer from examples, and the range of inferences is almost as wide as the range of examples. Consequently we can't tell a mindless machine how to do it. I suspect that a key component of it is understanding.

Three words you do not want to hear regarding a 'secure browser' called SafePay... Remote. Code. Execution

Mike 137 Silver badge

Yet again ... yawn ...

'"Occasionally their product will have to modify the server response, for example on search pages where they inject the script implementing the Safe Search functionality," Palant explained.'

When will it finally sink in that client side scripting should never be used for security. Client side scripting is the primary vector for automatic client compromises, so it's the exact opposite of the right approach. If you want a secure browser, design one from the ground up in native code (or if you really must, an interpreted language like Java). That doesn't of course ensure it's not vulnerable, but it should be obvious that any code that sits within a web page is open to malicious tampering.

Apple to keep Intel at Arm's length: macOS shifts from x86 to homegrown common CPU arch, will run iOS apps

Mike 137 Silver badge

Re: Why?

Consumer benefit? Who gives a fetid dingo's kidneys?

The only folks that matter here are the vendors. The fact that "It's been estimated that Apple's slow-motion abandonment of Intel silicon [...] could cost Intel about [...] 4 per cent of its revenue" is mentioned of course, but not the cost to the user. The whole idea is that you'll have to scrap all your applications and buy new versions from Apple.

With intelligent life in scant supply on Earth, boffins search for technosignatures of civilizations in the galaxy

Mike 137 Silver badge

Re: Evidence?

"... those people are searching for humans, not for alien intelligent life..."

Actually I think they're searching for Americans.

Mike 137 Silver badge


"... planetary atmospheres spewing pollutants" are "... evidence of intelligence in other places than Earth" ?? The phenomenon is evidence of lack of intelligence here on Earth.

Quite apart from which, why should the technologies of an alien planet be automatically similar to our own?

VMware and Office for Mac need patching, Microsoft can scan your firmware, and Anonymous takes credit for Atlanta police hacks

Mike 137 Silver badge

Microsoft adds another attack vector to Windows

"Good news from Redmond – Microsoft said it can scan UEFI firmware with Windows Defender Advanced Threat Protection."

There's a lot of evidence from several years of independent research to show that, regardless of vendor, "protection" that breaks system segregation (either by hooking to ring zero or this for example) increases the attack surface of the target. It's typically coded to the same standards as all other software so it has attackable vulnerabilities in it just like everything else.

Only true boffins will be able to grasp Blighty's new legal definitions of the humble metre and kilogram

Mike 137 Silver badge

Probably not entirely a bad thing but ...

Despite the ambiguities identified by others here, I guess it's a good idea to ensure that the basis for establishing fundamental units is itself standardised. The overriding serious flies in the ointment in this case are [a] the metre is an arbitrary standard based on a faulty measurement in 1793 and not corrected when found to be wrong in 1858, [b] we still don't know the exact speed of light in vacuum, and [c] they seem to feel eight decimal places are sufficient for everything.

Looking for a home off-world? Take your pick: Astroboffins estimate there are nearly 6bn Earth-likes in the Milky Way

Mike 137 Silver badge

"Getting to them is, however, quite another kettle of fish"

Actually, getting to them will probably be the lesser of your worries unless you just want to commit suicide expensively. Ecosystems are complicated, and finding a niche is hard even on Earth where all life has fundamentally co-evolved. Hard in the sense that there are masses of failures, both at the species and the individual level. This will be all the more the case for an entirely alien species (us) on a distant planet with its own evolutionary history.

Even if the lovely fantasy of a perfect human-supporting habitat devoid of competitors were to be found, staying a live long enough to take advantage of it would be a serious challenge as adaptation takes generations to accomplish. Either way, we should expect more than half of the human settlers to die before they reproduce - probably vastly more than half, so we'd have to send huge populations of settlers with a known high probability of snuffing it as part of the deal.

Only on Star Trek are small human communities able to settle stably on alien planets, and that's just because the writers ignore the science.

Tens of millions of Internet-of-Things, network-connected gizmos at risk of remote hijacking? Computer, engage shocked mode

Mike 137 Silver badge

"Some of the programming blunders..."

Thank you Shaun - thank you a thousand times! It's about time we all faced up to the fact that that's just what "exploitable bugs" are - no more no less.

Until software development becomes a genuine engineering discipline with formally ratified standards and an expectation of their universal application by qualified practitioners, we'll never have safe, or even adequate IT systems. Every other branch of engineering demands this - even plumbing.

Boffins find that over nine out of ten 'ethical' hackers are being a bit naughty when it comes to cloud services

Mike 137 Silver badge

"nine out of ten 'ethical' hackers are being a bit naughty..."

There's no need for the quotes around the word ethical. if your community ethics include being naughty, then it's OK within your community. The problem arises only when the ethical systems of different communities are in conflict.

However at least in the UK, such activities are potentially unlawful. They could therefore backfire badly supposing service providers and law enforcement really gave a hoot, but they don't really seem to so the habit gets reinforced until it becomes a norm.

We cross now live to Oracle. Mr Ellison, any thoughts? 'Autonomous self-driving computers eliminate human labor, eliminate human error'

Mike 137 Silver badge

"Autonomous self-driving computer systems eliminate [...] human error..."

Even an "autonomous vehicle" has to be told where you want to go. It can't decide that for itself. The same applies to "autonomous self-driving computer systems" - they can't decide your business strategy, or even your business tactics for you.

In my experience as a business risk consultant, the majority of human error stems from bad judgement at these strategic and tactical levels, so the "autonomous ... etc" computer system won't actually help at all. But it will probably sell like hot cakes to those whose lack of attention and vision causes them to make the strategic and tactical mistakes, because they'll be conned into thinking the machine will save them the hassle (see the growing number of tesla autopilot incidents for confirmation). And of course that's all any vendor is interested in.

An Internet of Trouble lies ahead as root certificates begin to expire en masse, warns security researcher

Mike 137 Silver badge

Re: Lawyers... start your engines

Unfortunately, a service being terminated is not the same thing in law as lack of durability. If the buttons fall off or the glued in battery dies ahead of time that's actionable, but there's no warranty relating to continued provision of support services or even "spare parts" beyond the statutory minimum consumer guarantee period (which includes the option of replacement with an "equivalent" in lieu of repair).

Sponge code borks square AI brains, sucking up compute power in novel attack against machine-learning systems

Mike 137 Silver badge

Artificial intelligence

"Slipping it a question that contains a typo like “explsinable" instead of “explainable” can confuse the system and slow it down"

Humans can typically handle this very well - usually able to read text at normal speed even if it's littered with typos. Indeed they usually go unnoticed, which is why proof reading is so hard. The critical factor is that for the AI machine the words have no meaning - they're just "tokens".

BoJo looks to jumpstart UK economy with £6k taxpayer-funded incentive for Brits to buy electric cars – report

Mike 137 Silver badge

"the ones at the bottom of the pile are ignored..."

Actually they're not being ignored - they're being priced out of freedom of movement.

A friend's small business crashed when his local council created a "low emission zone" that put a price of £100 per day on keeping his diesel van outside his house, and from the start of 2021 the entire area within the North and South Circular Roads in London will become such a zone with older cars charged around £12 per day to enter it (plus of course the existing congestion charge). That roughly trebles the cost of entering Central London from the M25.

Smart fridges are cool, but after a few short years you could be stuck with a big frosty brick in the kitchen

Mike 137 Silver badge

"users could find themselves with a big, frosty brick"

Why would the basic mechansim of a fridge (compressor, circulation pipe work, radiator, thermostat) stop working if it loses its " online support"? Only because they can make it like that so you'll have to replace it. A friend who's not on the internet has a 60 year old fridge that still works fine - it's needed one replacement compressor in that time.

TsoHost swings axe at 'legacy' DIY website builder MrSite, giving customers a month to find alternative arrangements

Mike 137 Silver badge

One of many

There appear to be dozens of "web site builder" services out there, and pretty much every one ties you to its platform like MrSite does. I don't think this is a very good idea.

A huge mystery has been made of web development, in most cases quite unnecessarily, although it has to be said that the complexity of web sites has increased dramatically (also in most cases quite unnecessarily). However, supposing that "builder" services are actually needed by some people, I'd like to see a service that allowed a web site to be created to strict W3C standards and then taken away and hosted independently. Then, termination of the "builder" service would not be a problem.

Facebook to save US users from ads bought by foreign state-controlled media

Mike 137 Silver badge

Consciensciousness theatre

Both FB and Twit seem to be merely pandering to public expressions of concern. They have no genuine vested interest in promulgating truth - it's irrelevant to the business models of both. But then, whose business model these days includes that interest?

Repair store faces hefty legal bill after losing David and Goliath fight with Apple over replacement iPhone screens

Mike 137 Silver badge

Re: Worse than expected, but that's just a detail @AC

"Apple says that anything they didn't supply that contains any Apple identifying symbols must be counterfeit, something that is almost certainly not true."

Unfortunately it is valid and that's apparently the essence of the case - trademark infringement. In the absence of the "Apple identifying symbols" on the parts there could be no trademark infringement. They would just be "aftermarket", which might give rise to an alternative objection but not this one.

Legal complaint lodged with UK data watchdog over claims coronavirus Test and Trace programme flouts GDPR

Mike 137 Silver badge

"PHE and the NHS confirmed that a DPIA has not been conducted..."

Naughty and unlawful, but conducting one will probably make little difference. Under Article 35 of the GDPR the arbiter of the necessity, proportionality, risks to data subjects and risk control measures is the party intending to process the data. Not the ideal basis for objective evaluation.

Amazon warehouse workers sue over safety concerns as several contract COVID-19

Mike 137 Silver badge

Is Amazon alone?

Once you're dealing with any behemoth corporation that can exhaust the resources of complainants at law and can negotiate their own penalties, this is an inevitable kind of outcome. It's identical to the position in the UK cotton industry of the 19th century. So things go full circle as they always do. It's only when something exceptional like COVID occurs that our attention is drawn to the problem.

The UK's favourite lockdown cheese is Big and Red but doesn't require a stinking great audit after consumption

Mike 137 Silver badge

"Red Leicester has taken the top spot"

Red Leicester is one of the most varied of English named cheeses. It ranges from pale bland and rubbery (a la Tesco) to sharp, crumbly and delicious. At its best it deserves the top spot (at least on a shared basis). At its worse, even mice aren't attracted to it.

SpaceX is about to launch its first Starlink internet satellite sporting a sun visor following complaints by astronomers

Mike 137 Silver badge

Re: Vantablack

"coat them in vantablack" - and they'd probably burn up.

Spending watchdog doubts UK is capable of managing Brexit and coronavirus info campaigns at the same time

Mike 137 Silver badge

"The government [...] spaffed £46m on an ineffective "Get Ready For Brexit" campaign"

Primarily ineffective because it explained nothing. A list of "things you should consider" is not sufficient guidance. Businesses have never been told so far with the pros, cons and implications will be of the various alternative courses of action.

Barmy ban on businesses, Brits based in Blighty bearing or buying .eu domains is back: Cut-off date is Jan 1, 2021

Mike 137 Silver badge

The least of our worries

An "almost certain" no deal Brexit will be vastly more complicated to navigate for most businesses than a change of domain name. Not least, the issue that nobody, right up to ministerial level, has been willing to discuss with my consultancy is that some of the standard contractual clauses we're supposed to implement once the UK is a third country aren't actually GDPR compliant.

"Westminster, we could have a problem..."

No more installing Microsoft's Chromium-centered Edge by hand: Windows 10 will do it for you automatically

Mike 137 Silver badge

"MS should really be focusing their efforts on fixing the broken abortion of a UI ..."

Or even better creating an OS that [a] gives you complete control over your machine like in the distant past and [b] doesn't need a constant torrent of bug fixes for its entire operational life.

Sorry, I was dreaming...

Defending critical national infrastructure... hmm. Does Zoom count as critical now?

Mike 137 Silver badge

I've been saying this for over a decade

Any system is entirely as weak as its weakest link. The most remote smallest end of your supply chain can be (and often is) the entry point for your data breach and it has been the case for a very long time.. But this seems to have only just registered with the pundits, witness the 2016 request for comment to the US Commission on Enhancing National Cybersecurity and similar initiatives. We submitted to that, pointing out that cyber security has no boundaries. Among all submissions, ours was the only one that stated this. Equally, ours was the only submission that included attackable internet connected home security systems used by millions of Americans in the definition of critical national infrastructure.

California emits fine-print of its GDPR-ish digital privacy law, complete with Google and Facebook-sized holes

Mike 137 Silver badge

Actually it's quite different from the GDPR

This legislation is essentially about data sharing - hence "§ 999.305. Notice at Collection of Personal Information (d) A business that does not collect personal information directly from the consumer does not need to provide a notice at collection to the consumer if it does not sell the consumer’s personal information."

The GDPR is about protecting the data subject's human rights (which include privacy), and it takes into account a wide definition of harm.

This is a fundamental difference that is consistently overlooked.

BBC voice assistant promises to summon streams even if you're just a little bit Brahms and Liszt

Mike 137 Silver badge

"The BBC is selling Beeb as a privacy-friendly option"

"transcripts will be shared with Microsoft to improve its Azure AI"

Not quite sure how these two statements can be considered compatible, but maybe I'm missing something.

No, it's just a Mirage: Lenovo's nerd-goggles-for-suits boasts 4K display but no need to be attached to powerful PC

Mike 137 Silver badge


Where will the goggles fit? None of my suits go anywhere near my face. They typically stop around the neck.

Watch an oblivious Tesla Model 3 smash into an overturned truck on a highway 'while under Autopilot'

Mike 137 Silver badge

"...not paying attention"

That's actually an offence in the UK if you happen to be driving at the time, and with damned good reason. If you want to day dream en route take a taxi.

Mozilla cautions India's national open digital plan is 'open-washing'

Mike 137 Silver badge

Open is already relative

With Linux embedded in Windows, "open" is already a relative concept. "Proprietary open" meaning they tell you just as much as they think is safe while protecting their IP is probably the realistic future. Ironic as the predominance of the IBM PC was entirely due to it's being mandatorily an open standard. The manual that came with my first PC included full circuit diagrams and BIOS listing. That openness directly drove both PC clones and the huge add-on industry that put the current closed source big players on the map.

Privacy activists prep legal challenge against UK plan to keep coronavirus contact-tracing data for two decades

Mike 137 Silver badge

"It drives a coach and horses through data protection legislation."

Unfortunately it doesn't. Article 9.2(i) allows unspecified processing of sensitive personal data for reasons of "public health". What it does drive the coach and horses through is the principle of data protection by virtue of the proposed retention time. However if they provide a "justification" for this that will satisfy the ICO (and almost any justification will probably do that as this is a "crisis") it remains entirely lawful.

However, unless they plan to "repurpose" the data later (which could indeed be unlawful) it will still be pointless as the data will become useless very quickly for the expressed purpose of tracing COVID contacts - in fact within a year or so of the pandemic ending - because people move around.

Australia to refund $720m in 'debts' determined by dodgy algorithm

Mike 137 Silver badge

Why single out the Aussies?

"a symbol of the Australian government’s seeming inability to execute technology-led initiatives"

Australia is not alone. I can't immediately think of a government technology initiative that has delivered as desired, or even as expected. Governments aren't alone in this either. I can't immediately think of any technology initiative that has delivered as desired or even as expected. Until IT becomes a real engineering discipline, this will remain the order of the day.

Software bug in Bombardier airliner made planes turn the wrong way

Mike 137 Silver badge

Worse in principle

The interaction of the various ideally completely separate functions suggests insufficient process segregation. This in turn suggests that the software as a whole has "evolved" rather than being designed as an integrated deliverable. Most software today "evolves", so we need a radical rethink of our approach to application design.



Biting the hand that feeds IT © 1998–2020