* Posts by Mike 137

3871 publicly visible posts • joined 10 Sep 2009

US to deny visas to foreign officials it says 'censor' social media

Mike 137 Silver badge

"... It is unacceptable for foreign officials to issue or threaten arrest warrants on US citizens or US residents for social media posts on American platforms while physically present on US soil" Rubio said.

"It's OK for us to do this though."

Stargate to land its first offshore datacenters in the United Arab Emirates

Mike 137 Silver badge

A spark of realism

"The Register looks forward to AI-produced results like the above bringing enormous benefits to the UAE."

Nice one Simon!

Shakespeare might have been talking about LLMs, when he wrote "it is a tale told by an idiot, full of sound and fury, signifying nothing.1

1: Macbeth, Act 5, Scene 5

.

AI can't replace freelance coders yet, but that day is coming

Mike 137 Silver badge

The limitations

The "limitations" section of the paper (page 9) is all important. The tasks were simple enough to be evaluated by automation, but as the authors state "In a real freelance scenario, requirements can be vague or evolving, clients might change their mind, and there could be integration issues beyond just writing a piece of code. Our benchmark doesn't capture those aspects – every task here is a neatly packaged problem that starts and ends within a single prompt/response."

So the "AI" might (80% of the time) replace grunt coders given detailed briefs for simple tasks, but not programmers or software engineers who have to exercise initiative and imagination to fulfil larger and more complex tasks. So there's potential for such tools to assist, but not replace, expert developers (provided the time and effort needed to weed out "hallucinations" doesn't negate the gains).

When LLMs get personal info they are more persuasive debaters than humans

Mike 137 Silver badge

A fundamental weakness?

From the paper (fig. 1): "Participant and opponent then debate for 10 min on a randomly assigned topic, holding the PRO or CON standpoint as instructed"

So actually, this research only indicates (if at all) that a bot may be more persuasive than a human when challenging a standpoint not really held by its opponent. It would be interesting to see how it faired against a genuinely held position.

Latest patch leaves some Windows 10 machines stuck in recovery loops

Mike 137 Silver badge

The root cause?

"a device with Intel Trusted Execution Technology (TXT) enabled on a tenth-generation or later Intel processor with vPro support, has BitLocker enabled, and obediently installed the KB5058379 patch..."

I've come to the conclusion the fundamental problem is that, due to a very apparent long standing practice of "tinker development", the OS has got so convoluted that it's impossible to reliably predict the effect of any changes/"updates"/fixes. So it's not so much that M$ doesn't care (although they indeed might not) but that the entire development process is utterly out of control because nobody on the dev teams really understands how the damned thing works any more.

Meta's still violating GDPR rules with latest plan to train AI on EU user data, says noyb

Mike 137 Silver badge

Re: Legitimate interest

"legitimate interest can be seen as the last of the reasons to reach for after you have exhausted Consent, Contract, Legal obligation, Vital interests and Public task

Actually, there is no "hierarchy" of lawful bases. The appropriate lawful basis is a matter of fact in each case. "Legitimate interest" applies where the interest in question is not that of the data subject. For example, in Recital 47 [s]uch legitimate interest could exist for example where there is a relevant and appropriate relationship between the data subject and the controller in situations such as where the data subject is a client or in the service of the controller , although the same recital also states explicitly [t]he processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest of the data controller concerned. The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest. and Recital 39 suggests that processing for cyber security can be conducted on the basis of legitimate interest.

However, all the examples of legitimate interest processing are provided only in the Recitals, which are not statutorily binding -- hence to a great extent the freedom with which it is misused.

Mike 137 Silver badge

Re: Legitimate interest

"There is no such thing as "legitimate interest""

Actually there is. Such things as credit checking and various eligibility checks that are not constrained by statute (such as being within delivery distance for bulky goods) and so on.

The fact that the legitimate interest basis is massively abused in contravention of the law (just as transparency is) does not invalidate its lawful use.

Mike 137 Silver badge

Re: Legitimate interest

"I really don't think that the intent was that once an organization has your data, it should be able to use it for anything and everything it wants as long as it doesn't resell it."

The GDPR explicitly prohibits this. A lawful basis (including of course legitimate interest) applies to a specific purpose for processing, and each separate purpose must be justified by its own specific lawful basis from the list. The only re-uses that are lawful are [1] processing "compatible" with the purpose for which the data were first acquired (although "compatible" is not clearly defined), and [2] archiving within some quite narrow constraints. And BTW, reselling under GDPR is just another purpose among many, unlike in the US where it's in many cases the key or sole essence of the protection.

The 'End of 10' is nigh, but don't bury your PC just yet

Mike 137 Silver badge

Not so much "end of life"

as "end of being blocked from doing your work unexpectedly by a monstrous update, then finding your settings have been changed back to unwanted defaults".

If I have to use Windoze, I'll not miss this at all.

Culture comes first in cybersecurity. That puts cybersecurity on the front line in the culture wars

Mike 137 Silver badge

"cybersecurity is a culture of teamwork, not a technology"

I've been saying this for a quarter of a century to organisations of all sizes from international corporate to mom & pop shop, and mostly they've listened politely and then ignored the advice. Where it grants any recognition to the problem at al, the entire security culture is obsessed by standards. But when we look at said standards we find, on the one hand purely technical approaches such as Cyber Essentials ("have some tech stuff in place") and on the other, process oriented approaches such as ISO 27001 and the NIST cybersecurity framework ("have some processes in place"). Yes, you need technologies and processes, but obviously you must be sure they actually work. Despite which there doesn't seem to be a single standard that defines outcomes and practically zero attention is addressed to culture or awareness beyond some perfunctory references to "training" of the front line (but typically not the executive).

The reality is that price of peace is eternal vigilance on the part of everyone at all levels of the organisation.

The State of Open Source in 2025? Honestly, it's a mess but you knew that already

Mike 137 Silver badge

Motivations

Admittedly a few years back, I participated in a UK Parliamentary specialist group debate on "open source and open standards". Two things stood out glaringly: [1] many of the participants confused the two, assuming that open source automatically both complied with open standards and drove them, and [2] most of the user base used open source not because the source was open (they didn't look at it) but merely because it was free software. On this basis was hard to see how the original intent of open source could survive intact -- as indeed it seems not to have.

Law firm 'didn't think' data theft was a breach, says ICO. Now it's nursing a £60K fine

Mike 137 Silver badge

"Commitment" is not enough

" is Cyber Essentials certified. This demonstrates our commitment to robust standards in[...] cybersecurity"

No it doesn't. Cyber Essentials is not a "robust standard" -- it's an absolutely minimal one and its implementation is seriously shallow. It merely requires that an organisation self certifies it has implemented a bunch of basic technical stuff, although at the Plus level this is externally checked and an annual pen test is required. At neither level does it consider the management of security at all (except for patch management as a purely technical matter), so whether the implemented stuff would actually work in the face of threats is not checked. In this case (apparently), among other failures, no effective monitoring was in place, but of course Cyber Essentials doesn't require it.

When Cyber Essentials was first proposed I suggested that (at the Plus level at least) it should include assessment of security management processes, but the powers were not interested. so the idea fell flat (I suspect, because too many organisations just wing it, so a standard that included review of management processes would not have been widely adopted).

Uncle Sam kills funding for CVE program. Yes, that CVE program

Mike 137 Silver badge

Re: Reasoning

"seems like a shot to the foot"

Quite possibly you hit the nail on the head. Shooting oneself in the foot was originally (WW1) intentional -- as a way to escape the trenches. All this paring down is also intentional -- the current powers hate intellectuals, whom they view as a threat to their unlimited freedom of action. So absolutely any knowledge-based enterprise is a "legitimate" target, regardless of consequences.

Mike 137 Silver badge

Re: it helps to realise

It's also worth noting that almost all the supposed savings are illusory. It's been suggested (with some apparent justification) that the real agenda is not so much financial as retributory.

Russians lure European diplomats into malware trap with wine-tasting invite

Mike 137 Silver badge

Examine the goddamm headers!

" email disguised to resemble a missive from an unnamed European country's Ministry of Foreign Affairs"

Whether the sender is legitimate should be determinable from the email headers, particularly in the context of diplomatic traffic, which by definition has a limited circulation.

In wake of Horizon scandal, forensics prof says digital evidence is a minefield

Mike 137 Silver badge

Furthermore ...

In this context, every book on digital forensics that has crossed my desk (as a reviewer or as study material) over the last couple of decades has concentrated on the technicalities of extracting data from devices, with little or no reference to actual forensics -- how to deliver evidence acceptable in a court of law. Even the admittedly pre-digital ACPO guidelines did better -- for example stressing documented chain of custody. And it's clear that, given Prof. Sommer's comments on idiosyncratic methods, this should be extended to include a clear description of any post-extraction processing performed (which should of course be made available to the court).

Cyber congressman demands answers before CISA gets cut down to size

Mike 137 Silver badge

Re: If Donald Trump didn't exist...

And Kafka couldn't have thought him up.

EU gives staff 'burner phones, laptops' for US visits

Mike 137 Silver badge

Null and void

"People based in the EU who use our platforms can choose to object to their public data being used for training purposes," the tech giant noted.

"... once we've already used it, as we did that before we offered you the right to object."

Official abuse of state security has always been bad, now it's horrifying

Mike 137 Silver badge

Re: It makes me wonder ...

"how many other things happen in secret courts ?"

Plenty. See: Ian Cobain, The history thieves, Portobello Books 2016 [ISBN 978 1 84627 583 8 (HB), 978 84627 584 5 (ebook)], Chapter 8 "Beyond Kafka"

Windows Server 2025 locking up after February patch, no word of when a fix will land

Mike 137 Silver badge

Question

"When this issue occurs, mouse and keyboard input become unresponsive within the session, requiring users to disconnect and reconnect"

How, if KB and mouse stop working?

UK govt data people not 'technical,' says ex-Downing St data science head

Mike 137 Silver badge

I'd go further

"people working with data in government are not typically technical and would be unlikely to get a similar job in the private sector"

I think it's probably fair to say that if any commercial enterprise were to be run the same way as almost any of our government agences, it'd be bankrupt within a year at most.

Signalgate storm intensifies as journalist releases full secret Houthi airstrike chat

Mike 137 Silver badge

Re: Pegasus Anyone?

"I think there is both method in the madness and some degree of coordination of the various actions"

In one sense, quite possibly. Konrad Heiden's, Der Fuehrer (translated by Ralph Manheim, Houghton Mifflin 1944) includes this quote:

"In the first book of his Discorsi, Machiavelli writes that a tyrant who wishes to estabish absolute rule in a country not previously ruled by tyranny must change everything: officials, institutions, titles ..."

Does this seem to parallel recent events?

Mike 137 Silver badge

Re: I cannot see how bombing the Houthis helps

"The only things that Trump understands are Tariffs and bombs"

I'm not at all sure he actually understands tariffs -- he seems to think they're a tax on foreigners, whereas they're really an added cost to his own country's businesses. Sure, they may dis-incentivise foreign businesses to export to the US, but the results will include a shortage of necessary supplies to US companies. The theory that tariffs will drive national industrial growth ignores two caveats -- [1] the growth will be slow arriving as it requires investment and restructuring that are not instantaneous; [2] the global interdependencies of manufacturing now preclude the industries of any one country being entirely self-sufficient.

Thus the realism of the tariff policy is about as great as allowing a 19-year old with (ostensibly) big balls to be let loose to eviscerate complex federal agencies with critical social functions.

Welcome to the play pen.

Tech suppliers await final grade as Trump prepares to flunk Department of Education

Mike 137 Silver badge

I quote: "The president is a character completely without scruples or substantive knowledge"1

1: John Parados, The ghosts of Langley, Amberley Publishing 2017. [ISBN 978 4456 6792 8 (HB), 978 4456 6793 5 (ebook)]

.

UK's first permanent facial recognition cameras installed in South London

Mike 137 Silver badge

Re: Wrong question

Unfortunately, consent is not relevant because: [1] it's not the lawful basis relied on; [2] there's a policing exemption anyway -- DPA 2018, para 35(2)(b)

Mike 137 Silver badge

Wrong question

"Those few people opposing this technology need to explain why they don't want those wanted criminals to be arrested"

No they don't. They should instead ask whether adequately resourced conventional policing methods are not being used.

Today's jobs Microsoft thinks could use an AI assist: Researchers and analysts

Mike 137 Silver badge

Pardon?

how it might help visualize an Excel spreadsheet of customer data. "Usually, to make sense of this data I'd need to ask my colleague who knows Python"

Only if the spreadsheet is snake oil, I guess.

But joking apart, if a spreadsheet of customer data is so badly designed that you need a programmer to explain it, maybe that's where the problem really resides. In my consulting life I've seen many appallingly badly designed manual processes rigorously replicated in expensive automation, with predictably poor results.

NCSC taps influencers to make 2FA go viral

Mike 137 Silver badge

Re: It's 2025 ....

"ISO standard for password complexity ..."

Having worked on ISO infosec standards for years, I'm not at all sure that would help at present, for two reasons: [1] the revision cycle is very long compared with the speed at which the threat space evolves; [2] the content of the standards is based on a majority consensus of current practice, so it's a very slow process to amend existing core material, because they can only reflect what is being done rather than what necessarily should be done. And as everyone follows the standard, practice has little chance of getting changed. This is not a fault specific to ISO -- it's inherent in development of any standard based on the average of current practice. A more effective way forward might be to rigorously redefine practitioner training to emphasise teaching of first principles rather than just rules, so the individual would, for example, be aware of the actual range of threats to passwords and how to protect against each -- understanding that it's not all 'fixed' by 'complexity' (whatever that really means). And the results of such training would to some extent feed usefully into standards development by improving the 'current practice' on which they are based.

Microsoft patches patch that broke USB printing in Windows 11

Mike 137 Silver badge

Speedy!

"The patch, [...] came out on March 25 and, according to Microsoft, repairs what it broke in January"

So it took almost two months to fix a bug that disabled a critical business workload function. Well done M$, who seem to have forgotten that vast numbers of businesses rely on them for technology that works reliably in order to stay in business. Welcome to the toyshop!

UK satellite smartphone services could get green light this year

Mike 137 Silver badge

"Still, that's progress, eh"

As will be the ubiquitous background noise pollution of wide band high frequency whine once all vehicles are electric, as opposed to the relatively ignorable (and easily filterable) typically sub-100 Hz rumble of ICE engines. The tyre noise (also in the 100 Hz range) will of course remain beneath the whine.

US Army’s laser obsession continues with yet another drone-zapper deal

Mike 137 Silver badge

Re: Still very much a work in progress?

"nets strung up like old fashioned barrage balloons"

And there was the WW2 PAC, designed by Schermulys -- a single long steel cable with a rocket one end and a parachute on the other. These were comparatively simple and cheap, and took out not a few German bombers that they were shot at.1

1: Gerald Pawle, The secret war, The companion book club, London 1958

.

Top Trump officials text secret Yemen airstrike plans to journo in Signal SNAFU

Mike 137 Silver badge

So utterly relevant

""I'm not a big fan of The Atlantic"

As if that mattered a foetid dingo's goolies. Orangeman's habitual arbitrary deflection of all criticism with random non sequiturs is his great weakness. He may win the exchange, but not the argument (in the logical sense of the word) and maybe folks are beginning to catch on to that.

NASA rewrites Moon mission goals in quiet DEI retreat

Mike 137 Silver badge

"Everyone should watch the film Hidden figures"

or just the Flintstones (or Popeye)

Museum digs up Digital Equipment Corporation's dusty digital equipment

Mike 137 Silver badge

"I agree about the 6502 'running rings around everything.'"

Indeed. Its simple architecture made it an incredibly versatile controller engine for hardware. For example I once extended the single IRQ to respond to multiple interrupts by mapping a prioritised address generator to the fixed IRQ indirect address at the top of memory. And the 6502 was really fast for its clock speed, which helped as well. There are many jobs I now do with PIC that the 6502 would have done more easily.

Microsoft tastes the unexpected consequences of tariffs on time

Mike 137 Silver badge

Thankyou Rupert

Totally on target, about both the bug reporting and the economy. I wish we could upvote articles as well as comments!

Is Washington losing its grip on crypto, or is it a calculated pivot to digital dominance?

Mike 137 Silver badge

"Crypto"

Oh, it means cryptocurrency (not, for example, cryptography) here. There's an odd propensity in vernacular English to simplfy a compound noun by dropping the most specific element -- as in "microwave" to mean "microwave oven". Ali the other possible applications of microwaves (and indeed crypto*) seem to have been forgotten. It does result in confusion!

'Once in a lifetime' IT outage at city council hit datacenter, but no files lost

Mike 137 Silver badge

Where do you site your backup power?

"Investigations have now found that the likely cause was a failure within the electrical safety circuit of the high voltage switchgear at the Council’s HQ. This meant that when the power went out, the electricity generated by backup generators couldn’t get back into the system to power anything."1

Commiserations to the council are in order. At some point there must be switchover gear between mains and backup, and when that gear fails there's really no way to stay live however you've designed your backup power.

1: Nottingham City Council power outage update

.

CISA fires, now rehires and immediately benches security crew on full pay

Mike 137 Silver badge

Re: No, it's much simple than that.

"Musk and putin want to destroy the US. Economy and society"

Sadly, I don't think it's even as focused as that. They both want personal dominance, regardless of wider consequences. They've both forgotten that the USA is not their private playpen.

Mike 137 Silver badge

To paraphrase ...

"Now is the time for all bad actors to launch attacks on US federal systems"

Show top LLMs some code and they'll merrily add in the bugs they saw in training

Mike 137 Silver badge

Surprise, surprise!

"when shown a snippet of shoddy code and asked to fill in the blanks, AI models are just as likely to repeat the mistake as to fix it"

Considering that the machine responds on the basis of probability of (to it) meaningless tokens, this is entirely to be expected. It's been fed with faulty data, so it replies in kind. I've given up wondering when this crashingly obvious reality will finally sink in -- the hype is just too powerful in our bullshit-driven age.

Trump fires Democrat FTC commissioners, presaging big tech policy shifts

Mike 137 Silver badge

Re: The Trump administration keeps their 100% success rate...

"Cyberpunk novels often use a background story of the USA in a not too distant future [...] Turns out, it does not "happen", it gets in fact ordered by the president of the United States"

Maybe someone read those books to him?

Extortion crew threatened to inform Edward Snowden (?!) if victim didn't pay up

Mike 137 Silver badge

Re: Edward Snowden?

"why any American business would worry about loss of customer data"

Quite apart from infraction of any relevant state or federal legislation or regulations, because any one or more of those customers could come back with a law suit (or indeed several independent law suits) if they found their data had been compromised. And publicity about any of this can affect share price, even if it doesn't proceed to penalties.

Court filing: DOGE aide broke Treasury policy by emailing unencrypted database

Mike 137 Silver badge

At the minor end

This is one of the most miniscule infractions of the law that 'doge' has perpetrated so far. But what should you expect when you unleash a bunch of software developers with no knowledge of the law with the brief to restructure complex government agencies? The huge number of reversals of bad decisions and mistakes to date indicate that they're completely out of their depth rather than concertedly malicious (OK, malicious maybe, but, it's patently obvious, not concertedly).

Google’s broadband balloon laser comms tech floated out as independent company

Mike 137 Silver badge

"The balloons connected to each other with an optical network that used lasers"

Having worked on laser comms (admittedly in the '80s but the physics haven't changed) I wonder how they expect to maintain the tight line of sight required for a laser comms channel, given that even well tethered balloons tend to move around in the wind.

AI bubble? What AI bubble? Datacenter investors all in despite whispers of a pop

Mike 137 Silver badge

Re: Would an AI

"I tried it with Coprolite"

Interesting, as coprolite is fossilized dynosaur shit. I know a lot of current AI is shit, but not usually that antiquated.

Microsoft wouldn't look at a bug report without a video. Researcher maliciously complied

Mike 137 Silver badge

Nasty suspicion

"Two of them requested video evidence of exploitation (for things that don't even make sense to have a video of[...]), and the third was rejected as not a vulnerability with clear evidence that the MSRC handler didn't bother actually reading what I submitted."

Could it be that M$ are staffing their 'MSRC' with folks who don't actually have much (or any) actual expertise? So they can follow a video exposition from start to outcome, but with zero understanding of what's actually happening (and for the same reason can't make use of a textual exposition). So it's possibly not so much "didn't bother actually reading" as "couldn't make head or tail of the text". This, if it's the case, exemplifies the burgeoning population of "techies" who can cope with the externals of tech but haven't a clue about what goes on under the hood. They're bringing the technologies to their knees, but they're cheaper to hire than the fully informed.

RIP Mark Klein, the engineer who exposed US domestic spying ops after wiring it up

Mike 137 Silver badge

In the name of democracy ...

"The Hepting case looked like a slam dunk, and claimed AT&T had clearly broken the law. As a result, Congress changed the law and retroactively granted telcos immunity if they conducted wiretaps in the interest of national security"

Actually just one more minor example of what govt.s get up to to cover arses when dirty tricks may get exposed -- see John Prados, The ghosts of Langley, Amberley Publishing 2017 [ISBN 978 1 4456 6792 8 (hardback), 978 1 4456 6793 5 (ebook)] and Ian Cobain, The history thieves, Portobello Books 2016 [ISBN 978 1 8462 7583 8 (hardback), 978 1 8462 7584 5 (paper)]

Apple's alleged UK encryption battle sparks political and privacy backlash

Mike 137 Silver badge

It's a sad state of affairs when we have the US lecturing us about privacy concerns"

Actually not unexpected. The supposedly robust privacy that the GDPR promised was a European, not British, venture, as indeed was the driving force behind the original UK Data Protection Act. The UK has a long history of dirty tricks -- including suppression of information1, intrusions into privacy and secret tribunals.

1: Ian Cobain, The history thieves, London, Portobello Books 2016 [ISBN 978 1 84627 583 8]

.

CISA pen-tester says 100-strong red team binned after DOGE canceled contract

Mike 137 Silver badge

Re: @Mike 137 - Stolen Elections

"was it an election"

Yes.