Posts by Mike 137

Re: re: Coffee grinder

"My grinder (used every few days) dates from 1978"

Mine dates from around 1940 and has a handle on the side, so no need for leccy or "internet". It takes just a few minutes of excellent arm exercise to grind enough coffee for a couple of days, which I keep in the fridge in a sealed glass jar. The secret of storage for good coffee is airtight and cold, so freeze the beans in sealed packets (as delivered by my roasting house) and chill the fresh grounds in a closed container.

Re: Why Do People Still Use X - Twitter ???

"I don't actually think they should be on social media at all"

A very good point. We've reached a stage where a lot of major government policy is announced, and diplomacy conducted, primarily on "social" media (and not just in the US). So unless you're a subscriber it's very hard to find out what's being decided on your behalf. Of course it gets even worse where the "social" media in question is owned by the interested parties...

Re: AI is going to replace very mediocre…

"I think it can write Muzak, but not Mozart."

It might write a good semblance of Mozart by statistical chance, but it'll never be able to recognise why it's good. The missing bit will always be understanding, as that requires much more than stats and logic.

Re: "long shaken their heads at the profligate ways of modern engineering"

"standards that I work/worked to that are possibly being ignored today by younger developers, either through choice or because they are compelled by their managers to write code quickly"

Or more likely because neither the developers nor their managers are actually aware of said standards. It's interesting that the OWASP Top 10 list of crass mistakes has stayed almost the same for the entire lifetime of OWASP -- pretty much the same list just gets shuffled around a bit. It's obvious from this that nobody is really learning the basics of good practice (which is a helluva lot more than mere "coding"). I suppose there's no incentive to if the dosh keeps rolling in despite the product being crap. Design a plane like that and people die, which gets attention, but it's perfectly OK for mainstream software to disrupt businesses and leak secrets, because that doesn't attract the same level of bad publicity (if any at all).

Throughout the modern history of engineering (at least the last 300 years or so) it has been public revulsion to accidents that has driven improvements to standards. Sadly, in the software domain we the people seem to accept anything we're thrown regardless of consequences, and that has assisted in the development of quite ridiculous indemnities from liability (the EULA). If standards are to improve there have to be binding obligations to do so, and those will only come about if the public demand them loudly enough.

Re: Robotaxis are not the answer

"one major reason people have cars – the unexpected"

Another very important one is independence. If you're a gardener and want to collect a load of bagged compost or some sapling trees, if you go night sea fishing and want to get to the beach by 2 AM, or maybe you want to just potter around for a whole day in the countryside, having your own car that's effectively already paid for, bar the fuel, is right on your doorstep now so you can load up and be on your way with no issues about when (or even whether) you can get transport back, is the only practicable way.

All these "car sharing", "dial a ride" and "autonomous" options assume you're a stereotyped townie who doesn't do anything out of the conventional rut of going to work, shopping, clubs, sport &c. (actually, a very rare beast in my experience -- most folk have quite surprising and varied interests and hobbies).

The trouble is that the technocrats who invent and promote these services want us to all to be stereotyped townies, as that would make us easier to monetise.

Re: Teeth

"Do EU know ICO has no teeth?"

The adequacy decision actually filed down what teeth the ICO had, because it looked at the letter of the law, to the exclusion of what was actually going on.

The effectiveness of the GDPR has from day one been largely nullified by almost universal failure to comply with the transparency obligation (Articles 13 & 14). This obligates data controllers to specify, for each and every purpose, a lawful basis and associated specific data subject rights (these vary across lawful bases). Provision of this information is fundamental to the exercise of data subject rights, as you can't object to (or withdraw consent to) something you haven't been told about. But in the adequacy decision the EC inadvertently "legitimised" this grave breach by ambiguously stating "2.5.4 Transparency [:] (49) Data subjects should be informed of the main features of the processing of their personal data." which has been widely interpreted as "informed of some of it". And, despite the general failure to comply with Articles 13 & 14 being quite widey aired, nobody has taken and significant steps toward correcting it.

The result is that UK data protection law in its entirety and various guises has become little more than data breach law, whereas it was envisaged as having a much wider and more important remit -- human rights law with respect to personal data.

Re: Embedded insecurity

"It's the Automotive Sector

It's not just the Automotive Sector. I recently had to reconfigure someone's SOHO router (a notionally reputable brand and a "professional" model only about a year from release). The digital certificate for its web interface had expired and there seems to be no mechanism for updating it (hard coded like what Firefox did maybe?). Fortunately the web interface is only accessible from the private side, but nevertheless the browser has to be instructed to ignore the certificate, which makes it pretty pointless.

Re: Why a TV licence?

Probably not, but standards have been dropping for a long time. When "auntie" was particularly inclined to talk down to viewers I used to think it was being intentionally patronising. However I've come to the conclusion that the producers and presenters just think at that superficial level naturally. I'll never forget the famous interchange between a news reporter and Beeb exec. Accused of dumbing down programme content, the exec responded "on the contrary, we are dumbing up".

Re: as long as the word lobbying exists

"ultimately both sides will end up being owned by the same giant corporation and there will be no more wars"

Oh yes there will, and they'll last longer. Supplying both sides is both twice as profitable and can be good insurance ("hedging one's bets"). And it works -- there are plenty of precedents going back to ancient Greece.

Re: RPG

Good role-play at fire fighting, yes. But fire fighting is far from enough. What's apparently (and almost certainly) missing is modelling the prior state of the victim. So they should also be role-playing the risk management and the operational process space that precede the attack. Just for example, the infamous and costly Equifax breach (2017) was primarily due, not to the cunning of an adversary, but, having been alerted to the vulnerability and provided with a fix, because they didn't have an adequate inventory so they couldn't find the server to patch it.

In a consulting career of several decades I've hardly ever found an organisation that was demonstrably robust against the unexpected. Even where "risk management" has been undertaken, it's typically been [a] conducted in a silo (usually by the Board) detached from operational realities and [b] limited to a predefined list of assumed risks that they're able to think up in their armchairs. Hardly anyone accepts that effective risk management is a continuous dynamic activity involving all echelons of the organisation, backed by effective monitoring, excellent communications, current intelligence and the combined expertise of not a few departments.

Re: WHY????

"Because of the gullible investors"

Well, the proposer did found Robin Hood after all -- should have told us something.

Re: checking validity for employment

"Working should no longer be a right but a privilege"

No, working will be an obligation but you must have a smart phone to be able to fulfil your obligation to the state. Anyone who can't afford or use one will be written off as a non-person.

"Fair use"

"they all allow that, as far as I know"

Not necessarily. For example, many book publishers in UK and some other English speaking jurisdictions expressly prohibit the act of reproducing their published content by any means (irrespective of whether it's for personal use or republishing). One of the complications is that there can be other IP rights in addition to copyright.

Re: I have one question

"how on Earth do you get to VP status in a company if you don't believe in its products ?"

"VP" is an honorific title, really signifying "top donkey", particularly in the IT arena, where the buck tries to stop first whenever there's an incident. It has been noted in the past that the average life of a CISO is 2.5 years (i.e. until the first data breach). And it's interesting that IT "directors" don't often have a seat on the board.

enforced through engagement

There's another, more effective, form of engagement -- offering expert assistance and support, preferably prior to rather than merely after incidents (and this is not a "carrot"). Not only are "cyber regs" currently a patchwork -- standards are too. And both almost entirely ignore the non-"cyber" elements of protection, not least realistic business risk assessment and the influence of psychology on both the guides and guided on the victim side.

Re: Auto-micromanagement

"The best manager is conspicuous ONLY in his/her absence."

Actually, the best manager is one who assists and facilitates your activities so you both get the best possible results. I've had two such in my whole 40-odd year career. My worst had a black Darth Vader high back chair and a stock phrase "bring me solutions, not issues".

Re: The only killer app for AI is not a commercial one.

"The only realistic use is by governments as a system of universal surveillance"

No, the primary use is to further elevate the egos of the small (thank the Maker!) population of Cracked Coders who think they are entitled to rule the world despite never being able to write code that doesn't need a constant stream of repairs for its entire operational life.

Re: "Tales from the pit"

"... being good at maths has absolutely no relationship to being a good coder"

Depends what you mean by "being good at maths". Most math teachers (and consequently their students, graduates and the public at large) believe being good at maths means being able to manipulate symbols and calculate swiftly. In reality, the mathematical mode of thought is grounded in ability to model the world and its processes logically and reasonably accurately -- the essence of good programming (as opposed to mere "coding"). See W.W. Sawyer, Mathematician's Delight (many reprints since 1945) and Junaid Mubeen, Mathematical Intelligence, Profile Books 2022 [ISBN 978 1 78816 683 6].

Re: No difference....

"So, it's not gonna be much different with AI content"

Except that the chatbot provider gets access to all your human-generated comment to "improve" the bot (as usual, this is not for your benefit but for theirs). Goodbye commercial confidentiality.

Re: Cynicism is easy

"this sounds like a big step forward"

Yes, another of the sort of major breakthroughs that have made Culham hightly reputed for half a century or more. It remains to be seen whether its move into "AI" will maintain that reputation.

Right on the nail

" the organisation forms a life of its own that's only vaguely aligned with what is donors might think it does"

Not so long ago I applied for a senior post at a charity officially dedicated to alleviating world poverty, but withdrew my application when the JD came back headed "[charity name] is a feminist organisation". What that had to do with alleviating world poverty was not made clear.

"a rouge state"

If it's a rouge state they're probably pink envelopes.

Re: The question is...

Hey! I didn't realise it had reached alpha -- (I thought they were still "designing" it)