* Posts by Mike 137

3800 publicly visible posts • joined 10 Sep 2009

UK government using AI tools to check up on roadworthy testing centers

Mike 137 Silver badge

"the output of an MOT is one of three things. Pass, Fail or advisory"

actually it's fail, pass or pass with one or more advisories. Advisories don't result in fail.

Google takes action after coder reports 'most sophisticated attack I've ever seen'

Mike 137 Silver badge

How dumb can you be as a service provider?

"G.co is a genuine Google subdomain and anyone can create a new Workspace using a g.co subdomain without having to verify that they own it."

How utterly, crassly insecure!

"We have not seen evidence that this is a wide-scale tactic, but we are hardening our defenses against abusers leveraging g.co references at sign-up to further protect users."

I should bloody well hope so -- it should never have been possible in the first place.

This (as usual) hardly qualifies as a 'sophisticated' attack -- someone just spotted and made use of a wide open door with a fluorescent welcome mat bearing the legend "burgle me please".

Astronomers red-faced after mistaking Musk's Tesla Roadster for asteroid

Mike 137 Silver badge

Re: Tesla roadster launched on SpaceX's first Falcon Heavy mission.

The self-absorption indicated by pointlessly adding his roadster to the burgeoning population of space junk has just been exceeded by his proposal yesterday to rename the English Channel to “the George Washington Channel”. The "richest man in the world" seems to think he owns it (and, obviously, the near space surrounding it).

AI agents? Yes, let's automate all sorts of things that don't actually need it

Mike 137 Silver badge

A certain kind of business...

"... it's less clear why businesses might want to become endpoints in OpenAI's ecosystem and surrender direct contact with customers"

Unless they're the increasingly common kind of business that thinks customers are a nuisance except (briefly) when their wallets open. Of course you wouldn't want to do business with them, but once there's an "AI" intermediary you might not even realise you're doing so -- a further extension of the Amazon marketplace, where even now you don't really know whether the notional business actually exists.

Robots in schools, care homes next? This UK biz hopes to make that happen

Mike 137 Silver badge

Pardon??

"iIt'll always stay in character as the deity Thoth. So that's entertainment"

Only 'entertainment' on the level of the Edinburgh Fringe jokes of the year, even supposing that the 'character' of Thoth can be identified and replicated (in particular, which charcteristics)[1]

[1] Thoth

Former Amazon exec appointed as boss of UK's competition watchdog

Mike 137 Silver badge

"not "sufficiently focused on growth"

"Growth" is an interesting phenomenon. It comes in two kinds. The first is natural growth born of fulfilling a demand in a market that is not yet saturated, and that kind of growth is conducive to the common wealth. However once the market approaches saturation, further growth must become predatory -- squeezing out competitors to take their share of the market (and indeed in many cases squeezing every last possible dollar out of the customer, as in the widely adopted move to subscription models for services that do not essentially need to change)-- and that is, sadly, only conducive to enriching the most ruthless, but detrimental to the common wealth. The tech oligarchs that have clustered around Trump exemplify that end. So I suggest that "growth" is not the best general indicator of economic health, particularly given that the Gx economies are largely in the second (predatory) phase.

The appointment of someone from Amazon to regulate competition is thus highly ironic, given Amazon's history of anti-competitive practices. But I guess our govt. has fallen yet again for the old but fallacious assumption that because someone is financially successful they must have a generally applicable "secret of success", whereas it's commonly to a great extent just down to a combination of luck and greed.

AI pothole patrol to snap flaws in Britain's crumbling roads

Mike 137 Silver badge

"the flood of hallucinating large language model chatbots"

"Hallucinating" implies existence of cognition, so in the context of "AI" it's just another example of marketing bullshit. Why not just be honest and say "the output is (predictably) nonsense because the machine hasn't a clue what it really means"?

UK aims to fix government IT with help from AI Humphrey

Mike 137 Silver badge

"to explore what the public are saying directly"

"the "Consult" tool analyses "the thousands of responses any government consultation might receive in hours, before presenting policy makers and experts with interactive dashboards to explore what the public are saying directly"

In reality that probably means "to filter out any challenge or counter argument to the govt. proposal." However the AI will render even more efficient a process that seems (from my experience of submitting to govt. consultations) to be quite effective already, so maybe we won't see much change from outside. The key difference will merely be that, instead of having to read and reject unpalatable responses, staff will never get to see them in the first place, so the workload and stress will be reduced and the department will be a happier place to work. I suppose that's a good thing...

Even modest makeup can thwart facial recognition

Mike 137 Silver badge

"However, gait recognition is becoming quite powerful..."

Roll on the Ministry of Silly Walks1

Monty Python's Flying Circus series 2 episode 1 15 Sept. 1970

.

UK government pledges law against sexually explicit deepfakes

Mike 137 Silver badge

Not quite

"Is there any reason copyright laws cannot be toughened up to tackle deepfakes. If everyone owns their own likeness ..."

'Owning your own likeness' is not covered by copyright. As its basic principle, it applies only to created works and is vested in the creator. So you can't have copyright in your likeness -- <irony>at a pinch it might be extended so that your mum might own copyright in your likeness but that's seriously stretching a point</irony>.

Microsoft declares 2025 'the year of the Windows 11 PC refresh'

Mike 137 Silver badge

Re: Whatever happened

"Empires rise... become complacent, corrupt, senescent... And empires crumble and fall."

But unfortunately (according to archaeologist Flinders Petrie[1]) the cycle takes on average about a thousand years. So, sadly, M$ has a lot of life left yet.

[1] W. M. Flinders Petrie, Revolutions of Civilisation, Harper & Brothers, 1922

.

Microsoft won't let customers opt out of passkey push

Mike 137 Silver badge

Re: "No password entry or 2FA step is required."

"you already have two factors. One you have the device containing the passkey. Two you have authenticated to the device using either biometrics or a password to be able to utilize the passkey"

Unless I've misunderstood, that means however 'secure' the passkey itself is, overall security is only as strong as whatever authenticates access to the device, which can break down in event the device is in the wrong hands. There is apparently no universally robust authentication system that remains so in all eventualities.

Mike 137 Silver badge

Unmentionables

One of the most robust (technically speaking) authentication tools is the out of band one time key generator dongle, and these have been around for ages. But I have witnessed many instances where the dongle had been stored with the laptop in the same bag when stolen.

Any sole authenticator approach (however technically 'sophisticated') is pants, hence MFA.

US airspace closures, lack of answers deepen East Coast drone mystery

Mike 137 Silver badge

Re: Observations

"textbook definition of a moral panic"

Surely amoral panic -- as far as I can see morality has no bearing on all this nonsense.

Contrary to some, traceroute is very real – I should know, I helped make it work

Mike 137 Silver badge

Re: Interesting stuff

No apologies necessary -- you're absolutely right. The biggest problem we face for the future is successive echelons of notionally technical folks who understand less and less about how things actually work internally. And there are moves to make this even worse by paring down initial training.

Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks

Mike 137 Silver badge

"The malware was embedded in Gasboy's Payment Terminal"

How?

Although, as usual, the capabilities of the malicious agent once installed get reported in detail, the key issue of how it got in in the first place seems either to have been ignored or suppressed by the investigators. This is commonly the case, particularly where the intrusion has been reported as "a sophisticated attack" (and ultimately turns out to have been a complete push-over). The result is that improvement is hampered. Stopping the initial intrusion is the strongest defence there is, but you have to know what you're up against.

Firefox ditches Do Not Track because nobody was listening anyway

Mike 137 Silver badge

"apparently web developers still live in a fluffy world where you can trust everyone"

Actually, they probably don't, they just don't give a tinker's cuss about the user of the web site they develop, for three reasons: [1] they (the developers) are Gods who can't be challenged; [2] they're getting paid by their client (the web site owner) not the users; [3] they're utterly ignorant of what they're creating at the code level coz they use fancy dev tools and open libraries that they just take for granted. An informed guy I spoke to recently told me that web development is now mostly in the hands of graphic designers, not technically informed folks.

American cops are using AI to draft police reports, and the ACLU isn't happy

Mike 137 Silver badge

Re: Minority Report

"it's been going on in the UK for at least a decade"

And not just computer data. Since 2014, UK local councils can create regulations restricting personal behaviours, and these attract criminal penalties for infringement. They are enforced by either non-police council employees or by third party firms (in some cases paid by number of citations issued), and against them the sole challenge is via the prohibitively expensive High Court.

So these "AI police reports" are just a small part of the loosening of the reins on both law making and enforcement, and merely symptomatic of overall a cultural shift towards authoritarianism that seems to be occurring worldwide.

Roll on the era of Judge Dredd.

Aliens, spy balloons, or drones? SUV-sized mystery objects spotted in US skies

Mike 137 Silver badge

Realistic outcome?

" what happens if the lights in the sky turn out to be spacecraft sent from another planet"

If they're flying over the Orange Man's plot and have any common sense, the occupants will take one good look and leave again fast.

British Army zaps drones out of the sky with laser trucks

Mike 137 Silver badge

Re: Sadly not a item of bad englishes

"seems to be "correct" English"

apparently, if a mistake or error is widely enough perpetrated it becomes valid[1]. Of course the Earth must at some point have been flat because almost everyone thought so. Must have been a huge upheaval when it became spherical.

[1] Similarly to 'learnings' in its complete neglect of grammar is the almost ubiquitous and utterly ungrammatical "attendee" and 'escapee". The 'ee' ending grammatically indicates the object of a sentence (the thing or person to which something is done -- as in 'employee') The correct grammatical ending for the subject (the thing or person that performs the action, as in 'employer') is 'er' or 'or', so the correct spelling would be ;'escaper' and 'attender', regardless of whether a majority of the uninformed say otherwise. And yes, grammar does matter. Without it, language becomes ambiguous and incapble of expressing nuances so the clarity of communication suffers.

Microsoft holds last Patch Tuesday of the year with 72 gifts for admins

Mike 137 Silver badge

"this Patch Tuesday, with just 72 fixes"

<sarc>Excellent</sarc> -- that's only about 860 per year (actually quite a lot more if 'just' is a valid qualifier here). And these guys describe themselves as providing us with 'security' !

NASA finds Orion heatshield cracks won't cook Artemis II crew

Mike 137 Silver badge

Re: Dèja vu maybe?

" leading to burn-through of a secondary O ring on launch"

But it's not like this was a surprise. Actually burnthroughs were quite common on previous flights -- indeed it had been suggested officially that burnthrough products could help seal what was inherently a badly designed segment joint. The latter had been primarily designed to save materials cost as the original (and safer) design had needed a much larger diameter and more costly billet for manufacture. And in any case the segmented booster design was politically motivated as it allowed the boosters to be manufactured in a state distant from the NASA site, so transportation of a non-segmented booster would have been very difficult. So compromises all down the line. The root causes of accidents are often quite far removed from the incident.

Mike 137 Silver badge

Dèja vu maybe?

"if the module changes its re-entry method, the spacecraft will be safe for crewed flight without a redesign"

I'm no expert in the field, but this sounds to me horribly like the argument about some 'O' rings a while back.

PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files

Mike 137 Silver badge

Yet again (and again and again and ...)

SQL injection, authentication bypass and arbitrary file read. Out of the Ark all three. When will someone [a] ideally stop making these idiotic mistakes or [b] possibly less unrealistically, do some darned code review and testing?

T-Mobile US CSO: Spies jumped from one telco to another in a way 'I've not seen in my career'

Mike 137 Silver badge

Wrong way round?

"it will make it impossible, if not really hard,"

Surely, "really hard, if not impossible"?

Musk and Trump to fall out in 2025, predicts analyst

Mike 137 Silver badge

"putting Tesla's ability to execute on full self-driving vehicles at risk"

Could anything achieve this better than the history of Tesla's attempts so far?

Wish there was a benchmark for ML safety? Allow us to AILuminate you...

Mike 137 Silver badge

All very well but ...

A worthy attempt (if only at the symptomatic level), but benchmarks would seem somewhat moot in the face of some basic failings of principle from which the current AI paradigm suffers. The stochasticity of results and the effective impossibility of verifying how they were arrived at are fundamental barriers to trust (and indeed to a great extent barriers to improvement).

Ransomware hangover, Putin grudge blamed for vodka maker's bankruptcy

Mike 137 Silver badge

"try distilling your own. It's legal in the UK for personal use"

It's not quite that simple in reality. The simplest and entirely legal way to produce flavoured spirits at home is to buy the spirits and add the flavours (as in sloe gin) without any distilling needed. Or you can approximate by fermenting with a high alcohol yeast, yielding up to about 20% alcohol by volume (also entirely legal).

The revenue have always been very strict on distilling (mainly because of the huge revenues from alcohol) and the penalties for illicit distillation are severe. My local pharmacist used to produce distilled water for sale to motorists. About every three months an inspector would come and test his still for traces of alcohol or other relevant distillation residues.

Mike 137 Silver badge

Re: Finest Latvian vodka

"I'd suggest help lobby the supermarkets to stock more real Budweiser"

Here in the UK almost all beers ostensibly from Italy and Spain, and around half the "English" beers ostensibly from regional breweries are brewed under licence by Heiniken.

Ah, branding: the ubiquity of bullshit!

Judge again cans Musk's record-setting $56B Tesla package

Mike 137 Silver badge

Re: Odd

X: "< the transliteration of Chinese as an "Sh" sound"

Actually I believe it's not "Sh" but "Hs" (an aspirated 'S').

Mike 137 Silver badge

Well errrr.....

""This ruling, if not overturned, means that judges and plaintiffs' lawyers run Delaware companies rather than their rightful owners – the shareholders"

Not quite, as shareholders don't have an entirely free hand -- both they and the executive have to comply with company law. The basis for the original decision was that the board was not sufficiently free from influence by the beneficiary, and of the second decision was that [1] those who voted were potentially led by misinformation on the proxy form into believing the first decision was voided and [2] a shareholder vote in any case could not nullify the bias to which the Board was subjected if that bias was essentially unlawful. These all seem quite reasonable arguments based on current legislation.

GitHub's boast that Copilot produces high-quality code challenged

Mike 137 Silver badge

Grammar please

"code written with its Copilot AI model is "significantly more functional, readable, reliable, maintainable, and concise"

than what? Grammatically, "more" is a comparative, so this statement is meaningless unless it includes a secondary subject to compare the first with. So (not surprisingly) this is pure hype.

Severity of the risk facing the UK is widely underestimated, NCSC annual review warns

Mike 137 Silver badge

The key omission

"being able to detect, neutralize, and recover from attacks at pace, be it through their own technical implementations or with support..."

This excellently exemplifies the root of the problem. Almost everyone still thinks that cyber security is a technical issue. It's most definitely not - it's a cultural one with technical facets. While I accept without reservation that our technologies are deeply flawed and need constant protective attention, almost every reported data breach has fundamentally been down to poor decision making or sloppy management on the victim side or in their supply chain. Whether or not an entity can be secure is at least as much a matter of attitude as it is the deployment of tech fixes, including whether that entity operates proactively or purely reactively to identified threats, whether it operates a blame culture or not, and a host of other psychosocial characteristics. Indeed, the culture mostly drives the choices and adoption of protective technologies, so tech robustness and resilience can only be achieved where the entity is willing to invest the effort and expenditure to select, implement and maintain the most appropriate technologies.

GenAI comes for jobs once considered 'safe' from automation

Mike 137 Silver badge

But just because a job is "affected" by generative AI doesn't mean the role itself will go away

If this turns out to be a reality, it just means that the nature of the affected jobs will change -- from spending time making informed decisions to instead wasting it working out whether the AI is talking bollocks.

The only thing worse than being fired is scammers fooling you into thinking you're fired

Mike 137 Silver badge

Re: an email that appears to be a legal notice

'not to mention some tangible "proof of delivery" '

There's a curious clause in many contracts I've encountered (which seems to be legally valid, at least in the UK) which states that proof of posting (not delivery) is sufficient evidence of serving.

Mike 137 Silver badge

Dead giveaway

'the email uses the subject line "Action Required: Tribunal Proceedings Against You"'

In the UK, cases can only be brought to Employment Tribunals by employees, not by employers. So the above statement immediately identifies such emails as a scam.

'Best job at JPL': What it's like to be an engineer on the Voyager project

Mike 137 Silver badge

Amazing but probably in short supply

Ah, the brilliance of the few! Training in the fundamentals for this kind of real engineering (which are primarily a way of thinking, not just a body of knowledge) has become an essential for general education in our intensely technology-driven societies, as opposed to aiming for provision of soft options that merely avoid "turning teens off".

Abstract, theoretical computing qualifications are turning teens off

Mike 137 Silver badge

A fundamental error

"Much of the content, such as CPU functionality and fetch-decode-execute cycles, is abstract and challenging for students, overshadowing practical exposure to emerging technologies like AI"

We already have a general population of "users" who rely on (presumably better informed) others to define and provide the technologies they make practical use of but understand little or nothing about. Unfortunately, it is from that population that successive echelons of the supposedly better informed are largely drawn, so the societal body of real expertise declines, and with it the quality and reliability of the technologies..

"It also pointed out that it is possible to pass the GCSE Computer Science course while doing very little – if any – programming on a computer"

Perpetuating the myth that programming is the primary computer expertise. But someone has to design the hardware, develop the new languages and protocols, ensure security and robustness, and a host of other essentials. A nation of coders who don't understand the systems they're coding on or for is at a huge disadvantage when it comes to developing systems with increasingly far reaching societal impact.

So I concur there should be two pathways, but it would be a huge mistake to deprecate computer science in favour of mere "digital literacy", even if that includes user level practice on "AI".

"The GCSE contained out-of-date content about networks and internet protocols that could be removed from the specification to make way for more exciting material, Adamson said"

I'm not at all sure that "exciting material" is the best criterion for what constitutes sufficient baseline knowledge for potential practitioners in a highly technical subject.

"a study [PDF] by King's College London, the Nuffield Foundation, and Reading University also recommended broadening the GCSE curriculum and better teacher training and professional development in the subject"

So the current comp sci syllabus is inadequate[1] and the teachers aren't sufficiently competent in the subject. Does this explain, at least to some extent, why the students are avoiding or dropping out of the subject? Maybe those deficiencies are the first things we should fix.

[1] I've taught on such courses and commonly found the (nationally ratified) syllabi patronisingly shallow and consequently boring to students. They generally needed deepening rather than broadening. We had to surreptitiously break the rules on order to impart useful knowledge and keep students' attention.

The workplace has become a surveillance state

Mike 137 Silver badge

Re: Surveil ethically?

"People with brains look stuff up, file stuff, cross-reference (and I mean actual printed materials, not asking StackOverflow)"

Some also think, an activity which (so far) can't be monitored. Maybe I shouldn't have suggested that...

Another 'major cyber incident' at a UK hospital, outpatients asked to stay away

Mike 137 Silver badge

Whether or not ...

"There may also be a nation state element to the attacks"

Regardless of this, it'd be interesting to discover whether these hospitals were targeted, or were merely so darned wide open they fell victim as collateral damage to a shotgun attack aimed at some third party (as in the case of notPetya). Having tried to do infosec in an NHS trust, I suspect the latter is most likely.

QNAP NAS users locked out after firmware update snafu

Mike 137 Silver badge

QNAP not alone

I have a Thecus NAS that has an "irritating" issue that's never been resolved. I used to power it down when not actively in use, but every so often after a few powerdowns it loses its boot password and refuses to go live again. Thecus provided a script that clears the password, but then you have to start from scratch again setting up access from all the machines that talk to it.

It appears that, despite NAS in principle needing to be robust ands reliable, they're in general thrown together like everything else in IT. What a surprise (!!)

Smile! UK cops spend tens of millions on live facial recognition tech

Mike 137 Silver badge

Re: The huge fly in the ointment

"probably by saying that they're doing fine so "shut up!""

The PM actually responded (on the evening news today) that the 2M+ who signed the petition were probably drawn from the population that didn't vote labour (so presumably by implication their views don't count). This from one who stated before taking office that he would put country before party.

Mike 137 Silver badge

The huge fly in the ointment

"Parliament will consider this for a debate"

and having 'considered' will decide not to have the debate. They have however undertaken to 'respond', probably by saying that they're doing fine so "shut up!".

Whomp-whomp: AI PCs make users less productive

Mike 137 Silver badge

Re: Not really news

"Why on earth do they think that giving wrong results is a good idea?"

Two possible reasons I can think of:

[1] they can't be arsed to prevent it happening

[2] wrong results crafted as click bait[1] make them as much money as right results

These possibilities are not mutially exclusive.

[1] e.g. search for 'Pythagoras' theorem' yielding links to sales sites announcing "big discounts on Pythagoras' theorem"

.

Mike 137 Silver badge

Not really news

" "Many AI users spend a long time identifying how best to communicate with AI tools to get the desired answers or response"

This has for ages been the bane of those trying to get meaningful results from search engines. The evidence is out there -- just nobody in the technocracy (or more realistically, the tech plutocracy) has bothered to look.

Here's what happens if you don't layer network security – or remove unused web shells

Mike 137 Silver badge

At least equally probably

"their risk-based decision-making, miscalculated the potential impact and likelihood of its exploitation"

Because infosec risk assessment (even as specified by international standards) is currently no better than crystal ball gazing. Even the most basic tenets of probability theory are typically a complete mystery to practitioners, nobody seems to record the rationale or supporting evidence for their decisions, and the psychology that underpins good and bad decision-making is completely ignored. The results are therefore almost always garbage from which no learning or improvement can take place. Unfortunately, these defects have become enshrined in the standards because they reflect current practice, and as pretty much all training is based on said standards we're stuck in a loop from which we can't break out.

Tesla Cybertruck, a paragon of reliability, recalled again

Mike 137 Silver badge

Fail safe?

"when the driver loses the ability to apply torque, they will immediately receive a visual alert on the user interface, with an instruction to safely pull over the vehicle to the side of the road"

Whether that's actually possible is of course outside the realm of the manufacturer's responsibility, but in the absence of torque (i.e. drive to the wheels) it seems unlikely.

Clues to Windows Intelligence found in Windows 11 builds

Mike 137 Silver badge

Re: What about...

or Arrogant Idiots?

BTW, 'idiot' in the original Greek meant someone who concentrated exclusively on their own interests rather than those of the community. Seems to fit in the case of M$.

Watchdog finds AI tools can be used unlawfully to filter candidates by race, gender

Mike 137 Silver badge

"AI can bring real benefits to the hiring process"

Ah, the mandatory lip service to the technocracy.

What benefits exactly? Is it possible that "human resources" folks aren't competent enough any longer to manage without an automaton to make their decisions for them?

HR used to be called Personnel -- the emphasis then being on people. That seems to have fallen largely by the wayside, but the use of "AI" for staff selection seems the final fatal step on the path to the automatisation of humans.