Posts by bencurthoys 20 publicly visible posts • joined 25 Oct 2009
I've been wondering to myself why this isn't already a thing for ages:
https://www.facebook.com/ben.curthoys/posts/10154848262727110
https://twitter.com/bencurthoys/status/1112998358652727297
I'm sure it's harder than I think it is, but I am surprised that no mobile company has started doing it themselves before now.
Suppose that you have a magic terrorist detector, such that that if you give your detector a picture of a terrorist, 99 times out of 100 it says "yes" and 1 time out of 100 it says "no". That means that it has a false negative rate of 1% and a true positive rate of 99%.
And suppose futher that if you give your detector a picture of a non-terrorist, 99 times out of 100 it says "no" and 1 time out of 100 it says "yes". That means that it has a false positive rate of 1% and a true negative rate of 99%.
This is a pretty fucking good detector. You would have to be an idiot to refuse to admit that such a scanner would be useful.
But. If you take this detector and scan 1,000,000 people, 100 of whom are terrorists - you will EXPECT, of the 999,900 non terrorists, to get 1% false positives. Which means the detector is going to go "TERRORIST" 9,999 times in error and remain silent 989,901 times correctly. And of the 100 terrorists, you expect it to go "TERRORIST" 99 times correctly, and remain silent once in error.
So of the 10,098 times it said there was a terrorist, in only 99 of them was there actually a terrorist. About 1% of the time when the machine goes beep does it mean there's really a terrorist there.
Does this mean that the system has a "99% false positive rate"? No. We established above, the system, which is a good and useful tool to have, has a 1% false positive rate. But if it is being used on a population with a very very low base rate you always expect the false positives to outnumber the true positives.
What the system has successfully done is narrow down for you a population where terrorists were 1 in 10,000 to one where they're 1 in 100, for you to look at more closely. This is useful.
What this article (and, every single other article on this subject has done) is commit the https://en.wikipedia.org/wiki/Base_rate_fallacy and I wish you'd stop.
Argue against facial recognition, sure. Just please don't use nonsense statistics to do so.
I find it a bit upsetting that this totally wrong statistic keep being repeated by news sites I expect better of (the Register, Boing Boing).
Suppose you had a cancer detector such that, if you tested 100 people who did not have had cancer, it says “NO CANCER” to 99 of them, and “CANCER” in error to 1 of them. You would say that it had a false positive rate of 1%. You'd think it was working pretty well.
And if when you tested 100 people who did have cancer and it said “CANCER” to 99 of them and “NO CANCER” to 1 of them, you would call that a false negative rate of 1%. And that's not bad either.
If you then tested a population of 10000 people, 9900 of which did not have cancer and 100 of which did, you would expect there to be 99 false positives (1% of 9900) and 99 real positives (99% of 100). 198 positive results of which 99 are accurate and 99 are wrong.
So 50% of the people the test says have cancer, don't. If the test says that you have cancer, you've a 50/50 chance of actually being fine. This is NOT because there's anything wrong with the test: as we saw, the test gets it right 99 times out of 100. The false positive rate is only 1%. It's because you're using the test on a population with a very low "base rate". This is the base rate fallacy: https://en.m.wikipedia.org/wiki/Base_rate_fallacy
What these headlines have done is the equivalent of taking these stats - the output of a system with a 1% false positive rate and 1% false negative rate - and saying “Oh, there are 99 false positives and 99 real positives, so the false positive rate is 50%”. Which is stupid.
If you had such a system - which is 99% accurate - would you decide that it's useless and throw it away, just because a positive result on a population with a low base rate doesn't necessarily mean that you've found what you're looking for? Or perhaps, if you weren't a total fucking moron, you might use it as a tool on populations that you already suspect of having higher base rate - perhaps in our analogy testing people who have shown symptoms rather than screening the population at large - whilst understanding its limitations.
Back to the plot. The police could usefully and sensibly use this to look for 1 person in particular in a small to medium crowd they already expect them to be in. If the person they are looking for is not in that crowd, then they might get some positive results, but obviously the ratio of "false positive" to "true positive" results is infinite, because there are no true positives, because the person isn't there. Still doesn't make it worthless.
By all means object on the grounds of civil liberties. By all means say that the police shouldn't be allowed to use this technology, and should just stick with super-recognisers in front of cctv screens. But don't bang on repeating the same nonsense about the "98% false positive rate" because you're too lazy to understand how it works.
The standard common law test of criminal liability is expressed in the Latin phrase actus reus non facit reum nisi mens sit rea, i.e. "the act is not culpable unless the mind is guilty". In jurisdictions with due process, there must be both actus reus ("guilty act") and mens rea for a defendant to be guilty of a crime (see concurrence). As a general rule, someone who acted without mental fault is not liable in criminal law. Exceptions are known as strict liability crimes.
I'm with you all the way to the conclusion.
It's easy to write slim, elegant code that works when the users are doing what the developer expects.
It's easy to wish you could start again and throw the legacy away.
But once your product is out in the real world, by the time you've fixed all the edge cases and made it do all the things that real people need, you'll be bloated right back to where you started having wasted a few years.
https://www.joelonsoftware.com/2000/04/06/things-you-should-never-do-part-i/
Are you people all insane? Code has DEPENDENCIES. You can't just write one patch that works on every version of some code you've ever released. If you start with version 1, and then you fix a bug and you have version 1.1, and then you find another bug that someone who hasn't bothered to install 1.1 wants fixing, what do you do? Make version 1.0.1 and 1.1.1?
Then the next change is going to require you to ship
1.0.0.1
1.0.1.1
1.1.0.1
1.1.1.1
and so on until 64 patches later you have 9,223,372,036,854,775,807 versions you're trying to simultaneously support.
To install a new patch, you must first have installed all the patches that went before, otherwise who knows what will happen. And we have a name for a fully patched version of Windows with every upgrade applied: We call it Windows 10.
Before you assume that ads that aren't clicked on are wasted, have a bit of a read up on things like
https://en.wikipedia.org/wiki/Mere-exposure_effect
If you constantly see ads for a brand, *even if* you think you're too clever to be swayed by advertising or you aren't in the market for a thing at that particular time, if and when you are, you will prefer that brand that you've seen loads of adverts for to the one you've never heard of.
Car adverts are a good example: they aren't attempting to make you drop everything and go and buy a car now. Most of the people who see car adverts aren't in the market for a car right now, but if they might ever buy a car ever in the future, then that ad isn't a waste.
I don't use taxis much, but Addison Lee was that as far as I was concerned.
They were big enough that they could cover all of London, and unlike looking up the nearest local minicab office, always had drivers nearby, always had nice, clean, comfortable cars. Good technology integration, etc.
Sure, they've done some horrendously dickish things in their time, but there are also centralised processes so that e.g. homophobic drivers can be corrected.
My mental image of what getting an Uber ride is like is it being just like booking a car with Addison Lee, except that if it's a "surge" they'll rip you off and they'll treat their staff less well. Is that unfair?
Plus, after you've gone all the way through the tender process and can demonstrate that you score more highly on functionality and value for money, they'll still just throw your bid out because your turnover is too low.
It's nice of them to let you invest all the effort in trying though instead of being honest about your chances at the PQQ stage though, isn't it?
IIS was a poor example to pick. You can script IIS changes. Here's a snippet of one of my deployment powershell scripts which I use to create or update instances of my SaaS product on the production server. Much less error prone and time consuming than using the IIS GUI admin tool; I modify the config files to tell it where things should be installed, and then run the scripts to do the installation.
function CreateIISSite($hostName,$iisName,$folderName)
{
$iisSiteName = $iisName
$iisAppPoolName = $iisName
$iisAppPoolServiceName = $iisName + "Service"
$iisAppPoolDotNetVersion = "v4.0"
$directoryPath = "D:\mycompany\$folderName"
#check if the app pool exists
if (!(Test-Path "IIS:\AppPools\$iisAppPoolName" -pathType container))
{
#create the app pool
$appPool = New-Item "IIS:\AppPools\$iisAppPoolName"
Set-ItemProperty "IIS:\AppPools\$iisAppPoolName" -Name "managedRuntimeVersion" -Value iisAppPoolDotNetVersion
$appPoolService = New-Item "IIS:\AppPools\$iisAppPoolServiceName"
Set-ItemProperty "IIS:\AppPools\$iisAppPoolServiceName" -Name "managedRuntimeVersion" -Value iisAppPoolDotNetVersion
}
#navigate to the sites root
#check if the site exists
if (!(Test-Path "IIS:\Sites\$iisSiteName" -pathType container))
{
#create the site
$iisSite = New-Item "IIS:\Sites\$iisSiteName" -bindings @{protocol="http";bindingInformation=":80:" + hostName} -physicalPath "$directoryPath\Root"
Set-ItemProperty "IIS:\Sites\$iisSiteName" -Name "applicationPool" -Value $iisAppPoolName
if ($hostName -ne "$iisSiteName.mycompany.com")
{
New-WebBinding -name "$iisSiteName" -HostHeader "$iisSiteName.mycompany.com"
}
True, right now I run the scripts by going in with RDP and clicking on a file, instead of a better way, but that's because I can get away with it.
So you can script IIS. Arguably, you *should* script IIS. If Microsoft want to insist that you **MUST** script IIS, then they're going to lose a lot of friends =)
We just failed to make the shortlist for a tender we'd been working on for over a year.
We started off by being recommended by another local authority to our potential customer. We went in a did a demo. We established that they liked our product better than their current one, and all the other ones on the market they'd seen. We were cheaper than everyone else too. Then they started on a tender process that I'm sure cost more in admin time than the total value of the contract, and finally the person who would actually be using the software was told that they couldn't choose, because we weren't a big enough company to be permitted to do business with the government.
Details available on request. It's not just that I'm pissed off with losing the work, though that smarts - it would have been a big deal for us and we'd have been able to do it really well, It's the combination of that with the empty lies that central government tells about encouraging SMEs that really gets my goat.
Everyone's claiming that everyone would avoid this tax by dealing only in cash, or by batching up all their transactions to a monthly central clearing house, or whatever.
But that the moment there is ALREADY a transaction tax on basically all B2C transactions. The credit card company + payment gateway takes between 1% and 3.5%+20p per transaction. If my business took cash payments, Barclays would charge me 0.9% to deposit cash in my bank, and I'd want to consider hiring security to move it to the bank, and buying a safe to keep it in on my premises. Giving a tiny percentage to the Government wouldn't make any difference to my cash handling costs.
Admittedly, BACS is free, but I don't see everyone buying their daily groceries by BACS to avoid the fees. The convenience of the credit cards wins out, even when it costs merchants money. Why would an additional 0.5% or whatever on those fees cause everyone to abandon existing, convenient systems?
Perhaps B2B is different, and the sums are certainly larger, but if it cost me 1% to receive a payment by BACS, that wouldn't be enough for me to want to get the train to my customer to take payment in the form of a big bag of cash, which I would then have to worry about storing securely, or have to pay to pay into my bank anyway. That convenience is worth way more than 1% to me.
Whilst I'm not certain that a transaction tax isn't loopy - the Payment Card Industry provides the infrastructure that allows Credit and Debit card transactions, and funds it from a transaction tax which no one really objects to. The Government provides the infrastructure that makes all commerce possible - the existence of a stable currency and the rule of law, for a start, so it's not obviously to me why they haven't as much justification to claim a transaction tax as Visa and Mastercard have.
I do pay £1 or more to take cash out of an ATM, unless I walk well out of my way to a free one.
If I want to pay cash or cheques into my Barclays business account then the bank will charge me 1.5%, on top of my costs of securely transporting any cash to the bank.
If I want to take credit card payments online then between the payment gateway and the credit card company I'll be paying about 1.5-3% + 20p per transaction.
All of these payments - including cash, which is largely perceived to be "free" - have frictional costs from the business's point of view, and we seem to cope with that ok.
If VISA can charge 2% for providing the infrastructure that makes credit card payments possible - servers and security and communications and so on - then why can't the government charge for making currency possible - the rule of law, the royal mint, trust in the pound as a medium of exchange?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
