Posts by flayman 367 publicly visible posts • joined 29 Jun 2010
The secrecy of the appeal process is the worrying part. Apple had to fight for the right to publicise the fact of the notice served on them, and it was a close thing. The rule of law also requires oversight. I don't think the Investigatory Powers Act is ECHR compliant, and we need to have that discussion and process.
Nevertheless, the offered reason for the announcement on the department's website is rather lame. I would like to think that even most Trump appointees are sensible people who are not comfortable being seen to break the law. There are still good professional people running some of these departments, if only for the time being.
"CISA is thus following the letter of that judgment, in that the ejected probationary staffers have been reinstated, though they've been promptly parked on paid administrative leave. Weirdly enough, this decision was broadcast on the agency's website, presumably in case it's unable to get hold of laid-off folks and hopes they'll see that page."
No, they are broadcasting their compliance with a court order, in defiance of the White House. Bringing the axed staff back on administrative leave is presumably just the first step while they sort things out, or at least until the court gives its blessing to the defendants.
"...we are terribly exposed to someone joining, posting grot, and ringing the alarm bell."
But that doesn't mean you're not compliant. It's how you deal with that situation that matters, and the risk assessment is to ensure that you've thought about it and come up with a process for handling these things, which is likely the same as the one you already have. The risk assessment will either be accepted or you'll be asked to do it again. If it's accepted, then you've done your bit for the year. Follow the process you've specified and you're fine. If you receive an enforcement notice, comply with it. It's understood and accepted that you can't prevent all instances of these things happening. You're just expected to deal with them quickly and efficiently.
The recommendations that the tool gives you are simply that. Recommendations tailored for your specific case. You can decide to implement a different policy, as long as it's reasonable. The following year, if that implementation has not proven effective (i.e. you failed to quickly find and remove some proscribed content) then it should probably be amended. That incident does not mean you've broken the law, but ideally it would mean that you've already changed the processes in place.
OfCom would have to accept your risk assessment and description of the processes in place as well as the review that you carry out every year. If they do, you're fine. If they don't, you need to do it again. If you don't submit the risk assessment and other requirements, then you are non-compliant.
As I said, compliance is about ensuring that the sort of content that is for the most part already considered illegal is recognised and that there are suitable processes for dealing with it. If you run such a service and you don't have a risk appropriate process or you fail to comply with an enforcement notice, you are liable. Proscribed content making its way onto your service does not constitute a failure to comply. It is to be expected. How you deal with it is what matters. The penalty everyone mentions is the maximum available and would surely be reserved for gross and wilful noncompliance. How about we all just relax a little bit. It hasn't even started yet and some of you are predicting the end of days.
We're tech professional mostly. Smart people, I would have thought. We should take an evidence based approach when talking about this Act and how it is supposed to work. The Online Safety Act has its problem, but nothing like on the scale or scope of what some of you are suggesting. There are some publications explaining what will happen and how it will be enforced. Please read them. Here's one from gov.uk. I've linked to the heading "How the Act will be enforced."
https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer#how-the-act-will-be-enforced
It states that criminal charges only apply where information requests are not followed and for non-compliance with enforcement notices.
OfCom provide a tool to determine whether a service is caught by the Act. The start page for that is here, and it links to some other resources:
https://www.ofcom.org.uk/online-safety/illegal-and-harmful-content/check/
You answer a few questions, and if you find that the Act applies (for most of what we are talking about, it does), you can click a button "Check how to comply", which brings up this:
https://www.ofcom.org.uk/Online-Safety/check-how-to-comply/
Four steps:
"Step 1 - understand the harms
Step 1 will help you to know which kinds of illegal content to assess, and to make accurate judgments about your risks.
Step 2 - assess the risk of harm
Step 2 will help you use evidence to assess and assign a risk level to: the risk of harm to users encountering each of the 17 kinds of priority illegal content and other illegal content; and also the risk of harm of your user-to-user service being used for the commission or facilitation of a priority offence.
Step 3 – decide measures, implement and record
Step 3 will help you identify any relevant measures to implement to address risk, record any measures you have taken, and make a record of your assessment.
Step 4 - report, review and update
Step 4 will help you understand how to keep your risk assessment up to date, and put in place appropriate steps to review your assessment.
Based on your answers to questions asked within the tool, we will provide you with compliance recommendations for your service. It will be of most use to small and medium sized businesses but could be useful to any in scope service provider. "
The tool mentioned above is still being developed. It will provide recommendations. Following those recommendations would be a good way of ensuring compliance, but the recommendations are not law. I can imagine a recommendation that communities develop and publish a sensible set of rules and that those rules are enforced.
For the vast majority of online forums to which the Act applies, once you understand what content to look out for, step 2 will result in an assessment of minimal risk, because they are already operating in a manner that catches this type of content and deals with it quickly or there has never been such an incident in years of operation. That cycling forum mentioned in the article would be one such. In the latter case, step 3 will involve working out how to ensure that such incidents are caught and dealt with. For example "We will moderate our channels by providing a means to flag inappropriate content as well as proactively tackle inappropriate content that moderators discover themselves." If OfCom accepts the risk assessment and the measures, then you're good. There might still be some incidents which slip through the cracks. This is not a violation. It just means that the risk assessment probably underestimated the risk. If OfCom order removal and you don't comply, that would be a violation. There would have to be a process of appeal because a regulator is in a quasi-judicial rule. Step 4 is not unlike what we're having to do every year for GDPR.
I think there are some legitimate concerns around things like hate speech, and there had better be clear advice on that. Often people report things for hate speech which do not qualify. It could come down to an enforcement notice, and that would need to be complied with. Fines and, at the most extreme, criminal prosecution are reserved for responsible parties who do not carry out the duties imposed by the Act. If you do not perform and submit a risk assessment, you could be fined, but it won't be £18 million pounds or anything like that. Complying with the Act means carrying out steps 1 through 4, responding to information requests, and complying with enforcement notices.
Some of what the Act is attempting to do may seem pointless (age verification, etc), and perhaps it is. But I really don't think this is armageddon for service providers. If you disagree with any of what I've laid out, then I welcome your thoughtful and polite reply. /ducks
I'm sorry, but this is rubbish. We'll see. Give it a year. I'm sure you will be proven wrong. The Act will catch actors who are not being conscientious. It is attempting to ensure that everyone understands what sort of content is proscribed, most of which is common sense, and to assess the risk of such content a) getting onto their platforms and b) not being swiftly removed and dealt with in a compliant manner. In so doing, they will look at whether they have adequate procedures in place. The people who are worried about it are already doing the things they are meant to be doing.
On the other side of the Atlantic, major social media providers are shrugging off their responsibilities and just saying it's the wild west. Maybe Facebook and X.com will stop doing business in Britain. I honestly could not give a shit.
There is so much FUD around this. It's not minimum fine. It's up to £18 million or 10 percent of qualifying revenue. Read this explainer: https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer#how-the-act-will-be-enforced
I just can't see good faith errors being punished. Wilful failure to engage with OfCom is of course going to incur penalties.
I will begin by admitting that I have not looked very closely at the requirements that come into effect in March. But my limited reading of the gov.uk's explanation of the Act and how it is to be enforced suggests to me that a small forum that is actively moderated does not have much to worry about. Inappropriate content will be quickly removed and appropriate actions taken. Adequate controls are therefore already in place, and it is just a matter of noting this. It might seem a bit arduous in the first instance, but that would be a one-off cost, as the conditions year on year would remain stable until and unless the forum becomes much larger. GDPR creates a similar nuisance for small data controllers, but with the initial assessment exercise out of the way, it's become mainly a yearly box ticking exercise.
The article points to a four year old post in a small forum as an example of how this Act adversely affects small online communities. They're still freaking out about it and are talking about moving to Discord, but one wonders whether this is an overreaction. The fact is that there is this law, and forum providers need to comply with it. The degree to which one must comply is proportionate to the risk of harm. In theory, a risk assessment would show a negligible risk of harm on an efficiently moderated forum which has been operating for many years and has never seen an example of such harm, or has demonstrated swift removal of potentially harmful content. In practice, I hope this risk assessment does not create an undue burden. I can practically guarantee that OfCom are not going to over-prosecute this because they do not have the resources.
"It seems what isnt [sic] illegal is also under the purview of the President (or whoever was running the country at the time)."
Thank you for making my point so succinctly. If you let one guy extend his power, then another guy that you might not like will have it and be unwilling to relinquish it. I have no interest in these partisan squabbles. All I will say about the sources you've linked is that however these may be interpreted as violating rules, they do not represent encroachments on individual liberty, that being the bedrock of the Constitution. You keep muddying the water by bringing in issues related to illegal immigration. I agree that illegal immigration needs to be tackled. I support the policy of removing the automatic right to citizenship upon birth in the country, as this will help to curb that sort of illegal immigration; however, a constitutional amendment is needed. My main focus here is the effect on legally present aliens and the exercise of their constitutional rights. I welcome that these proposals are under public review, but the executive order that they are relating to is an overreach.
I'm sorry, because you've been fairly reasonable up to now, but some of what you're saying is really obtuse. For example, in response to the thing about civic responsibility:
"How many illegals are legally allowed to vote?" You're completely missing the point. If someone wants to be American, then let's be honest about what it means to be American. Americans owe a duty to be vigilant against encroachments on liberty. Americans should see themselves as troublemakers. Government by the people, of the people, and for the people. Government works for me. That's what it means to be American. These are the sort of people we should welcome because it strengthens us.
"I think you hit it there, As bad as the Ukraine/Russia conflict is no side is designated terrorist. " Yeah, until they are. That could happen years from now, and that ever growing file could be used to weed out whatever the administration of the day deems undesirable. That alone should give you pause.
"I dont see an issue with this. They have a temporary work visa for example, you would be more suspicious of them than someone thoroughly vetted and not shown any hostile intent. And you would hope there is a file on them, they crossed the border into the country." As I attempted to explain, which apparently fell on your deaf ears, it is entirely different to subject entrants to this vetting than to subject residents and visitors to it. ICE is not (yet) constantly monitoring the X accounts of everyone who has entered the country looking for dirt. I think it's probably unconstitutional, but we'd have to wait for a ruling. If you're okay with this, then there is no hope for agreement.
"The important word there is illegal." An illegal protest is whatever Donald Trump decides is illegal. Generally speaking, peaceful protests are protected. I know what he means when he says illegal. The rest of it is not worth responding to. You've lost me completely.
"For those 'legally' as in granted real permission to remain after being vetted then I dont think they should have to fear not having free speech. I was confused by you saying "non-citizens who are seeking citizenship or permanent residency" which I guess can include probationary residents who are probationary to give them time to show their true colours (for example if they are terrorist supporters)."
Because this is the proposal. Resident aliens who are seeking permanent residency or citizenship would be subject to this sort of intrusive vetting which has serious constitutional implications. The article is very clear on this. People living in the US legally on temporary work visas, for example, would have their social media combed for divisive content (which is what exactly?) and may then be denied renewal or if they apply for a green card or citizenship when eligible, there may already be a file on them. Paragraph b or the EO states:
%<----
(b) To protect Americans, the United States must be vigilant during the visa-issuance process to ensure that those aliens approved for admission into the United States do not intend to harm Americans or our national interests. More importantly, the United States must identify them before their admission or entry into the United States. And the United States must ensure that admitted aliens and aliens otherwise already present in the United States do not bear hostile attitudes toward its citizens, culture, government, institutions, or founding principles, and do not advocate for, aid, or support designated foreign terrorists and other threats to our national security.
%<----
That is very broad. Hostile attitudes towards culture? Towards government? I'm an American citizen and I have a hostile attitude towards government. The government has a hostile attitude towards some of its institutions and arguably its founding principles. Would attendance at a pro-Palestinian rally be disqualifying because it could be interpreted as advocating support for designated foreign terrorists? It's enough that someone might fear it could be. What Trump has said about illegal protests on college campuses lends this credibility. How about support for Ukraine in its war with Russia? Designation of foreign terrorist organizations is the preserve of the executive. Mere verbal or moral support should not be enough.
It is the civic responsibility of every American to challenge and question authority. Having a hostile attitude towards government is a way of life in the States. It's bread and butter, meat and potatoes.
"Also the government seem to have the sensible position that illegally crossing the border is illegal and so the criminal should be deported."
Illegal immigrants should be processed and deported unless they can claim asylum. How they elude capture can be a failure of cooperation among law enforcement agencies as well as a lack of resources. They still need to be treated fairly and humanely.
"I think that is the point."
I'm not clear on this. Chilling free speech is the point? Or is it something else. People who are already living in the US legally should not face this chilling.
Obama implemented ICE trawling through social media on aliens seeking to enter the country, which is intrinsically different to those present in the country. Those outside the country and at the border have no constitutional rights and no right of entry. The current proposals would create a serious chilling affect on the rights of free speech and association enjoyed by non-citizens who are seeking citizenship or permanent residency, for fear of loss of status and deportation.
"As stated in the article- "In fact, this goes back to 2014, at least, to one degree or another, and has been standard procedure for years for foreigners, particularly those coming in on a visa."."
And as I stated in another reply, aliens have no constitutional rights at the border. Aliens living in the United States or even present there do have constitutional rights, even if to a lesser extent. That makes this different legally and much more of an intrusion into freedom of speech and association.
I was as surprised as you are, but I like Microsoft Rewards so much that I ended up adopting it. Turns out it's a really good search engine, especially coupled with Co-Pilot.
According to these statistics, Chrome still has 70% share, with Safari a distant second: https://gs.statcounter.com/. Clearly Google are still dominant.
This is a genuine question. I used to prefer Chrome, but now I use Edge, which is also Chromium based. I know a lot of others who do. It's a good browser that runs well on all platforms. Microsoft has been very smart with their rewards program, which is how I got onto it or maybe why I've stuck with it. I also use Bing now pretty much exclusively for search. I see Google losing its monopoly, and I question whether Chrome still has the edge (pun intended) going forward.
I think you've misunderstood the thrust of my argument. C++ needs to be defended against technically unsound attacks because of the risk that these will lead to code migrations or replacements that are likely to introduce new bugs, and because reams of code are written in it. This is a risk that has been understated.
[quote]
If you have to "defend" a language that means it's probably on the way out already. If you feel a language is subject to "attacks" you haven't understood how computer languages evolve in the field of software development.
[/quote]
That's assuming that the attacks make technical sense. As others have pointed out, the urging to move to memory-safe languages offers false promises. Rust can be made to operate unsafely, and the risk of migrating legacy code seems to have been understated. I don't agree that this is an existential threat. C++ is not going away. But this is an annoying reputational one.
I've read this MIT Technology Review [https://www.technologyreview.com/2025/01/24/1110526/china-deepseek-top-ai-despite-sanctions/] on DeepSeek and it seems to say that sanctions and limitations directly led to innovations that increased computational efficiency in training models. This suggests that AI in the west is suffering from serious bloat. Moore's law is one thing, but as computer hardware has become exponentially more powerful, this has resulted in massively bloated operating systems and application software because the need to program efficiently has fallen away. There was a time when the application designer had to fight for and justify every byte in memory. Imagine what amazing things could be achieved if those sort of engineering limitations came back!
We use Atlassian because having tried numerous CMS systems over the years, Confluence is the only one that has clicked with authors, who just "get it" and actually like writing documentation there. Jira has also revolutionised our service management in that people actually communicate with each other. Fancy that. It's all down to the alerting, which just works. Jira's workflow engine is actually very flexible, so we've taken to using Jira software projects for data capture and other things. I'm writing and publishing custom Forge macros for Confluence and it's actually pretty cool. All in all, despite some gripes, we're happy with it.
Piss off with your thumbs down. I'll bet money an AI will be able to translate most C code into the language of your choice within the next 3-5 years. It wouldn't be good enough for production, but it would save an enormous amount of time.
...for aptly demonstrating how dependent our IT infrastructures are on trusted vendors, and how vulnerable they are to wild defects. When that trust is misplaced, as was the case here, really bad results can occur. It's something like "who watches the watchmen". The QA processes for an entrusted security vendor need to be far more robust than this episode suggests. I suppose it could have been a lot worse.
No, THIS is nonsense. It will never ever fly. It goes against natural justice to turn victims of extortion into criminals for acting out of fear. I do not want to live in a society that deems this acceptable. Acquiescing to threats by simply handing over money can never be a crime.
Plus, we're actually talking about property, whether it's the property of the company or the property of the company's customers. The fact that it's digital doesn't make any difference. As a legal person, the company has rights with regard to property. It will also be legally obligated to safeguard its customers' personal data as far as practical. You have not thought it through.
You cannot force victims to rely on law enforcement. The idea that it's illegal to pay a ransom "unless authorised as part of a credible police sting" (as I've seen suggested) is laughable.
"Paying a ransom (unless authorised as part of a credible police sting) needs to be a criminal offence"
I think that's taking it too far. You might as well say that in relation to any extortion attempt. Paying the mafia to take out the garbage in your office building should be a criminal offence. Yeah, well failure to do so will get your legs broken. This is the nature of duress.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
