Posts by Chris Fox 146 publicly visible posts • joined 23 Jun 2007
Actually, better to respond to the UK central gov's consultation directly rather than lobby local councillors, whose councils may have their own ideas about how, or whether, to respond.
FWIW, here's a link with CPRE's suggestions on how to respond:
https://www.cpre.org.uk/action/national-planning-policy-framework-respond-to-the-consultation/
And Google have the cheek to say that a goal of this new gate-keeping policy is to keep Android "open" ... yeah, right.
I wonder how the side-load block is to be enforced; phone phone home, or a cert check like secure boot?
What next, pay and register to unlock your Android device because ... security?
Those thin layers of tar and gravel are really just 'surface dressing'; a cheap way of supposedly extending the life of a failing road surface. But they often have their own issues: they hide small potholes, flake off, and can have a really rough finish. This increases tyre wear, particulates, and noise pollution, and can cause serious difficulties for those on two wheels. Unfortunately local highways budgets for existing roads often just amount to pennies per meter.
There's lots of research to suggest we'd be much better off if all new road projects were postponed, or cancelled, and the money was instead spent on maintaining existing assets, rather than creating even more unmaintained roads. This is a long-standing political issue (favouring capital expenditure over covering recurring costs, partly due to the bizarre way that "deficit" is assessed). The maintenance problem has become even worse following Osborne's ultra austerity regime. Talk of AI is just a stupid distraction by corporate kool-aid drinking Starmer et al.
To what extent would these expectations apply to self-hosted services, like email and XMPP servers, Nextcloud etc. where, in theory, a user might share/send/download something inappropriate? Does this mean that some key reasons for self-hosting (privacy, security, and freedom from third-party content scanning etc.) are thrown under a bus? I.e. to comply with this, and other online 'safety' requirements, is there an expectation that everyone has to engage in age verification and/or content scanning or else give up on independence and allow all their services and data to be assimilated by some mega-corporation? Asking for a friend.
Re: 'The guys obviously on the spectrum, unfortunately with no "self awareness" that he is, tempering his emotive interactions and ego power tantrums, sad .. lotta them about in business!'
There seems to be a common confusion between narcissism and autism. While it may not be appropriate to claim to be able to 'diagnose' someone from their reported behaviour, FWIW someone who rejects anyone who is not 'loyal' enough, covets what others have, and also believes others want what they have, is showing some narcissistic traits, rather than being 'autistic' (or "on the spectrum") as usually understood. Either way, I feel uncomfortable with the use of 'them' vs 'us' when it comes to neurodiversity.
One of my long-standing pet peeves has been that if you are obliged to carry out a reCAPTCHA test, then you are, de facto, being required to perform work to which you do not voluntarily consent. This is prima facie in breach of numerous international conventions, covenants and laws, including Article 8 of International Covenant on Civil and Political Rights; Article 4 of the Universal Declaration of Human Rights; the European Convention on Human Rights; the Human Rights Act 1998 UK. (It is also at odds with Target 8.7 of the Sustainable Development Goals.)
The ban on such work is absolute and can never be justified.
Somewhat ironically, I cannot pass Cloudflare's verification test to access the original white paper.
This output also has the appearance of a mash up; like many online sources, it appears to conflate Turing Machines with Universal Turning Machines. This may be a subtle point to many, but if this were submitted in a PhD thesis related to computability or incompleteness, I would be obliged to question the candidate's understanding (as well as their sources).
More broadly, it would be deeply troubling were an informed person tempted to accept even just one output of ChatGPT as expert-like "quality", as it may embody common, but consequential conceptual confusions.
A background detail from the Eye: Sunak has a pecuniary interest in a crypto biz. Allegedly there are many other potential conflicts of interests which he does not declare, and has effectively hidden using a loophole in the declaration requirements, while adopting policies that protect and enhance his financial interests, and shower Tory-supporting mates with lucrative contracts.
Not only did the police infiltrate non-criminal activist groups, in some cases they then sought to encourage said activists to commit criminal acts, and who were then prosecuted without the police revealing their role in instigating and facilitating those criminal acts (and actions that lead to the longest ever English civil trial in the McLibel case). The infiltration was so extensive that some "activists" meetings consisted almost entirely of under-cover cops. Of course the UK government's answer to this scandalous state of affairs is to grant undercover ops immunity from prosecution for such criminal activity, while also labelling activists "terrorists" for engaging in *lawful* civil disobedience.
Presumably PM would be happy to collaborate with the oppressive actions of a wannabe police-state, provided all the paperwork was in order?
"Oh, we can electrify lines alright. The issue as the article says is the economic feasibility of doing so."
Another factor in play here is that the Coalition and Tory governments cancelled and curtailed economically viable*, approved and "shovel ready" electrification projects, because ... austerity..., while supporting costly and economically dubious white-elephant vanity projects, like HS2. And where they cancelled or truncated previously agreed electrification projects they instead invested in inefficient and costly dual mode-traction units on long-term over-priced PFI leases with terms that require payment based on availability, not use, and whose acquisition was at odds with policy commitments related to carbon emissions.
* Even on the UK Gov's rather narrow definition of what counts as economical viability in the railway sector.
Re. banning discussions on equal pay, "Would you have a problem with that?"
Yes. Any employer that bans discussions (written or spoken) that relate to the legal rights of employees ought to face sanctions; in some jurisdiction such a ban would almost certainly be considered unlawful.
"... you are confusing machines with people. Bugs in code are not equal to bugs in people."
But isn't one of the bones of contention here that the ethics' board and/or the researchers appeared to have made the mistake of confusing people with machines? If the aim was to see whether the Linux development process could be subverted, then the subjects under test here would actually be the community of developers, rather than the Linux kernel as such (i.e. people, not machines).
Like all experiments involving human subjects, any serious ethical approval process should have subjected this proposal to a much more rigorous assessment, especially given the absence of consent (as well as the significant risk of high-profile reputational damage). There are more ethical ways of conducting this kind of research (cf. penetration testing). If I had been on the ethics approval panel in question, I would have insisted on major changes to the approach, with safeguards for the experimental subjects, before even considering the possibility of approval.
[The connection with medical research is that that was where ethical considerations were first taken seriously, so it is natural to use medical analogies when discussing research ethics.]
“I use Gmail, Gdrive sheets & docs for convenience but ... if you have data you would rather not share then keep it elsewhere.”
Presumably the corollary is thus: “if you have data you would rather not share with third parties, then don't collaborate with me, or anyone else known to use GMail, GDrive and googledocs”?
"However, there are some things that aren't very complicated to implement but can't be done without scripting. A basic example is dynamically showing or hiding content. Having a button which allows a user to collapse or expand a region means that the page can have lots of things on it without requiring the user to scroll past irrelevant things, but HTML itself doesn't do that."
You might want to check out the HTML "details" and "summary" tags, which implement dynamic content hiding (though it could be nice to have more CSS rendering options to customise the appearance).
Someone tried that round our way. Along one quarter-mile stretch there was an almost continuous line of very large ... er ... potholes. The council did indeed send someone out quite pronto... unfortunately they were armed only with a tin of black paint. That was a shame, as the BSM decorations stood out at night, and made it easier to avoid busted suspension, punctures, and cracked wheels (or a nasty fall, for those on two wheels).
"Amazon can sell lead pencils for kids and claim it's just facilitating an external seller."
I don't follow the significance of this example. So-called "pencil lead" (and for that matter, "black lead") is actually just graphite. All considered, traditional graphite pencils are probably among the least harmful of drawing and writing implements. But otherwise I would agree that there are some complex issues here.
"Hire on merit alone. Simples."
Perhaps it is not so simple. Unfortunately some people, and institutions, have a habit of assessing "merit" in a way that turns out to embody an element of indirect discrimination, and which amplifies existing structural inequalities.
The classic example from the media world (and politics etc.) would be judgements related to "polish" and "eloquence" (at least in the UK). In the legal profession it might be judgements about whether the candidate attended a "good" law school. Similarly in the sciences, and academia itself, there is self-perputating bias in favour of graduates from the self-selected "Russell Group" of universities, or Ivy League etc., which themselves embody elements of discrimination and bias. Then there are those "objective" algorithmic assessments of merit, used in the tech industry and elsewhere, that have been shown to embody unlawful discrimination.
While some general measures, such as "unconscious bias" training, can help, they can also have unintended consequences that actually entrench discrimination in some individuals. But targeted measures (such as hiding details of an applicant's education and age) have been shown to broaden the pool from which candidates are selected. Perhaps a case of "less is better".
Do we know whether such consultations took place for Starlink (and Kuiper, OneWeb, Hongyang etc.)? These massive constellations of satellites, with their potentially costly adverse impact, certainly appear to lie within the scope of this treaty.
(Then again, some would argue that the national legal framework that provides legal cover for the FCC's seemingly gung ho approach to satellite approval, namely the US Commercial Space Launch Competitiveness Act of 2015, is itself in breach of the Outer Space Treaty...)
"I too can browse the videos and extract a lot of info.. Should I also be held in contempt of GDPR laws, of course not..."
Actually, depending on exactly what you are doing with videos, and images etc., and how you are processing them, you could indeed be in breach of GDPR, and possibly in breach of the owners' copyright as well. By itself, the act of publication does *not* mean that third parties have been granted all rights to the data, and does not remove any obligation to seek permission on matters governed by the GDPR, or by copyright.
"Yeah, as we said, doesn't speak well for IPv6 adoption."
Perhaps that was meant as a joke, but if not... IPv6 is intended to be sparse: the fact that a large number of unused addresses are not in use merely means those addresses are not in use. It says nothing about IPv6 uptake, or the number of addresses that are in use, or even the number of announced prefixes (either in general or within this block). This error will not have any impact on any conventionally announced addresses. If anything, it is a demonstration of how robust IPv6 can be in the face of such mistakes.
"Sea level rises slowly"
Yes, but the report states that much of the expected damage will occur within the next 15 years.
"there aren't a whole lot of these cables"
The report is about all kinds of network infrastructure including "1,100 Internet traffic hubs – data centres, Internet exchanges and the like", which "will be surrounded by water within 15 years." as well as regular underground cabling and fibre. It's not just about subsea-infrastructure; that is only a small part of a bigger problem.
Most likely the first time the problem will become apparent will be during a storm surge or hurricane, which may knock out comms and data processing for a hinterland that is many times larger than the area hit by any flooding. There is also the issue of salt water ingres into coastal groundwater, which can occur without any obvious signs of flooding as such.
It might seem a small problem compared to other issues related to global warming, but widespread loss of comms during a localised extreme weather event could be disastrous.
If I don't use Gmail, and don't have an account with Google, at what point did I "opt-in" to (or more likely, fail to "opt-out" of) allowing Google and others to access the content of email that I have sent to individuals who happen to use Gmail? How do I find out what permissions others have granted to Google et al. to access and use *my* data? And how do I even know for certain whether a given recipient is actually a Gmail user, given that some corporate email addresses may be Gmail in disguise, and some individuals may use Gmail to aggregate email from non-Gmail accounts?
This looks like a clear breach of the GDPR. The only real question is, who is committing an offence: Google, for allowing access to my data; third-parties for using the data for purposes for which they haven't obtained specific consent; or Gmail users, for granting Google and others access to my data without my consent? I suspect Google has the greatest liability here, for running a data processing system that fails to have GDPR-compliant mechanisms in place for safe-guarding third-party data.
Google seem to be presupposing, incorrectly, that all data associated with a particular account is the account holder's data. This is the same error in reasoning that Facebook make in their justification for shadow profiles, i.e. unlawfully holding and processing personal data relating to individuals who are not users, and refusing to protect against abuse of such data, by claiming, obtusely, that the data and the right to consent both "belong" to the account-holder who provided the data to Facebook, rather than the person whose data it is under the law.
It shows how bad things have got when any choice of init system other than systemd is described as "replacing systemd". And this is for a distribution that has never supported systemd, does not have it in its repositories, and almost certainly cannot even compile it successfully, given that systemd assumes glibc, whereas Alpine is based on musl.
Although not mentioned in the article, Alpine's use of musl is a significant detail; it helps avoid bloat and in some cases improves performance (although it could cause difficulties for those wanting to run software that assumes glibc quirks and features). For those concerned about maintaining choice and diversity, and avoiding growing dependence on The Red Hat Monolithic Monopoly, supporting an alternative to glibc could be another 'good thing' to do (along with avoiding pulseaudio, systemd, and gnome).
Another systemd-free distribution that generally works well on Rpi is voidlinux, a rolling distribution which comes in both glibc and musl flavours, and which uses runit (the init system where start up scripts are usually only a couple of lines long). As usual, the choice of distribution in a given context may be constrained by the available packages.
Those pervasive and invasive Google Captchas are even more annoying when you realise that you are providing Google with unpaid labour and intellectual property. Websites and CDNs that use them are essentially compelling users to supply Google with training data for their image classifiers, while also implicitly "consenting" to them using your personal data, both for corporate profit. There should be a law against such indentured servitude... for some reason Article 4 of the Universal Declaration of Human Rights springs to mind. There is more to all this than just the GDPR. How about some enforcement?
"I'm not sure how they would store your preference if they can't store cookies or include any sort of personal identifier."
If you don't have a cookie, e.g. because you block or delete cookies to prevent tracking, and for that reason they cannot link you to any record of consent, then the default assumption should be that you have not consented. To do what Oath, Facebook, Google et al do, and assume you have consented by default, and then require you to jump through hoops, and enable tracking in order to "withdraw" this "consent" that was never given is hardly in the spirit of what is meant by "freely given consent". And in some cases you are not even given an opportunity to withdraw consent for some non-essential-but-profitable uses of your data. Of course changing the defaults to make them comply with the law may have implications for some business models, but that is hardly news
Other US-centric companies operating in the EU seem to have been very poorly advised, even when compliance should be trivial. Some have "opt-ins" for non-essential sharing with third-parties being written into new, supposedly "GDPR-compliant" contracts, which have to be "agreed" to in order to continue using a service, and terms concerning jurisdiction that seem intended to prevent prosecution under GDPR legislation, despite having a physical presence in the EU. This would have been dodgy even under the pre-GDPR regime.
I'm having to deal with one hosting company that has required me to accept a new contract with terms that allow sharing of personal data with third-party marketing organisations, and "Modal Contract Clauses", in order to continue using an existing UK-based service. The only nod in the general direction of "freely given consent" in this case consists of the opportunity to write to their head office requesting that they do not share personal data with third-party marketing companies. And this for a company for whom GDPR compliance is actually in their interests if they want EU companies to continue using their EU-based hosting services without themselves falling foul of the regulations.
"... it is likely to represent a legal workaround that would allow IP lawyers direct access to Whois data by bypassing the legal obligations contained in the contract ICANN has with registrars."
So in other words, the NTIA is just pushing an approach that still seems at odds with the GDPR: it would give third parties access to personal information without consent, and without due legal process. Would this really satisfy the expectation of the Article 29 Working Party that there should be clear, legal reasons to grant someone access to the data? It seems doubtful that the say-so of an IP lawyer would count as a clear legal reason, unless backed up with a court order. But given that "the actions taken by GoDaddy last month... are of grave concern for NTIA given the US government's interest in maintaining a Whois service that is quickly accessible for legitimate purposes.", it seems that the NTIA is actually unhappy with the idea that a court order be required, and takes refuge in sophistry over what counts as a "legitimate" reason.
Simiilarly, CoCCA's approach of allowing access on payment of a fee, as well as to the Secure Domain Foundatin, a third party organisation, doesn't seem to be consistent with the expectations of the GDPR.
"Nobody (as far as I can tell) either prosecuting or defending this case is suggesting that the underlying archive or editorial material be deleted."
Not in this case. But there is another case where this is exactly what is being asked for, under the Data Protection Act. Max Mosley is seeking to have published articles erased or amended, including it would seem ones that merely report factual matters about the financing of Impress, as well as those relating to a certain party he attended. According to Private Eye he is also seeking damages for distress about publication of the fact that he funds Impress. And then there are other cases where complainants are claiming that they need to give consent for articles to be published about them in the first place, including, according to the Eye, a certain Prince Charles.
"How would the URL/news article be specified? If it's just existing material listed in the court case it wouldn't protect against someone rehashing the material and publishing a new article."
If you read the article carefully you may notice that a question relating to this particular point was raised in the hearing, and highlighted for its significance.
"But, in this case, we are talking about Irish servers, owned by an Irish company on Irish soil, which just happens to be owned by an American company."
Right, though I'm not sure why you say "but"; my observation was that the UK governement's view on extra-terratorial jurisdiction prima facie supports the US DoJ's position in this case. In fact it seems even broader/more extreme: according to UK government's reasoning the US DoJ should still legally be able to require data to be handed over even if Microsoft itself were registered in Ireland, Iceland or Switzerland etc., (regardless, it seems, of the views or laws of the countries in which the data were held, or the companies were registered).
Of course I am not saying that the UK government or US DoJ are right here (and my earlier comment alluldes to some sleight-of-hand in the UK government's amicus brief), just that the US DoJ is not unique in its attitude to extra-terratorial jurisdiction: other "civilised" countries make similar, or stronger, claims.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2026
