* Posts by Frank Thynne

23 publicly visible posts • joined 30 Dec 2012

Behind Big Tech's big privacy heist: Deliberate obfuscation

Frank Thynne

Not Just Privacy

I could say exactly the same of almost all software development. The lack of regulation allows us all to use unreliable products. Our rush to buy the latest ideas lays us open to corrupt or careless development. And it's not just privacy that suffers; it's economic and personal safety too. Bring in Engineering Discipline.

CyberUp presents four principles to keep security researchers out of jail for good-faith probing

Frank Thynne

Re: Mixed feelings on this

I understand and agree with Cederic's concerns.

In my opinion unauthorised use can defeat a statutory defence. A user who buys or licenses and installs software on his own system becomes its owner. Only the owner can authorise its experimental use, and his permission must be sought and recorded.

However, the owner must grant permission to an individual if the individual has a lawful purpose such as verifying that his personal data is not unlawfully held and protected. There would also be a need to provide permission to law-enforcement bodies which is another can of worms to consider.

To carry out testing of a software product the tester must install it on his own system and share discovered errors with the seller privately. The use of public bug reporting is a matter of practice to be discussed elsewhere.

Regrettably, I cannot agree with retaliation as a remedy -- tempting though it would be!

Frank Thynne

Does Software Testing risk prosecution?

Good software testing should include attempts to "break" a product, as this frequently reveals flaws which, if not fixed, provide opportunities for criminal activity.

How can we test software before releasing it for public sale? Once a product is released, it will be difficult for testers to establish a defence under the Computer Misuse act. It would require testing and confidential reporting to be limited to registered testers and the authors of unqualified software and so would prohibit the sale of unqualified products.

The current situation in which there is no obligation for software to be scrutinised and tested is not tenable. Regulation of new products is urgently needed as is the continued use of software known to contain criminally-exploitable flaws.

The present incidence and frequency of corrections to released software reveals risks in its continued use.

Windows 11 still doesn't understand our complex lives – and it hurts

Frank Thynne

Bad Software is Everywhere Because we Tolerate it.

... and we shouldn't

We tolerate it because the licence terms leave us powerless to resist it. Microsoft isn't the only culprit, but its monopoly position makes the situation dangerous for all of us.

Most software licences include exclusions of users' claims for loss or damage. They make it possible for the lawyers of "Big IT" (I draw a parallel with "Big Pharma") to laugh at suffering users and competitors. The licence terms should be declared unenforceable, and purchasers should refuse to accept them.

Only halting the revenue stream of Big IT will cavalier and reckless treatment of customers become a thing of the past.

‘What are the odds someone will find and exploit this?’ Nice one — you just released an insecure app

Frank Thynne

Re: This security feature is annoying, disable it

I've been looking for an opinion like this for years and have felt that I am a voice in a wilderness..

Software Development should be recognised as an Engineering discipline like the others you mention. As you say, regulating software products will be difficult, partly because the horse has already bolted.

But there are International standards of Quality Assurance and Certification that could and should be required by Governmental and similar Public bodies when buying, installing or upgrading software products. Those purchasers have sufficient weight to enforce the adoption of Good Practice.

The problem at the moment is the complexity of large-scale products, especially Operating Systems upon which so much software relies. It will take many years before they can all be scrutinised and fully certified, but the current practice of developing new or changed features before correcting errors in products in current use makes the task more difficult.

It's noteworthy that large software companies have not been granted or sought ISO certification of their activities, and implementing it will be costly. But continuing with current policy could lead to a collapse of a software provider and the possibly the World Economy.

IBM ordered to pay £22k to whistleblower and told by judges: Teach your managers what discrimination means

Frank Thynne

Promotion is not always a suitable reward

I agree with Eclectic Man. Money, respect and status rewards for good work and value are better than inappropriate "promotion" into management. Sadly, inappropriate promotion is a common policy in the UK. People are moved from jobs they do well into jobs they do badly.

This is bad for the people and bad for the enterprise, too. It's one of the causes of poor performance by UK business. Other countries -- yes even the USA -- have more enlightened policies.

It's been five years since Windows 10 hit: So... how's that working out for you all?

Frank Thynne

Windows 10? -- Poison!

I have never before had such a hindrance to productivity. Faults and new vulnerabilities are introduced with every update, Burdensome features are added that I do not need. Quality Assurance is absent., Faults remain months after reported. Reliability is sacrificed in favour of innovation.

It comes close to criminal computer abuse.

IR35 blame game: Barclays to halt off-payroll contractors, goes directly to PAYE

Frank Thynne

Re: "engage on a PAYE basis"

It won't be a dormant company if it has premises, telephone and Internet services and currently pays employers NI, but will make Corporation Tax losses against any other income. Bad luck, HMRC!

Dutch cheesed off at Microsoft, call for Rexit from Office Online, Mobile apps over Redmond data slurping

Frank Thynne

Is any Microsoft software safe?

Yet another reason for official bodies to ban all Microsoft software products on the grounds of unverifiable Quality Assurance.

We checked and yup, it's no longer 2001. And yet you can pwn a Windows box via Notepad.exe

Frank Thynne

Microsoft just doesn't care

As every day passes I become more disturbed by Microsoft's disregard for Quality Assurance in its culture and feel that it is heading for a reckoning that could destroy it and much of the world's economy with it.

To continue to develop new features while failing to deal with long-established flaws is reckless and offensive. It's time to treat Microsoft's licence terms are unfair and unenforceable and sue it for selling dangerously flawed products before it becomes too late.

UK rail lines blocked by unexpected Windows dialog box

Frank Thynne

Are there really idiots still using Microsoft software in important areas like Infrastructure? Years ago the US Department of Defense banned Microsoft from mission-critical projects. Have we learnt nothing?

Memo to Microsoft: Windows 10 is broken, and the fixes can't wait

Frank Thynne

Microsoft won't even hear

I have tried to send the following message to the CEOs of Microsoft and Microsoft UK. It has fallen on deaf ears.

<<

I am astonished and deeply disturbed by Microsoft's current development and maintenance policies.

Software Development is an Engineering Discipline. Yes, Creativity and Design are vital components, but Quality Assurance is every bit as vital. I believe that Microsoft must have enough employees who recognise this but regrettably they are not being heard, and the risks of dispensing with QA are terrifying.

The attractive prospect of rapid development has left Microsoft blind to the limitations of continuous delivery and DevOps. DevOps is very good at producing working prototypes and demonstrations, but it encourages development teams to evolve requirements as a project proceeds. Those requirements therefore tend to match what has been developed and often do not include matters such as design limits, data protection, maintainability, and robustness in the face of user error and malicious attack. If a replacement product is being developed, poor specification can lead to features of the original products being forgotten and omitted or diminished. The inclusion of Quality Assurance in a DevOps team is a sound policy, but the approval of a product or a change must rest with a Quality Assurance function independent of the Design function.

The consequences of inadequate Quality Assurance can be seen in practice. For example, many Windows 10 programs are inferior to their predecessors, new features are added while long-standing errors remain, programs fail without explanation or helpful error messages, updates are delivered that damage user settings and preferences, and insufficient validation of user input takes place. Community websites show huge numbers of dissatisfied users and a lack of support staff in Microsoft able to diagnose faults, let alone fix them. The advice, frequently offered, that a dissatisfied user should reinstall a product is not a solution -- it is an admission of defeat and product unreliability.

Quality Management requires careful and precise specifications and robust test and measurement of prospective products and changes against them. It is as important in a software product as in a tangible product such as an aircraft, a car, a building or a bridge. It cannot be delegated to users. The QA team must have the capability to say "not fit" or "not ready" to the Chief Executive Officer regardless of marketing demands

To diminish the Quality Assurance role in software development is dangerous to a development enterprise and to its user community. But there is enough evidence in Windows 10 of such a diminishing role to make me fear that Microsoft could be brought to ruin by unmanageable maintenance costs and lawsuits, and that the world's economy would be severely damaged as a result.

The remedy? Put a properly constituted QA function in place. Allow it to require and look for reliability requirements in the design specification, to test against them, and block the work and release of new versions until all errors in all current versions have been corrected. Microsoft will recover its tarnished reputation if it does this, but will be cursed as a modern-day unreliable rust-box if it doesn't.

>>

Zip it! 3 more reasons to be glad you didn't jump on Windows 10 1809

Frank Thynne

Re: Ship it with bugs

But they won't be happy when Microsoft crashes.

Frank Thynne

Re: Regressions

In March this year (2018) I composed an email prophesying events such as this, and said that unless Microsoft established a Quality Assurance team with the power to veto a flawed release the company was heading towards ruin. I have not found a way to get that message into Microsoft before making my message public, but I could not send it directly to the Chief Executive Officer (bounced, not surprising) but even the support team just ignored it. No bounce, no reply. I don't think I can hold back any more.

No engineer worth his salt would countenance such a cavalier approach to product development and maintenance. Insiders are no substitute for formal QA answerable only to the CEO, and failing to act on known reports is unforgivable.

The 1809 update should be withdrawn immediately, and no new release issued without the organisational changes I suggested.

Microsoft deletes deleterious file deletion bug from Windows 10 October 2018 Update

Frank Thynne

Re: *** Be careful *** Also new in 1809, changes to Disk Cleanup Tool,

Errata: It's the Computer Misuse Act 1990. (The 1998 Act was about Data Protection, and has been superseded).

But I note from the 1990 Act that although intent might be difficult to prove, reckless actions are also covered. I believe that releasing products without QA and with known deleterious errors is reckless.

Frank Thynne

Re: *** Be careful *** Also new in 1809, changes to Disk Cleanup Tool,

The mistake might have been idiocy, but releasing products with zero QA is malice.

Insiders are not accountable for errors that aren't noticed or reported, so they aren't QA.

Ignoring errors that are reported is deliberate negligence, and isn't QA either.

QA is a professional exercise, and needs trained in-house staff and a departmental head, answerable to the CEO and strong enough to block product releases, even in the face of marketing and financial pressures. Nothing less will do.

It seems to me that releasing software with known deleterious defects constitutes Computer Misuse and should be prosecuted under law. In the UK this is covered by the Computer Misuse Act 1998.

Microsoft yanks the document-destroying Windows 10 October 2018 Update

Frank Thynne

It seems finally to have happened -- Microsoft has lost control of its product.

It has discovered the ultimate folly of having no Quality Assurance. It didn't even pass its release to its inadequate outsourced QA (Windows Insiders) before sending it to its innocent users. It didn't even listen to Insiders warnings of a problem.

I am saddened to post such a comment again after some months of warnings.

It's not going to be enough to fix the latest bug. Only a complete halt to development while a qualified QA and team are installed, with the power to veto a release if necessary will rescue Microsoft and its users from complete disaster.

It walks, it talks, it falls over a bit. Windows 10 is three years old

Frank Thynne

Could Windows 10 spell death for Microsoft?

Poor Quality Assurance has killed many a large corporation, and the way Windows 10 is going could ruin Microsoft. Distributing new features and leaving old bugs unfixed is a triumph of marketing over reliability that will haunt Microsoft for years as customers leave in droves and the support team struggles to maintain an unstable and confused code base.

Unfortunately, if Microsoft crashes it could damage the world economy too.

Got some broken tech? Super Cali's trinket fix-it law brought into focus

Frank Thynne

Re: I hope this is widely applicable.

I wish that were always possible! Unfortunately, most software contains trade secrets that the developers justifiably want to protect. The problem is that some developers of proprietary software make feeble efforts to maintain and fix their products.

There is a solution: Open Source software. It is repairable by any competent person and usually well documented. Competence is the issue here, but the developers usually record errors and fix them, and in many cases the reports of errors and fixes are available to anyone who needs them.

It gets worse: Microsoft’s Spectre-fixer wrecks some AMD PCs

Frank Thynne

Hasty Updates = Bad Engineering = No QA

It's time Microsoft and others learn that Software Development needs Engineering Discipline and strong Quality Assurance. Windows 10 shows much evidence of bad engineering. Marketing and Sales need to have their wings clipped and QA needs to have a much stronger voice.

Microsoft quietly emits patch to undo its earlier patch that broke Windows 10 networking

Frank Thynne

Re: ,So there's an online fix for not being able to get online?

I think the rolling update plan, with different branches for each class of user is an engineering fiasco that could bring Microsoft to its knees -- along with millions of users. Is there no Quality Assurance team in Microsoft confident enough to say "No, this product is not fit for release"?

No chief engineer worth his salt would countenance such a scheme. And anyone who doubts that developing software for productive use requires engineering disciplines should not be in the business.

It's such a shame. Just when Microsoft looked as if was going to get Windows right, they've blown it.

What Compsci textbooks don't tell you: Real world code sucks

Frank Thynne

Software Design is an *Engineering* process.

Some years ago I worked for a relatively small firm that made hardware and software products that ran rings round its main competitor (IBM) in terms of reliability, usability and customer satisfaction - oh, and price too.

It was founded by hardware engineers who knew about Configuration Management (Change Control etc) and Quality Assurance. Software had the same standards and procedures as hardware. Since then, the only people I've met who see the merits of those things are Military Engineers. There was a periodical of the day called Software Engineering, and there are now many, but is not clear how many of them focus on Quality issues.

The complexity of modern software and the number of lines of code in it make it hard to believe that the same standards of Quality Assurance are followed. any more. The result is frequent changes to fix software errors (and often to fix the fixes) and a rate of change and lack of reliability that would not be tolerated in any other branch of Engineering. Quality Assurance managers do not have the power to say "this product is not yet fit for release" and, until they do, we are stuck with software that only half works.