* Posts by IamStillIan

46 posts • joined 10 Apr 2017

First rocket launch from UK soil now has... a logo


Careful what you promise - at the current rate of going you mightn't be able to afford a pint by then...

Dems propose privacy-respecting digital dollar


Re: what's it for?

But this nothing at all to counter that?


what's it for?

The goal here seems to be to put huge amounts of effort into making something new for the sake of it. The objective is to make the capabilites and limitations of something match it's predecessor by design.

As side from slightly smaller wallets, whats the point?

JavaScript survey: Most use React but satisfaction low


Re: Sadly

That paper seems to have received quiet a bit of critisim for methodological flaws (e.g. https://journals.sagepub.com/doi/10.1177/0956797619872762). The authors have reissued a "corrected" version.

Regardless, "personal preference" is shaped in a range of ways, and many of the factors mentioned previously continue to be applicible.


Re: Sadly

50/50 may be unreasonable, but 93.2% is doesn't fit with genrally accepted models for behavioural distribution.

There's lots of research into this, and it shows the in gender divide in computer skills emerges, quiet early in primary schools in most countries - child physcologists are very clear that there's no significant cognative difference at this age, so it's essentially atributable to envrionmental factors.

There are various plausible explainations for the causes, including role models, peer pressure and other social barriers, levels of support and encouragement, etc, etc, but "it's just natural" isn't supported by the evidence.


Re: The language to make the web slower

Bring on WebAssembly..

It's not perfect, but as the first realistic chance of taking down Javascript since it rose to prominance, we've got to support it...


Re: Representative?

I'd have said the popularity of TypeScript is proof that JavaScript isn't fit for purpose and people do want strong typing...

Labour Party supplier ransomware attack: Who holds ex-members' data and on what legal basis?


Re: The Other Lot

Na - if it was the roll they'd be the processor, and have to notify the administering council(s), who'd presumably have to mail us all ..

Data transfers between the EU and the US: Still unclear on what you're supposed to do? Here's an explainer


"At its core, the General Data Protection Regulation [...] was about promoting accountability."

I thought it was supposed to be about consistency, "comply once ,do business everywhere", without having to learn each national set of rules. That went well...

Share your experience: How does your organization introduce new systems?



Also seem to have missed "Client pressure" as an option. As a small organisation with significantly larger clients, it's not uncommon for them to "expect" as do do things Thier way, regardless if whether there's any advantage or it even makes sense in the situation.

Tick box compliance stuff...

Sharing medical records with researchers: Assumed consent works in theory – just not yet in practice


Anonoymisation is more complex than its given credit for. You get back to the same problem; who decides what's good enough?

As scrubber notes, positioning this as saving lives vs not is a false representation. It's macro research vs local service effectiveness, with an added bonus of providing an avenue for sought-out prejudice.


It's about trust

What we're weighing up here is the potential benefits of it getting to the right people Vs our confidence it won't get to the wrong people.

The problem is that trust in Government in the UK is at an all time low. With a PM who unashamedly lies to us, goes back on his word with our neighbours as a badge of honour and is already in discussions about rolling back data protection laws for profit, it's seems we're only we ever one casually waved though regulatory change from anything we might have though was satisfactory being swept away.

How can you expect people to to take a leap of faith in that context?

Cloudflare dumps Google's reCAPTCHA, moves to hCaptcha as free ride ends (and something about privacy)


Re: HCaptcha absolutely sucks

It does seem to be somewhat tedious.

UK Info Commish quietly urged court to swat away 100k Morrisons data breach sueball


This tone assumes Morrisons was powerless against KPMG's proposed mechanism,.

Morrisons is of course entitled to refuse a process they consider to be contrary to their data protection obligations.

They're required to be audited, they're not required to be audited according to a process invented by a third party they don't agree with. Of course they may not have reviewed it..

Microsoft Azure gains Availability Zones and Immutable Blobs


Re: "can be created and read, but not updated or deleted"

Presumably it's intended for legally required retention, and as such subject-delete request's will be refused.

You want how much?! Israel opts not to renew its Office 365 vows


Re: £££££££££££

"That seems like an edge case to me. I'm purely speculating here, but it seems to me that an org that is so small that it can't sort out infrastructure is probably also so small that the infrastructure it needs is simple enough that they could sort it out themselves."

As someone in this position, I see both sides. We use o365, but that's because we're a dev shop working on MS stuff and get it free though the partner program. If we weren't a dev shop we'd likely not have the infrastructure / skills in house run something like that ourselves.

It takes care of a lot of bits of stuff - AD, Fleet admin, E-Mails, OneDrive, Office, various resilliance and audit issues.. so it probably would be worth the full cost if you were starting out with none of that. Once you learn a little bbit about it, there's also various approahes around to avoid the full costs (I mean the legal ones).

Here's why AI can't make a catchier tune than the worst pop song in the charts right now


You could just use the Harrington 1200


Farewell then, Slack: The grown-ups have arrived


Slack has the more aggressive privacy policy - basically that they can share everything in every message with third parties....; that was a problem for us.

Teams doesn't take that stance.

Things that make you go hmmm: Do crypto key servers violate GDPR?


Re: How about blockchain

We had slighlty mixed messaged on that.

On one hand you've got "required to function" granting exception, and a clause (somewhere, can't find it right now) pharsed as "…taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures".

On the other hand, you've got the ICO publishing things (I think it was clarification statement about backups) that say "technical difficulties doing it aren't an excuse".


In which case, see standard process for someone who releases something into the public domain without your consent; liability lies with them, not the key server. Once in the public domain, there's not a lot that can be done.

I could have a local cache of your key recorded from the key server, which I did on the understanding you'd consented to typical use of the pgp system. Is the onus on me to monitor the key server for status changes?

DXC execs to investors: It's say-on-pay time. Give us a bump, would you?


Re: Well you can't buy morale

I can second that from folks I've interviewed. I've had numerous DXC ppl applying for jobs and there typical reason for wanting to leave their existing job is (subject to business lingo gumph) "I need to get off the sinking ship".

Smyte users not smitten with Twitter: APIs killed minutes after biz gobble


So what they're saying is they bought the company, got access to the deatils of what they were doing, realised it was probaly illegal / in breach of something or other somewhere, and put a stop to it?

Sounds like the due dilligence failure was before the aquisition..

Lib Dems, UKIP's websites go TITSUP* on UK local election launch day


I think you're suffering optimism bias towards the rest of the net.

Sure, it's all lies, but not below average.

Microsoft: Yes, we agree that Irish email dispute is moot... now what's this new warrant about?


US legal position

So complying with a US law will mean violating EU law. That comes with a set of follow up quetsions:

1. Is there anything in US law which permits "we can't do that, it'd be against someone else's law" as a defence?

2. If Microsoft refuses to comply, gets fined, and still refuses to comply, can it continue to be punished or is that the end of the matter?

3. Is there a limit to what they could be fined? Basically, on a pure buiness costs basis, what makes more sense, breaking GDPR or braking CLOUD?

Microsoft's Teams lights solitary candle, hipsters don't notice


Re: My users are loving Teams!

The MS terms are still stronger than Slack offer with regards to compliance. One of my colleagues blogged about it: https://gavurin.com/privacy-that-is-slack-with-your-data/

Oi, drag this creaking, 217-year-old UK census into the data-driven age


Re: Data protection.

That exemption is a Member State Derogation. ie. Member states can execute discretion to legislate over these areas. The UK won't be a member state, so we won't be entitled to derogations of our own making unless we obtain an agreement to the contrary, dispite the fact we're pretty likely to stiill have to comply with thme.


Re: Data protection.

Won't get away with that under the GDPR changes, which will be full in force by 2021, unless there;s a Brexit based get out put in place.


Missing the point

One of the really important points of the census is to validate all the other data excercises going on day to day. ie. is the admin data any good, or does government miss big sections of the population (always shows that it does..).

This move threatens to render missed groups off the radar indefinately, which has all kinds of knock on in service provision, democracy etc.

Doing bits of it online to save postage is seems fine form that this point of view, but not doing it at all is a huge failing.

Private browsing isn't: Boffins say smut-mode can't hide your tracks


Re: I dont believe there is ever likely to be full privacy on the internet

"I dont believe there is ever likely to be full privacy on the internet"

That'd basically be oxymoronic. The internet exists to communicate data. "Full privacy" for everyone about everything would mean don't communicate any data... As you say, it's about agreeing boundaries. The system is still relatively immature (compared to walking down the street..), opinions vary, the scope is wide, and enforcement is difficult. We're a long way off.

You walk down your street with knowledge of the area / community, and having decided the risk is acceptable; there maybe some streets you don't walk down because you don't feel that's true.

The real difference vs the down the street analogy is the scale and extent at which it can happen. People elsewhere in the world can do it en-masse in your street, and every other street. That changes the discussion because you no longer know which streets are safe, or what communicty you're interacting with, so your ability to choose is being eroded. Oddly enough that's an inverse privacy problem, where those doing the monitoring have too much privacy.

Ubuntu wants to slurp PCs' vital statistics – even location – with new desktop installs


Creative thinking

Data Canonical seeks "would include" the following:

- Network connectivity or not

So in the case of not, how does it report back? Print it out and ask you to post it?

Uber: Ah yeah, we pay women drivers less than men. We can explain!


That's rather mixed bag then:

"due domestic demands" - that would indicate the issue is socital bias in domestic responsibilities; not really within an employers scope to mitigate, but clearly a route cause for various other gender issues.

"gaming the system" - seems to be about experience rather than gender. It's probably still something Uber should address; presumably through tweaks to the pricing model to try and minimise the advantages so all fares yield equvilant rewards. They'll never get that perfect, but can probably do better that an current. This however, would be primarily for the benefit of the customers rather than the


UK Home Office grilled over biometrics, being clingy with folks' mugshots


Re: "Computer says no..."

What you've overlooked is that they've deliberately not assigned any ids or dependable reference data to anything, in order to make sure nothing like this could be forced up on them.

Serverless: Should we be scared? Maybe. Is it a silly name? Possibly


Re: Oh, shit...

JavaScript for infrastrucutre? Anyone can use it; but no one can use to make anything you'd be confident in..

UK.gov denies data processing framework is 'sinister' – but admits ICO has concerns


That's my assumption as well, and I see the point of that; otherwise any crook can just turn round, claim to be a researcher and simply "not have reported it yet".

Whether 72hrs is the right number is a fair question, along with how extensive the report is.

If it's a simple "Dear ICO, I believe that combining X with Y can reveal Z, but I'm sitll working on. Cheers" then that could be reasonable. If we're talking about an indepth analysis, then that's a different situation.

Up, up and a-weigh! Boeing flies cargo drone with 225kg payload


Just think what Joseph Barbera could do with that.

Braking news: Nissan Canada hacked, up to 1.1m Canucks exposed


Re: Not too bad, all things considered

I'm inclined to agree with jmch.

While there is some residual risk fo taking 10 days to notify, it's probably better average for something of this size.

it practice it does take a bit of time to confirm it's actually happened, evaluate exactly what data has been taken, and which people need notifying.

They could have used the 2 step-model; of a general "something has been breached, be alert, details to follow", followed by a "this does/doesn't actually imapct you peronsally, in this way...", but I guess that's being balanced vs reputational damage risk of broadcasting a worse meessage than they actually need to.

I guess

Oi, force Microsoft to cough up emails on Irish servers to the Feds, US states urge Supremes


Re: It should be about where the user was, not the server, it seems to me.

It's more than difficut to manage. In infeasibly problematic without effectively a new interational agreement on it and a huge wodge of policy everyone has to find ways to implement.

There are issues around how to record such information, confidence in such information, burden of proof.

Then there are ambiguities around things made in multiple juristrictions (collaborative authoring), out of duristiction (international waters), the list goes on and on.

No more mister nice GUI: Visual tools stapled to Azure Data Factory


"Because, yeah, devs hate code and love GUIs."

I actually think that's a misunderstanding. There's quite a mix of people who do this knida stuff.

Devs who write it themselves where there's an off-the-shelf solution available have special circumstances or are doing it wrong.

The data science crowd prefer to save their smarts for the analytics bit, they'd probably rather just push some buttons and have the data automagically become available.

Slack re-invents the extranet and shared Notes databases with cross-company teams


Interesting timeing, I believe Microsoft Launchers this features on Teams yesterday..

So much data, so little time: How to not flip your wig processing it


I concur; usecase is everything.

Additional reporting servers are a cost; not all systems need to be so timely; why make things more expensive when there's no benefit?

If Machine Learning is the question, open source is the answer. Right?


Re: So "Tensorflow" is going to be like VBscript for machine learning?

They tried that, but it worked out it was unquiely capable and started demanding a ludacris salary.

Numbers war: How Bayesian vs frequentist statistics influence AI


Re: "How can you possibly do statistics on a guess!?"

I think the response is "How can you possible do statistics without a guess!?". Given that there are no comprehensive models of the world, and practically nothing is truely independant, you always assume something, whether you realise it or not.

UK Tory party pledges 'digital' charter, wants Verify to back online gov


Re: One must ask ones self

"Usually the last time you announce it."

Do you have evidence to back that up? We often see already assigned funding being reannounced under new guises again and again...

Nest leaves competition in the dust with new smart camera


"If you already have a Nest device set up in your house, the new camera won't require you to enter any login or Wi-Fi password details, but will grab the information through your existing account."

How exactly; they're broadcasting your local network credentials out of your house into the www? Why?

Health data 'vault' app floats into UK.gov's G-Cloud. *cough* GDPR *cough*


Re: Compliant?

It's a wider process thing, you can't just buy a bit of "compliant" software for it anyway. That doesn't, of course, mean you can't market a bit of "compliant" software for it.

How their GDPR ignorance could protect you from your denial


Re: Purging convictions

I believe the view is that it's their data, and you're not entitled to hold it.

Even if you aren't using it, you're still exposing them to risk as it could be disclosed, mistakenly used etc.


Biting the hand that feeds IT © 1998–2022