* Posts by johnrobyclayton

27 publicly visible posts • joined 11 Jan 2018

You get the internet you deserve


Maybe there is hope

AI's generating content that only has a little bit of useful information.

Ad networks that advertise on content and pay for impressions and clicks based on how many searchers find it.

Search engines looking for useful stuff to offer searchers to make themselves relevant to searchers.

It is one big generative adversarial network.

They start out shite, sure,

But they do improve...

How GitHub Copilot could steer Microsoft into a copyright storm


Explain how/where you got your code Vs Explainable AI

These are the same problem.

To solve this would require a lot of work in the initial setup of the training data.

You will not be able to solve this using training data that is not completely vetted and cleansed.

The training data needs to be correct and complete and fully attributed.

Unfortunately not something that is effectively done in today's mad scramble to create cool toys.

Code sample x made by author y does z using language w

Code Sample:




some piece of code



What this code does:


Some description of what this code does,

description of inputs,

description of outputs,

description of purpose





What language is this in?





Author of this code, Available licenses for this code.


For creating the code generator you need to generate suggested x given z and w



Description of what this code needs to do



What inputs are available?

What outputs are required?

How should it behave?




What Language are we generating in?


This produces generated code.

Questions about this provided code are:

What code samples from the training data are most likely to have contributed to the output.

What are the authors and what is the licensing terms of the code that most likely contributed to the generation of the output.

Generating code samples we seem to know a bit on how to do.

Identifying what code samples most likely contributed to the generation of the output is a second challenge that could be met by further research. This would likely require extensive supervised training using sample Training data-->generating sample output that human evaluators could then compare to the training data and identify the likely contributors Enough of this could train a model at identifying likely contributing code samples given generated code a a training corpus just like models can be developed for attributing purposes. Like identifying if some piece of prose might have been written by Shakespeare.

This can then be linked to the author and license information linked to the training code samples.

This is a vastly greater amount of work than just training a model on any tom dick and harry code set scraped from an essentially random source.

There is no easy shortcut way of doing this unless you are happy with the untoward consequences of not caring about any consequences.

Ever suspected bankers used WhatsApp comms at work? $1.8b says you're right


The security and anonymity options in communications technology are only going to improve

It is a fiercely competitive market.

Everyone will have to adapt to the reality of not being able to monitor, track, trace or even be aware that communications between any pair of communicators is taking place.

It is even possible to have communications take place without the communicators being capable of knowing who each other is unless identity information is exchanged.

There are a lot of laws and regulations that are completely or partly dependent on there being some way to determine some details of a communication.

These need to adapt to an environment where this information is simply not going to be available.

Regulators and legislators can grump and moan all they like (it is always amusing to read about it on this site), but it is not going to stop completely anonymous, secure and private communications becoming more and more of a reality.

If you cannot make legislation or regulation that can handle a complete inability to monitor communications then you simply will not be able to enforce such legislation or regulation.

If you are in a position to need the protections of legislation or regulation that need to be able to access elements of communication that cannot be compelled to be available, change your position.

Tech world may face huge fines if it doesn't scrub CSAM from encrypted chats


I am a bad actor - please help

Can someone send me all of these hash databases and deep learning models that are being developed to identify bad files or content?

For file hashes I can create innocuous files whose hashes collide with with bad file hashes, scatter them on social media, and tie up investigative resources.

For deep learning models that identifies bad content I can create an adversarial deep learning model that can generate content that the supplied deep learning model identifies. I can let the government provide the training tool for automated generation of bad content.

There are a lot of silly people that think that the range and options of information available can be constrained. It is disappointing really.

UK government opens consultation on medic-style register for Brit infosec pros


Not to worry, its a long consultation

20th March 2345 is a long way away. Not much to worry about for a few centuries.

Hitting underground pipes and cables costs the UK £2.4bn a year. We need a data platform for that, says government


This reminds me of a story

Several years ago I read a story of a Uni student who decided to try an map the various bits of cabling that existed in a particular location from public sources of information.

He observed some risky conglomerations of various bits of infrastructure on his map.

He observed that one particular bank had all of its communication infrastructure going through one point accessible by a manhole cover a little bit down the street and around a corner.

He went to the bank and asked then if they were aware of this vulnerability. The bank got very upset and would not let the student leave the building.

Some alphabet agency got involved and they promptly hired the student and got him to do the same project on a national scale.

What an IDORable Giggle: AI-powered 'female only' app gets in Twitter kerfuffle over breach notification


Being a minority

We have done a lot of work to enable minorities to be included in our rich Internet culture, and it has only made our Internet culture richer.

There has been a significant downside though.

The Internet was initially created and populated by a group of people that to a large degree were conditioned to believe that they were the apex predator in the room. Flame wars, Religious crusades, Trolls, they always existed, either in reality or in perception but because a large number of us knew that we were the apex predators in the room, we did not care.

The inclusion of every minority we could find or be discovered by, though, introduced a lot of people to the Internet who have been conditioned that they are not the apex predators in the room.

They are conditioned to take seriously every indication that they are under some form of attack, whether it is real or not.

The rough and tumble of the Internet is a big part of its richness. The determination by a lot of well meaning individuals and groups to cover all of the hard and pointy surfaces with polite, gentle and politically correct foam is reducing the cultural richness of the Internet.

We need to teach more people that the belief that you are the apex predator in the room is simply a state of mind. You do not need to be the apex predator to believe it, and the belief can give you the freedom to simply ignore the sharp, uncomfortable and pointy bits of the Internet you might not enjoy and enjoy all of the richness that remains.

Facial-recognition algos vary wildly, US Congress told, as politicians try to come up with new laws on advanced tech


There are no shortcuts


They have 10000 different images of every person to be positively identified (scanned image is of this person)


They have 10000 different images of every person that they want to negatively identify (scanned image is not of this person)


They have 10000 different images of each person they are going to scan and attempt an identification on.


They might have a chance of reliably identifying someone that they have scanned.

It still will not be perfect though.

Post Office faces potential criminal probe over Fujitsu IT system's accounting failures


Re: Ooooh first post....

'Ere, I resemble that comment, except its Windows 2000 Advanced Server slipstreamed with SP3 and the registry hack that made the evaluation versions included in the MS Cert training packs full versions. Ahh the good old days. Devuan rules.

Put the crypt into cryptocoin: Amid grave concerns, lawyers to literally dig into exchange exec who died owing $190m


Crohn's Disease + Indian Food = Easily Faked Death

If you have Crohn's disease and want to fake your own death, India is the place to do it.

The immovable object versus the unstoppable force: How the tech boys club remains exclusive


Maybe it is time to move on.

I am quite fine with competing purely based on merit and effort.

I know that a lot of males in my industry have behaved in a way that allowed them to succeed in a way that does not correlate with merit and effort.

I understand the reaction to this that promotes the idea of enforcing a method for females to enable them to succeed in a way that does not correlate with merit and effort as a valid response.

I do not need to succeed beyond what I earn by merit and effort.

I also do not need to stick around in an environment that prevents me from being able to succeed in line with my merit and effort.

So maybe its time to create a new industry. There are enough mechanisms now to enforce anonymity while supporting the economic, informational and business transactions to support fully anonymised informational industries. Being fully anonymised, gender cannot become an issue.

Pair programming? That's so 2017. Try out this deep-learning AI bot that autocompletes lines of source code for you


Can I get one trained on homework assignments?

There is a lot of training data available online apparently.

Would this be plagiarism?

DeepNude's makers tried to deep-six their pervy AI app. Web creeps have other ideas: Cracked copies shared online as code decompiled


This is only the start

Some ideas that will definitely crop up if they have not been built already:

Chatbots that emulate children for the enjoyment of sexual predators. (These already exist in the hands of some law enforcement groups to identify and trap such predators.

Deepnude+deepfake videos = Porn films with the subjects of your choice.

Text story to Screen Play / Screen Direction conversion using AI

Screen direction / Screen Play to video /animation with 3D imaging using AI

Add force feedback

Add them all together and you will have the full Startrek Holodeck Experience.

It is inevitable that this will be used for any and all sorts of perversions along with entertainment, training and every other useful and culturally appropriate use.

There will be grumbling and crying and gnashing of teeth but that is not going to stop the torrent of new ideas and technologies that will explode to satisfy any and all perversions.

Bot war: Here's how you can theoretically use adversarial AI to evade YouTube's hard-line copyright-detecting AI


Try this the other way around

Instead of breaking copyright in the research, get some original content that you own and send that through the neural net to make it trigger a copyright flag.

A lot more fun as you get to beat up the copyright enforcer instead of getting beat up.

What bugs me the most? World+dog just accepts crap software resilience



I remember a scene in the movie Idiocracy.

It was in the triage section of the emergency department of a hospital.

There was a girl in front of a full graphical patient classification interface.

It had pictures of red marks on a picture of a body and she would select which one that most matched the problem described.

It had all the complexity of the classic game operation without the requirements for good hand eye co-ordination. The icon pictures were rather large.

I have worked in support for many point of sale companies.

I have seen the evolution of this type of software on a daily basis. I have heard comments from the owners of more than one business that they wanted software that someone who was not very good at reading to be able to use.

Users get stupider and stupider because they are allowed to by companies that want to sell to the stupidest people they can find because these are the ones that will pay the most for software no matter how many issues it has.

The demands on software are increasing every day not just by the increasing complexity of our operating environment but by the requirements that stupider and stupider people need to be able to use it safely and profitably.

The problems of allocating blame for software that fails to meet requirements is a difficult one because it is the responsibility of everyone that contributes to its development, design, testing, marketing, use, selling, purchasing, training, legislating, securing, compliance, etc etc etc ad infinitum.

Click here to see the New Zealand livestream mass-murder vid! This is the internet Facebook, YouTube, Twitter built!


You get what you...

You get what you pay for

Facebook, Youtube etc, are free or cheap enough, except for your attention and the information about yourself that you give up.

You get what you vote for

If you want something different, vote differently, if you do not like the choices, run for office yourself.

You get what you do nothing to stop

Evil happens when good people do nothing to stop it irrespective of what their opinions on what good and evil are.

If you do not like a company's behaviour:

Go to another company.

Create your own that out competes them that behaves as you see fit.

Buy them and change their behaviour.

Vote for legislators that create the regulations that enforce the behaviours you require.

Become a legislator and vote for the regulations that you require.

Do something that stops behaviours that you deem evil. Convince others to prevent evil from being done. Share your attempts with others.

You might want to create a manifesto in this case, just so people can understand your choices and the intent of your actions.

As has been said before, there are no easy options here.

There are plenty of easy to state wishes that are in a lot of cases, especially now extremely heartfelt.

But as has been observed many times before magical wish based thinking and requirements in the political/technological/social/environmental spaces serve no useful purpose.

It is only the choices that we make, the actions that we engage in that makes the world what we want. We live in a world full of other people that are choosing and acting as they see fit.

If these events prompt you to choose something or do something, then make your choice. Act.

Strewth! Apoplectic Aussies threaten to blast noisy Google delivery drones out of the sky


Not all that usefull in urban areas, but in the sticks ...

Trialling this in an urban or suburban area is a mistake.

Too many neighbours to bother and it would only be used by people too lazy or time poor to go to the local chemist or corner store.

Providing deliveries to people in remote areas would avoid the noise complaints. Only the target of the delivery is likely to hear the drone and it would be serving a definite need for remote families.

Might be better to use a hybrid fixed wing - vtol drone configuration that can handle significant distance and weight while maintaining landing accuracy.

Did you know?! Ghidra, the NSA's open-sourced decompiler toolkit, is ancient Norse for 'No backdoors, we swear!'


Perhaps they have moved on

Once you have pwned the compilers and other elements of the toolchains that build the toolchains that build the toolchains that ....

To get a clean from start you would have to wire up the processor from transistors, design and build your chip fabricators, code your compilers and bootstrap yourself into the modern age.

Not many people or organisations have the patience, ability or resources to go through such a process.

One iteration of Linux from Scratch was enough for me.

There is no way to fully trust that any technology today has not been pwned to some degree or another.

The only defense is to get as many different individuals and groups investigating and testing in as many different ways as possible.

It is probable that the NSA's largess is not something that is a significant threat to the NSA itself.

It will be though, something that can increase the exposure of their counterpart's efforts along with those of non-state threat sources.

When the bits hit the FAN: US military accused of knackering Russian trolls, news org's IT gear amid midterm elections


The IRA in news is dead, Long live the IRA

Irish Republican Army

Internet Research Agency

Isn't it nice when the current affairs torch gets passed on.

Fool ML once, shame on you. Fool ML twice, shame on... the AI dev? If you can hoodwink one model, you may be able to trick many more


AI Buster Buster Buster Buster

Train an AI to recognise something.

Train the next AI to fool the first AI.

Train a third AI to recognise the attempts to fool the first AI

Train the fourth AI to fool the third AI

Train the fifth AI to recognise the attempts to fool the third AI

Wash, rinse, repeat

Tech sector meekly waves arms in another bid to get Oz to amend its crypto-busting laws


If anyone is interested in my thoughts on secure communications

Some thoughts that I have had on anonymity and security.


Oz government rushes its anti-crypto legislation into parliament


I have been thinking

Elected governments can only promote legislation that can be understood by, and desired by the voters.

There are plenty of technical people that know and understand the futility of effectively controlling decent encryption technologies.

But there a lot more people that do not understand the impossibility.

Therefore elected governments have to say silly things like the law of the land overrules the laws of mathematics even though that is cringe worthy.

What is needed is a description and demonstration of a secure communication infrastructure that is as impossible for any governments to effectively control as possible. This needs to be as simple in the individual operational elements as possible. There may be a lot of operational elements but if each piece is simple enough then a lot more people will be able to understand it.

I have been writing up something to do this as a hobby for the last couple of years.

Its a bit of a read and is a work in progress but I think that there is enough for sharing.

I have been using a github wiki for this:


Brain brainiacs figure out what turns folks into El Reg journos, readers


C, C++, C#, C99 shaped nubs?

Explains a lot.

NSA boss: Trump won't pull trigger for Russia election hack retaliation


Instead of attacking the predators, reduce the vulnerability of the prey.

There are always going to be enemy's trying to attack.

In this case they are attacking through a vulnerability in how our civilisation works.

We can counter attack or we can reduce the vulnerability.

Improving the critical thinking capabilities of our populace and improving their political awareness and comprehension would be an effective method of reducing our vulnerability.

Allowing yourself to be effectively lied to is a choice. Never trust, always question, always verify, always fact check and never let the desire to fit in override your good sense.

Hospital injects $60,000 into crims' coffers to cure malware infection


Predators always exist in the presence of prey

If you choose to be prey then you encourage the existence of predators to the detriment of everyone.

Choosing to be prey is not taking preparatory steps to avoid being taken advantage of as well as the immediate surrendering of value to predators.

A Hospital holding up their patients to defend themselves from the righteous criticism of their behaviour is deplorable.

What do we want? Consensual fun times. How do we get it? Via an app with blockchain...


Objective Measurement

Receiving consent is required before engaging is sexual activity by another.

This is enforced by law and evaluated in the courts.

At this point in time, as far as I am aware, there is no generally agreed upon standard for objectively measuring or determining consent prior to engaging in sexual activity with another.

Therefore, as far as I can see, any sexual activity between two or more people must be defined as suspect until a legally binding statement has been recorded by all participants that they did indeed consent to the sexual activity.

This is insufficient.

Consent has a very complex definition and it is getting more complex all the time.

It includes any one or any combination of:

State of mind of any of the participants, before during and after

State of mind of others, before during and after

Age of any participants

Information available to any of the participants

Information provided by any of the participants

Differing local statutes

The list goes on ...

I for one do not like an environment where the appropriateness of my sexual activities with others simply cannot be defined before or during the event and can sometimes only be guessed at after.

You might dislike the solution presented in this article.

If so, present a better solution to this problem.

Romance, love and tenderness are all fine and dandy but they are a pile of crap in a court of law.