Posts by Mike 137 3969 publicly visible posts • joined 10 Sep 2009
"the naysayers ignore the vast amount of resources humans have consumed over millennia"
How about just over the last decade? I didn't think we'd had "AI" for millennia. And 100 billion people? The current world population stands at about 8 bn. This is yet another example of the unadulterated bullshit that fuels "AI investment", aka pouring other peoples' money down the drain while creaming off the top layer.
It's marketing hype without which the billions of dollars wouldn't be poured into the coffers of the "AI" corporations. Real human (including technological) progress has always been driven by exceptional individuals having novel ideas, not by committees which output a consensus of the status quo. As the training of current "AI" (in reality, LLMs) is fed by data representing the status quo and from this the machine generates statistical consensuses, it should be self-evident that real novel output is to be expected solely by pure fluke.
"I don't think I've ever heard that definition for "deterministic"."
Maybe not, but it's an established definition in general engineering parlance and not a few other non-engineering fields. The computer science definition you provide (which I don't dispute in principle) is merely a narrower theoretical subject-matter-specific variant that's a bit too narrow in the context of LLMs. The mechanism by which tokens are sequenced by an LLM in response to any query is most certainly deterministic. The potential variation in output for a given input results from the huge variety of alternative pathways through the "maze" - the possibility of alternative choices of token with comparable probability at each step. So what we disagree about is really just the difference between a formal and a practical definition of the term.
"LLMs aren't deterministic"
At the lowest level they actually are. It's just that the determinism is based on a probabilistic distribution of weightings of the tokens developed during training. It's oversimplification to assume that "determistic" always equates to "same output every time for a given input". It actually just means "follows a set of defined rules", which an LLM most certainly does.
"Sherlock Holmes was famously unaware of the Heliocentric arrangement of the Solar system"
I strongly suspect that, given the character of Holmes as portrayed, he did know but didn't care, and this was actually heavy sarcasm aimed at Watson's predilection for concentrating on irrelevancies.
"Verbosity is known behavior of LLMs – they are prone to 'word salad' responses that make them harder to use and decrease their reliability,"
Of course! They're language models, not concept models. The LLM has absolutely no understanding of anything - it's merely a statistically driven blind token stream generator. I've given up trying to fathom why this really basic fact has not sunk in. Maybe it's down to the hype, as in the case of the tulip mania, the South Sea bubble and the convulsionnaires of Saint-Médard? Or maybe we've just given up using our own brains because it's so much easier to query an LLM than actually think.
"a competency test [...] to assess whether they emerge with skills employers will find useful"
It would be nice if the skills were specified, but the cited press release doesn't mention them. I can think of a lot of skills that almost anyone would find useful that are currently in short supply, including clear logical thought, attention to detail and acceptance of personal responsibility for one's actions and omissions. But I bet these aren't on the list.
There are huge numbers of essentially insuperable problems with plans of this kind, see this very recent article for an objective analysis.
Karp: "the noble [??] side of the West, which means being lethal on the front end, meaning outside, against adversaries"
Miller: "“We live in a world, in the real world [...] that is governed by strength, that is governed by force, that is governed by power. These are the iron laws of the world since the beginning of time.”"
"Pick any sort of motor control task — like hitting a tennis ball or swinging a bat at a baseball. These are very sophisticated computations."
Actually, these are not "computations" in the math sense at all -- they're dynamic systems using sensory/motor feedback tuned by practice. The big mistake is to view the brain as primarily a computer or "thinking machine". As the late Bob Ornstein pointed out decades ago, the brain is primarily a body controller, which is why we do motor tasks so effortlessly. But this does imply that in the absence of a body to control, the "artificial brain" would not perform as expected (or maybe even at all). The functioning "brain in a vat" is merely a Hammer fantasy.
"My grinder (used every few days) dates from 1978"
Mine dates from around 1940 and has a handle on the side, so no need for leccy or "internet". It takes just a few minutes of excellent arm exercise to grind enough coffee for a couple of days, which I keep in the fridge in a sealed glass jar. The secret of storage for good coffee is airtight and cold, so freeze the beans in sealed packets (as delivered by my roasting house) and chill the fresh grounds in a closed container.
"I don't actually think they should be on social media at all"
A very good point. We've reached a stage where a lot of major government policy is announced, and diplomacy conducted, primarily on "social" media (and not just in the US). So unless you're a subscriber it's very hard to find out what's being decided on your behalf. Of course it gets even worse where the "social" media in question is owned by the interested parties...
"I think it can write Muzak, but not Mozart."
It might write a good semblance of Mozart by statistical chance, but it'll never be able to recognise why it's good. The missing bit will always be understanding, as that requires much more than stats and logic.
"standards that I work/worked to that are possibly being ignored today by younger developers, either through choice or because they are compelled by their managers to write code quickly"
Or more likely because neither the developers nor their managers are actually aware of said standards. It's interesting that the OWASP Top 10 list of crass mistakes has stayed almost the same for the entire lifetime of OWASP -- pretty much the same list just gets shuffled around a bit. It's obvious from this that nobody is really learning the basics of good practice (which is a helluva lot more than mere "coding"). I suppose there's no incentive to if the dosh keeps rolling in despite the product being crap. Design a plane like that and people die, which gets attention, but it's perfectly OK for mainstream software to disrupt businesses and leak secrets, because that doesn't attract the same level of bad publicity (if any at all).
Throughout the modern history of engineering (at least the last 300 years or so) it has been public revulsion to accidents that has driven improvements to standards. Sadly, in the software domain we the people seem to accept anything we're thrown regardless of consequences, and that has assisted in the development of quite ridiculous indemnities from liability (the EULA). If standards are to improve there have to be binding obligations to do so, and those will only come about if the public demand them loudly enough.
The real problem is that it's not engineering -- it's clusterfudging. Software development ceased to be engineering when the microcomputer took over from the mainframe and mini. Those were programmed by experts aware that, on time sharing systems, anyone who crashed the machine would be seriously unpopular with all other users. Plus they worked inescapably very near the metal so they understood the technical implications of their code. The "micro revolution" was, however, driven mainly by self-taught kids in back bedrooms who had unlimited enthusiasm but neither the ethics nor the technical mindset of the engineering discipline. (I know, I was there, but was fortunate to have had a scientific training which imposes the same discipline).
The parsimonious use of memory at that time was not a matter of judgement, or even choice. It was forced on those writing code by the cost of memory (e.g. £1.60 + 15% sales tax per kilobyte from Watford Electronics in August 1982). So it was done, but without being any fundamental concept that would stick when memory became more plentiful and cheaper. Unfortunately, by virtue of the commercial success of the resultant negligent approach, there's never been any incentive to professionalise micro software development. Indeed the opposite has to a great extent occurred -- witness the deprecation of C as a "hazardous" language in favour of newer languages that prevent the making of basic coding errors -- seemingly eliminating the need to pay strict attention to what one is coding.
The details may be open to argument, but the basic truth exists that software development is not yet an engineering discipline but absolutely must become one. Not only bloat but fragility and vulnerability have reached utterly unacceptable proportions given the extent to which we rely on software to keep our societies running and safe. In all established branches of engineering (even down to gas fitting and plumbing) there are formally ratified mandatory standards that must be met. We need the same for software development in any domain where personal privacy, business security, livelihoods or lives could be affected by inadequate code. And almost inevitably, such standards would drive down bloat, as excess complexity is itself a primary source of the relevant hazards. Bluntly, we have to train would-be software developers to consider carefully (and feel responsible for) the implications to the end user of what they develop -- that's the primary principle of the engineering mindset.
"one major reason people have cars – the unexpected"
Another very important one is independence. If you're a gardener and want to collect a load of bagged compost or some sapling trees, if you go night sea fishing and want to get to the beach by 2 AM, or maybe you want to just potter around for a whole day in the countryside, having your own car that's effectively already paid for, bar the fuel, is right on your doorstep now so you can load up and be on your way with no issues about when (or even whether) you can get transport back, is the only practicable way.
All these "car sharing", "dial a ride" and "autonomous" options assume you're a stereotyped townie who doesn't do anything out of the conventional rut of going to work, shopping, clubs, sport &c. (actually, a very rare beast in my experience -- most folk have quite surprising and varied interests and hobbies).
The trouble is that the technocrats who invent and promote these services want us to all to be stereotyped townies, as that would make us easier to monetise.
"Do EU know ICO has no teeth?"
The adequacy decision actually filed down what teeth the ICO had, because it looked at the letter of the law, to the exclusion of what was actually going on.
The effectiveness of the GDPR has from day one been largely nullified by almost universal failure to comply with the transparency obligation (Articles 13 & 14). This obligates data controllers to specify, for each and every purpose, a lawful basis and associated specific data subject rights (these vary across lawful bases). Provision of this information is fundamental to the exercise of data subject rights, as you can't object to (or withdraw consent to) something you haven't been told about. But in the adequacy decision the EC inadvertently "legitimised" this grave breach by ambiguously stating "2.5.4 Transparency [:] (49) Data subjects should be informed of the main features of the processing of their personal data." which has been widely interpreted as "informed of some of it". And, despite the general failure to comply with Articles 13 & 14 being quite widey aired, nobody has taken and significant steps toward correcting it.
The result is that UK data protection law in its entirety and various guises has become little more than data breach law, whereas it was envisaged as having a much wider and more important remit -- human rights law with respect to personal data.
"AI-generated code contains significantly more defects of logic, maintainability, security, and performance than code created by people"
Of course -- it's been trained on all the half-arsed examples submitted by novices and crap coders to open forums. So what else would you expect?
"It's the Automotive Sector
It's not just the Automotive Sector. I recently had to reconfigure someone's SOHO router (a notionally reputable brand and a "professional" model only about a year from release). The digital certificate for its web interface had expired and there seems to be no mechanism for updating it (hard coded like what Firefox did maybe?). Fortunately the web interface is only accessible from the private side, but nevertheless the browser has to be instructed to ignore the certificate, which makes it pretty pointless.
Just one more among thousands. If you want to find out about loopholes in the UK that (typically intentionally) allow escape from regulatory oversight, get a copy of Ian Cobain's book "The history thieves" (London, Portobello Books 2016 [ISBN 978 1 84627 583 8]).*
* Health warning: prepare to be shocked
.
Probably not, but standards have been dropping for a long time. When "auntie" was particularly inclined to talk down to viewers I used to think it was being intentionally patronising. However I've come to the conclusion that the producers and presenters just think at that superficial level naturally. I'll never forget the famous interchange between a news reporter and Beeb exec. Accused of dumbing down programme content, the exec responded "on the contrary, we are dumbing up".
A few years back, on a contract with an NHS trust, I found a hospital admissions system running on two separate computers (side by side under the same desk) that required the users to shuffle their chairs back and forth between two screens. I suggested (as a minimum) a KVM switch, but IT support hadn't heard of such a device. The problem is often not so much "legacy" as "inadequate".
"Because the scheme is digital-only, there is no physical document to fall back on when errors occur"
This idiotic lack of resilience has become the order of the day. In the name of "progress" we're rendering ourselves ever more open to accidents by eliminating independent backups for almost all our critical services.
"The idea of a user turning to Copilot, or any chatbot, for "existential clarity" is vaguely disturbing"
Or rather, dead scary, I'd say. Not only is replacing human empathy with the output of a mindless machine a very bad idea, but supporting (nay, definitely driving) a culture in which folks are so deeply worried all the time that they have to ask existential questions at 2AM undermines human resilience. Once that's lost, we're just puppets in the dirty hands of the technocracy.
If it wasn't an effin smart phone on wheels you wouldn't have to worry. My almost entirely* mechanical Volvo is 30 years old today, running perfectly, and has never been broken into or "hacked".
* it does have an electronic engine management system
.
"ultimately both sides will end up being owned by the same giant corporation and there will be no more wars"
Oh yes there will, and they'll last longer. Supplying both sides is both twice as profitable and can be good insurance ("hedging one's bets"). And it works -- there are plenty of precedents going back to ancient Greece.
Good role-play at fire fighting, yes. But fire fighting is far from enough. What's apparently (and almost certainly) missing is modelling the prior state of the victim. So they should also be role-playing the risk management and the operational process space that precede the attack. Just for example, the infamous and costly Equifax breach (2017) was primarily due, not to the cunning of an adversary, but, having been alerted to the vulnerability and provided with a fix, because they didn't have an adequate inventory so they couldn't find the server to patch it.
In a consulting career of several decades I've hardly ever found an organisation that was demonstrably robust against the unexpected. Even where "risk management" has been undertaken, it's typically been [a] conducted in a silo (usually by the Board) detached from operational realities and [b] limited to a predefined list of assumed risks that they're able to think up in their armchairs. Hardly anyone accepts that effective risk management is a continuous dynamic activity involving all echelons of the organisation, backed by effective monitoring, excellent communications, current intelligence and the combined expertise of not a few departments.
"Inclusion of this age group could also support children's online safety by supporting age verification for online services in line with the Online Safety Act 2023."
Now is the time to ask loudly where mission creep will stop (and how many people will be excluded from key services/entitlements just becauss they don't have or can't use a "smart" phone). Write to your MP.
(1)A person is guilty of an offence if—
(a)he does any unauthorised act in relation to a computer;
(b)at the time when he does the act he knows that it is unauthorised
The problem arises where a legitimate researcher wants to investigate e.g. a critical vulnerability in the public interest but the software vendor/host refuses to respond or co-operate. This is much more common than many believe as "reputation" typically takes precedence over protecting the public.
When the CMA was being drafted I suggested that a defence could be reasonable documented and certified attempts to obtain consent before proceeding, but this didn't get into the bill.
"they all allow that, as far as I know"
Not necessarily. For example, many book publishers in UK and some other English speaking jurisdictions expressly prohibit the act of reproducing their published content by any means (irrespective of whether it's for personal use or republishing). One of the complications is that there can be other IP rights in addition to copyright.
"how on Earth do you get to VP status in a company if you don't believe in its products ?"
"VP" is an honorific title, really signifying "top donkey", particularly in the IT arena, where the buck tries to stop first whenever there's an incident. It has been noted in the past that the average life of a CISO is 2.5 years (i.e. until the first data breach). And it's interesting that IT "directors" don't often have a seat on the board.
● promptly patching and updating firmware
● replacing default passwords with strong alternatives (and rotating them periodically)
● putting EAS and other critical audio gear behind firewalls or VPN-protected networks
● restricting remote management to authorized devices
● systematically auditing logs for suspicious access attempts
Assuredly, the assumption that these are "best practices" is a prime source of our abysmal level of cybersecurity. They're the absolute minimum basics.
There's another, more effective, form of engagement -- offering expert assistance and support, preferably prior to rather than merely after incidents (and this is not a "carrot"). Not only are "cyber regs" currently a patchwork -- standards are too. And both almost entirely ignore the non-"cyber" elements of protection, not least realistic business risk assessment and the influence of psychology on both the guides and guided on the victim side.
AI, AI -- Oh!
"Roles centered on routine analysis, [...] transactional support"
Both of these roles only work in the real world if they're capable of effectively identifying and addressing unexpected edge cases -- the very thing that the LLM is incapable of as it operates on statistical probabilities, and edge cases by definition have low probability.
"insisting that cooperation, guidance, and "proportionate" responses achieve better long-term compliance than headline-grabbing penalties"
The expression "headline-grabbing penalties" clearly indicates that the ICO doesn't have a clue about what minimises data breaches. And whether .cooperation, guidance, and "proportionate" responses' deliver useful results depends entirely on the definition of those terms and their applicability to individual cases. (BTW it's revealing that the word proportionate is double quoted, as if it's not to be taken seriously.
Via submissions to several govt. consultations on data protection over the years I have repeatedly suggested that a more effective response would be in three phases: an enforced independent audit of the breach, a set of mandatory remediation actions and an independent post-implementation audit to confirm they were in place and working -- all at the breaching organisation's expense. This would be vastly more effective than fines, which to many organisations are just a cost of doing business (and against which they may even be insured).
So far my suggestion has apparently fallen on deaf ears and the ICO has increasingly ignored pretty much all but high profile data breaches that gain mainstream media attention, even where (in my direct professional experience) the implications of apparently minor infractions have had potentially far reaching consequences. This (underlined by the expression "headline-grabbing penalties") leads me to the (possibly uncharitable but inescapable) impression that the ICO might be at least as concerned about enhancing its public image as it is about fulfilling its ostensible role in protecting the public (a well recognised stage in organisational decline).
For reference: I am a 40-odd year veteran in information management with professional involvement in data protection since the 1984 Act
.
"The best manager is conspicuous ONLY in his/her absence."
Actually, the best manager is one who assists and facilitates your activities so you both get the best possible results. I've had two such in my whole 40-odd year career. My worst had a black Darth Vader high back chair and a stock phrase "bring me solutions, not issues".
The fundamental problem here (one of the key errors that underpin of the supposed charms of using "AI" here) is that coding is not programming. The most important element of programming is the design of appropriate and reliable algorithms for solving the problem in hand. Coding is merely the penultimate stage of realising those algorithms in a way the machine can exercise. The final stage is, of course, testing, and I fail to see how it's realistically practical (or indeed even always possible) to test code that nobody has an insight into because it was churned out by a bot that has no concept of what the code is for in the real world.
The other chief error (the concept that once the tools are smart enough nobody needs to understand what they're doing any more) is a growing general cultural problem that we allow to take firm root at our peril.
"The only realistic use is by governments as a system of universal surveillance"
No, the primary use is to further elevate the egos of the small (thank the Maker!) population of Cracked Coders who think they are entitled to rule the world despite never being able to write code that doesn't need a constant stream of repairs for its entire operational life.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
