Posts by Mike 137

the blocking of downloads over unencrypted connections

Why? And whose decision should it be anyway? Nanny doesn't always know what I want.

Bureaucrats pronounce

""The artificial air gap created by deploying firewalls

As several others have rightly indicated - a firewall is not an air gap.

However quite a lot of research has found ways of breaching real air gaps (commonly via infiltration of inconspicuous kit) so there is a genuine problem. To quote Major General Jonathan Shaw (Late Head of Cyber Security, MoD) “...about 80 per cent of our cyber problems are caused by what I call poor cyber hygiene.” That's commonly the greatest weakness, both against cyber attack and other accidents, and is how such infiltration takes place.

All you need is a removable storage device that jumps the gap. A colleague once set up a secure comms unit in a war zone. The red and black systems were the statutory 1 metre apart, but on returning a month or so later he found a USB stick hung from the ceiling between them on a length of elastic.

Unexpected consequences?

"Google has decided not to run any ads alongside content that "contradicts well-established scientific consensus around the existence and causes of climate change"."

Since a substantial body of research has shown that most folks hate ads, this might even increase attention on such content.

Fine, provided ...

I only hope that this has doesn't result (as usual) in the need to replace all our hardware to ensure expansion remains possible. Each time there's a new interface version, vendors stop making expansion parts for previous versions in short order. We keep systems running for as long as possible as that saves a fortune while they still work (and also in a small way reduces the WEEE mountain). But it's getting increasingly difficult to do so.

Network engineering or network winging it?

"reports of employees' door keycards not even working on Facebook's campuses during the downtime let alone internal diagnosis and collaboration tools, hampering recovery"

Two omissions are apparent: [1] functional network segregation (or the door cards would have still worked); [2] redundancy (no comment needed).

When any system (be it an organisation or a technology setup) reaches a critical size, control is commonly lost. The solution is segmentation, so each element is below critical size and each can operate (at least at baseline) autonomously in emergency.

That's more expensive to implement that chucking everything onto one huge pile, but it's safer and ultimately cheaper to keep running..

Clarification needed

Now that all financial transactions other than cash payments are already electronic, what's the real difference between a dollar and an e-dollar?

"... professional developers working for the ad agency's prospective clients"

When I taught web development, the very first thing I said to students was:

"You're not designing a web site for your client. You're designing it for your client's customers. If you make it hard to access you're doing your client a disservice as you're losing them customers".

That message has been utterly lost of late. The other day I followed a link to a business innovation portal, and as soon as the page started loading it crashed the browser. Looking at it via another, somewhat more recent, browser, it was just a static page. I call that poor engineering.

"... terminal fraud attacks"

In this case, I couldn't have put it better.

"Space is worth billions to us"

Solely about dosh again.

"Huston, the Locust has landed".

A bit of a muddle?

"The guidance also allows for data sharing with encryption only if the "keys are retained solely under the control of the data exporter"

[1] if the keys are only retained by the exporter, how will the importer make use of the data?

[2] There seems to be some confusion between sharing and transfers here. Exporter and importer are parties to transfers, the legality of which depends on such things as being within the EEA, binding corporate rules, standard contractual terms or adequacy decisions, all of which are regulatory or statutory. The legality of sharing depends on sharing agreements which are merely contractual between the parties concerned.

Relevance and utility

"everyone else gets their lives strip-mined in the name of 'relevant' ads"

I have a suspicion that the most effective 'relevant' ads are those relevant to the content of the page on which they appear. Probably a lot more effective than "personalised" ads based on what you've just bought, for example.

The more relevant the ad to the page being viewed, the better the advertiser, the publisher and the public are served, but of course the broker loses their alleged USP as the placement 'algorithm' becomes elementary and transparent.

Emissions

'"hydrogen-electric engine in every aircraft" because it's the only viable way to "deliver truly zero-emission aircraft."'

Burning hydrogen creates water vapour, which is an emission. And it's a "major player in climate change" according to NASA.

Of course we must minimise our effects on the planet but the only way we're going to achieve true 'zero emissions' is to wipe ourselves out as a species. And if we continue demanding more and more as we have done for so long, we'll probably achieve that in the not too distant future. The planet, however, will certainly outlast us even if we just go extinct slowly like most other species do in the long term.

"well over half of surveyed workstations didn't make the cut"

What's churn for?

There's no 'conspiracy' but there doesn't have to be. All sectors of the vendor community caught on independently ages ago that it pays to keep us 'upgrading'. After all, what keeps the revenue stream flowing?

Excellent, but I hope others listen

This is fundamentally an essential if we're going to rely on AI and ML for decision making that affects lives, livelihoods or business missions.

It's a pity in a way that it comes out of China, as that may well cause the narrow minded, or worse those with vested interests in lack of transparency, in the 'west' to disregard it on political grounds.

Compare this with the current UK DCMS proposal to repeal Article 22 of the GDPR, which, although it might be less ambiguously expressed, in principle provides for challenge and human review of automated decisions: "The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her."

Serverless?

Of course in reality 'serverless' is not serverless. There must be servers for the transactions to take place. It's just that the servers are transient. Obviously that can be an advantage to the provider as it reduces the amount of idle processing power across the large infrastructure (most transactions being bursty). I'm not sure what specific benefit that offers the user though.

Objective performance?

"with lead times from 5–90 min ahead. Using a systematic evaluation by more than 50 expert meteorologists, we show that our generative model ranked first for its accuracy and usefulness in 89% of cases against two competitive methods"

In all fairness, I've only read the abstract, but i'd really like to know the method's absolute false positive and false negative rates, rather than just its "accuracy and usefulness" rating compared with other methods.

Apart from which, given a 5 minute lead time I reckon any observant human could have a pretty reliable judgement about whether it's going to rain. At the 90 minute lead time, any observant human familiar with a given geographical area might also do pretty well. The most interesting report would therefore be how much better than an observant and informed human this might perform.

We seem to be constantly looking for ways of replacing the capacities of competent humans with complex machines. If successful this might well lead to a general loss of human competence, and there's no logical reason why this could not eventually degrade the competence of the population of creators and trainers of the machines. However, so far each machine at best has only a single narrow specialised skill, so we'd need an awful lot of them to replace the entire gamut of competences of a single competent human.

"seemingly as a result of the camera-based vision system being confused"

A verified example of such confusion shows how little it takes to accomplish - a short piece of black sticky tape on a 35 mph sign resulting in autonomous acceleration to 85 mph.

"cloud first" already allows for non-cloud deployments when justified by cost

Maybe we should rephrase that as ' "cloud first" already allows for non-cloud deployments when justified by initial cost'

Once they have you by the long and curly contract, the price can be hiked at will (it really does happen). And it can be darned difficult (and expensive) to migrate to an alternative provider, particularly if you rent SaaS - due to compatibility problems.

How effective?

These norms look fine on paper (screen). But how are they to be enforced? Telling a thief not to steal your car because you need it to get around may not actually prevent the theft.

The fundamental problem about rules of war is that wars are fought to win. There'll always be some belligerent to whom that's more important than codes of conduct.

Deja vu

An exercise like this was done by Trinity House some time back (I forget when exactly but around 20 years ago). They sailed a trawler up and down past Grimsby and jammed its GPS signal (awfully easy to do). There were two interestig findings: [1] at one point it broadcast that it was doing around 200 knots over land, and [2] the "fallback" radar navigation system didn't work because it used the GPS clock for synchronisation.

"two main reasons why the Royal Navy no longer uses [paper charts]"

"One, we've never lost everything," said the captain, referring to the nightmare scenario of all WECDIS terminals simultaneously crashing or corrupting

Yet

"Two, we no longer have the skills to operate a paper chart."

You're expendable when 'one' happens.

'tennnn-shun!

" the .dbf file format can use one of two values in its header – fieldLength or fieldType – to determine the buffer size of a database record"

Sounds like while coding someone failed to notice that a suitable variable had already been made available and duplicated it. There was a conceptually similar c*ckup by someone at MS a few years back, where someone created a function that required as a parameter a pointer to another function. Someone called the first function, passing a pointer to the pointer to the second function.

Typically this comes down to rushing jobs without application of sufficient attention. I encounter it all the time when developers are working under pressure.

The fundamental problem

This kind of divide occurs to a great extent because of cultural confusion between the World and the G20 (from the perspective of the G20).

But the telecoms divide dwindles to nothing compared with the fact that almost 40% of the World's population still lives on less than $2 a day.

However the confusion is perfectly illustrated by a Goooooooooogle search for "$2 a day". The majority of the results on the first two pages refer solely to America, as if poverty didn't exist anywhere other than in the land of the free.

SIM swapping attacks

The truth about SIM swapping had to surface eventually. We've been told in thepast that it only targets the "elite". We've been led to believe SMS token authentication is a robust system. However at least a decade ago it was being shown to be vulnerable, and a couple of years back EUROPOL publicly declared it should be avoided.

Yet now we're being forced by our banks to implement SMS token based "security" for online banking. That's insecure "security" on top of insecure transactions.

"now we've caught up and we're puzzled about what to do next"

How about working on producing code that isn't still littered with bugs after all the years we've had to practice coding?

As an engineering product, software is the worst. No other branch of engineering would allow constant fixing of flaws in design and implementation for the entire life of a product, and in some cases you'd be prosecuted if you tried it on.

Forget software for the moment - study grammar

'"this build includes a change that aligns the enforcement of the Windows 11 system requirements on Virtual Machines (VMs) to be the same as it is for physical PCs"'

" this will have an impact to aspects of the user experience "

Getting software right is to a great extent a matter of attention to detail. It might inspire a bit of confidence in their ability to achieve that if they could at least cope with something as simple as expressing simple concepts such as these grammatically.