Ms Hillier may have been right yesterday ...
... but today we read that GDS are recruiting a Deputy Director, EU Exit: "... you’ll develop the insight and networks needed for the UK to successfully leave the European Union ...".
255 posts • joined 19 Jun 2009
I'm trying to establish only one point – that the chipsters will have the devil of a job making anyone believe that the existence of the Spectre and Meltdown problems came as a surprise to them.
What didn't they know? Anything. When didn't they know it? Ever.
The rest of the world, the members of which do not spend all day every day ruminating about computer architecture, has not spent 50 years banging on about the issue because we thought/assumed that the chipsters had it gripped. How wrong we was. Bang OoO.
Lenin had 100,000 people executed by the Cheka within a year of his taking office. The Tsar managed a paltry 17 in the year leading up to the Revolution – one heck of a performance improvement delivered by speculative execution.
Understand, LOL123, I'm just trying to speed things up by looking ahead to what the courts will make of these cases.
The courts will acknowledge that all of human endeavour is imperfect. They will know that many people once believed the earth to be at the centre of the universe and many people were all wrong.
The courts may nevertheless be unimpressed by a chipster claim in this case that "these things happen". Professionals are meant to be masters of the body of knowledge in their profession. Lawyers, for example. And chip designers.
Chip designers might be expected to know about the need for hiving off one process from another in a multi-tasking multi-user environment, a need identified no later than 1971 as noted. They might be expected to know that that's why the architecture is what it is. There's a kernel and there are outer rings with gradually lower and lower permissions. Since when? 1964, apparently.
"We know that boundaries between processes must be enforced for security reasons but when we provided a way to ignore those boundaries it never occurred to us that there could be security implications" is not a powerful defence.
The prosecutors will argue that there is no powerful defence. Any competent professional in the profession should definitively have known about the problem and understood it. In 1964. Or 1971. Or, at a pinch, 2003.
4 April 2003, to be precise, when Keir Fraser of University of Cambridge Computer Laboratory (CCL) and Fay Chang of Google Inc. published Operating System I/O Speculation: How two invocations are faster than one. Under the heading Safety, they say: "It is easy to ensure that speculative execution is safe because operating systems already severely restrict the ways in which different processes can affect one another. As a result, a system needs to restrict speculative processes in only three simple ways to ensure safety".
Chipster designers are academics, they know about university and industry research, they may even read it, that CCL/Google paper won't have been missed. And yet they failed to do the easy job. The defence is tottering by this stage. That's my pre-fetched take on the matter.
Talking of which, have you seen Exploiting the DRAM rowhammer bug to gain kernel privileges on Google's Project Zero site: "When run on a machine vulnerable to the rowhammer problem, the process was able to induce bit flips in page table entries (PTEs). It was able to use this to gain write access to its own page table, and hence gain read-write access to all of physical memory"?
"... all of physical memory". Ouch.
That was published in March 2015. God but the prosecutors are going to have fun with the claim that the problem came as a total surprise to the chipsters yesterday.
The prosecutors can use the article I cite to show that there was a problem there back in 1971 at the latest well-known to all qualified computer scientists, of which the chipsters must employ hundreds if not thousands.
The chipsters' lawyers may well scoff and say "read the article, it says the problem can only be solved by software". The existence of the problem has nevertheless still been established.
The prosecutors can then quote any number of erudite sources headed by ElReg to the effect that the solutions to Spectre and Meltdown are now known to be partially or entirely hardware, the chipsters have a case to answer and the prosecutors reserve the right to bring charges against the purveyors of operating systems as well in the future.
... the great and much-missed Ronald Reagan's questions to his officials allegedly before testifying on Contragate ...
Similarly here, Meltdownwise and Spectrewise, what didn't Intel, AMD, ARM et al – "the chipsters" – know and when?
They're going to have a hard time proving to the courts that they had no idea that there was a problem unless they can prove that their chip designs are unchanged since before 1971, 47 years ago:
"Time-sharing was the first time that multiple processes, owned by different users, were running on a single machine, and these processes could interfere with one another. For example, one process might alter shared resources which another process relied on, such as a variable stored in memory. When only one user was using the system, this would result in possibly wrong output - but with multiple users, this might mean that other users got to see information they were not meant to see.
"To prevent this from happening, an operating system needed to enforce a set of policies that determined which privileges each process had. For example, the operating system might deny access to a certain variable by a certain process.
"The first international conference on computer security in London in 1971 was primarily driven by the time-sharing industry and its customers."
On average, Nigel, we "meet" once per decade and a pleasure it always is.
Has anyone ever calculated BGI (slide #24) or LRGI (slide #25) for the UK for any biometric mode or mode(s)? Were the ratios even greater than 1? Did they make the use of biometrics economic under any realistic assumed scenario?
Equal error rate is always around 17% in your presentations (slide ##11, 26, 27). Politicians, officials, journalists and normal people all imagine that EER is or should by now be microscopic – 17% is an elephant where we expect a virus. Do you agree that biometrics has failed grossly to live up to expectations? And that it is our job to make everyone realise that?
Messrs Possolo, Wayman and Mansfield argue that biometrics is not under statistical control and therefore not a science. Do you agree? If not, where is their mistake?
The House of Commons Science and Technology Committee reported on biometrics in March 2015. The police told the Committee that face recognition doesn't work and that no UK force uses it.
The police have tested the technology at the last two Notting Hill Carnivals. That is not the same as using it.
I hope that Norman Lamb understands that.
The lack of a strategy is a tacit acknowledgement of the fact that the technology doesn't work. That's good news. It might stop the Home Office and others wasting any more of our money on it.
Presumably Mr Lamb doesn't want an astrology strategy specifying the legal and ethical controls on horoscopes. No more should he want a biometrics strategy.
19 May 2016, the Cabinet Office published 'Data Science Ethical Framework' , a document which betrays not the slightest understanding of ethics, is ethics-free and provides no framework whatever, ethical or otherwise. This farrago was issued over Matt Hancock's signature and makes no contribution to the debate about disclosing personal information.
The CIA, among others, have looked into ethics and determined that there are lots of theories with just one common factor – do as you would be done by. Seems like a good starting point. Not mentioned by the Cabinet Office, who must have already forgotten care.data.
The only ethical theory mentioned in the UK in connection with public services is the ghastly utilitarianism, "that action is right which promotes the greatest happiness of the greatest number". Utilitarianism justifies the tyranny of the majority : "Lenin and Hitler were pious utilitarians, as were Stalin and Mao, as are most members of the Mafia". Avoid.
Meanwhile, the company notes, "water resistance has become a feature of many devices over the last 12-18 months, but this doesn't even make the top 10 of most important features when buying a new device".
Nothing changes, not even idiotic marketing ideas:
In the United States, the first successful, commercially produced ballpoint pen to replace the then-common fountain pen was introduced by Milton Reynolds in 1945. It used a tiny ball that rolled heavy, gelatin-consistency ink onto the paper. The Reynolds Pen was a primitive writing instrument marketed as 'The first pen to write underwater' ..."
You fail to mention the "think tanks" you set up, e.g. Tony Blair's Institute for Global Change:
• It is unfair to expect Google, Facebook et al to pay tax, we must be grateful if they just "make meaningful, global contributions in support of basic human rights and public goods".
• Tax funds public services and it is therefore the duty of the public to pay it, particularly on:
– carbon "where distributed ledger technologies could be used to provide verifiable information about a product’s lifetime greenhouse gas contribution at point of sale, which could make higher prices for carbon-intensive products more palatable";
– congestion "where ubiquitous mobile devices make it possible to imagine dynamic pricing for driving on congested roads, with a corresponding reduction in other motoring taxes"
– land values "where new computational techniques and big data make it possible to estimate the undeveloped value of plots of land"; and, of course
– sugar "where advances in medical research can help us better estimate the long-term health costs associated with excessive consumption, in order to nudge people to make healthier choices".
• Thai assistants for the many, "as a pragmatic step forward, governments should immediately give every citizen a personal account manager".
... Face ID is still fine for little things like authorising payments and granting access to secure areas and letting the surgeon into the operating theatre.
Only the British police could be so plodding as still to believe that "the technology is not yet at the maturity where it could be deployed" (para.95).
>As for banning or restricting it? Good luck.
>Already banned high strength nicotine to satisfy tobacco companies
>(to no effect) so what do you want to ban next,
>batteries, glycerol, food flavourings, cotton or wire?
Interesting. No one mentioned banning.
On 19 May 2017 you could buy 100ml of 7.2% nicotine in the UK for £14.95.
Next day the TPD came into effect and the maximum strength nicotine you could buy was 1.8%.
10ml of it cost £4.25.
Buck-for-buck, that's an 11.371X price increase.
The cost of regulation.
Benefit to the consumer?
Will Norman Lamb's committee recommend that that nonsense should be overturned?
You know that W=vi and that v=iR and so do I.
You assume that at 3.7v you can crank up the wattage to 14 and get resistance down to 0.98 ohms.
With some coils it'll work, with others it won't.
I don't care why.
You just have to buy coils rated for sub-ohm use or make your own.
That's the way the industry works.
In the main.
And I'm trying to point the debate onto the way things are, not the way they could be.
At the normal (I think it's normal?) 3.7v power that the original tests were conducted with ...
Not essential, but it's often useful to gather the facts before launching a polemic.
Voltage is not a measure of power.
We vapers tend to concentrate on resistance, measured in ohms, and not voltage.
Vaping is an example of exceptional, fast, competitive, technological innovation aimed at making money by satisfying demand. 63 years the child of the welfare state, the dynamism of an industry largely unfettered by regulation has been a joy to behold. It felt and still feels rather daring and fun to choose from among hundreds of tiny suppliers with no nanny there to help, just a bit of word of mouth, a limited high street presence of advisers/salesmen in shops and an avalanche of YouTube reviews and tutorials from all over the world.
The upshot is that we vapers choose the equipment and the liquids which taste best. This is revolutionary. In 45 years of smoking 40 Benson & Hedges a day, I never once said to myself "hmmm, this tastes good". With vaping, I judge by taste, for the first time, and I believe that other vapers do.
And what we find is that you get the best tastes by sub-ohming, i.e. using equipment with a resistance less than 1 ohm. That's just a fact.
We get more vapour/better taste by sub-ohming. We use more liquid as a result and we know to put less nicotine as a result. I was a very heavy smoker and I am a very heavy vaper. I am currently getting through about 12.71mg of nicotine a day. That's 64.70% down on the 36mg of nicotine I got from Benson & Hedges, since you ask.
And the 400mg of tar per day from Benson & Hedges? Down to zero. No tar in vaping.
The Royal College of Physicians estimate that vaping is about 5% as dangerous as smoking. The Department of Health recommend that vaping should not be covered by smoke-free legislation. The British Medical Journal report that high smoking cessation rates are correlated with increased vaping. The International Journal of Environmental Research and Public Health report that young people who have never smoked do not tend to become habitual vapers.
All of which suggests that there's something there worth advertising.
You say: "The Government, well several of it's MP's, received a lovely sum from the e-cig lobbyists a few years ago which resulted in the Government allowing e-cigarettes to be advertised ...". How many is "several"? How much is "lovely"? How many is "a few"? Answers, please.
... you might remember that Meg Hillier was one of the many Home Office ministers who failed to improve border control, but don't let's be picky ...
No it's not HMRC's fail. They've successfully used the Government Gateway for about 17 years now. They don't need GOV.UK Verify (RIP).
It's GDS's fail. GOV.UK Verify (RIP) offers HMRC nothing – 60% of attempts by the public to use it fail and it can't handle companies and partnerships and trusts, both of which would make it hard to collect tax.
The UK Government's identity assurance scheme, GOV.UK Verify (RIP), has contracts with seven "identity providers" whose job it is to verify our identity.
Equifax's business activity is currently interrupted.
Without Equifax, those three "identity providers" can't do their job. GOV.UK Verify (RIP) can't work.
There has been no comment yet from the Government Digital Service. There never is. GOV.UK Verify? RIP.
Biometrics based on facial recognition doesn't work. Not at the mass consumer scale.
Given which, it is bizarre to berate the Home Office, as ElReg do, for not having a facial recognition biometrics strategy. You might as well demand a horoscope strategy.
Given which, there is no civil liberties problem here. Our civil liberties can't be infringed by a technology that doesn't work.
Both our location and the network of people we contact and who contact us are available to the police from mobile phone records. That's more of an issue. As is the failure of the UK Home Office to obey the law. But facial recognition biometrics? No. The only questions there are why are the police wasting their time and our money.
Mockery is the best response. To throw up your hands in horror at the infringement of civil liberties is to help the biometrics salesmen to make their case.
More amused mockery, please.
Some companies, such as Maersk, did direct business with Ukraine, which would explain how the malware got on its system, the F-Secure man added. "However, one victim we spoke to had no ties to the Ukraine at all, so it is a mystery as to how they got infected. Its spread via VPN is one possibility."
Early 2012, and Aadhaar is threatened with termination. UIDAI saves the project by publishing two papers on the reliability of the mass consumer biometrics technology used by Aadhaar:
The claimed biometric failure to enrol rate was 0.14%. The claimed false positive identification rate was 0.057%. The claimed false negative identification rate was 0.035%.
Such figures were and still are several orders of magnitude better than anyone had or has ever achieved for mass consumer biometrics.
How did UIDAI claim that Aadhaar would achieve them with a population of 1.2 billion people? Answer, by ditching biometrics based on face recognition, adopting flat print fingerprints and irisprints combined to form a single multi-modal biometric and by using three competing matching algorithms. Any other approach, UIDAI said, was doomed to "catastrophic failure".
Five years later, have UIDAI achieved those impressive performance figures? An independent audit is required.
If they have, will the suppliers of the biometrics systems in use warrant their performance? If not, why not?
If they have, then the UK Home Office must explain why it continues to embrace "catastrophic failure". (The Home Office continue to fund face recognition, they no longer fund irisprints and they do not use competing matching algorithms.) And the UK Home Office must follow India by publishing its own performance statistics.
If UIDAI have failed to deliver, five years later, then Aadhaar will once again be in danger. So will every other government-backed mass consumer biometrics project in the world.
Government Digital Service
Government Technology blog
22 May 2015
The Technology Leaders met last month and took a collective decision to not extend the support arrangement for 2015. The current support agreement ended in April 2015.
... where the true masters of AI are even now using software to classify user feedback, please see Using machine learning to classify user comments on GOV.UK.
What does that involve?
They look at three features of the user feedback. That helps to classify it. With 88% accuracy in the case of one class.
And what are those three features?
Answer, "the ratio of upper case characters to total characters, the total number of characters entered in the text box, and the ratio of exclamation marks to the total number of characters".
Earlier, in Understanding more from user feedback, GDS said "this approach can also be used to tackle a range of text analysis challenges ... such as quickly understanding policy consultation responses".
No more AI scepticism, please.
... I read that IBM had emulated S/370 on a PC and I realised I could run TSO at home.
It's not the money. Prof Weerakkody's paper is all about the ignorance and prejudice of the project participants. That's what sank DEFRA's Basic Payment Scheme and DWP's Universal Credit. Both projects have burned their way through eye-wateringly gigantic piles of money. There was no lack of it, it's not the wallets that were "glued shut", it was the minds of the participants. That could usefully be reflected in a more accurate headline.
... where, out of 12 "identity providers", there are just seven left, of which two ask us Brits to download viruses ("apps") onto our mobile phones.
With Digidentity, it's optional.
With Morpho, it's mandatory. The app permissions comprise:
But don't go worrying about your privacy.
1. read phone status and identity
2. take pictures and videos
3. find accounts on the device
4. use accounts on the device
5. connect and disconnect from Wi-Fi
6. full network access
7. receive data from Internet
8. view network connections
9. view Wi-Fi connections
10. prevent phone from sleeping
11. modify system settings
"This is is only the second time that British cops have openly trialled live automated facial recognition (AFR) systems in the UK ... Last year, Leicestershire Police also trialled AFR at Download Festival ..."
Airport security isn't the only use for face-recognition software: it has been put through its paces in other settings, too. One example is "face in the crowd" on-street surveillance, made notorious by a trial in the London Borough of Newham. Since 1998, some of the borough's CCTV cameras have been feeding images to a face-recognition system supplied by Visionics, and Newham has been cited by the company as a success and a vision of the future of policing. But in June this year, the police admitted to The Guardian newspaper that the Newham system had never even matched the face of a person on the street to a photo in its database of known offenders, let alone led to an arrest.
Worrying about this technology working only encourages the police to spend our money on it. Better to laugh at them for falling for the salesmen's patter.
"It is not known what quantity of uninfected meat Ben was force-fed ..."
... but we do know that he is an expert on the Black Death.
You may be right about these unnamed companies but GDS are meant to be different. They're meant to have the digital future coursing through their veins. They speak it like a native. Others may make a mistake digitalwise but GDS can't, almost by definition. GDS are in Whitehall, where no-one understands the first thing about digitisation according to the current and previous executive directors of GDS, precisely because they know everything about it. And they don't wear suits.
I'm pleased to hear that there are counter-examples. But most people get no notification. We await GDS's GOV.UK Notify.
We await also their GOV.UK Verify (RIP), which is supposed to provide adequate proof that we are who we claim to be. Which is what the EROs need.
Of course, if GOV.UK Verify (RIP) worked, we wouldn't need the EROs. We wouldn't even need to register to vote. GDS could decide our entitlement to vote for us using attribute exchange and all the non-existent open data registers which support the non-existent GaaP, government as a platform.
All we would need to do is vote.
Or would we? Could GDS use data science to work out for us what we should vote?
Soon we won't be needed at all. GDS can cater to all our user needs.
There was a major campaign to get people to register to vote. When they tried to register to vote, that was unexpected. Or unprecedented, according to GDS.
Just how unexpected or unprecedented?
Cast your mind back to 21 April 2015 and the BBC's More people register to vote 'than ever before':
A record-breaking 469,000 people registered to vote online in one day for the 2015 general election - as the deadline closed on 20 April.
GDS's apply-to-register-to-vote platform is not communicative. You submit your application. And you wait. Some applications will be successful, i.e. the Electoral Registration Officer adds you to the electoral roll. And some will fail. You don't find out you've failed until you find out you can't vote.
Prediction: more newspaper headlines about all the people, whose applications have failed, being silently disenfranchised, followed by Oliver Letwin explaining that that's inevitable.
Not many people know this but someone issued a warning exactly two years less 10 days ago about the duplicates problem. That message is presumably still on its way from the dinosaur's stubbed toe to its brain.
"The Gov.uk voter registration site ... is one of many websites and online services run by GDS."
Is that true?
Or are Computer Weekly right when they say that the site is run by the Foreign Office?
Has Matt Hancock finally refused to speak his lines?
The GOV.UK Performance platform tells us that HMRC conducts about 420 million PAYE transactions p.a. That's mainly companies submitting their PAYE returns. Submitting them over the Government Gateway.
Check p.6 of the Red Book and you'll find that HMRC expect to raise £182 billion in income tax in 2016-17 from this source and £126 billion in NI. Most of the £138 billion of VAT depends on returns submitted over the Government Gateway, as does the £43 billion of corporation tax.
Take away the Government Gateway and our public services will be unfunded.
The question is, how will HMRC replace the Government Gateway?
HMRC have been in the digital business for decades. Unlike some people we could mention. Will they replace the Government Gateway with GOV.UK Verify (RIP)?
GOV.UK Verify (RIP) doesn't "know" what a company is. Or a partnership. Or a trust. It's not the obvious choice.
GOV.UK Verify (RIP) operates an identity hub, which connects people and relying parties like HMRC. That could perhaps provide a transport layer for tax returns. But it's not the only option. Just as well, given the questions about the security of the GOV.UK Verify (RIP) identity hub.
Individuals and legal persons have used the Government Gateway for 15 years now. That requires submitting a modest amount of personal information to HMRC and other relying parties to identify us. In the main, that personal information stays with the relevant government department.
You might hope that any replacement for the Government Gateway would be similarly careful with our personal information ...
... in which case, that rules out GOV.UK Verify (RIP) which requires us to reveal colossal amounts of personal information to large numbers of private sector organisations in the UK and abroad.
It has been suggested that these two organisations have only signed an MOU because they read in the papers that major companies do that sort of thing. Having a charter sounds quite important. Also, doing things internationally.
In fact, the MOU isn't just attitudinising. Its consequences will be quite practical. We could, for example, one day, have an Australian chief executive of GDS here in the UK.
Looking further into the future, it is conceivable that our two countries share a common language and even collaborate over a resilient international telecommunications network.
Of course there may be friction. Which MOU wins if there is a conflict between the Australian MOU and the Korean one engineered by Mr Maxwell in 2013? But then of course that's why we retain a seat on the UN Security Council.
... and a hurricane promptly tears through the Caribbean.
Verizon is a certified "identity provider" working for the UK's identity assurance scheme, GOV.UK Verify (RIP).
Guess what happened today.
Verizon's name disappeared from the Government Digital Service's list of "identity providers" we Brits can sign up with.
Ann Treneman's parliamentary sketch in the Times, 18 December 2007, This is shaping up to be Gordon Brown’s Winter of Disc Content:
The details of three million learner drivers in Britain have gone missing from a facility in Iowa City, Iowa.
... surely, nobody who lives in Britain should have to have their driving licence details stored there. (Or not, as the case now is.)
If we have to have globalisation, the details should be stored somewhere more glamorous than Iowa, which is famous for its early presidential primary and its giant pigs. I am sure that none of the three million Brits ever thought that they would be stored on a hard disc in Iowa City ...
Only the Government could lose three million learner drivers in a place where they cannot drive anyway but if they could they would be on the wrong side of the road.
... a “hard disc drive” had gone missing from a “secure” facility.
Why did she [Ruth Kelly, Transport Secretary at the time] call the facility “secure”? This is, by definition, an insecure facility. The whole thing was proof, if more were needed, that this Government has L-plates. I am not sure that it should even be driving, much less be allowed on what used to be called, rather quaintly, the information superhighway.
Sir David [Varney]'s aim, set out in a report he wrote for Mr Brown at the end of last year , is to create a giant centralised government database containing information about everybody in the country. It would establish what he calls a "single source of truth" about each individual - "made more robust through the introduction of identity cards" - which could be accessed by any department that wanted to verify who somebody was. It could also be used to target services more efficiently at individuals.
And now? What's changed?
The same Biblical language is being used. That hasn't changed.
For "identity cards", read "GOV.UK Verify (RIP) accounts".
The promise remains better public services.
And information about us all is still to be shared by benevolent government departments.
Mr Loosemore recommends that this sharing should only take place with our consent. That might have carried some weight if he could explain how the Trust and Consent layer in his GaaP model could be effective but he couldn't. And if were still deputy director of the Government Digital Service (GDS) but he isn't.
A review of GDS must conclude that Whitehall has learned nothing in nine years. The pursuit of a single source of truth is damned to failure now just as much as it was in 2006.
Please see Bloomberg, 30 June 2015, JPMorgan Reassigns Security Team Leader a Year After Data Breach.
JP Morgan could have ticked the Cybersecurity Disclosure Act box in good faith. That didn't stop the bank from being part of one of the biggest hacks in US history, JPMorgan's 2014 Hack Tied to Largest Cyber Breach Ever.
9 November 2015: "Minister for the Cabinet Office Matt Hancock has today announced a new Ministerial Group on Government Digital Technology. It will lead and drive through reforms to the UK’s digital public services, one of the government’s top priorities".
Who is on this committee? What skills do they have and what powers? Did they approve Cloud Foundry?
The Privacy and Consumer Advisory Group have set out nine tests of the control users have over their data, please see p.3. We must check how many of these tests GDS-produced Cloud Foundry platforms pass. We can be pretty sure that they won't get into double figures. It's not impossible that the answer be zero. Then what?
The punched card ... The big B ... I'm getting flashbacks ... To the old Burroughs Medium Systems operator's console, the lights on which would display a big B for Burroughs if the input-output and the CPU were optimally balanced, please see here and particularly here, 200 megabytes of head-per-track vertically mounted 1 metre diameter disk, 128 kilobytes of core memory, ... Is there a doctor in the house?
Biting the hand that feeds IT © 1998–2018