Posts by Lee D

Re: Seems clear, refuse to use it if that's what you believe

Would I take the advice of an AI over a doctor's interpretation of the same result?

No.

P.S. For many years I was living with a geneticist who worked in a famous London children's hospital but has also handled vast portions of London's cancer and genetic disease lab-work. Pretty much, if you've had a cancer diagnosis (positive or negative) or a genetic test, there's a good chance the sample passed through her lab and/or she's the one who signed the result and gave it back to the doctor / surgeon to act upon. Doctors DEFER to her for the correct result.

Genetics is one of those things that's increasingly automated, machinified, AI pattern-recognition, etc. nowadays. Many of her friends worked in that field for PhDs in medical imaging, etc. It takes an expert to spot an out-of-place chromosome, or even identify them properly. Those pretty sheets you see of little lines lined up aren't the full story you think they are. She has papers published in her name about a particular technique for doing exactly that kind of thing.

The machines that are starting to appear in less-fortunate areas to do that same job (i.e. where they can't source the expertise, let alone afford it)? All have their results verified by the human capable of doing the same job. The machines are often wrong. They are used to save time preparing the samples etc. rather than actually determining the diagnosis (i.e. cancerous cell or not, inherent genetic defect or not, etc.) and you can't just pluck the result out of the machine and believe it to be true, you would literally kill people by doing that. Pretty much the machine that could in theory "replace" her costs several million pounds plus ongoing maintenance, isn't as reliable and needs to be human-verified anyway.

So...er... no. A diagnostic tool is great. But there's not a chance in hell that I'd let an AI make any kind of medical diagnosis or decision that wasn't verified by an expert familiar with the field, techniques, shortcomings and able to manually perform the same procedure if in doubt (hint: Yes, often she just runs the tests herself again manually to confirm, especially if they are borderline, rare or unusual).

If one of London's biggest hospitals, serving lab-work for millions of patients, with one of the country's best-funded charities behind it still employs a person to double-check the machine, you can be sure it's not as simple as you make out.

Last time they looked at "upgrading", it was literally in the millions of pounds for a unit that couldn't run as many tests, as quickly, as accurately, wasn't able to actually sign off on anything with any certainty, was inherently fragile and expensive to repair, and included so many powerful computers inside it I could run a large business from it. You can put all the AI into it that you want. It's still just a diagnostic tool. The day my doctor just says "Ah, well, the lab computer says you'll be fine" is the day I start paying for private healthcare.

Computers are tools. AI is an unreliable tool.

1) So kids will have to have a member card to let them pick up the tickets. Not hard. You could even link them so your kids can use any ticket in your name, if you really want to.

2) Buying tickets that haven't been confirmed? Sorry, no sympathy at all. That's probably why there ARE so many resold tickets in the first place, and not enough for the people who want to actually go see. Speculative booking is at least partly the cause of shortages, and shortages the cause of speculative booking ("Quick, just order 2 while they have them, we'll see if Jeff can come later").

Compared to the sheer volume of tickets that are touted for every possible concert, such concerns are a drop in the ocean. And those other reasons are why the tickets are so hard to come by / so expensive in the first place anyway.

Re: Unusual stock trades

Correlation is not causation.

Re: Question

Why were they downvoted?

"physical access to a terminal" - okay, fair enough.

"back office server" - storing plain-text credit card records? Strike one.

"head office PC" - storing plain-text credit card records? Strike two.

"plugging their own lappy into a live LAN socket in store"? No VLAN? No traffic encryption? No port-isolation? Strike three.

" (or weakly password-protected in-store Wi-Fi)" Strike four.

"infected website payload downloaded on the back office PC by staff at lunchtime etc" (See above)

None of those but literally access to a terminal should mean compromise. And even that means compromise of the terminal, no compromise of the entire system. Anything else is not only poorly-designed but not PCI-DSS compliant at all.

NOBODY - at any kind of office or otherwise - should be able to see the plain-text credit card data on their PC. From merchants to a central secured network with full encryption, which then submits to the bank over a similar encrypted channel, sure. But nobody should be using the credit card data itself (sales records and APPROVED/REFUSED are another matter entirely and should be on an entirely different system) at all except the bank. Hell, most of the retail-store systems you see just talk straight out to the bank over secured channels that the company has no control over.

That you can put ANYTHING on a POS network and have it sniff traffic, or compromise other ports, or do anything but talk over an encrypted channel to a bank is ridiculous. And certainly there should be no bog-standard office PC which has access to that data, even in theory for a large retail chain. Maybe a mom-and-pop shop, but they talk to the bank direct and the attack vectors are elsewhere in that case.

Honestly... just shouldn't be happening. And certainly shouldn't be CLOSE to a network that allows any kind of software update / attack / compromise of the system by a third-party. Their bank will have their ass on their PCI-DSS disclosures if that's even possible.

Re: Whats in a name

"We'd have to have loads of identical ships named Badger though..."

Great... stealth naming! Nobody on the enemy side would be able to determine which ship we were discussing! It would also help in obscuring financial package details for the ships, as nobody which know which was which!

"I'm afraid to report, Sir, that HMS Boat has sunk. But HMS Boat will be picking up the survivors along with an escort of HMS Boat and HMS Boat. The investigators are already loaded on HMS Boat and headed to recover HMS Boat now".

There's a difference there...

That's quite a reasonable mistake to make. Thinking any silver blob next to a banana turns the banana into a toaster is not.

The human will apply the categories learned, and adjust if you say "no it's not". The AI can't without expensive retraining from scratch, and such retraining is liable to taint existing detection too. The human learns, the machine doesn't (despite the moniker "machine learning").

Everywhere I see computers replacing humans they are incredibly dumbed down and not applying intelligence at all. Supermarket checkouts... are they "guessing" user's ages like humans do? No. They need a human. You use computers and machines where you can describe the task required exactly. If you can't it has unreliable and unpredictable results. Anywhere it matters, you have a human. Anywhere it doesn't matter (e.g. a banana factory), well, it doesn't matter. Human or computer are on a par because the computer might be quicker but it's dumber too.

The car park wouldn't let me out last night as it read my number plate (beginning with LL) as something else for the ticket (beginning with CL). I had to actually put the ticket into the machine.

Pretty much this is what AI / ML / recognition has always been... works okay, but far from infallible, and only utilised where it doesn't matter about being wrong. Voice recognition literally cannot understand my voice, but all humans who speak my language can. Image recognition is essentially atrocious and easy to mislead without extra controls. Text recognition is the entire basis of using CAPTCHAs... computers are so bad at it and always have been (who actually OCRs nowadays?). Anything requiring interpretation of complex data... don't give it to a machine unless the machine is told exactly what to do.

This is precisely why you don't want a "self-driving" car, by the way. Not that you can't make a self-driving car. But one that tries to be human to self-drive is a dangerous and unreliable beast.

We are literally DECADES at least from any decent amount of AI, I would actually posit that we DON'T have it, in any substantial form, today. Precisely because you cannot tell what it's doing, therefore cannot control it sufficiently, therefore cannot fix it when it's wrong.

"Peugeot cars are rubbish".

That may be an opinion. It may be said by me, Jeremy Clarkson, or just about anyone else. It's not provably false. Peugeot can't "prove" that their cars aren't rubbish, any more than they can prove that green is the best colour.

But no matter WHO says it, it's not going to damage Peugeot's business to any significant extent. Now, if someone said "Peugeot cars are dangerous, the seatbelts are non-standard, the engine's explode, etc." then that's a potential provably-false statement (simple statistics) and which could impact on the business of Peugeot if enough people see it, read it and believe it to be true.

In this case, however, someone has expressed an opinion on a legal interpretation that nobody has ever yet ruled on. So it's still opinion at this point. Additionally, no matter how influential Mr Perens might be - ala Jeremy Clarkson - in and of itself it's not wrong enough to warrant charges, nor is it damaging enough to warrant business interference claims. If it was, you would be able to subpoena the business records of said business and see the downward drop in sales immediately the words were uttered (P.S. last time I looked up grsecurity, I found a single entry for the american naval contracts which lists their TOTAL company value, it was a pittance much less than I have invested in a house before now).

Grsecurity is, essentially, one man. Who's a bit of a pillock. I've had regular run-ins with him on LWN.net and mailing lists. The reason he can't sell what he's selling is not that Perens is disparaging him (he's not... he's questioning the legality of a tactic used to sell GPL-licenced software in a way that essentially "revokes" the GPL of future versions should you give it away... an action which you're perfectly entitled to do with GPL software, which means it's legally dubious at best), but because he's rubbish at business - which includes an element of treating your customers fairly and respectfully, selling something they can't get elsewhere, putting value into that thing you sell, and not being hostile towards your necessary suppliers (in this case, the entirety of the GPLv2-only Linux kernel).

I'm sure the patch set is really cool, but that he's never been able to break it down to get through the kernel submission process (and even refuses to try, he just wants people to pick up a multi-megabyte patch and throw it into the kernel on his sole say-so, without review, and take no consequences for the results either) tells me a lot. Go wander through his comments online on the mailling lists and LWN.net. The guy is obnoxious and over-bearing and thinks he rules the world.

To be honest, given the legally-required business declarations to get the entry on the public naval contracts database I mention above, I'm amazed he has the money to even initiate a lawsuit.

Vodafone do if you buy the "video package" (a few quid more a month, and then none of the popular sites count towards your traffic).

Three do for Netflix/TVPlayer. Can vouch for that first-hand, we use Netflix a LOT and none of it counts towards our traffic, and we have no TV so we use TVPlayer for anything live (yes, I do have a TV licence for the rare occasion I bother to watch anything live or on iPlayer!).

No UPS can be guaranteed to function through a short-circuit or other dangerous situation (e.g. phase crossing).

However, a datacentre uses UPS only as a brief stopgap, and the slightest delay in starting up the generators will mean dead batteries and a power blip inside.

But "UPS" don't provide "uninterruptible" power. They just provide a backup, like any other. When a dangerous situation exists, even a high-end UPS will cut out for safety. Yes, I've seen them do it. In one case, a phase-crossing accident would literally hard-power-off the UPS instantly without warning or beeping or anything - just a single red light. Just bang, down, wait for power to return to normal. UPS was doing its job, before, during and after.

A pickaxe through a cable is exactly the kind of thing that can bridge the live and earth, or multiple phases for instance, and UPS can't completely isolate the inside from the outside.

Re: Average IQ

"I had a conversation with a friend recently who stated that she was sure that a larger percentage of the population had a below-average IQ now than 10 years ago."

Though completely misunderstanding the concept of an IQ, you can understand what she means, though! That's quite a good line.

Re: One law for the plebs...

Not to mention the animal cruelty.

Re: ???

That's their business banking for small-medium businesses.

You know, those that have multiple-person sign-off on hundreds of direct debits / payments each month.

Pretty standard business setup, but why it has to be IE-only? The only explanation is basically the same old "Because we can only secure it by running ActiveX plugins capable of arbitrary code execution, connecting to the smartcards and transmitting to an IE/IIS-based website which has been put in every exclusion category possible to bring it outside the scope of all the browser security anyway".

Re: So long... full screen...

Indeed... it took them ages to solve the "new windows open at random places/sizes" bug, and this time round they "solved" it by just opening everything fullscreen. What's wrong with a) an option and b) using the current window settings to spawn a similar window?

But they've taken so long to do anything vaguely useful, and there ARE password bugs (my work copy of Vivaldi has a password auto-plugged into the browser on a certain admin page, but there's no way to change it / delete it in the settings and I had to SQLite into the browser config itself to actually rid myself of it... but still it TRIES to auto-complete (but at least now it has the wrong password in its stead), that I've basically given up on it.

You can't even drag a bookmark into a subfolder on the bookmark bar. You have to lob it at the bookmark bar, go find it in the bookmark manager and try to slot it where you would like. After several YEARS of development on what is basically the Chrome backend doing all the hard work, that's atrocious.

But they changed the application icon three times!

Sorry, but Vivaldi is dead. Even a mail client is years too late for me. I only cling to Opera because it's got all my old email but now it's been two years since I've needed to query it, so I could use anything (and an owncloud-style webmail sounds so much better nowadays and would be like my own personal GMail from anywhere).

Okay, you wish to have an example?

I work in a school. I determine the IT policy in co-operation with the school. I do this using sources such as other school's policies, previous school's policies, current legislation, employer's desires, employee's legal rights and surrounding legal frameworks. Hence, I'm not just "making it up to be obstructive" but writing a real-world policy that isn't going to get me sacked by my own words for checking my GMail briefly in my lunch hour.

Are staff allowed to carry around home laptops and plug them into the network or chat home on Skype? No. Not even during their lunch hour. If they want to do that, they take a phone and go and do that on the phone. Anything else is an unauthorised device. In school that has the connotation of people plugging in unsafe devices, or accidentally capturing images of children in a playground (let's be honest... not the most serious of things you can do in and of itself, and anything "worse" should raise child protection concerns almost immediately in such an environment, e.g. taking a phone into the changing rooms, but still an issue you need to counter) but in Parliament I imagine there are lots and lots of other things you don't want visible on a webcam, leaking out of the organisation, plugged into the wireless, etc. etc..

But... Oh... wait... the phone policy in school is such that they can't use them during working hours within sight of the children or parents. So they'll have to leave work and GO OUTSIDE to have that call anyway. On their lunch hour. And they can't just answer the phone for random personal calls or talk to their mates while wandering the grounds even as a member of non-teaching staff (e.g. the IT guy...). Gosh.. it's almost like a policy that every workplace in existence has in some form or another that DOESN'T allow you to wander off and not-work for hours and hours and hours and hours on end, watching porn, while being paid by your employers to be doing a job.

My next questions would be "Why are they doing that?", "Why would they need a laptop to do that?" and "Why would that not come under "reasonable" non-work-related use of facilities?" Seriously, you have to video-call your kids every lunch hour and can't just use a phone or go a few hours during the working day? Sure, if they're ill at home and you have a babysitter. I think that gets classed under my exceptions as stated. Why does that need Skype, or a laptop, especially a personal one?

Does that mean they can have permission to just install Skype (which includes remote-desktop functionality and may require admin rights)? No.

Does that mean they can spend hours on it? No. (They should just go home, if it's affecting their work that much... hey, I'm more than happy to allow that for all my staff and have said to my boss "Oh, I sent X home, they were upset and in no fit state to work" and the response was "Okay". End of. Hell, I didn't even have to sign a form or anything, no wages were docked, etc.)

Does that mean that it's a sensible thing to do while they should be working unless it's NECESSARY? No.

Does that mean you can abuse such a privilege if it's been granted once in extenuating circumstances? No.

Does that mean I'm calling for a sacking offence for something taking their hands briefly from the keyboard home keys while they should be working? No.

(and I'm very reasonable in terms of family-work-life balance here, so I have no problems with such things in principle, I have a problem with you thinking that the same exceptions mean you can also surf porn for hours on end or that you HAVE to video-conference on an unauthorised device in a secure location including transmitting audio and video around the globe via third-party companies rather than just walk outside and make a phone call on what is quite clearly your own time).

To be honest, I'd much rather we had politicians who worked for a living like everyone else, didn't try to use the excuse that they have to personally entertain themselves at work just to "concentrate" (hey, I wonder if teachers should get that same exception... or the guy who makes your lunchtime sandwich... or that guy who works in the lingerie department.... does that just seem weird and creepy now, rather than something a human should be overcoming... 'scuse pun?).

A politician who can't concentrate on an important vote because he's insufficiently sexually stimulated should excuse themselves from the vote entirely because they're an adult, and if they're unable to cope with that they should do another job and let someone with an ounce of self-control do theirs.

Browsing porn on a work computer is a sackable offence in basically every job imaginable (maybe not being website developer for certain sites... but I bet even there you could get the sack for doing it too much unnecessarily!) precisely because it's unnecessary, unrelated, unauthorised, and you're being paid to be doing something else. No different to a postman who decides to spend an hour in the pub because he was a bit thirsty. Fine if that's YOUR hour, fine if you're not doing anything illegal (e.g. driving while drunk), fine if there's an extenuating circumstance (your van hit the van of the guy in the pub), etc.

Otherwise, no, you'd be sacked in almost ANY job known to man for doing so. Unless you're a politician, apparently.

My place has Blackberries, Winphones, iPhones and ruggedised Samsungs.

Guess which ones give us no problems, everyone can use, never break/smash/crack, are easy to manage and lockdown, are cheap, modern, able to run most things, and which almost everyone is immediately familiar with the interface of even if they've never used one before (hint: No, not the iPhone, by a LONG shot).

Guess which ones are in my bin of replacements? Guess which ones we're retiring as fast as we can? Guess which ones get no signal at all? Guess which ones I have a box of that we basically can't get rid of? Guess what overpriced-famous-brand-of-tablet/PC-hybrid they're sitting on top of that we also couldn't palm off on anyone once they actually started trying to use it?

I can't figure out what people ever saw in Winphones or Surfaces, I honestly could not use them and noticed so many problems with them on day one, let alone after a year of testing, and yet people still bought them. I'd be quite glad to just throw the lot in the bin and only keep the Samsungs.

Re: Huh?

So you theorem-prove your code.

What do you compile it with?

Was that theorem-proved for all cases too?

What OS do you run it on? Was that?

What hardware do you run it on? Was that?

Besides that, it's an INCREDIBLY EXPENSIVE exercise to prove anything like that (Hint: I've a degree in mathematics and computer science). Multiplying that out by even a new kernel configuration, let alone a different kernel on different machines using different patches in different configurations compiled under different compilers and running under different environments (e.g. VMs etc.), and then do so for EVERY change made is literally bankrupt-the-world territory.

Bugs happen. And at least half the bugs are in the LOGIC of what you express, not how you chose to express it. Because those 100's of lines of code express BILLIONS of potential code-paths / hardware combinations almost immediately.

Hell, who sits and proves that Intel chips stick to the x86-64 specifications in all circumstances? I'm pretty sure that Intel don't, because if they did everything from the old FDIV bug up to errata on every fabricated chip in existence wouldn't happen. Intel processors have a microcode update almost every month nowadays, it gets patched-in with your Windows driver updates or Linux firmware updates, on-the-fly, as the machine boots, to stop you seeing the things that the chip never got right.

There's no such thing as bug-free code, even mathematically-speaking, as you literally cannot define strictly enough that you could afford to test it all. What you do is allocate resources accordingly (e.g. mathematically prove things like life-support systems, attend to security code more carefully, but don't try to pretend that everything you churn out could ever be bug-free).

Even NASA get it drastically wrong, let alone Microsoft, let alone "one-man-band who knocks up a free bit of software".

Re: golf

Golf: The designer sport.

(I was going to say Golf: The Apple of sports but that seemed a bit mean even to Apple).

"Our new product version is so good that nobody wants it and we have to force it on them unwillingly!"

I just don't get how that's good for company or consumer.

Surely, if it's that worthwhile, customers will want to test it, want to help fix it, and want to use it in preference.

This is why you don't handle stolen goods.

It's not only opening you to a charge if you're doing so knowingly, but even done unknowingly, you can lose out big time.

No different to buying a car only to find out it still has finance / is stolen. That car technically belongs to someone else and you shouldn't be in possession of it at all. Even if you paid a million pounds for it, you lose it all and the owner gets the car back.

Re: Essentially a Java phone!

Quote:

"In May 2012, the jury in this case found that Google did not infringe on Oracle's patents, and the trial judge ruled that the structure of the Java APIs used by Google was not copyrightable."

... Google have never claimed it WASN'T designed/based on/replicating Java. The courts say how they did it is legal. And that, in fact, the Java API isn't copyrightable anyway.

Customer is insured.

Likely - especially with micro-satellites - they have a lot of spares on hand.

Hassle, yes.

Rejigging of a timetable, yes.

But if you haven't accounted that "big stick of dynamite might go bang" in your business model as a satellite company, then you really don't deserve to be in business anyway. You'd have a number of other satellites, a number of other launch locations, a number of other launch companies, and the insurance to just say "Right, let's launch one from this other place to fill the gap we now have in the schedule, while we clean up the mess".

Seriously... space travel is still incredibly dangerous. If you haven't factored that in, you're going to go bankrupt very fast.

Meanwhile, likely the scientists are developing the next lot, testing on the ground units and anything that they do already have launched, etc. In fact, after a while, they'll be twiddling their thumbs and moving on - once the constellation is up - and this has probably just provided another 6 months of employment for most of them.

You really think there's a room of white lab-coats somewhere crying into their beakers, in ruins? Most likely they just ticked the Excel box that says "Launch: Failed", and moved onto the next one that's already 90% planned out for just such an eventuality.

Re: "If your password is brute-forceable, you shouldn't be using it."

Computational feasbility is the only safety net you have.

Whether that's password brute-forcing, prime-factorisation, elliptic-curve equation solving, or q-bit-based encryption.

Literally the ONLY defence you have is how long it takes. When DES was "broken" (after 20 years of being "infeasible"), 3DES lasted until 2015 or so (another 20 years) without any significant changes (and is now only considered "weak" because of the fixed keysize - if you had a MASSIVE keysize DES it would still be feasible to use today).

Sure, the underlying algorithms will be found to have holes. That's a given. What saves you from those holes cracking open immediately on release is computational infeasibility.

Absent a major, dumbass flaw (WEP), the keysize (and thus the amount of brute-force required) is, simply-stated, the lifetime of the algorithm. DES was 56-bit which was fine in the Netscape era. Nowadays that doesn't even fill a processor register. But at no point was there anything stopping someone making a 4096-bit version and using that, only the time to encrypt and decrypt, and it would buy extra life.

The reason is quite clear - even testing 2^56 combinations is miniscule by today's standards. That's 72 thousand million million. Do something a million times a second, that's a million seconds. A million seconds is 11 days. 72 thousands lots of 11 days isn't a lot when you have a datacenter of equipment that numbers in the thousands.

But things rapidly get out of hand. 2^4096 is a number so unimaginably huge that only cryptographers really have a need for it. Physicists have absolutely no use for a number that big. It has (quite nicely) 1234 decimal digits in its expansion. A billion planets full of a billion people running a billion computers each at a billion attempts per seconds will still take not just BILLIONS of years, but... BILLIONS UPON COUNTLESS BILLIONS of years. It literally becomes infeasible.

P.S. I have a 4096-bit SSH key. It logs me in in under a second. But if it takes a billionth of a billionth of a billionth of a percent of a billionth of that time I just listed to break it, I'm still safe for BILLIONS of years.

Exponentation is your biggest defence against brute-force. Even if the algorithm is destroyed to be only a BILLIONTH as powerful as you think, you're still safe. Nobody can guarantee perfection, no, but exponentation and thus computational infeasibility is your only real defence at all.

Re: 30p/text

Even my work time is worth too much to be faffing about like that, and if they're on some cheap SIP trunk out in the middle of nowhere, it's costing them almost nothing whatsoever.

Let alone my FREE time, which is much more expensive.

Re: re: I think the advantage is supposed to be ...

That's no different to saying that thieves operate a better service than the original manufacturers.

A stolen washing machine will be cheaper. If they nick it when it's brand-new, it'll be just as good. And likely they'll give you a hand taking it off the back of their truck. Plus when you want another one they likely can just get hold of one on minimal notice. And they'll accept cash.

Of course they can do some things "better", depending on your definition of better.

But if someone writes a paper and DOESN'T give it out to the entire world for free, that's their choice. Whoever may have "funded" it.

Just nicking it, and putting it online doesn't mean that it was unreasonable to ask for money for it in the first place. No different to just giving away your cracked copy of GTA V for free... sure, it's "easier" and more convenient and no product key involved etc. but does that mean it's alright? I don't think it does.

The problem is - are the authors of these things up in arms at the terms by which their papers are held? I don't see that. And the companies wouldn't be prosecuting and winning such court orders unless there was a commercial impetus to do so from their clients, some of whom produce that same content.

Re: Up to?

My car can get "up to" 99mpg. I know. I've seen it happen. And it actually can get more but the display doesn't have a third digit to show it.

From a consumer point of view, that's an absolutely STUPID number to sell. It works to the manufacturer's advantage, but does not reflect real-world usage in the slightest.

Hence, regulators put in tests (that are illegal / stupid to "cheat", as VW found out) that simulate real-world usage to give you a sense that my car, going back and forth to work, would only get the 30-45mpg that it actually gets. This is no different to broadband speeds - nobody can guarantee your MPG, or factor in every possible cause of fluctuation in it, but they can give you a real-world figure that actually reflects something about how efficient the car is.

Just because it's ACCURATE does not mean it's not MISLEADING.

I have "at least" 2 arms. That's suggestive that actually I may have MORE than 2 arms.

I can type at "up to" 1000wpm. So long as it's one word, the letters are close and I'm prepared for it.

That's not to say that averages can't be both accurate and misleading either. But they are a damn sight closer to something you can base a decision on than "up to".

There could be anything up to 7 billion people in my living room right now.

My favourite phrase: "Up to 50% off or more!" - it literally could mean ANY NUMBER in the world.