Posts by Pete 2

Test for success

> And so it will be for everything devised by analysts who assume everything will always be in a specific place and do as it’s told

Let's face it, when software is tested all that happens is that some geek, somewhere, inputs a valid field, command or option and checks that the resulting output, action or message appears. Once that has happened: once that has happened the stuff gets shipped,

Not only is it far too complicated to test all combinations, including checking for reasonable reactions to incorrect conditions, but those throw up a distinct possibility - nay: certainrt - that something won't work. Thus delaying the release date or (more likely) an update to version 2 that half the idiot purchasers won't be able to install and the other half won't hear about.

Luckily, the Marketing Department have a solution. They ship loads of crappy products as free samples to dishonest and greedy "reviewers" who then write glowing "independent" reports about how wonderful the thing is. And we all believe them and assume that if stuff (as described above) doesn't work, it's our fault or failure.

As for delivery by drone: I foresee a resurgence in the popularity of chimneys.

Is this even a "thing" now?

> many don't even have what we might arguably describe as ‘the basics' properly covered.

In the "olden days" (speaking as someone who has, read and understood Raj Jain's book) this was almost always about disk I-O. Since everyone now has everything important on an M2 array or better, there is little point in paying people to predict problems that are now only ever due to network misconfiguration.

Don't tell him, Pike!

I wonder if journalists on The Times don't spend just a leeeeetle too much time watching old sitcoms for ideas of "news" stories?

But will it blend?

We might find out if one of these ends up anywhere near a wind farm.

Tops and bottoms

> the UK always gets to see all the photos which were taken on the flight.

Surely high resolution photos of cloud-tops must get pretty boring after the first 10 years?

A bit like seeing them from below.

What the eye doesn't see, the heart doesn't grieve over.

> as advertisers grow increasingly wary of the rise of ad blockers and choose to spend their precious ad dollars elsewhere

So the advertisers would prefer not to spend their money on a medium where they can see how many people are blocking their ads. And instead spend it on a medium where they can't tell how many people are FF-ing past them during the breaks?

Twofer

> for the price of one cardboard desk you can buy two veneered chipboard equivalents from Ikea.

So buy your desk from IKEA.

Take it home

Throw the desk away (or not)

Make yourself a "custom" one from the IKEA packaging.

And on the 7th day, she rested

So 80 hours watching telly and then a 25 page (standard 400 words / page) report. Sounds like a good week's work!

user data

> "not related to any warrant for user data which we have not received”

so they received a warrant (or: didn't NOT receive a warrant) for something other that user data.

Really: any programmer past novice level deals with more complex conditionals than this every day.

Nobody here is unfamiliar with De Morgan's theorems, are they?

Cure or safety blanket?

I think the reason that the uptake is so low is that nobody can make a good financial case for additional security.

It's all very well bringing in someone who'll wave their arms in the air and scare you with apocryphal stories that don't have enough detail to be useful. But when it comes down to it, these SMEs will ask the following:

* What will it cost me?

* What financial savings will I make ?

* What guarantees can you give me?

And, like all things to do with IT security, there are no solid, consensus numbers. No formula. No certainty. So there will always be some companies - usually the ones that have suffered a major incident - who will be receptive, most will have more pressing, tangible, objectives for their budgets.

Behind the curve

> Think of the analytics possibilities! What level of risk do your employees present if they decide to say negative things about you?

Meh, it's already been done.

There was a piece on /. the other day about a British (good to see we can still innovate) outfit that would trawl social media for landlords to determine whether potential tenants had any skeletons in their Facebook closet.

The thing is, once you know what "they" are looking for, it shouldn't be too difficult to feed a 'bot what it wants. One could suggest that for an IT person worthy of the name, it would be one of the 6 impossible things they do before breakfast.

In the wrong place

> Police said the bitcoin mining facilities were using "vast" amounts of electricity.

It seems unlikely that anyone would set up a Bitcoin farm in Spain, considering the country has some of the most expensive domestic electricity rates in Europe.

[ ref: Eurostat ]

Pause for thought

> do nothing for three months

Where I am, that's called the Change Management Board. The workplace equivalent of a delay loop.

Quantity, not quality

> Project managers report faster and more often

Neither of which does anything to improve the accuracy of what they are reporting. I am reminded of a piece from a comedy sketch (can't recall which genius of comedy it was), that went a bit like this:

They gave me 2 weeks to answer a very difficult problem

I said "I don't know"

speed of reply is not always what you want.

Policia lengua?

> *"Periscope" not a verb, you cry? It is according to Spanish cops,

So they're the language police as well?

Play "chicken"

Aircraft hit birds all the time. Occasionally - very occasionally - it is with tragic results. But the risk is real enough that major airports go to some lengths to keep the larger birds away. We also know that engine manufacturers test the ability of their products to withstand bird strikes,

They do this by firing (dead) chickens at the engines, very, very fast. Isn't it time that someone did some work into quantifying the effect of a drone-strike on an aircraft engiine?

Until that research is carried out, we have no information either on the effect that such a collision would have (drones being made of much harder materials than birds) or what measures could be taken to mitigate the effects. Or even to assist with post-crash forensics to find or discount the signs of a drone collision.

Wrong target

The Arduino isn't the future of IoT. The soon to be released ESP32 is / will / should be. At least for the next year or so.

Its predecessor created a lot of buzz and even a few working projects. But if the boards based on this "Mk II" live up to expectations they should really start things moving. But as with all things IT, the success will only come if the software and manufacturer / user support is in place.

Nowhere to hide

In some places, security (and H & S) is used as an excuse for not doing anything. "I can't send you that data ... it might not be secure" "I can't do that for you ... you're not authorised". "I can't access that ... I haven't been given permission".

The first tenet of security is to allow the right people to have access and for everyone who needs to, to know who those people are. After that, comes the need to deny those who shouldn't be allowed.

Hard lesson

It would seem that people continually need to be re-taught that you only have control of stuff you can touch.

Relying on "web" or "internet" services is always to put yourself at the whim of some anonymous (or Anonymous) decision-maker who has no interest in you or your problems.

Web services or cloud computing users take note.

Oh, and when an online company offers you a "lifetime guarantee", they mean the lifetime of the company - not your lifetime. This is usually to be measured in months.

Amazon

> Failing to identify advertising and other marketing, so that it appears to be the opinion of a journalist or blogger, is unlawful and unacceptable

Hopefully the CMA will start to target some of the blatant adverts that pass as "user reviews" on Amazon, too.

Learn to say "no"

> if your boss assigns you work, they should also assign the work a relative priority

There are only 2 levels of priority: the important job (note: singular) and everything else. The top job gets worked on at all times when progress is possible and everything else is filler in the gaps while you are waiting for the top job;s critical path to come back to you.

When a new piece of work comes in, the conversation has to be: "My highest priority is X at the moment. I expect it will take so-many more days / months. Do you want to me to stop this and work on the new job, instead?" Unless the answer is "yes", the new job goes on the bottom of the pile.

Needless to say, all of this must be conducted by email - never merely in a conversation - so that there is a paper-trail, come review time.

2PB and 250 nodes for that?

> allow its [ British Gas ] analysts to identify patterns in data covering customers' energy use.

Let me take a wild guess: more in the winter and less in the summer.

Long term support

> it’ll also enjoy full support and updates until 2021

Just so long as you don't need / want /accidentally add a package that doesn't form part of the LTS suite - which requires a later version of a library that is lagging in the LTS stakes. Then you're (back) on your own again.

Given the amount of stuff - not just the pretty dam' popular packages that the article mentions - that don't form part of the LTS, that would be a large proportion of the user base.

The first mistake

... was to announce that this was a 'bot and that people could "teach" it things. They might as well have put a "kick me" sign on it.

Hopefully, the next time MS do this, there won't be any announcements, no "Hi, I'm a bot" hoopla. Just an anonymous "person" joins Twitter and starts saying "normal" things - if anyone on Twitter actually says normal things.

So, the first lesson in machine learning would be to not tell the world that you're a machine. If the people who interact with it don't twig that fact then maybe you've got something interesting going on¹. Plus, of course, Twitter could really use all the new 'bots to boost its flagging membership.

I wonder what will happen when it becomes mostly bots? Will there start to be something worthwhile on it (at last).

[1] but more probably that its followers are even dimmer than the bot is.

It's not a password, it's a TO DO list

1.) T1dyUp

2.) G0t0lunch

3.) MeetSa11y

4.) Chan8epassw0rd

Bait and switch

So after Alice has published something and Bob "webmentions" her writing in his response. Then Alice sees what Bob has said - something complementary - she decides to link her stuff to his stuff.

Fair enough so far. We have two pieces of compatible material.

Now, after a day or so, Bob (or Alice) swaps out their original text and replaces it with an advertisement for bodily elongation, loan applications, political endorsements or pr0n. How is the weblink policed?

So long as the link stays the same, would the process be able to detect changes; whether benign such as a correction of update or nasty, underhand or fraudulent?

If you can see it, you're doing it wrong

> security staff getting in the way

A not unreasonable attitude - and one that is prominent (dominant?) in the real world, with users, too.

The problem with "security" is that it's not built-in. If it was, it would be transparent and nobody would be able to point to a thing, server, person or process and say "that dam' security [ whatever ] is slowing down our business". The security elements of a business should be ubiquitous, rather than discrete. There shouldn't even be a security component, just like there isn't a literacy department (unless you count Q.A) or someone who's job is ensure the staff aren't walking around naked.

As with real people in the real world, if security gets in between them (us?) and what we are trying to do, it's a failure. And therefore it will be no surprise that people will ignore, disable or subvert all the bad security implementations that are seen as annoying complications to their lives. The level of engagement that users or businesses should have with IT "security" needs to be down at the putting on your seatbelt level - and even then you still get idiots who think that is too much trouble. Anything more complicated for users is just bad design and poor implementation.

Hitting the "k"

825m eh? Do I smell a Special Projects Bureau project in the offing.

1km would be something to aim for (rather than a passing airplane)

Our terms, not theirs

> Facebook has told the Belgian government that it cannot proceed with its privacy case against the social media giant because of its use of English terms

But surely England (you know: where English is spoken - and invented) can step in and "allow" the Belgians use of some of our words. Since the Americans actually speak american, not English, their argument seems invalid.

Of course, it's complicated, since the american word for their language is "English", although this is really just a failure of translation, than them trying to lay claim to an entire language. Especially when it's one they don't actually speak!

Hard and fast

Cantrill seems to be promoting an idea that "proper" OS's, Like Solaris / Unix are more reliable because there is an interface that stops user-space mistakes migrating into kernel-space. This is obviously flawed, as anyone who's ever made a system call with incorrect parameters will know. Or anyone who's application sits, waiting on an I/O to a networked device can see - after that device (or the network) has gone away.

In theory, what he proposes has merit. A reliable, resilient, impenetrable, wall between the two. However faults in device drivers and poorly written code, APIs or bad implementations mean we never get this in practice.

And then there's the performance issue. Moving between kernel and user space takes time. The more checks, tests and privilege validaions you put in place, the longer it takes. (I recall that Sun moved their telnet server from user-space to kernel-space in the 90's for this very reason) and the slower your machine gets when you scale up to production levels of load.

One area that he does flag up is the ability to debugger your applications. But isn't this just a function of the tools that (would) be built into a unikernel? If they aren't there now, that doesn't mean they couldn't be in the future. It might even bring about the return of hardware based debugging - which has the advantage of sitting outside the running system and therefore not affecting it's performance or logic flow.

So what are we supposed to think?

Although it's a given that the Earth is getting warmer, the "approved" belief is that is could only be a bad thing.

After reading this piece, there is doubt. Are we really warding off an ice-age? If so, surely that's good and if a bunch of ugly insects and a few cute, furry, things can't cope - well that's life! Many more ugly insects and cute furry things would become extinct in an ice-age, so aren't we doing them a favour?

The real issue seems to be OMG! Change is happening! We're scared of change! We must stop it!". Without anyone being able to run the model forward to work out what the options or outcomes of more or less global warming would be. Maybe we should be cranking up the CO2 and CH4 emissions¹ - just think of the cute furry animals.

[1] Just add water to make booze and free oxygen. What's not to like?

When to panic .... and when to stop

> When we are afraid, we have only our intuition and built-in responses to draw on.

And we all know that "intuitive" answers, in IT, are frequently wrong and rarely the best choice.

However, when it hits the fan a good bit of JFDI style panicking can work wonders. So long as it's limited to digging yourself out of the mire. The crucial next step is to know when to stop panicking and start on the first stage of recovery: the witch hunt learning, and ensuring something similar won't happen again.

However, when organisations are crisis-driven and seem to be continually reacting to one problem or another, then someone - someone very high up - needs to recognise this as a failure of management and to step in (or find a new position).

The sad thing is, that so many IT shops these days are so hidebound with processes, reviews, buy-in, "quality" (ha!), and all the other buzz-word stages that get between a dam' good idea and making it happen that it's often more rewarding, much less effort and a lot of fun to move the fan closer to the brown stuff - and instead of avoiding problems, let them happen and then be a superhero. After all, who doesn't like a good panic every now and again?

So we'll still have 500 channels full of crap

> Rather than taking the viewer beyond their prejudices or acquired experiences, it’s confining the viewer within the prejudices and experiences that they have already acquired

So very like choosing which newspaper to read?

Although I would fully expect that the prospect of tailoring programme content to individuals will be far too difficult and expensive. Rather, this technology will merely become a way of tailoring advertising to the punter.

The natural balance

> Most companies ... collect data they never use,

That's OK. Most people provide data that is completely made up.