Posts by Ken Hagan

Re: Locked boot loaders

"a pristine environment"

Given that we're talking about a network-connected device that hasn't received a patch in living memory, I'd say that "pristine" is probably not the word you were looking for. For a related example, consider that XP went out of support a few years ago. Only a complete fool would connect an XP box to the internet today. Are the rules different for phones? Do they get special protection from hackers? Is their software significantly more hardened against attack? Umm ... not as far as I can see.

A phone where the vendor has no intention (and no track record with past models) of supporting it beyond 2 years is a phone with built-in obsolescence. It would be interesting to see a test case or two that pitted a phone vendor against consumer protection laws.

Why Google did it this way...

Well, first off, on the application side, most updates *are* generic. However, the close you get to the hardware, the less likely that a patch will not need to be device-specific, and consequently unavailable to most consumers. I can think of two reasons why Google did it this way, both of which they (G) now regret.

Firstly, the original Android was a quick and dirty bodge. Yes, there was Linux in there somewhere, but there is little evidence of big G defining a standard platform or insisting that vendors make drivers available. Consequently, every phone is a new platform. (This is very evident if you go to www.lineageos.org, where you will find separate builds for every phone they support (well over a hundred, as far as I can tell) and if there isn't a keen developer with your exact model then there probably isn't a build for it. In the realm of 64-bit ARM-based servers, I believe there is now some moves afoot to standardise a platform. There's nothing similar at the other "phoney" end of the market, and until accelerometers, cameras, GPS and such like become standard kit in server racks (!) I don't think a server platform standard helps us at the other end of the market.)

Secondly, the phone companies were delighted to be "in the loop" with a power of veto over delivering updates because they were also "in the loop" with bundling an actual phone with your contract for network service. They ended up with the ability to bully you into upgrading your contract every couple of years. Giving them this power was probably the key to getting them interested in Android in the first place, but big G would like the power back now.

So we have project Treble, as big G says "Thanks for the leg-up into the phone market. I can take it from here myself.".

Re: No money in it

"...the ROI on security updates is zero. Far better to encourage the user to buy a new model..."

Well if your service is shit, my next phone is from someone else.

Presumably they won't be able to offer it as a chargeable extra once it becomes a legal requirement. :)

"It doesnt matter if they are in the US. If they store the data of EU citizens then the GDPR applies. "

Er, bollocks? For anyone to be subject to EU law, they have to be either in the EU or find it convenient to abide by those laws in order to do business with customers who are in the EU. ICANN probably falls into the latter category, but if anyone starts bandying about fines then I think you'll find that they no longer "find it convenient".

How many Iranian or North Korean laws have you broken with impunity recently? The same principle applies.

Re: Do space apps *still* use spinning metal gyros?

Depends what you mean by "still". This guy seems to be about 20 years old and heaven knows when they started planning the hardware. I don't know when the first micro-mechanical gyros came in or how good they were (or indeed are, even now, for a mission likely to last several decades). It is entirely possible that they weren't an option.

Re: Sooo...

"The point a lot of the posters are making with their poor use of language, however, has greater validity than their choice of words used to express it."

As and when they manage to find the words, I look forward to giving their point the consideration it deserves. In the meantime, I hope they won't be offended if I judge them according to what they've actually said so far. Respect is like pay; you've got to earn it.

Re: Simple solution...

and another follow-up:

GDPR obliges you to notify a person whenever you leak their data.

I don't know how this notification is supposed to take place if the personal data in question doesn't include contact details and I have to say that any email from FB to someone who doesn't have a FB account is unlikely to pass their spam filters. Perhaps this relates to my earlier query about whether shadow profiles *can* be meaningfully associated with real people and whether they really count as personal data.

I bet the lawmakers haven't thought about this, though. I bet they thought they could talk about "the subject" without descending into philosophical debates about personal identity and the fuzzy nature of knowledge. I bet they thought it would be clear what their law *meant*, even if it wasn't clear how might apply in any particular case.

Re: Simple solution...

and a follow-up:

If a shadow profile can't be reliably linked to a person, can the system reliably avoid building up a new one after a GDPR delete-me request is submitted and acted upon? If not, doesn't that mean that FB's current architecture fundamentally incapable of staying with the law?

And how much of this applies equally to any other system that attempts to join the dots within a morass of unstructured data? Who else should be crapping themselves as data protection laws around the world slowly catch up with what has been possible for a decade or two?

"how many fines of 4%"

I imagine that 1 would be sufficient to close any legal presence they might have within the EU. Perhaps a more interesting question is how many european users would then feel that they ought to leave the platform. My guess would be less than 4%, which means that it might be cheaper for Zucks to leave the EU *before* this law comes in.

Re: Simple solution...

"I don't have an account but that won't have stopped them building a profile on me."

Does anyone know how accurate these profiles are? Is there any way for non-FB people to find out what's in them? Is there any way for FB people to find out what's in them? Can such a profile even meaningfully be said to be "about me" if neither I nor anyone else can actually go from "me" to "the profile" or vice versa?

Re: I'm having trouble deleting my FB account!@

"Just a matter of getting the shadow profile of you deleted then."

Sounds like a simple matter. Let me see ... is there something in US law equivalent to our data subject access thingy? Would I as a non-USA-ian have any right to use it? If so, and FB declined, do I have standing in a US court? OK, so that's not sounding quite so simple.

Next question. If a foreign company has made-up data tagged with my name, can they damage me with it? If so, how? If not, why should I care what they spend their money on?

Re: But, but, but.....

"I haven't posted anything there. But anyone with whom I've corresponded or given a phone number to may have that, and my name, on their mobile. If they also use that mobile for FB then that information will have been harvested despite my not having posted anything."

That's clearly private information. Zucks was claiming that he has only <em.deliberately</em> disclosed public information. From here we can go several ways:

1) Zucks is lying and actually my privates have ended up being published to any scraping tool that wants them. Bad Zucks. Nail him to your local Data Protection Laws.

2) Zucks is telling the truth and a lot of people need to look up the meaning of the word "public". Stupid people. Don't say we didn't warn you.

3) Zucks is telling the truth but has cocked up on his own data protection so many times that there is little difference between public and private FB data if you have the right scraping tools or are willing to pay the wrong people. Bad Zucks, but not quite as bad as (1) because who the hell could possible expect FB never to screw up. Oh wait ... stupid people, but perhaps not quite as stupid as (2) because 10 or more years ago this kind of inevitable failure wasn't something that Joe Public would have expected and nor were its larger social implications widely understood.

Based on the quality of the mass media reporting of this issue, Joe Public (or Joe Journo) still doesn't understand the inevitability of such leaks and is only slowly coming to terms with the wider social consequences of what Bad People might do with a lot of private information. Wake me up in 2030 and we'll see if today's teenagers have learned anything from their parents' mistakes.

Re: "the absence of an MMU was a PITA..."

I think it is often overlooked that Minix wasn't the only such. Real-mode Windows managed transparent swapping of code segments and usable semi-transparent swapping of data as well. It ran on quite a few systems in its day. It wasn't pre-emptive, but that only meant that apps had to be well-behaved and if we are being entirely fair then I have to make the observation that Minix apps had to be well-behaved too, since they all had unrestricted access to the whole of system memory. Similar comments apply to the early Mac operating systems.

Pre-emption (requiring a processor that can restart instructions) and real memory management are certainly both needed if you want to run buggy or badly behaved apps, but systems that require good behaviour are still a lot more useful than systems that can only run a single app. (In the embedded space such "trusting" supervisors are still widespread.)

Re: And so fairwell blackfin, cris, frv, m32r, metag, mn10300, score, and tile.

If you've got a new chip, no-one supports it yet. Porting Linux is something you can do to prove it actually works. Supporting that port for a while proves that you are still supporting the hardware. You are never going to sell the hardware unless you can convince customers of both of those things.

Re: Human behaviour

"What we did have, however, was a much higher standard of teaching and teachers."

You can't say that. You weren't there, you still aren't, and it wouldn't help anyway.

*) You *think* you were there, but in fact you had the mind of a child at the time and were totally incapable of determining whether the teacher was doing a good job, either for you or for others. Misty-eye recollections don't count and the statistics would suggest that when you were young about a quarter of all pupils emerged from a decade of full-time education with no qualifications to speak of.

*) Most parents *still* don't have the relevant skills (in any given subject) or experience (of what happens in the classroom) to judge whether teachers are doing a good job now. If you are good at something, you've usually no idea how to teach it to someone who isn't. If you were bad at something (and presumably don't do it anymore) you never even knew what it is you would be trying to teach. Your ignorance is stupendous and if you are half as smart as you think you are then you should accept this with good grace.

*) You are just you and (probably for the best) the system is also trying to reach people it didn't bother with 50 years ago, such as dyslexics.

*) The system is different to the extent that no scientist worth of the title would accept that exam performances can be meaningfully compared. Exams now aren't covering the same material and aren't trying to measure the same outcomes. You are free to argue that they are covering the wrong material and/or rewarding the wrong things, but you must surely accept that this makes them incomparable.

*) Exam performances are not the only (or, perhaps, even the most important) measure of whether a school has educated anyone. I don't think I would respect the intelligence of anyone who seriously argued that they were, but I can't be certain because I also don't think I've ever met one.

Basically, we haven't a flipping clue and probably won't ever get one. Education is Hard.

I do know, however, that a lot of research has been done by psychologists, trying out different teaching methods on groups of children using controls as best one can given the ridiculous variability of children and environmental factors, and that this research *is* used to inform teaching methods. It's one reason why teaching methods change with the seasons. As one with a scientific background, I find it hard to argue against trying to do such research and trying to incorporate the findings into classroom practice. (The great pity is that the politicians interfere with the process so much, regularly demanding that the new methods are abandoned in favour of whatever happened when they were kids.)

Re: Damage control mode

"and how many of the rest of us want to be involuntarily put in harms way?"

I can't believe anyone has downvoted this point. If it was your loved one that got mown down by a computer system with a deliberately mis-leading name (I see no reason to mince words here. The two syllables "auto" and "pilot" are (i) already used in the aviation industry to refer to a fully autonomous system with a good safety record and (ii) clearly used in this instance for marketing reasons.) would you just shrug your shoulders and say "C'est la vie, or fin de la vie in this case."?.

Tesla are selling something sounds like it is a fully autonomous system but which actually will kill people if used in that way. Adding some fucking small print in the instruction manual does not let them off the hook.

Re: Thanks to the British voters?

"That you're 12? Or don't have anything useful to contribute to the debate?"

I think it is usually taken to indicate that you think a cock and balls would be preferable to any of the options pre-printed on the ballot. That may not be an actionable opinion under electoral law, but you are entitled to it and if the politicians find it upsetting then perhaps they should raise their game.

Re: Thanks to the British voters?

"Those who don't vote when a vote is offered are assumed to be happy with however the decision turns out. Logically, it can't be anything else. So the non-voter figures should be added to the figures of whoever the winner is."

You were fine right up to the beginning of the third sentence. The non-voter figures should simply be ignored.

Re: Still reeling

"You can still write code to make use of someone else's API, but whether or not you can go and re-implement their API depends on the API copyright holder and their terms of use, as it should be."

Ah, but which side is the implementation? If it is a device driver interface, the OS is the caller and the third parties are the callees. Google could argue that they simply produced a new "client" of all that existing "application software". In fact, in the context of producing an alternative implementation, this is a perfectly reasonable argument and has precedents with several other groups that have produced similar "clients" over the years. Likewise, internet RFCs are (at least traditionally) not accepted unless they have multiple implementations.

End-users (including the average lawyer or judge) may think it is obvious that APIs are one sided and it is obvious which side is which. That's because they only ever see it from one side. However, to a software developer, APIs are two-sided. If you only have one implementation then you don't have an API, you just have a stamp collection.