Posts by Milton

It's just a mental trick

Passwords really don't have to be so hard. Most people have heard of concepts like mnemonics and even the memory palace, where highly visual oddities are used to aid memory.

So you need a new Amazon password? Picture a bloody great water snake chowing down on a heavy load of pound coins. Twist the expression of the words. Get: "5nake(<LBs" [You have (< for an yawning mouth with a forked tongue, and LBs for the imperial representation for pounds as a weight. The word formed has quite a striking appearance, especially the caps. You can say it, but an eavesdropper still won't actually be able to type it correctly merely from the sound. You won't forget it, or the association with Amazon.]

Corporate login for your health insurance employer? Picture your thoroughly unpleasant boss plummeting onto a hospital bedpan. Get "91tHI75h1t". You can say it ("git hit shit"), but again, an eavesdropper still won't actually be able to type it correctly merely from the sound. And again: memorable, visual, the word itself quite striking in appearance.

Why is it a good defence? Not a single word suceptible to dictionary attack. Ten characters of mixed case alphasymbonumeric, for a choice of at least 70. A bit under three quintillion possible passwords. The most common entry mistake you commit will be typing a letter for a digit or vice-versa, which you probably won't do three times in succession—so, common errors will rarely lead to lockout.

Allowing The Adversary "magic tech" that could try a million different passwords every second without lockout, it would take nearly 90,000 years to try every single possibility. I'm pretty sure your company's planning horizon doesn't extend beyond a decade (and the Board's doesn't extend beyond next January's bonuses) so you should be just fine.

Take a creative two minutes to dream up your new password, stamp the image in your mind, and away you go. (If all else fails, use mental pictures of things connected with food and sex, which are particularly prone to stick in the mind's eye, for some reason.)

Go on, give it a try. Go on, go on, go on ... ;-)

Why buy?

That is my question. The only persuasive selling point is the updates, but as others have pointed out there is a conspicuous flaw in that proposition:

"Pay far too much for this second-rate gadget solely because its core systems may be so poor that you will need to receive constant fixes"

I'm not an Android hater by any means, but this implicit message is really not a good one.

I'm not a gadget lover either—I cannot imagine laying out more than £300/£400 for a versatile pocket computing and communications device (aka 'phone')—but I can understand the broad appeal of some of the flagship handsets: and it is very hard to see why anybody would choose the Google phone when for similar outlay they could have one of Samsung's latest, frankly fabulous ones.

But then, as yet others have said, this is mostly about monetising human lives, and Google's rapacious appetite for harvesting personal data has long since become a thoroughly obnoxious feature of the company that laughably coined "Don't Be Evil".

"shouldn't be on … network in the first place"

"… new way to break thing that shouldn't be on your home network in the first place"

I guess we're all a leetle tired of saying that just because you can do something doesn't mean you should. Personally I thought that even non-technical consumers would have developed some healthy scepticism by now, rather than continuing to swallow the endless drivel spouted by marketurds. But the Internet of Shyte tide just keeps on coming in, bringing at best utterly pointless and at worst positively dangerous connectivity to a Useless Device Near You.

But it's not only about personally inconveniencing twits with more money than sense, is it? It's potentially way bigger than that.

Given the recent article about research into how abuse of connected devices could be used to bring down regional power grids, and the never-ending news about Russia's GRU hacking, invading and weaponising every damn thing in sight, you could be forgiven for wondering why western governments aren't taking control of this. If it was common knowledge that hostile Crotobaltislavonian intelligence was planting remote-controllable demolition charges around UK or US strategic infrastructure like power grids, water and gas pipelines, reservoirs, railways, motorway bridges ... why, there would be massive bloody uproar. If gullible consumers were buying those cute imported Crotobalti Slobberpups, unaware that, upon receiving a broadcast command in years to come, these seemingly inoffensive canines would tear their owners' throats out before causing mayhem on the streets, there would be swift and decisive action.

Yet, as something very similar but intangible*¹ is happening right now in the field of internet technology, nothing effective is done at all.

One of the few things worse than Brexit would be if Vlad The Emailer switched off Britain's lights for a week. The cost of the chaos is almost unimaginable. Is it a good idea to keep doing things that make this easier for him?

*¹ Incomprehensible, to imbecile politicians.

The joy of the worthless pun

The head and subtitle—

GitHub goes off the Rails as Microsoft closes in

The content of the article—

" ... Ruby still has a place at GitHub – Lambert referred to the company as a Ruby shop ..."

Wouldn't want to sacrifice a worthlessly infantile pun on the altar of accuracy, would we?

Tempting, in a funny kind of way

I live close to Croydon and might even qualify, though some of my relevant CV (the more senior corporate IT stuff) is quite old. And as several people have pointed out, although the salary is laughably pitiful for the level of responsibility theoretically involved, the situation is indeed just that: "theoretical"—no sane, experienced adult expects any aspect of Brexit to be anything other than a massive, chaotic, expensive, ultimately cataclysmic clusterphuk.

So if the salary is derisory for the purported task, perhaps that is in recognition of the futility of the role and its context? Perhaps, in fact, they might as well give the job to the first CV that comes in the door, given it will make no difference whether they appoint an experienced IT professional or a bumbling fool (perhaps BoJo should apply, he is too lazy, ignorant and stupid to bother with detail)?

Trouble is, as soon as your feet are under the desk, cynicism comes under assault from "Maybe I could make a difference, just a little ... what if I do this ..." because you figure that a bit of reason, evidence and logic might actually help, and, who knows, you could convert some clueless civil servants and their imbecile political masters to reality. Before you know it, you actually care about the deck chairs, despite the captain steering deliberately straight at the iceberg—and then the stress sets in, and once again you are burning out in the face of staggering public sector incompetence and the utter uselessness of politicians.

And the £100k wasn't worth it after all.

Perhaps the Home Office advert should read: "Poisoned Chalice: £100k p.a. for first person stupid enough to think they could make the slightest difference."

Extraordinary claims—

Extraordinary claims ... require extraordinary evidence. That's almost an immutable scientific law by itself.

Some earlier posters' incautious statements aside†¹, superconductivity at anywhere near room temperature, especially if practically achievable (i.e. outside specialised lab conditions) would be an epochal discovery. It's impossible to overtstate the effect of such a thing. Multiplying the efficiency of national power grids; delivery of vast power from far away, e.g. from solar concentrators in the Sahara to Europe, something of a Holy Grail for an entire continent; cheaper and more compact MRI and almost everything else that uses superconducting systems, from medicine through industrial imaging to directed energy weapons; manufacturing industry revolutionised; huge improvements in vehicular electric power systems ... the pattern of energy generation, distribution and use would be upended, and the speed and effects of the changes in our world would make even a world war look tame. There would be secondary benefits to science also, as it would become much easier and cheaper to create very high energy particle experiments; and it hardly needs be said that it would also be a big step forward toward steady hot-fusion generation (even if it ultimately shows us that that approach isn't the best one: but that's merely a personal inkling, no more).

A company exercising a patent on practically achievable, economically useful room temperature superconductivity would conquer the world. Apple would look like a minnow by comparison.

Regarding the more or less instant expressions of doubt, though, it isn't solely because of the extraordinariness of the claim: the article clearly shows that the noise data points attracted immediate suspicion. That's a red flag the size of, say, Trump's tongue. Consider: if your student were to graph current in the microamps scale versus varying millivoltages across a range of room-temperature resistive substances, you'd expect to see very consistent data points in a predictable relationship, because V = IxR. But if said student were also minutely recording and graphing Johnson noise from those devices (essentially random low-level racket) and when marking the work you observed a series of matching data points in the noise—even if scaled differently—you would be extremely surprised, if not incredulous. The average or overall trend of such noise might vary, but to see discretely identical inflections would simply make no sense. Short of imputing some heretofore overlooked and yet radical property of the physics of resistive materials—which would, I think, overturn a lot of what we know about quantum mechanics—there is not even a theoretical basis for such a thing. You would, in short, know straight away that the student had sloppily copied the noise data from one experiment to the others. (Of course, the student might have done this because it's "just noise" and therefore not relevant to V=IxR ... but by doing so, even without intending dishonesty, calls into question everything.)

All of which aside, the answer in science is the same one it's always been: can these results be replicated?

†¹ Hot fusion works, as any sunbather can tell you (or the designer of multi-stage nuclear warheads); cold fusion occurs frequently—it's a common tabletop practice for enthusiastic amateurs—but it never gets close to break-even; string theory and its "descendants" such as M-theory are arguably the best there is right now, notwithstanding that gravity remains stubbornly intractable; and quantum computers are functional, though in fairness it remains to be seen whether they will, or even can meet their theoretical promise.

Disadvantages everyone—except the actual bad guys

Disadvantages everyone—except the actual bad guys, who will use any one of a dozen superb freely available encryption algorithms and code, along with nice big keys, to secure their data or messages, storing them among randomised data blocks on their systems providing plausible deniability if seized, thereafter to steganographically embed the encrypted data at a very low rate among some large but poorly-resolved, "noisy" images on the web (with only two billion per day to choose from).

Law enforcement will ultimately be in the position of having to demand passwords from suspects. Thus it will have to have been through the process in which it identified suspects, established in most jurisdictions some form of probable cause, got warrants, extradited or otherwise actually found and detained the supposed malefactor, proved that there even is some encrypted data, somewhere, and finally said "Give us the key". The latter part of the process will be conducted with defence lawyers present and the distinct possibility that even if you have arrested a Black Hat, you cannot be sure that s/he has encrypted anything in the places you've searched. Maybe that scruffy 5Mb image has some "off" byte values; or maybe it's just got noisy crap in it. Maybe that disk sector is a random mess of junk, or it's a diagram of beryllium straws for stage two of a nuke; maybe BH really has forgotten the password.

Not only will you have to prove your case through a jury, you might notice that almost all the work you did to get to the point of having a suspect to interrogate is the exact same shoe-leather-heavy, tedious, detail-oriented, human-based police work that you had to do in the past, before all these tech miracles and encryption came along.

In other words, while trying to create impossible and useless backdoor policies, you've proven that there are actually no magic technology bullets and that you should have concentrated on proper police work in the first place.

Speaking of a war ...

Speaking of a war, I don't want to rain on the researchers' parade but the basic concept here dates back at least to WW2. Traffic analysis upon unbroken ciphers was an important tool—ands even better if you can introduce some specific behaviours within the network—something an adversary would certainly want to do when compromising an IoT-infested LAN. By changing the internal state of a supposedly fully encrypted network, you can cause it to leak. It might be as simple as ringing the doorbell.

As a completely (I assume!) fictional example: even if you couldn't break a newly deployed Japanese Naval Cipher, you could infer a great deal about lines of communication, organisational hierarchies, importance and purpose of specific bases, and even specific intelligence about the likely content of encrypted messages, by watching the traffic patterns. Let's say you plant a story about the lack of starter cartridges for American combat aircraft in the eastern Pacific theatre, making sure you quote or invent an unusual and lengthy specification or part number, "accidentally" revealing the name of a cargo vessel and a couple of ports it will need to call at while delivering said vital components.

First, you've triggered a flood of encrypted messages, the timing, frequency and length of which will tell you a great deal about the enemy's interception capabiltiies, response times, analytical tactics, command structure, plus a good chance of learning the dispositions of some enemy forces, like submarines, that may be tasked with attacking the 'vital' shipment ... I'm sure everyone here gets the picture.

Second, you've thrown some nice cribs into the encrypted streams: by choosing some specific names (ports, ships, islands) you can be fairly certain that those will occur in the ciphertext, encrypted. Using a long-ish and unique phrase (like our hypothetical part number) of supposed significance, we can add an additional particularly handy crib that will be included only in messages specifically resulting from our planted story. Its uniqueness and length can both be helpful to the cryptanalyst: 'COFF222BVER888HPSTART' is more useful than 'Rabaul'. (Note a couple of handy character repetitions, too.)

This doesn't automatically break a good encryption scheme: but it does mean that whatever weaknesses it may have (especially human-factors weaknesses, like a lazy or hasty clerk reusing a key) are more likely to give you a way in.

The crypto schemes used in local networking are far better than the relatively naïve ones of 1942, but—as we've seen with WPA2 during the last year or so—still have vulnerabilities.

I'd be very interested to read the researchers' next paper, where I hope they move on from passive sniffing and "inferring" to finding ways of planting subtle seeds (probably using completely innocent-seeming and plausibly deniable interactions) which then expose vast additional troves of data.

About those beancounters

I see extensive mention of the much-maligned beancounters here. Now appraoching my seventh decade on this unconvincing simulat- planet, I remain convinced of a rule the ineffable truth and rightness of which dawned on me after about five years into my second career (sort of fell into IT in the mid-90s, long dull story, eventually included a surprising amount of consultancy stuff).

The rule is this: beancounters, sometimes styled as accountants, most accurately referred to as book-keepers, should never, ever, ever, ever be allowed anywhere near a corporate board, or indeed, above the middle-management layer (and even in the latter circumstance, they should be "managing" only other abacus-fondlers). Their function is and should always be confined to applying rules and doing sums. Their purpose is to obey the rules and perform simple arithmetic. The idea that such (admittedly, in all other respects undoubtedly wonderful, charismatic and richly virtuous) human beings should be allowed to influence policy is simply crazy, explains much that is otherwise appalling and mysterious in the commercial world, and is suggestive of some kind of mind-control infection.

Why on earth would any business actually need a CFO? To provide inflatory, buoyant support for an otherwise empty suit, while repeating through Death By PowerPoint what Anon B. Counter already said in his monthly report (which was 96.3% automatically generated by computer anyway, the only wrong bits of which will be because ABC screwed up an Excel chart and should have let a monochrome graph speak for itself anyway)?

Seriously, if you can only see income and expenditure; if you can only think in the ten available digits; if you see costs as only ever a sink of value, always to be cut; if your mind is moated by the metaphors of an indifferent grey suit and crippled by zero-sum philosophy: then you're looking past almost everything that actually matters.

For those who doubt this as a mere curmudgeonly jeremiad, ask yourselves this: having heard so much recently about computing and automation potentially replacing human skills, and considering the emphasis of these speculations so far on low-paid, unskilled jobs—what traditionally highly-paid, very senior role can you see being effortlessly performed by a robot?

In short, if any so-called "profession" ought to be quaking in its boots for fear of redundancy-by-robot, how can beancountery not be at the very top of the list?

Right for the wrong reasons?

Ok, no one trusts Oracle to be anything other than the greedy, arrogant, morally unhygienic company it's always been. No one expects it to suddenly—or even, ever—offer top-class, good value products or services that in any way resemble their marketurds' onslaught of hype. The Oracle dodo was already disappearing over the horizon 20 years ago when the company Christmas tree (the RDBMS that was, once, valuably distinguished) became invisible under the unholy spawn of too many acquisition orgies—the festoon of shiny baubles of (badly-) "integrated suite" shyte.

So no one believes that Oracle's motivation for this legal complaint is anything except self-serving.

But that doesn't mean they're wrong about the principle of the thing. DoD's excuses for single-sourcing (and doing it conspicuously badly, if you look close) are even leakier than a littoral combat ship:

"[DoD] ... justified its decision by saying that running a multiple-award contract would slow down the bidding process, increase project costs, and complicate management. ... Pentagon has argued it will avoid lock-in through built-in exit points and various contractural [sic] requirements on portability and price"

—which translates as "DoD is (i) incompetent to manage a major competitive tendering process, (ii) doesn't realise the phenomenal financial and delivery risks of lock-in, (iii) has either failed to conduct or has dismissed the results of a SWOT analysis of this initiative".

Now, an ironic perspective on this might acknowledge that DoD has had an entire century of procurement mismanagement experience—with the F-35 fiasco only the latest reminder of its heroic institutional incompetence. This is an organisation, after all, that knew exactly what had gone wrong, how, and why, with the F-111 program fifty years ago, and then went ahead and made all the same mistakes again. So the DoD statement is bizarrely truthful per pt (i) above ... though probably unintentionally so.

Pts (ii) and (iii), though, ought to have rung alarm bells right round the E ring, because whatever costly dependencies the Pentagon may tolerate with its hardware (or, to be fair, are inflicted upon it through corrupt pork-barrel congressional greed), this is major information technology we are talking about. Russia and China may be celebrating the stupidity of F-35, but they cannot do any more than Lockheed, Congress and the Pentagon have already done to turn that particular project into a military Achilles heel: they can't subvert the plane while in flight and make it crash, or turn right round and shoot up its mother ship. At best they can just hope for chips of runway concrete chipping the stealth paint for a 36-hour trip to the skincare salon.

IT is another matter entirely. The foes mentioned above are bad enough*¹, but there's also an almost limitless number of smaller nation-states with the intent, the potential and eventually the capability to inflict strategic-level damage on US military IT*². Why on earth would you make their job even easier by single-sourcing? Bear in mind, wars can be lost for a lack of shoes as much as missiles: claiming that your precious data is "only" logistics, HR, supposedly unglamorous or even trivial support stuff is actually the same as saying "If it busts, we lose".

Of course DoD should be looking for multiple suppliers, and Oracle's stated reasons are sound enough, but the far more crucial one is national security. Inevitably, the Pentagon will come to depend more and more upon its suppliers—sucking in the unwary, holding them and their data hostage and then lovingly fleecing them is what every major cloud provider ultimately aims for, after all—and the idea that it will depend upon just one is ... unbelievable.

·

*¹ One of them appears to be trying out the unique military strategy of overwhelming a nation's defences via BlitzTweet.

*² Not to mention the Orange Idiot's "400lb guy sitting on a bed"*³.

*³ No, not the one mouthbreathing around three Big Macs while gaping at Fox&Friends. That's Vlad the Emailer's BlitzTweeterBot. Do try to keep up, guys ....

Just one 'winner'?

Reading some remarks here about who will 'win', and wondering if that's really how things will pan out. Sure, one provider will be 'bigger' than the others at any given point in time and by whatever measure (income; storage; geographic spread; number of customers; etc) and you may even find that the top spot changes hands occasionally—but given (a) the foolishness of putting all your eggs in a single basket and (b) the constant competition among providers, which sometimes might even be called innovation, I'd have thought we'd see maybe five or six big providers jostling in the long term.

I do wonder whether we will see an explosion in security intermediation, since one of the overwhelming concerns about trusting other companies (and other nations' companies ) with your crown jewels of data is that you simply ... shouldn't. The almost inextricably thorny issue of how you can store properly encrypted data on someone else's cloud and also work with it (without shuffling it back on-prem, decrypting, processing, re-encrypting, sending back to the cloud) is unlikely to go away. Indeed, it'll only take a few hugely damaging breaches to change the nature of this discussion in a very big way.

That said, I am on the paranoid end of the security-and-trust scale, and perhaps there are large corporates entirely happy to risk their valuable data on the word of businesses like Microsoft and Google, who have earned such glowing reputations for honesty and corporate integrity.

Be relevant or be gone

Provided the oranisers are within their legal rights to bar and/or eject any person they want to, at their sole discretion, and provided attendees have signed up under those conditions, it shouldn't be hard to tell irritants to get out, but I guess you have to be careful how you do this: the law will reasonably expect some proportionality in any force used to evict troublemakers. If it's going to come to physically escorting people off the premises and then ensuring they don't return, I'd suggest a heavy presence of CCTV and body cams, not to mention some very professional minimum-force bouncing skills. Right-wing loonies wil be only too happy to bash themselves in the nose, head-butt a chair (or even arrive with self-inflicted injuries under their clothes) to play the victim card.

You need to play it dead straight, no matter how angry they may make you, and treat them like unpredictable, furious, unbalanced, volatile, fragile children. Which is not so very far from the truth anyway.

Remember the Number One Rule of Right Wing Extremism: "We lost the argument 70 years ago; all we have left is lies."

(Rule #2 is "Focus on the gullible".)

"... the Republican caucus in Congress shot down an amendment ... that would have allocated $250m to US states to be used for hardening election systems against attack."

Bizarre, non? If the known multitude of attempts, principally by Russia, to swing US elections had been aimed at helping the Democrats instead of the Republicans, do you suppose these cretins would have voted differently?

And have they ever scraped up enough of their dregs of conscience to wonder why Vladimir Putin's Russia, America's most dangerous and consistent enemy, is in favour of a Republican president and Republican candidates?

Beyond all the nonsense about "No collusion" that's now weaselled into "Even if we colluded, it isn't a crime", is it possible that even someone as stupid as Trump hasn't asked himself why an enemy state would like to see him as president? (Yes, the question may be inflammatory: but it's based on facts and principals' statements, of impeccable public record.)

—"... for if it prosper, none dare call it treason"

Let's Encrypt

I guess I'm mildly surprised that everyone is not now using Let's Encrypt. I set it up for the first time on a server a couple of years ago and after some initial permissions wrangling, it's worked regularly and reliably ever since. What's not to like?

Perfect vs Trade-offs

Surely we all know there is no such thing as "perfect" security (or "perfect" anything), and that phrases like "100% unhackable" are doomed to disproof. In IT, effective performers have long since learned that striving for perfection is to waste time, when in truth all we should ever have aimed for is "good enough". Thus knowing "what good looks like" is an important ability—and, by the bye, is vital for both customer and developer.

Security is no different. There is no Perfect. There are only the trade-offs of money, time and expertise invested in protecting stuff, versus the consequences of its compromise, all stacked against the capability and intent of potential adversaries.

Example: You've got a good, solid garden shed. Breaking through its doors or windows would cause so much noise that the potential burglar would be discovered and arrested. The only way in, then, is through the padlocked door. You've used security heads and decent fixings, so the burglar has to open or destroy the lock. That's his only option. Let's assume that with a glance through the window, the burglar can quickly assess the value and desirability of what's inside.

Now if the shed contains tatty old gardening equipment and a 10-year-old mower and rusty tools, you may fit a cheap padlock that acts as a visible deterrent. For the sake of dragging away a heavy old mower he'd only get £20 for, the burglar simply can't be bothered to spend fifteen minutes hacksawing off the lock. There are better pickings along the street. Move on.

Suppose instead you have a brand-new beautiful titanium and carbon fibre top-end mountain bike worth £10k in there. Now you're gonna think harder, and spend some time finding a better padlock. One of the things you'll consider is "How difficult will it be to break this lock?" which also amounts "How long would it take?" You cannot buy a perfectly unbreakable lock. But you can find one which, for a price, would take a long, long time, special tools and great effort to bust through. Our friend the burglar may now by much more motivated to get into the shed, and he may come back with a serious set of bolt cutters (thus, intent and capability are both markedly greater) ... but if he's still chopping away futilely at sunrise, your "good enough" security has done its job.

In fact, all security is like this. There is no absolute unbreakability, but we can invest in a level of difficulty which is appropriate to the value of the asset and the capability and intent of adversaries. If you're using an encryption scheme with larger key sizes, for example, you are not guaranteeing that your messages will never be broken, but you are ensuring that they'll remain secret for, say, 50 years. (Notwithstanding quantum possibilities, which are driving some paranoid agencies to deploy high-tech one-time pads again.)

The Bitfi trips over its silly and unrealistic claims, proving once again that marketurds are awful liars. It would have done better to emphasise why its security made the product a better option—but not claim a perfect one. Possibly the tsunami of scorn would have been averted.

But is the code open source?

Notwithstanding Yubico's well-founded concerns about the use by Google of notoriously insecure Bluetooth in part of the process, I have a more fundamental question: is this system open source? I cannot think of a more fundamentally important first question to ask of any encryption/authentication scheme.

While I absolutely understand that commercial companies want to keep potentially valuable IP confidential, I don't see how anyone with serious crypto requirements (which ought to include more and more of us these days) can trust a system with closed source code at the cryptographic layer. Sure, it's fine that the radio protocols, comms drivers and other higher/transport-level stuff may be secret—in other words, any part that handles only messages which are already fully secured and therefore gibberish—but I cannot envision putting trust in closed cryptographic code. That strikes me as "Just Trust Us", if not downright crypto-by-obscurity (which any sane person should regard as worthless), and means that neither I nor anyone else can verify that the crypto is solid: not merely that it's free of mistakes, but does not, at worst, contain backdoors.

We cannot 100% trust anyone not to have been leaned on by NSA, or the Kremlin, or GCHQ. We cannot put 100% faith in crypto algorithms, crypto-chip hardware or code we haven't seen line by line, so that every expert on the planet—people straospherically beyond my level of knowledge—has had a chance to poke holes. That's not paranoia: that's a by-now age-old cast-iron and fully-hyphenated fact.

As for Google in particular: given that we hear they are disgracefully working on a version of their engine for that authoritarian, murderous, militaristic, repressive regime known as China, why, in fact, would any sane person do anything but utterly mistrust them?*¹ (I wonder how many of those noble, free-thinking, self-consciously virtuous coders at Google are refusing the bucks for this particular exercise in squalid greed ...? )

I'd like to be wrong about this ... answers on a BTL please!

*¹ "Dont' Be Evil" ... now just funny, in a dark, sick kind of way.

Deckchairs

Some laudably intended and even slightly tech-literate suggestions in there—something of a miracle coming from a politician—but I still think we're fiddling with deckchairs here, tinkering at the margins with rules that will have, at best, incremental benefits.

I've suggested before and will say it again: we need to deal with the two fundamental problems that were virtually built in to social media right from the outset: free services; and anonymity.

Dealing with anonymity first: it's beyond obvious that a large minority of people are cowardly lice who wouldn't have dared to scream their hate, bigotry and ignorance in public 20 years ago. Now they can be anonymous cowards of the worst kind, spewing their bile here and there, and worse, nucleating an audience of like-"minded" wretches who raise the temperature of their own little echo chamber until they are repeating increasingly hysterical nonsense to each other and believing it. There were and are abundant reasons not to want Hillary as president, but the infantile garbage about Pizzagate, twisted stories about the Foundation, the incessant lies and conspiracy nonsense ... a sizable chunk of the social media using public sounded like mental patients.

I accept that the loss of anonymity will have some consequences too, but the price of it is too high: it is too much of a shield for people who, in truth, should be too scared to spout their filth in public, for fear of entirely justified opprobrium.

As to "free", perhaps it is radical, but I believe governments should create and enforce a ban on any non-government entity from collecting, holding, processing or analysing any user data that is not strictly required for operational usage. Go back to the bare bones of name, address, recent orders, payments, delivery options, complaints and fixes. Nothing else. No profiling, no selling of customer data, no deep analyses, nada.

This means that Facebook, Google and the other parasites will have to earn revenue in another way: they'll have to charge for their services. It needn't be expensive. Perhaps £20/year for Facebook? A tenner buys you credit for 5,000 Google searches? And suddenly the users, instead of being the product and treated like mugs, become customers, with a right to privacy and dignity.

I suspect that a lot of mostly good things would flow from such enforcement, some of them surprising: for example, competition would open up. Advertising would become more expensive and would therefore have to improve: driven from the current atrocious standards, which are even worse than radio, to something more like a good TV channel, where ads are sometimes even funny, and clever.

I understand why this notion will attract a lot of initial and reasonable scepticism, but I have the feeling that if smart people put their thinking caps on and address the deep systemic flaws that make the web such a toxic place these days ... great improvements might yet be possible,

Win10's horrible interface

Several people have remarked on how unpleasantly backward the Win10 interface is. I don't use W10 unless required by my work. Have had a W7 Ultimate setup on my ridiculously powerful personal desktop for years now, and when support is terminated I'll move over to Linux, which I know pretty well from server use. (I'm down to just one application that absolutely requires Windows, the excellent Paint.Net, and will have to transition to Gimp.) I'm not a gamer: the horsepower was bought for molecular modelling, math, stats and later on, crypto stuff.

I admit I will regret it, a little—W7 runs beautifully and is arguably MS's supreme achievement in UI—but even if I weren't deterred by Microsoft's spyware, why on earth would I want to become the victim of an ugly flat tiled touchscreen-y interface, apparently designed for a tablet, when I'm using half a dozen major applications plus browser sessions on a 5 GHz 8-core*¹ 32 Gb system across three screens totalling 18.6 Mpxl of display?

I'd happily pay for a W10 where I could choose a W7-style interface and switch off the spyware. But that's not gonna happen, and I wonder: am I a rare specimen, or are there, perhaps, a lot of people who'll be off to Linux, abandoning Windows for the last time, in a year or two?

I'll pop back in a while to receive feedback on whether I'm an outlier dinosaur as well as visiting curmudgeon ... ;-)

*¹ AMD, in case you're wondering

Two kinds of development innovations

I think there may be two kinds of development innovations, whether these are new languages, new frameworks or even resource kits.

One kind, which might be described as traditional, is what you get when someone realises that something new is needed, or has become achievable and will be useful, so they invent a new language or whatever. If they are right about the opportunity, and the new thingy performs well enough, it gets adopted and sees some success.

The other kind, which appears to be a new phenomenon, is when a corporation decides that it wants to entrap yet more wallets in its ecosystem, and builds a new shiny thing, with an attractive interface and a shyteload of marketing crud, to allow folks to do whatever they were already doing but without any fundamentally important improvement.

Possibly I am being a little cynical. But these days every time one of the net giants emits a New Thing, the first thing you look for is: where are the sticky patches, the snares and the traps, the clever little dependencies designed to draw you inexorably in, get you hooked so that privacy and wallet can be sucked dry?

I'm getting old ....

Paranoia and hot pockets

Paranoia about hyper-computers, quantum computers and rumoured breathroughs such as fast-factoring algorithms in the last five to 10 years seems to have fuelled a quiet resurgence in one time pads (OTPs).

Thus Boris, politely invited to step out of the queue because he (a) travels alone, (b) has minimal luggage, (c) has a certain unmistakable bearing, emits a brief burning-plastic smell before he says "Bozhe moi, phone smokes!" and with practised humility explains in fractured English that his crappy East European phone must have a bad battery. Another quarter-gigabyte of OTP has just been roasted—with plausible deniability.

And there are now many Borises, Jacks, Maurices, Joses and even a few Rachels and Tatianas, couriering the wondrous globe with excellent passports, over-rated language skills, lamentably giveaway body language (always the weak point) and tiny silicon chips the size of pinky-nails concealed hither, thither and even yon.

We're close to inventing a (possibly quantum-tech) OTP which can be read only once, thereafter erasing itself without the need for Boris or Rachel to tickle the "Blown" button—useful, if only to relieve many small rooms in large airports of the smell of melted secrets.

CG & Weight Restrictions

A plane could theoretically tell from undercarriage sensors how heavy it was and, very approximately how that weight was distributed ('v. approx' because realistically you have only the nosewheel as a reference point of sufficient moment). It might be enough to warn flight crew not to attempt a takeoff because of excess weight or out-of-bounds CG. But, as others have remarked, finding this out after all pax and cargo have been loaded is expensive. You have to decide where to put heavy ULDs before loading anything, and for every aircraft you'll need to consider its MTOW, worst-case flight duration, predicted head/tailwinds, plus fuel for alternates. A well-designed loading system will put the right masses in the right places, not just for safety but to ensure that the crew don't have to tinker with compensatory trim—you have to consider centre of lift as well as centre of mass—thereby saving fuel: a nicely balanced plane can be trimmed for most economical cruise. Also makes for a nicer ride: an out of trim plane can be mysteriously unsettling, with almost imperceptible low frequency vibration. (If the crew find themselves having to trim a plane more than usual, it can indeed be because the CG isn't right; and yes, fuel management is important, both to preserve lateral evenness, cross-feeding between wing tanks*¹, and fore-and-aft balance, as modern planes may have large centreline tanks, often ahead of the wing box section, and additional tanks aft, in the empennage. (Concorde used to have to pump fuel fore-&-aft during flight to adjust the CG, as the centre of lift moved drastically in the supersonic envelope

So while it may seem reasonable to put sensitive weight sensors in the undercarriage, they'll never replace the load sheet calculations and stowage decisions. Tilt switches are fitted to the undercarriages of commercial airliners, but their job is primarily to detect when the plane's weight is settling onto the wheels during landing, so that systems like spoiler autodeployment can work correctly (spoilers are armed during finals, so that as soon as the undercarriage "feels" concrete, they will pop up automatically to interrupt the airflow over the top of the wings and destroy the lift, thus ensuring that the plane stays stuck down and doesn't bounce back into the air, and the wheel brakes will have full authority).

*¹ After verifying that any imbalance isn't caused by a leak, else you may find yourself gliding a flamed-out widebody over the Atlantic ... lookin' at you, Air Transat. Good flying, though. ;-)

CME Holiday?

I'm being a bit tongue in cheek, but given it's only a matter of time before a really spectacular Coronal Mass Ejection crisps the grid and leaves large parts of the industrialised world with serial, rolling blackouts for months as a new generation of transformers is built, and 100 million black boxes devoted to shovelling TCP packets are replaced, how long will a "CME Holiday" be, I wonder? By making one's company, livelihood, salary, all entirely dependent on a low-latency high-bandwidth internet, one must ask: how many businesses and jobs will be lost when the lights go out?

What about contingency?

Whenever I read stories about undersea cables I am reminded that the only institutions equipped to sever them are navies, all of which are operated by governments, none of which can be trusted in the slightest, especially in times of warfare. And 'warfare' might cover more than missiles, these days, what with the rise of asymmetric ops and cyber-tactics. (One might also wonder about the security of landing zones and dry infrastructure: perhaps a radicalised nutjob could perform prodigies of economic harm with a crowbar and a can of petrol ...?)

Perhaps this seems like a paranoid viewpoint. But I would suggest that at the very least, major businesses should think hard about figuring out what happens when they lose, say, their transatlantic cables, or those to the Far East. If you were to map high-bandwidth seafloor cabling you might be surprised at how so few wires carry such vast torrents of information—I'll stick my neck out and make a wild guess that if you charted the routes, the nodes, the traffic and the operational criticality of the latter*¹, you would find some horrifying dependencies. This spectacle, visualised, could be extremely sobering.

It is extremely difficult to maintain ultra-high bandwidths without cable—and of course, satellites can be disabled or even shot down—but I wonder if we are devoting enough truly "innovative"*² thinking to other means of securely and reliably moving data wirelessly. Satellite TV and various web wheezes would suggest we are not exactly asleep on this, but who is actually looking at practical wirwless fallbacks if oceanic cables are lost? Some very clever work has been done on degradation-resistant encoding-and-encryption systems for potentially unreliable pipes, but more can be done. What could be achieved with state of the art laser tech, and satellites stationed in high defensive orbits, or even at Lagrange points? Latency might be high, but that is easier to cater for than crippling loss of overall bandwidth.

I'm not expert on this, though I've worked on the degradation-resistant stuff, so I'd be interested to know what readers think.

*¹ 'operational criticality':: clumsy phrase, and not an easy thing to estimate, I think: but basically I mean "Assess how much direct economic and other consequential damage (e.g. reputational; data breach; fractured tactical/strategic decision-making loops; loss of competitive advantage; etc) might accrue from sustained interruption of the data pipe"

*² 'innovative':: as compared with today's use of "innovative" to mean "incremental features no one asked for or needs"

WIMP

'WIMP = “Windows, icons, mouse, pointer” in case you’ve forgotten or are too young to know better'

Windows

Icons

Menu

Pointer

—surely? Mouse and Pointer is duplication.

Integrity: optional

There must be some psychological trick to it: perhaps a mental switch you can click to OFF ... because how else do marketurds manage to meet their own gaze in the mirror? I assume it is some sort of neat shortcut of the conscience which they share with others, like politicians. It enables a person to tell barefaced lies and mislead others, for no better reason than to extract money from them—and then continue walking around, talking, laughing, behaving as if nothing had happened, as if, indeed, they were actually normal humans.

I wonder what happens if the switch fails at, say, four o'clock in the morning? Does a rush of unadulterated shame lead to suicide? Or, as with politicians, is the shame gland first surgically removed as a safety measure?

How do people sleep, when their purpose in life is to lie to others in order to take their money?

May we please stop calling them phones?

Given that this review—it's interesting and informative and I have no particular beef with it—says not a word about the telephony (call reliability, dialling, contacts, dropouts, sound quality, networks) perhaps it really is time to find a new word for these versatile hand-held personal computing and communication devices we're all carting about in our pockets? When you can review a "phone" without feeling the need to mention its phon-i-ness, we are surely in need of a new label.

El Reg is the ideal place to start brainstorming ideas: it prides itself on a certain ironic and irreverent outlook, not to mention abysmally juvenile humour, and is read by one of the more informed and even sometimes intelligent audiences around here.

Let's invite submissions, which must consist of an easily pronounceable single word of no more than three syllables, preferably able to be vocalised by speakers of any language, acronyms allowed if they adhere to those criteria. Submitters may offer a single sentence <35 word justification/explanation for their suggestion. Then build up a list, and get some votes (making sure you don't allow anon multi-submissions).

How about it? Should be fun at least, and might even start something interesting.

Then there's the alternative ...

Then there's the alternative ...

... don't be a short-sighted cheapskate: if you need on-prem speed, pay for on-prem. It's one of those fusty old-fashioned solutions ... that works.

TANSTAAFL.

Real benefit—or entrapment?

a_yank_lurker said: "So we may be more wary of the list PHB fad and the experience to realize that it may be a repackaged failure from 15 years ago. And it will fail again for the same reasons it failed earlier."

Cited again because it makes the point about a lot of "modern" ideas very well. While technology is bigger and faster, the changes we've seen are mostly of incremental performance. There has actually been very little true "innovation", despite the constant spouting of the word. Most of the noise about technical advances has been marketing crap. Look under the covers for truly revolutionary innovation since 1990 and you'll be surprised how little there has been. (For all the guff about "AI", we cannot even truly simulate the brain of a cockroach in real time. That's where "artificial intelligence" really is: nowhere meaningful. "Machine learning" is a quite different beast.)

But of course it doesn't matter if your motive is to sell to gullible, credulous, lazy and above all short-sightedly greedy people—i.e. 94.73% of the western world's corporate boards and senior management. The big cloud suppliers, to take the prime example, could not care less whether their services are actually a cost-effective benefit to their customers. In many cases they are clearly nothing of the kind, and introduce major risks for privacy, security, and continuity. Marketurds' nonsense aside, the providers' interest is in convincing business to become dependent upon them. This has driven a plethora of vastly complex services, supposedly simplifying customers' ability to run their businesses, but which actually disguise the fact that they are not necessary and merely introduce unnecessary dependency. It's entrapment, plain and simple. Even pricing has been made as opaque and difficult to compare as possible, to provide ample space to obscure the all too common truth: you aren't saving money, in the long term you're wastting it.

"Cloud" is perhaps the ugliest symptom of an industry peddling snake oil by the tanker—an industry in which vast gigabytes of code and libraries are thoughtlessly executed to do the same job performed more reliably and transparently 25 years ago by two megabytes of good tight programming.

If the older generation present a handicap to companies like IBM, it might be that they do indeed recognise the mountain of bullshit, and are torn between the need to bring in the cash, no matter how dishonestly, and the old-fashioned idea that you should, in fact, actually help your customers.

And the proportion wasted through government incompetence is ...

No surprise that, where politicians' deceitful porky fingers meddle, lies and spin emerge. It seems to be the default early-21st-century setting for "democracies": even our Foreign Secretary is a bald-faced serial liar, so really, what else could one expect?

But I'd be interested to see whether, cloudy or not, the proportion of money wasted on IT projects changes in any way. The government record for IT procurement is one of disgraceful incompetence. Will shifting some of the spend to SMEs make any difference? Because that would, actually, be ratther interesting.

OldGit

OldGit—includes a plethora of appropriate mental images for UK readers, including imminent obsolescence, and correctly implies that all sentient users not yet victimised by Microsoft's "ecosystem"*¹ will be heading for something younger, better and less likely to become toxic.

*¹ "Ecosystem": Trap floored with poisoned punji sticks—refers to commercial practice of attempting to entrap paying customers via contrived dependence, usually on false and superfluous grounds, thereafter to squeeze their wallets until they die.

"El Reg's highly capable ad operations team"

"Of course, before anyone asks, El Reg's highly capable ad operations team works hard around the clock to ensure our ads are not only served to and seen by millions of real eyeballs each month, but are also high quality and safe."

But in truth I could not care less because there is not the remotest chance I'll ever click on any of them.

My wild guess is that a vanishingly tiny percentage of El Reg readers purposely click on any ad, of which an even more invisible proportion go on to to purchase the advertised item.

At what point will we all simply accept the truth? Internet advertising is ghastly shit (even worse than radio); so-called targeted advertising is just laughably crude, useless and may even be counterproductive; most of the purported activity is either fraudelent or simply wasted clicks; and the only people pushing the concept are those with an interest in perpetuating the myth that any of this pointless crud actually works. Yeah, I'm looking at you, Google, whose business was founded upon Pure 100% Certified Horseshit.

The Mainframe is Dead: Long Live {Enter Rebranded Shyte Here}

Sometimes you wonder whether the people coming up with this new jargon really are historically illiterate twits who simply can't be bothered to read about computing from the ancient era of, say the 1990s; or are just cynically and knowingly rebranding old ideas in order to exploit the current generation of fadheads*¹. It's even more dispiriting when even engineers, who really ought to think about things with scientific rigour, get sucked into this nonsense.

I'm beginning to think we need an acronym for Old Concepts Renamed And Polished?

*¹ 'Fadhead': n. Person whose unimpressive intelligence, usually accompanied by bonus-seeking behaviour*², manifests as gullibility in paying for freshly polished and renamed turds. Collectively known as 'management', sometimes as 'a boardroom of fadheads'.

*² 'Bonus seeking behaviour': MBA term of art for gaining short-term rewards through 'cost savings' which prove in the longer term to be precisely the opposite.

Delusional Brexiters

We want to leave nasty old Europe, whine, lie, snivel, whine

But we thought we could keep all the good bits, whine, lie, snivel

So let's blame Europe for our own moronically fucking stupid decisions, snivel, lie, whine

There's a phrase for the endlessly deceitful, imbecile Brexiters: You made your bed. Now lie in it.

Here he goes again ...

An absolutely perfect example of a device which would be hugely improved with the use of the flip/clamshell form factor. (I still have an old XDA in the Obsolete Phones Box—Section 17, Box 5, Stratum 49 in the attic.)

I remain baffled that no major manufacturer will abandon the lemming-like horde following Crapple's never-to-be-sufficiently-damned candy-bar all-screen guaranteed-breakage design, instead to give us a smartphone with the main hi-res display inside and a simple (maybe e-ink) notification display on the outside, using one of the inner surfaces either as screen extension, soft keyboard, or even, in this case, as an actual physical keyboard.

Hell, you could even go modular and build phones with replaceable halves. Your choice whether to travel today with a big screen comprised of two halves, or a physical keyboard, or a larger battery ... there are all sorts of possibilities here, some practical, some maybe less so, but what I really don't see happening in this industry is true, bold, imaginative innovation.

Innovation. The word is used a lot by the marketurds ... but it ain't happening.

Bad ideas which at the time looked like ... bad ideas

Credas: " 'Many suspect that Loon will also join the list of projects that seemed like a good idea at the time but really weren't.'

"More like the equally long list of projects that seemed like a bad idea at the time and really were."

Jake: "Not unless you can name a government that would welcome such a service in their airspace that was completely out of their control"

Per the first quote, there will be plenty of us utterly unsurprised by the failure of Facebook's idiot wheeze. Because it always was an idiot wheeze. Using heavier-than-air craft for a project like this was never going to succeed economically, and was at best a borderline engineering proposition, for reasons enumerated by knowledgeable folks even as Facebook's marketurds were busy blathering about cutting edge technology and brilliant innovation—as if technology can overcome either the laws of physics or the (albeit vaguer) ones of finance. The mention of hubris has it exactly right. The Age of Stupid does seem to include some nominally intelligent and even well-educated people who nonetheless lack the wisdom to appreciate that just because something might be technically feasible, and is "innovative" (a word rendered meaningless by those same marketurds) does not mean it's either practical, or worthwhile or actually any better than tried-and-tested alternatives. While some of these bright young things may be techies who really believe they are having new ideas (and know nothing of history), I suspect that many are actually management types who fall victim to the political vice of believing their own wishful crap and propaganda.

As to the second issue, this is why we're never going to see a large network of airborne delivery drones around conurbations, and a drone scheme will always be limited to quite narrow, specific and unusual conditions where both range and property density are low, i.e. countryside/rural destinations within a few miles of a fulfilment centre. Even if government was stupid enough to permit large numbers of drones to fly over towns and cities, the whole thing will grind to a halt as soon as the first two or three people are killed or injured by falling copies of Sixty-Nine Shades of Hardback Crap. It is ridiculous to pretend that these autonomous vehicles will have safety and reliability levels similar to commercial airliners. With thousands in the air, there will be accidents.

Returning to high-altitude internet for a moment, even lighter-than-air options will need to be carefully restricted, given that overland commercial supersonic travel is likely to resume. Altitudes up to 70,000 feet won't be available if there's any chance of a an SST inhaling any kind of Loon. That said, a Loon-esque system deployed regionally and for emergencies is at least a practical proposition.

In sum, for all sorts of reasons the world urgently needs to move on from the Age of Stupid Hubris to the Age of Reflective Wisdom. I ain't holding my breath.

Stable door

The horse of software paranoia fled from its stable already, and short of some kind of generally and internationally accepted standard of proof for "verifiability of benevolence" for software, the door cannot be shut.

For at least several years now, certain types of employee for certain types of organisation have taken only disposable electronic devices (phones, tablets, laptops) into China because those devices would be destroyed upon return, before being allowed anywhere near a network. For a similar period, organisations aware of serious security needs have avoided installing stuff with a Chinese component or software.

We all know why. It is incredibly easy to propagate malcious wares, and this is an ideal asymmetric intel/warfare route for many hostile or even "friendly" countires. It's relatively cheap, readily deniable and perfect for skulduggery.

The Russian government's increasingly perilous use of malware, spyware and the rest is hardly a secret. It makes perfect sense to be as wary of Russian stuff as it does Chinese. Then you can include North Korea, and from there build a long list of suspects.

In truth, only a fool assumes that the Americans, especially under Trump, don't steal everything hand over fist too, potentially with the complicity of NSA. There will be people in every major government on Earth saying "We'd be dumb not to steal everything we can reach". If Russia had e-voting, open speech and anything resembling a functioning democracy, do you seriously think the USA wouldn't have tried to thumb the scales a bit, if it thought it could get away with it?

My point being realism (no, it is not cynicism, I'm sorry to say) and the fact that no country with a scrap of sense should put trust in the bits and bytes emerging from any other country—arguably, including allies. (Britain, with its laughable "special relationship", was f**ked over by the US at least as frequently, and arguably more effectively, as it was by the Soviets since WW2, something that surprises most ordinary people.)

So I think Kaspersky are wasting their time. Countries will become increasingly careful about using only closely-monitored home-grown hard- and software, the market for carefully verified technology exchange between alliances will only grow, and we can already see the logical endpoint, where the World Wide Web is gradually fragmented by Great Firewalls, Broad Filters and Deep Inspections, into a patchwork of ever more controlled, censored and monitored national internet implementations.

This battle is already lost.

Eventually, the arrogance bill comes due

It may sometimes take an unconscionably long time, but when a person or company is an arrogant SOB, there's always, always a price to pay.

In the mid 90s, when Oracle was arguably still worth paying money for (focusing then, as it did, principally on the RDBMS and before all the other crud got stuck on like so many mismatched barnacles), its corporate and staff attitude was, shall we say, a little malodorous. There was an almost religious feel about the company and product, something which would brook no crticisim, no matter how well justified or positively expressed.

During the years since it seems to have become ever more desperate in attempting to follow, badly, where rivals have led, often well. The pattern of good products acquired, quickly ruined as an Oracle badge was pasted on along with a shoddy integration into a "suite", seems to have resulted in paradoxically more unearned arrogance as the company has fallen further and further behind. (For a long time now, to compare someone's character to an Oracle salesperson has not been a nice thing to say.)

You can't help feeling that a little humilty, flexibiltiy and willingness to learn, ten or fifteen years ago, might have made all the difference.

But now it's too late. Why would any new customer choose Oracle for anything, by this point? Really, why would you even consider doing that? There is an abundance of competitors with better, cheaper, faster, more innovative and reliable technology—who also have the great advantage of not treating their customers like dumb, ambulant ATMs.

So Oracle is actually well into circling-the-drain mode, although its installed base of hostages means it will take a long time to gurgle away. But gurgle it will. And very few of us will shed a tear.

Arrogant + Ignorant + Wrong = Her Majesty's Ministers

This is what happens when you let ill-conceived ideology infect ignorant people whose ambition vastly exceeds their ability. Not only do they routinely phuc up every single that they touch, they are overweeningly arrogant to a fault, refusing to listen to experienced people who know the topic, ignoring advice, suggestions and warnings.

The UC idea wasn't a bad one per se, but it needed professional and informed execution after a period of thorough planning and genuine consultation. As soon as it became a political plaything—especially in the hands of one of modern Britain's most blitheringly, transparently stupid ministers, Iain Duncan Smith—it was doomed. There were many points at which the sober warnings of knowledgeable people could have been listened to, and corrective action taken: but polticial ego insisted that government knew best, even as its failures and stupidities paraded past daily.

I don't criticise ministers for deciding that a streamlined new system was needed. But their staggering incompetence in implementation is simply shameful, and their arrogance in ignoring experts unforgivable.

Back to the old ways?

In a way, the arrival of deepfakes tech and its inevitable use as a propaganda tool—yes, inevitable, beyond question: Vlad The Emailer's little crew of scumbags will be all over this like a rash, right now—might actually turn out to have a silver lining.

The point case is undoubtedly politics. And few would disagree that 21st century politics, even in the west, is suffering a crisis of falsehood, corruption and democratic deficit. So consider: if politicians are routinely faked in video, with footage available everywhere, pretty soon no one with a scrap of sense*¹ will believe what they see. Mainstream media will try to defuse this by employing Fair Witnesses to certify that video is true to life, but the level of distrust is still going to be sky high. (Fake video won't harm pathological liars like Trump: it'll actually help him, because he will claim that the asburd lies and contradictions shown on the screen were made up by enemies. After all, grown-ups already find it hard to believe that a human being as patently unfit, ignorant and downright ridiculous as Trump is president at all.)

A century or more ago, a politician wishing to spread their message, demonstrate intelligence and integrity, show compassion, decency and wisdom, and sell themselves to the voters, did this by frequently appearing in public. They'd get up on a soapbox, schedule a meeting in the town hall or the church or the factory, and spend hours, if necessary, speechifying and taking questions. It was often a rough and rowdy business, because they'd meet both supporters and critics and have to develp masterful powers of persuasion and quick thinking.

In fact, that is so far from (to take one one example) Theresa May's spectacularly cowardly tour before last year's election—doing anything to avoid a critical question, packing every venue with guaranteed supporters, scripting everything—that you have to wonder whether this might an excellent way to filter out the dross. Instead of the lying 'Career Politician' hypocrites who can barely read a teleprompter and never answer a straight question (the appalling May, again), we will get people who have the mental robustness, commitment and intestinal fortitude to tour the country, to meet ordinary people, to make their case in words folks can understand, to show that they can actually think about and answer tough questions. Is there a better way to establish a persona that voters can relate to, and perhaps have trust in? Far from the shallow, lazy imbeciles so common in Westminster now, we might actually return to having MPs who are intelligent, energetic and willing to work hard for their beliefs.

All of that said, however, there remains the question of how people communicate their audience experience to each other. An anonymous internet—which personally, I am thinking, has turned out to be a terrible thing, as a place for the worst cowards and vilest bigots to hide—may yet make a mockery of even the best candidates' performances.

I guess we're going to find out.

*¹ "no one with a scrap of sense" = excluding the frothing, hate-filled denizens of right wing echo chambers, some of whom seriously believe that the colour of the outer millimetre of a person's epidermis means something. Racism: the equivalent of a forehead tattoo saying "Thick as Shit"