technology

Technical debt, depreciation and risk

I wrote and posted a piece on Technical Debt on my linkedin blog. Its post comment, based on the concluding paragraph says, “I look at “Technical Debt” in the context of IT budget planning and suggest that it is not such a useful concept. Using standard risk management analysis is a more effective means of planning a maintenance budget which should consist of funding for both error & risk remediation. Depreciation is a better financial model for the problem.”

There must be much written about the nature of depreciation from physical wear and tear, to the need and cost to replace due to increasing failure; perhaps I should look for some reading on how this applies to information systems. I question if software is an asset in terms of accounting theory, I suppose so because it has value in more than one accounting period, but can it be realised? I also question the value of placing a cash value on software in use, identifying its cost to acquire is potentially simple, its residual value is much harder and synchronising this change to a single corporate depreciation rule can be difficult.

Some things I considered writing about include the number of times while trying to clean up or rationalise corporate IT estates to be told that, “you’re not touching that!”. We used to joke that they’d lost the system which pays the board’s bonuses, but these systems were almost always obsolete and acted as a technology sink keep product in the portfolio that should have been abandoned. Recently I came across the phrase, fictional capital, these systems had an unknown value and the decision to leave them alone seemed based on a pessimistic and fictional view of their value. I sometimes suggested turning them off to see who squealed but this advice was never accepted.

Also it needs to be considered that the maintenance budget is a function of the size of the information systems portfolio and much of it is a fixed cost. If you don’t spend the money the systems stop and they do not vary with output. …

On DMCA takedown of youtube-dl

The EEF thought fit to comment on an RIAA DCMA takedown using §1201 of the DCMA aimed at a program called youtube-dl hosted on Github; I forwarded it via Facebook with a cryptic, acronym laden comment, and not surprisingly, some of my correspondents suggested I could have been more helpful and understandable. So I wrote an article on Linkedin, although much of it can be gained from the EFF article, however, this version includes a bit on oppressive economics of copyright maximalism, and a comment noting that Github have reposted the repo and revised their process to ensue their policies of supporting developers is fully considered when considering takedown notices. ...

Excel and Track & Trace

The UK’s world class “Track & Trace” application “lost” 16,000 cases for over a week, as reported in the Register. Plenty of people have decided to comment and so I thought I’d join in and posted my thoughts in a linkedin blog, although I start this post with a quote from the Register, including the fabulous phrase, "Ridicule and despair, those shagged-out nags of our Johnsonian apocalypse, once again trudged exhaustedly across the plaguelands of England". For more see below/overleaf ...

ARM in play again

I was interested to learn that ARM is in play again, although curious to learn that Nvidia might be its suitor, and even more interested to learn that Nvidia has overtaken Intel as the world’s largest chip fab. How did that happen? Nvidia sell on consoles as well as PC/laptops and games platforms are it seems another good whose demand has been boosted by CV19 and that the global demand for cycles has been driven by HPC and AI recently where the Nvidia are competing architecturally with Intel, although they need a CPU to complete their portfolio. It may be a better fit than I’d thought.

I have to laugh a bit, as Intel drove the final RISC players out of the market by leveraging the volume of the consumer product design, and it would seem, have been bitten in the arse by the same thing. These products require volume, and production will coalesce towards the low price duopoly.

ARM was bought by Softbank, for £24bn cash, just under 4 years ago; they are a Japanese venture/hedge fund which has famously had it its own problems. I wonder what they did with the money as some of their principals are now bleating for state protection as Nvidia is a allegedly an inappropriate owner of the chip designers. The Verge heralded it as another proof that intellectual property has value. The Register reports that the big stake holders have been insuring themselves against losing access to the intellectual property.

In this article on the BBC, they returned to Herman Hauser, one of ARM’s founders, who voted against the deal in 2016 who shares his fears for access to the technology of bought by another market participant, and possibly the decommitment to the Cambridge campus, which is a security of supply issue, but this Govt. is unlikely to do much and it should be safer owned by someone who wants the ideas rather than an organisation which just considers it a red-ink line in the P&L. …

There’s no divorce in Bitcoin

I attended a presentation hosted by the BCS, and given by Ron Ballard, based on his article in IT Now, “Blockchain: the facts and the fiction”. What he said inspired some thoughts and reminded me of others, some of which I have previously published on my blog. I wrote an article, called Learnings of Bitcoin, which was meant to be a spoof on the Borat film title and posted it on my linkedin blog, The article looks at the tight coupling of Bitcoin, and its consensus mechanism, the proof of work, together with its costs and vulnerabilities. It examines the goal of eliminating trust authorities and its questionable ability to meet the necessary roles of money as a means of exchange and a store of wealth. In the comment pushing it, I say, "This might be a bit basic for some, but you can't have a coinless immutable blockchain, at least not one based on 'proof of work'.", at which point you need to consider if there are better data storage platforms for your use case. I use more words to explore these issues below/overleaf ....

delicious bookmarks recovered

I found my delicious bookmarks, and decided to remove the easily identified as gone away and expose the tags, on the way, I removed those without descriptions. The links came from from ~3525 to ~1800. I was fascinated by del.icio.us when I first discovered it, and used it as a micro blog. This is how it now looks in wordpress, but I need to put the anchor text, descriptions & tags through an ascii to html converter. The code is on github, in repo called delicious tools. The next stage is to allow them to be queried using the tags (or not, if I think it's worth it). The wordpress plugin on broken links continues to identify those that are broken, and I usually unlink them. If interested, 'read more' …

On Record Management

As part of my series on devising systems to create logs to protect an organisation and its staff against charges of criminality, I posted an article on my linkedin blog called “Doing Record Management well”. It doesn’t surprise me that there is an ISO Standard (ISO 15489) on the subject, but it does surprise me that I hadn’t heard of it until I started to research some of the articles in this series.

I have a research note on my wiki, which links to the Bank of England policy and also quotes Deutsche Bank’s policy, which is available because they post it on internet. I quote it here,

Deutsche Bank’s code of conduct, see page 25, says, among other things,

“Maintaining accurate books and records is fundamental to meeting our legal, regulatory and business requirements. You are responsible for maintaining accurate and complete records and for complying with all the controls and policies our bank has in place. You should never falsify any book, record or account that relates to the business of our bank, its customers, employees (including your own activities within our bank) or suppliers. You must never dispose of records or information that may be relevant to pending or threatened litigation or a regulatory proceeding unless you are authorised to do so by the Legal Department. You must also comply with applicable record retention policies.”
DB Code of Conduct

…

Knowledge Graphs

I attended a Capco/Semantic Web Company webinar, on Knowledge Graphs which provoked these thoughts, on how far we’ve come, new solutions to old problems and the social inhibitors to new technology adoption. The complexity of the data administration problem is why specialist tools have been developed and matured to the point that Gartner produce a Magic Quadrant on Meta Data Management tools, in which the Semantic Web company’s Pool Party appears as a visionary. The MQ report is currently being distributed, as is normal, by one of the “Leaders”, Informatica.

Andreas Blumaur, who was one of the speakers, repeated his suggestion, start small with committed users and that possibly the best 1st solution is a semantic search. (I thinl I’ll have another look at implementing something on my wiki.)

I have felt for a while that semantic web technology could be used to match work to resource in the cloud, with cloud entities advertising their capability using XML, it shouldnn’t be a stretch and with Azure, these systems are being defined in XML. The other application that interests me is if the XML/RDF models can be used to create a model of the person in the enterprise, maybe implemented in SQL; my current researches have not been fruitful. …

E2E & Zoom

The Zoom CEO stated at an Analysts Conference that they planned to introduce End to End Encryption (E2E) for their paying customers. At the moment, zoom does not do E2E encryption, they are encrypted between the user device and Zoom’s servers, but zoom’s servers can be tapped. This means that GCHQ can’t see what’s happening, but the NSA & FBI can. (This assumes that GCHQ can’t break properly configured TLS.) In the end, doing zoom rather than skype or google hangouts, if you believe them to be more secure, is like going to a meeting and trying to spot the special branch cop, preferably before you’ve fucked them. The rest of this blog discusses the issues of the device security, technical complexity, and the problem of user identity. See below/overleaf … …

Can’t make it up

A note on LinkedIn on why managements need IT usage policies to prove their compliance and to act legally and fairly towards their employees. I suggest that ISO27001 is useful as a technical standard and COBIT as an organisational one.

This was written in the light of a couple of cases I had to deal with as an accompanying rep. or as an advisor.

You can’t claim that users are not performing if you can’t prove the IT systems work as documented. You can’t pursue a conduct disciplinary against people operating a policy. You can’t fulfil FOI or SAR requests if the data retention policy is suspect. You can’t be sure that corruption has not occurred if there is inadequate segregation of duties.

Having policy will help the organisation answer the following questions. Is our software supported? Why and how was that data deleted? What should be logged? Who has permission to read, amend and run these programs and/or this data? Are our vendors signed up to our IT security goals? Why do you not know this?

This is all defined in these standards, and the GDPR makes certification to good practice evidence of good will. ISO27001 and COBIT are the big boys in town to prove technical and organisational protection.

You can’t make it up anymore. …

« Previous