ARM in play again

ARM in play again

I was interested to learn that ARM is in play again, although curious to learn that Nvidia might be its suitor, and even more interested to learn that Nvidia has overtaken Intel as the world’s largest chip fab. How did that happen? Nvidia sell on consoles as well as PC/laptops and games platforms are it seems another good whose demand has been boosted by CV19 and that the global demand for cycles has been driven by HPC and AI recently where the Nvidia  are competing architecturally with Intel, although they need a CPU to complete their portfolio. It may be a better fit than I’d thought.

I have to laugh a bit, as Intel drove the final RISC players out of the market by leveraging the volume of the consumer product design, and it would seem, have been bitten in the arse by the same thing. These products require volume, and production will coalesce towards the low price duopoly.

ARM was bought by Softbank, for £24bn cash, just under 4 years ago; they are a Japanese venture/hedge fund which has famously had it its own problems. I wonder what they did with the money as some of their principals are now bleating for state protection as Nvidia is a allegedly an inappropriate owner of the chip designers. The Verge heralded it as another proof that intellectual property has value. The Register reports that the big stake holders have been insuring themselves against losing access to the intellectual property.

In this article on the BBC, they returned to Herman Hauser, one of ARM’s founders, who voted against the deal in 2016 who shares his fears for access to the technology of bought by another market participant, and possibly the decommitment to the Cambridge campus, which is a security of supply issue, but this Govt. is unlikely to do much and it should be safer owned by someone who wants the ideas rather than an organisation which just considers it a red-ink line in the P&L. …

There’s no divorce in Bitcoin

There’s no divorce in Bitcoin

I attended a presentation hosted by the BCS, and given by Ron Ballard, based on his article in IT Now, “Blockchain: the facts and the fiction”. What he said inspired some thoughts and reminded me of others, some of which I have previously published on my blog. I wrote an article, called Learnings of Bitcoin, which was meant to be a spoof on the Borat film title and posted it on my linkedin blog, The article looks at the tight coupling of Bitcoin, and its consensus mechanism, the proof of work, together with its costs and vulnerabilities. It examines the goal of eliminating trust authorities and its questionable ability to meet the necessary roles of money as a means of exchange and a store of wealth. In the comment pushing it, I say, “This might be a bit basic for some, but you can’t have a coinless immutable blockchain, at least not one based on ‘proof of work’.”, at which point you need to consider if there are better data storage platforms for your use case.

Ballard is an anti-bitcoin polemicist and his anti-slide is comprehensive, although it misses the asynchronicity; I am less clear about his assertion that relational databases are good enough. Stonebraker in his paper, “The End of an Architectural Era (It’s Time for a Complete Rewrite) § 6.[12]” identifies five use cases where relational databases are sub-optimal including stream/feed processing and also states that SQL is not suitable for all data retrieval problems. I would add that an SQL database is not immutable, and most implementations do not come with a “four-eyes” super-user implementation; much effort needs to be invested in controlling the activities of these super-users, especially to implement the “developers can’t run code, and operators can’t change code” rule.

If the only use of Bitcoin, is paying for the electricity to keep it secure, exchanges become necessary. There’s something on how is Bitcoin valued by the market, but I haven’t found it yet also marginal utility theory requires two commodities; I wonder what the alternative to the crypto-currencies is and how liquid the exchange mechanisms are? Also are we trusting the exchanges? If so, the solution is not trustless! (I mean the alternative is cash since it’s the only way we measure energy and like cycles, electricity can’t be stored.

Some have suggested that the language used such as mining, is designed to suggest that the Bitcoin is similar and as safe as Gold, which isn’t! The use of the word ‘nonce’ which in IT security field means ‘number used once’, and is part of the chain design to my mind disguises the role of this field. It is only used once, but it is the output of the proof of work.

Ballard challenged his audience to find a good use case, and to my mind the proof of work and its costs make it hard, but I wonder if either trade confirmations or P2P name resolution are potential use cases, certainly bitcoin have had to solve the later and has inspired the namecoin project. There may be better ways to do both, but doesn’t look like anyone else is working on it.

The presentation was published on youtube here … …

delicious bookmarks recovered

I found my delicious bookmarks, a couple of months ago, posted them to the blog decided to remove the easily identified as gone away and expose the tags, on the way, I removed those without descriptions. The links came from from ~3525 to ~1800. I was fascinated by this when I first discovered it, and used it as a micro blog. This is how it now looks in wordpress, but I need to put the anchor text, descriptions & tags through an ascii to html converter. The code is on github, in a repo called delicious tools. The next stage is to allow them to be queried using the tags (or not, if I think it's worth it) If interested, 'read more' …

On Record Management

On Record Management

As part of my series on devising systems to create logs to protect an organisation and its staff against charges of criminality, I posted an article on my linkedin blog called “Doing Record Management well”. It doesn’t surprise me that there is an ISO Standard (ISO 15489) on the subject, but it does surprise me that I hadn’t heard of it until I started to research some of the articles in this series.

I have a research note on my wiki, which links to the Bank of England policy and also quotes Deutsche Bank’s policy, which is available because they post it on internet. I quote it here,

Deutsche Bank’s code of conduct, see page 25, says, among other things,

“Maintaining accurate books and records is fundamental to meeting our legal, regulatory and business requirements. You are responsible for maintaining accurate and complete records and for complying with all the controls and policies our bank has in place. You should never falsify any book, record or account that relates to the business of our bank, its customers, employees (including your own activities within our bank) or suppliers. You must never dispose of records or information that may be relevant to pending or threatened litigation or a regulatory proceeding unless you are authorised to do so by the Legal Department. You must also comply with applicable record retention policies.”

DB Code of Conduct
 …

Knowledge Graphs

Knowledge Graphs

I attended a Capco/Semantic Web Company webinar, on Knowledge Graphs which provoked these thoughts, on how far we’ve come, new solutions to old problems and the social inhibitors to new technology adoption. The complexity of the data administration problem is why specialist tools have been developed and matured to the point that Gartner produce a Magic Quadrant on Meta Data Management tools, in which the Semantic Web company’s Pool Party appears as a visionary. The MQ report is currently being distributed, as is normal, by one of the “Leaders”, Informatica.

Andreas Blumaur, who was one of the speakers, repeated his suggestion, start small with committed users and that possibly the best 1st solution is a semantic search. (I thinl I’ll have another look at implementing something on my wiki.)

I have felt for a while that semantic web technology could be used to match work to resource in the cloud, with cloud entities advertising their capability using XML, it shouldnn’t be a stretch and with Azure, these systems are being defined in XML. The other application that interests me is if the XML/RDF models can be used to create a model of the person in the enterprise, maybe implemented in SQL; my current researches have not been fruitful. …

E2E & Zoom

E2E & Zoom

The Zoom CEO stated at an Analysts Conference that they planned to introduce End to End Encryption (E2E) for their paying customers. At the moment, zoom does not do E2E encryption, they are encrypted between the user device and Zoom’s servers, but zoom’s servers can be tapped. This means that GCHQ can’t see what’s happening, but the NSA & FBI can. (This assumes that GCHQ can’t break properly configured TLS.) In the end, doing zoom rather than skype or google hangouts, if you believe them to be more secure, is like going to a meeting and trying to spot the special branch cop, preferably before you’ve fucked them. The rest of this blog discusses the issues of the device security, technical complexity, and the problem of user identity. See below/overleaf …  …

Can’t make it up

Can’t make it up

A note on LinkedIn on why managements need IT usage policies to prove their compliance and to act legally and fairly towards their employees. I suggest that ISO27001 is useful as a technical standard and COBIT as an organisational one.

This was written in the light of a couple of cases I had to deal with as an accompanying rep. or as an advisor.

You can’t claim that users are not performing if you can’t prove the IT systems work as documented. You can’t pursue a conduct disciplinary against people operating a policy. You can’t fulfil FOI or SAR requests if the data retention policy is suspect. You can’t be sure that corruption has not occurred if there is inadequate segregation of duties.

Having policy will help the organisation answer the following questions. Is our software supported?  Why and how was that data deleted? What should be logged? Who has permission to read, amend and run these programs and/or this data? Are our vendors signed up to our IT security goals? Why do you not know this?

This is all defined in these standards, and the GDPR makes certification to good practice evidence of good will. ISO27001 and COBIT are the big boys in town to prove technical and organisational protection.

You can’t make it up anymore. …

Theory matters!

Theory matters!

I have just posted a blog on linkedin about business and IT strategy.  I say a bit more here! This was provoked because I was doing some research for a job application which involves IT strategy. I was considering the alignment of business strategy with that of the IT department and what I might say. I outlined three models, although they were all developed a while ago, I think they all have relevance today. The three models address business strategy, software portfolio management and architectural pattern selection. Business strategy should drive portfolio and project management choices. While business strategy will outline how to do what must be done, it also defines what will not be done.  Portfolio management determines the allocation of development funding, priority, maintenance funding, project risk appetite, people skills, project governance and software sourcing policy and as result of choices made, one can select the appropriate platform super architectures, of which you may need more than one. I conclude that theory matters. See more below/overleaf … …

More on Free broadband

More on Free broadband

One of the allegedly glaringly popular promises in the last Labour manifesto was the promise of free broadband. I wrote about it a couple of times and decided that though it was desirable, the failure to socialise it both within the movement and society as a whole allowed the promise to be undermined by questions of cost. I concluded the article above by asking “why not free water?”. One of the answers to that is that much government business, which it requires those most likely to not have the internet requires its use, on the one hand, recording business activity and on the other claiming benefits and maybe equally importantly writing to one’s MP or Council. The idea came from two sources, one of them the London CWU who issued a pamphlet, calling for broader public ownership of the telco and postal services on the grounds that private/market ownership was wasteful of wealth and resources, has delayed the adoption of superfast broadband, caused an investment famine and led to a pursuit of short term fashion & profit rather than investing in infrastructure for long term aggregate growth. The Executive Summary is reproduced below/overleaf. … …

Virtuality & the Labour Party

Virtuality & the Labour Party

Somewhere inside my head there’s an article on how businesses weren’t planning for a pandemic as a business continuity risk, most plans were about protecting infrastructure. My most recent linkedin article looks at the under-licensing and data leakage risks exposed by the spontaneous adoption of remote desk top technology but the country has had to adopt a much wider “work from home” practice than previously, stressing those parts of the economy that serve it, including home space and furniture supply. This all leaves unanswered how are democratic decisions being taken? Let’s look at the Labour Party; I wouldn’t want to be the Labour Party apparatchik that allowed 7.IV.H.8 (P41) 2019 to expire. It used to say,

The NEC shall invite CLPs to take part in pilots of staggered meetings, electronic attendance, online voting and other methods of maximising participation. The NEC may immediately give effect to these pilots and may incorporate any resultant rules into this rule book, subject to approval at Annual Conference 2019, when this sub-clause shall expire.

It wasn’t extended at Conference 19, and the rule now no-longer exists and virtual meetings are not permitted to take decisions. Someone’s going to be happy.

If deliberate, it’s another example of the bureaucracy just not giving a shit. …