How to Access the Root Directory on a Lumia Device


, , , ,

Open Windows Explorer, navigate to Computer, and drag the ‘OSDisk (C:)‘ tab to the desktop to create a shortcut.


Connect the phone to the computer, access its Phone directory and drop the shortcut there.


Now the File Explorer on the device has a shortcut that will navigate to the filesystem’s root directory.


Government Age Verification: A Bad Solution to the Wrong Problem


, , , ,

This barely got a mention on The Independent’s site:

‘The Government has recently been looking to introduce new checks to ensure that adult content can only be viewed by those over 18. To do that, it will introduce age verification schemes, and sites that don’t implement them will be rendered inaccessible from within the UK.’

The problem with this is twofold: First the government would need to implement some form of Internet ID scheme, and this comes loaded with potential issues. Obviously they can’t use IP addresses, since multiple people could be on the same network or even the same computer. They could use a centralised identity assurance scheme, but that would result in event logs recording who visited what, and I don’t think anyone’s stupid enough not to use Tor and VPNs instead. A likely candidate is Verify, which is actually intended for identity assurance with trusted parties, and it could become essentially the National Identity Register we (including yours truly) campaigned against last decade because there were serious trust issues. Additionally this could pave the way for an Internet ID system that should be avoided for similar reasons.

Secondly, the government would have to block access to any sites that didn’t comply with the age verification thing. The systems for implementing that have been deployed since before 2013, and we know the filtering can readily be applied to other categories of Web content – for example, I found it blocked access to sites related to to e-cigarette suppliers, hacking and martial arts for a couple of months. It’s entirely possible that a future government would selectively block access to something like Wikileaks and campaign groups on the grounds of some ‘hate speech’ or ‘anti terror’ laws.

Simply censoring stuff doesn’t address cause, and attempting to enforce morality on a single issue doesn’t work in a society that encourages consumerism, double standards, decadence, moral relativism, self entitlement and lack of community. If young people spend most their nights holed up with their pornography and games (instead of going to Church!), there’s a deeper and more serious problem. So, yes, I think there’s a problem related to pornography, but glossing over the situation with a Web filter that could easily be abused and repurposed is even more morally ambiguous.

Could a Person be Charged for Researching and Teaching Encryption?


, , ,

None of the laws Samata Ullah was charged under (especially Section 57 Terrorism Act 2000 and Section 5 Terrorism Act 2006) mention encryption, privacy software, blogs or the specific items he was found with. So why was this relevant?

Reading each charge against Ullah, you’ll notice there are two important elements to each one: a) Intention and b) Action. In each, Ullah was charged either because:
1. Intent made the action an offence
2. An action implied intent

Most the outcry was actually related to the third charge (under Section 5 Terrorism Act 2006), which is worth quoting in full:

‘Count 3: Preparation for terrorism. Between 31 December 2015 and 22 September 2016 Samata Ullah, with the intention of assisting another or others to commit acts of terrorism, engaged in conduct in preparation for giving effect to his intention namely, by researching an encryption programme, developing an encrypted version of his blog site and publishing the instructions around the use of programme on his blog site. Contrary to section 5 Terrorism Act 2006.’

A reading of that part of the Terrorism Act reveals the following:

‘A person commits an offence if, with the intention of—
(a)committing acts of terrorism, or
(b)assisting another to commit such acts,
he engages in any conduct in preparation for giving effect to his intention.’

The important words here are ‘intention’ and ‘any conduct’. Samata Ullah wasn’t arrested simply for researching privacy technologies, posting them on a blog and teaching others how to use encryption – all these are perfectly legal. What he was actually charged with was having the intention and for ‘giving effect to his intention’.

Intent and Action
To give a common real-world example of this, we might a) disagree with mass surveillance, and b) use encryption and anti-forensic tools. Since neither of those things is (yet) a crime, no offence is committed.

I could take this a step further and say that, quite legally, one might a) take an academic interest in malicious hacking, and b) research and develop malicious hacking tools. Again, since neither is a crime in isolation, no crime is committed by doing both the above – having an interest in malicious hacking wouldn’t imply the researching of it is criminal. If a was substituted with ‘intention to maliciously hack something’, then b would become an offence.

What’s different between that and Ullah’s case is a) Ullah intended to actively aid a terrorist group, and b) Ullah researched an encryption programme, developed an encrypted version of his blog site and publishing the instructions around the use of programme on his blog site. The police argue that a that made b an offence by implication.

It follows that if Ullah had a history of being a privacy activist or an academic interest in this area before he became involved with terrorism, it would have been much harder to make an unambiguous connection between his intent and his actions. If there was no prior interest in encryption and privacy before getting involved with a terrorist group, it’s reasonable to assume there could have been no other context in which he was researching and teaching encryption.

Actions that Imply Intent
The one charge that would potentially have implications for freedom of expression is actually the sixth one:

‘Count 6: On or before 22 September 2016 Samata Ullah had in his possession articles namely a book about guided missiles and a PDF version of a book about advanced in missile guidance and control for a purpose connected with the commission, preparation or instigation of terrorism, contrary to section 57 Terrorism Act 2000.’

The reasoning here is based on the idea that posession of certain items could imply an intent to commit an offence. This is tricky, because not only is it more subjective, the defendent would have to demonstrate s/he didn’t have the intent.
A more common example of this would be the gray area around martial arts and weaponry. It’s perfectly legal to carry weapons, adequately secured, to and from my place of training. If I carried the same weapons around on a night when I’m not training, that would imply criminal intent as there’d be no legitimate reason for having them. The same applies when carrying anything that could only reasonably be used as a weapon.

This is the reasoning applied in Section 57 of the Terrorism Act 2000:

‘A person commits an offence if he possesses an article in circumstances which give rise to a reasonable suspicion that his possession is for a purpose connected with the commission, preparation or instigation of an act of terrorism.’

But in this case Ullah was charged because he possessed literature, not weaponry, which raises the question of whether someone should ever be busted for reading the wrong literature or having the wrong books. This is what I’m a little more worried about.

SQL Relay 2016


, , , , , , , , ,

Surprisingly this conference had more to do with Microsoft’s Azure than SQL itself. The slides should be published sometime next week.

Azure Machine Learning
The point of this demonstration is that one doesn’t need to be a data scientist in order to apply Azure’s machine learning to data sets. All that’s needed is a general understanding of the available algorithms to determine which is best (a cheat sheet is available for this), and some fine tuning of the machine learning model.
This included a run-through of creating a Microsoft Azure Machine Learning Studio project using the tutorial and readily-available data sets.


After describing the main algorithms (clustering, tree, etc.), Andre Melancia took us through the Experiment Tutorial that performed income predictions based on a database of demographics, and showed us how the machine learning model can be tuned for greater accuracy.


Web Services can be created to enable other applications to use the machine learning model, and no coding is required for this either – the input and output components are simply dropped into the graphical editor.

Career Development and the Cloud
Ryan Yates, one of the main founders of the PowerShell community in the UK, gave us some words of wisdom on career development – the main one being that a typical IT professional must become increasingly multi-skilled to survive. Which is very true, within reason. I’d counter that some recruiters, for lack of understanding, grossly underestimate what it takes to develop and maintain technical expertise. It’s kind of unrealistic to expect anyone to be a ‘full stack engineer’, to match the collective expertise of a team of specialists. Just a few days ago some recruiter contacted me for advised on LinkedIn, because he couldn’t find someone experienced in systems administration, DevOps, and some vendor-specific infrastructure management things.

We also had some pointers to developer communities and conferences.

Internet of Things, Rasberry Pi, Azure and Analytics
Basically how to make a Rasberry Pi stream data to the Azure IoT Hub and get some analytics. At some point I might replicate this demo to show what actually happens behind the Internet of Things. Or perhaps to show how IoT data streams could be used with a machine learning model.

I didn’t know it was possible to install Windows 10 on a Rasberry Pi. Well, it’s actually a scaled-down version of it called ‘Windows 10 IoT Core‘, and it requires Windows 10 on the development machine also, unless you’re using the NOOBS installer. Once it’s loaded, Windows IoT Core runs a Web server and RDP server – either can be used to manage the device. What Paul Andrew did was set this up, on a Pi with a sensor board, and basically get it streaming data to Azure.

On the Azure side, there’s an ‘Azure IoT Hub’, which mediates between the device and the Stream Analytics feature. It’s also where the device is registered and the connection string to the Azure service is acquired.


Result? The whole setup worked flawlessly, and Andrew ended up with a dashboard showing the temperature and light sensor readings from the Pi.

Microsoft Data Platform
Essentially an hour-long marketing session with a few cringeworthy videos thrown in, but it’s an exposition of the direction Microsoft’s technologies/services are progressing. The long and short of this was that things are moving away from on-premises servers to Azure, and from the old analytics to machine learning and the Cortana Intelligence Suite.
Also important to note is that almost all the businesses sponsoring this event specialise in analytics services.

How not to do Collaboration
There’s not much to say about this, but it’s about how not to communicate if you want to get things done. Richard Munn was entertaining nonetheless. The points I can recall:
* How teleconferencing doesn’t work with too many people.
* Don’t give meeting rooms stupid names that don’t indicate their location. Think about whether you actually need to have a meeting in the first place, and definitely don’t arrange meetings for the first thing in the morning, or last thing on Friday.
* Developers and project managers have different ideas of what Agile is.
* Products/solutions should be piloted by the people expected to use them.
* Collaboration isn’t the same thing as management, and likely shouldn’t involve hierarchy.

That the conference focussed primarily on Azure rather than SQL itself is important. In Microsoft’s data platform vision, SQL is just one of several components, an enabler for the analytics, machine learning and other abstractions that businesses are expected to make use of. As such, a much broader range of skills would likely be expected of future database admins.

Conference Notes: Professionalising Healthcare Informatics


, , , , , ,

A session at the recent conference wasn’t just about raising the profile of the informatics field, or about professional skills, but instead putting forward an idea for evolving healthcare informatics into an actual profession.
There are arguments for making healthcare informatics a profession in its own right: We handle specific types of data, develop systems and applications specifically for healthcare service delivery, we mitigate specific risks, and it requires some understanding of the data our systems are processing. Informatics has become far more than an auxhilliary resource. As such, anyone should expect a minimum standard of competency and accountability among those of us handling large volumes of patient information, and among those of us who approve clinical applications as being safe for deployment.

Actually something like this could be beneficial to the industry in general. Significant data breaches and privacy violations have become too common, and evidently the current ‘safeguards’ aren’t working. I often hear the adage that there are two types of company: those that have been hacked, and those that don’t know they’ve been hacked. I’ve also heared it often repeated during my undergraduate years that organisations can’t prevent themselves being hacked, but can only mitigate the effects of being hacked. Those statements kind of give the impression that doing the bare minimum is acceptable, when a lot more should be done to prevent data breaches.

I’m not saying IT generally should become a regulated profession – that would unrealistic and a bit stupid. What I’m saying is it would be nice to have a register of professionals that we, as consumers and patients, know could reasonably be trusted with our personal information. It would also be nice to replace convoluted and ambiguous ‘privacy statements’ with a clear and transferrable code of ethics that professionals are genuinely committed to. The UK Council for Health Informatics Professions (UKCHIP) is attempting to put that idea into practice, but the consensus seems that UKCHIP doesn’t quite carry the same weight as BCS membership, and the latter is the way to go.

To say the BCS is irrelevant would be unfair, but it’s certainly under-represented outside academia in my experience. Among the 40-odd people representing all the departments in and around informatics at the conference session, hardly anyone claimed membership of the BCS. Members are also a very small minority among the Unified.Diff and South Wales Linux User Group – the people who are passionate about their areas of expertise. Why is this?

First reason is that computing is vastly different from the medical profession, since anyone could develop software, create an online service and teach others the skills without being formally qualified – which is a good thing, in my opinion. While BCS membership should imply a level of competency and experience, the reality is people do establish themselves in the field long before they’re eligible for full membership. When you already have a career, other certifications and professional recognition, the ‘MBCS’ postnominal would be superfluous.
Thirdly, we have certifications for everything, pretty much: CCNA, MCSE, GCFA, GREM, CISSP… These are generally more indicative of a person’s competency. For this reason I’d argue that UKCHIP would be more appropriate for establishing a register of informatics professionals.

What the BCS does have, however, is the potential to become relevant earlier on in peoples’ careers. A person could technically apply for ‘affiliate’ status, and receive some mentoring and work on Continuing Professional Development plans. Although not well advertised, the BCS talks and the Turing Lectures are also first class in terms of content and the materials available. In fact, I’m considering membership primarily for the access to academic journals.