The BBC World Service is radio-only. There's a cable channel, BBC America, that's available in the US, but this never aired the programme in question. The BBC's on-demand service, BBC iPlayer, isn't available in the US. So there was no legitimate way for anyone in the US to have seen the programme, and the US court should throw the case out.

Company policy requires me to assume that there is another vulnerability that allows an attacker to run method A. It might exist elsewhere in my code or another third-party library that I ship, or it might exist in another application installed on the customer's server that I know nothing about. I could summarise the policy as, "The customer probably will get hacked at some point, but if they do, it won't be because we thought it couldn't happen."

Most of my development is in Java, which doesn't have static linking. If you write public methods A, B and C in a public class D, then compile D into a jar file, then the jar will contain A, B and C. The compiler has no way to know which methods will be called at run time. There are third-party tools that claim to be able to remove unused code, but it seems unwise to use them. Java frameworks use a lot of reflection, and with that in play, there's no foolproof way for static analysis to determine that a class or method will never be used at run time. So you have to monitor the application as it runs, and hope that your integration tests are good enough to make sure that all the code that's really needed runs at least once.

Or just upgrade the vulnerable library, and go back to doing work that customers are happy to pay for.

If the vulnerability is patched in a later version of the library, it's usually easier to upgrade than try to convince the PHBs that it's not exploitable. (Unless the patched version is incompatible with something that we can't upgrade. Been there, done that.) Just because I can't think of a way to exploit it doesn't mean there isn't one. A black hat hacker is usually more motivated to find an exploit than I am.

As well as that, some of our customers run their own security scans, and will ask awkward questions if they find that we've given them something that had known vulnerabilities when we built the release. They don't like having to take our word for it that they're not exploitable.

...vulnerable libraries which have bugs which do not affect the codebase they're used in.

Where I work, we're not allowed to ship third-party libraries with known vulnerabilities. We used to be able to get away with saying that we never called the vulnerable function, but now, we have to assume that an attacker can find a way to run it by automatically chaining exploits together. Of course, having been allowed to not upgrade libraries for so long, we find that having to upgrade them to meet some artificial security deadline means rewriting a lot of ancient code and (possibly) introducing a lot of bugs. Sigh...

I think the only Premium TVs left are the business TVs that give you meaningful mechanisms to not have intrusive "Smart" features.

Is there a meaningful difference between a Sony TV that harvests data and won't let you opt-out of "smart" features, and a Wal-mart TV that harvests data and won't let you opt-out of "smart" features?

I guess I am blessed to not be an audiophile and not have flawless supervision :)

FWIW, I have:
- a 20 yo 720p dumb 42" plasma
- a 20 yo 1080P dumb 50" plasma
- a 1yo 4k Samsung 65" TheFrame TV

That last one was a splurge I wanted because the "Art Mode" is just too beautiful, and at the time, Samsung really had the only coherent offering. (I guess there are now "off brand" ArtTV attempts from HiSense and others.. i have no experience with them.)

On the ArtTV, we watch youtube or DVDs or XBox on it a little of the time, and all that stuff looks fine to me on the 65" Samsung. But the TV is otherwise displaying pretty artwork almost all of the time, and whatever Samsung has done with the screen, dimming control, bezel, etc, really does work and really is lovely. And you don't need a service or an app to get the experience - just stick a USB full of public domain masterpieces into the TV.

Even so, the Samsung ecosystem is pretty annoying. I can have it show my images in ArtMode, but i cannot have the "real" experience you'd get with a subscription - with Art XML metadata and stuff (artist, date, etc). We don't always remember what a piece is or who painted it when it comes up..

Anyway, AFAIK, the only way to get TVs that aren't enshittified spyware is a business SKU, right?

In my house, we use Steam to play "windows-only" games on:
- Devuan with XFCE
- Devuan with Cinnamon
- Arch with hyprland
- bone stock Ubuntu 24
- ubuntu 25 laptop w/ second GPU

From my POV, there's not much need to port games to Linux. With the heroic efforts of Valve, most Windows games now just work. Win32, DX, D3D, and whatever else windows game devs have been using seems to have become the defacto reference gaming API on Linux.

Steam makes it work on every linux distro we've tried.

In writing this, it occurs to me: The F/OSS ecosystem does a very good job of re-implementing someone else's API/products (WINE, Proton, LibreOffice, etc)

The F/OSS ecosystem does a comparatively poor job at independently developing its own technology and then standardizing/universalizing those choices. E.g. the transition from X11 to Wayland; the systemd "situation(s)", desktop environments... gui greeters, audio muxers...

I think Valve has done the right thing. They made existing games work on Steam; they made Steam work on most linux distros.

Making everyone use a reference linux platform seems to be a total non-starter.

We already have a reference gaming platform: Windows 7 thru 10. And what we learned in 2025 is that Steam on nearly _any_ Linux often implements that windows reference gaming platform better than Windows 11 does.

Proprietary service drops support for proprietary protocol..

...I can see this could be useful for preventing reviews that claim I can't spell or do grammar.

It needs to be opt-in, not opt-out - not only for fear of butchering an author's beautiful sentences, but also because some authors who self-publish in English are successful enough that publishers of books in other languages sometimes pay for the right to publish a translation. Those contracts are usually exclusive, meaning that the author agrees not to let anyone else publish a translation of that book in that language. If Amazon's AI generates one without the author's knowledge, the author could get hit with a breach of contract lawsuit.

I imagine the term was invented in some meeting where a super pedantic engineer was dismissing all other concerns because they were not on his list of "functions", and in desperation the rest of the people said, "geez, ok, look, these are non-functional requirements..."

You could well be right :-) I've noticed that names tend to stick, even as the thing that the name refers to changes, so that the name doesn't really fit any more. One example that comes to mind is RAM versus ROM. RAM is random-access memory, memory that you can access in any order, instead of having to access in sequence, like a tape. ROM is read-only memory, but that's random access too. If you say "RAM", people assume it's writeable, so why isn't RAM called RWM? Or why isn't ROM called RORAM?

(My guess is it's because early computers often didn't have any ROM, and to boot them, you had to enter a simple program into the RAM using switches on the front panel. That program would then load a more sophisticated program from tape or punched cards. When computers gained some storage to hold that simple program, the thing that distinguished it from other types of storage was that you couldn't alter it.)

The way someone explained it to me was that "functional" refers to the reason(s) why the system exists. What result is the user or customer trying to achieve? A non-functional requirement is something that the system needs to make it possible or practical to meet a functional requirement, but that would be of no use on its own. A system for administering loans needs an audit trail to comply with the law and to detect and prevent fraud, but there would be no point in having an audit trail on its own.

On the other hand, from the point of view of someone in the audit team, being able to audit the accounts is a functional requirement. Maybe everything is a functional requirement to somebody.

True, but Perl isn't used for many new projects these days. Python developers are much easier to find than Perl developers, and probably cheaper, which is what this exercise is really about.

Nope. That's why I changed all my players to BlueOS.

I replaced all my SONOS connects with BlueSound node Nano devices. A pricey replacement, but worth it.

As a bonus I was now able to turn off SMB1 on my home Samba server !

The problem was made much worse by the fact that the UK Post Office is allowed to bring its own criminal prosecutions. If they had to do what everyone else does - ask the police to investigate, and the police then have to convince the Crown Prosecution Service that there's a reasonable chance of getting a conviction - many of these cases would've been thrown out for lack of evidence.