After a while, Danae Shell got tired of hearing the same story over and over again.  “Something bad would happen to someone at work, and the story always ended the same way,” she told TechCrunch. “They just left, because doing anything else was incredibly complex and expensive.”  One doesn’t need to look far to notice that for many people, seeking legal recourse feels so daunting and complex that many just don’t try. Even for someone with a cushy tech job, the prospect of going against their company is daunting. That bothered Shell so much that in 2022, she launched Valla, which seeks to make legal support more accessible to workers.  The company focuses on employment law, and since its launch, it says, more than 12,000 workers have successfully brought complaints against employers and negotiated settlements. “The basic thesis of Valla was, ‘If we can build tools that let someone file their tax return from their mobile phone, surely we can build something that can help them manage their own legal issue,’” Shell said. Valla platform enables users to collect their own evidence, generate documents, and then talk to legal experts who “coach” them through what the legal process would be for each stage of their case. For example, Shell said, a user can keep track of an ongoing issue at work, draft a Tribunal claim, and then purchase a coaching package to prepare for the preliminary hearing. Techcrunch event Save now through June 4 for TechCrunch Sessions: AI Save $300 on your ticket to TC Sessions: AI—and get 50% off a second. Hear from leaders at OpenAI, Anthropic, Khosla Ventures, and more during a full day of expert insights, hands-on workshops, and high-impact networking. These low-rate deals disappear when the doors open on June 5. Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Berkeley, CA | June 5 REGISTER NOW Like nearly every other startup these days, Valla uses AI to streamline knowledge transfer. “The GenAI engine in our platform acts as a legal secretary in the background,” Shell said. “It does everything from briefing the coach on the case, taking notes and actions during any calls, and picking up all the admin and reminders as the case progresses.”  Investors seem to like what they see at Valla: Today, the company said it had raised a £2 million (about $2.7 million) seed round led by Ada Ventures. Active Partners and Portfolio Ventures, as well as returning investors Techstart and Resolution Foundation, also invested.  Shell said Valla started using generative AI in early 2023 and paired with the early traction her product received, that helped investors see the potential of her product.  The company will use the fresh capital to boost marketing, build relationships with worker unions and insurers, and build more AI features within the platform. After employment law, Shell said the company hopes to expand into small claims and tenancy.  “Then we will broaden out to other geographies,” she said. “We’re already looking at opportunities in the U.S. and Europe.” 

pathdoc - stock.adobe.com News DSIT makes £5.5m of funding available to new projects The government is focusing on easing the regulatory burden that can often hamper the introduction of innovative technologies in the public sector By Cliff Saran, Managing Editor Published: 22 May 2025 15:45 The government has announced £5.5m of funding to support projects that will be streamlined by the Regulatory Innovation Office (RIO) to cut bureaucracy.  The RIO, headed by David Willetts, was set up by the government to cut red tape, remove barriers to innovation and accelerate the time it takes to bring emerging technologies to market. Willetts, who took on the role of chair of the RIO in March, hopes to shape regulatory approaches that empower new technologies, supporting Labour’s pledge to bring the UK’s most promising new technologies to the public quickly and safely while kickstarting economic growth. The Department for Science, Innovation and Technology (DSIT) said it would offer funding between £50,000 and £1m on regulator-led and local authority-led projects, which run from six to 12 months. The projects must start from 1 October 2025 and end by 30 September 2026. The deadline for applications is 31 July 2025, and DSIT is expected to start awarding funding from 1 October 2025. This is the fourth round of funding. In the last round, funding helped Milton Keynes trial local authority drone deliveries for urgent medical supplies and environmental monitoring. The trial included exploring low-risk test flights and sensors to track the drones’ path to safely test and approve these services.  “Thanks to the RPF [Regulators’ Pioneer Fund], we’ve been able to start building the groundwork for using drones to make services more efficient,” said Shanika Mahendran, cabinet member for planning and placemaking and Milton Keynes City Council. “It’s given us a chance to explore what safety checks and rules we need to follow so we can move from just testing drones to using them in the long-term.” Read more about DSIT initiatives DSIT aims to bolster expertise with year-long secondments: To drive forward its Plan for Change, the Labour government is looking to hire 25 experts for the Department for Science, Innovation and Technology Fellowship programme. Interview – Feryal Clark, AI and digital government minister, DSIT: Computer Weekly talks to the parliamentary under-secretary about digital identity, the importance of trust and utilising the power of artificial intelligence. The Medicines and Healthcare products Regulatory Agency’s (MHRA’s) exploration of the use of synthetic data in clinical trials was another project in the third funding round. The project used computer-generated data to replace some of the participants who would normally receive a placebo. The MHRA said this approach can make trials quicker, cheaper and more inclusive, while still ensuring safety and effectiveness. Puja Myles, director of the clinical practice research datalink at the MHRA, said: “The RPF grant has given us a better understanding of the scenarios when synthetic data could be used to boost sample sizes of clinical trials. “This project is part of the MHRA’s work to promote innovation and embrace emerging technologies in clinical trials, to help get new treatments to patients faster.” The fourth round of the Regulators’ Pioneer Fund is open to regulators and local authorities across the UK, and will include projects in key growth areas such as artificial intelligence (AI) in healthcare, engineering biology, space, and connected and autonomous vehicles. “Smarter, more agile regulation is key to businesses bringing ideas to market faster, while giving the public confidence in new technologies,” said science minister Patrick Vallance.  “These projects show how regulators can work with industry to unlock breakthroughs – from autonomous drones improving emergency services, to AI that cuts the cost and time spent on clinical trials. “By backing this kind of innovation, we’re helping to make the UK the best place in the world to launch, test and scale new ideas, and drive the economic growth we need to improve lives and deliver our Plan for Change,” he said. In The Current Issue: UK critical systems at risk from ‘digital divide’ created by AI threats UK at risk of Russian cyber and physical attacks as Ukraine seeks peace deal Standard Chartered grounds AI ambitions in data governance Download Current Issue Microsoft entices developers to build more Windows AI apps – Cliff Saran's Enterprise blog Red Hat launches llm-d community & project – Open Source Insider View All Blogs

CSS grid with Galaxy layout: now available in FigmaHow I used Grid on a client website sometime ago, and share creative ideas to spark your imagination, whether you’re a designer, developer, or both.1. The history of CSS gridBack in 2005, Bert Bos published the CSS3 Advanced Layout draft. After nearly two decades of work by the CSS Working Group and passionate advocates, CSS Grid has evolved into one of the most powerful layout systems for the web and developers have been using it in production for years.Now, in 2025, designers can finally experience CSS Grid directly in Figma. Hopefully, Figma will continue evolving to support all CSS properties, functions, data types, and values, so design and code can align even more seamlessly. 🤝✨2. Observe: bringing installation Art to the webTo show what’s possible, I will show you through how I used CSS Grid to recreate a large scale installation artwork on the web from concept to implementation. Galaxy (2016) is one of the signature works by Korean contemporary artist Kim Eull, consisting of 1,450 individual drawings. The moment I saw it, I knew it could be reimagined with CSS Grid.Galaxy, Installation, Kim Eull, 2016Galaxy, Installation, Kim Eull, 2016When I saw it, I thought it could be quite easy to re-create and visualise it using CSS Grid. 😎In summer © 2023 Disney and related entities. All Rights Reserved.But it was more complicated than I expected making the Galaxy layout in CSS Grid with 1,450 drawings 😅.The first draft grid drawingMy first draft involved sketching a rough grid layout inspired by the installation. From there, I defined the following design goals:🎯 Design GoalsThe grid container should resemble the Galaxy installation.It should be flexible and responsive across screen sizes.Each grid item should have a hover effect and link to its own content page.Each item must match the exact shape ratio (vertical, horizontal, square) of the original artwork.Specified properties and values for each grid item in WordPress so the client can easily choose and upload artwork for each grid item if he wishes to change it.⚙️ Image configurations in WordPressImage size: small, medium, largeShape: vertical rectangle, horizontal rectangle, square3. Research: CSS grid capabilities① Understand the CSS grid structureLet me briefly explain the basics of CSS Grid. Think of CSS Grid like an IKEA IVAR shelf: the container is the outer frame, and the items are the individual cells. Define the frame, decide the rows and columns, and then neatly arrange your content, just like organising your favourite shelf.IKEA IVAR © Inter IKEA Systems B.V. 1999–2023I hope this cheat sheet I made for this article helps you understand the CSS grid structure. 🧙🏻CSS Grid container and itemIVAR outer frame = grid container = parentEach cell = grid item = childCSS Grid TerminologyLine: horizontal or vertical divider (used to position items)Cell: the smallest unit of the gridTrack: the space between two lines (a row or a column)Area: a group of cells defined using grid-area② Find suitable propertiesAs you can see from the CSS Grid cheatsheet below, CSS Grid has many properties and values as well as various features. It was important to find suitable properties and values of CSS Grid for the Galaxy layout. I tried all properties and found grid-template containers and grid-area items worked best for the Galaxy layout.CSS Grid properties4. Make: Prototyping & Iterating① Sketch the layout by hand (now in Figma!)CSS Grid prototypingTo define grid-area values visually, I printed a grid and sketched the Galaxy layout by hand. Back then, Figma didn’t support grid layouts like it does now so I had to draw by hand. But now, thanks to Figma’s new Grid feature, you can map and plan layouts much more easily 🙌CSS Grid prototyping in FigmaThat said, while I really enjoyed using Figma Grid, I noticed a few limitations that made it tricky to recreate the Galaxy layout precisely.🚧 A Few Limitations in Figma GridRow and column gapsNo variable support for row/column gapsFigma only allows fixed px values for grid gaps, but I need to use primitive values from our design system library to ensure consistency across components and patterns. It would be great if Figma supported variables or design tokens for this.⚠️ Note: Gaps in CSS can use any length unit or percentage — but not fr.No visible line numbers in FigmaNo visible line numbersWhen placing images based on grid-area, it’s hard to know the exact row/column without indicators. This made it difficult to match my CSS layout precisely.Elements shift randomly when adding new imagesEvery time I added a new image, other elements jumped around unexpectedly. I had to manually re-align everything — bug or feature?Limited support for CSS grid propertiesEspecially for parent-level properties like justify-items, align-items, place-content, etc. Figma currently only supports basic alignment and fixed units. This limits the full expressive potential of CSS Grid.🙏 If you’ve found any tricks or tips for these challenges, I’d truly appreciate it if you shared them!Despite these challenges, I believe Figma will continue to evolve and support more CSS properties, functions, data types, and values, aligning design and code even more seamlessly. If you have tips for that, please share!Now, let’s go back to the process of building the Galaxy layout.② Numbering the grid linesI labeled each row and column in the sketch, these line numbers help define each grid item’s position using the grid-area shorthand.Numbering the grid linesAlso, we can inspect these numbers in the Chrome DevTools like below.CSS grid in Chrome DevTools③ Set the grid containerSet the grid container using grid-templateHere is the CSS code for the container. I used the repeat CSS function to create a certain number of columns and rows, grid-template shorthand with repeat() to create a 25×21 grid..container { display: grid; grid-template: repeat(25, 1fr) / repeat(21, 1fr);}Set the Grid Container: Repeat CSS function④ Define Grid ItemsNow I had 525 grid cells. To specify the grid item’s size and location for the Galaxy layout, I defined grid-area shorthand property for 29 items.grid-area value: row-start / column-start / row-end / column-endDefine grid itemsHere is the CSS code for the 29 items.//item position.item1 { grid-area: 2/6/8/9;}.item2 { grid-area: 3/9/6/11;}.item3 { grid-area: 1/11/6/14;}.......item27 { grid-area: 22/18/24/19;}.item28 { grid-area: 7/4/12/6;}.item29 { grid-area: 21/7/25/10;}Responsive CSS Grid test on CodePenThe grid-area CSS shorthand property specifies a grid item’s size and location within a grid by contributing a line, a span, or nothing (automatic) to its grid placement, thereby specifying the edges of its grid area. -MDNgrid-area - CSS: Cascading Style Sheets | MDN⑤ Insert Images into HTMLAs the final step, I selected artwork images that matched each grid item’s shape to avoid awkward cropping. One day, I hope we’ll have a CSS algorithm smart enough to auto-pick image ratios. 😉https://medium.com/media/7ffea08b5878827140665a540845a2e3/href5. Reflect: 3 Key LearningsAfter building the Galaxy layout with CSS Grid, I took a moment to reflect, just like in any good design process. Looking back helped me identify what worked, what surprised me, and what I’d do differently next time. Here are three insights that stood out:① Implicit grid vs Explicit gridAn implicit grid is automatically generated by the browser when items extend beyond the defined structure.An explicit grid is one you define manually using grid-template-columns and grid-template-rows.Understanding the difference helps you take full control of your layout.Comparing implicit and explicit grids in CSShttps://medium.com/media/25b574bf51ba75b81f31a1435d74c649/href👉 Watch: Wes Bos — Implicit vs Explicit Tracks② How height works in CSSThe height CSS property specifies the height of an element. By default, the property defines the height of the content area. -MDNThe height property controls an element’s vertical size.By default, it matches the height of the content inside.No content = no height100px content = 100px heighthttps://medium.com/media/2cf58e34fbb0c76baaee2454c9cc9c46/href③ fr units need explicit height💡 Height doesn’t update automatically like width does.Unlike columns, which adjust to screen width, rows using fr units don’t respond the same way. If the container has no defined height, the browser can’t calculate row heights, causing layout issues like the one shown below.fr units need explicit heightThe browser can’t calculate row heights, which can cause the layout to break unexpectedly, as shown bwhelow.The browser can’t calculate row heightsHeight doesn’t get updated automaticallyWhereas, even if there is no explicit width value in the block-level element specified, the browser automatically calculates the width value of the element by the browser size.Width gets updated automaticallyFor this reason, if you wanted to use fr unit in the grid-templage-rows property and takes up the entire height of the screen, you should put an explicit height on the container.Use fr unit in the grid-templage-rows property and takes up the entire height of the screen.container { height: 100vh; grid-template-row: repeat(6, 1fr);}https://medium.com/media/0d0238775bbfbe8ae34cf66acc89bcff/hrefEven now, I often forget CSS Grid properties when revisiting projects 😅. That’s why I created a CSS Grid Cheatsheet, a quick reference to help me remember and apply the right values fast.CSS Grid cheatsheet6. Resources to spark your imaginationDisclaimer: Parody of “I Can Be Anything” by Shinsuke Yoshitake, created by @nanacodesign for non-commercial, educational use. Original artwork © Shinsuke Yoshitake and/or its publishers.CSS Grid is far more powerful than just card layouts. Developers have explored it for years to create animations, 3D effects, and interactive designs with ease.To help you see what’s possible, I’ve collected some brilliant CodePen demos that show CSS Grid in action. These are real examples that you can explore, learn from, or adapt directly into your own projects:🕹️ CSS grid codepen collectionCSS grid codepen collection3D CSS Grid Exploding Stack by JheyIsometric eCommerce CSS Grid by Andy BarefootLayout Demo #10 — Rounded grid layout stacked: Rainbow by Mandy MichaelGenerative Kong Summit Patterns by Adam KuhnCountdown with grid css By Sergio AndradeKALEIDOSCOPE by LiamCSS Grid Ribbon layout by Andy BarefootAnimated CSS Grid (grid-template-rows / grid-template-columns) by BramusCSS Grid: Monopoly (Harry Potter Edition) by Olivia NgCSS Grid Responsive Perspective layout by Andy BarefootTriangle Grid with nth-child #CodePenChallenge by Stephen LeeResponsive Mondrian Art with CSS Grid by Ryan Yu📚 ResourcesConfig 2025: Structure your designs with Figma Grid, a new way to use auto layoutFigma’s new grid — you must understand CSS Grid as a designer by Christine VallaureA Complete Guide to CSS Grid | CSS-Tricks by Chris HouseCSS Grid Course by Wes BosGrid by example by Rachel AndrewCSS Grid Basics by Jen SimmonsWeb.dev > Learn CSS > GridMozilla > CSS Grid LayoutInspect CSS grid layoutsResponsive Card Grid Layout by Ryan YuInteresting Layouts with CSS Grid by Miriam SuzanneBuild a Classic Layout FAST in CSS Grid by Miriam SuzanneAn Interactive Guide to CSS Grid by Josh Comeau🙏 A huge thank you to all the creators and advocates who’ve shared these valuable resources. Your work continues to inspire and empower the community.💌 Any feedback or just say Hi!I’d love to hear how I can improve this article for everyone. Drop me a comment below, or reach out on Bluesky or LinkedIn.If you enjoyed it, feel free to show some love (👏) and stay tuned for more. Thank you!💜 🧙🏻‍♀️CSS Grid with Galaxy layout: now available in Figma was originally published in UX Collective on Medium, where people are continuing the conversation by highlighting and responding to this story.

Weekly curated resources for designers — thinkers and makers.“The most important outcome was that I communicated the design intent more clearly and quickly by leaning into a tool that was better suited for the job than static mockups. I don’t know how much of the code I generated was actually used by the engineers on my team. But that’s not what mattered.”Why I skipped Figma and prototyped in code instead →By Patrick MorganYour AI partner for UI/UX Design — Motiff 2.0 Beta is here →[Sponsored] Chat with Motiff AI 2.0 to bring ideas to life — generate UIs with preset styling, drag to create components, turn URLs into editable designs, edit images, and rewrite content. No switching tools. Just faster, smarter — all in Motiff.Editor picksThe tech bro era is fading →Who’s next to shape our culture?By Michael F. BuckleyHuman after all →“SaaS is dead” — you’ve heard it all before.By Luděk ČernockýWords shape worlds →The role of language in better design.By Eleanor HoweThe UX Collective is an independent design publication that elevates unheard design voices and helps designers think more critically about their work.CTA gallery →Make me thinkVenture capital can’t pretend everything is fine any more →“Here is the state of venture capital in early 2025: Venture capital is moribund except AI. AI is moribund except OpenAI. OpenAI is a weird scam that wants to burn money so fast it summons AI God. Nobody can cash out.”How to title your blog post or whatever →“You should try to make a good thing, that many people would like. That presents certain challenges. But our subject today is only how to give your thing a title. My advice is: Think of the title as classifier.”Vibe Coding is not an excuse for low-quality work →“However, as any seasoned engineer will tell you, speed means nothing if the wheels fall off down the road. And this is where the cracks begin to show — in the gap between the vibe and the reality of building maintainable, robust software.”Little gems this weekWhitewashing on Mexican banknotes? →By William CosmeDesigning in and for a world we don’t yet know →By Katherine (Kt) SullivanFigma Sites: when accessibility is an afterthought →By Kristina Gushcheva-KeippiläTools and resourcesThe AI intention matrix →Designing AI with purpose.By Richard Yang (@richard.ux)Figma’s new grid →Why you must understand CSS Grid.By Christine VallaureSupporting users with depression and anxiety →Digital empathy.By Effy WhiteSupport the newsletterIf you find our content helpful, here’s how you can support us:Check out this week’s sponsor to support their work tooForward this email to a friend and invite them to subscribeSponsor an editionSkipping Figma, human after all, Figma grid, accessibility as an afterthought was originally published in UX Collective on Medium, where people are continuing the conversation by highlighting and responding to this story.

Eight years ago, Simon Whittaker, head of cyber security at Belfast-based consultancy Instil, narrowly avoided having his front door smashed in by the Police Service of Northern Ireland (PSNI) (see photo of warrant below) and was only saved from an expensive repair job because a relative was home at the time. Whittaker was the innocent victim of a misunderstanding that arose when his work as a cyber security professional butted heads with legislation contained in the UK’s Computer Misuse Act (CMA) of 1990 that at first glance seems sensible. “What happened to me is that we were working with a client who was working with an NHS Trust, demonstrating some of their software,” he explains. “Their software picked up information from various dark web sources and posted this information on Pastebin.” This post was made on Tuesday 9 May 2017 (remember this date – it’s important) and the information contained several keywords, including “NHS” and “ransomware” (see screenshot of Pastebin page below). This accidental act was enough to trip alarm bells somewhere in the depths of Britain’s intelligence apparatus. The National Crime Agency (NCA) got involved, emails whizzed back and forth over the Atlantic to the Americans. Unbeknownst to Whittaker and his family, a crisis was developing. “We ended up with eight coppers at our door and a lot of people very upset,” says Whittaker. “It cost us about £3,000 in legal fees, when all that had happened was a few words had been posted on Pastebin. “We talk about using a sledgehammer to crack a nut, but it’s quite accurate, inasmuch as they had identified the smallest amount of evidence – that wasn’t even evidence because nothing happened – but it was enough.” And the punchline? It just so happens that the posts were identified on Friday 12 May as part of the investigation into the WannaCry attack, which caused chaos across the NHS. Whittaker’s home was raided the following Monday. So, what is the CMA, and how did it almost land Whittaker in the nick? It’s a big question that speaks not only to his unpleasant experience, but to wider issues of legal overreach, government inertia and, ultimately, the ability of Britain’s burgeoning cyber security economy to function to its full potential. Indeed, the CyberUp campaign for CMA reform estimates that the UK’s security firms lose billions every year because the CMA effectively binds them. In a nutshell, it defines the broad offence of Unauthorised Access to a Computer. At face value, this is hard to argue with because it appears to make cyber crime illegal. However, in its broad application, what the offence actually does is to make all hacking illegal. As such, it is now woefully outdated because it completely fails to account for the fact that, from time to time, legitimate security professionals and ethical hackers must access a computer without authorisation if they are to do their jobs. “It’s so frustrating, the idea that there’s a piece of legislation that’s been around for so long that was originally brought in because they didn’t have any legislation,” says Whittaker. “Somebody broke into Prince Philip’s email account, a BT account, and they didn’t have any legislation to do them under, so they got them under the Forgery and Counterfeiting Act.” Whittaker is referring to a 1985 incident in which security writer and educator Robert Schifreen hacked the BT Prestel service – an early email precursor – and accessed the Duke of Edinburgh’s mailbox. Schifreen’s archive, preserved at the National Museum of Computing, reveals how he hacked Prestel to raise awareness of potential vulnerabilities in such systems. In a 2016 interview, Schifreen told Ars Technica that he waited until after 6pm on the day of the hack to be sure that the IT team had gone home for the evening and couldn’t interfere. He even tried to tell BT what he was doing. The CMA was the Thatcher government’s response to this, and 35 years on, the offence of Unauthorised Access to a Computer is now at the core of a five-year-plus campaign led by the CyberUp group and backed in Parliament by, among others, Lord Chris Holmes. Whittaker says it is very clear that in 1990, it was impossible to predict that research would fall into the information security domain.  “Nobody expected there would be people open to bug bounties or to having their IT researched and investigated. I don’t think anybody back then realised that this was going to be a thing – and if you look at the underlying message of the CMA, which is, ‘Don’t touch other people’s stuff’, there is some sense to that,” he says. “But what the CMA doesn’t do is put any kind of allowance for research or understanding that there are cyber professionals out there whose job it is to try to break things, to try to keep the nation secure and organisations safe,” he adds. “The CMA was a piece of legislation that was very broad, and the idea that it’s still there after this amount of time, and hasn’t been adapted in accordance with the changes we’ve seen over the last 20, 25 years that I’ve been in the industry, is quite bizarre,” says Whittaker. “The legislation around murder hasn’t changed since 1861 in the Offences Against the Person Act. It’s not like the offence of murder has changed hugely since 1861, whereas the computing world has changed dramatically since 1990.” Cutting to the core of the problem, what the CMA does in practice is force security professionals in the UK to operate with one eye on the letter of the law and one hand tied behind their backs. Whittaker recounts another story from Instil’s archives. “We had a look on Shodan, and identified there was an open Elasticsearch bucket that was dropping credentials for a very large mobile phone and fixed-line provider in Spain. “Every time a new order came in, it dropped their data into this bucket, which then provided names, addresses, telephone numbers, bank details, lots of really interesting stuff,” he says. “We were very concerned about reporting this. Because we had found it, we were concerned there was going to be blame associated with us. Why were you looking? What were you doing? What was happening here? We engaged our lawyers to help us do that responsible disclosure to them. “We did it privately – we’ve never spoken about it to anybody, but we spoke with the organisation and they were ultimately very grateful. Their CISO was very understanding, but it still cost us about two grand in legal fees to be able to do it.” Whittaker can recount many other stories of how people who are just trying to do some public-spirited research into similar issues have had to either stop and not do it, or travel to another jurisdiction to do it, because of the CMA. To more deeply understand how the CMA hamstrings the UK’s cyber professionals, let’s go back in time again, this time to the early 2000s, when Whittaker, then working in software development, caught the cyber bug after a job took him to Russia following an acquisition. “One of the first things the Russians asked us was, “Have you ever had a security or pen test?’ We said, ‘No, but don’t worry, we’re really good at this stuff’, and within 20 seconds, they had torn us to pieces and broken us in multiple different ways. I was watching the test and I said, ‘That’s so cool, how do I work out how to do that?’” If the amendment comes, it will enable us to be able to compete and to protect ourselves and our citizens in a much better way Simon Whittaker, Instil About 20 years down the line, Whittaker’s company, founded as Vertical Structure, but now merging into InstilCrest-accredited penetration tester, and certified by the National Cyber Security Centre (NCSC) as a Cyber Essentials certifying body and an assured service provider for the Cyber Essentials programme. “We teach people how to break things. We teach people how to break into their own systems. We teach people how to break into their own cloud infrastructure, how to do threat modelling, so they can start to understand how to think about threats,” he explains. But in practice, this means Whittaker and his team are teaching people to do things that a court could argue is against the CMA in some way, shape or form, so in addition to the technicalities, he is also very careful to teach his clients all about the law and how to operate within its confines when brushing up against hard limits. “The pieces of paper have to be signed, the scope has to be agreed on,” says Whittaker. “When we’re teaching juniors, we spend probably half a day going through the CMA and detailing to them exactly how nervous they have to be about this stuff, making sure they are aware of it. “It is definitely at the forefront of our minds. And if there is a breach in scope, you stop. You contact the client and say, ‘Listen, we’ve scanned too many IPs, we’ve done this, we’ve done that’. You speak to the client regularly about making sure that doesn’t happen. “In all of our considerations, we would rather pull back on the project rather than risk hitting a third party when we’re pen testing,” says Whittaker. He looks, maybe a little wistfully, to the work of security researchers at larger US or Israeli security organisations that have a little leeway in such things, or to the work of those in more lenient jurisdictions, such as the Baltics, where the cyber research wings of prominent virtual private network providers churn out large volumes of research, often on big flaws in consumer technology. “You hear, for instance, stories about broadband provider X that sent this box that is rubbish and can be accessed remotely. I can hack all of those things, but I can’t go and do the research in a responsible, formal way, because if I do, I run the risk of being arrested or sued,” he says. “It’s really frustrating for smaller organisations like ourselves. We want to be able to do this research. We want to be able to help. We want to be able to provide this information. But it’s very complicated.” The Computer Misuse Act is currently up for reform as part of a wider Home Office review of the act, but progress has been shaky and stalled out several times thanks to the Covid-19 pandemic and the successive collapses of Boris Johnson’s and Liz Truss’s governments. It’s frustrating for smaller organisations like ourselves. We want to be able to do this research. We want to be able to help. We want to be able to provide this information. But [the law makes it] very complicated Simon Whittaker, Instil Cut to 2024 and a new Labour government, and things seemed to be moving again. But then in December 2024, attempts by Lord Holmes and other peers to have the Data (Access and Use) Bill amended to introduce a statutory defence for cyber professionals were rebuffed by the government, with under-secretary of state at the Department for Science, Innovation and Technology (DSIT) Baroness Margaret Jones saying reform was a complex issue. The government is considering improved defences through engagement with the security community, but Jones claims that to date, there is no consensus on how to do this within the industry, which is holding matters back. More recently, science minister Patrick Vallance weighed in after police highlighted their concerns that allowing unauthorised access to systems under the pretext of identifying vulnerabilities could be exploited by cyber criminals. He said: “The introduction of these specific amendments could unintentionally pose more risk to the UK’s cyber security, not least by inadvertently creating a loophole for cyber criminals to exploit to defend themselves against a prosecution.” But after many years and frequent engagement with the government, the campaigners, while keeping things civil, are clearly frustrated – and understandably so. They want things to be moving faster. Whittaker says reform would be the difference between night and day for his security practice. “It would allow us to be more secure in our research. I’d love to be able to just look at things in more detail and help people secure themselves. It would allow us to focus on our jobs instead of being worried that we’re going to breach something or that something else is going to go wrong. It would be a step change from what we currently see – that ability to perform in a useful way,” he says. “All we are trying to do is give our teams, these experts that we have right here in Belfast and around the country, the ability to be able to compete on a global scale. If the amendment comes, it will enable us to be able to compete and to protect ourselves and our citizens in a much better way,” he concludes. And when all is said and done, isn’t keeping the UK safe in the ever-changing, ever-expanding threat landscape more important than enforcing a blanket definition of hacking as an illegal act when cyber criminals around the world know full well they’re breaking the law and simply don’t give a damn? Timeline: Computer Misuse Act reform January 2020: A group of campaigners says the Computer Misuse Act 1990 risks criminalising cyber security professionals and needs reforming. June 2020: The CyberUp coalition writes to Boris Johnson to urge him to reform the UK’s 30-year-old cyber crime laws. November 2020: CyberUp, a group of campaigners who want to reform the Computer Misuse Act, finds 80% of security professionals are concerned that they may be prosecuted just for doing their jobs. May 2021: Home secretary Priti Patel announces plans to explore reforming the Computer Misuse Act as calls mount for the 31-year-old law to be updated to reflect the changed online world. June 2022: A cross-party group in the House of Lords has proposed an amendment to the Product Security and Telecommunications Infrastructure Bill that would address concerns about security researchers or ethical hackers being prosecuted in the course of their work. August 2022: A study produced by the CyberUp Campaign reveals broad alignment among security professionals on questions around the Computer Misuse Act, which it hopes will give confidence to policymakers as they explore its reform. September 2022: The CyberUp coalition, a campaign to reform the Computer Misuse Act, has called on Liz Truss to push ahead with needed changes to protect cyber professionals from potential prosecution. January 2023: Cyber accreditation association Crest International lends its support to the CyberUp Campaign for reform to the Computer Misuse Act 1990. February 2023: Westminster opens a new consultation on proposed reforms to the Computer Misuse Act 1990, but campaigners who want the law changed to protect cyber professionals have been left disappointed. March 2023: The deadline for submissions to the government’s consultation on reform of the Computer Misuse Act is fast approaching, and cyber professionals need to make their voices heard, say Bugcrowd’s ethical hackers. November 2023: A group of activists who want to reform the UK’s computer misuse laws to protect bona fide cyber professionals from prosecution have been left frustrated by a lack of legislative progress. July 2024: In the Cyber Security and Resilience Bill introduced in the King’s Speech, the UK’s new government pledges to give regulators more teeth to ensure compliance with security best practice and to mandate incident reporting. July 2024: The CyberUp Campaign for reform of the 1990 Computer Misuse Act launches an industry survey inviting cyber experts to share their views on how the outdated law hinders legitimate work. December 2024: An amendment to the proposed Data (Access and Use) Bill that will right a 35-year-old wrong and protect security professionals from criminalisation is to be debated at Westminster. December 2024: Amendments to the Data Bill that would have given the UK cyber industry a boost by updating restrictive elements of the Computer Misuse Act have failed to progress beyond a Lords committee. January 2025: Science minister Patrick Vallance rejects proposed amendments to the Computer Misuse Act, arguing that they could create a loophole for cyber criminals to exploit.

Casa De Blas | © Hisao Suzuki Set on a hillside in Sevilla la Nueva, a town southwest of Madrid, Casa De Blas is a distilled expression of the architectural dialectic between weight and lightness, earth and sky. Designed in 2000 by Spanish architect Alberto Campo Baeza, the house is both an act of landscape intervention and a metaphysical construct, a spatial meditation on essential form and material logic. Casa De Blas Technical Information Architects1-3: Alberto Campo Baeza Location: Sevilla la Nueva, Madrid, Spain Area: 250 m2 | 2,690 Sq. Ft. Project Year: 2000 Photographs: © Hisao Suzuki This house aims to be a literal translation of the idea of the tectonic box upon the stereotomic box. Like a distillation of the most essential in architecture. Once again, more with less. – Alberto Campo Baeza Casa De Blas Photographs © Hisao Suzuki © Hisao Suzuki © Hisao Suzuki © Hisao Suzuki © Hisao Suzuki © Hisao Suzuki The Architecture of Duality: Ground and Sky Campo Baeza’s work consistently revolves around a search for architectural clarity. In Casa De Blas, this clarity manifests as two boxes: a grounded concrete volume that holds the domestic program and a glass pavilion above that elevates the act of looking. The house is not merely built on the landscape; it is in dialogue with it. The conceptual strategy of Casa De Blas is rooted in a tectonic-syntactic opposition between the stereotomic base and the tectonic roof. The lower portion consists of a robust concrete platform embedded in the earth like a carved podium. This base supports a lighter glass structure above, where steel elements define the enclosure with minimal mass. The house engages the site with careful restraint. Rather than dominate the hilltop, it accepts the slope and turns its attention to the northern view of the Sierra de Guadarrama. This orientation informs light and shadow’s spatial organization and phenomenological qualities. Inside the concrete base, the architecture follows a precise logic. A service band is located toward the rear, while primary living spaces occupy the front, facing the landscape. Square window openings, deeply set into the thick walls, frame views with the intentionality of a camera obscura. These apertures do not merely let in light; they shape perception, creating a sense of distance and inwardness. The Pavilion as Apparatus for Contemplation Above this grounded core, the transparent upper volume serves as a lookout. Reached from the interior by ascending stairs, the glass box sits lightly on the podium, offering a counterpoint to the cave-like enclosure below. There is no visible carpentry, just frameless glazing and a white steel canopy, which shades the upper level while preserving its airy, open quality. The north-facing glass stretches toward the edge, embracing the panoramic view. On the southern side, the volume recedes to create a shaded void, regulating solar gain. This sectional asymmetry allows the architecture to perform environmentally without compromising its compositional purity. Campo Baeza describes the house as a literal translation of the idea of a tectonic box upon a stereotomic box. The reference is not metaphorical but structural and spatial. The upper pavilion is not a symbol of transparency but a mechanism for perception. In this way, the house operates as a philosophical instrument as much as a dwelling. Casa De Blas Proportion and Compositional Rigour The power of the project lies in the spatial sequence from the heavy to the light, from the shaded to the luminous. The contrast between these two atmospheres creates a duality of experience: shelter and openness, introspection and projection. The structural order contributes to this sense of serenity. Steel supports are arranged in double symmetry, reinforcing the composition’s static quality. Nothing feels arbitrary. Every gesture is reduced to its essential nature. The palette is limited to concrete, glass, and steel, yet the result is rich in meaning. The interior is equally restrained, avoiding superfluous detailing. It is architecture as a frame, a backdrop for landscape and thought. Campo Baeza’s work here touches the territory of the poetic, not through expressionism but through control and abstraction. Casa De Blas Plans Concept | © Alberto Campo Baeza North Elevation | © Alberto Campo Baeza East Elevation | © Alberto Campo Baeza Upper Level | © Alberto Campo Baeza Floor Plan | © Alberto Campo Baeza Section | © Alberto Campo Baeza Casa De Blas Image Gallery About Alberto Campo Baeza Alberto Campo Baeza is a Spanish architect born in 1946 in Valladolid. Renowned for his minimalist and essentialist approach, he emphasizes the interplay of light, gravity, and proportion in his designs. His notable works include the Casa Turégano, Casa de Blas, and the Caja de Granada headquarters. Campo Baeza was a full-time design professor at the Escuela Técnica Superior de Arquitectura de Madrid (ETSAM) from 1986 until his retirement in 2017. He has received numerous accolades throughout his career, such as the RIBA International Fellowship and the Heinrich Tessenow Gold Medal, recognizing his contributions to contemporary architecture. Credits and Additional Notes Design Team: Alberto Campo Baeza, Alfonso González Gamo Structural Engineer: Julio Martínez Calzón, MC-2 Collaborators: Teresa Campos

Group tasked with accelerating plans for new housing and infrastructureThe government has announced the appointment of Neale Coleman as the chair of the Oxford Growth Commission. The commission will identify how best to unlock new development across the city and its surrounding areas and forms part of wider government plans to boost development in the Oxford-Cambridge Growth Corridor. Coleman previously worked for the Greater London Authority as an aide to both Ken Livingstone and Boris Johnson. During this time, he was co-chair of the Olympic Delivery Group at the Greater London Authority, leading its work on the bid and delivery of the 2012 London Olympic and Paralympic Games. Neale Coleman has been named the chief of the Oxford Growth Commission He subsequently took a role in ensuring the continued redevelopment of the Olympic site in east London as deputy chair and later chair of the London Legacy Development Corporation. Housing minister Matthew Pennycook said: “I know Neale will use his invaluable expertise to help remove barriers holding up the delivery of essential housing and critical infrastructure in the city, and that he will ensure the Commission is effectively supporting the government’s wider plans for the Oxford-Cambridge Growth Corridor to raise living standards, create new jobs and bolster the country’s connectivity and energy security.” The group will focus on five initial workstreams, which include facilitating priority transport infrastructure, addressing utilities constraints and identifying a pipeline of priority housing projects. The other two workstreams will see the group work with universities to encourage private investment in skills and pilot new investment models to accelerate infrastructure projects. The commission will work closely with Lord Vallance as Oxford-Cambridge Growth Corridor Champion as well as Peter Freeman as Chair of the Cambridge Growth Company. The commission will be composed of nine representatives, including the Ministry of Housing and Homes England.