* Posts by T. F. M. Reader

1175 publicly visible posts • joined 19 Dec 2012

Page:

Bad eIDAS: Europe ready to intercept, spy on your encrypted HTTPS connections

T. F. M. Reader Silver badge

Re: Never understood certs

You are not alone. You simply can't understand certs in terms of security or privacy. They are not about either. They are about (scalable) trust. Before you even consider the question whether amazon.co.uk are jerks or you can really trust them to deliver the goods after you paid them you want to know that they are, in fact AMZN. If you don't believe that you shouldn't give them any money even over a secure channel.

Your bank might be run by some jerks whom you don't even know. The cert of the bank's site does not make them righteous or trustworthy. The only thing it does - or, rather, tries to do - is assure you that it is your bank you are talking to. You need to trust every single jerk in the certificate chain to believe it. In practice you trust the browser maker to do the checking for you, automatically. If you don't trust one of those jerks it is possible to revoke the corresponding certificate and your browser will warn you about anyone who presents that jerk as a character or identity reference.

As far as I understand the proposed law will break that trust completely. The cert can be used to make you believe that a jerk you are really talking to is the righteous and trustworthy person you think you are talking to. And you can't revoke the (trust in the) cert. From this point on you can't trust any communication whatsoever: you no longer can trust your browser maker to do the checking because they would be breaking the law by doing that. So you can't trust anyone's identity. The trustworthy guy you want to talk to is still trustworthy, you just don't know it's him on the other end of the line.

Security - including password security - is derivative. You can encrypt everything you send, but if you don't know whose key you are using you don't know who the man in the middle might be.

Your only solution in such a situation is to meet the guy you trust in person, verify that it's him (knowing him personally will help, checking his ID card or driver's license or whatever will help only if you are sure that the security services - or another resourceful organization - didn't send someone with a fake document), and exchange keys. Then you will be able to communicate securely and privately without any certs. I remember the times when it was done routinely, in F2F meetings. Not scalable, either for AMZN or your bank, and extremely difficult, bordering on impossible, even after the key exchange if either of you has resourceful adversaries (it's a great intellectual exercise to figure out how difficult assuming you have to deal with MI5/MI6/GCHQ or CIA/FBI/NSA or some other alphabet soup).

T. F. M. Reader Silver badge
Big Brother

Documentary

That amounts to telling EU citizens that surveillance cameras must be installed in their house, are mandatory, may not be disabled and you may not get any information on their use.

I always thought 1984 would become a documentary one day.

Pope tempted by Python! Signs off on coding scheme for kids

T. F. M. Reader Silver badge

Re: a Polish AI ad biz owner

Not if is done in the name of the church. Sort of like the Spanish Inquisition.

I didn't expect that!

Beethoven and Brahms move audience members to synchronization symphony

T. F. M. Reader Silver badge
Coat

Skin conductance?

So play Brahms and/or Beethoven to fool lie detectors?

Big Brother is coming to a workplace near you, and the privacy regulator wants a word

T. F. M. Reader Silver badge
Big Brother

Re: "or offsite [...]outside work hours.

From

wget -o /dev/null -O - https://www.ietf.org/rfc/rfc2119.txt | sed 's/specification/law/g':

3. SHOULD This word, or the adjective "RECOMMENDED", mean that there may exist valid reasons in particular circumstances to ignore a particular item, but the full implications must be understood and carefully weighed before choosing a different course.

[I was always slightly amused by the (quite correct) reference to "must" in the above sentence: it is an absolute requirement of the law to understand the full implications...]

[The icon is obvious.]

PhD student guilty of 3D-printing 'kamikaze' drone for Islamic State terrorists

T. F. M. Reader Silver badge

An exercise in recursion

An ISIS drone builds an ISIS drone?

Red Hat bins Bugzilla for RHEL issue tracking, jumps on Jira

T. F. M. Reader Silver badge

Re: Jira is the single source of suckage

I am a Red Hat user both at work and personally, and have been for many, many years. I have many years of experience with Bugzilla and JIRA. I have been through a few Bugzilla-to-JIRA transitions. I can only regard them as complete madness.

The "suckage" link above is good, but it's mostly about UI/UX (not only). JIRA was apparently created by people who don't understand SW development and failed - or never took - data structures at college. The most important (the only really important?) relationship between tickets is what blocks what - that determines a partial order. The appropriate data structure is a tree (or, more generally, a lattice). Bugzilla, with a simple plugin, allows one to view the dependencies graphically, as a tree, which is immensely useful. JIRA diesn't - I've been looking for years for the feature since it is so useful.

Bugzilla search and filtering is a lot saner, too. Usually no quasi-SQL queries are involved (not a big problem for me, but too often I've seen managers ask developers to create and save useful JIRA queries).

As the above link mentions there is no real difference between tasks, bugs, stories, etc. They are all things you need to do. The workflow is exactly the same. They can't really be treated differently by anyone. Inexperienced product managers often decide to make features to be developed "tasks" and bugs to be fixed - "bugs". They can't avoid mixing them, however. E.g., one can't prioritize them separately: for each new release there is a bunch of features and a bunch of fixes that customers are waiting for that will consume the same (human) "resources". If any need to be deferred or discarded - which?

And it what may be the biggest (or at least most annoying) workflow problem of all (if it was mentioned in the UI/UX link I missed it): both Bugzilla and JIRA notify you of changes/comments/etc. by email. So you get an email and see someone's comment - what do you do? With Bugzilla you can just reply to the rmail you've just got, keeping the necessary context, and your response will appear as a comment in the ticket. If you send a mail to someone or a group of people, even customers, that is related to a ticket you can just Bcc Bugzilla and add the ticket number in the subject you mail will appear as a comment, etc.

With JIRA you need to switch the interface (between mail and web), possibly more than once, just to react to a comment. In my case, since I work mostly on Linux (yes, mostly Red Hat), but for reasons of "organizational compatibility" (compatibility done backwards, of course) I do mail and some other administrative tasks on a Windows VM I need to switch VMs, virtual desktops, etc. Terrible waste. To be fair, you can email JIRA and make some garbage appear as a comment, but it will be malformed garbage. I have tried using JIRA's markdown to improve formatting - it didn't work.

In short, while it is possible that Red Hat can make it work with a tonne of customizations, etc., I think they are still mad to make this move. Or maybe just not forceful or effective enough to LART some sense into their IBM-minded bosses. Disclaimer: I am a former IBMer as well, and I did run undeclared team/department git and Bugzilla servers there. Well, before JIRA was a thing you could use. Besides, maybe it was just easier in Research.

Moscow makes a mess on the Moon as Luna 25 probe misses orbit, lands with a thud

T. F. M. Reader Silver badge
Boffin

If a spacecraft crash-lands on the moon, does it make a sound?

Yes, it does. Not through the non-existent atmosphere though, but nothing prevents acoustic waves from propagating through the moon itself.

Can you raise $100M+ from AI investors with no product? SEC says yes

T. F. M. Reader Silver badge

Remaining question

So we are looking at defrauding gullible investors to the tune of >$100M via selling them unregistered securities, pocketing some of the proceeds and investing the rest in crypto...

Will the guy share a cell with SBF?

Zoom's new London hub – where 'remote work' meets 'we need you back in the office'

T. F. M. Reader Silver badge
WTF?

I must be out of touch from all the remote work... [*]

What the hell is an "agile table"???

[*] Disclaimer: I work at the office (including all the way through Covid) and I don't do "agile". I do work at a table (a.k.a. "desk").

Pope goes fire and brimstone on the dangers of AI

T. F. M. Reader Silver badge

Re: AI is EVIL….

head of one of the most abhorrent organisations that has ever existed

The organization that promised not to do EVIL in not so distant past, you mean?

Official science: People do less, make more mistakes on Friday afternoons

T. F. M. Reader Silver badge
Coat

"people made significantly more typos"

Or maybe they do more important stuff and are more alert in the afternoons and fix more autocorrect f...wittage?

Oh, well - coat...

Arc: A radical fresh take on the web browser

T. F. M. Reader Silver badge

"Presumably, the idea is that users will run it full-screen."

Good luck with that on a Mac.

Especially on a Mac with a couple (or more) external monitors. Bring any application - say, a browser - to full screen on one of the displays and the others will go totally black. Used to annoy the hell out of me when I had to do stuff on a Mac - I wanted my VMs in full screen in Mission Control (Apple's lousy - unless you come from Windows - implementation of virtual desktops) and it was very frustrating.

'Weird numerological coincidence' found during work on Linux kernel 6.5

T. F. M. Reader Silver badge

Re: The what?

predict the future of X.com

Predict the future of X.com? Or the past?

Sysadmins are being left out of AI implementation

T. F. M. Reader Silver badge

AI for log analysis? Wrong tool for the job

What does AI have to do with log analysis? Any half decent logs will be structured enough to be analyzed - with software, yes - without any need for AI, LLM, or whetever. The manglement and marketing bods who push AI for the purpose don't seem to say anything but "the logs are lousy and really all over the place, but rather than (invest a moderate effort in|push clueless vendors towards) improving them we should better deploy a hugely expensive and not very good or precise AI to try to figure them out".

[Disclaimer: I have developed (3rd party) log analysis SW a few times in my career, but only for internal use and generating detailed reports for customers, so I am not all that much of an expert.]

T. F. M. Reader Silver badge
Coat

Re: IMHO...

[Taking a baseball bat to] nopt only the machine that runs the LLM but the printer that prints the all-important TPS reports as well.

A room-temperature, ambient-pressure superconductor? Take a closer look

T. F. M. Reader Silver badge

Re: Apatite

Superconducting teeth!

The horror.

Or a new Bond movie?

What does Twitter's new logo really represent?

T. F. M. Reader Silver badge

If Meta owns a trademark on X in the context of Social networks, surely then Twitter rebanding to X is going to infringe their trademark?

What's another lawsuit between friends?

Cerebras's Condor Galaxy AI supercomputer takes flight carrying 36 exaFLOPS

T. F. M. Reader Silver badge
Black Helicopters

The potential...

... to become Skynet is definitely there...

Google toys with internet air-gap for some staff PCs

T. F. M. Reader Silver badge
Coat

Might work for Google

Doesn't Google have most of the Internet stored and indexed on its own computers? Cutting off "the Internet" while keeping access to internal networks might just work for them then.

The one with the dog-eared printout of the page-ranking algorithm specification, please ----->

You're too dumb to use click-to-cancel, Big Biz says with straight face

T. F. M. Reader Silver badge

Those big businesses certainly know what they are talking about.

Some time ago I bought something from amazon.it, giving them credit card details and billing and shipping addresses in the process. As a thank you they enrolled me in Amazon Prime, the first month free - no clicks needed! Out of curiosity I tried to find a movie or a TV series to stream - nothing worked. I figured there was one Prime, so I tried amazon.co.uk, amazon.com, etc, directly and over VPN with presence points in the right countries - still no dice.

I had lived happily without Prime until then, so I figured I'd find the Cancel button before the free month runs out and forget about it. I succeeded, eventually, but OMG was it confusing! In fact, everything that involved me clicking on buttons, either trying to make the service work or cancelling it, was confusing in the extreme. The automatic no-click enrollment was the only exception. Conclusion: the problem lies in clicking buttons. Another possibility: I am too dumb.

See title.

OpenAI is still banging on about defeating rogue superhuman intelligence

T. F. M. Reader Silver badge

Re: "The San Francisco AI startup"

I think "startup" usually refers to a company that still burns early investors' (typically VCs') money rather than lives off sale revenues. A startup may have products and generate revenue, but is not self-sufficient. While there may be a reasonable time limit on the term I don't think 8 years is all that long, especially in an entirely new and unproven field (not "AI" but this particular niche of it, I mean).

T. F. M. Reader Silver badge

Reading comprehension

I am failing at it, miserably.

"Superintelligence will be the most impactful technology humanity has ever invented"

What's the technology? This is the first time I've heard of it. Intelligence is not technology, but "superintelligence" will be?

Eh... They can't really mean stochastic parrots, can they?

Microsoft can't stop injecting Copilot AI into every corner of its app empire

T. F. M. Reader Silver badge

MSFT are hallucinating

Judging from their use of the word "productivity".

YouTube's 'Ad blockers not allowed' pop-up scares the bejesus out of netizens

T. F. M. Reader Silver badge

I also don't allow popups

What will happen?

The world of work is broken and it's Microsoft's fault

T. F. M. Reader Silver badge

Re: Quelle surprise

Status meetings are never about the status of the project. They are about the status of the manager.

Cisco: Don't use 'blind spot' – and do use 'feed two birds with one scone'

T. F. M. Reader Silver badge
Coat

Way too complicated

Can't they suggest a rule of thumb?

LinkedIn links out of China with 716 roles for the chop

T. F. M. Reader Silver badge

When LinkedIn RIFs...

... do they also delete the redundant employee's LI accounts? Do they downgrade the accounts if there were any corporate perks attached? Do they offer free "premium" upgrades to help the newly redundant with their search for the next position?

Not necessarily in PRC where rules may be special. Just curiousity-driven.

Microsoft may charge different prices for Office with or without Teams

T. F. M. Reader Silver badge

Re: Deja vu all over again

Deja vu = all over again

Not for any of the teams Yogi berra played for.

DEF CON to set thousands of hackers loose on LLMs

T. F. M. Reader Silver badge

Re: Oh, the humanity!

Bravo Bing!

Not bad at all. To sound more human-like I'd say "sono Bing"[*] ("I am Bing") is marginally preferable to "questo è Bing" ("This is Bing") that sounds a bit like Google Translate from American - oh, what am I saying?!?!? Come to think of it, "Posso capire" has a similar smell - sounds fluent in English but, to my ear, not the most natural in Italian. I may be wrong, or biased, or hallucinating...

But seriously - not bad.

@katrinab: I guess it can indeed understand Italian - I suppose it can recognize Italian and apply the same "stochastic parrot" algorithm on whatever Italian sample it ingested during training.

[*] Can Bing be configured or trained to sound as Inspector Montalbano: "Bing sono..." ? I think it would be cool... ;-)

Modular finds its Mojo, a Python superset with C-level speed

T. F. M. Reader Silver badge

stick to what you do well

Certainly python can use a new core implementation allowing parallelism and improving performance (by a lot).

Hooking the backend to MLIR/LLVM or similar sounds a good idea.

Strong typing may certainly be useful and will be welcome as an option (to keep the original python working).

If the above can facilitate static analysis - great.

Doing all that and sticking to a language that many people use is a very reasonable approach, too.

But for heaven's sake make Lattner stick to what he does well (like compiler backends) and keep his paws from changing or extending the language syntax! He is, after all, responsible for the abomination called Swift, the only language I know in which 2+2 may not even compile, let alone return 4 (hint: it does type promotion on assignment, but not for arithmetic ops). Also the only language I know where there is a difference between the function argument's name used by the caller and the same argument's name used in the function's body. And where you need to decide once and for all, for all the client applications, whether you want your data structure to be passed by value (struct) or by reference (class). It looks like there is a difference between class (python) and struct (mojo) here, as well, as well as between def (python) and fn (mojo), and at least in the latter case you need to decide once and for all the arguments what you want to do from the start. Not a good start, IMHO.

Judjing from the docs on Modular site it does look like (half-baked?) explicit splicing of python with a subset of C++, or maybe the C subset of the latter ++ some additional features like a bit of metaprogramming.

All in all, it has potential. The backend has a good chance of being good. I am not so sure of the frontend so far - needs more work, I'd say.

Pixies keep switching off my morning alarm, says Google Pixel owner

T. F. M. Reader Silver badge

I don't use any voice commands...

... do no first hand experience, but I still don't buy it. Shouldn't the phone (and the various Alexas, Siris, and the rest) only react to the owner's voice? And if the story is true the bug seems to be quite generic: at the very least the phone should subtract whatever is coming out of its own speakers, otherwise it becomes possible to control it, to a degree at least, by sending a voice message...

Insurers can't use 'act of war' excuse to avoid Merck's $1.4B NotPetya payout

T. F. M. Reader Silver badge

I think that's the main driver of compliance business, from companies like CyberArk selling you a lot of words and a checkbox to scorecards and certifications from the likes of MITRE.

The actual value of those things is somewhat limited. E.g. CyberArk will say a lot about preventing another Snowden but in practice their methodology would be unworkable in any organization and what they really sell is a checkbox (I got this admission from a pushed-to-a-corner employee, who shall remain anonymous, at one of their customer conferences). MITRE will gladly take your money (for their non-profit purposes, of course, a.k.a. drive compensation up enough and you won't have any profits) for testing you, but they generally tell you in advance what they will test. Etc., etc.

However, to qualify for cyber insurance you need some acceptable - to insurance companies who are not cyber experts themselves - and independent benchmarks that will let you qualify for sane premium rates, and this is where compliance companies and organizations like MITRE come handy. You will pay through the nose to the former and you will demand the latter's scores from security vendors (who will pass their MITRE costs to you) to get lower insurance rates and mitigate risks if something bad happens. Just cost of doing business.

With this decision, consider buying compliance stock?

Online Safety Bill age checks? We won't do 'em, says Wikipedia

T. F. M. Reader Silver badge

Dog years

If something on the Internet gives its age in dog years the whole internet will know it's a dog. And we can't have that, can we?

BOFH takes a visit to retro computing land

T. F. M. Reader Silver badge
Black Helicopters

Re: Apple Lisa

we're now Paris-deprived

You miss her? Me too...[*]

[*] Hey! It's an experiment! In olden days the Moderatrix would've approved, I am sure.

Is your AI hallucinating? Might be time to call in the red team

T. F. M. Reader Silver badge

Oxymoronic much?

Machine-learning Ethics, Transparency, and Accountability (META)?

All that at Meta? You must be joking... Ah, no, at Twitter... OK then... Hold on...

ChatGPT creates mostly insecure code, but won't tell you unless you ask

T. F. M. Reader Silver badge

Re: What a future

I assume in the future "programmer productivity" will be measured in KLOC/sprint or something. As opposed to today's infinitely more reasonable measure of... Hold on...

I have lost count of how many times I told various people around me that software engineers are not paid to write code. They are paid to think. Writing code is trivial effort in comparison.

An LLM can't help you think. Optimizing a trivial part of the overall effort is, to paraphrase Donald Knuth a bit, "the root of all evil".

Europe wants more cities to use datacenter waste heating. How's that going?

T. F. M. Reader Silver badge

the forlorn hope that trade would somehow lessen Russia's expansion tendencies

Forlorn indeed, considering that Germany's largest trading partner in 1938 was France.

T. F. M. Reader Silver badge

...after Jimmy Carter effectively banned...

The ban was lifted (Ford, I think)...

Could you please check? If memory serves Carter came after Ford.

Pentagon super-leak suspect cuffed: 21-year-old Air National Guardsman

T. F. M. Reader Silver badge

Re: makes a smidge of difference

He didn't do it for money.

So, it's not the first of the 4 main reasons for betrayal (MICE: Money, Ideology, Coercion/Compromise, Ego), but it well may be the last.

It's time to reveal all recommendation algorithms – by law if necessary

T. F. M. Reader Silver badge

Never attribute to malice

With all your efforts to avoid data collection, even if successful, Google/Youtube might have categorized you somehow, vaguely. E.g., do you google? Have you set the search language(s), how many results you want per page, or anything else? I don't think you can do that without a persistent cookie (or a whole jar) that may then be available to Youtube. And you say yourself that you give Youtube directions - I don't suppose those will work without a cookie, either. Nor will VPN keep that jar closed. And if you don't block Google Analytics and a few hundred other creeps the rest of the Intertubes may be as capable as Youtube as far as you are concerned.

Now, let's say Google/Youtube/Chocolate Factory pegged you, with some probability, as being of age at which you might have pimply-faced kids (age being determined as a target criterion by some advertiser). Or your VPN presence point is right in the area where someone runs a campaign of some kind (which would be a coincidence). Or whatever. Those may be the only "algorithms" there are, and knowing them will not necessarily make you wiser. What the algos certainly are not is real time surveillance capitalism nightmare like "Mark's second cousin posted a picture from a birthday party tagging Mark and his teenage son, AI analysis determined that the boy has pimples, the cousin's GMail history connected Merk to a particular device with Google's super-cookie on it...." The algos are simply not that smart or complex. This must be distinguished from the capability of crunching an awful lot of collected and stored data if you are specifically targeted for some reason, but pimply-faced Youtube recommendations are simply not that important.

Point is, it may be business, not personal. I suspect that the real reason those algos are kept secret is not to deprive you of you peace of mind but to prevent advertisers from realising those algos are not as sophisticated as... well... advertised.

What if someone mixed The Sims with ChatGPT bots? It would look like this

T. F. M. Reader Silver badge
Coat

Re: Overriding limitation

Wouldn't that describe a large part of the (disenfranchised) human population too?

Yes, and this is the reason why I think the profession of "robopsychologist" will be in very high demand soon, treating both kinds of patients. If there is a real life Dr. Susan Calvin she must be just over 40 and at the peak of her career right now.

Thieves smash hole in wall to nab $500K in Apple iKit

T. F. M. Reader Silver badge

Re: Where were the plastic police?

designed to not kill us in an earthquake

That's what you hear in California. When you ask a Californian why they build from the same papier-mâché in the Carolinas where there are no earthquakes but lots of hurricanes the answer is, "Oh, there they can't afford better materials." Seriously, I had this conversation with a Californian. [Disclaimer - he said that, I am only reporting it.]

The real answer is, of course, Hollywood requirements: movie scenes where a car smashes right through a building, emerges on the other side, and continues on its way with barely a scratch look quite realistic and can be shot on location.

ChatGPT is coming for your jobs – the terrible ones, at least

T. F. M. Reader Silver badge

Maths and models

So you hire a bunch of MTurks to train ChatGPT to moderate tweets (I suppose you have to, as on its own ChatGPT has no notion of "good" or "bad"). Pick good (possibly more expensive) MTurks, let's say twice as good (and twice as expensive) as the average.

Then scale up ChatGPT annotations by a factor of, say, 10 compared to manual labour. Let's say ChatGPT mislabels 50% of [whatever] which is similar to the average MTurk accuracy per the assumption above. Let's say that the training set is 5% of the actual workload, and you've paid the MTurk "coaches" twice the rate of the production workforce. You basically reproduce the results of the paper then: 1/5th of the price, half of which is the wages of the MCoaches and half is the cost of running the training algo on a bunch of GPUs or whatever. [It is not clear whether the wages of MCoaches were included in the ChatGPT cost estimate of the article - 1/10th of manual labour cost - qualitatively it does not matter.]

So, it all makes perfect business sense, and fewer people suffer in the process while earning better than average money compared to all-manual setup. All is well.

But it's still MTurks all the way down[*].

[*] Known in the trade as RLHF - Reinforcement Learning from Human Feedback - thus hiding MTurks from the unsuspecting public.

Microsoft promises it's made Teams less confusing and resource hungry

T. F. M. Reader Silver badge

"while using half the system resources"

What's new? Teams has always used at least half the system resources.

Ammo-maker says TikTok's datacenter site could deprive it of electricity

T. F. M. Reader Silver badge

It's the largest war since WW2.

I can only assume you mean, "in Europe".

How does one determine the "scale" of a war? The death toll is one criterion (certainly a lot more people are involved or affected than dead). The Korean War, the Vietnam Was, and the Soviet invasion of Afghanistan all had a much higher death toll than the Russia-Ukraine war, all happened after WW2, and all are very well known indeed. But even at the same time with the Russia-Ukraine war the Ethiopia-Tigray(-Eritrea) conflict has killed a lot more people (and more again if you count the Ethiopia-Eritrea war ~20-25 years ago - that alone probably caused more deaths than the War in Ukraine so far). It just doesn't dominate our news cycles. I have no idea whether Norwegian ammo is involved, either - for all I know the weaponry may be primarily Russian/Chinese.

The war in Ukraine is horrible, don''t get me wrong. The point is that it still fails to give one quite the full picture of the horrors of either the past or even of today.

Gone in 120 seconds: Tesla Model 3 child's play for hackers

T. F. M. Reader Silver badge

Expect updates soon

Ubuntu took a hammering... Windows 11 was also shown to have serious flaws and VMWare Workstation was also successfully cracked.

OK, interesting and important. It would also be interesting whether there were any OSes/systems/platforms/whatever that were not cracked despite the attempts. Or were there none?

French parliament says oui to AI surveillance for 2024 Paris Olympics

T. F. M. Reader Silver badge

2 questions

1. What is the significance of the 30th of June, 2025 to the 2024 Olympics? Are they already anticipating that the Games will be delayed by a year due to some totally unforeseen biological calamity again?

2. Has the "experiment" been declared a resounding success yet?

Germany clocks that ripping out Huawei, ZTE network kit won't be cheap or easy

T. F. M. Reader Silver badge

Re: Needs A Re-write......

Has there ever been any proof of this beyond an article in one publication?

Not that I know of. The report (multiple reports, but they were repetitions) were quickly disparaged. One big reason was that it is not enough to sneak a chip onto the board - it must do something detectable to do something useful, e.g., phone home, respond to external connections, etc. Nothing of the kind was ever detected on sites that were allegedly subject to the HW supply chain attack, and those sites deployed IDSs of various kinds. Those were serious players, Amazon among them IIRC (I don't recall who else, it should be relatively easy to dig up).

This is a general weakness of these HW supply chain conspiracy theories. It is possible to place an extra chip on a board, it is not quite so feasible to keep what it does undetectable, even without super special means.

Now, if Huawei, ZTE, etc. have their equipment installed on every street corner and o military bases and in Matt Hancock's office and no one checks what they send to the mothership there may be a problem. There is no contradiction.

Microsoft picks perfect time to dump its AI ethics team

T. F. M. Reader Silver badge

Can anyone post a link ...

... to MSFT's counterpart to the "Stochastic Parrots" paper?

Page: