Posts by T. F. M. Reader

The real significance of this story...

... is that AI has truly arrived if its flaws are published in Nature!

Well, if humanity is indeed in danger then even Nature may devote a few pages to the topic, I guess.

Requirements?

A Facebook needs "hyperscale" to handle asynchronous text/image/sound/video updates from billions of users, storing the updates, disseminating them, and crucially analyzing them to sell ad spots to customers. The big advantage of "cloud" (in general, without "hyperscale") is dynamic scaling allowing Amazons of the world to handle seasonal activity surges and the like without major contortions. And these things are known to be expensive, so if you need them prepare to pay through the nose.

For an Austrian government ministry that needs to handle 1200 of its own employees and, say, rarely updated information on 9M Austrians that does not need to be disseminated on a vast scale of analyzed in real time with sub-second latency to run advert placement auctions or anything of the kind (batch or periodic analysis is not similar), and with no foreseen surges of activity, why would US-owned hyperscale cloud providers even be in the running, even without sovereignty considerations? I don't see how their real UVPs would be relevant, the needed services (redundancy, backups, DR in general, moderate scaling facilitated by VMs+containers, technical services personnel etc.) can be provided by local hosters. It is not at all clear that hyperscalers have noticeable advantages in reliability, either (ahem, AWS).

Which parts of Europe's digital infrastructure actually require hyperscale clouds? Serious question. I am not saying they are never needed, just that the requirement does not look universal or even common.

Early 1990s?

Somehow Windows NT 4 and Windows 2000 Server don't seem quite so old to me. Nor does Jim's "weapon of choice", Microsoft Site Server (the helpfully linked Wikipedia page confirms).

Doesn't mean the story didn't happen, of course.

Could we please have a new series

about Stephen's adventures as a boy scout? Maybe on Wednesdays?

In other news...

El Reg's weekly WHO, ME? feature will be written by AI from now on.

Human traits then, eh?

Many, many moons ago a big household name computer company decided that programmers should get monetary rewards for fixing bugs... I worked there, quite a while after that brilliant idea had been cancelled. It was still a part of the lore.

"AI is useful for simple, repetitive tasks"

The whole point of programming computers is to avoid doing simple, repetitive tasks. Resorting to prompting AI (not a simple task, in my experience) to do stuff repeatedly doesn't seem a right approach - you still do stuff repeatedly, so where's the gain?

Well, maybe the approach has a place in environments where no one can actually program computers to do repetitive tasks.

"models can't separate content from directives"

AI uses von Neuman's architecture? Programs are data? Who knew?

Having said that, if I understand the report correctly the attacker needs to place a poisoned file on the user's computer and then wait for the user to ask Claude to summarize it. The first part is already a security issue without AI. So is it really an AI issue?

In a way, it is. It is certainly a plausible scenario: send "meeting notes" as an email attachment (more sophisticated option: add a poisoned file to a SW package that does something useful, wait for the user to clone the git(hub) repo and ask Claude Code to summarize it). Lazy AI enthusiasts won't ever open the attachment, but will ask their favourite bot to summarize the "notes".

Fundamentally, no different from clicking on unknown attachment, but with AI, so it's OK, innit? What I am missing is how Anthropic expect a user that does the above to "monitor Claude while using the feature and stop it if you see it using or accessing data unexpectedly."

It does not really look Claude-specific to me.

"cloud-based facial biometric comparison product"

So what happens when the cloud is down? On the way in - long lines, missed connections? On the way out - long lines, miss return flights, overstay your visa?

Browse bravely

Now they need to partner with Palo Alto's "industry's only SASE-native secure browser" and fight it out.

Risk assessment

It seems to me that both the police and the Tribunal need to brush up on risk assessment principles.

The most important principle is that risk is the probability of something happening times the damage that may occur if/when it happens. I can understand that the answer to "What is the probability that the IP-to-address resolution provided by BT is in error?" can indeed be "Very low". However, the answer to "What are the risks if the IP-to-address resolution is in fact in error?" must be "ENORMOUS". This pair of questions should have been asked and answered by the police at least after the initial search of the residents' devices turned up no evidence of wrongdoing, and extra caution should have been exercised.

The above should have been considered by the Tribunal, and they should have taken into account that the police failed to perform adequate risk assessment or management, causing horrible damage in the process.

On the face of it, even though the technical error was made by BT, BT probably did not have enough information about the investigation for proper risk assessment, i.e., they could not estimate the damage resulting from the error occurring.

No one involved should have assumed that the probability of error was zero.

Next step(s) in the hiring process

1. Ask several major LLMs to generate CVs fitting a published job description (let's assume the job is AI-related), send them all in. One that was generated by the same LLM that classifies the CVs will have a higher chance of being shortlisted for the first interview (the main purpose of a CV, of course).

2. The prospective employer may have a "guardrail" in place to cross-check incoming CVs (e.g., by the names and the supplied contact details) to detect applicants who employ the above trick, to weed them out...

3. ... Or maybe to give such applicants bonus points on their way to the shortlist? After all, this demonstrates AI skills, and the job is, by assumption, AI-related. And AI skills are deemed useful, possibly essential, to all jobs in our brave new world.

Curiosity killed the cat's paranoia

Out of curiosity, I cloned the git repo and counted the lines in all files, comments, warts, and all. A bit less than 23K total, a bit less then 7.5K in the src directory. It doesn't look beyond the capabilities of the DoD, or any of its 30 individual projects mentioned in the article, to validate that, if the package is genuinely useful. Once. When updates are pulled in one would need to look at the diffs. Mirror the repo (all the needed open source repos?) in a controlled location and forbid pulling directly from anywhere else. DoD people can follow orders, right?

Then, again assuming the package is genuinely useful and noticeably better than the alternatives, maybe discreetly suggest to the author to take a personal trip to, say, Turkey or Finland to be interviewed and vetted for a job? On, no, forget I said that...

No high accuracy determined in the lab

survives the first encounter with the base rate fallacy.

- Helmuth von Moltke the Elder [paraphrased].

Define "productivity"

From TFA, quoting the CEO of Civo: "we saw no decline in productivity (I wouldn't say we had any gain)".

What's "productivity"? Is it hourly or is it weekly? The Fine Article gives conflicting ideas at best.

Quoting the boss of MSFT Japan (as of 2019), "I want employees to think about and experience how they can achieve the same results with 20 percent less working time", makes the impression that he wants his employees invent ways to become 20 per cent more efficient on an hourly basis to preserve the weekly productivity. As the article notes MSFT didn't expand the pilot and are not saying why - maybe the tradeoff didn't work out?

At the same time, "Everyone at Civo does their full week's hours during the four days." Hmm... This looks like no change in hourly or, indeed, weekly productivity. It's just that you cram your work week into, say, four 10-hour days rather than five 8-hour ones, and presumably you compensate for the degraded rest and family/social life for 4 days/week over the 3-day weekend. I don't know what was expected, but I can't say I am all that surprised. How happy this makes one's spouse/partner/children/elderly parents and how legal it is in one's jurisdiction may vary.

"Eminense grease"???

Was that a Freudian slip, an intentional pun, an oblique reference to lubricant dripping from a chainsaw, or a direct reference to whatever passes between the various palms in the Administration and at Musk's companies?

So how does Vogon poetry rate in this contest?

It has to be asked, eh?

Doesn't compute?

Users "with no coding skills" "can specify APIs if the model needs additional data from external sources".

See Title.

Predictable

I guess Hinton was right about the dangers.

Technology question

What's the mechanism that led to nearly simultaneous explosions of thousands of devices?

Physical introduction of explosive charges and triggers into the supply chain on such a scale seems unlikely. Reports in mainstream media focus on the possibility to trigger thermal runaway reaction in Li-ion batteries by malware. I am not sure I am buying this: thermal runaway occurs when the battery is physically damaged, e.g., punctured - this would require non-trivial physical interference which is, again, unlikely, nor is it a guarantee - or overcharging, which is unlikely to be triggered by malware only, IMHO, since the device must be charging in the first place, and most obviously weren't.

So, any ideas? Can some kind of malware that, say, causes a CPU to overheat cause the battery to blow up with high probability?

Regardless, and as an aside: anyone considering buying a Chinese (or any other) EV with Li-ion batteries should let a second thought at least begin to contemplate crossing his mind (with apologies to Douglas Adams for reusing the turn of phrase that is obviously his).

Wanamaker 2.0

Version 2.0 of John Wanamaker's famous quote: “Half the money I spend on advertising is wasted; the trouble is I don’t know which half” should read "More than a third of my advertising money is wasted; there is no trouble at all to know which third it is - the one that Google pockets."

Total Recall

Out of curiosity, if I open WhatsApp in a browser on a Windows computer and get a "View Once" message, will Microsoft Recall be able to save it?

Stored programs

One of the causes of this clusterfuck is that people either forgot or never learnt what "von Neumann computer architecture" is and means. Besides clues in the more descriptive "stored program architecture" moniker, what it really means is that there is no difference between programs and data. All the CPU does is access memory, where both operands and instructions live (well, it also checks for interrupts). This means, among many other things, that if you keep a program at version N-2 but update the data the program uses then it is no longer the same program and your software is no longer stable!

In particular, to all the voices (not necessarily here) that scream that NSFT should not have signed the stupid driver: the "signed" bit does not mean much more than "we really got it from CRWD". There is no way MSFT can comprehensively validate every possible configuration of anything, let alone data updates.

Both vendors and customers need to be aware that if "only a data file is updated" then it is, in effect, an update. And if the "program" in question runs in the OS kernel then all sorts of things may go awry, and everybody involved - R&D, QA, customer IT/ops - must be extra careful.

In the past there were 2 routes to learning that program and data are the same. It was made an almost obvious basic principle in the LIST world and there were OS courses that started from a description of von Neumann architecture and the basic CPU operation (as above), neatly introducing process context and memory management, and then, typically close to the end of the course, revisited the topic in a lecture about security. I used to do that, too.

Nowadays there is always Wikipedia. LLMs may or may not come up with something more useful.

Blamestorm

Part of the blame is certainly on Crowdstrike: if their content update breaks Windows with such high probability (if the probability were low only some parts of the world would crash) how come their QA didn't catch this?

The other part may or may not be on Crowdstrike: do they offer a protocol and recommend a change procedure that includes staging and testing? If not it's on them. If yes, then it looks to me that hardly anyone in the whole world (OK, in the part thereof that uses both MSFT and CRWD, on the basis of the observed data) implements a reasonable change protocol.

Mind you, EDR/XDR products typically require admin level access to the target machine, without it it's kinda difficult to fight invaders off (the R=response part, at least). And security updates tend to be quite time-sensitive, but that should be handled by the change protocol, at least at the crash/no crash and boot/no boot level.

Out of curiosity...

Do Europol also complain about E2E-encrypted WhatsApp, Telegram, Signal, etc.? None of the developers is even European. Why focus on SMS?