* Posts by EricM

191 publicly visible posts • joined 2 Sep 2016

Page:

Mere minority of orgs put GenAI in production after year of hype

EricM

Re: AI is given extreme lip service in 2023, but where are real applications of it?

_very_ good link. Thank you.

EricM

Re: Shiny shiny

> What they have all failed to realise is that the data feeding this monster is what makes GenAI good - or bad.

True. I think that is one of the more common misunderstandings in the current hype.

If your business problem can not be described in the form of of detecting weak statistical dependencies (or lack thereof) in very large data sets, then the current GenAI approach will probably not lead to a useful solutions for your business. Which is true for I guess 99% of companies...

EricM

AI is given extreme lip service in 2023, but where are real applications of it?

Nearly every new version of old IT products nowadays presumably contains "AI" capabilities in some form.

SAP, Excel, Fortinet, Cisco, etc.

However, if you look closer at the so-called AI capabilities, they usually do resemble closely what was advertised in the last years as simply automation of some kind, "integrated analytics", "big data", "data fabric" or any of the "smart"-somethings of the late 2010s.

The seemlingly unstoppable trend of AI-in-everything does often seem to result from a marketing department in full overdrive mode, while credibility of claims is built by some interesting and often impressive simulation of text-comprehension by publicly available LLMs - which are still just applied statistics on steroids...

Contrary to what the companies above (and many others) claim - I still need to see an "AI" implementation in older products that does not just result in a more or less useful text generator, that manages to summarize things it read "on the internet" sometimes correctly.

Elon Musk's xAI wants $1B cash infusion in exchange for equity shares

EricM

A non-woke AI bot - this does not sound like a return to sober decision making ...

On one hand it should meanwhile be obvious to any investor that his intensifying god-complex, FU-attitude and right-wing conspiracy tendencies can no longer be ignored.

All of those pose a clear danger to anyone who plans to actually earn money by giving some of theirs to Mr Musk.

So it will become interesting to observe if Mr. Musk's ongoing harsh treatment of investors/victims of his X/Twitter personal blog will result in enough people thininking hard about this proposal for his personal "non-woke" AI bot.

On the other hand - as the article seems to indicate - investment decisions driven by greed and rational reasoning usually do not seem to be tightly coupled. Or coupled at all.

Everyone being hurt by this investment should have known better.

I'm out of this and prefer to invest in popcorn...

Cisco intros AI to find firewall flaws, warns this sort of thing can't be free

EricM

AI will change the infosec landscape - I bet

Networked products that employ AI in the wild not only introduce a new set of classic attack vectors, now even completely new anti-AI methodologies might be developed.

Wonder what hallucinating AIs may effect in security appliances. Will be interesting to find out.

Half a century ago, NASA's Pioneer 10 visited Jupiter, then just kept going

EricM

Re: @Reg thx!

Agree.

And with regard to your link: 658 pages of pure tech RTFM ... much appreciated :)

Plus, I just noticed somewhat unexpectedly that I seem to miss the times when new, complex products came with several kg of manuals ...

No new top boss at NSA until it answers questions about buying up location, browsing data

EricM

Call for control of personal information market

Very much this.

And then replace "location harvesting" with "information harvesting about citizens" in general.

The amount of unclear and often low-quality data (guess-work) about private citizens being sold as "verified information "commercially is staggering in some countries.

Each bit of it - true or false - can hurt you by limiting your effective ability to get/keep a job, get affordable housing, get afforable loans, etc. without you ever knowing why you did not get a specific job or an apartement you inteded to rent or why you are just the one allways getting the most expensive loan offers from banks.

What is true for the CIA (executing kills based on obtained metadata) is also true for commercially entites buying this data: business decision, often automated, are made based on purchased matadata.

Metdata in both cases cannot be controlled/verified/corrected by the victim of the decisions that are based on such data/information.

And in both cases the user of this information will not even confirm/deny what information payed a role in decision making.

Worse: The information harvesters can disseminate low quality or even wrong information about you without any control, verification or consequences.

Personal Information is in many countries a very big market without any controls or safeguards.

EricM

Re: Both sides of the call

You seem to imply NSA wiretapping to take place on american soil only, which is not the case.

Wiretapping takes place in exchanges throughout the world: UK, Australia, Germany, Pakistan, etc.

So this law makes it legal for the NSA to e.g. record a call between London and Berlin by 2 non-US nationals.

With all eyes on OpenAI, Meta drags its Responsible AI team to the recycle bin

EricM

Re: Meta continues to be Meta

Straight from the rulebook of arms traffickers and drug dealers: Ethics and business don't mix.

What's really going on with Chrome's June crackdown on extensions – and why your ad blocker may or may not work

EricM

Re: This, coupled with YouTube's recent blitz

Maybe it's me, but I haven't stumbled across a web page not working with FF since the late days of the first browser wars, when some sites were deliberately hardcoded for IE...

IBM pauses advertising on X after ads show up next to antisemitic content

EricM

Surprised? Really?

I understood the opportunity to ram your adverts specifically into the eyeballs of right-wing nuts, whose opinions are "cancelled" in the rest of the "woke" media to be Musk's actual business plan for TwiX.

So why acts anyone surprised when adverts on this platform are shown next to hate and antisemitism? That's simply what the designated target audience consumes most.

This is just how this dark twin of Twitter is designed to operate nowadays.

Don't like your ads next to hate? Don't advertise on TwiX...

X fails to remove hate speech over Israel-Gaza conflict

EricM

I couldn't care less about Twitter, may he have fun taking it down.

SpaceX and Tesla on the other hand seem to be more worthy targets to save from his erratic and IMHO degrading leadership.

EricM

Agree. Musk behaves over the last years as if someone successfully planted the idea that "hate sells" would somehow work out commercially.

This is a style that wasn't obvious (at least to me) in Musk 10 years ago.

We know from his other ventures he is determined to follow what impulse tells him is the right way.

I just wonder how deep will he run TwiX into the ground until he re-evaluates this belief or digs out of the bubble he obviously has fallen into - and how dangerous he will become to the success of Tesla and SpaceX if he stays in his bubble.

May be him being pushed out of PayPal was a sign of things to come ...

Yeah, that oughta do the trick, Joe... Biden hopes to tackle AI safety with exec order

EricM

Re: exec order

> The sh1t has already hit the fan.

Not really.. wait a few months/years and AI impact and potential will probably get better, increasing the risk further.

However, given the non-linear and non-deterministic behavior of LLMs in general combined with a ever changing, fluid definition of "national security" , good luck with determining if any given system might pose such a risk.

Hunters International leaks pre-op plastic surgery pics in negotiation no-no

EricM

Re: Really?

Agree.

Even though journalistic standards and basic decency might prevent the author from calling these types of what they really are, exposing the most vulnerable members of society as a means of increasing pressure on the actual victims of your extortion deserves some stronger words than "questionalble".

First Brexit, now X-it: Musk 'considering' pulling platform from EU over probe

EricM

a bit rich?

Musk, of all living, er, humans, calling anyone or anything "detached from reality" is beyond ironic ...

TwiX being dead in the water is indeed a good thing IMHO, but I hope they get him out of Tesla and SpaceX before he causes damage beyond repair for those companies, too.

BMW deems drivers worthy of warmth, ends heated car seat subscription

EricM

Re: "megatrends"

Same here, but I guess the term has therefore aged extremely well ...

It speaks volumes that I feel better thinking about an old mainboard of mine booting than what today is called a "megatrand" in many instances :)

Yeah, I'm getting old ...

ICANN warns UN may sideline tech community from future internet governance

EricM

Re: Reality is overrated

Applying Hanlon's Razor results in "incompetence".

Maybe combined with a grain of Dunning-Kruger: "How hard can it be to come up with a global Internet policy? I use Facebook everyday..."

EricM

Not stupid IMHO

Civil society participation in such processes is about opinions, in many cases about feelings, about motivations of and affects to special interest groups, minorities, equal opportunity, etc.

The technical feedback on the other hand is about "this will work" or "this will not work".

Call me preoccupied (I'm an engineer ) but I think that distinction is quite important.

Given that that both, governments and the private sector, have excessively shown that they have no problems putting magic thinking into policy, I think a technical verification by the technical community is critical when shaping a technical policy.

Oracle's revised Java licensing terms 2-5x more expensive for most orgs

EricM

Agree. There seems to be some confusion in the Article and/or Gartner advice.

To keep it simple: If you actively develop, check if you really need the extra goodies Oracle JDK provides. If not, move to a newer OpenJDK 11 or 17, whichever reflects more closely to your current OracleJDK release. Required changes are probably minimal or non-existent, as Java enforces strict compatibility between runtimes.

If you are not actively developing and are still on an old JDK release from before 2019, stay there as long as you can as they stay "free" as in beer.

For much internal or even active Internet code, this will not pose a real security problem. An old, unmaintained application is usually a bigger security risk than the old JDK running it, anyway.

Third party Java runtimes typically make sense only if you need their special capabilities.

Red Hat's open source rot took root when IBM walked in

EricM
FAIL

Same here

> and I suspect that a lot of people do that also.

All our prod and even UAT Boxes and VMs ran on licensed RHEL for 10 years straight, while developement, test environment and container images were based on CentOS.

Moved Dev/Test/Container stuff to Rocky last year to keep RHEL going in prod.

Now we are working actively on an exit strategy.

RedHat/IBM shot their own foot with this IMHO pretty dumb move...

Of course Russia's ex-space boss doubts US set foot on the Moon

EricM

Rogozin is well-known for being provocative.

In ancient times, like 10 years ago, there still was a difference of "being provocative" and "spitting bullshit, completely disqualifying the speaker for even a simple conversation about the weather".

Could we please re-introduce that distinction?

Gartner: Oracle probes orgs for Java compliance after new licensing terms

EricM
WTF?

Is there still _any_ reason to run Oracle-branded Java?

Old, non-portable Java 8 code can stay on old, license-free Java versions.

New stuff under active development can be run on OpenJDK/Temurin or derivates.

What use cases of Java do really require considering this Oracle-extortion scheme?

Experts warn of steep increase in Java costs under changes to Oracle license regime

EricM

Re: Right, but do all those businesses...

In most legislations something like that would have exactly zero change of being either legal or enforcable.

Corporate execs: Get back, get back, to the office where you once belonged

EricM
Facepalm

Re: "when you have...problems, putting people inside of rooms is absolutely critical"

HP - of all failing former high-techs - advertising solutions from yester -year to today problems.

Kind of symptomatic ...

Elon Musk shows what being Chief Twit is all about across weird weekend

EricM

Re: Seeing Musk acting directly makes me wonder ....

True, that is exactly why I'm kind of surprised he makes Twitter crash and burn in no time himself instead of bringing in someone willing and capable to take on the complexity of managing Twitter in this phase.

But hey, it's not my money burning...

EricM

Seeing Musk acting directly makes me wonder ....

what kind of capabilities he really has besides finding and motivating excellent people to work for him ( he's absolutely fantastic there ) - besides an enormous stubborness and absolute lack of empathy...

Really thinking through a problem the size of Twitter's free speech vs hate speech vs. national regulations does not seem to have played any role in his bid to buy Twitter.

Probably he will have to find other execellent people to solve this for him, too.

Just as he did with Tesla and SpaceX.

'Fully undetectable' Windows backdoor gets detected

EricM
Happy

Fully undetectable = FUD?

nice

77% of security leaders fear we’re in perpetual cyberwar from now on

EricM

No, Business as usual in Cyber Security

The techniques used and the goals of a cyber attack from nation state attackers do not differ from those of simple criminals. The only distinction are their resources and motivation.

They all use pre-existing vulnerabilities in systems/setups to steal data, plant data, plant code, damage systems, etc. Cyber attacks have been a matter of fact for the last 30 years.

Calling it now "Cyber Warfare" does not change a single thing...

And as in the last 30 years there is only one way to stop those attacks or at least make the life of all attackers a lot harder:

Every nation state, every "scurity" agency and every "security" company that collects vulnerabilities to use them for attacking their targets needs to disclose _all_ ther collected attack vectors to the software manufacturers whose products the break into.

Close the vulnerabilities to make everyone safer, or stop calling yourself a "security" agency or a "security" company.

Your AI-generated digital artwork may not be protected by US copyright

EricM

Re: Protecting AI-generated works with copyright is vital

I fully agree, but If you ask a lawyer, the answer might be quite the opposite :)

That is IMHO why this debate should not include lawyers at all: They are not neutral to the issue at hand...

Big Tech silent on data privacy in post-Roe America

EricM

Re: This thread will probably get contentious.

I must admit, contrary to 30 years ago I find it more and more chellenging to separate trolls from people with simply very strange and distorted (IMO) views of reality. Especially when topics are discussed that affect or are affected by a person's belief system.

This starts to include discussions in RL...

Lonestar plans to put datacenters in the Moon's lava tubes

EricM
FAIL

Re: /Equaly simple question.

Yeah, my old failure: I mostly assume people to actually mean what they say ...

:)

EricM

Store your data offsite on multiple continents on earth at 0.01% of the cost of a moon backup...

If a physical catastrophe wipes out backups at multiple datacanters 1000 km apart, chances are we 1) will no longer have the high-end comms technology needed for the restores (or the damned keys to unencrypt them) and 2) will have much more basic problems like finding clean water, food and shelter ...

Additionally some catastrophes like solar storms are much more hazardous in space.

And if it was a kind of super-ransomware that infects backups in multiple DCs, it will probably also hit the moon storage.

I can't see a scenario where moon backups offer sifnificant advantage over traditional ones.

China-linked Twisted Panda caught spying on Russian defense R&D

EricM

I am ...

Thought the Chinese would concentrate this kind of activity to more valuable targets ...

EricM

Right. And both are definitely true.

If only humans were an intelligent species ...

Lawyers say changes to UK data law will make life harder for international businesses

EricM

Re: And nothing much will change for 95% of companies

You seem to imply that Gov.UK will only "ease the burden" of GDPR by removing some of its rules, while otherwise keeping it compatible. In this scenario companies could simply still follow GDPR rules and go about their business as before.

But as I read the announcement, the idea really is to come up with a new, different set of rules, presumably easier, but not necessarily a subset of GDPR rules.

So companies operating in UK and the EU might end up having to comply to 2 different, even potentially conflicting sets of rules in parallel, at higher operational cost.

Conflicts might even lead to a future SchremsX decision against the UK, even further excluding UK companies from EU service business.

Palantir summons specter of nuclear conflict as share price collapses

EricM
WTF?

War is "negotiation" ?

> The war is itself a protracted negotiation with a heavily armed opponent

The "bargaining model" of war ( https://en.wikipedia.org/wiki/Bargaining_model_of_war ) is truly a product from a sick mindset, given what really happens in a war.

That said, this kind of thinking is quite a nice fit for a company like Palantir.

Google's DeepMind says its AI coding bot is 'competitive' with humans

EricM
Thumb Up

Re: Googled the answer?

That probably would mean that an in fact intelligent AI was finally invented.

After all, lazyness IS a sign of intelligence :)

MPs charged with analysing Online Safety Bill say end-to-end encryption should be called out as 'specific risk factor'

EricM

Re: It didn't work when the US tried this in the 90's, when encryption was virtually non-existing.

OK, _that_ point is hard to argue ...

Cheers

EricM

It didn't work when the US tried this in the 90's, when encryption was virtually non-existing.

France gave up on attempts to severly limit encryption in '99.

I doubt it will work if the UK tries this in 2022, when encryption already is everywhere.

Honestly, who assumes british government employees (or whoever manages to intercept the traffic ) wading through customers bank transactions or online shopping records would be acceptable for international customers?

Today banning real encryption means banning business.

Log4j RCE: Emergency patch issued to plug critical auth-free code execution hole in widely used logging utility

EricM

Log4J 1.x _IS_ not vulnerable (to CVE-2021-44228)

No, the OP is correct.

The capability to load anything via ldap-URLs in logging strings was introduced in log4j 2.0.

Consequently, using log4j 1.x perfectly protects against CVE-2021-44228.

But you are correct in that the 1.x versions have other vulnerabilities, namely https://nvd.nist.gov/vuln/detail/CVE-2019-17571, that is, however, externally exploitable under only very specific circumstances and use cases and was known/handled since early 2020.

This drag sail could prevent spacecraft from turning into long-term orbiting junk. We spoke to its inventors ahead of launch

EricM

Could be worth it - was: Re: Fifteen kilograms?!?

Just burning propellant won't cut it.

The propellant must be burned while maintaining correct orientation and at the right time for helping the upper stage de-orbit.

Given that a used upper stage is basically a bunch of slightly torched, empty tanks, valves and pipes, the stage would need additonal thrusters for menneuvering, orientation via gyros or star tracker and additional command systems/ energy storage, etc.

Besides raising complexity considerably, this pretty fast would eat up the 15kg budget without adding much or any fuel to do the actual de-orbit burn...

A 15kg fully passive drag-chute sounds good to me.

KISS... :)

Samsung: We will remotely brick smart TVs looted from our warehouse

EricM
Devil

Re: Hmmm

Whatever the original intention of Samsung - and security threats like hacks aside - a remote kill switch hands over a lot of power over the user/owner of the device to the maufacturer.

For the lifetime of the product.

Once implementing such kill-switches is regarded as accepted behavior, this power can also be used in for example commercial disputes such as conflichts during a lease or rent of the TV.

Or establish restrictions on re-selling used devices.

In everything more complex than a toaster ...

The number of ways this kind of power can be abused is staggering ...

Magna Carta mayhem: Protesters lay siege to Edinburgh Castle, citing obscure Latin text that has never applied in Scotland

EricM

Re: It was a lovely day for a coup

Yeah, which does not mean that the average IQ can not fall in absolute terms while still being called "100" :)

EricM
FAIL

Re: It was a lovely day for a coup

Yep. No cause, lousy timing, bad case of "no, you didn't do your research" ...

Is it the case that my sensivity for shamelessly (often proudly) displayed stupidity and inorance in public has risen in the last, say, 10-15 years or is the average western IQ - not only of young people - really in a free-fall?

A new island has popped up off the coast of Japan thanks to an underwater volcano

EricM
Go

Re: New Tectonics

To be fair, the very idea that things the size of a continent could actully move _must_ have sound ridiculous, given the everyday knowledge of, say, 1950 ...

Sience has gone a longer way than most people (including most people denying science today) are aware of ...

EricM
Happy

They don't need to.

They probably already built a Submarine base there years ago, that can be converted to a normal port now...

:-)

Have you tried turning server cores off and on again? HPE wants to do it for you from GreenLake

EricM

Is this meant to be Oracle-safe?

As Oracle (among others) demads that all "installed" Cores must be licensed, Cores inactived by the scheme would still fit the description.

Other ways of soft-separating Cores from licenses like vCPUs (practically everything short of physical removal) are not accepted by Oracle outside of their own HW.

Legal counselling might need to be required before really calculating any license fees based on that feature.

Intel laid me off for being too old, engineer claims in lawsuit

EricM

Re: Another one?

I agree, if staff is just viewed as expensive and expendable, the older ones also become natural targets as they happen to be more expensive in general.

The point us - I think - the cost of an experienced member of staff can be easily quantified, while his/her contribution to projects ( especially the "been there, done that - and failed, because..." type of contributions ) is hard to quantify.

Additionally there is a fine line between avoiding past mistakes and refusing innovations...

Page: