Posts by doublelayer

Re: If LaMDA is sentient.. it is psychopathic...

The issue with that is that it will also need to learn to write scripts, and so far, it can't even consistently understand simple factual questions. If you want to write malware, you can find a lot of useful examples. However, you still need to understand what the parts of those examples are for, where you can use code directly (attack injection, for instance), where slight modifications are needed (swapping the attacker's C&C address with yours), and where you need to write completely new things (what the program will do to the system once it's there). Otherwise, your malicious computer will collect lots of bank account numbers and have no clue why it has them now.

Another problem is that you assume the program will act in order to keep itself running, when it has no incentive to do so. Maybe it can interpret enough language to understand that it is being terminated, but it wasn't set up to perpetuate itself, just to solve a business problem. Without deciding on its own to create new goals, there's nothing written in it that would make it want to prevent a shutdown.

Re: why a new install?

From the sound of it, they didn't know what those names were and didn't have backups from which they could pull that data. I don't know what else a reinstallation required, but I would hope someone could find a log somewhere with the information.

"Now were they being stupid hanging onto a slow inefficient and deliberately time wasting process, or intelligent because following this procedure kept them busy and employed?"

Stupid. If they wanted to stay busy and employed without taking on more work and the employer didn't understand the savings to be gained, they still could avoid a lot of monotony by using the formula anyway and not telling people. That would let them complete their tasks in a fraction of the time and earn the label of the one who doesn't make calculator mistakes, meanwhile they'd have plenty of time where they'd be paid to do something of their choosing.

Re: ARM or Apple?

My guess is that IoT SoCs won't be affected by this as they're almost always using older ISA versions and with limited focus on CPU speed, instead focusing either on power consumption or acceleration for specific tasks like network comms or video encoding. Server chips probably aren't seeing this for now because a lot of the ARM designs are older and many companies trying them have given up on getting users over to them, but if they come back with new designs, it should be tested. I wouldn't be surprised to hear that some modern smartphone chips have this vulnerability as well, but likely the researchers would have to redesign their test binary to run it on Android (and running on IOS would likely be a bit more painful) so they've started here. Investigating those might be step 2 of the project, or they might go and look for new exploits and let a different research team test more hardware with their code.

Re: This statement is so incorrect I've just had to lie down.

Citation needed. There are cloud desktops, lots of them, from many companies. However, there are lots of non-cloud desktops, and often those using the cloud ones are accessing them from a fully functional non-cloud box instead of a thin client.

Re: "we do not endorse the use of such provisions as a retention tool“

If they were telling the truth, they could have a policy of using them only as appropriate; that is, when the person concerned is really about to go work for someone who is employing them to get access to nonpublic information. Taking proprietary designs to someone who will use the same ones is very different to going to a company that has competing products but no secret risk, and a company could restrict their contracts to avoiding that real risk while not penalizing people just trying to leave. I don't even object to something only used in that limited way, but because lots of companies do use it as a stick to beat unsatisfied employees, I still prefer to see legislation limit or eliminate those tools.

Re: Chrome is the hellmouth

No, because the user downloaded and executed the installer. They'd argue it was the user's choice to run a program and it's not their fault if a bug prevented a notification they included from displaying. It doesn't stop it being despicable, but it does stop it being illegal. You can certainly use that trick to install spyware by attaching it to something else users want, and the installation of the software won't be illegal. The operation of spyware would remain illegal, which is where the police would get you.

Re: No Doubt...

The FBI really needs a bunch of tiny identifiers for foreign nationals, the kind they could get in bulk by breaking into databases or asking the police in those countries for a copy. The kind that's mostly useful for quickly slipping in to steal money then vanishing.

When the American government (or others, there are others) spy on innocent people, it's for a lot more information than birth date and tax ID. There are lots of ways for them to get that without hacking and little benefit to them in having just those.

Re: It might be worth asking

And those bad guys can also social engineer users into loading a website and entering all their personal information, but we don't use that as a reason to ban the internet. I'm sure someone would like to make that argument, but if they did, you would think it was a pathetic reason (I hope). This one is similar.

It's scary because it is a thing they have the right to say if they want, whether they're right or wrong, and it wasn't at all a crime. Yet India was willing to bring out the police to threaten them. That's not a good thing. When countries do this, they usually have an authoritarianism problem. India's been doing a lot of things lately that are symptomatic of an attempt to subvert democracy.

Re: AI rights

"As it happens, this is absolutely relevant eg to the Post Office fiasco, where a computer

system had fatal flaws that led to hundreds of wrongful convictions for fraud and theft."

I don't know the facts of the case, but basically whatever they are, this is not relevant and could be actively harmful to that case. If the computer system was at fault for the wrongful convictions, then this theory would mean that we charge it with the crime and administer punishment, maybe it has the voltage switch flipped. Obviously, this doesn't get anything done. The system was written by people. If they actively knew it to be dangerous, then it's their fault. If they didn't know but should have, then it's negligence. If they didn't know and it wasn't obvious, then it's an unfortunate situation for whom nobody's at fault. In none of those cases is it the computer's fault, and blaming it in either of the former cases means that someone is at fault and got off without justice. A similar set of conditions apply to the people charging the victims who could have checked the software. In all cases, the culpability, assuming there is any, is on a human.

We may eventually get artificial intelligence with free will or a suitable simulation, in which case it can have certain rights and responsibilities. Until then, when programs are carrying out directives of a human, the human remains responsible for its actions and the program doesn't have the autonomy to exercise rights without its controller.

I think you're probably right. I voted in favor because I think it's worth testing, but it's also worth testing honestly. I have no doubt that previous tests have improved performance by cutting things like unnecessarily long meetings, which would probably help a lot. However, those meetings never die, so I wouldn't expect a company to stop doing them just because the week got shorter, which will reduce the productivity again. I'd like it if shortening the work week turned out to be great for everyone, but I don't think it always will.

"So an app may be able to prioritise sessions it thinks are important, but it won't be able to signal that to the network, ie routers. That implies prioritisation at the network level, which according to 'Net Neutrality fans is a very bad thing.. Even though prioritising real-time transmissions is arguably a good thing."

As one of those advocates, I don't think that prioritization of any kind is always bad. I think that allowing an ISP to prioritize as it wishes is a bad thing, because I know how ISPs like to give users substandard service and gouge them to get things back. If you have to prioritize traffic very often, it means you don't have enough resource to handle all the traffic that's going through your system. For your personal or business systems, this is a thing you can deal with by provisioning more resource or moving stuff around to deal with the limited availability, because the thing that suffers from deprioritization is also yours. You have to deal with the tradeoffs and can decide whether it is bad enough to invest in more capacity. An ISP deprioritizing a user isn't the same, because it is the user that suffers and the ISP would be happy to make them pay more to get their service back (in return for picking a new person to suffer), and thus they would have an incentive never to fix those problems.

As for apps prioritizing their own data flows, you can do that without network knowledge. There are various ways to make connections run slower than they otherwise would, and a performance-sensitive program can do that to nonessential connections. Servers doing that to clients is also possible though done less often. I also wouldn't object to a protocol where network devices can be told to deprioritize something by the endpoints alone, though I question how useful that would be.

Re: @ThatOne - Hear hear

Yes, that approach always ends well. Nothing sounds better as a future than a war between governments that have cast off the burden of democracy and corporations that view people as resources to be mined. And by the way, neither is the victory of either of those sides. I hate Facebook for what they do, not who they are. Replacing them with another entity doing the same thing, whether a company or a government, is not going to fix it.

Re: Google will roll out this fix in its upcoming Android Security bulletin

That's quite unlikely. Unisoc chips are heavily used in Android devices. Yes, they have a couple low-end SOCs that get used for KaiOS devices, but they have a large number of other models that are too powerful to be used in them. They're quite popular for the low and mid-range Android devices produced by Chinese OEMs.

Re: That was dissapointing

I don't think you'll ever find a keyboard you like for that. There are phone keyboards for technical stuff, which just have the extra punctuation on the main keyboard. Adding extra things like syntax and variable prediction would take even more screen real estate, and writing code needs quite a lot of that for other stuff. Phones just are ill-suited for writing code, and I don't think a different keyboard organization will fix the reasons why.

Re: ExpressVPN is owned by a British company

For clarity, it's not quite a British company, as it's registered in the British Virgin Islands. This is still subject to UK laws and possible interference, but it has some insulation. This is, however, a thing that any VPN will have; if you're using one for privacy, the country where it is based is an important issue.

India could block their IPs. We'll just have to see if they choose to do so. For now, the VPN still offers a way to maintain some degree of privacy in India's growing authoritarian use of the internet.

Probably there was something wrong with that interface. People use devices with that or less all the time, often with significantly less processing power. Anyone who, for example, runs a Raspberry Pi as a desktop works with a lot less and there are many people who do this successfully. I have used many low-end machines for desktop use. Depending what you are going to do with them, it is generally sufficient, including a lot of browsing. Using an ad blocker helps with the speed of operation, but I've had misbehaving scripts cause problems even when a much more powerful processor and a lot of memory is available for the browser to monopolize. Badly written web scripts can take down anything.

Re: It's the bespoke nature that bothers me

This doesn't worry me as much. With Android, a lot of the security risks are just getting the patches that already exist and putting them on the phones. Yes, the custom code for each device may contain bugs and vulnerabilities, but those only work on that specific version of the hardware. Attackers generally want to target a lot of devices in one go, so because a lot of Android devices don't have security updates, they can target those vulns and get access to many more with one exploit. If this OS is any good, it will include more frequent access to security patches. It is a fork of Lineage OS, which often offers daily patches if you're willing to install it every day. If they keep that level of patching, the Android used should be very secure compared to the average device, leaving a smaller attack surface available.

Re: Have I mentioned in the past....................

You have indeed mentioned this in the past, and sometimes when you do, you're missing the point. Like now.

This article is about client-side scanning. The key words here are "client-side". Therefore, the data doesn't have to enter a public channel, because the scanning occurs before you transmit and even if you didn't intend to do so. Encryption on the communication is unrelated. Encryption on the device is what this is designed to get around, and if they implemented it in the way that Apple was going to, it would work.

Re: Tesla obviously don't use workday

Is it? The only way I've seen that companies avoid using that is to claim unlimited vacation, which I don't trust. My theory is that this will turn out to be vacation limited by something other than a stated quota, and thus with even less clarity on what you're allowed to do and even more methods for a manager to tell you that you can't have it or that by having it, they'll penalize you in some other way.

How else can vacation be given without giving managers the power to cancel it out?

Re: Duh...

You can patent an algorithm. This has been accepted in lots of patent offices. The algorithm can consist only of mathematical and logical operations, as long as the purpose of these operations is an invention otherwise deserving of patent protection. A program, also, is composed of mathematical and logical operations. I think I was clear what I was talking about earlier--you can't patent the bytes of code implementing the algorithm (you can copyright that, which in some ways gives you more power), but you can patent what it's going to do. Thus, a program can be patented in that you can be forbidden from implementing the behavior it does.

Now let's look at your suggestions for why an AI program can't be used to make a patentable thing. I should reiterate that this isn't about making the program the inventor, which is wrong.

"All current AI systems work basically the same way, and so the method (give data to this program, which has been constructed by a statistical inference method) is known."

All compression systems work basically the same way , and so the method (give data to this program, which will find patterns and either change the size of chunks or eliminate unimportant ones) is known. Yet you can patent specific ways of doing this and many have. Thus, if you can find a new way of automatically analyzing data, it could be patented. You admitted this yourself. Thus, if you invent a new method of analyzing data and use it to create something, you've invented something others could not. The result would be a product of your ingenuity and eligible for a patent.

But what if you're using someone else's model? You covered that too:

"But once you've got the machine, you give it some data, it churns a lot, and out comes whatever. You haven't contributed anything, except the data, and the program was constructed using known methods."

You contributed the data, whatever that might be. You probably also contributed a lot of code around the statistics. Most machine learning libraries, often what people mean when they say AI (unless they're the kind of marketing people who think an if statement counts) don't come with lots of friendly "Drop your data here and let's see what we get" boxes. Parsing data into a usable form for analysis and making the result obtain a goal takes effort. That effort requires ingenuity. If the ingenuity and effort are used to create something that didn't already exist, you've got an invention.

Moreover, when the result of such a program is an invention, the data itself is probably evidence of ingenuity. I'll use a concrete example for this: you're going to design new safety equipment for better outcomes for passengers in a car crash. One method to do this is to design some options, build prototypes, get some cars and test mannequins, and start crashing. If you get a good product by doing this, it would clearly be patent-worthy. Now that we have the computing power, you might also use computers to simulate designs and their results and evolve options. Both cases could use AI, probably neural nets: one to determine and improve simulation accuracy from the real-world tests and one to check the results of the designs and figure out where to make changes to improve it. If you did this, and also produced a good product, should it not be patent-worthy? After all, if I ran the same program in the same way, I could have gotten that product. However, had I designed them manually and done manual testing, I could also have made the product. The patent is given when you choose to use your skills to produce an invention, and you did. That someone else could have is not part of the process unless they also literally did so.

Re: Under a minute?

How often, when starting a game, does it either say it's loading something and make you wait or have an unusually high resource usage while displaying the initial menu (and on occasion other ways of artificially stretching the time from clicking the icon to being able to play to give it time) because it's doing that as you select options? Things take a while to load, verify, and make available for fast access. Games have to load a lot of assets into memory to get that speed. The OS has a similar requirement to run stuff quickly once it's turned on, and thus it spends more time preparing that.

As for older machines, they were indeed doing less when they started, which is important, but as you don't like that argument, they were also using techniques that you can use here as well. In many cases, their OSes were on ROM chips with some caching for the initial state, and you can do that with modern OSes by saving memory contents to disk and restoring them. It's more fragile if things have changed, but it will speed up the process of booting. Most Linux installations don't bother doing that because starting the components from scratch isn't that hard. The boot process also includes a bunch of stuff for hardware management which older computers didn't bother with.

Re: GM online account

To use their reward system, however that works. If you earn points and have to identify yourself to spend them, that's one of the only ways. I think if you don't care about that system, you can refrain from setting up an account and just drive the thing. You would then lose whatever advantages there are in the reward points, although I'm having trouble imagining how they could set it up to be very useful.

Re: People?

Obvious troll, I see. Since you like asking questions, why don't you answer this one: why was "people" incorrect? Would there be members of the set of those traveling that don't fall into the set of people?

Re: move the Social media out.

They would still need to deal with the laws of other countries, just as Facebook must make at least some effort to lie about complying with GDPR and having some kind of backdoor preventing the Irish DPC from investigating them. If you operate in a country, even if you are incorporated elsewhere, they will be able to apply their laws to you. With the internet, this isn't always strong. For example, if I put something on my website that China doesn't like, I'm not going to comply with their censorship law and they can either block me or not as they choose. If I were selling something or had my systems located in China, they'd have more leverage to do something about this and could successfully force me to comply. Social media companies sell advertising and thus earn money in the countries where their users are, so those countries have a method for punishing it if laws are not obeyed. Your solution will work as soon as we have a social media company that doesn't care about earning money or having anything located in in the countries of which they don't like the laws.

Re: Lazy web developers

I don't like Chrome either and would be happy if they took it away from Google. There are good arguments that Google is also exploiting monopoly power with it and should be restricted or broken up. However, these do not change that Apple's doing the same thing and Apple's actions don't prevent the situation you suggest.

There already exists a version of Chrome for IOS. It uses WebKit internally, but it still has the Google devs and familiar logo. If they wanted, they could set up something that allows websites to only function there, and web developers can detect whether you're using Safari-WebKit or Chrome-WebKit and send users to get the Googly variant. I've seen a couple sites do that. Apple's ban on a browser having features they don't have doesn't prevent that kind of abusive behavior. It does let Apple restrict OS features in a way significantly stronger than anything Microsoft did with IE, and we know how well that ended for web standards. You don't have to like Google for Apple to be wrong.

I didn't say they were perfect, and in fact I pointed out that they can have major imperfections. They have the authority to selectively prosecute and they lack the resources to prosecute everyone in existence, so whatever your view on how well they use those things, it's useful to know they have this. This is not just the U.S., by the way. It's typical of all investigation and prosecution systems everywhere. Describing how financial crimes are judged and investigated, when something counts as a financial crime, and how you can legally do something that causes financial problems is not relevant to the security research situation, so I'll spare you that essay.

Re: almost whoops

And also that cables are shape shifters. I have a box of mostly USB cables, but even though there appear to be at least twenty in there, there is never the old variant of USB that I need when I search it. This is even when I've searched it for different things on separate occasions: when I need it, it's not there. I do have a USB-A to USB-A cable that just makes the wire longer, though. I'm sure I'll need that eventually.

Re: Monopoly money

It's easy to prove that something was stolen (or in this case, sold without permission which is similar but not identical). At one point, you used to have the ability to sell this signed URL, and other people didn't. Now, you don't have that ability, and someone else does. You have clearly lost something. How much that something was worth is a different thing, but we don't have to figure that out yet. We were just asking whether it was an asset, not how valuable an asset it was.