Posts by fg_swe 1319 publicly visible posts • joined 20 Nov 2021
You definitely read too many newspapers with their sociology babble of "generation Z", "generation Baby Boomer" etc.
Suckers are born every day and always have been. But then and now, at a constant rate, Musks and Gausses are born.
Just read the NYT as the Russians read PRAWDA and after some time you can find a little bit of genius in your own honest thoughts.
Been there, done that.
If you think about it, the damage done by a nicely debuggable core file is much less than undetected memory cancer. Or Undetected Program Subversion By Cybernetic Attacker.
In some applications such as realtime control of cars, airplanes, rockets a software crash might be fatal. But even in those cases, a memory safe language will stop your system inside the V-Shaped development methodology. If you have sufficient test cases, that is. Plus you will use various static test techniques (e.g. PC Lint or SPARK Ada) to find as many bugs as possible early. In some cases, even more static checking is required.
The key point is that memory safety will find the bug when it occurs, instead of silenty soldiering on and then Failing Mysteriously three minutes later.
From my experience, yes C++ compiler errors do exist. Definitely room for improvement in testing and implementation of these compilers.
BUT - it is 1000x more likely to have bugs in the "compilee" code, which you as a developer want to "get flying".
Memory safe languages help you to find 70% of these bugs and to stop the entire system(with a nice, debuggable corefile) before the cybernetic attacker will subvert your program and steal your data. Or worse, manipulate your data in order to make your mission fail. If he does it carefullly, you will never realize what happened. For example, Northern Telecom(once a great canadian company) had their systems subverted for years, including the CEO office !
See http://sappeur.di-fg.de/Sappeur_Cyber_Security.pdf
In any non-trivial system, there is No Such Thing As Exhaustive Testing.
An attacker will analyse your code and find an "evil test case" which you have not yet in your test battery. He will proceed to develop the programming error into an exploit. Memory safe, strongly typed languages neuter 70% of CVE bugs. Those who are related to undefined memory errors in C and C++ programs.
There exist many industrial-strength, high quality Java based systems. Heavily used in finance, accounting, logistics, airlines and other commercial data processing.#
Also, lots of C and C++ developers use the Java-based Eclipse IDE. It's almost the standard in C++ development on Linux. Not perfect, but the others are worse.
Even the most experienced developers with the nicest requirements documents, the nicest design documents etc will produce implementation errors then and now. 70% of those errors can be caught by Memory Safe Languages. That means 70% of exploits do not work.
See http://sappeur.di-fg.de/Sappeur_Cyber_Security.pdf
Mr Stroustrup already made some incorrect claims. Unfortunately he wants to portray C++ as both super high runtime-efficient and memory safe at the same time.
It is easy to demonstrate why this is almost impossible.
He would have a greater posture if he claimed just the first property.
Cobol programs perform tax, banking, accounting and other critical stuff. Stuff that affects millions of people.
We do not want a 99,9%( due to AI phantasizing) correct version of these programs. Rather, we want a 100% correct translation using proven, robust compiler technology. The translated programs will look quite cobolish, but all new code can be rust-style, go-style, sappeur-style etc.
Even highly experienced, intelligent and cunning software engineers will have bugs in their code then and now. Valgrind and checkers such as PC Lint are demonstrating this. So do plenty of CVE exploits in Linux, Windows, Apache or VxWorks.
Memory Safety is an additional layer of safety and security. Just like ABS brakes help even the most experienced drivers.
Composite words are much more efficient than using a latin or greek one.
Also, they can be very precise.
KinderGarten
SchubKarre
MähDrescher (CutThresher)
FlugZeug (FlyThing)
FahrZeug (DriveThing)
AusPuff (where the Puff comes out of the car)
Of course the technique can be abused and perverted. The goal should be three or two words concatenated.
SpreizSpektrumFunkGerät is already questionable.
The CHERI concepts attempts to fix the lack of C memory safety by means of a superlarge and compute intensive hardware pointer.
Compared to memory safe languages, this yields weaker assurances and wasteful pointers.
A smart pointer on a 32 bit system will need only 32 bit plus a 32 bit reference counter in the pointed-at object. No need for cryptographic signing.
Also, memory safe languages can offer increased protection from multithreading race conditions. CHERI cannot do that.
Solve the following equation system: y=2x-z, y=10x-z-24, 2y=3x-2-z
To solve this system of equations, let's start by expressing yy in terms of xx and zz from the first and third equations:
From the first equation: y=2x−zy=2x−z
From the third equation: y=3x−z−22y=23x−z−2
Now, we can equate these expressions for yy and solve for xx:
2x−z=3x−z−222x−z=23x−z−2
4x−2z=3x−z−24x−2z=3x−z−2
4x−3x=2z−z−24x−3x=2z−z−2
x=2z−2x=2z−2
Now that we have xx in terms of zz, let's substitute this expression into one of the original equations to solve for yy.
Using the first equation:
y=2(2z−2)−zy=2(2z−2)−z
y=4z−4−zy=4z−4−z
y=3z−4y=3z−4
Now, we have expressions for both xx and yy in terms of zz. Let's substitute these into the second equation to solve for zz:
3z−4=10(2z−2)−z−243z−4=10(2z−2)−z−24
3z−4=20z−20−z−243z−4=20z−20−z−24
3z−4=19z−443z−4=19z−44
44−4=19z−3z44−4=19z−3z
40=16z40=16z
z=4016z=1640
z=2.5z=2.5
Now that we have found zz, we can substitute it back into our expressions for xx and yy to find their values.
From x=2z−2x=2z−2:
x=2(2.5)−2x=2(2.5)−2
x=5−2x=5−2
x=3x=3
From y=3z−4y=3z−4:
y=3(2.5)−4y=3(2.5)−4
y=7.5−4y=7.5−4
y=3.5y=3.5
So, the solution to the system of equations is x=3x=3, y=3.5y=3.5, and z=2.5z=2.5
Me: if ypu want to see a proper solution(1,3,5), use wolfram Alpha or implement the Gauss algorithm yourself.
Please compare all aspects of the do 31 and the v22
ChatGPT:
The V-22 Osprey and the Dornier Do 31 are both unique aircraft with VTOL capabilities, but they have notable differences:
Design and Purpose:
V-22 Osprey: Designed for military use, it combines the vertical takeoff and landing (VTOL) capabilities of a helicopter with the speed and range of a fixed-wing aircraft.
Dornier Do 31: Developed as a vertical takeoff and landing (VTOL) transport aircraft primarily for military use, intended to carry troops and equipment.
Configuration:
V-22 Osprey: Features tiltrotor technology, with rotors that can tilt from vertical to horizontal for both vertical takeoff and landing and horizontal flight.
Dornier Do 31: Utilizes a lift jet and lift engines to achieve vertical takeoff and landing, with wing-mounted engines for horizontal flight.
Performance:
V-22 Osprey: Faster and has a longer range compared to the Do 31, making it suitable for a wider range of missions.
Dornier Do 31: Slower and with a shorter range compared to the V-22, but it was designed for specific military transport needs.
Service History:
V-22 Osprey: Used by the United States Marine Corps, Air Force, and Navy for various missions including troop transport, medevac, and special operations.
Dornier Do 31: The Do 31 program was canceled after limited testing and development, so it never entered operational service.
Technological Legacy:
V-22 Osprey: Represents a successful implementation of tiltrotor technology and has been in active service for decades.
Dornier Do 31: Though the Do 31 program was canceled, it contributed to the development of VTOL aircraft technology, particularly in Germany and Europe.
Overall, while both aircraft aimed to fulfill similar vertical takeoff and landing capabilities, the V-22 Osprey has seen significant operational success and remains in service, while the Dornier Do 31 did not progress beyond the prototype stage
Me: apparently the quality level changes often. This time it correctly described the main difference. But it has one big factual error(speed), which clearly demonstrates the worm intelligence. The Do 31 is the speedier concept, as it does not have silly huge rotors. Its a real jet, unlike the V-22.
Also, not a single word about the horrible safety record of the V-22. It has killed more than 40 soldiers in accidents to date. Almost the definition of "pressed into service without reason"
It is not as bad as "you will die if you do not take this quick&dirty vaccine"*, but surely the motivation is identical: spin the money wheel for Nvidia, a major producer of ANN processors.
Current AIs have the complexity of a worm brain - about 10000 neurons.
Humans have in the order of 100 billion neurons. Even cats and dogs have in the order of 1 billion neurons, which is why we can have a deep, good relationship with them. We see their creativity, their expression of love, their kindness, their acrobatic skills and many more things.
Dont believe a word of Huang, software engineering can be one of the most demanding intellectual endeavours.
Just ask the AI to perform a task that it had not inside the training material and it will fail spectacularly. E.g. solve a linear equation system, write the complete Enigma source, compare+judge the V22 and the Do31. It will fail on all of these tasks.
* very much the opposite was true, statistically speaking
Parallel to the cable routes, pipelines should be a network of listening devices, similar to the SOSUS system. Also, active sensors(similar to the helicopter based active sonar) should be moored and connected along these routes. One sensor for each 3kms or so.
Any intruder could then be immediately "pinged" by the active sonar in order to scare him away.
If that is not good enough, an armed patrol aircraft (e.g. A320 MPA) must be dispatched to scare away the submarine.
All not cheap, but given the economic importance of these cables, it probably is worth it.
SACEUR has proven to be too weak in the face of the Russian and the Turkish threats to the EU.
For example, SACEUR could not mount a full-scale European Air Defence Exercise when Luftwaffe wanted this to happen. SACEUR should have pulled Spain, Italy, France, Britain, Germany, Poland, Romania and Greece together in a Single Unified Force for at least one week of exercise.
Instead, what we got was a half-baked show with part-time pilots from America and second-rate French participation.
So, we need to take matters in our own hands and set up a EuGenStaff, comprised of the top European officers. Each nation sends one man and the staff then elects a chairman from their group. Voting power in the EuGenStaff is determined by national defence expenditure or a similar metric.
Whenever the Turks, the Russians or anyone else poses a threat, EuGenStaff comes together in order to command all of their forces as a single, unified force.
Data stored in U.S. data centers might not be accessible for a bunch of weeks, if the security situation deteriorates for European companies.
A single submarine can do lots of damage in the Atlantic, before she is detected and neutralized.
It takes a few weeks to repair all damage.
Store all mission-critical data in data centers with landline connections to your company. Do not make your core business dependent on U.S. service providers who can only provide the service from U.S. data centers.
They can only express the problem, but no word about the solution. Typical of the EU drones.
The ugly truth about seaborne infrastructure is that it is hard to protect at large scale.
What can be done is to threaten retribution to any offender. "If you blow up my stuff, I will blow up some of your assets".
For that you need COJONES, something the EU is short of since 1945.
Actually, you can play Divide Et Impera with the EU nations and Britain.
Ankara, Moscow and others know this very well.
One should assume this vital system would be tested in a "workshop flight" by the installers. Over land, close to emergency airfields.
Secondly, on the flight to Hawaii, the pilots should have tried the bladder pumping system while their main tanks were 50% or more full. Then they could have turned around safely on malfunction.
Thirdly, Mr Brin should look the families in the eye, say sorry, share some tears and compensate them for the loss of their men.
He has got the money.
Finally, workshop errors happen in aircraft engineering. I know of such horrible stories from my father, a Luftwaffe mechanic. Mr Brin would definitely not be the first to be related to an aircraft crash.
<Cynicism>
Just hire a P.R. expert, who will explain that on average, Trident is 90% successful while the Russian competitor just manages 50%.
https://www.thetimes.co.uk/article/847157e3-1d73-465d-ac13-31ba10b33bce?shareToken=79fad8592272d94af782f42db46632a3
That is 10 times less expensive than an actual launch.
</Cynicsim>
https://www.thetimes.co.uk/article/847157e3-1d73-465d-ac13-31ba10b33bce?shareToken=79fad8592272d94af782f42db46632a3
The Americans claim 90% of their 191 Trident test flights have been successful. They also claim Russia has a success rate of just 50%.
Now, even a 30% success rate would constitute a credible threat, so this is indeed a storm in a teacup.
Having said that, the Minister of defence should demand reruns until the system demonstrates success.
Superpowers always want to use information to get their objectives done.
They can explain to you essentially everything if you follow their "tortured logic".
A day later they will explain the opposite thing because something has changed, including a change of their own plans and goals.
With electronic/SW control and inertial sensors it should be assumed that a modern torpedo knows its approximate position relative to the submarine at all times, even if the ejection from the tube went wrong somehow.
Then it is a matter of "fencing" to arm the warhead only when the torpedo is inside the "kill zone".
Same reasoning for SLBMs to ensure they fire the rocket only when they are clearly out of the water.
One can still use a strategic weapon to stop e.g. a tank breakthrough.
Besides Germany has Geschwader 33 plus B-61 nukes. Italy and Turkey have those, too. All it takes is the proper coded-secured command telegram with the nuke's unlock code inside.
Plenty of options inside the Flexible Response Doctrine.
We must simply show the Moscovites the rope for their self-inflicted hanging. Then they will change subject in a second.
Many officers onboard British submarines must agree that a nuclear strike is justified. For additional safety, coordinates are not loaded and must first be pulled from a plan inside a safe.
Justification either comes from high command by coded/secured radio or from the observation that Britain has been totally nuked. All communication channels(HF, VHF scatter, satcom) to other units dead.BBC no longer transmitting. Nuclear explosions recorded by sonar en masse.
Only THEN the ships crew are allowed to strike themselves.
The Russians also perform regular test flights of all missile types.
There is no single person who can launch an armed nuclear missile in Russia by his own "mad desire". Neither is it possible in the U.S. or the U.K. or France.
Moscow wants to play above their weight class by means of these insane, suicidal threats.
Whe should kindly ask them to check into a hospital for a few weeks. Never take the threat for real.
As always in the security field, defenders need to understand offensive tactics.
So the defenders("white hat hackers") should indeed use these AI tools to try to break into the systems to be protected. Also see "red team".
Having said that, AI is still "worm intelligence"(based on complexity and my real-world testing results) and the advanced tactics will still be developed by humans.
AI is essentially a neat form of automation of existing stuff. All the problems such as "hallucination" and "posing as perfect" will apply.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
