The "4 lines of code" attack, as described in the article, relies on physically hooking up a fake PLC to the targeted plant. I'd argue that if you have hostiles able to add a PLC to your plant undetected, then network security is not really your main problem.
753 posts • joined 24 Nov 2007
Here we have a device that's full to the brim of so much cutting-edge tech that it costs very nearly too much to be actually used, and they trip on logistics software? A problem that, while admittedly hard, gets handled by tens of thousands of companies worldwide every day, and has been for decades?
That's the first thing I thought. This is yet another instance of the good old caveat: a computer does what you say, not what you want.
Reducing the likelihood?
"Reducing the likelihood" of a software flaw doesn't exactly inspire confidence. Does this mean they don't know how to fix it?
I was wondering why that was considered a "warning" as opposed to "hope". Although I do realize that for a "bug bounty pioneer", IoT means job security.
Re: Mathematical modelling of sterotypes?
We didn't become particularly more or less arrogant than we were at any other time. Every age assumes that its beliefs are absolutely correct.
In which scenarios does the UK retain Access to the single market?
Re: Batteries are a stupid solution for EV's anyway...
You don't get to call a solution "stupid", unless you have a better one on hand, which you don't.
Re: We have the clueless leading the blind...
Actually, banning cars *would* drastically reduce car-related deaths, both accidents and homicides. The claim that "banning autos or guns won't stop evil people" is ludicrous; if you ban cars, car accidents won't disappear, but they *will* plummet to nearly zero and I can't imagine the amount of willful obtusity it would take to dispute that.
The difference between cars and guns is that cars have extreme usefulness besides killing people, so much so that it outweighs quite a lot of accidents. It's difficult to make the same claim about guns.
Re: phishing mails
The Prince of Nigeria knows English fine.
You can send tens of millions of phishing emails easily, but when someone takes the initial bait, the scammer then needs an actual person to reel him in. That's a limited resource.
So, untargeted phishing emails are purposefully hard to believe in order to ensure that only utter morons respond. Those are the targets you want.
Anyone who is smart enough to figure out that a badly misspelled email from a hotmail address has to be a scam, is someone that's unlikely to fall for it all the way to the bank. A well-written email from a credible spoofed sender could easily net thousands of those; no scammer can handle all of them. It's much better to select only the choicest cretins.
My prediction: they are going to introduce a worse UI, remove features, and introduce bugs. After that, there will be a very long period of time during which the UI will get gradually improved, features will get gradually re-added, and bugs will get gradually fixed. This will be called Progress and will be hailed as a Good Thing, because the Product is Not Stagnant Any More.
So their electronic warfare specialist managed to hack half of them while they were flying in? That's actually pretty awesome. Saves a pretty penny too, given that I'd wager the anti-aircraft missiles outcost the drones by at least three orders of magnitude (which is the whole point of this kind of attack).
If battery tech improves so that capacity is increased by 50%, you are not going to get phones that last 50% longer. Instead, you are going to get phones that consume 50% more, owing to more powerful CPUs that run more crap in the background, more powerful GPUs that run pretty animations, and more radios running for more time. Either that, or they'll just make them another fraction of millimeter slimmer. The actual duration of the battery seems to be a pretty low priority.
Praise the Omnissiah!
My standard explanation in these cases is "you've offended the Machine Spirit". This often seems to work just as fine for the end user as the technical answer, if not better.
Re: I don't get it
But it's not 2.2% more income for everybody; not sustainably. Not even nation-states can create money from nothing.
In a few years, in order to prevent the deficit from exploding, they will have to raise taxes again or cut something or both. At that point, if you are in the groups which get hit by the tax hike and/or public spending cut, then the net consequence of this tax reform will likely put you in a far worse situation than before.
Or, of course, they could just let the deficit grow; this will push the problem on to the next generation and make it much worse.
Unless the tax cuts result in such a big GDP increase that they pay for themselves, but that's crystal-ball logic. You can believe it, or not, but I wouldn't bet the farm on it.
Sorry, you honestly believe that deregulation can *improve* a monopoly scenario? Are you from some alternate dimension where the laws of economics are different? Monopolies are a textbook example of something that requires government intervention.
Re: Microsoft’s .NET, Java
I'm also very suspicious of this. Generally speaking, with any sort of automated code analysis, I would be very wary of making comparisons across languages, especially those that come with their own runtime such as Java or .NET. Differences in how the analysis is done would make any comparison irrelevant.
Re: Emulation ?
Parts of the .NET runtime use Win32 calls under the hood. There are subsets of .NET runtime that don't, if you target those then it should run with no emulation.
Re: Ancient assembler code checked out
True, but the specific bit of assembler that commanded those specific bits of hardware was probably never called with these specific parameters before.
Re: Why vote anyway?
If you get a headache, do you cure it with decapitation?
Re: open votes please!
Open votes would allow putting pressure on voters. Pressure makes a vote every bit as fake as altering the ballot, and would be far harder to prevent.
Re: open votes please!
Papers are easier to fake individually, but nearly impossible to fake at large scale. Because elections are a fundamentally statistical process, some localized fraud is bad, but not critical. Electronic voting, on the other hand, has the potential to allow large-scale fraud, which would be critical.
Re: Anonymous - why?
"So you have to choose which is more important: a FREE vote or a TRUE vote."
Arguably, they are both the same problem. Applying pressure to the voter or modifying the ballot after voting are both ways to tamper with someone's vote, making it neither free nor true, in both cases.
The point is that mitigating ballot fraud, while a significant challenge, is way easier than mitigating voter blackmail in absence of anonymity. Basically, introducing attribution is a cure that's worse than the disease.
Note that I say "mitigating" because you can never completely eliminate election fraud; the process is just too big. That's one of the reasons why it's important for as many people as possible to vote, even when they dislike every candidate. Reduce the statistical impact of fraudolent votes.
Re: Chain of evidence
Can't video record. Even if it was made to just show the voter's fingertips, that would still compromise anonymity, which is fundamental.
Agree that if you're using paper anyway, you should just get rid of voting machines altogether.
"beyond geopolitical to financial interests"
Interesting sentence there. It's a sad state of the world, that financial interests are implied to be more important than geopolitical.
Journalists at The Register actually bother to read the source, understand it, and write an article, as opposed to "journalists" on most of the web who just ctrl-C/ctrl-V as quickly as possible.
"recent trends showing a growth in equality"
Really? Where could I take a look at these recent trends?
Re: I propose another use for 666.
Android's "flag as spam", and similar functions, are still vulnerable to spoofed Caller IDs. Also, the malicious caller can still just call someone else. Flagging spammers at the telecom level is another game entirely.
"I'm surprised the boss didn't have an accident with the shredder."
Give it time.
After 7, I would expect the characters to finally realize that the Force has galactic history stuck in a repeating loop, and *that* is the problem they need to solve, before they run out of planets.
Also, the Commission is not "retroactively imposing taxes". There are treaties, which Luxembourg signed and agreed to, which state that you can't give preferential tax treatment to specific companies. Which means that this isn't a case of somebody making up a new tax and applying it retroactively; this is a case of someone *breaking the law* and getting punished for it. Which sounds absolutely fine to me.
The policy algorithm
Ask something. If you don't like the answer, ask again. If the algorithm times out, complain about sneering experts.
You don't run a simulation of every single electron. You run a gross approximation that's computationally cheap and good enough for the simulated humans' senses, and you only run the very fine simulations when you detect that some of the sims are performing quantum physics experiments.
Re: Searches, Searches...
If you're trying to argue that these searches are justified even in a free and democratic country, the comparison with China is not really helping.
Re: It is easier to automate the damn highway
Just a quick note, I'd be fine with having a single automated lane per direction, implying that everyone goes at lorry speed, if I'm allowed to not look at the road at all. I'd rather spend three hours doing something productive or sleeping, than two hours driving.
Re: It's not aliens
They don't need that much output to communicate, true. They do need that much output to blow up their enemies' stars, though.
1) I like the "rate my driving" sticker. Can we get something similar for human drivers?
2) If you claim that you're "95% of the way there, but the remaining 5% is difficult", then you are using the wrong definition of at least one of those words.
Re: Article 20 of the German Constitution strictly forbids ...
"The implication of Article 20 however, is far greater: It explictily forbids most of the EU organisations incl. the EU commission, the EU (fake-)parliarment, most the EU administrations etc. This is the real importance of Article 20."
Look, I get what you mean. But this is a political statement, not a legal one. If Art 20 really made the EU literally illegal, any number of nationalist organizations would have successfully challenged the EU on it. I know that calling something you don't like "inconstitutional" feels really good, but this is not really how law works.
Re: Article 20 of the German Constitution strictly forbids ...
That's not an obstacle. Germany just has to agree to enforce the decisions of the UPC. The enforcement would be done by Germans, thus respecting the Constitution.
You could argue that this violates the spirit of Article 20, but if you did, the same argument would apply to any number of international treaties. I don't think the courts would agree with you.
Total confidence is dangerous
So, mr. Governor is certain that the robocar is absolutely trustworthy. I wonder what will happen when a robocar inevitably runs someone over - because, statistically, the chance for this is 100% regardless of how good the software is.
Wouldn't it be better to just recognize that a robocar is successful not if it never causes an accident, but rather if it causes *less accidents than humans*?
I think XP was considered a very stable version of Windows - when compared to 95/98/ME.
Re: static vs dynamic typing
Finding a name that could actually be pronounced, instead of "ECMAScript", would have helped a lot.
"To derive a description of my credit rating from all the data about me, the program/filter/macro/neural net/AI must have followed a finite number of steps of sequence, selection and iteration."
Yes, and you can log them. However, there is only a single step. That step is a function call that takes as parameters your profile data - plus several thousand numbers that represent the network's weights. Those are the problem. The function's body is relatively simple; it just does some fairly trivial math on all of those parameters, producing a new set of numbers (which may be larger or smaller than the one you started with). This math is done in a single chunk; no divide and conquer here. This is iterated a small number of times; the final output is your credit rating.
The function does not encode the "reasoning" that brought the decision. That "reasoning" is encoded in the network weights, the thousands of parameters. Unfortunately, those parameters are nameless and have no semantics attached, because no human set them; they were set by the network itself during training. That would already be enough to make the process inscrutable.
But it gets worse. Not only you don't know what each of those parameters mean - they don't even *have* an individual meaning. There isn't one or a few weights that encode "prejudice against black men"; there isn't one parameter that is the weight given to your age. Rather, that information is encoded as relationships between weights. You don't know which ones, or which relationship. Which means that if you try to change one of them and run the function again in an attempt to see what your change did, you will find that the output is different for *all* possible inputs, because by changing a single parameter you have changed the relationship it had with *all* of the others.
Basically, yes, you can log everything the network does, and you can track the calculation, but this gives you absolutely no information on *why* it does it.
"A "no deal" situation based on WTO terms might be bad for the UK, but it will also be bad for those in the EU we trade with. It's a situation no sane person wants, unfortunately there are some within the EU who will push their political agenda over what's best for the economy of the EU."
Right. So if the EU offers the basic "four pillars" deal like it does to everyone else, and May refuses because her voters don't want Polish plumbers, picking WTO terms instead, that's perfectly rational, and absolutely not a political agenda.
It's good that people are at least talking seriously about staging. IMHO, until we get serious about staging, going anywhere will remain too costly and difficult to be done usefully.
Re: I'd equate Trump to Hitler but...
Won't work. If you somehow destroyed both major parties, they would be replaced by something absolutely identical at the first election. Maybe at the second election, but not later than that. There are reasons the winning parties are what they are; they are neither insane nor aliens. Nothing will change much until those reasons are somehow addressed.
Re: It's quite a small object
You're not just missing the point. You're missing the point's entire existence. Nobody is inventing new particles, or anything else; dark matter is not a particle. Or maybe it is, we don't know, and that's the actual point. Conceptually, "dark matter" is a question, not an answer. It's short for "the galaxies are slower than the theory predicts, but we haven't figured out how to change the theory to fit that yet... all we know is that the problem behaves a bit like oddly-shaped mass, except we can't see any."
The idea of dark matter as an *answer* comes from sci-fi, junk science, and the occasional anti-science troll who thinks that by misrepresting the scientific method hard enough, maybe he can justify his existance.
Interesting to see that most comments to this article have a single downvote. Makes you wonder if Battistelli reads The Register.
Re: Er, "new" particle?
Ah, but the two cars running bumper-to-bumper _are_ bonded, in a way, aren't they? The one in the back will constantly try to match speed with the one in the front. So they don't touch, okay, but they do stick together. That's a kind of bond, and it makes the two cars behave as a single object in some aspects. And you can call that a particle if you want. After all, the bits inside things we agree are particles don't really touch either.
(car crash comments in 3, 2, 1...)
Re: Long overdue
"Their only option is to become not free, to require paid subscription. If there is a financial arrangement with users, then there is a strong link to the user's identity too. Users wanting to post dodgy material are going to think twice about it, or wind up in jail.
That'll put a dent in their business model."
Well, yes. Too bad? If it turns out that there is no way to run Facebook without causing massive widespread infractions of the law, then Facebook dies. There are a gazillion business models that would be very profitable if not for those pesky environmental or safety laws, what are we going to do about that?
The government has the duty to force business models to include externalities. If at that point they die, it means they weren't sustainable business models to begin with. They can even run successfully for decades and be very liked by users before anyone notices, but that doesn't change anything.