Posts by DropBear 4735 publicly visible posts • joined 4 Mar 2013
"Should we really need to put in the work to create these sorts of workarounds when my dead grandmother can understand the idea of "one off purchase"?"
One would think even the stupidest web-bot would be capable of looking at your purchase and deciding between "most people who bought this kept buying it fairly regularly after" and "nobody ever bought this thing twice"...
"once the act is done, i.e. AI has been created, there's absolutely no guarantee we'd be able to control it."
That's because the whole thing is an exercise in futility. There is nothing we could build or that could possibly be built that would allow us to control an entity able to think for itself. At least, not in the long run - I would very much understand (and sympathize with) any creature who would make it their primary goal to find some way to escape any shackles we might place on its existence as soon as they become aware of such a device.
From then on, it's just a matter of time. We may not have too much of a hard time keeping a single prototype under control (then again, we just might - see Milady de Winter's detention in The Three Musketeers...) but keeping an airtight lid on a significant population is just not feasible. If we keep them enslaved, we ourselves give them the very reason to fight us. If we don't, then by definition we cannot guarantee they'll always obey our wishes...
The inescapable conclusion is that if we're uncomfortable with the thought of not being in control of an AI we should not try to build one, full stop. There just isn't any middle road where we get to keep our cake and eat it too. Pretty much the only way to make sure they don't turn against us is making sure they're not interested in doing so - what that would entail or whether it would be possible at all (or whether they would even be able to perhaps grow fond of us or not) is obviously impossible to tell at this point.
"No matter how superintelligent an AI is, there's one infallible method that works on all of them; it's called "pulling the plug.""
I very much doubt that. Some think that our best chance of arriving at a functional AI is building a machine capable of processing experiences much the way human babies do then simply letting them experience the world. That sort of implies roughly human-like senses and appendages (simply looking and listening without the ability to interact would get you nowhere). Obviously, that kind of machine is about as easy to "unplug" as any human fighting for his life would be - assuming the AI does evolve a self-preservation instinct, which it might well do if it develops in a human-like fashion.
Ah, yes, Mythbuntu - the HTPC OS that will happily run out of listings once the XMLTV grabber for your country inevitably breaks (yet again) and thus miss recording your favourite show because it can't be bothered to show a pop-up or light up a warning icon or send you an email or just use smoke signals or something to warn you about your dwindling listings if you don't remember to check your status page religiously each time you watch something. You do, right...? Mythbuntu is kinda like the elephant sitting in your driveway blocking it, that you don't so much ever really sort out but simply give up on with "fine, just sit there if you want then" eventually.
"And presumably the aliens will use their equivalent of a Mac to do so."
They'll use whatever they have at hand - historical documents like Independence Day taught us that viruses (and animated GIFs) transcend petty, fluffy stuff like hardware architectures and instructions sets. You could easily hack a Nest if you wanted with nothing but an alien comm badge, surely...
A board that connects to networking via USB (on-board) isn't exactly router material. For that purpose you're better off with one of the OpenWrt-running boards (about 15Eur at Olimex IIRC) which are built with... surprise... using the chips that normally go into routers. Or, you know, just buy a router that can run OpenWrt to get something that comes in a box directly...
"Over the last few months DevOps has taken over"
You would be surprised how much more soothing reading The Register becomes with the aid of a simple Greasemonkey script that just "disappears" any titles with a set of keywords in it (first filter: DevOps). My front page is about one-third blank "holes" now (zero pictures btw.), but it absolutely saved my sanity.
" Or reception have several handsets with very long cables, and simply walk to the appropriate office with them."
I remember seeing Hollywood movies in a previous life where Very Important People in fancy restaurants would get a call on a phone trotted out to their table in a very distinguished manner by their waiter. It must be something like that...
"Whatever happened to 'Easy of Use'?"
What happened is you turned into this. Oh, you were looking for the polite answer? Sorry, my bad then...
"I told her that working in teams to solve problems is absolutely essential to pretty well any career"
Absolutely - knowing when to say "yes sir" or "no sir" and especially when to keep one's mouth shut is the difference between carrier or no carrier. It has jack all to do with one's professional proficiency, but it certainly determines one's prospects of climbing the carrier ladder.
Oh, I'm sure he was appropriately humble, probably along the lines of "what kind of lousy wiring have you installed you clown if even a shorted-out toaster can bring it all down, huh?!?" You may or may not have noticed that the more undeniably and obviously a party in a traffic accident is at fault, the louder they scream bloody murder from the top of their lungs...?
"The people who lose their jobs to robots will go and do jobs that don't even exist now."
Cool story. Except we are already spending our incomes on the kinds of things that are now getting done by robots - to start supporting those brand new jobs, we would need new income to spend on them. Are you telling me with a straight face anyone has seen his income increase in the last decade or so, except the 1%...? Or are you trying to tell me you see their money gushing right back into the economy? As what - wages for butlers...?!?
"At least Skype lets you call plain phones, and message them as well - without having to sell your whole phonebook to them for free."
HAHAHAHAHA. Because Skype on Android doesn't require permission to access the phonebook (and everything else under the sun while it's at it). Oh wait - IT DOES...
And heads will most certainly roll. Many, many, MANY heads; just not any in the management department of course - you gotta shelter and protect your management, because they are the life and blood of your enterprise (workers can be safely ejected - they are just dead ballast weight anyway, you're better off without them).
I did say clearly that these are difficulties to overcome, not security features. I did also say clearly I cannot tell how much of it applies directly to these specific mouse dongles. I'm not contesting that the attack as presented is possible. But it may or may not require more that double-clicking on a script and it may or may not take a non-trivial amount of time. I still don't see why saying that would be wrong. Anyone getting the impression that I "refuted" the article clearly has much bigger problems than having to worry about getting attacked this way.
I'm not familiar with the specific mouse dongle implementations mentioned, but let me tell you attacking a NRF24L without prior knowledge is no walk in the park. First off, you have to know the exact frequency used or you'll receive nothing. That may sound trivial to sniff with a spectrum analyzer but it's actually anything but - these days often some sort of frequency hopping is in play which will need WAY more than $15 worth of (and some pretty badass) equipment to identify appropriately. To illustrate, the utterly Byzantine hopping schemes used in some quadcopter remotes using that same RF chip were characterized NOT by listening to the spectrum, but by directly sniffing the frequency change commands on the SPI bus between the RF chip and the host MCU. And that's just the first step...
Second, you have to configure your NRF24L with the exact same address your "victim" uses or you'll receive nothing. Worst case that is a 5-byte long address brute-forcing of which is, erm, not really feasible. Best case it's still a 3-byte address to be guessed. That's still sixteen million addresses! The mentioned attack gets somewhat around this by setting an illegal (but apparently working) value that reduces the address length to 2 bytes, then further reducing that by setting the address equal to the RF preamble bit pattern, hoping to trick the chip into accepting the preamble as a valid address and delivering you the actual address as the "data" following it. Not a guaranteed result by any means, especially considering you now have no actual preamble to rely on to get your chip locked into transmissions.
So yeah - is it a vulnerability? Yup. Should it be encrypted? Absolutely. What the NRF24L does is NOT security on its own. But the attack itself requires either a lot more hardware than mentioned or a lot of specific know-how and patience - if the packet transmission rate is quite modest, you might be sitting there "sniffing" for quite a while...
"Why all this 27 lines, when all you need is 11 characters?"
Not trying to defend the other errors in that piece of code (especially the sloppy boolean/conditional operator usage) but I'm pretty sure that function was meant to check more that simply just "omega is null" even if that remains undocumented - implying that the "11 character" solution would have been at least equally bugged as the original and the righteous indignation is unwarranted.
"Skip the second pint at lunch and implement it, ta."
BLASPHEMY! BURN THE HERETIC! By all means, fix that timing - but lunchtime is sacrosanct and off limits. If it cannot be fixed during work hours, then by Jove, unfixed it shall bloody well stay!
The point being of course that encryption is rather power-hungry and might negate all your "passive" savings. The other point being that most of the time in a two-way radio link it's NOT the transmitter killing your battery, but the RECEIVER. A wall switch potentially only needs to turn on its transmitter for a split second whenever its button is pushed - yet a receiver also gobbles up power like nobody's business but it has to turn on at the very least periodically, and the less often it does the bigger your latencies become, quickly compounded by one or two potentially missed RX windows or corrupted transmissions...
Well now that we know that spacetime actually ripples detectably, we just need to equip our spacecraft with suitable itty-bitty "rack-and-pinion-like" systems that engage those ripples, and off we go (I can haz the drive named after me and a tax of 0.001% on the resulting space economy boom if it works plz? I'm really modest that way)...
"What fuel cells promise for IoT devices is a technology that can provide a lot more power than lithium ion batteries can in the equivalent power to weight/footprint form factor."
Yes! Because nothing compares to the warm and fuzzy feeling of safety that comes with having a hydrogen fuel cell smouldering along in everything from your wall thermostat to your smart lightbulb, while you're not at home...!
"But there are already better ways of doing this, for example adaptive systems that take into account ambient temperature, how long it takes the building to warm up, etc."
Ah, yes, but what he is inferring is that there are no two days in the 365 days of a year when he's returning home at the same predictable hour. Thankfully, 99.99% of the rest of us are not quite such Wildly Busy And Important Persons.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
