> I'm not aware of any jobs where physical robustness is the primary job attribute.
Not really disagreeing with you, but there are a few obvious examples. A lot of construction jobs are still labour intensive, and I've seen a lot of people who don't last the first day, let alone their first week. Also, security jobs, say in nightclubs, also value physical robustness. Orderlies in hospital, require the ability to move bodies, alive and otherwise. The machine is usually better.
There are a lot of jobs where physical robustness is an important job attribute. That's not the same as saying it's the primary attribute, though. You aren't paying that construction worker to lift things, you're paying him to place things correctly--a skill computers still fare quite poorly at. Lifting is not the focus.
Don't know the specifics of what the OP is referencing, but some police departments are experimenting with some wild tech. Check out the Baltimore "Spy Plane", for instance. It used high-altitude Cessna airplanes (rather than drones) equipped with a massive array of cameras, that recorded everything.
It allowed analysts to:
- Watch and record a 30-square-mile area of the city simultaneously, in real-time.
- If a crime occurred, they could "go back in time" to see where a suspect came from. Ie. track a vehicle from its destination back to its source.
- Or they could follow a vehicle "forward" in time to see where it parked,
identifying potential hideouts or residences.
Of course, it was recording everyone, not just criminals.
That’s not a meaningful issue here. Either snoop competently or snoop wire traffic, pick one.
In the snooping-mandatory scenario, either you have a mandatory outbound PAC with SSL-terminating proxy that either refuses CONNECT traffic or only allows that which it can root CA mitm, or you have a self-signed root CA mitm’ing all encrypted connections it recognizes. The former will continue functioning just fine with no issues at providing that; the latter will likely already be having issues with certificate-pinned apps and operating system components, not to mention likely being completely unaware of 80/udp, and should be scheduled for replacement by a solution that’s actually effective during your next capital budgeting interval.
A good solution is tackling it on both. At work we have network level firewalls with separate policies for internal and guest networks, and our managed PCs sync a filter policy as well (through primarily for when those devices are not on our network). The network level is more efficient, easier to manage and troubleshoot, and works on appliances, rogue hardware, and other things that happen not to have client management.
Sort of, but not really. It's more that people get complacent/ignorant when it comes to matters of power (they shy away), so by choosing to let go (a selfish endeavor) - a power vacuum is created, which others seize the opportunity for their own interest. In other words, democracy is not self-sustaining, it requires constant participation by everyone in order to sustain. As soon as people opt out, you have a minority determining things for everyone, and so you're no longer truly a democracy.
> I think it's fair to consider the entire binary a fair target.
Yes, it's still very much a bug. But it has nothing to do with your program being formally verified or not. Formal verification can do nothing about any unverified code you rely on. You would really need a formal verification of every piece of hardware, the operating system, the runtime, and your application code. Short of that, nobody should expect formal verification to ensure there are no bugs.
I read it as that’s also the point. Adding formal verification is not a strict defense against bugs. It is in a way similar to having 100% test coverage and finding bugs in your untested edge cases.
I don’t think the author is attempting to decry formal verification, but I think it a good message in the article everyone should keep in mind that safety is a larger, whole system process and bugs live in the cracks and interfaces.
You're right. It just seems as though it should be self-evident. Especially to those sophisticated enough to understand and employ formal verification.
It does seem that way doesn't it? But as software bugs are becoming easier to find and exploit, I'm expecting more and more people, including those not "sophisticated enough" to understand and employ formal verification to start using it
Then it would help to not introduce any confusion into the ecosystem by using a click-baity title that implies you found a bug which violated the formal specification.
I think we put too much negative emphasis on people who aren’t as gifted intellectually.
In reality, the world works because of human automotons, honest people doing honest work; living their life in hopefully a comforting, complete and wholesome way, quietly contributing their piece to society.
There is no shame in this, yet we act as though there is.
This is what pains me with how many people respond negatively toward the idea of everyone being able to earn an honest living and raise a family. Too often the idea of "deserving it" comes into it as if doing your small part to contribute to society is not enough.
Doing a repetitive(ish) task day in day out requires a specific type of person, I'm not one of them.
But I do know multiple, just in my immediate familuy. People who graduated from school, went to the local factory and worked there for half a century before retiring. Pretty much the same job, moving widgets from A to B etc, nothing massively complex. I do respect the people who can do it and especially the ones who make it look effortless and efficient - even a bit performative.
Also because my home town is a "factory town", guess where I worked for my summer job(s). I wanted to shove a hot poker in my ear just to get away from the tedium after the first day. On the second day I was thinking how to automate the damn process to not involve me in it at all :D
I'm not blaming you here, but I think "automatons" may be inaccurate. A lot of the jobs that seem menial would be utterly bollixed if done by an automaton. The people continually handle the edge cases and tiny discrepancies between formal procedures and how things actually work. Consider the many stories of people experience AI bots when they try to get vendor support for products. "Please let me talk to a real person."
Many of those people, probably including most bureaucrats, are working on systems that have already been automated to the fullest extent possible. This is one of the reasons why bureaucracies seem chaotic and inefficient -- the stuff that works is happening automatically and is invisible. You only see the exceptions.
The automation can be improved, but it's a laborious process and fraught with the risks associated with the software crisis. You never know when a project is going to fall into the abyss and never emerge, and the best models of project failure are stochastic.
Anyone doubting this need only spend 15 minutes watching people using the self-checkout lines at the grocery store to see how good a good checkout person is...
I was like, I went from waiting for a cashier who's an absolute ninja with the scanning machine, to fumbling with my own groceries and fighting with GLaDOS about whether it was actually placed in the bag, or how much it weighs vs. how much it's supposed to weigh. Which usually ends with me waiting for an attendant anyway. And this is supposed to be a win?
I love a dog and a cat and tree. I can respect someone not as intelligent as other folks. I'd love it we started holding the crude, mean and willfully ignorant to a higher standard.
Human automatons? Why would you have mercy for automatons?
Just call them cattle, we might feel more compassion towards them if we don't think of them as machinelike.
I don’t know why you’re being downvoted. Using that sort of terminology already shows you don’t care about them more than the sort of energy someone has saying they would never consider keying _their_ car.
People don’t need to be exceptional to have intrinsic value.
I’m here man. Just want to make money and support my family. Couldn’t care less what some German general thinks about me. Even less care about online clowns trying to put people in buckets.
That's a truism. But it ignores The Iron Law of Oligarchy, Pareto Principle, and dozens more that remind us that power tends towards centralization. It's currently fashionable to call out the billionaires, but if you removed them, they'd just be replaced by corrupt government officials, or something else.
That's not to say we should just throw up our hands and accept every social injustice. But IMHO we shouldn't go around simplistically implying that all social ills will be solved by neutering the billionaire class.
More importantly we shouldn't deny the rest of humanity benefits on the basis that the majority of the benefit accrues to the powerful. We should strive to change the distribution pattern, not remove the benefit.
The problem with billionaires is that they are able to hoard so much money by exploiting others. We would be much better off if billionaires weren't given so much advantage by Capitalism as those resources would be much more useful if distributed.
The biggest problem we currently have with billionaires is that they are now so rich that the world becomes like a game to them and some of them are deliberately pushing us to a dystopia where non-billionaires become functional slaves (c.f. Amazon workers).
Right, giving up is actually how these things end up becoming principles/laws. Power centralizes because people become complacent and ignorant on matters of power, so there ends up being a power vacuum, to which others seize the opportunity. But absolute power centralization almost never occurs, due to the delegation that is necessary to wield that power in practice, and so these two forces end up balancing each other. As such, the equilibrium point (or point of maximum entropy) ends up being some type of oligarchy. But anyone can take steps to address this and adjust this equilibrium point, but it takes active work.
I think to an extent Microsoft is the guilty party here. For may cracks Windows Defender will trip saying "Win32/Keygen" even if there's no actual malware
This trains people that do a lot of piracy to be used to turning off their antivirus to let something through, which is fine until it's not. It's like drugs, if we know a subset of the population will do them no matter what, we should make it safe for them to the extent we can. False positives, causing people to ignore actual positives, creates a market for these things.
Many years ago, even a "Hello World" binary that wasn't compiled by MSVC but by a GNU toolchain was detected as "suspicious" or "potentially unwanted", and in some cases automatically deleted. MS clearly has a different definition of "malware" than many people, and while it may overlap with a majority opinion (e.g. viruses and worms), where its opinion differs is used to push an agenda.
Software is the one thing I won't pirate since the risk of installing malware is extremely high. For media files, unless you are incredibly unlucky and someone is exploiting a bug in the media player, you are entirely safe. But for software you have no way of knowing how the software has been tampered with, and often there actually is malware in it.
Same. I used to pirate software but even way back I kept it limited to very popular software and established downloads (where if they were malware they were almost certain to be in a signature database by that point). And I absolutely never pirated an OS. I thought anyone doing that was out of their freaking mind because any malware there had ultimate access to block its own detection and do whatever else it pleased.
Now I don't do it at all. It's not worth the risk when I have the money to pay for the proprietary software that I like and when the ecosystem of open source software is very good.
Until recently the exception for me was music software/VSTs. I definitely did get a few infections over the years doing so, but after finding some safe sources it went pretty well. To some extent, I still see advise it, actually, just with purchasing first but never using the key, just because DRM in the music software world is so aggressively bad. iLok is a cancer on that industry.
I mean this is by design? It makes pirates more likely to get malware, and thus normal people more likely to pay for MS products rather than pirate? You may think its immoral but the incentives line up.
I don't think it's some conspiracy to make anyone more likely to get malware. Instead it's that for their business model of mostly being used on business PCs where the same dozen tools are installed all over the world they can be overzelous in protection and it is what most customers want. Really, they should leave the "piracy is malware" thing in defender, it should just be off by default if your PC isn't connected to a domain or setup as "work PC".
It's entirely possible to ship malware in source form... Just look at the numerous supply chain attacks. Nix is a cute project but entirely irrelevant here.
Burning an identity? Instead of hacking the server that serves the binary, you have to hack the developer's machine and commit a malicious source change.
I wouldn't consider either of them to burn an identity.
Not really disagreeing with you, but there are a few obvious examples. A lot of construction jobs are still labour intensive, and I've seen a lot of people who don't last the first day, let alone their first week. Also, security jobs, say in nightclubs, also value physical robustness. Orderlies in hospital, require the ability to move bodies, alive and otherwise. The machine is usually better.
reply