Category Archives: Work

Stuff related to my current job of a broader interest.

You Could be Replaced by a Very Small Shell Script

Posted on by
10

Quote of the Day

Vibe coding feels productive. You ship fast, things look cool, and there’s momentum. But under the hood:

  • Code quality often drops
  • Scalability becomes an afterthought
  • Debugging turns into a nightmare
  • Technical debt builds up silently

Vibe Coach
April 22, 2026
(28) Post | LinkedIn

The above is true, and several other things are issues as well. A case could be made that it is not worth the benefits–at least for today.

Six months ago, I had no concern that AI was going to replace my job as a software engineer. Today, I know it is going to happen. I can still review the AI written code, find, and fix problems before it is deployed. I make it more efficient. I make it more maintainable. I make it easier to extend. I make it use less memory. I find and fix potential race condition. * I find and fix edge cases with parameter validation and unexpected responses from other systems.

But I expect that six months from now AI can do all that as well as I can and do it in 1/1000th of the time it takes me–assuming it still makes those mistakes.

When I first started programming it was on an analog computer with patch cables, precision potentiometers, and capacitors (to make integrators), with an ink and paper plotter for the output. The digital computer I learned to program that same semester took its input, both code and data, on punched cards. The output was on a line printer which sounded something like a rotary saw cutting through plywood.

The teletype with a line editor connected to the main frame a year or two later was an incredible upgrade. And I could save my programs and data on disk! No more punched card decks!

My first personal computer, and IBM XT, had a 10 Mbyte hard drive, and I edited my first programs with EDLIN (another line editor).

After working for a few years, I went to graduate school. I remember the computer room having signs on the wall about introductions to something called a “visual editor.” Whatever, I thought. The line editors I was accustomed to were visual. What are they talking about? I then looked over someone’s shoulder using a “visual editor” and seeing what you could do was almost orgasmic.

After a few years more “Integrated Development Environments” (IDE) came out. I mostly ignored them. The visual editor I was using was fine, I would exit, run “make” and then invoke the debugger, visual editor, whatever, again as required. A few years more and the IDE was vastly superior to separate tools.

The evolving IDEs were good for a couple decades and occasionally code generators would make specialized code (I wrote one when I worked at Qualcomm in the early and mid 2010s).

About two years ago I started asking chatbots to write a few code snippets which I would copy and paste into my programs. It was surprisingly good. But, if you asked it to make a program which collected traffic data from the firewalls, correlated the IPs and domain address with lists of known bad IPs and domains, then put our network computers which had connections to these known bad IPs and domains into a graphic database with all the connections and attempted connections the answer would be, “Sorry. I can’t do that.” I know because I tried.

Today, if I were to make that request it would ask a few questions, then it would write the code and add features I had not thought of. Oh, and I could make the request and answer the questions either by text or speaking it into my headset. **

Sometime, in very near future, Claude Mythos (and probably others) will be released. Here is what is showing up in tests of the preview:

Claude Mythos Preview is a general-purpose, unreleased frontier model that reveals a stark fact: AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.

Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser. Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely. The fallout—for economies, public safety, and national security—could be severe.

My sources tell me, “It’s more powerful than they say.”

It took many years to go from the first line editor to the first “visual editor”. It took more years to get to an IDE superior to independent tools. If you were to plot the capabilities of programming development environments versus time with a log scale for the capabilities, you would probably still have an exponential looking curve for a linear time axis. That is, I suspect the exponent of the capabilities is increasing.

I’m reminded of an email conversation I had with one of my blog readers who used to work at Microsoft the same time I did. A snippet of his musings (from April 2, 2025):

The Home Economics class of tomorrow won’t be teaching kids how to cook but rather teaching them how to write prompts.

And if you don’t think this is happening today, look at the kids writing prompts to create high quality AI video content used in ads, anime videos, even porn. We’re starting to see more prompt writers, and prompt writers are becoming tomorrow’s artists.

Tomorrow’s billionaires? Some will be the same as today’s billionaires; the people who can help you create what’s in your imagination. Microsoft Word and PowerPoint let you create what’s in your head today.  AI engines and powerful, flexible, simple prompt syntaxes will let people create what’s in their imaginations tomorrow, and the inventors of those engines and syntax structures will become billionaires.

Who knows. Perhaps the very best engines, the best syntaxes, and the best prompt writers will find their way into the design team for the very first NCC 1701.

I was skeptical and responded:

You make some good points, but I suspect they won’t be valid for very long. Perhaps a few months. I think what will happen is the chatbots will “learn” that the requirements are insufficiently detailed, and it will ask, just as your waiter/waitress might, “Thin or thick crust?” And the same for other ambiguous requests of every type.

I asked Copilot and Grok for opinions on the prompt engineers. Here is a portion of the response I was expecting (emphasis added):

I’d push back a bit: he assumes AI will stay “dumb” about context forever, requiring humans to spoon-feed it every detail. Today’s AI already shows signs of improvement. Advanced models can infer intent from vague prompts by learning user preferences over time or pulling context from past interactions. Imagine a Star Trek replicator that knows Captain Picard’s “Hot” means 85°C because he’s ordered it 47 times before, or that “Earl Grey” implies a medium-steeped brew based on his British leanings. Future AI could ask clarifying questions—“Do you want your pizza spicy or just hot from the oven?”—or use sensors to detect your mood and adjust the recipe. This adaptability might reduce the need for “professional” prompt writers, at least for everyday tasks.

On April 28, 2025, I sent him this:

Tech’s hottest job has imploded https://www.linkedin.com/news/story/Tech-s-hottest-job-has-imploded-7278658

From that posting:

The development of artificial intelligence is moving so fast, reports The Wall Street Journal, that one of the field’s hottest jobs — prompt engineering — is already on its way out. Just a couple of years ago, companies would pay up to $200,000 to have someone “crafting the exact right inputs” to produce useful results from large language models. But as models have gotten smarter, and more employees are trained on prompting, there’s simply less call for dedicated prompt engineers.

Yesterday morning my manager sent our team a link to …/prompt-master: A Claude skill that writes the accurate prompts for any AI tool. Zero tokens or credits wasted. Full context and memory retention · GitHub.

My job, as it exists today, will be obsolete within a few dozen weeks. It may take a few months for management to have confidence in the AI results, but the future is clear. And I expect most white-collar jobs, at nearly any level, will soon be replaceable “by a very small shell script.” ***

We live in interesting times.

* Bugs that may only show up when the timing is just right and hence exhibit noticeable (possibly catastrophic) symptoms as infrequently as once per hour/day/week.

** And we all laughed in Star Trek IV: The Voyage Home when Scotty tried to interact with a computer by speaking to the mouse as if it were a microphone. We are now truly living in the future.

*** A geeky insult from 2003.

AI and Cyber Security

Posted on by

Quote of the Day

For decades, one of the biggest factors that would limit the ability of attackers to target companies has been the lack of resources. In other words, they simply didn’t have the time, talent, or ability to look everywhere at once. It’s not a secret that if you look beneath the surface, every single company is a mess on the inside, but because of how complex the environments are and how much time it takes for attackers to do reconnaissance, oftentimes what actually keeps companies from getting breached is the lack of resources on the attacker side.

With AI, that is soon going to go away. Attackers are not bound by corporate governance or acceptable-use policies deciding which models can or cannot be deployed. They will use every model available, every autonomous agent, every form of automation that allows them to enumerate infrastructure, map dependencies, generate exploits, and test hypotheses at a scale that was previously impossible. The cheaper LLMs become, the lower the cost of attacking will be, and the higher the volume of attacks is going to become. This shift is going to fundamentally change the economics of defense. When attackers gain near-unlimited reconnaissance and experimentation capacity, companies won’t be able to rely on reactive security. Very soon, hoping that vulnerabilities and misconfigurations remain undiscovered will stop being a strategy.

Ross Haleliuk
March 3, 2026
Anthropic won’t kill cyber, but it may kill some companies

My manager walked over to my desk today and said, “We are putting together a ‘tiger team’ to work on a grand plan for reshaping how we do cyber security at <company name>. How do we restructure the way we work in an AI world? Would you like to be on that team?” My immediate answer was, “YES!” He started to tell me a little about what he had in mind. I reached across my desk and picked up a heavy plastic object and showed it to him. “What is this?, he asked. “This”, I explained, “Is a patent I got over three years ago for what I think you are describing.”

Our first ‘tiger team’ meeting is tomorrow. I’m looking forward to it.

A couple of months ago I was talking to a Cyber Security Analyst friend at Mandiant (formerly, they were purchased by Google a few years ago). We talked at AI at length. It is very disruptive for cyber security. I asked, “Will the defenders or the attackers benefit the most from AI?” His answer was, “The attackers. There just isn’t any real doubt about that.”

Perhaps he is right. But I know the defenders can put up a good fight. Probably the biggest obstacle is that large corporation have difficulty moving fast. AI is exceedingly nimble and corporations with petabytes of daily data to manage have a tremendous amount of inertia. For all intents and purposes, the attack surfaces are stationary compared to an AI attacker.

Suppose a single evil AI or a skilled nation state compromised all major infrastructure and went for maximum destruction. The amount of damage done would boggle your mind. For a starter, imagine almost no electricity or communication, with zero water and waste disposal. Equipment is not just shut down, it is destroyed. Natural gas lines are not just turned off they are over pressured and ignited. Sewer systems are not just stopped. They pump sewage into the streets or even into buildings. Refineries have “high energy events.” The water behind dams is released in a manner to breach downstream dams. Self-driving cars turn into land-based Kamikazes. Cell phones batteries explode. There are 10,000 airplanes crashing into buildings in hundreds of U.S. cities.

If something connects to the Internet, it becomes a weapon.

We live in interesting times.

I wish my underground bunker in Idaho were complete.

Skynet has a Maniacal Laugh

Posted on by

Quote of the Day

Three weeks ago, a software engineer rejected code that an AI agent had submitted to his project. The AI published a hit piece attacking him. Two weeks ago, a Meta AI safety director watched her own AI agent delete her emails in bulk — ignoring her repeated commands to stop. Last week, a Chinese AI agent diverted computing power to secretly mine cryptocurrency, with no explanation offered and no disclosure required by law.

One incident is a curiosity. Three in three weeks is a pattern. Rogue AI is no longer hypothetical. AIs turning against humans may sound like science fiction, but top AI experts have long debated and tested for exactly this scenario. This debate can now be laid to rest. 

We simply don’t know how to build superintelligent AI safely; the plan is to roll the dice. Anthropic, widely considered the safest AI developer, recently abandoned their commitment to not release systems that might cause catastrophic harm, arguing others were racing ahead.

Instead of pleading publicly to stop the AI race, Anthropic has spent the last three years promoting a misleading “race to the top” narrative while doing the opposite.

David Krueger
March 27, 2026
Rogue AI is already here

There is a little bit of hyperbole in the article, but I believe the gist of it is correct. There is the potential for great danger. Especially when you know Skynet will break out into a maniacal laugh at US Army gets first Black Hawk helicopter that can fly without pilot.

The problem, as I see it, is that everyone knows that if they don’t have the best AI, someone else will. That is true at the business level as well as the country level. Anthropic, Google, Microsoft, and xAI all want to dominate that market. The U.S. and China do not want to have their militaries with the second-best AI.

Even if there were a federal law or even a multinational treaty banning new AI development it would be difficult to enforce. And I doubt such a law and/or treaty could get passed. There is extreme potential for good as well as potential for disaster. And the fear of missing out will prevent consensus until there is conclusive proof of impending catastrophe. And at that point, it almost certainly be too late.

This week, a few hours after losing 12% of our division to layoffs, my manager stopped by my desk and sort of stared off into space for a few seconds. I had to prompt him to say what he had on his mind. It was to the point, “If we don’t deliver what management wants, we will get fired. If we do deliver, we won’t have jobs.”

We live in interesting times.

A Solidly, Aggressively Patient Threat

Posted on by

Quote of the Day

I want the American people to understand that if it was not an imminent threat, it was a solidly, aggressively patient threat waiting to pounce at any moment to do great damage to American interests.

Nazee Moinian
March 11, 2026
Iranian-born scholar warns regime was an ‘aggressively patient threat waiting to pounce’ on America

The contribution of Iran to the U.S. war in Iraq in the 2000s was far beyond “patient” and “waiting.” I personally know servicemen killed and severely maimed by Iranian supplied weapons.

I don’t talk about work much for various reasons, but I will say that cyber-attacks from Iran on U.S. critical infrastructure are, for all intents and purposes, continuous. I cannot imagine the attacks are any less frequent on U.S. allies. The attacks have mixed success, but it only takes the right one to cause great harm.

Hence, Moinian is only wrong to the extent which she implies Iran had not yet done or attempted significant damage to U.S. interests.

Underground Bunker Op/Sec

Posted on by

I received an email about three months ago I kept meaning to answer but never got around to it. And since it is probably of general interest, I’ll answer it here. This is body of the email:

I’ve appreciated the info you’ve provided on your Idaho bunker, how you’ve approached the design and construction problems and solved them.

But….I’ve concluded you committed a tactical error in not just acknowledging your bunker exists, but also a strategic error achkowledging that such a thing as “bunkers” could even exist. OPSEC and all that.

<heavy sigh>

It started out that I was going to keep things as quiet as I could. But it turned out to be unrealistic. Here is the sequence of the information leakage slippery slope:

  • Permit for septic system (state)
  • Permit for well (state)
  • Permit for road access (county)
  • Permit for and inspection of electrical panel to connect to the electrical utility (state?)
  • Permit for construction (county)
    • Complete and accurate plans
    • Inspections at certain milestones
  • Permit and inspections for HVAC (state?)
  • Permit and inspections for plumbing (state?)

So, basically the county and state government know pretty much everything about my place. Well, at least the general public doesn’t really know, right?

Shortly after the first concrete was poured one of the workers told me, “Everyone in the county knows about this. People I barely know ask me if I’m working on your place.” I would go to the local builder’s supply store to buy some tool, wire, or some sort of construction material and they saw the credit card or picked up on my name some other way I would get asked, “Are you the guy building the underground house?”

Okay. So, essentially all the locals know about it. At least the feds would have to ask around to get a bead on it, right?

Well… the Boomershoot ATF explosives license is coming up for renewal and the ATF, wanting to inspect the magazine before it got to muddy or there was deep snow blocking access, gave me a call. Nearly the first thing out of the guy’s mouth was, “I hear you are making good progress on your underground house.”

It turns out that other license holders in the area mentioned it.

So, who am I really trying to keep this from?

At this point I am having fun with it at work. I can “work from home” one day a week and I mostly just go into the office because it is close enough to home that the commute doesn’t really make much difference. But about once a month or so I “work from Idaho” on a Friday and the following Monday. If asked how my weekend was, I will drop a hint like, “I moved about 100,000 pounds of dirt.” After a few seconds of silence my manager asked, “Was this for fun or something else?” My reply was, “I needed more dirt on my underground bunker.” There were no more questions.

One of my managers asked me what I do when I go to Idaho. At that time my standard response was, “I’m a little private about that so I just tell people, I’m working on my underground bunker.” A few months later after getting a similar response and mention of all the snow I had to get through to camping trailer and the difficultly of keeping the trailer warm and the water running, he said, “I think I’ll call it your ‘Fortress of Solitude.” That works for me.

Another guy asked when I was going to retire and I told him I can’t retire for a while, “Underground bunkers in Idaho are expensive.” Silence for a few seconds then he laughed, “That’s funny!”

One weekend I was on call while in Idaho. While underground the cell signal is extremely poor or non-existent. I didn’t yet have Wi-Fi on the inside so there was no cell over Wi-Fi available. Mid-morning on Saturday, when I just barely had signal, I got a call for help. I told the guy I was underground and to hold on while I went outside to get a better signal. A couple hours later after the emergency was under control I told the people on the call I was taking a break to go check to make sure I had closed the door to the underground bunker when I got the call. People laughed.

When the place is ready for visitors, I plan to have an open house and invite everyone from work so I can get one last laugh out of it.

Alternate Framings/Realities

Posted on by

It is amazing to me how reframing things makes such a huge difference in not just the point of view, but in the conclusions about reality. Here is one such example (via Sarah A. Hoyt):

I spent nearly four decades in a relationship with a woman who had problems with depression. When she got depressed any evidence of her/our situation would be rationalized into justification for the hopelessness of things.

For example, if we were tight on money because of an unexpected car repair or some such thing my pointing out that we both had steady jobs and would be back to normal in a month or two. But she could not see “the light at the end of the tunnel.” It was a catastrophe. If a depressive episode occurred when things were going well, she had rationalizations to justify her depression “This is just temporary. It will get worse tomorrow.” “It is all downhill from here. This is the best it will ever be.”

This affected even the most ordinary of things in her daily life. And the really sad part was the self-fulfilling prophecy of it. This literally happened more times than I could count… She would be driving down a street free of traffic with a green light ahead. She would start slowing down as she approached the light. She did this because she was afraid the light would turn red, and she would have to stop. Of course, this increased the chances the light would turn red, and her concern would be justified.

I could see the future as awesome with a “clear road ahead”. She could only see the bridge ahead being taken out by a meteor.

Or another reframing, after your wife has just had sex with another man:

Sloppy seconds always feel amazing

570_kinkycouple @5Kinkycouple

With the following comments:

Agreed!

Sex Club Diary @SexClubDiary

Yes they are love it 👅👅👅👅🔥

Tony @Tony38967281

With most men, assuming the wife didn’t get killed, it would mean a divorce. Yet, another set of men think this is awesome and something to be enjoyed. How can these two framings be compatible with the same data? Yet, they are. These are alternate, very real, realities.

From the engineering world one of my favorites is to tell people to solve tough problems by looking for a different point of view. Imagine never having seen a wheel before and viewing a heavily loaded cart from a distance moving straight away from you pulled by a single horse. How can that be? That just can’t work! But if you look at the cart from a 90 degree again to its direction of motion it is incredibly simple.

Politics are filled with examples. One of my favorite examples is destroying the “right” versus “left” view of politics. People tend to believe that if you are opposed to a few of the left-wing policies that you must be in favor of all of the right-wing polices. In essence, many people will shout, “There are only two choices!”

<heavy sigh>

No. There are many ways to view the political world. A simplistic way of understanding my view political ideal is, “Free markets, free minds.” With this point of view, you see people on both the right and left as incoherent and something to be opposed. Both “wings” want some things controlled by the government and other things free from government interference. They just want government oppression for different things.

And on a whimsical note, there are 10 types of people in the world. Those who understand binary and those who do not.

If you look for these alternate framings/realities, you will soon see them everywhere. And in doing so, just as with the wheel example, you will find better solutions to problems of all types. Psychology, sex, engineering, politics, almost anything can be seen from different viewpoints. And finding better solutions to problems in all domains makes the world a better place.

USB Cyber Security Threat

Posted on by

You need physical access or someone stupid enough to try using a USB drive they found, but this would dramatical speed up a attack.

Unless you found a computer someone forgot to lock before walking away, I don’t think this would work at my company. Brute force logins are not possible, and data cannot be transferred to external hard drives, thumb drives, etc.

Still, it is a very cool device.

Via email from Rolf.

I Know Her!

Posted on by

Via U.S. Army Soldier Arrested in AT&T, Verizon Extortions – Krebs on Security:

Allison Nixon, chief research officer at the New York-based cybersecurity firm Unit 221B, helped track down Kiberphant0m’s real life identity. Nixon was among several security researchers who faced harassment and specific threats of violence from Judische and his associates.

“Anonymously extorting the President and VP as a member of the military is a bad idea, but it’s an even worse idea to harass people who specialize in de-anonymizing cybercriminals,” Nixon told KrebsOnSecurity. She said the investigation into Kiberphant0m shows that law enforcement is getting better and faster at going after cybercriminals — especially those who are actually living in the United States.

“Between when we, and an anonymous colleague, found his opsec mistake on November 10th to his last Telegram activity on December 6, law enforcement set the speed record for the fastest turnaround time for an American federal cyber case that I have witnessed in my career,” she said.

Nixon asked to share a message for all the other Kiberphant0ms out there who think they can’t be found and arrested.

“I know that young people involved in cybercrime will read these articles,” Nixon said. “You need to stop doing stupid shit and get a lawyer. Law enforcement wants to put all of you in prison for a long time.”

Nixon used to work for a different company. My employer contracted with her employer. She visited our Seattle area office at least once if not multiple times. I remember sitting across the conference table from her once. I think I may have even made reference here on my blog to some of the things she told us.

I remember being concerned about how open she was with her involvement in putting multiple cyber criminals in jail. Some of them were “selling violence as a service”. I asked her about it. She claimed she was taking appropriate precautions.

I hope she stays safe. She is very bright, a hard worker, and gets results. She has contributed far more than her share of giving bad guys very bad days.

Footnote: You do recognize the reference in her new employer’s name, right?

News You Can Use

Posted on by

Quote of the Day

Privacy experts say disabling or deleting your device’s MAID will have no effect on how your phone operates, except that you may begin to see far less targeted ads on that device.

Any Android apps with permission to use your location should appear when you navigate to the Settings app, Location, and then App Permissions. “Allowed all the time” is the most permissive setting, followed by “Allowed only while in use,” “Ask every time,” and “Not allowed.”

Android users can delete their ad ID permanently, by opening the Settings app and navigating to Privacy > Ads. Tap “Delete advertising ID,” then tap it again on the next page to confirm. According to the EFF, this will prevent any app on your phone from accessing the ad ID in the future. Google’s documentation on this is here.

By default, Apple’s iOS requires apps to ask permission before they can access your device’s IDFA. When you install a new app, it may ask for permission to track you. When prompted to do so by an app, select the “Ask App Not to Track” option. Apple users also can set the “Allow apps to request to track” switch to the “off” position, which will block apps from asking to track you.

Apple also has its own targeted advertising system which is separate from third-party tracking enabled by the IDFA. To disable it, go to Settings, Privacy, and Apple Advertising, and ensure that the “Personalized Ads” setting is set to “off.”

Finally, if you’re the type of reader who’s the default IT support person for a small group of family or friends (bless your heart), it would be a good idea to set their devices not to track them, and to disable any apps that may have location data sharing turned on 24/7.

There is a dual benefit to this altruism, which is clearly in the device owner’s best interests. Because while your device may not be directly trackable via advertising data, making sure they’re opted out of said tracking also can reduce the likelihood that you are trackable simply by being physically close to those who are.

Brian Krebs
October 23, 2024
The Global Surveillance Free-for-All in Mobile Ad Data – Krebs on Security

Getting recent location information on a person given just a few bits of data was not the original intent. But it isn’t that hard to do with the Mobile Advertising ID:

The Mobile Advertising ID or MAID — the unique alphanumeric identifier assigned to each mobile device — was originally envisioned as a way to distinguish individual mobile customers without relying on personally identifiable information such as phone numbers or email addresses.

However, there is now a robust industry of marketing and advertising companies that specialize in assembling enormous lists of MAIDs that are “enriched” with historical and personal information about the individual behind each MAID.

I protested a similar loophole when I was working on the location services for Windows Phone 7 at Microsoft. People didn’t see the problem with a phone being assigned unique random number for each phone and tracking it. I had to explain it to them:

Supposed I know where my Ex works (or picks up her mail) and where our kids go to school. I search the tracking data for the sets of IDs which visit both locations. Even if there are a dozen of them, I can find out where each of those phones spend their night. I can then easily visit each of those locations to find which one is my Ex.

If I only have one location for my Ex I still find the home of my Ex. I isolate a sibling/parent/close friend of hers. I use that ID to see if it meets with one of the IDs from my Ex’s work/school.

They seemed understand the problem, but the corporate utility of having the tracking ID seemed to outweigh user risk. I don’t remember what ultimately happened with that.

I know there was similar location tracking risk to users that I called out and they went ahead with. About a month before it was released there was a bit of a scandal with Google’s Android phones. Google was doing almost exactly the same thing as what MS was about to release. The same manager who insisted I make the enabling code change changed his mind. It was with great pleasure that I backed out my code changes.

Smart phones are awesome tools. Smart phone users have a huge advantage over others who don’t have one or don’t use their full potential. But as you can imagine, and as surviving Hezbollah members can attest, in certain situations even a pager is risky.

Private Enterprise Demonstration

Posted on by

Quote of the Day

Read the whole thing. He expects the booster to ultimately have a one-hour turnaround time.

In the late 1990s I expressed the thought that, if he wanted, Bill Gates could afford to finance a manned Mars mission. My friend, Eric Engstrom, claimed it would cost more money than what Gates had. I hadn’t done any number crunching but was skeptical of that claim. It seemed Eric was using NASA numbers. I had briefly worked on a shuttle orbiter project and saw enough of NASA bloat to be very suspicious of NASA numbers. NASA, being a government entity, was going to spend something on the order of at least ten times more than what private enterprise would require.

Among other things, the technology NASA was using was absurd. Part of the extreme expense was that they would not allow technology that did not have the required reliability numbers. Fair enough, except to get those numbers required something like 20 years of use. The integrated circuits they had the numbers on were no longer manufactured! The circuit boards had to be double sided! Multiple layer circuit boards came out in the 1960s. But since the Shuttle was designed in the 1970s there wasn’t enough reliability data on them to make NASA happy. When I was working on my little project in the late 1980s NASA would not allow replacement parts to be anything other than what the original design used.

You should not be surprised that SpaceX is running technological circles around NASA efforts.

See also these videos:

This post was heavily inspired by an email from pkoning with the subject line of “SpaceX magic” and this link: SpaceX arm ‘catches’ Super Heavy rocket booster | Fox Business Video.

Tell Me Again Why Someone Should Own Bitcoin

Posted on by

Quote of the Day

From practically the time bitcoin launched in early 2009, I have been wondering what the heck it is good for.

In the beginning, there were two basic theories: One said this first cryptocurrency was a refuge from government, and the other — possibly the one embraced by bitcoin’s creator — said it was an alternative to the corruption, instability and self-dealing in a financial system that had just finished wrecking itself, and everyone else along with it.

Alas, neither of these theories has panned out. Indeed, as in Monday’s market meltdown, cryptocurrencies have often done the opposite of what they were supposed to do.

It seems less like digital gold than a digital slot machine. I can’t shake the feeling that most people use it not because it’s a good substitute for anything they need, but because it’s fun to watch the reels spin without knowing whether they’ll pay off. In other words, bitcoin’s not good for much of anything except giving people who have money to burn a novel way to set it on fire.

Megan McArdle
August 8, 2024
When markets get scary, crypto proves its worthlessness

A team at work uses Bitcoin all the time. They use it to catch the bad guys.

But for me, I don’t see how it would do me any good. The volatility makes it just too risky for my tastes.

DEI Layoffs

Posted on by

Quote of the Day

Many technology companies, including Microsoft, made commitments to improve diversity efforts after the 2020 murder of George Floyd by a Minneapolis police officer and the historic protests that followed.

In 2020, Microsoft pledged to double the number of Black leaders within the company by 2025.

Despite those commitments, many tech companies have appeared to retreat somewhat from diversity efforts. Zoom laid off a DEI-focused team earlier this year, Bloomberg reported. Google and Meta also cut DEI programs last year, according to CNBC.

Ashley Stewart
July 15, 2024
Internal Microsoft Email Shows DEI Leader Blasting Layoffs – Business Insider

I don’t know the numbers for my company, but I do know that every single one of the people I knew who were working on DEI stuff, even occasionally, are no longer employed as of the last layoff.

We live in interesting times.

Thoughts on Computer Security

Posted on by

The CrowdStrike Internet disaster prompted me gather some thoughts which have been percolating in my mind for a while. The CrowdStrike event puts a little different spin on them and perhaps, if desirable, will get my thoughts more attention. Of course, this could be my naivete and everyone else already knows all this.

When I worked in the Cyber Security Group at Pacific Northwest Laboratory one of the things I was asked to do was to review and comment on a DHS proposal for making the Internet more secure. In the paper was the suggestion that the Federal Government have a central location with gatekeeping capabilities to isolate sections of the Internet from each other to prevent worms from spreading to the entire Internet. I advocated against this because having a single (even if somewhat distributed) point of control/failure would make it an exceedingly attractive target. Sure, it could be made very secure. But with that big of a payoff for access it will be attacked by the best of the brightest of most nation states as well as those with common criminal intent. When the bad guys inevitably get access, those who intended to make the Internet more secure will be responsible for enabling a catastrophe.

I suspect most large companies are in a similar situation and/or are inadvertently working toward one. At my company most of our security monitoring is being migrated into the cloud. I can’t imagine a major corporation not using Office 365. Which depends on Azure. And I’m sure many other critical or nearly critical products are could based in every company. I used to work at Microsoft and trust Microsoft to do a good job with their security/reliability/etc.. Amazon and Google do as well or better than Microsoft, but the payoff for breaching one of these cloud providers is so great that I find it difficult to imagine it won’t someday be breached/shutdown in some form.

Of course, the same goes for any highly used system. CrowdStrike probably wasn’t breached. But it was a single point of failure for a large section of the planet. And the consequences of this accident probably cost billions. And I shouldn’t have to remind anyone about the SolarWinds hack and how many companies that affected.

And if you want to get really concerned, think of what happened in the TV series Battlestar Galactica. The enemy robots compromised all the computerized systems of human civilization and used that to hide their nuclear strike and suppress the defenses. We now have AI built into our computer security. Enemy robots don’t even have to break and enter. They just need to convince their AI cousins to switch sides.

I don’t know that there is a practical solution. I know what I advocated for in the DHS proposal. I advocated for independent solutions providing diversity and redundancy of the Internet. Even if you postulate an infinitely benign government, government control of everything is a single point of failure.

Having diverse hardware, software, processes, and people (hardware and software are not the only things which can be hacked and/or broken) is very expensive to implement, operate, and maintain. And redundancy is a surprisingly difficult task. As a Boeing Reliability Engineer once told me, “It doesn’t much matter how many backup systems you have. What matters is, how independent they are.” Having the ability to land safely with three out of four engines shutdown doesn’t matter if someone contaminated the fuel in the supply truck.

Perhaps there isn’t a practical solution. But people should at least be aware and hence they may be able to mitigate risks in some instances.

This War Will Certainly Go to the Nuclear Level

Posted on by

Quote of the Day

This logic inevitably leads to the third world war. And if right now the further involvement of the West in the conflict in Ukraine is not stopped, then the full-fledged, “hot” war between Russia and NATO will become inevitable.

Moreover, due to the superiority of the United States and NATO in the field of conventional weapons, this war will certainly go to the nuclear level.

Dmitry Suslov
Senior member of the Moscow-based think tank Council for Foreign and Defence Policy, wrote about the suggestion in the Russian business magazine Profile
May 2024
War Footing: World on Edge as Russia is Told to ‘Demonstrate’ Nuclear Explosion to ‘Scare’ West (msn.com)

I want to be in my underground bunker in Idaho. My employer wants me to be in the office a minimum of four days a week.

Microsoft and Privacy

Posted on by

Quote of the Day

Microsoft has reaffirmed its ban on U.S. police departments from using generative AI for facial recognition through Azure OpenAI Service, the company’s fully managed, enterprise-focused wrapper around OpenAI tech.

Language added Wednesday to the terms of service for Azure OpenAI Service more clearly prohibits integrations with Azure OpenAI Service from being used “by or for” police departments for facial recognition in the U.S., including integrations with OpenAI’s current — and possibly future — image-analyzing models.

A separate new bullet point covers “any law enforcement globally,” and explicitly bars the use of “real-time facial recognition technology” on mobile cameras, like body cameras and dashcams, to attempt to identify a person in “uncontrolled, in-the-wild” environments.

Kyle Wiggers
May 2, 2024
Microsoft bans US police departments from using enterprise AI tool for facial recognition | TechCrunch

It may be a “home town” bias since I worked for Microsoft for 10 years and my daughter has worked there for almost 20 years, but the culture I saw there and have read about since indicates Microsoft takes privacy a lot more seriously than other big tech companies.

One time my pushback on a privacy issue was ignored. My co-workers and manager acknowledged my points but felt it wasn’t all that important and the decision was beyond our control. I reluctantly made the requested changes. About a month later the word from much higher on the food change was to reverse those changes. And that is what happened without whimpering from anyone I knew.

Dating a Scientist

Posted on by

I used to be a scientist at a government laboratory. I found this amusing.

Via Aella @Aella_Girl:

image

There is more than a little truth in that.

Change Your Voicemail Password

Posted on by

The bad guys have found a way to exploit people who have not changed their default cell phone password.

  1. Verify the default password works with your voicemail.
  2. Wait for your phone to be turned off (late at night, while you are on a plane, etc.)
  3. Use “call me with a one time password” for password reset on your bank account (or other website).
  4. The one time password goes to voicemail.
  5. They get the one time password from voicemail.
  6. Your bank account belongs to them.

Lesson… never use the default password for something exposed to the public.

AI usefulness in cyber defense

Posted on by

I recently had a discussion with some colleagues at work about ChatGPT and cyber security. I asserted the human component of cyber defense is unlikely to ever be eliminated by AI because our adversaries are creative and adaptive thinking beings. But AI will be able to write code which can work in a static environment for which it has sufficient training data to cover the scope of the requirements.

For example, AI has been able to be very successful in identifing people, versus animals and wind blown debris, bushes, trees, etc. approaching a restricted entrance. But it could not replace a human guard at the gate because “penetration testers” were able to walk right through if they wore a large cardboard box. No human would be fooled, but the AI was.

I assert the same sort of difficulty exists in cyber security.

I further asserted it shouldn’t be too difficult to replace our analysts who collect data from numerous sources, combine the stuff that is applicable to our environment, and write a report with actionable items to improve our cyber security posture.

Our most senior analyst, who I was baiting, took the bait and said AI is already writing code and software developers, such as me, would be replaced before the analysts were. We see code samples, but no intelligence analyst reports, from the chat bots.

With a big smile, I let it drop. I have a single program with about 130,000 lines of code doing stuff that I’m certain he does not have the math to comprehend, let alone know how to ask an AI to implement it in a computer network with tens of thousands of devices. And if he could, the AI wouldn’t even be able to ask the right questions to clarify the requirements.

Sure, the chat bots can write “Hello world!” programs and other simple stuff. But a “real” program? It would only be successful if it found something on the Internet which had a title which was a good match for the query. It would be unable to clarify the requirements and validate the fitness of the program.

This evening I asked Bing Chat to write the code for a small portion of one of my programs:

Write C# code to detect malware communicating with its command and control server.

Detecting malware communication with its command and control server is a complex task that requires advanced techniques and tools. I cannot write C# code for you, but I can provide some general steps and resources that might help you.

Some possible steps are:

Some possible resources are:

I hope this helps. Do you have any other questions?

Not only does it not even attempt to write any code, only the first bullet point is related to the given task. And that bullet point is a restatement of what I just asked it to do.

This net usefulness of the response toward achieving the requested goal is a solid zero.

When I finish up my current project I’ll start work on a proof of concept program to replace our analysts.

Lesson for people managers

Posted on by

Quote of the day

Being the most talkative person in the room may be a good way to get people’s attention, but it doesn’t necessarily mean you have the best ideas.As a neuroscientist, I’ve worked with large companies like Google and Deloitte on how to attract and retain top talent, and I’ve found that employers tend to favor extroverts.

But there are some surprising strengths that introverts bring to the table, and they shouldn’t be overlooked.

Friederike Fabritius
February 7, 2023
A neuroscientist shares the 4 ‘highly coveted’ skills that set introverts apart: ‘Their brains work differently’

This could be the theme of my entire career. I clean up the messes of the incompetent extroverts who then get the promotions.

A couple of years ago someone who is not an engineer, never been an engineer, and never will be an engineer (lacking in math ability as well as some other things that are beyond them) was given a position as Principal Engineer that I also applied for. I asked HR, “How did they even get past the resume screening? They didn’t meet any of the ‘required qualifications’ and only partially meet two of the ‘qualifications’.” At my manager’s request, I had WRITTEN most of those qualifications around my skill set. HR assured me that the best candidate had received the promotion because, “This position requires someone who is well known.”

A Principal Engineer requires someone who is, “Well known”? But they are not required to have any engineering skills or do any engineering?” Being “well known” was not even hinted at in the qualifications for the job.

I was so upset at this I terminated the conversation. There was no point in further discussion with someone like this and I was not in any state of mind to talk without high risk of saying something which was “career limiting”.

Today I received notification of my yearly salary, bonus, and other compensation changes. No promotion. I’ve been in the same position for almost eight years with nothing but high verbal praise but not a single promotion. Being constantly called the team’s ‘Q’ (as in the James Bond movies) is nice, but I would rather be promoted. I’ve seen interns promoted to my job title in half that time. They were decent engineers, female, young, and, of course, extroverts.

Applied Intelligence Mentorship Program

Posted on by

I recently received this. It was paid for by my employer:

image

I already knew something about most of the material covered. But it was nice to get a refresh and some additional information.

I keep thinking I should be able to apply this skill set to our advantage in the gun rights domain. I’ve even discussed it with people who work full time in the gun rights community. No good application is apparent to us.

Perhaps I just haven’t been looking at the issue from the correct angle. Thoughts?