It reminds me of the accidental Hawaii nuclear missile alert a few years back. AIUI, the button to test the system was in close proximity to the button to send the real thing.
Personally I was more impressed by the director being a dolphin, altho they coud've found better photo of him, he looks a bit fat.
But to be fair It's not that bad when you realize using flaps and gear is time correlated - you slow down, enable flaps, get near the airport, then put the gear down.
There is no "I want to put the gear down in situation when enabling flaps would fuck stuff up too much"
Am I missing something here? What's the headline supposed to mean? Is it a tongue-in-cheek gesture, since GCHQ routinely hoover up personal data and spy on both their citizenry and foreign countries?
I think it's a reference to "Hitchhiker's Guide to the Galaxy". Knowing Earth was going to be destroyed the dolphins leave, but they leave behind a message which when decoded translates to "so long and thanks for all the fish" (referring to how dolphins had trained humans to give them a fish when they did tricks).
It's a paraphrase or restatement of the phrase "so long and thanks for all the fish", the title of one of the books in Douglas Adams' Hitchhiker's Guide to the Galaxy series. Changing "fish" to "bits" is interesting, as it could be "just" a reference to life in the modern age and that this individual is leaving a techie oriented job that deals with "bits and bytes". Or it could be a really on the nose "joke" making light of exactly what you say:
"GCHQ routinely hoover up personal data and spy on both their citizenry and foreign countries?"
In addition to everyone who's given legitimate answers, it's also why they've used a picture of a dolphin and referenced "life, the universe and everything"
> one problem (in my opinion) is that it’s too easy to set up free hosting for your cybercrime site. There’s no friction and no risk to dissuade would-be-crims.
Sounds like an Inbound TCP License is next on the UK’s to-do list?
So maybe a B-17 pilot can explain: From the image, I can't see what the problem is. If you reach for the gear switch to put the gear down, but hit the flap switch instead and put the flaps down... shouldn't that be just fine? Wouldn't you want the flaps down during landing anyway? Shouldn't putting the gear down cause more drag than the flaps, so you're already prepared for any changes there too?
I researched this a bit and based on other sources the issue was accidentally putting the landing gear into the up position when meaning to put the flaps up. Presumably this would happen while coming to a stop on the runway? I have maybe noticed modern airliners do raise their flaps before fully completing braking? Not sure if I'm just making that up. I have barely any flight training but if I recall the main purpose of raising flaps quickly is to lessen the effects of wind from the environment and other aircraft from pushing you around. But the B17 is rather large. I don't know. All speculation.
I'm confused as well. I can't imagine a B-17 landing without flaps. I am a pilot, but never flown a B-17, so take it with a grain of salt...
You'd want both the gear and flaps down on landing, so both switches would be in the down position. If the switches weren't in sync, e.g. you need one switch up and the other down for landing, that would be a problem.
I am intrigued by the memory safety section. It’s a hot topic these days, right? So here’s an interesting thought experiment.
What if all these areas where we use memory-unsafe technologies were replaced by memory managed technologies like C#, Python, Go, etc. Sure, lots of things would run slower (raw TLS in Python, yay), BUT would there suddenly just be less exploits? Or is this area more of “Law of Conservation of Ugly”?
One of the big reasons that these garbage-collected type languages were not used on critical code was that the timing couldn't be guaranteed. You can't afford a massive L1 garbage collection just at the point you are trying to land a plane or disable a nuclear reactor.
Not sure whether this is still a problem now that computers are way faster but my own experience is that despite the resources available, our apps are slower than ever, even ones that do largely what they did 20 years ago like Word and Visual Studio!
> What if all these areas where we use memory-unsafe technologies were replaced by memory managed technologies like C#, Python, Go, etc. Sure, lots of things would run slower (raw TLS in Python, yay), BUT would there suddenly just be less exploits?
Yes. We'd see at least a 30% reduction in exploits, and in the overwhelming majority of use cases the slowdown wouldn't be relevant. Software in those areas would also get written a lot quicker.
The trouble is that there's no incentive to do this, at any level. Software would probably crash more (because one of the biggest ways memory-safe languages avoid security issues is by turning silent corruption into visible crashes). No-one cares if you deliver the project in 50% less time than it would otherwise take (you're still missing the schedule), but everyone cares if it's 50% slower on a meaningless microbenchmark. And C bros no longer get to slap each other on the back about what l33t h4x0rs they are. (I suspect, cynically, that one of the reasons Rust is the language that's finally getting to replace C, is that it's that rarest of memory-safe languages that puts an equal amounts of (mostly) pointless difficulty on the programmer).
I want the hardware to protect me perhaps with a key or handle or something. Talking to the hardware: Give me a block of memory that I can append to the end of. Another piece of code: Allow me to access that other block for read only.
Each piece of software has some sort of identification. Then the hardware throws an interrupt if a piece of software uses some memory incorrectly.
I was confused by the B17 fact; if you’re at the stage of lowering the gear (flying slowly), pulling the wrong lever and going full flap would do not much? Now if you were taking off and went to raise the gear and lifted the flaps instead, then that's a problem.
The comments about Heartbleed and OpenSSL suggest (to me) his behind the scenes thinking:
Airplanes don't fall out of the sky because transport safety boards do the analysis and the manufacturers follow their advice - the idea is only one planet crashes per type of mistake.
Well it's hard to get a group of open source developers to follow cleanroom techniques for free. I am guessing that the thinking is to fund the identified OSS groups.
101010, just for a fun reference I found this interesting mostly unrelated aside to the op and the connection to the book/movie reference from Hitchhiker's Guide, as related to "deepmind" and 42
> All of the Active Cyber Defence services are really treating symptoms, rather than underlying causes. I’m really proud of what we’ve achieved in the ACD programme and we've used it to force some systemic changes. But even that programme is about mitigating harm caused by the problems we see, rather than fixing the problems. We really need to get to the root causes and solutions to some of those really thorny issues.
Yes, absolutely!
For example we build all kinds of crazy things into our CPUs but don't make them safe because this would break compatibility with software design form the 1960s. That's pure insanity given the gigantic costs caused by the to this day unsafe computer architectures. We're talking here about hundreds of billions of dollars, every year. Still nobody wants to change anything.
But than the text goes on:
> For example, one problem (in my opinion) is that it’s too easy to set up free hosting for your cybercrime site. There’s no friction and no risk to dissuade would-be-crims.
Pure nonsense and propaganda!
First of all, there is no "free hosting" for cybercrime. If it would be free the whole following argument about economical initiatives for the hosting providers falls apart.
Also it seems someone wants to change the fundamental nature of the internet: A key principle of the internet is that everybody with access can provide services. So even if hosting providers would be strongly regulated the cybercrime gangs can still host their shit themself. (And because of initiatives some "illegal" unregulated hosting providers would pop up quickly anyway, as it actually the case already).
Fighting the root cause would in this case mean to restructure the internet to a fully state controlled entity. What this guy (indirectly) proposes it pervert! But of course nicely in line with everything the British government stands for…
It has reasons why our governments across the globe pushing for "everything online", payed with "digital currency" (this includes "plastic" and online banking and such, in the future "digital Dollars / Euros / Pounds" etc), and in the last step digital IDs bound to the vital internet access. The result of this is full control—a new age of slavery. (But at least there wouldn't be much cybercrime than; isn't that great? /s)
A much more favorable solution would be safe free hard- and software, so cybercrime would be infeasible by pure technological means (of course nothing can protect people from their own stupidity, but that's a different story, and not unique to the cyberspace). Such a resolution to the root causes means of course less power to the central governments and all power to the people making and using digital things. But I understand that governments aren't in favor of this and dream instead of the full control approach.
The article contains actually much more of the typical intelligence propaganda (or "narrative" how they themself call this kind of propaganda), as others pointed out here already. I would not consider this text anyhow honest.
> They were intended to provide more privacy to users from all sorts of parties, but mainly government and big tech companies. The problem is that DOH makes enterprise cyber security very hard and also damages things like ISP parental controls, and some filtering for child sexual abuse images
Man getting paid to spy on people complains about not being able to spy on people and uses the tried and tested "think of the children!" angle. Classic.
> Apple Private Relay makes law enforcement’s life much harder when looking at who’s visiting certain dodgy websites
Good
> but also potentially reduces the resilience of mobile networks because it messes with the caching strategies in place today and makes diagnosing problems harder.
This is a lie because the vast majority of internet traffic is already encrypted and hence un-cachable. Even if it is true, I don't care, we can trade caching for privacy, we did it with HTTP and the sky didn't fall.
> It also makes it impossible for those networks not to charge for certain data traffic because they can’t see which sites a phone is trying to visit.
Again, good.
Seriously. Fuck this guy and everything he stands for.
It's an unfortunate reality that the UK Government has taken a strong anti-privacy and particularly anti-DoH stance for ages. They've used every political and technical lever possible to prevent users from having any reasonable level of online privacy within the UK, and one of their favorite things to do is to trot out "non-profits" that focus on child exploitation to talk about anything that gives a user any semblance of privacy helps spread CSAM.
Just more of the same tired refrain from people using motivated reasoning who don't have any care for user privacy or the rights of individuals online.
ableal|3 years ago
scythmic_waves|3 years ago
[1]: https://www.ncsc.gov.uk/static-assets/images/blog-post/instr...
kitd|3 years ago
mastermedo|3 years ago
ilyt|3 years ago
But to be fair It's not that bad when you realize using flaps and gear is time correlated - you slow down, enable flaps, get near the airport, then put the gear down.
There is no "I want to put the gear down in situation when enabling flaps would fuck stuff up too much"
pmarreck|3 years ago
a_c|3 years ago
javajosh|3 years ago
sacrosanct|3 years ago
Am I missing something here? What's the headline supposed to mean? Is it a tongue-in-cheek gesture, since GCHQ routinely hoover up personal data and spy on both their citizenry and foreign countries?
jhauris|3 years ago
mindcrime|3 years ago
"GCHQ routinely hoover up personal data and spy on both their citizenry and foreign countries?"
It's hard to say which it really is.
ChrisRR|3 years ago
nibbleshifter|3 years ago
Its Ian ingratiating himself to the geek readership so they think he's one of them and not, well, a fucking ex government spook ;)
unknown|3 years ago
[deleted]
tellmelies|3 years ago
beardyw|3 years ago
beardyw|3 years ago
mwint|3 years ago
> one problem (in my opinion) is that it’s too easy to set up free hosting for your cybercrime site. There’s no friction and no risk to dissuade would-be-crims.
Sounds like an Inbound TCP License is next on the UK’s to-do list?
warmwaffles|3 years ago
Make sure you have a license for those bits.
AnIdiotOnTheNet|3 years ago
beeboop|3 years ago
chanandler_bong|3 years ago
You'd want both the gear and flaps down on landing, so both switches would be in the down position. If the switches weren't in sync, e.g. you need one switch up and the other down for landing, that would be a problem.
travisgriggs|3 years ago
I am intrigued by the memory safety section. It’s a hot topic these days, right? So here’s an interesting thought experiment.
What if all these areas where we use memory-unsafe technologies were replaced by memory managed technologies like C#, Python, Go, etc. Sure, lots of things would run slower (raw TLS in Python, yay), BUT would there suddenly just be less exploits? Or is this area more of “Law of Conservation of Ugly”?
lbriner|3 years ago
Not sure whether this is still a problem now that computers are way faster but my own experience is that despite the resources available, our apps are slower than ever, even ones that do largely what they did 20 years ago like Word and Visual Studio!
lmm|3 years ago
Yes. We'd see at least a 30% reduction in exploits, and in the overwhelming majority of use cases the slowdown wouldn't be relevant. Software in those areas would also get written a lot quicker.
The trouble is that there's no incentive to do this, at any level. Software would probably crash more (because one of the biggest ways memory-safe languages avoid security issues is by turning silent corruption into visible crashes). No-one cares if you deliver the project in 50% less time than it would otherwise take (you're still missing the schedule), but everyone cares if it's 50% slower on a meaningless microbenchmark. And C bros no longer get to slap each other on the back about what l33t h4x0rs they are. (I suspect, cynically, that one of the reasons Rust is the language that's finally getting to replace C, is that it's that rarest of memory-safe languages that puts an equal amounts of (mostly) pointless difficulty on the programmer).
animatedb|3 years ago
cjrp|3 years ago
lifeisstillgood|3 years ago
Airplanes don't fall out of the sky because transport safety boards do the analysis and the manufacturers follow their advice - the idea is only one planet crashes per type of mistake.
Well it's hard to get a group of open source developers to follow cleanroom techniques for free. I am guessing that the thinking is to fund the identified OSS groups.
Which is nice...
_carbyau_|3 years ago
Obligatory XKCD: https://xkcd.com/2347/
The only issue is who funds them all? UK? US? China? UN? Some body similar to WHO but for cyber?
unknown|3 years ago
[deleted]
KeyXiote|3 years ago
(0)https://oeis.org/A105281
still_grokking|3 years ago
Yes, absolutely!
For example we build all kinds of crazy things into our CPUs but don't make them safe because this would break compatibility with software design form the 1960s. That's pure insanity given the gigantic costs caused by the to this day unsafe computer architectures. We're talking here about hundreds of billions of dollars, every year. Still nobody wants to change anything.
But than the text goes on:
> For example, one problem (in my opinion) is that it’s too easy to set up free hosting for your cybercrime site. There’s no friction and no risk to dissuade would-be-crims.
Pure nonsense and propaganda!
First of all, there is no "free hosting" for cybercrime. If it would be free the whole following argument about economical initiatives for the hosting providers falls apart.
Also it seems someone wants to change the fundamental nature of the internet: A key principle of the internet is that everybody with access can provide services. So even if hosting providers would be strongly regulated the cybercrime gangs can still host their shit themself. (And because of initiatives some "illegal" unregulated hosting providers would pop up quickly anyway, as it actually the case already).
Fighting the root cause would in this case mean to restructure the internet to a fully state controlled entity. What this guy (indirectly) proposes it pervert! But of course nicely in line with everything the British government stands for…
It has reasons why our governments across the globe pushing for "everything online", payed with "digital currency" (this includes "plastic" and online banking and such, in the future "digital Dollars / Euros / Pounds" etc), and in the last step digital IDs bound to the vital internet access. The result of this is full control—a new age of slavery. (But at least there wouldn't be much cybercrime than; isn't that great? /s)
A much more favorable solution would be safe free hard- and software, so cybercrime would be infeasible by pure technological means (of course nothing can protect people from their own stupidity, but that's a different story, and not unique to the cyberspace). Such a resolution to the root causes means of course less power to the central governments and all power to the people making and using digital things. But I understand that governments aren't in favor of this and dream instead of the full control approach.
The article contains actually much more of the typical intelligence propaganda (or "narrative" how they themself call this kind of propaganda), as others pointed out here already. I would not consider this text anyhow honest.
unknown|3 years ago
[deleted]
laputan_machine|3 years ago
Man getting paid to spy on people complains about not being able to spy on people and uses the tried and tested "think of the children!" angle. Classic.
tyho|3 years ago
Good
> but also potentially reduces the resilience of mobile networks because it messes with the caching strategies in place today and makes diagnosing problems harder.
This is a lie because the vast majority of internet traffic is already encrypted and hence un-cachable. Even if it is true, I don't care, we can trade caching for privacy, we did it with HTTP and the sky didn't fall.
> It also makes it impossible for those networks not to charge for certain data traffic because they can’t see which sites a phone is trying to visit.
Again, good.
Seriously. Fuck this guy and everything he stands for.
tristor|3 years ago
Just more of the same tired refrain from people using motivated reasoning who don't have any care for user privacy or the rights of individuals online.
unknown|3 years ago
[deleted]
unknown|3 years ago
[deleted]
fangorn|3 years ago
unknown|3 years ago
[deleted]
wwalexander|3 years ago
[deleted]
tomcam|3 years ago
mellosouls|3 years ago
precedes that.
tomcam|3 years ago
tfsh|3 years ago