LWN: Comments on "The US military wants to understand the most important software on Earth (MIT Technology Review)"

Literary reference

CChittleborough — Sun, 24 Jul 2022 06:57:09 +0000

That civil war occurs in a satirical novel by the guy who wrote “A Modest Proposal”, an (in?)famous satire. I’m sure that amarao’s comment is also satire.

The US military wants to understand the most important software on Earth (MITTechnology Review)

riking — Wed, 20 Jul 2022 06:06:18 +0000

Ah, you're thinking about good tests. Machine Learning tends to be bad at both simultaneously.

The US military wants to understand the most important software on Earth (MITTechnology Review)

ceplm — Mon, 18 Jul 2022 06:33:06 +0000

Besides MIT is known to do anything which brings dough to them. And usually military projects bring a lot of it. After all they brought linguistics from that impoverished liberal arts college upstream just because DOD believed in the machine translation of the Russian voice communication. Yes, it was 1960s.

The US military wants to understand the most important software on Earth (MITTechnology Review)

mathstuf — Mon, 18 Jul 2022 01:53:49 +0000

I would guess it is mostly about code churn/noise from contributors flipping from one to the other.

The US military wants to understand the most important software on Earth (MITTechnology Review)

rschroev — Sun, 17 Jul 2022 22:15:55 +0000

Why do you consider preincrement a sickness? What are the arguments for preferring postincrement?

The US military wants to understand the most important software on Earth (MITTechnology Review)

IanKelling — Sun, 17 Jul 2022 19:35:09 +0000

Well, even this comment section: it doesn't encourage you to publish your name or anything about you. That is not about math. Lessig's book codev2 seems to give various examples https://commons.wikimedia.org/wiki/File:Code_v2.pdf

The US military wants to understand the most important software on Earth (MITTechnology Review)

mathstuf — Sun, 17 Jul 2022 13:05:46 +0000

Once C++ developers get more into the habit of `for (type x : c)`, hopefully that would stop happening :) .

The US military wants to understand the most important software on Earth (MITTechnology Review)

Wol — Sun, 17 Jul 2022 12:47:28 +0000

But they clearly don't know their hardware - even Windows runs on top of Minix nowadays ...

Cheers,
Wol

The US military wants to understand the most important software on Earth (MITTechnology Review)

ssmith32 — Sun, 17 Jul 2022 07:57:33 +0000

"It’s not much of an exaggeration to say that the whole world is built on top of the Linux kernel—"

No, it's turtles, all the way down. Clearly.

The US military wants to understand the most important software on Earth (MITTechnology Review)

NYKevin — Sun, 17 Jul 2022 05:46:01 +0000

Unfortunately, in C++, preincrement is sometimes more efficient than postincrement (usually when the variable is not a primitive type), and the sickness has spread from there back into C.

The US military wants to understand the most important software on Earth (MITTechnology Review)

NYKevin — Sun, 17 Jul 2022 05:41:13 +0000

In 2019, the US Air Force announced that it had just figured out how to launch a nuclear missile without using 8-inch floppy disks. My assumption, therefore, is that the word "understand" in the headline is, perhaps, an exaggeration, and the Pentagon actually just wants to verify that their dependencies are not full of random crap. Which is a legitimate concern, because everyone's dependencies seem to be full of random crap these days. They're couching it in terms of "threats" because that is how you get the US military to sit up and pay attention to you, not necessarily because they actually plan to put individual humans on a list or anything of that nature. I'm also rather skeptical that they'll get anything useful out of their buzzword bingo of machine learning keywords, but at least it's slightly less dumb than web3.

Source: https://www.nytimes.com/2019/10/24/us/nuclear-weapons-flo...

Ethically measuring a Free/Open project's ability to withstand malicious "contributions"

marcH — Sun, 17 Jul 2022 02:34:56 +0000

> I'm reminded of the UMN debacle, as one particularly ham-handed example of how *NOT* to go about designing an experiment to answer the question...

Well it's much easier if your final goal is to actually add vulnerabilities, not publish a research paper on how it can be done. People who did the former simply did not talk about it and the vulnerabilities they added are still there. If they get caught at some later point they'll just say "oops! Sorry"; C makes deniability very easy.

I've seen a lot of comments like this one about the experiment = blaming the messenger. Even when correct, neither interesting nor relevant. I haven't read much about actual security gaps in the kernel processes. I hope I missed that.

The US military wants to understand the most important software on Earth (MITTechnology Review)

farnz — Sat, 16 Jul 2022 13:45:02 +0000

Depends on the details of the test. We have a 2x2 confusion matrix of test result versus real result, and the false positive rate tells us how many samples fall in one of the 4 cells of the matrix - in this case, how many are in the "test says yes" column and the "real world says no" row. This gives us a decent chance of guessing at the behaviour of the system when the "test says yes", and when the "real world says no", but we need more data to be able to say something about the behaviour of the system when the "test says no" or when the "real world says yes".

In particular, it's common to have a low false negative rate with a high false positive rate, or vice-versa, since the underlying judgement is likely to be a confidence level and a threshold; if you set the threshold low, you have very low false negative rates, but very high false positive rates, while if you set the threshold high, you get very high false negative rates, but very low false positive rates.

The US military wants to understand the most important software on Earth (MITTechnology Review)

gerdesj — Fri, 15 Jul 2022 22:53:54 +0000

> Both quotes immediately triggered my "Snake oil" alarm.

Not half. The term "sentiment analysis" is causing my left eye to twitch and a vein to throb. I may go postal soon 8)

The US military wants to understand the most important software on Earth (MITTechnology Review)

Wol — Fri, 15 Jul 2022 21:10:22 +0000

> unlikely if your false positive rate is that high.

Well actually, if your false positive is high, then your false negative is likely to be low ... if your false positive is that high, you'll probably get 99 out of 100 real terrorists.

I can't remember the exact terminology, but tests either tend to be very good at picking up the target, OR very good at not picking up non-targets. Of course, Sod makes it very hard to run both tests over the same dataset :-)

(We had that with CoVid - tests were either very sensitive and picked up every genuine case along with a lot of false positives, or very specific and didn't pick up false negatives but let genuine cases slip through.)

Cheers,
Wol

The US military wants to understand the most important software on Earth (MITTechnology Review)

vulpicastor — Fri, 15 Jul 2022 19:55:37 +0000

When you see that sort of nonsense coming out of a well respected org such as MIT as a puff piece

The MIT Technology Review is editorially independent from other parts of MIT, so it’s inaccurate to lump it together with, say, the school’s PR department, which works for the leadership. In any case, for any sufficiently large organization, the left hand probably doesn’t know what the right hand is doing.

The US military wants to understand the most important software on Earth (MITTechnology Review)

Wol — Fri, 15 Jul 2022 17:07:33 +0000

> DARPA is the source of many important technological innovations, no doubt. As a taxpayer, I'd prefer that we just fund the research, and the funds not have to go through the military.

That's American Imperialism at work :-)

They fund lots of "military research", which has to go to American firms, and then scream blue murder when their companies are not allowed to bid for or buy up European research projects ...

Cheers,
Wol

The US military wants to understand the most important software on Earth (MITTechnology Review)

NYKevin — Fri, 15 Jul 2022 16:20:12 +0000

Here is my favorite demonstration of this principle: https://www.youtube.com/watch?v=vBPFaM-0pI8

The US military wants to understand the most important software on Earth (MITTechnology Review)

NightMonkey — Fri, 15 Jul 2022 15:34:06 +0000

I personally like it, and feel it is accurate and clear - which is one of the things I love about LWN. I'm a fan of returning the "Defense Department" to the "War Department", and I like clear, non-DoubleSpeak language. "The US War Department's Research Division" would perhaps be even better. :)

What is surprising is how propagandized the US and its allies are, in that we can accept DoubleSpeak almost everywhere.

DARPA is the source of many important technological innovations, no doubt. As a taxpayer, I'd prefer that we just fund the research, and the funds not have to go through the military.

And I like it when the press shows a dedication to clarity and accuracy, which is very rare today. And this is one reason I support LWN.

The US military wants to understand the most important software on Earth (MITTechnology Review)

NightMonkey — Fri, 15 Jul 2022 15:21:59 +0000

OK, I see your assertions. Thanks for sharing. But can you explain your reasoning behind your opinion? I'm genuinely curious where my flaw in reasoning here is, if there is one.

I think you should probably read the article before replying, though. :)

The US military wants to understand the most important software on Earth (MITTechnology Review)

Narusegawa — Fri, 15 Jul 2022 13:35:04 +0000

Extreme thoughts float in the heads of those who express them out of place.

Ethically measuring a Free/Open project's ability to withstand malicious "contributions"

somlo — Fri, 15 Jul 2022 13:34:23 +0000

I've been thinking about that for a while now. It's an interesting (and, if you think about it, important) question. Just not sure there's a good way to go about it ethically.

I'm reminded of the UMN debacle, as one particularly ham-handed example of how *NOT* to go about designing an experiment to answer the question...

The US military wants to understand the most important software on Earth (MITTechnology Review)

Thomas — Fri, 15 Jul 2022 13:24:49 +0000

Sorry. It is of course

Dark mode - Light mode

and not Bright mode, but you got the point.

The US military wants to understand the most important software on Earth (MITTechnology Review)

IanKelling — Fri, 15 Jul 2022 13:08:53 +0000

I didn't read the article yet, but I don't agree at all. I think your sentiment is true for most code, but there is also some very important code where it isn't true.

The US military wants to understand the most important software on Earth (MITTechnology Review)

amarao — Fri, 15 Jul 2022 12:46:28 +0000

Given that literature already has a story of a devastating civil war due to endianness disagreement, we surely can expect a rather bloody uprising from Devuan extremists.

The US military wants to understand the most important software on Earth (MITTechnology Review)

eduperez — Fri, 15 Jul 2022 12:37:58 +0000

> I understand that one must dumb down somewhat when communicating with the hoi polloi and other generally unwashed types but this is an article that clearly explains to children that we can't trust open source code because we can read it at any time. You can't blindly go around trusting something you can delve into and review yourself. You should allow adults to do that for you.

I think they are more worried about who wrote the code than who can read it:

> "The ultimate goal is to detect and counteract any malicious campaigns to submit flawed code, launch influence operations, sabotage development, or even take control of open-source projects."

The US military wants to understand the most important software on Earth (MITTechnology Review)

clugstj — Fri, 15 Jul 2022 12:26:57 +0000

The title is purposely inflammatory. Calling DARPA "The US military" is quite a stretch. It's a research project for deity's sake. Trying to determine if code that you depend upon has been tampered with is quite understandable. The methods may be flawed, but no one should be surprised that they are looking into it.

The US military wants to understand the most important software on Earth (MITTechnology Review)

taladar — Fri, 15 Jul 2022 11:05:01 +0000

Actually you would only get 100 terrorists if you have a 0% false negative rate which is unlikely if your false positive rate is that high.

The US military wants to understand the most important software on Earth (MITTechnology Review)

Thomas — Fri, 15 Jul 2022 10:17:31 +0000

Tabs - spaces
vim - emacs
CLI - GUI
sysvinit - systemd
case-sensitive FS - case-insensitive FS
Dark mode - bright mode

You name it, clearly hate speech and terrorists everywhere. There is a lot of intel for the military to gain.

The US military wants to understand the most important software on Earth (MITTechnology Review)

dottedmag — Fri, 15 Jul 2022 09:55:54 +0000

8% false-alarm (false positives) rate is... huge for such a small target.

A napkin math: if you have 1M participants, 100 participants are terrorists, and the test has 0% false negatives, then this test would drag in 100 real terrorists and 79992 falsely accused ones.

The US military wants to understand the most important software on Earth (MITTechnology Review)

adobriyan — Fri, 15 Jul 2022 09:41:14 +0000

Those preincrementing variables in for loop are very suspicious.

The US military wants to understand the most important software on Earth (MITTechnology Review)

nksingh — Fri, 15 Jul 2022 04:16:04 +0000

Or the people who like to nybble on their bytes from the big end or the little end.

The US military wants to understand the most important software on Earth (MITTechnology Review)

pabs — Fri, 15 Jul 2022 03:40:12 +0000

Wonder if this would have detected the influence campaign to move away from copyleft towards permissive licenses by corporations, which seems to have largely been successful unfortunately.

The US military wants to understand the most important software on Earth (MITTechnology Review)

gerdesj — Thu, 14 Jul 2022 23:38:24 +0000

Well at least the article stops short of accusing everyone of being closet commie bastards. Who on earth allowed that piece of tripe to worm its way out from the 1950s and rewrite itself in 2020s terms?

When you see that sort of nonsense coming out of a well respected org such as MIT as a puff piece then you know that you had better avoid being "undesirable" and start being a better person. This bloke: https://www.technologyreview.com/author/patrick-howell-on... is one role model for you who can trot out this sort of drivell without whincing.

I understand that one must dumb down somewhat when communicating with the hoi polloi and other generally unwashed types but this is an article that clearly explains to children that we can't trust open source code because we can read it at any time. You can't blindly go around trusting something you can delve into and review yourself. You should allow adults to do that for you.

I'm acutely aware of many of the flaws that turn up in FLOSS - I follow dozens of bugzillas etc and mailing lists that exhaustively discuss how to deliver next month's bugs effectively and on schedule. I have some insights into the sheer effort that say jra goes to to screw up my Samba experience or some of you lot do with delivering Linux and that corbet bloke and his dodgy website.

I also get to tread the Patch Wednesday (yes weds not tues - "let he who is without fear ...") treadmill with absolutely no idea what is going on but I do it anyway: yay - CVEs with serious sounding flaws and some jolly exciting write ups but I can't look at the code - its a bloody cargo cult thing. Getting to the bottom of some of the weirder corners of Windows is quite a challenge - for example: AdminSdHolder - who knew, until you knew! What a load of cobblers.

https://techcommunity.microsoft.com/t5/ask-the-directory-... - Why would you? That's wankery in action - We've bodged a solution/papered over some cracks and expect you to do some weird shit. Soz/lol, that's the thing you engage when you do things like create a service account that can only change passwords without being a domain admin. You fiddle with perms on a LDAP container object to give rights to a user type object and ADUC can't do that sort of thing (lol).

Anyway, I doubt that the US military hasn't noticed where their software is coming from nor how it is written.

The US military wants to understand the most important software on Earth (MITTechnology Review)

Wol — Thu, 14 Jul 2022 22:38:43 +0000

> Likewise, from today's Security quote of the week:

> > Detecting hate speech is a good proxy for terrorist radicalisation. In 2018, we thought we could detect hate speech with a precision of typically 92%, which would mean a false-alarm rate of 8%.

The follow-on to that is good, though ...

In 2022, now we understand the problem better, our ability to detect hate speech has gone DOWN...

Cheers,
Wol

The US military wants to understand the most important software on Earth (MITTechnology Review)

flussence — Thu, 14 Jul 2022 20:57:35 +0000

So to enact this understanding they're going to... outsource it to some of the least understandable software on the planet? Sure, throw some Machine Laundering at it, have the computer hallucinate an interpretation that reinforces existing (and probably horrifically bigoted) biases. Nothing good will come of this.

The US military wants to understand the most important software on Earth (MITTechnology Review)

Cyberax — Thu, 14 Jul 2022 20:07:30 +0000

Apparently, my idea is not novel. USPS has already done mail delivery via a rocket: https://www.popularmechanics.com/flight/a21601/usps-first...

The US military wants to understand the most important software on Earth (MITTechnology Review)

amarao — Thu, 14 Jul 2022 19:58:10 +0000

The best way to classify people is to see who is writing tabs instead of spaces. Those are very different groups with very little common ground and with almost no shared values.

The US military wants to understand the most important software on Earth (MITTechnology Review)

pebolle — Thu, 14 Jul 2022 18:40:29 +0000

> [T]he researchers will use tools such as sentiment analysis to analyze the social interactions within open-source communities such as the Linux kernel mailing list, which should help identify who is being positive or constructive and who is being negative and destructive.

Likewise, from today's Security quote of the week:
> Detecting hate speech is a good proxy for terrorist radicalisation. In 2018, we thought we could detect hate speech with a precision of typically 92%, which would mean a false-alarm rate of 8%.

Both quotes immediately triggered my "Snake oil" alarm.

(I do hope my alarm is calibrated correctly, because I find the approaches advocated in those quotes creepy beyond belief.)

The US military wants to understand the most important software on Earth (MITTechnology Review)

amacater — Thu, 14 Jul 2022 18:38:59 +0000

https://en.wikipedia.org/wiki/ICBM_address maybe? [Which in turn looks like a straight copy from the Jargon File entry].