Surprising lack of spam comments

And surprising popups of Crypto ones

So far I have this blog running for less than a year.

There are couple of things that I’ve expected to see:

  • Significant number of logging attempts – Check
  • Significant number of spam comments – Not check

Despite this, I have noticed that the spam comments that do get through are surprisingly sophisticated and appear almost human-like. These comments typically promote Binance or other crypto addresses, as on example below:

I presume that it is some form of automated bot trackback spam that assigns random ‘comment’ text to a trackback link.

Purpose could be multiple: SEO backlinking, visit tracking, pure spam, etc.

But still fun to see the ‘praise’ in the comments πŸ™‚

George Carlin VS state-of-the-art AI

My current take on recent AI development is that it is getting more and more useful.

BUT, in the end, it is still a glorified, but novel statistics [1].

And whenever AI learns from human input, I find funny/insightful/dark quote from George Carlin:

Or in other words, current crop of AI cannot escape law of large numbers [3].

Especially in today’s world, you need very-very-very valid input sources vetted, by of course, error prone humans.
Even reviews for the simplest of stuff you can buy cannot be trusted as they are bought in bulk.
And as misinformation efforts are running loose in the wild, it is hard to keep sources clean.

Even for pure technical domains such as programming, ChatGPT has been banned by StackOverflow [2] due to high percentage of only looking correct answers.

And some fun chat-bot responses from history characters πŸ™‚

https://twitter.com/RealESonneborn/status/1615794316504440839

Conclusion

So until AI can learn different real-life models instead of shoveling data into hundreds of billions of (statistical, black-box) parameters with insane compute power needs, it will just be useful statistics.

But there is a lot of room for research in how even today’s AI works, even on much smaller scale models.

References

[1] – https://towardsdatascience.com/no-machine-learning-is-not-just-glorified-statistics-26d3952234e3

[2] – https://meta.stackoverflow.com/questions/421831/temporary-policy-chatgpt-is-banned

[3] – https://www.investopedia.com/terms/l/lawoflargenumbers.asp

Weekly breakdown – 22w49d1

Programming

https://faultlore.com/blah/c-isnt-a-language/

Have you ever had luck/cry/luck to maintain C++ ABI compatibility between different linkable codebases, and found it fun? πŸ™‚

The more I worked with C, the more quirks popped up. Some fun, some not-so-much.

This text is a must read to anyone trying to maintain compatibility between platforms with useful insights from the wild.

And very rare praise to Microsoft as de-facto kings in platform backward compatibility.

https://stackoverflow.com/questions/7825055/what-does-the-operator-do-in-c

While we are still on C language and its quirks, what ??!??! operator does in C? πŸ™‚

I would not be surprised if this popped up as a question on ‘good’ interviews, which I would like to steer clear.

Recommended Tools

https://github.com/include-what-you-use/include-what-you-use

I came across this tool long time ago and found it quite handy, especially when working in C++ codebase.

Why? It has potential to one-time reduce your compile time insanely, by just removing include lines that have zero references from current code.
This is quite handy in C++ to limit number of translation units to be compiled, especially when small change in one header triggers big-but-unnecessary re-compilation chain.
And there is insane amount of header-only libraries or code-heavy headers that will exponentially fast increase compile time if not being careful what you include.

News

https://www.theregister.com/2022/10/31/opinion_column_relevance_in_business/

Interesting opinion about staying relevant with FOSS.

Weekly breakdown – 22w37d3

Security

https://darknetdiaries.com/episode/115/

Listen to the podcast episode and replace mentions of games with i.e. cars.
It should raise a lot of eyebrows.

It is really not hard to image black market for all kinds of:

  • Standard: Enabling features
    Example with BMW’s subscription for more smart headlights, or Tesla’s back seat warmers.
  • Scarier: Disabling features
    Usual theft protection, but also removing any safety limitations, like speed limit, alcohol checks, hands-off-steer check, etc.
    Even now you can buy speed limit disabling feature for even most expensive electric bikes with top-of-line security features that allows you to go from limit of 25 km/h to over 40 km/h where only limit is the battery capacity.

All of this already exists, but at the moment, is not the most scalable business.
To ‘pimp-up’ your current generation cars, you would need to go to a ‘guy’ or a shady shop to make changes.

But the cars are becoming ‘smarter’. Over-the-air updates and all new fancy features allows you to make changes remotely from any part of the world.

And there lies huge black-market opportunity for finding bugs and loopholes, as no software and protection is perfect.
Just check yearly Android bug-list and their severity, even if it is owned developed by all-mighty Google.

If there is a sprawling market for cheats for 50$ games, imagine an opportunity for ‘cheats’ in 50000$+ car.

It is not hard to imagine a 100% online subscription service that will allow you to receive all kinds of un-official ’improvements’ applied automatically to your car.

Thanks goes to Patrik ThunstrΓΆm for sharing this podcast gem and fun discussion πŸ™‚

Programming

https://calebhearth.com/fan-out-vs-fan-in

Another way how to look at code complexity and how to prevent it during design or in refactor.

As with everything, it should not be followed blindly, as the original complexity could end up moving into ever-evolving wrapper classes.
Check Law of Demeter for more information.

Big tech monopoly

https://cfenollosa.com/blog/after-self-hosting-my-email-for-twenty-three-years-i-have-thrown-in-the-towel-the-oligopoly-has-won.html

One more take on how big tech companies have taken over internet from original intent.
If you have ever found legitimate mail ending up in spam folder of your free mail service out of sudden, or not delivered, this is primary reason.

Old but gold: When the product is free, you are the product.

Fun

https://github.com/IdreesInc/Minecraft-Font

For the ones with kids or feel like one πŸ™‚

Fragile Manifesto

Go-to manifest, more often than not πŸ™‚

Weekly breakdown – 22w36d2

Programming

https://utcc.utoronto.ca/~cks/space/blog/programming/CAPIsEffectsOfMalloc

Important reminder to anyone writing C APIs and for the ones learning to use it.
It is also major source of security and stability issues when not handled correctly.
As a helpful guide when writing complex C APIs:

  • Explicitly define ownership of handled memory AND memory lifetime in API documentation
  • Always sanitize and check for correctness input parameters to API
  • Provide both at least one happy-case and multiple negative examples for using the API before any release
    When writing them, try to ask yourself what you would ask Stackoverflow πŸ™‚
    This will help you understand usage patterns

    Note: The easiest part is to create an API, the hardest is to change it in production.

https://thephd.dev/c23-is-coming-here-is-what-is-on-the-menu

Finally the C language it getting proper modern ‘face-lift’ that will potentially help and alleviate bunch of manual work and increase quality of written code.
Lets see if it will fizzle-out, or it will gain traction (looking at you, compiler vendors πŸ˜‰ ).

https://docs.google.com/document/d/16B36r0HksR0LqQAGLA1syYCtZvYaVC0hEF2D00ZAd0o/view#

Highly informative document for anyone switching between C and C++ and pitfalls of using same or similar approaches from one language into another.

https://luckyresistor.me/knowledge/learn-cpp/

To anyone interested in learning C++, with focus on usage in embedded environment.
Good comments especially valid to all related constraints and best practices for embedded implementation.

Fun

https://matthewbilyeu.com/blog/2022-09-01/responding-to-recruiter-emails-with-gpt-3

Fun use of GPT-3 to automate ‘handling’ of recruiter messaging πŸ™‚

Weekly breakdown – 22w32d1

Programming

https://nnethercote.github.io/2022/07/27/twenty-years-of-valgrind.html

For the ones writing low-level and/or in ‘unsafe’ languages, Valgrind is one of the tool suites to use regularly.

Linked text from one of the creators of Valgrind provides brief of its interesting history, and more importantly, links to high quality papers describing how Valgrind actually works under the hood and is able to to what it does.

Note that Valgrind is not the only good tool that Nicholas and Julian have made.

Security

https://arstechnica.com/information-technology/2022/07/researchers-unpack-unkillable-uefi-rootkit-that-survives-os-reinstalls/

This is expected development since obfuscation-as-a-security method failed spectacularly in hack of Intel Management Engine in the motherboard chip-sets.

News

https://www.bloomberg.com/news/articles/2022-07-25/porsches-postponed-by-buggy-software-cost-vw-s-ceo-his-job

One of the first big names in car industry to be ‘eaten’ by software.

As all modern car manufacturers are moving to become software first company, they are also learning hard lessons that:

Current state of software engineering is less engineering and more craftsmanship, with all its implications on quality, planning, timelines and ‘manufacturing’.

The software craftsmanship is a separate topic for another day πŸ™‚

Weekly breakdown – 22w28d2

News

https://www.theguardian.com/news/2022/jul/10/uber-files-leak-reveals-global-lobbying-campaign

Expected news for the ones that have followed news and shenanigans around Uber.

It also blatantly shows how easy it is and what can be done with influence and money even in the first-world countries.
For better-or-worse, lets hope that ‘limitless’ growth-first VC money dries up, and actually moves to profitable AND people-helping industries.

Bonus links:
https://marker.medium.com/how-the-uber-economy-is-killing-innovation-prosperity-and-entrepreneurship-7222982cd457
https://www.innovationaus.com/uber-concedes-deception-prepares-for-26m-accc-spanking/

https://www.nytimes.com/2022/07/11/technology/elon-musk-twitter-damaged.html

Expected lose-lose news for anyone involved in the destined-to-fail Twitter deal.

The onion covered it good πŸ™‚
https://www.theonion.com/elon-musk-tries-to-back-out-of-twitter-deal-by-deleting-1849169663

https://www.smartcompany.com.au/startupsmart/analysis/atlassian-unprofitable-valuation-adam-schwab/

Atlassian continues with its slide into the red.
After recent little-to-say-embarrassing outage of some of their cloud products, there might be more rolling behind the scenes.

On a personal level, I actually prefer Redmine as more usable (but not modern) UX compared to Jira as a white-space hog.
And there are newcomers that are already using perfect storm to disrupt Attlasian.

And on a funny Jira note πŸ™‚ https://ifuckinghatejira.com/

Weekly breakdown – 22w24d3

Automotive

https://fortune.com/2022/06/10/elon-musk-tesla-nhtsa-investigation-traffic-safety-autonomous-fsd-fatal-probe

The more cars Tesla sells, the more issues will be found, and not just technical ones.

It is hard to escape law of large numbers and Gaussian bell curve, especially the more organization grows.

And the below quote paints potentially damning decision how ‘Autopilot’ functionality handles itself in accident situations.

(really short rant ahead)

In general terms I consider Elon Musk as a quite smart guy with extremely good sales and marketing talent.

But sales is usually selling features that are not (yet) there and/or overblown capability of existing functionality.

Just look at the naming of ‘Autopilot’ feature of Tesla cars with actual level 2 autonomy.
If you check the meaning of level 2 autonomy, ‘Autopilot’ is in no way autonomous and ‘auto’ as the name strongly suggest.

Heck, Tesla has been already surpassed by Mercedes and Honda with limited, but legally approved level 3 automation mode, where the car manufacturer is actually responsible in case of accident when it is enabled and running in command.

Old-school car manufacturer juggernauts are slow (some will crash and burn), but will eventually catch-up and overwhelm Tesla unless it comes up with something radical, and so far nothing is announced.
And if it we’re, Musk is famous for over-promising and under-delivering on those, for those who follow.

And the famous Tesla bots will not be able to help it.

But I have been wrong, and it will be fun to watch πŸ™‚

Fun

https://www.tomshardware.com/news/working-lego-computer-brick

Make your own fully functioning Lego computer block πŸ™‚

Weekly breakdown – 22w22d3

Security

https://kenkantzer.com/learnings-from-5-years-of-tech-startup-code-audits/
Highly distilled and valuable knowledge about security and securing software from-first person audit experience.
Anyone who is interested in improving security (and everyone should) should at least glance through.

https://www.zerodayinitiative.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results
Notable results:

Sandbox escape on Tesla Model 3 Infotainment System – Important due to fact that significant amount of car information is consumed, but also produced by the infotainment system, possibly leading to much significant compromise of safety relevant components of a car

Sandbox escape on Microsoft Teams – Important due to enormous presence of Teams in high variety of companies due to free(ish) model included in Office suite.

https://www.feistyduck.com/bulletproof-tls-newsletter/issue_89_certificate_transparency_data_is_used_to_compromise_wordpress_before_installation
How security improvement can have not-so-good side-effects when setting up your standard WordPress (or other web apps) installation.

https://www.lightbluetouchpaper.org/2022/01/19/security-engineering-course/
https://www.lightbluetouchpaper.org/2022/03/18/security-course-at-cambridge/
Free quality lectures going through fundamentals of security and hands-on approach on gaining security experience. And students from few countries can apply for course access in full and free.
Best learning is when you get your hands dirty πŸ™‚

Funny

https://rubenerd.com/git-ignores-gitignore-with-gitignore-in-gitignore/
Sort-of-recursion πŸ™‚

Weekly breakdown – 22w20d2

Security

https://research.nccgroup.com/2022/05/15/technical-advisory-tesla-ble-phone-as-a-key-passive-entry-vulnerable-to-relay-attacks
https://duo.com/decipher/researchers-demo-relay-attack-against-bluetooth-le-systems
More and more successful real-life attacks will happen on Bluetooth protocol features unless additional layer of security is used.

Even though security was thought of when Bluetooth was originally introduced (year 1998.), state of security considerations and possible attacks were not the ‘most important’ items on the list. Further improvements resolved some problems, but fundamental issues with the protocol itself cannot be solved without breaking backward compatibility.

As one of the speakers at EU Tech Chamber session about IoT vulnerabilities last year, I had luck to listen to presentation from Maximilian about broken fundamentals in Bluetooth standard.
Just check KNOB Attack how easy is to manipulate Bluetooth key negotiation to reduce attack space.

Artificial intelligence

https://www.nature.com/articles/d41586-022-00858-1
AI is becoming more and more important tool in all kinds of applications.

For any application that touches safety, security and actual real-life implications, it should be paramount to understand why AI system came to the specific conclusion, something like a train-of-thought.
.
Imagine (near) future situation when (it is not if) autonomously driven car causes an accident, it would be beneficial to have such kind of logs when investigating without complex proprietary technology needed for each car vendor.
Or imagine medical AI assistant decides that some person has some illness, the doctor should have information why it has deduced such conclusion. Sometimes AI assistant would be wrong, but sometimes it can actually remind doctor about different possibilities.

I would not be surprised, and probably it should be pushed for quite heavily, that some kind of legal framework is put on top of safety and security related AI systems in which they are required to produce something like standardized decision-tree for their actions or inactions.

Random

https://www.newscientist.com/article/2319584-computer-powered-by-colony-of-blue-green-algae-has-run-for-six-months/
With current prices of electricity, it is not not so far fetch idea to have your own pond of algae on stand-by, just in case πŸ™‚