Posts

Sorted by New

Wiki Contributions

Comments

And the really funny bit is NIST deliberately subverted the standard so that an organization who knew the master key (probably NSA) could break the security of the system. And then, in actualt implementation, the master key was changed so that someone else could break into everyone's system  And, officially at least, we have no idea who that someone is. Probably Chinese government. Could be organized crime, though probably unlikely.

The movie Sneakers had this as its plots years ago.. US government puts a secret backdoor in everyone's computer system .. and, then, uh,, someone steals the key to that backdoor;

But anyway, yes, it is absolutely NISTs fault that they unintentionally gave the Chinese government backdoor access into US government computers.

https://cacm.acm.org/research/technical-perspective-backdoor-engineering/

 

for example. Although that paper is more about, "Given that NIST has deliberately subverted the standard, how did actual products also get subverted to exploit the weakness that NIST introduced."

While I was typing this, quetzal_rainbow made the same point

Ascertainment bias, of course, because we only see the cases where this did not work, and do not know exactly how many members of e.g. Delta Force were originally in doubt as to their gender. We can know it doesnt work sometimes.

Well  there's this frequently observed phenomenon where someone feels insecure about their gender, and then does something hypermasculine like joining Special Forces or becoming a cage fighter or something like that. They are hoping that it will make them feel confident of their birth-certificate-sex. Then they discover that nope, this does not work and they are still trans.

People should be aware that there are copious examples of people who are like -- nope, still trans --- after hoping that going hard on their birth-certificate-gender will work,

Ever since NIST put a backdoor in Dual Elliptic Curve Deterministic Random Bit Generator, they have the problem that many people no longer trust them.

I guess it might be possible to backdoor AI Safety Evaluations (e.g. suppose there is some  know very dangerous thing that National Security Agency is doing with AI, and NIST deliberately rigs their criteria to not stop this very dangerous thing).

But apart from the total loss of public trust in them as an institution, NIST has done ground-breaking work in the computer security field in the past, so it wouldn't be so unusual for them to develop AI criteria.

The whole dual elliptic curve fiasco is possibly a lesson that criteria should be developed by international groups, because a single country's standards body, like NIST, can be subverted by their spy agencies.

A Japanese guy I used to work with had a very serious genetic alcohol intolerance. (Like, a single drop of wine would probably be ok but anything more than that would likely put him in the hospital).

I guess if you have a known inability to metabolise alcohol, such that you're already having be very car3fuo that anything you consume doesn't have alcohol in it, you might want to be a little bit cautious here. but ... maybe the quantity you get from the bacteria is so small it doesn't matter.

The Northen Ireland Assembly works this way, at least for some things.

 

But, in general, the U.K. does not work that way. A particular political party sometimes gets a big majority.

This depends very much on how well debugged the compiler is...

 * gcc on llvm on Intel hardware ... very unlikely to be a bug in the compiler

  • you're on some less well exercized target like RISC-V ... ha, you are in for so much pain

 

it is so much fun debugging on experimental hardware where any of (a) your program (b) the compiler (c) the actual hardware are all plausibly buggy.

 

oh, I forgot (d) the tool used to convert the hardware description language (used to specify the chip design ) into logic gates, used to build the hardware, is itself buggy

As someone who has worked in both academia and industrial research labs, in both cases you can claim either academic publcation or real-world impact as a success wrt getting promoted ...

a) I got a paper about this published in a top-ranking journal; vs,

b) look, those guys are now selling a product based on this thing I invented

 

(in an industrial research lab, "those guys" had better be the product division of your company; if you're an academic funded by DARPA, "those guys" being anyone who is paying taxes to the US government is just great)

Load More