[HN Gopher] So long and thanks for all the bits ___________________________________________________________________ So long and thanks for all the bits Author : fangorn Score : 186 points Date : 2022-11-09 13:51 UTC (9 hours ago) (HTM) web link (www.ncsc.gov.uk) (TXT) w3m dump (www.ncsc.gov.uk) | tomcam wrote: | First party thanked is the vendors | mellosouls wrote: | _I've got to give a special mention to everyone in the NCSC and | wider GCHQ because they're just awesome._ | | precedes that. | wwalexander wrote: | lifeisstillgood wrote: | The comments about Heartbleed and OpenSSL suggest (to me) his | behind the scenes thinking: | | Airplanes don't fall out of the sky because transport safety | boards do the analysis and the manufacturers follow their advice | - the idea is only one planet crashes per type of mistake. | | Well it's hard to get a group of open source developers to follow | cleanroom techniques for free. I am guessing that the thinking is | to fund the identified OSS groups. | | Which is nice... | [deleted] | AnIdiotOnTheNet wrote: | So maybe a B-17 pilot can explain: From the image, I can't see | what the problem is. If you reach for the gear switch to put the | gear _down_ , but hit the flap switch instead and put the flaps | _down_... shouldn 't that be just fine? Wouldn't you want the | flaps down during landing anyway? Shouldn't putting the gear down | cause more drag than the flaps, so you're already prepared for | any changes there too? | chanandler_bong wrote: | I'm confused as well. I can't imagine a B-17 landing without | flaps. I am a pilot, but never flown a B-17, so take it with a | grain of salt... | | You'd want both the gear and flaps down on landing, so both | switches would be in the down position. If the switches weren't | in sync, e.g. you need one switch up and the other down for | landing, _that_ would be a problem. | kayodelycaon wrote: | From what I remember from a WW2 training video, you begin the | landing 1/3 flaps. If you're close to stall speed, the drag | from unexpected full flaps could be enough to stall the | plane. | | In the reverse hitting flaps up before gear up is likely to | cause problems. | KeyXiote wrote: | 101010, just for a fun reference I found this interesting mostly | unrelated aside to the op and the connection to the book/movie | reference from Hitchhiker's Guide, as related to "deepmind" and | 42 | | (0)https://oeis.org/A105281 | ableal wrote: | Worth the read just for the horrible B-17 bit used as opener. | Good hook. | scythmic_waves wrote: | Yeah I'm mentally filing that image [1] away for later use. | | [1]: https://www.ncsc.gov.uk/static-assets/images/blog- | post/instr... | mastermedo wrote: | +1. The B-17 design flaw analogy is one of the best I've seen. | The title is great as well, very catchy. | javajosh wrote: | He also could have used Chernobyl as an example. | CamperBob2 wrote: | Chernobyl was very different, due to the negligence factor. | "Hold my vodka and watch THIS" is no way to run a nuclear | power plant. | bombcar wrote: | I guess they're arguing that the "fail deadly" design was a | design flaw, even if it should never have been encountered | in actual operation. | pmarreck wrote: | I've never seen that example and reading it, I was surely | mouth-agape dumbfounded that anyone thought that would be OK to | design like that | a_c wrote: | To my ignorance, didn't know this gentleman before. Nice | article, pure substance. Would love to learn more about him. | ilyt wrote: | Personally I was more impressed by the director being a | dolphin, altho they coud've found better photo of him, he looks | a bit fat. | | But to be fair It's not that bad when you realize using flaps | and gear is time correlated - you slow down, enable flaps, get | near the airport, then put the gear down. | | There is no "I want to put the gear down in situation when | enabling flaps would fuck stuff up too much" | UncleEntity wrote: | > There is no "I want to put the gear down in situation when | enabling flaps would fuck stuff up too much" | | Unless, maybe, you just limped your plane in because it's | missing a big chunk of a wing. | | One thing the military does is try to make it hard to make a | simple mistake and kill a bunch of your own troops. | | During the last Iraq invasion I was running around with a | fuel tanker which had a pony motor to offload the fuel. It | was pretty complicated with a bunch of levers and valves you | had to set to get the fuel flowing the right way (and not on | the ground) but had a data plate to tell you what to do, easy | peasy. One day we were at a bag farm dumping fuel and this | staff sergeant wandered up and says I'm doing it wrong. "Data | plate" I say and point at the data plate but she started to | get all huffy so, whatever, do what she says which was all | fine and good until the tanker starts filling up because it | is set up backwards. She made some lame excuse for not | following the law of the one true god, the data plate, and | wandered off to bother someone else. | kitd wrote: | It reminds me of the accidental Hawaii nuclear missile alert a | few years back. AIUI, the button to test the system was in | close proximity to the button to send the real thing. | Arrath wrote: | There were some choices gif/memes to come out of that, though | like the top one here: | | https://www.popularmechanics.com/technology/infrastructure/a. | .. | pmarreck wrote: | omg, that gif is triggering me. | | I CANNOT STAND UI's that are interactable before they have | completed their layout rendering! Or things like | notifications that suddenly push everything down, right | when you were about to tap on one of those elements! Why is | this still a thing? Any UI element that shifts or appears | should have like a user-adjustable half-second delay before | it becomes interactable again | lmm wrote: | I suspect the real reason it's still a thing is that it | makes users more likely to click on ads, which is after | all how most of the internet makes its money. | ilyt wrote: | Yeah I love when I click a thing then a different think | appears under it 0.5ms before click registers. | | > Why is this still a thing? | | HTML/CSS/JS stack makes that the default and coding your | way out of that is hard | Arrath wrote: | > Yeah I love when I click a thing then a different think | appears under it 0.5ms before click registers. | | Its just the worst | agency wrote: | Or much lower stakes but the terrible UI that caused Citibank | to accidentally give away $500M[1] (though they got it back | on appeal [2]). I am always amazed to see the awful, awful | software people put up with to do their jobs. | | [1] https://arstechnica.com/tech-policy/2021/02/citibank- | just-go... | | [2] https://www.reuters.com/markets/us/citigroup-wins-appeal- | ove... | pmarreck wrote: | that's the most obtuse UI for a money transfer (especially | one so large) that I've ever seen. | | And THREE PEOPLE all signed off on it! | ak39 wrote: | "That's one heck of a nurse" after hitting the Nuke button | which was right next to the "Nurse" button. | | Can you guess which music video that's from? | AnIdiotOnTheNet wrote: | Land of Confusion | | I really like that music video. | travisgriggs wrote: | As a pilot, loved the B17 bit. | | I am intrigued by the memory safety section. It's a hot topic | these days, right? So here's an interesting thought experiment. | | What if all these areas where we use memory-unsafe technologies | were replaced by memory managed technologies like C#, Python, Go, | etc. Sure, lots of things would run slower (raw TLS in Python, | yay), BUT would there suddenly just be less exploits? Or is this | area more of "Law of Conservation of Ugly"? | lbriner wrote: | One of the big reasons that these garbage-collected type | languages were not used on critical code was that the timing | couldn't be guaranteed. You can't afford a massive L1 garbage | collection just at the point you are trying to land a plane or | disable a nuclear reactor. | | Not sure whether this is still a problem now that computers are | way faster but my own experience is that despite the resources | available, our apps are slower than ever, even ones that do | largely what they did 20 years ago like Word and Visual Studio! | JALTU wrote: | 1000% | cjrp wrote: | I was confused by the B17 fact; if you're at the stage of | lowering the gear (flying slowly), pulling the wrong lever and | going full flap would do not much? Now if you were taking off | and went to raise the gear and lifted the flaps instead, then | that's a problem. | elevation wrote: | Large changes in lift (flaps) must be coordinated with | changes in thrust (engines) to keep the aircraft level or | slightly descending. | | A large reduction in lift (raising flaps) will cause a | aircraft to dive. A large increase in lift (lowering flaps) | will cause a aircraft to stall -- and fall. | | Either of these changes would be recoverable if there were | more thrust or more altitude, both of which are intentionally | minimized during a landing. | travisgriggs wrote: | On an approach, you are flying dangerously slowly | (necessarily). You're right next to stall speed. You want to | go slower slower slower right up to the point you don't go | too slow. You want to reserve that crossing the threshold of | too slow until your poised right over the runway with inches | between you and it. | | When you stall, you start falling at the speed gravity pulls | you minus any drag your airframe presents. And if you're | already close to the airfield, you might be only a few | hundred feet up, so you're out of room to put the nose down | and throttle up to regain speed necessary to regain lift. | | Putting gear down adds a little drag (and a lot of noise), so | a minor speed in reduction; going full flaps slows you a lot. | You usually pitch the nose down a little more to increase | your rate of descent as you go full flaps, so that you keep | the speed up to keep the lift up which keeps your plane up. | If it's dark, you're tired, flying close to stall speed | already, go full flap without realizing you just did and | don't keep your eyes glued to the air speed indicator, you'll | stall out and fall from the sky. Trying to recover would | catch a lot of disoriented pilots unawares. | upofadown wrote: | I too was confused. | | A bit of searching seems to have revealed that the actual | problem was inadvertent gear retraction. Pilots were | retracting the gear, either while adjusting flaps on final | approach or after landing when they tried to raise the flaps | again. | laputan_machine wrote: | > They were intended to provide more privacy to users from all | sorts of parties, but mainly government and big tech companies. | The problem is that DOH makes enterprise cyber security very hard | and also damages things like ISP parental controls, and some | filtering for child sexual abuse images | | Man getting paid to spy on people complains about not being able | to spy on people and uses the tried and tested "think of the | children!" angle. Classic. | [deleted] | [deleted] | tyho wrote: | > Apple Private Relay makes law enforcement's life much harder | when looking at who's visiting certain dodgy websites | | Good | | > but also potentially reduces the resilience of mobile | networks because it messes with the caching strategies in place | today and makes diagnosing problems harder. | | This is a lie because the vast majority of internet traffic is | already encrypted and hence un-cachable. Even if it is true, I | don't care, we can trade caching for privacy, we did it with | HTTP and the sky didn't fall. | | > It also makes it impossible for those networks not to charge | for certain data traffic because they can't see which sites a | phone is trying to visit. | | Again, good. | | Seriously. Fuck this guy and everything he stands for. | throwup wrote: | Let me just add: | | > it messes with the caching strategies in place today and | makes diagnosing problems harder. | | ISPs will do the most boneheaded things to your traffic if it | is not encrypted. There was a time when Comcast liked | injecting random HTML into pages. I'm sure this guy has never | had to "diagnose problems" resulting from an ISP rewriting | HTML on the fly. Nowadays with TLS, ISPs are mostly out of | the picture and the surface area for problems is dramatically | smaller. | tristor wrote: | It's an unfortunate reality that the UK Government has taken a | strong anti-privacy and particularly anti-DoH stance for ages. | They've used every political and technical lever possible to | prevent users from having any reasonable level of online | privacy within the UK, and one of their favorite things to do | is to trot out "non-profits" that focus on child exploitation | to talk about anything that gives a user any semblance of | privacy helps spread CSAM. | | Just more of the same tired refrain from people using motivated | reasoning who don't have any care for user privacy or the | rights of individuals online. | DaiPlusPlus wrote: | There are far more Daily Express readers than computer | networking technology professionals who vote for whoever the | next Home Secretary will be. | fangorn wrote: | Ian Levy, UK National Cyber Security Centre's departing Technical | Director, discusses life, the universe, and everything. | [deleted] | sacrosanct wrote: | > thanks for all the bits | | Am I missing something here? What's the headline supposed to | mean? Is it a tongue-in-cheek gesture, since GCHQ routinely | hoover up personal data and spy on both their citizenry and | foreign countries? | [deleted] | tellmelies wrote: | it's from hitchhikers guide to the galaxy. | https://en.m.wikipedia.org/wiki/So_Long,_and_Thanks_for_All_... | mindcrime wrote: | It's a paraphrase or restatement of the phrase "so long and | thanks for all the fish", the title of one of the books in | Douglas Adams' _Hitchhiker 's Guide to the Galaxy_ series. | Changing "fish" to "bits" is interesting, as it could be "just" | a reference to life in the modern age and that this individual | is leaving a techie oriented job that deals with "bits and | bytes". Or it could be a really on the nose "joke" making light | of exactly what you say: | | _" GCHQ routinely hoover up personal data and spy on both | their citizenry and foreign countries?"_ | | It's hard to say which it really is. | fundad wrote: | doesn't bits refer to genitals? | thombat wrote: | In British vernacular about a quarter of all common words | can be used to refer to genitals and/or intimate acts, | especially when said out loud with the right intonation. | | One time in London I lost my rag with a local colleague and | snarled at him "is there _nothing_ you can 't make innuendo | from?!?" And without missing a beat he simply leered back | "in-YOUR-end-o" | andrewflnr wrote: | It may be more widespread in Britain, but I assure you | it's equally possible anywhere. :) | beardyw wrote: | It's a reference to Hitchhiker's Guide to the Galaxy. "Goodbye | and thanks for all the fish" as the dolphins abandon planet | earth IIRC. | jhauris wrote: | I think it's a reference to "Hitchhiker's Guide to the Galaxy". | Knowing Earth was going to be destroyed the dolphins leave, but | they leave behind a message which when decoded translates to | "so long and thanks for all the fish" (referring to how | dolphins had trained humans to give them a fish when they did | tricks). | happymellon wrote: | > Knowing Earth was going to be destroyed the dolphins leave, | but they leave behind a message | | He thinks that the UK is going to implode? | | Probably correct even if it is mostly harmless. | beardyw wrote: | Four identical answers must be true! | beardyw wrote: | Five! | ChrisRR wrote: | In addition to everyone who's given legitimate answers, it's | also why they've used a picture of a dolphin and referenced | "life, the universe and everything" | nibbleshifter wrote: | It's a Hitchhikers Guide reference, the article has a couple of | them. | | Its Ian ingratiating himself to the geek readership so they | think he's one of them and not, well, a fucking ex government | spook ;) ___________________________________________________________________ (page generated 2022-11-09 23:00 UTC)