Security

Pen Testers Need to Hack AI… Out of Existence

Leave a comment

Robert Lemos wrote an excellent introduction to my RSA SF conference talk, over at DarkReading.

A steady stream of security researchers and technologists have already found ways to circumvent protections placed on AI systems, but society needs to have broader discussions about how to test and improve safety, say Ottenheimer…. “Especially from the context of a pentest, I’m supposed to go in and basically assess [an AI system] for safety, but what’s missing is that we’re not making a decision about whether it is safe, whether the application is acceptable,” he says. A server’s security, for example, does not speak to whether the system is safe “if you are running the server in a way that’s unacceptable … and we need to get to that level with AI.”

My presentation is available on the RSA SF conference site now, for those with a pass.

Food, History, Security

ChatGPT is Fraud, Court Finds Quickly and Sanctions Lawyer

Leave a comment

For months now I have been showing lawyers how ChatGPT lies, and they beg and some plead for me to write about it publicly.

“How do people not know more about this problem” they ask me. Indeed, how is ChatGPT failure not front page news, given it is the Hindenburg of machine learning?

And then I ask myself how do lawyers not inherently distrust ChatGPT — see it as explosive garbage that can ruin their work — given the law has legendary distrust in humans and a reputation for caring about tiny details?

And then I ask myself why I am the one who has to report publicly on ChatGPT’s massive integrity breaches? How could ChatGPT be built without meaningful safety protections? (Don’t answer that, it has to do with greedy fire-ready-aim models curated by a privileged few at Stanford; a rush to profit from stepping on everybody to summit an artificial hill created for a evil new Pharoah of technology centralization).

All kinds of privacy breaches these days will result in journalists banging away on keyboards. Everyone writes about them all the time (two decades after regulation forced their hand, 2003 breach disclosure laws started).

However, huge integrity breaches seem to be left comparatively ignored even when harms may be greater.

In fact, when I blogged about the catastrophic ChatGPT outage practically every reporter I spoke with said “I don’t get it”.

Get what?

Are integrity breaches today somehow not as muckrackworthy as back in The Jungle days?

The lack of journalist attention to integrity breaches has resulted in an absurd amount of traffic coming to my blog, instead of people reading far better written stuff on the NYT (public safety paywall) or Wired.

I don’t want or need the traffic/attention here, yet I also don’t want people to be so ignorant of the immediate dangers they never see them before it’s too late. See something, say…

And so here we are again, dear reader.

A lawyer has become a sad casualty of fraud known as the OpenAI ChatGPT. An unwitting, unintelligent lawyer has lazily and stupidly trusted this ChatGPT product, a huge bullshit generator full of bald-faced lies, to do their work.

The lawyer asked the machine to research and cite court cases, and of course the junk engineering… basically lied.

The court was very displeased with reviewing lies, as you might guess. Note the conclusion above to “never use again” the fraud of ChatGPT.

Harsh but true. Allegedly the lawyer asking ChatGPT for answers decided it was to be trusted because it was asked if it could be trusted. Hey witness, should I believe you? Ok.

Apparently the court is now sanctioning the laziest lawyer alive, if not worse.

A month ago when presenting findings like this I was asked by a professor how to detect ChatGPT. To me this is like asking a food critic how can they detect McDonalds. I answered “how do you detect low quality” because isn’t that the real point? Teachers should focus on quality output, and thus warn students that if they generate garbage (e.g. use ChatGPT) they will fail.

The idea that ChatGPT has some kind of quality to it is the absolute fraud here, because it’s basically operating like a fascist dream machine (pronounced “monopolist” in America): target a market to “flood with shit” and destroy trust, while demanding someone else must fix it (never themselves, until they eliminate everyone else).

Look, I know millions of people willingly will eat something called a McRib and say they find it satisfying, or even a marvel of modern technology.

I know, I know.

But please let us for a minute be honest.

A McRib is disgusting and barely edible garbage, with long term health risks.

Luckily, just one sandwich probably won’t have many permanent effects. If you step on the scale the next day and see a big increase, it’s probably mostly water. The discomfort will likely cease after about 24 hours.

Discomfort. That is what nutrition experts say about eating just one McRib.

If you never experienced a well made beef rib with proper BBQ, that does not mean McDonalds has achieved something amazing by fooling you into paying them for a harmful lie that causes discomfort before permanent harmful effects.

…nausea, vomiting, ringing in the ears, delirium, a sense of suffocation, and collapse.

This lawyer is lucky to be sanctioned early instead of disboweled later.

Sorry, meant disbarred. Autocorrect. See the problem yet?

Diabetes is a terrible thing to facilitate, as we know from what happened from people guzzling McDonalds instead of real food and then realizing too late their life (and healthcare system) is ruined.

The courts must think big here to quickly stop any and all use of ChatGPT, with a standard of integrity straight out of basic history. Stop those avoiding accountability, who think gross intentional harmful lies for profit made by machines (e.g. OpenAI) should be prevented or cleaned up by anyone other than themselves.

The FDA, created because of reporting popularized by The Jungle, didn’t work as well as it should. But that doesn’t mean the FDA can’t be fixed to reduce cancer in kids, or that another administration can’t be created to block the sad and easily predictable explosion in AI integrity breaches.

Energy, Security

Porsche Quietly Announces eBikes

Leave a comment

I don’t understand the appeal of a Porsche at all, which probably is why their eBike announcement lands flat.

They have two models available until August 2023. Why? No explanation given.

The price seems double other brands, with no explanation why either.

Someone in their marketing department either doesn’t ride bikes or doesn’t care about them. Maybe they were mad they got assigned the eBike copy. In any case, here’s the kind of thing they wrote:

…hydraulic disc brakes from Magura bring you to a standstill quickly and safely.

Who on a bike gets excited about the imagery of a standstill? Is that what they want us to focus on? Not riding?

Oh the thrill of a bike… not moving at all, feet on the ground.

…robust wheels from Crankbrothers guarantee maximum directional stability…

Robust stability? Robust directional stability? Wat. How about stiffness or weight?

There’s not much more to the announcement, to be honest.

…the very latest powerful Shimano drive unit consisting of motor, battery and mechanical gears ensures effortless acceleration…

Drive unit?

Ok, who in their right mind would describe pedaling as effortless acceleration?

That’s not pedaling.

Just give it a throttle and stop pretending it isn’t a motorcycle, if acceleration was intended to have no effort.

And who describes a bike as a powerful drive unit of motor, battery and gears? That’s what they think is powerful, not a fine machined crank pushed by muscle?

Awful.

Go buy yourself a set of overpriced brakes and useless pedals to stand idly or sit still and hope to be noticed for doing nothing:

Porsche.

Come to think of it, that describes their car owners pretty well.

History, Security

Huge Tesla Leak: Lawyers Argue NDA Magically Censors All Speech They Don’t Like

Leave a comment

Perhaps by now it has become common knowledge Tesla pay is illegally far below market, work benefits are in dangerous unhealthy decline, and staff are particularly screwed should they dare to invoke basic ethical concerns (e.g. discuss customer or worker safety).

He Died Helping Build Tesla’s Gigafactory. Tesla Didn’t Tell Local Officials.

It’s like reading what a car company would be if Queen Isabella came back from the dead to prove her ruthless deadly Inquisition was a business model.

Torture is so cruel, it is so dehumanizing to both the tortured and the torturer, that it is always wrong, unconditionally. “If torture is evil,” [Ron Gassner] writes, “its efficacy is irrelevant. Those who know it to be evil should reject torture outright, regardless of how efficacious it may or may not be.”

What if Tesla’s work culture is always wrong, unconditionally?

A toxic abuse culture of oppression for profit, as history surely tells us, means we should expect whistleblowers and some big leaks about basic morality failures (e.g. claims about the Queen of Tesla ignoring safety).

The drivers named in the leaks and contacted by the newspaper accused Tesla of brushing off their concerns about its Autopilot technology. It is alleged that employees are given strict guidelines over how to reply to complaints, with some drivers claiming that Tesla workers were urged to avoid written communication to “offer as little attack surface as possible.”

Nobody expects the Tesla Inquisition?

Written communication about customer complaints gives… customers an attack surface?

Customers.

Who is the enemy here?

Perhaps Spain is too obscure a reference. Tesla does burn its customers alive, like in the Inquisition, but we’re talking modern technology.

Did a zombie Nixon come back to become the crazy old man of Tesla?

The files shared with Handlesblatt included details of 2,400 complaints about cars accelerating unexpectedly and 1,500 automatic braking problems – including 139 cases of unintentional emergency braking and 383 “phantom stops”. One customer, who complained about his car “phantom braking”, claimed Tesla showed an “absolute lack of any concern given the seriousness of the security problems”.

That’s like an American citizen saying Nixon had an absolute lack of concern about the seriousness of destroying democracy.

Uh, yeah. Duh.

Allegedly Tesla believes they have perfected a draconian NDA that is so regressive they internally consider it a legal sledgehammer that criminalizes any and all speech they don’t like regardless of safety.

The company said a former employee had “misused his access as a service technician to exfiltrate information in violation of his signed non-disclosure agreement, Tesla’s data management policies…”.

Let me guess, the data management policy says if any data involves customer safety concerns it must not be retained.

It does seem like they learned the exact wrong lessons from Nixon.

“Well, the hell with Dean,” Nixon told Haldeman that Monday morning in the Oval Office. “Frankly, I don’t want to have in the record discussions we’ve had in this room on Watergate.” In another conversation later in the day, the president agreed with Haldeman that they ought to “get rid” of the recordings.

But seriously, while trying to cancel the voice of its customers, Tesla has very sloppily leaked things they probably wish they had deleted.

The files include tables containing more than 100,000 names of former and current employees, including the social security number of Tesla CEO Musk, along with private email addresses, phone numbers, salaries of employees, bank details of customers and secret details from production, Handelsblatt reported. The breach would violate the GDPR, it said. If such a violation was proved, Tesla could be fined up to 4 percent of its annual sales, which could be 3.26 billion euros.

If you ask me how Germany was tricked by Tesla’s CEO to open a clearly horrible and degenerative factory riddled with ethical lapses, I’d say read the related American history.

…manipulative, master politician overseeing every detail: approving a “shakedown”… for donations, fixing the price…, orchestrating “dirty tricks” against opponents, thanking the donor of hush money….

Very modern stuff. Still reminds me of 1470s Spain. I don’t think any German politicians have been burned alive… yet.

The bottom line is there should be an outright ban (e.g. Speak Out Act) on Tesla’s obvious abuse of any NDA in automotive safety disputes.

Tesla has a long history of trying to cover up customer complaints about safety problems. As far back as 2016, the National Highway Traffic Safety Administration had to announce that customers were allowed to publicize safety issues after reports that Tesla was requiring customers to sign nondisclosure agreements to qualify for warranty repairs on problematic Model S suspensions systems.

That brings forward the question of whether Tesla should also be investigated for suspicious NDA language used to fill its German factory with the “chaos” of easily manipulated and abused foreign workers who have no clue about safety or rights violations.

When Gregor Lesnik left his pregnant girlfriend in Slovenia for a job [far away in another country], his visa application described specialized skills and said he was a supervisor headed to a [completely different] auto plant.

Turns out, that wasn’t true.

The unemployed electrician had no qualifications to oversee… workers and spoke only a sentence or two of [the required foreign language]. He never set foot in [the facility that was written into his papers, a direct competitor to Tesla, to defraud the government]. The companies that arranged his questionable visa instead sent Lesnik to a menial job…. He earned the equivalent of $5 an hour to expand the plant for… Tesla.

Lesnik’s three-month tenure ended a year ago in a serious injury and a lawsuit that has exposed a troubling practice… [of Tesla lying to everyone about everything while censoring others].

That’s just a hint of what could be ahead for any journalist brave enough to interview silenced Tesla factory workers in Germany… as predicted by a 2016 report that didn’t get nearly enough attention.

The part where they report Tesla had lawyers take desperate unskilled Eastern Europeans to apply for visas for work at a BMW factory, and then under strict NDA illegally redirected them into Tesla factory jobs with no qualification or safety… it’s so evil, you can’t make this stuff up.

Think about it. If their NDA-based visa fraud gets investigated, Tesla planted false flags to misdirect authorities for its competitors to get in trouble. That’s a very 1980s South African way of undermining government while wrecking markets too.

Tesla reminds me of when Ford was excitedly pushing politicians to increase production of its cars in Germany using slave labor from Eastern Europe. Who else remembers?

Right Germany?

I mean, right? Extreme right?

Did you Nazi this coming?