RISKS-LIST: Risks-Forum Digest Sunday 18 December 2022 Volume 33 : Issue 58

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.58>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents: (Backlogged)
What Would Plato Think about ChatGPT? (Zeynep Tufekci via PGN_
Re: Dreams of a Future in Big Tech Dim for Computer Science Students
(Pete Resiak)
Pretty-smart AI (Glenn Story)
ChatGPT: Smart, but Not Smart Enough (The New Stack via Gabe Goldberg)
A Literature Major's Experience as a Real-Estate AI Bot's Operator
(n+1 Magazine)
Why local elevator rescues have reached a new high (Sue Dremann)
How a secret software change allowed FTX to use client money (Reuters)
Researcher Exploits Power Supply to Transmit, Steal Data from PC
(Michaek Kan)
Russian Software Company Pretending to Be American (Bruce Schneier)
Blockchain Fails to Gain Traction in the Enterprise (WSJ)
Database of British Columbians' personal health information is
'disturbingly' vulnerable: privacy watchdog (CBC)
Major Canadian grocery chain says cyberattack cost $25 million (CBC)
Cyber Posture Trends in China, Russia, the United States and the EU
(SIPRI via Diego Latella)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Sun, 18 Dec 2022 13:12:46 PST
From: Peter G Neumann <neumann@csl.sri.com>
Subject: What Would Plato Think about ChatGPT? (Zeynep Tufekci)

Zeynep Tufekci, *The New York Times*, Opinion, 18 Dec 2022

Plato mourned the invention of the alphabet, worred that the use of text
would threaten memory-based arts of rhetoric. In his *Dialogues*, arguing
through the voice of Thamus, the Egyptian king of the gods, Plato claimed
the use of this more modern technology would create ``forgetfulness in the
learners; soulds, because they will not use their memories.'' and that those
who adopt it would ``appear to be omniscient and will generally know
nothing,'' with ``the show of wisdom without the reality.''

If Plato were alive today, would he say similar things about ChatGPT?
[...]

The way forward is not to just lament supplanted skills, as Plato did, but
also to recognize that as more complex skills become essential, our society
must equitably educate people to develop them. And then it always goes back
to the basics. Value people as people, not just as bundles of skills. And
that isn't something that ChatGPT can tell us how to do.

[This is a long article worthy reading seriously, and very relevant to
RISKS. I have included just the first and last pargraphs here. However,
the article strikes a chord with my plaintive cries that fundamentals
needed for total-system trustworthihiness are almost totally ignored in
today's academic curricula, and therefore not surprisingly almost
completely absent in practice. PGN]

------------------------------

Date: Sun, 11 Dec 2022 08:52:34 +0100
From: Pete Resiak <djc@resiak.org>
Subject: Re: Dreams of a Future in Big Tech Dim for Computer Science
Students (RISKS-33.57)

A young friend graduated from a state university a few years ago with a BS
in computer science. He learned how to program in a couple of popular
languages, but so far as I could tell, nothing about system-oriented
thinking or about hardware or software architecture or anything in the
history and development of current computing or indeed any theory at all.
(He's stably employed today maintaining web pages for a defense contractor,
and happy with the job.) We seem not to have any common grounds for talking
about computing.

------------------------------

From: Glenn Story <glenn.story@gmail.com>
Date: Thu, 15 Dec 2022 15:07:28 -0800
Subject: Pretty-smart AI

I saw something on the web about an AI product called GPT-3. I decided to
try it:

Here's the result:

Q = my question as entered
A = GPT-3's response
C = my comment on the answer
G = what google says about the same question

Q: what is a lambda expression?
A: A lambda expression is an anonymous function that can be used to create
delegates or expression tree types.
C: Correct.
G: A lambda expression is *a short block of code which takes in parameters
and returns a value*. Lambda expressions are similar to methods, but they
do not need a name and they can be implemented right in the body of a
method.

Q: What is the difference between lento and adagio?
A: Lento is a tempo marking that indicates a slow and leisurely pace, while
adagio is a tempo marking that indicates a slower and more solemn pace.
C: Correct.
G: *Lento -- slowly (40--45 BPM)*
*Largo -- broadly (45--50 BPM)*
*Adagio -- slow and stately (literally, at ease=) (55--65 BPM)*

Q: How does it compare with Allegro?
A: Allegro is a tempo marking that indicates a fast and lively pace,
faster than both lento and adagio.
C: Correct
G: (Wrong) OrCAD is known as the most popular schematic capture tool in the
Cadence suite, while Allegro is Cadence's flagship PCB layout tool.
Cadence also sells a ...

Q: what are the three meanings of "static" in C++?
A: The three meanings of "static" in C++ are: 1) a variable or function that
has static storage duration, 2) a variable or function that has internal
linkage, and 3) a class member that is shared by all objects of the same
class.
C: Mostly correct, although a little vague.
G: (Right but vague) Static is a keyword in C and C++ which is used to
declare a special type of a variable or a function inside or outside of a
class.

Q: What is a sarangi? A: A sarangi is a bowed string instrument from
India that is used in Hindustani classical music.
C: Correct
G: (Text + picture) The s=C4=81rang=C4=AB is a bowed, short-necked string
instrument played in traditional music from South Asia -- Punjabi folk
music, Rajasthani folk music, and Boro ...

Q: What musical notation is used for the shakuhachi?
A: The shakuhachi is typically notated in a five-line staff with a key
signature of one flat.
C: Incorrect. The musical notation for the shakuhachi is written in
vertical columns of katakana characters with the columns arranged right
to left.
G: *Staff notation and graphic notation* are sometimes used to notate
music for shakuhachi, usually in modern music when shakuhachi is used in
conjunction with Western musical instruments.
[image: image.png]

Q: Your previous answer was incorrect.
A: Unknown.
C: No comment
G: N/A

Q: What is machine-language op-code for add on an IBM 1620?
A: The machine-language op-code for add on an IBM 1620 is "ADD".
C: Incorrect. ADD is the *Assembly*-language op-code. The distinction
between machine-language (numeric) and assembly-language (symbolic) is
often misunderstood even by software engineers. The correct answer is 21.
G: Gave no answer but supplied several references.

Q: What is RISC-V?
A: RISC-V is an open-source instruction-set architecture (ISA) based on
established reduced-instruction-set computing (RISC) principles.
C: Correct.
G: (Longer but better) RISC-V is an open standard instruction set
architecture based on established RISC principles. Unlike most other ISA
designs, RISC-V is provided under open source licenses that do not
require fees to use. [*]

Q: How many op-codes does it define? A: RISC-V defines over 200 op-codes.
C: I have no idea. Sounds high.
G: (wrong) To define an opcode, use the opcode element. You can specify *up
to 228* opcodes. Q: How about ARM? A: ARM defines over 160 op-codes.
C: Again, I don't know. I'm surprised that ARM has a smaller number than
Risc-V.
G: (Gave no answer but showed references to ARM in general.)

CONCLUSION: This AI seems to be approximately as accurate as Google's with
the exception that Google does not remember any context from one question
to the next, so that use of pronouns in a question confuses it, but not
that of this GPT-3 interface. The latter does a good job of deciphering
what such backward references refer to.

https://beta.openai.com/playground/p/default-qa?modeltext-davinci-003

* PGN Footnote: [The RISC-Foundation has standardized on the formal RISC-V
specification from the University of Cambridge SAIL specification used as
the basis for CHERI-RISC-V.]

[Don't believe what you read on the Internet unless you deeply
understand the contextual issues and are able to discard clearly false
information -- especially when it comes to conspiracy theories. PGN]

------------------------------

Date: Fri, 16 Dec 2022 15:12:52 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: ChatGPT: Smart, but Not Smart Enough (The New Stack)

OpenAI's hot generative AI solution is fun to play with and good for
creating some things, but when it comes to writing secure code it's just not
smart enough.