Technology – Page 15 – Frank Leonhardt's Blog

The Artificial Intelligence Conspiracy

The Truth about Artificial Intelligence

Last year I was asked, at short notice, to teach an undergraduate Artificial Intelligence module. I haven’t done any serious work in the field since the 1980’s, when it was all the rage. It’s proponents were anticipating that it would be a part of life within ten years; as this claim had been made in the early 1970’s I was always a bit dubious, but computer power was increasing exponentially and so I kept an eye on the field. LISP was the thing back then, although I could never see quite how a language that processed lists easily, but was awkward for anything much else, was going to lead to the breakthrough.

So, having had the AI module dumped on me, I did the obvious thing and ran to the library to get out every textbook on the subject. What was the latest? I was surprised to see how far the field had come in the intervening years. It had got nowhere. The textbooks on AI covered pretty much the same as any good book on applied algorithms. The current state-of-the-art in AI is, in fact, applied algorithms with a different name on the cover; no doubt to make it sound more exciting and to make its proponents sound more interesting than mere programmers.

Since then, of course, AI has been in the news. Dr Stephen Hawking came out with a statement that he was worried about AI machines displacing mankind once they got going. Heavy stuff – it’d make a good plot for a sci-fi movie. It was also splashed all over the news media a week before the release of his latest book. The man’s no fool.

With universities having had departments of artificial intelligence for decades now, and consumer products claiming to have embedded AI (from mobile telephones to fuzzy logic thermostats) you may be forgiven for thinking that a breakthrough is imminent. Not from where I’m sitting.

Teaching artificial intelligence is like teaching warp drive technology. If you’ve never seen Star Trek, this is the method by which the Starship Enterprise travels faster than the speed of light by using a warp engine to bend the space around it such that a small movement inside the warp field translates to a much larger movement through “flat” space. Great idea, except that warp generators only exist in science fiction. And so does AI. You can realistically teach quantum physics, but trying to teach warp technology is only for the lunatic fringe. The same is true of AI, although I’m certain those with a career, and research grants, based on the name will beg to differ.

So where are we actually at? How does artificial intelligence as we know it work, and is it going in the right direction? In the absence of the real thing, the term AI is now being used to describe a class of algorithm. A proper algorithm takes input values and produces THE correct answer. For example, as sort algorithm will take as its input an unordered list and produce as output a sorted list. If the algorithm is correct, the output will always be correct, and furthermore it is possible to say how long it will take (worst case) to get the answer, because there is a worst-case number of steps the program will have to take. These are know as “P Problems”, to those who like to talk about how difficult things are to work out in terms of letters rather than plain old English.

Other problems are NP, which basically means that, although you might be able to produce an algorithm to solve them, the universe may have ended before you get the result. In some cases the computation may last an infinite amount of time. For example, one tricky problem would be working out the shortest route from London to Carlisle? Your satnav can work this out for you, of course, but how can you be sure it’s found the one correct answer; the absolute shortest route? In practice, you probably don’t care. You just want a route that works and is reasonably short. To know for sure that there was no shorter route possible you would have to examine every possible turn-after-turn in the complete road network. You can’t prove it’s not shorted to go via Penzance unless you try it. However, realistically, we use heuristics to prune off crazy paths and concentrate on the promising ones and get a result that’s “good enough”. There are a lot of problems like this.

A heuristic algorithm sounds better to some people if it’s called an AI algorithm, and with no actual AI working AI, people like to have something to point to; to justify their job titles. But where does this leave genuine AI?

In the 1970’s world was seen as lists, or relations (structured data of some kind). If we played about with databases and array (list) processing languages, we’d ignite the spark. If it wasn’t working it was just our failure to classify the world in to relations properly.

When nothing caught fire, Object Oriented Programming became fashionable. Minsky’s idea was that if a computer language could map on to the real world, using code/data (or methods and attributes) to define real-world objects, AI would follow. I remember the debate (around 1989) well. When the “proper” version of C++ appeared, the one with the holy grail of multiple inheritance, the paradigm would take off. Until then C++ was just a syntactical nicety to hide the pointer to the context in a library of functions acting on the same structure layout. We’ve had multiple inheritance for 25 years now, but any conceivable utility I’ve seen made of them has been somewhat contrived. I always thought they were a bad idea except for classes inheriting multiple interfaces, which I will concede but this is hardly the same as inheriting methods and attributes – the stuff that was supposed to map the way world worked.

The current hope seems to be “whole brain” emulation. If we can just build a large enough neural network, it will come to life. I have to admit that the only tangible reason why I don’t see this working is decades of disappointment. Am I right to be sceptical? Looking it another way, medical science has progressed by leaps and bounds, but we’re no closer to creating life than when Mary Shelly first wrote about it. However cleaver we think we are with modern medicine, I don’t think we’re remotely close to reanimating even a single dead cell, never mind creating one.

Perhaps a better places to start is looking at the nature of AI, and how we know we’ve got it. One early test was along the lines of “I’ll be impressed if that thinking machine can play chess!”. This has fallen by the wayside, with Deep Blue finally beating Garry Kasparov in 1997 and settling that question once and for all. But no one is now is claiming that Deep Blue was intelligent; it was simply able to calculate more possible outcomes in less time than its human opponent. One interesting point about it was the size of the machine required to do even this.

Another famous measure of AI success is Alan Turing’s test. A smart man, was Mr Turing. Unfortunately his test wasn’t valid (in my humble opinion). Basically, he reckoned that if you were communicating with a computer and couldn’t tell the difference between it and a human correspondent, then you had AI. No you don’t. We’ve all spoken to humans at call centres that do a pretty good impression of a machine; getting a machine to do a good impression of a human isn’t so hard. And it’s not intelligence.

In the late 1970s and early 1980s, computer conversation programs were everywhere (e.g. ELIZA). It’s no surprised; the input/output was basically a Teletype or later a video terminal (glass Teletype), so what else could you write? The pages of publications such as Creative Computing inspired me to write a few such programs myself, which I had running at the local library for the public to have a go at. Many had trouble believing the responses came from the computer rather than me behind a screen (this was in the early days, remember – most had never seen a computer). I called this simulated intelligence, and subsequently wrote about it in my PCW column. And that’s all it was – a simulation of intelligence. And all I’ve seen since has a simulation; however good the simulation it’s not the same as the real thing.

Science fiction writes have defined AI as a machine being aware of itself. I think this is possibly, true, but it pushes the problem on to defining self-awareness. I think there’s still merit in the idea anyway; it’s one feature of intelligent life that machines currently lack. A house fly is moderately intelligent; as may be an amoeba. What about a bacteria? Bear in mind that we’ve not created an artificial or simulated intelligence that can do as much as a house fly yet, if you’re thinking of AI as having human-like characteristics. (There is currently research into simulating a fly brain (See Arena, P.; Patane, L.; Termini, P.S.; “An insect brain computational model inspired by Drosophila melanogaster: Simulation results” in The 2010 International Joint Conference on Neural Networks – IJCNN).

Other AI definitions talk about a machine being able to learn; take the results of a previous decisions to alter subsequently decisions in the pursuance of a goal. This has been achieved, at high speed and with infinite resolution, many years ago. It’s called an analogue feedback loop. There’s a lot of bluster about AI systems being more complex and being able to cope with a far wider range of input types than previous systems, but a feedback loop isn’t intelligent, however complex it is.

So what have we actually got under the heading of AI? A load of heuristic algorithms that can produce answers to problems that can’t be computed for certain; systems that can interact with humans in a natural language; and with enough processing power you can build a complex enough heuristic system to drive a car. Impress your granny by calling this kind of thing AI if you like, and self-awareness doesn’t really matter if the machines do what we want of them. This is just as well, as AI is just as elusive as it was in the 1970s. All we have now is a longer list of examples that aren’t it.

The only viable route I can see to AI is in Whole Brain Emulation, as alluded to above. We are getting to the point now where it is possible to build a neural network complex enough to match a brain. How, exactly, we could kick-start such a machine in to thinking is an intriguing problem. Those talking loudest about this kind of technology are thinking in terms of uploading the contents of an existing brain, somehow. Personally, I see a few practical problems that will need solving before this will work, but if we could build such a complex neural network and if we could find a way to teach it, we may just achieve a real artificial intelligence. There are two ifs and a may in there. Worrying too much about where AI technology may lead, however, is like worrying about the effects of human physiology from prolonged exposure to the warp coils on a starship.

2-March-1516-March-15

More comment spammer email analysis

Since my earlier post, I decided to see what change there had been in the email addresses used by comment spammers to register. Here are the results:

Freemail Service	%
hotmail.com	22%
yahoo.com	20%
outlook.com	14%
mailnesia.com	8%
gmail.com	6%
laposte.net	6%
o2.pl	3%
mail.ru	2%
nokiamail.com	2%
emailgratis.info	1%
bk.ru	1%
gmx.com	1%
poczta.pl	1%
yandex.com	1%
list.ru	1%
mail.bg	1%
aol.com	1%
solar.emailind.com	1%
inbox.ru	1%
rediffmail.com	1%
live.com	1%
more-infos-about.com	1%
dispostable.com	<1%
go2.pl	<1%
rubbergrassmats-uk.co.uk	<1%
abv.bg	<1%
fdressesw.com	<1%
freemail.hu	<1%
katomcoupon.com	<1%
tlen.pl	<1%
yahoo.co.uk	<1%
acity.pl	<1%
atrais-kredits24.com	<1%
conventionoftheleft.org	<1%
iidiscounts.org	<1%
interia.pl	<1%
ovi.com	<1%
se.vot.pl	<1%
trolling-google.waw.pl	<1%

As before, domains with <1% are still significant; it’s a huge sample. I’ve only excluded domains with <10 actual attempts.

The differences from 18 months ago are interesting. Firstly, mailnesia.com has dropped from 19% to 6% – however this is because the spam system has decided to block it! Hotmail is also slightly less and Gmail and AOL are about the same. The big riser is Yahoo, followed by laposte.net (which had the highest percentage rise of them all). O2 in Poland is still strangely popular.

If you want to know how to extract the statistics for yourself, see my earlier post.

19-February-1528-December-15

Wii’ls come off BBC iPlayer

Those of us with suspicions about BBC’s iPlayer project have been proven correct. The corporation has once again shown its properly out of touch with those who are forced to pay for it by first pushing everyone on to using iPlayer, and then discontinuing the support for it on the most widely installed platform in the country.

When the BBC obtained the funding for BBC3 and BBC4, part of the justification was to allow re-screening of significant programmes that were difficult to watch live in the multi-channel environment. This worked for a while, and then they stopped doing this and filled the airwaves with complete garbage, citing iPlayer as the way to catch up on everything you couldn’t see at the broadcast time. A lot of us were suspicious that this was more to plug iPlayer than anything else. Fortunately in 2009 the corporation released iPlayer for the most popular games console – the one that more households had installed than anyone else – the Nintendo Wii.

Although they had questionable motives, it worked well enough until late last year, then they messed with it. Then it didn’t work. And a few days ago it became apparent that they were dropping the service with the jaw-droppingly arrogant excuse that it was five years old and they wanted to concentrate their efforts on newer platforms.

This is complete nonsense, of course. The Wii platform remains the most widely available, by far. The Wii is tried and trusted, appreciated by families if not hard-core games fanatics, and is hardly an obsolete product. It’s still on sale, and at a reasonable price. As a platform for iPlayer it’s an obvious choice.

So what’s the BBC thinking? Are they stymied by simple technical incompetence, having no one available to working on the Wii code base following an “upgrade” to a new iPlayer version? Quite possibly, and they’re so out-of-touch that they don’t see a problem with this.

A feeble note the BBC web site says they are concentrating efforts on producing a new player for the Wii U – the console no one wants. Hell is going to freeze over before this platform gets anywhere near the installed base of 100,000,000+ of the standard Wii consoles (worldwide, as at late 2014, based on Nintendo’s quarterly consolidated regional sales reports).

So what does this tell is about the BBC? If iPlayer is part of an important future broadcasting strategy, they’re not supporting it very well at all. All the house advertising suggests it’s important to the corporation. It’s a strange outfit – some of its R+D has always been groundbreaking whereas recently a lot of it has been laughable, and the management is notoriously well insulated from the real world. Their failure to support common platforms in the arbitrary manner makes the whole concept unstable.

In the old days you could invest in a TV set in confidence knowing that your license fee was going to keep it supplied with content for as long as was reasonably possible. The BBC acted very honorably when it came to the switch from VHF to UHF; a bit less so with DVB-T – and they’ve used the extra channels to provide constant re-runs of their lowest quality output. Dropping iPlayer now, just as families were trusting that the could invest in the equipment needed to receive the service is a continuation of a worrying trend.

9-February-152-March-15

jpmoryan.com malware spam

Since about 2pm(GMT) today FJL has been intercepting a nice new zero-day spammed malware from the domain jpmoyran.com (domain now deleted). Obviously just one letter different from J P Morgan, the domain was set up in a fairly okay manner – it would pass through the default spamassassin criteria, although no SPF was added as it’s being sent out by a spambot.

The payload was a file called jpmorgan.exe (spelled correctly!) with an icon that was similar to an Adobe PDF file. Is it malware? Well yes, but I’ve yet to analyse just what. It’s something new.

Text of the message is something like:

Please fill out and return the attached ACH form along with a copy of a voided check (sic).

Anna Brown
JPMorgan Chase
GRE Project Accounting
Vendor Management & Bid/Supervisor
Fax-602-221-2251
Anna.Brown@jpmchase.com
GRE Project Accounting

Be careful.

Update: 19:30

As a courtesy, I always let affected companies know they’re being attacked, with variable results. J P Morgan’s cyber security department in New York took about 30 minutes to get to; they couldn’t cope with the idea that (a) I was not in America; and (b) I wasn’t even a customer of theirs. I eventually ended up speaking to someone from the “Global(sic) Security Team” who told me that if I was a customer I didn’t need to worry about it, but I could sent it to abuse@… – and then put the phone down on me. This was an address for customers to send “suspicious” emails to. I doubt they’ll read it, or the malware analysis. If you’re a J P Morgan customer, you might want to have a word about their attitude.

12-January-158-September-15

Interesting security issue with Google Apps for Education

I’ve come across a feature of Google Apps for Education that people should really be aware of. It goes like this…

When a school or college signs up for Google Apps for Education, a single email account is used to register a local administrator. This administrator then has control over the sub-accounts, including creation, passwords and monitoring. This would be someone at the school you can trust, right? Because they have access to all your children’s data. And it’s only for school use, so where’s the problem?

Well here’s the problem: that data will probably include a GMail account, and they may not be using it for education-related matters. Creepy. Assuming you trust the monitor, do you snoop on the pupils for their own protection or leave it completely unmoderated, with all the implications for child safety. You’re between a rock and a hard place. By forcing pupils to use an insecure channel you’re responsible for the consequences: if you look you could be accused of voyeurism; if you don’t you can be accused of allowing abuse which you could have prevented.

And it gets worse, because you’re basically logging in using a Google Account. How many people log out when they’re finished? And if a child logs in on a home computer and someone else uses it afterwards without realising, the administrator at the school gets to snoop on data inadvertently added to the account by other members of the household.

Are you a parent, and were you aware of this? You are now!

If you’re a school, my advice is to (a) monitor the monitor; and (b) make sure children know to log out after use; and (c) make very sure that you have parents’ specific permission to allow their children to use the system, being aware of the above. If not and you end up monitoring someone you don’t have permission to (i.e. not your pupil), you’re probably looking at an offence under the Misuse of Computer Act 1990 in the UK, and a class action law suit in the USA. Remember that school in Philadelphia that took snapshots using students’ Macbook webcams without telling anyone? (Robbins v. Lower Merion School District). There was no suggestion of foul play, just naivety on the part of the school district. And it cost them $600K to settle, plus a great deal of embarrassment.

31-December-142-March-15

Do I have SoapSoap in my WordPress?

Apparently, 100,000 WordPress sites have been compromised by this nasty. It injects redirect code in to WordPress themes.

According to an analysis posted by Tony Perez on his blog, it’s going to be easy to spot if you’re a server administrator as in injects the code:

php function FuncQueueObject() { wp_enqueue_script("swfobject"); } add_action("wp_enqueue_scripts", 'FuncQueueObject');
In to wp-includes/template-loader.php

So,

find / -name template-loader.php -exec grep {} swfobject \;

should do the trick. I’m not a PHP nut, but I don’t think swfobject is common in that file.

Update: 06-Jan-2015

The web site linked to above has an on-line scanner that’s supposed to check for this problem, so I’ve just run it against this blog. It found something here. False positive, methinks! I’ve written to them pointing out that the search may be a little naive given the subject matter of that post! Fair play for providing such a tool free of charge though. It’s a little hard to see how such a scanner could work at all, but not pick up text lifted from a compromised site.

27-December-14

Sony and Microsoft games network hack

Both the Sony an Microsoft games network servers have been badly disrupted from Christmas day. The cyber vandals Lizard Squad have admitted responsibility.

This outage has nothing to do with millions of new games consoles being unwrapped and connected at the same time. Oh dear me no. Their network servers would have taken the huge spike in workload in their stride. This is definitely something to blame on those awful hactivists, and any suggestion that it was teetering on the brink and all it needed was a little push is a foul slur on the competence of Microsoft and Sony.

The extent to which Lizard Squad was involved may be in question, but major respect for the expert way they’ve played the media. Again.

10-December-1423-December-14

Sony Hack – whodunnit?

Details are starting to emerge about how Sony was compromised. Sagie Dulce from Imperva reckons he’s seen the Destover back-door software used before, in 2012 in Saudi and then again in the 2013 Dark Seoul.

A few days ago Jaime Blascoof AlienVault Labs sent me a note about malware samples he’s got hold of, with the following comment:

“From the samples we obtained, we can say the attackers knew the internal network from Sony since the malware samples contain hardcoded names of servers inside Sony’s network and even credentials – usernames and passwords – that the malware uses to connect to systems inside the network. The malware was used to communicate with IP addresses in Europe and Asia, which is common for hackers trying to obscure their location. The hackers who compiled the malware used the Korean language on their systems.”

I’ve had other reports that the malware was compiled using a Korean language development environment. This means nothing to me – a lot of these generic malware kits are.

To me, this is looking more and more like the work of the usual suspects. An inside job – not a sudden and spontaneous lashing out by the North Koreans. This kind of attack requires time to put together.

5-December-1423-December-14

North Korea Refuses to Deny Sony Cyber Attack

The popular media is in a frenzy – those dastardly North Koreans have launched a cyber-attack on Sony, pinched a lot of films and posted them on-line in revenge against the company for a disrespectful comedy making fun of their glorious leader. According to the BBC, they have refused to deny the attack, with a spokesman saying “Wait and see.”

The north Koreans must be loving this – they were, apparently, pretty hacked off about the depiction of Kim Jong-un. They have no sense of humour as far as he’s concerned. However, this bears all the hallmarks of a bunch of script kiddies ripping off a load of films to add to the pirate haul. The North Korean’s response, when doorstepped about the incident, suggests to me that they think their “enemy’s” predicament is hilarious, but stops well short of taking credit for it. Why would they be so coy? Because when the real culprits break cover they’d look stupid.

Yes, it could have been the North Koreans, but they’re not exactly high-tech. As far as I can tell there are only about a thousand IP addresses for the whole country. If it were China in the frame, I could believe it. Would the Chinese pull a stunt in support of their southern “friends” – I somehow doubt that; not over a film.

Given the extensive nature of the compromise, I wouldn’t be surprised if it was an inside job. Did the people involved set out to purpetrate the hack of the decade? There’ll be trouble now.