Absolutely which is why most money we get coming in where I work is from companies whose business is reliant not only relies on the research they help to support but also on having a supply of trained graduate students whom they can recruit. Those of us working on more fundamental research generally find it hard to impossible to attract industry funding because what we do is only tangentially relevant to them.

I've never seen a case where industry funds have acted against academic interests, it is more the case that aligned academic interests get more funding than non-aligned...and I'm fine with that since it leaves more government funding for the fundamental research I'm part of that paves the way for future industry-supported applied research plus it helps our students, even those in more fundamental areas, find jobs by having some contact with potential employers.

The article itself actually points out that dwell time is not really the problem. You could have a train capable of going at 300mph but it isn't going to get you there any faster if the track has a speed limit of 110mph.

If your CTO thinks that Legal can solve his problems you are either Oracle or in exceptionally deep trouble.

I'd be curious if there is some asymmetry in their systems because of the enthusiasm of retail type outfits for trying to keep potential damage from basically untrusted employees to a minimum.

You see it a lot in grocery stores, and big box/department store setups where there are either certain POS operations that lock up and require manager approval(seems most common if they need to void a mis-scan over a certain value or multiple mis-scans or customer-decides-they-don't-want-it changes of order; or if something is being returned); and in the fast foot setups where there are displays over the various prep stations telling people what needs to be made for a specific order number there often either aren't controls or the controls are not intended to be interacted with(which is sensible design if you've got french fry grease and food safety concerns in the mix; but likely means that the guy at the soda fountain being able to void a screen full of orders is either unsupported or intended to be a very infrequent case).

I could see that going poorly if you just grafted the bot on in place of either the human operator(who will just not take your 18,000 water cup order, so it will never exist as far as the system and its constraints are concerned) or the app(which has no common sense but is both tied to someone's account information and vastly simpler to constrain with boring, ancient, form validation logic) and immediately started dumping its interpretations of orders into the system as valid.

Probably not flood-the-store material; but plausibly quite disruptive if it's intended to be fairly uncommon for orders to need to just be disappeared once they are in.

What seems frankly depressing is that a C-level would think(and quite possibly have reason to think) that that sort of aw-shucks-lessons-are-being-learned-about-things-nobody-could-have-predicted tone is exonerating outside of a fairly tiny, low stakes, test program somewhere.

It's not like having somebody take a poke at connecting a system that is supposed to be pretty OK-ish at natural language processing and text-to-speech to an ordering system is particularly unreasonable; at the scale they are operating probably more unreasonable not to; but "well, it's live in 500 locations and we've learned that a technology synonymous with prompt injections and a lack of common sense so profound it's almost a category error to suggest it could have any isn't super robust..." makes you sound unbelievably dumb and risk insensitive.

Are you sure it reads road signs? That seems vastly more complicated and much less reliable than simply getting the speed limits using GPS coordinates and a map. Every car I've driven that has a speed limit display seems to use this approach and while it does mean that you have to keep the maps up to date I'd think that would still be much more reliable that reading road signs for reasons similar to what you mention. In fact, you will have to use GPS to know how to interpret the signs: Canadian speed limit signs are almost identical in appearance to US signs but the units are km/h, the same applies between UK vs. EU signs which are identical and neither includes units. So if you have to have a GPS map to know how to read the signs why not just use it to get the limits too?

I realize that 'generative' is all the rage; but did nobody at Redmond HQ have the nerve to speak up and say "perhaps less like a blob of semen..." before that design went out?

The specific regulatory formulation probably wouldn't fly in the US; but a municipal regulation that has no enforcement, no penalties and "is merely a guideline... to encourage citizens" is basically just a public service announcement; which is something that's reasonably common and not especially controversial or legally fraught.

PSAs do tend to be treated as a bit of a punchline; but they are common enough; both outright state-sponsored ones and nominally-charitable private sector initiatives to make unsold ad impressions look like community service.

This seems like the least of our problems when the difference between this incident and TransUnion's entire business model is that they didn't get paid to provide the records this time.

I think it's the very fact that you can(and probably should; at least to some degree) do more or less exactly that is what makes this report seem so hysterical.

It's not like it's false that some Yandex software dude will probably cooperate if the FSB tap him on the shoulder and suggest that it's exciting and mandatory; while John Smith, corn-fed American patriot, is at least going to require some sweet-talking; but if you are just blindly grabbing 'package that some dude put on NPM' your problems are far deeper, and much less exciting, than nation-state sabotage. Even when doing their absolute best; programmers make mistakes all the time; so if the project is basically one dude who maybe debugs his own code if it's too broken you have basically no reason to suspect that innocent vulnerabilities are getting caught; along with the risks posed by the relatively frequent compromises of dev credentials on the various repositories, and the risk that you'll be left unsupported if the random guy gets hit by a bus or finds a new hobby and just walks away.

It's fun to pretend that tedious, labor-intensive, problems don't exist by focusing on sexy threats instead; so I'm not surprised that a 'security' vendor would be working this angle; but, fundamentally, if you are just grabbing random garbage off a repository every time one of your junior devs even thinks too hard about docker you are doing it wrong.

It also seems a bit silly because, if your real problem is nation state adversaries rather than nobody actually looking because it seems like it works and why try harder it would likely be relatively trivial for the trojan horse project to add 'legitimacy'. You want multiple maintainers because we can't trust Sinister Yuri to police himself? Ok, it doesn't take a terribly impressive intelligence agency to conjure up a few additional contributors who make changes to the project from North American or western European IPs and time zones and have a thin but plausible trail of assorted tidbits that suggest that they are consultants or employees of random little companies in friendly nations. You call that a security check?

"Request a demo of Entercept, the first and only platform designed to identify and track foreign influence in your software."

I do love a good disinterested vendor writeup...

"As a whole, the open source community should be paying more attention to this risk and mitigating it."

So, if I'm understanding this right, the solution is for more people to work for free so I can just blindly grab whatever; not for the people already getting their software for nothing to care even slightly about their dependencies?

Obviously the originalist interpretation of freedom of speech is "so long as congressional republicans claim it's 'neutral'". Very subtle constitutional law, that.

Did you look at the dates on those heat records - all but three are since 2000 and of those three, two are in the 1990's. They may be the hottest days on record but they are also representative of the new norm for heat waves thanks to global warming. Sorry to have rained on your parade of ignorance with facts: obviously the UK is not one of the hottest places on the planet but it is still much hotter than you clearly knew about. As for declining fortunes, your use of fahrenheit suggests that you don't need to look to other countries to see that happening on a far grander scale.

Nice try to avoid trouble but I doubt a trick pulled by Odysseus in ancient Greek legend to fool a cyclops is going to work in the modern day with lawyers.