CIA Drones used buggy, stolen code.

[MKSheppard]

If you could read a full post without prematurely jerking off to your victory, you'd see it.

If you were any stupider, you'd swallow your own tongue by accident.

Guess what the baseline accuracy for GPS is without any augmentations like radio beacons installed in presurveyed points?

22m Horizontal Accuracy
27.7m Vertical Accuracy

Holy shit! I guess we better fucking ground the whole GPS constellation, and stop using everything that uses GPS; including JDAMs, cruise missiles etc etc due to inaccuracies in the system.

Moron.

[Phantasee]

That's not even his point, Shep, and posting numbers isn't going to change the fact you're ignoring his point.

The point isn't that the code is buggy, the point is that it was stolen, and the only reason the company got away with it is because the CIA assumed it was an improvement instead of a defect. Stolen is the important point.

[Sea Skimmer]

That's not even his point, Shep, and posting numbers isn't going to change the fact you're ignoring his point.

The point isn't that the code is buggy, the point is that it was stolen, and the only reason the company got away with it is because the CIA assumed it was an improvement instead of a defect. Stolen is the important point.

No. If that was the point he might have you know, said it. But he didn't in his one liner commentary. All he does is bitch about lack of accuracy and UAVs, none of which is relevant as we have damn well proven. The point is you are just joining him in trying to backpedal and make a different argument then the one stated. Sorry but some of us can read, and won't just ignore bullshit like that.

Anyway if they had to steal crap to get a vital product into service quicker, then so be it, winning wars in which you know, people are dieing every single day, trumps copyright and the only point of copyright and patent law in the first place is to encourage new products, not make said products more difficult to produce. This is hardly the first time theft has been used in the defense industry anyway, stealing defense technology more or less being an industry in its own right and all that. The US never did pay the Soviets anything for reverse engineering the brilliant PMP pontoon bridge; shall we denounce the US Army for that too? As I recall the US government actually has rights to seize patents in wartime too, and only pay for them after the fact, but the law isn’t much used because people prefer not to act like the US is involved in two massive wars.

[Phantasee]

How am I backpedaling if I never established a position in the first place?

I reread the OP and I see that is where Nitram made that the UAV comment. However, you guys have ignored Skgoa's point in favour of attacking Nitram's first comment (until now). Steel made a similar point, and Nitram's second post said something similar.

[MKSheppard]

That's not even his point, Shep, and posting numbers isn't going to change the fact you're ignoring his point.

His original post had the knowledge-less oneliner for the whole of it's commentary:

You heard that right: Missing by up to 13 meters was considered part of a better programming job. I increasingly hate the idea of armed drones after this...

I guess we better not tell him about the recent shootdown of a rogue drone which stopped taking orders and was flying towards another country's airspace by a F-15?

Anyway; onto the "stolen" bit. If you read the article more carefully...

IISi refused to deliver mission critical code on time to the CIA; even after the CIA had stressed how important it was for this code to be delivered, even if it was in a relatively untested state.

When IISi refused to cough up the code...Netezza begin making arrangements with the CIA to reverse engineer the code and deliver it to the CIA, such was the importance of the issue to national security -- read blowing up Jihadis.

[Sea Skimmer]

How am I backpedaling if I never established a position in the first place?[/quiote]

You are assuming a defense of Nitram which means you are assuming his position, or else what you are doing makes no sense and reduces you to peanut gallery status.

I reread the OP and I see that is where Nitram made that the UAV comment. However, you guys have ignored Skgoa's point in favour of attacking Nitram's first comment (until now). Steel made a similar point, and Nitram's second post said something similar.

Right, so I should have waited to respond until after other people made other posts and then addressed them all in one grab bag? Is that what you are trying to say? In case you missed it I was the first person to reply, and I am under no obligation to change what I am replying too until I consider the initial issue settled. Nitram doesn't like the results of what he said, then he can concede it was fucking dumb.

[Vendetta]

IISi refused to deliver mission critical code on time to the CIA; even after the CIA had stressed how important it was for this code to be delivered, even if it was in a relatively untested state.

Except CIA were already using Geospatial (a version without an unexplained 13 metre error. And nb. the lack of testing means that there is no way to say how high the error margin was likely to climb, 13m was just the highest observed so far), they just wanted to run it on different hardware.

Since it wasn't compatible with that hardware, IISi told them it would take some time to deliver a fully tested and working version. Netezza delivered a version on time which was, just as IISi said it would be in that timeframe, buggy. nb. also at this point that it was not possible to predict what kind of error the bugs in the untested code would generate. CIA can consider themselves lucky that they only got a 13 metre error, making the same calculation errors elsewhere could have led to complete misidentification of the target.

IISi operated with due diligence, Netezza did not.

[Uraniun235]

A humorous condensation of the Register article that Nitram posted:

In short:

• Netezza was the sole distributor of IISI's Geospatial, their sales guys pitch it to the CIA with an unsupported hardware upgrade and a new use. Guiding UAV's to shoot terorists. CIA loves it and starts throwing money at them.
• IISI get a call from Netezza sales department. "Hey we need Geospatial to work on this new hardware you guys never heard of before and we need it fast cause the CIA have people they want to shoot with it." IISI responds mostly with confusion.
• The CIA, together with Netezza urge them to rush on grounds of national security and suggest that patriots wouldn't slack so much.
• Netezza, allegedly reverse engineers the Geospatial software and gets it running on the new hardware with some major errors.
• CIA is happy and is informed by Sales believes the multiple errors are because "The new hardware is BETTER!"
• IISI gets sued for not delivering product they had no contractual obligation to deliver. Case is then thrown out because of this lack of obligation.
• IISI sues both Netezza and the CIA for stealing the original software, hacking it together and selling it as a new product.

[Steel]

I'll reiterate my original point as nobody but Phantasee seems to have noticed it. I'm not particularly concerned by the copyright infringement, or the magnitude of the error they first discovered.

The critical thing is that they were using untested, low level, hacked together software.

How do we know that its low level software? Changing the specific chip architecture caused it to stop working entirely. Why is it important that it is "low level" software? Well, that program isn't going to be running on windows7. Back in the dark ages of computer programming if you fuck up your program there was no sandboxing or whatever, no actual protection from yourself. You could genuinely trash the entire operating system depending on what you did. Allocated some memory in the wrong place? Whoops, you overwrote some of the OS, time to take out the hardware and manually reprogram it. The FIRST bug they discovered was that it was fucking up floating point operations. That is a pretty fundamental thing. If thats going wrong then theres absolutely no reason to assume anything in the code is doing what you want it to. They then say that they discovered more errors later, that 13m wasn't the end of it:

"the spatial toolkit hack" in Netezza emails when it began producing further errors in November

The fact they had adapted an existing program is even worse than blindly playing with the source code, this could cause untold problems, and doing it this way there is no possible way to test whether this will break at a later time.

You may not care if all bombs that are dropped have an additional 10m of inaccuracy. This was certainly happening.

You may not care if occasionally you bomb the house of the first 'Abdul' in the phonebook instead of the 'Abdullah Bloggs' you actually entered because theres a subtle pointer arithmetic error that cuts off a string in certain situations. This is easily possible.

You will care if, due to the differences in chip architecture, what was a trivial memory operation on the previous chip, now you go and overwrite the software that is flying the drone, and every single drone that was flying at that time you entered the query crashes to earth. This kind of flaw could be in the software, and there is no way to know if or when it will happen.

[Spoonist]

-Steel
Its clear by now that they ignore all of that in lieu of bashing on SirNitrams misdirected drone comment. Regardless of whether newer posters have added information or not.

[Sea Skimmer]

You will care if, due to the differences in chip architecture, what was a trivial memory operation on the previous chip, now you go and overwrite the software that is flying the drone, and every single drone that was flying at that time you entered the query crashes to earth. This kind of flaw could be in the software, and there is no way to know if or when it will happen.

God do you just not get it that this program was a glorified mapping tool to let people share information, and not fucking software that aims weapons or was in any way installed on UAVs?

[Phantasee]

Don't be ridiculous, Skimmer. Everyone knows that all CIA kit has bonus assassination features.

[Spoonist]

God do you just not get it that this program was a glorified mapping tool to let people share information, and not fucking software that aims weapons or was in any way installed on UAVs?

While I agree that is was not to be installed on drones. But you are wrong about your other statement.

He basically told me the CIA... wanted to use [Geospatial] to target Predator drones in Afganistan and that

So unless you have data from somewhere else then the article had Netezze claim it was used to "target the drones". Then it says that the CIA guy confirms Netezze's claims, although we don't know which claims are refered to.
What that "target" means we don't know eihter. It could be sending it there to investige, or it could be firing coordinates. We simply don't have enough info to do the kind of claims you are doing.

edit

unless you are have access to data that are not in the article?

[Steel]

You will care if, due to the differences in chip architecture, what was a trivial memory operation on the previous chip, now you go and overwrite the software that is flying the drone, and every single drone that was flying at that time you entered the query crashes to earth. This kind of flaw could be in the software, and there is no way to know if or when it will happen.

God do you just not get it that this program was a glorified mapping tool to let people share information, and not fucking software that aims weapons or was in any way installed on UAVs?

Why the fuck does that matter? It is still capable of taking down whatever system it is running on. If it was so critical that they have this system working right then, even a crash that just requires them to restart their machines (which could take 15 minutes or longer) it will fuck whatever operation they are in the middle of while they're using it. Given what they did, it is basically guaranteed that the software is fatally flawed in some way.

Imagine if someone was making you truck engines, and they had to make them work in a truck that was twice the weight. They take the old engine and just weld it into place. It seems to work fine, but in the 5 minutes of testing they did (on flat concrete) they noticed a trail of metal shavings and oil.

Would you say this is a positive and means that the engine will be absolutely fine, and immediately deploy all the trucks to critical duties on the front line? Especially when if you use your fucking brain and think about what they did, its almost certain the engine will explode when it goes up a hill?

[Sea Skimmer]

Why the fuck does that matter?

That would be your question to answer since you are the one making a fucking big deal about shit missing when that is not a relevant consideration at all.

It is still capable of taking down whatever system it is running on. If it was so critical that they have this system working right then, even a crash that just requires them to restart their machines (which could take 15 minutes or longer) it will fuck whatever operation they are in the middle of while they're using it. Given what they did, it is basically guaranteed that the software is fatally flawed in some way.

It can't fuck fuck anything worse then not having a critical program at all, and I dunno what world you live in in which a computer takes 15 minutes to reboot. We are talking about an intelligence collection tool to basically replace HUMANS doing the same job with pen and paper. Humans make mistakes all the fucking time. You do not need perfect software to be useful, look at how fucking much runs windows.

Imagine if someone was making you truck engines, and they had to make them work in a truck that was twice the weight. They take the old engine and just weld it into place. It seems to work fine, but in the 5 minutes of testing they did (on flat concrete) they noticed a trail of metal shavings and oil.

Would you say this is a positive and means that the engine will be absolutely fine, and immediately deploy all the trucks to critical duties on the front line? Especially when if you use your fucking brain and think about what they did, its almost certain the engine will explode when it goes up a hill?

If the alternative was I have no truck engine and I have to move my supplies with pack mules, yeah I'd say it beats that. Anyway nothing in this article says they had catastrophic failures, far from it and these claims that zero testing was done don't hold water because otherwise they'd never have fucking known they had a bug in the first place. This is just idiots trying to make a mountain out of a mole hill rather then spending any time to find some of the rather larger, far more expensive and damaging problems the US military-government R&D process has that aren't eight years old.

[Vendetta]

It can't fuck fuck anything worse then not having a critical program at all, and I dunno what world you live in in which a computer takes 15 minutes to reboot. We are talking about an intelligence collection tool to basically replace HUMANS doing the same job with pen and paper. Humans make mistakes all the fucking time. You do not need perfect software to be useful, look at how fucking much runs windows.

They did have the program. They just wanted the same program to run on new hardware.

And given the nature of the program, a cross referencing tool designed to pinpoint a particular individual's location at a given time, an error could have compromised missions by completely misidentifying the target location.

[Spoonist]

It can't fuck fuck anything worse then not having a critical program at all...

False. Are you deliberately ignoring that the article mentions that they had another unit? Namely the one they compare the data with to get the 1-13m?
I've only pointed it out twice now.

We are talking about an intelligence collection tool to basically replace HUMANS doing the same job with pen and paper.

Nowhere can you deduce that from the article. So this is BS unless you give your other source.
A human would be hard pressed to use pen and paper to access mobile phone towers or triangulate positions moving form one to another. That's just WoI stuff.

[Beowulf]

Has anyone else even looked at the data sheet on the hardware they're talking about? It's a set of racks with a whole bunch of disks, some custom programmed FPGAs to drive them, feeding to what are apparently commodity Intel CPUs. It runs Red Hat Linux. I'm less than inclined to believe this low level programming bullshit.

[Vendetta]

It says it was x86 based in the OP. The only problem is that the program they wanted to run on it was written for PowerPC.

[Channel72]

How do we know that its low level software? Changing the specific chip architecture caused it to stop working entirely.

That doesn't necessarily tell us this is "low-level" software. It just tells us it's software that was compiled to machine code. Not all machine-code compiled languages are necessarily "low-level."

Why is it important that it is "low level" software? Well, that program isn't going to be running on windows7. Back in the dark ages of computer programming if you fuck up your program there was no sandboxing or whatever, no actual protection from yourself. You could genuinely trash the entire operating system depending on what you did. Allocated some memory in the wrong place? Whoops, you overwrote some of the OS, time to take out the hardware and manually reprogram it.

You're conflating the concept of "low-level" software, i.e. software written in something like C or Assembly, with the idea of OS memory protection. Low-level software runs fine on modern operating systems without any possibility of thrashing the OS by writing to an invalid pointer. It's called a Segmentation Fault.

The FIRST bug they discovered was that it was fucking up floating point operations. That is a pretty fundamental thing. If thats going wrong then theres absolutely no reason to assume anything in the code is doing what you want it to.

You're arguing that the code is exhibiting undefined behavior. You don't know this to be true, and floating point inaccuracies are not necessarily indicative of undefined behavior.

[JointStrikeFighter]

Amusingly given the CIA's infinite money they will probably just buy the properly ported version anyway once it is finished.

[Spoonist]

You're arguing that the code is exhibiting undefined behavior. You don't know this to be true, and floating point inaccuracies are not necessarily indicative of undefined behavior.

Uhm, come again? Untested software presents an unknown that you simply don't want. Its by itself indicative of undefined behaviour and of course its indicative of more undefined behaviour since the floating point incaccuracy is by itself such an undefined behaviour until you sort it out.
And we know that porting stuff or even worse reverse engineering someone else's code is bound to generete unknown issues. Its rarely done without several bugs.

Which is also alluded to in the internal Netezza emails where they refer to other errors with the solution delivered to the CIA.

Amusingly given the CIA's infinite money they will probably just buy the properly ported version anyway once it is finished.

I don't think that the hardware is within their scope. They are seemingly buying a turnkey datawarehouse solution. So much so that they trust the salesman from Netezza. (Which you should never do if you have the option of speaking to development). Its also obvious by Netezza's aggressive marketing vs Oracle that they don't mind twisting the truth.
And if the rumors about the IBM purchase they will be in good company.

Also as a sidenote its my opinion that the CIA is underfunded for the role they have been given during Bush and now Obama.

[Sarevok]

So other than waving hands about hypothetical bullshit is someone going to post definite evidence of how many mishaps this mortal sin by CIA caused ? Unless it caused innocents to die or mission failures due to some desk jockey trusting a glorified mapping tools outputs it can crash 100 times a day and it does not matter one bit.

[Spoonist]

So other than waving hands about hypothetical bullshit is someone going to post definite evidence of how many mishaps this mortal sin by CIA caused ? Unless it caused innocents to die or mission failures due to some desk jockey trusting a glorified mapping tools outputs it can crash 100 times a day and it does not matter one bit.

What is the point of your post? There is nowhere in hell that the fucking CIA would release such data. So you set an impossible goal that you then want others to live up to? Nice.
Lets reverse that; prove to us that it didn't. Wow, equally stupid.

Lets do something realistic instead, why don't we? Lets take the data that we do have and argue opinions from that instead of making dreamcatcher scenarios with data we don't have.

[Channel72]

Uhm, come again? Untested software presents an unknown that you simply don't want. Its by itself indicative of undefined behaviour and of course its indicative of more undefined behaviour since the floating point incaccuracy is by itself such an undefined behaviour until you sort it out.

Wrong. Floating point inaccuracy is NOT necessarily indicative of undefined behavior. Casting a 64-bit double precision floating point value to a 32-bit single precision floating point value results in inaccuracy (precision loss). It does not cause undefined behavior. Undefined behavior is caused by things such as dereferencing an invalid pointer. So you have no idea if their program is exhibiting undefined behavior.