CIA Drones used buggy, stolen code.

[Steel]

So you have no idea if their program is exhibiting undefined behavior.

Nor do they.

That is why it isn't acceptable to be using it to target weapons systems.

[JointStrikeFighter]

It doesn't target the weapon system FFS!

It vectors the drone into the general area!

[Spoonist]

Uhm, come again? Untested software presents an unknown that you simply don't want. Its by itself indicative of undefined behaviour and of course its indicative of more undefined behaviour since the floating point incaccuracy is by itself such an undefined behaviour until you sort it out.

Wrong. Floating point inaccuracy is NOT necessarily indicative of undefined behavior. Casting a 64-bit double precision floating point value to a 32-bit single precision floating point value results in inaccuracy (precision loss). It does not cause undefined behavior.

Nice. I noticed the "necessarily" you threw in there. A tip would be that you follow something like "Wrong." with a definitive statement.

But back to the issue, which definition are you using?
Lets see MW gives; undefined=not seen or understood clearly.
Now in my world that is exactly what you have with floating point inaccuracy.

Unless you mean "undefined" as some type of technobabble definition. In which case you forgot to give the context and thus either moved the goalposts or strawmanned the position, your pick.

But we don't know their algorithms so we don't know if the problem is compounded or not. We don't know if it was limited to the 1-13m or how large a testsample that results came from. We don't even know what the program specification for such deviation is or whether it kept within those specifications.
But what we do know is that the CIA guy found a 1-13m deviance "unacceptable" before rationalizing it away.

Undefined behavior is caused by things such as dereferencing an invalid pointer.

I'm going to guess that that leads us to the specific technobabble definition you forgot to mention as the context of your definition of "undefined" which differs from english.

So you have no idea if their program is exhibiting undefined behavior.

Of course not stupid. That is akin to Sarevok's post. You are asking for interpretation of data that we don't have. Namely sourcecode and testing protocols. Why the fuck would I have access to that? Should I play the same game with you? You have no idea if their program is NOT exhibiting undefined behaviour. Wow, that got us far.
But you see what I've been pissing on for a couple of posts now is that neither do they. That is what untested means. Fuck this is frustrating.
Its like you ignore the implications of rewriting someone elses code and delivering that code untested to be used in warfare. We don't even know what the followup errors mentioned by Netezza was. It could be as minor as GUI bugs or as major as completely flawed data output. But its clear that neither do they because they wanted it ASAP as opposed to tested.

[Spoonist]

It doesn't target the weapon system FFS!

It vectors the drone into the general area!

Which would be another thing we don't know. We don't have the data to say either way.
We can sure hope that they where just incompetent when it comes to IT decisions and not to actual tactical warfare decisions.

[Lonestar]

Which would be another thing we don't know. We don't have the data to say either way.
.

For those of us who didn't bother to read to OP:

The code allows users, for example, "to incorporate and cross-reference vast amounts of business data with geographic location within the same database, and enable events (such as... a cell phone signal moving from one tower to another) to be matched with personal characteristics in the database (such as... the identity of the person whose cell phone signal has moved from one tower to another)",

It isn't a fucking targeting system software, from the court filings itself. At best it's something used to vector a drone into the general area by way cross referencing a database and it implies a possible DFing with cell phone towers...which wouldn't be more accurate than 13 meters in the UNITED STATES much less out in the sticks in Pakistan.

[Spoonist]

For those of us who didn't bother to read to OP:

Now that is just silly. I've quoted the OP article several times. I've even pointed out stuff that people missed in the article. Not bothered to read the OP my ass.

It isn't a fucking targeting system software, from the court filings itself.

Of course its not a targeting system software. But we don't know what the output data is used for. Hence my we can hope comment. But it obviously gives out coordinates that can be reused. What for we don't know.
Now just to be clear I don't think its being used for attack coordinates, since what I've heard of drones SOP they don't work that way. But the data we got can not say that conclusively.

[Lonestar]

Fine.

[Steel]

Although it wasn't clear, I was referring to targeting in the sense of giving a target location, not actually guiding a missile.

This is just as much of a problem though. If it fucks up and says Akhmed is talking on his phone in building A, when it had misidentified your input and was in fact showing the location of Abdul, someone totally unrelated, you'll still end up putting a bomb through the wrong window, albeit with perfect accuracy.

[Netko]

Although it wasn't clear, I was referring to targeting in the sense of giving a target location, not actually guiding a missile.

This is just as much of a problem though. If it fucks up and says Akhmed is talking on his phone in building A, when it had misidentified your input and was in fact showing the location of Abdul, someone totally unrelated, you'll still end up putting a bomb through the wrong window, albeit with perfect accuracy.

I think what Lonestar and others are saying is that it doesn't matter because the overall system precision is not high enough for the introduced error to affect anything. If it didn't exist you still wouldn't have the precision necessary to directly use the results without secondary pinpointing/confirmation (via UAV/satellite/whatever). So it doesn't materially affect the necessary procedures - Abdul is going to get bombed with or without the error if the procedures in place are that sloppy.

Now, the error is a problem long term - if this system is enhanced over time (and local developments like better GSM tower location services and other relevant advances become available), at some point the introduced loss of precision do to the described error could become greater then the inherent system precision, at which point it would indeed be a pretty big problem.

[Channel72]

Nice. I noticed the "necessarily" you threw in there. A tip would be that you follow something like "Wrong." with a definitive statement.

But back to the issue, which definition are you using?
Lets see MW gives; undefined=not seen or understood clearly.
Now in my world that is exactly what you have with floating point inaccuracy.

Unless you mean "undefined" as some type of technobabble definition. In which case you forgot to give the context and thus either moved the goalposts or strawmanned the position, your pick.

I'm sorry, I assumed you were somewhat knowledgeable about computer programming, since you originally started arguing as if you knew what you were talking about. Clearly, you don't. If you did, you would know what the fuck I was talking about when I said undefined behavior, and you wouldn't be checking Merriam Webster as if we were arguing about the meaning of the word "undefined." But apparently the concept of undefined behavior is "technobabble" to you.

Of course not stupid. That is akin to Sarevok's post. You are asking for interpretation of data that we don't have. Namely sourcecode and testing protocols. Why the fuck would I have access to that? Should I play the same game with you? You have no idea if their program is NOT exhibiting undefined behaviour. Wow, that got us far.

I know - which is why I don't claim that it is exhibiting undefined behavior, like you seemed to be saying when you claimed that floating point inaccuracies imply that the program could literally do anything. All I said was that inaccurate floating point calculations does not necessarily imply undefined behavior in software. Therefore, just because the software is coming up with inaccurate numbers doesn't necessarily mean it can literally just do "anything" like accidentally target the wrong person or something.

[Spoonist]

I'm sorry, I assumed you were somewhat knowledgeable about computer programming,

In case you missed it; your response was to Steel, not me.

since you originally started arguing as if you knew what you were talking about. Clearly, you don't.

Muhahaha. So now you are trying to dismiss my arguments because I used english instead of technobabble. That is just silly.
Remember what I said about moving the goalposts or strawmanning Steel's position? Here is your original response to Steel:

The FIRST bug they discovered was that it was fucking up floating point operations. That is a pretty fundamental thing. If thats going wrong then theres absolutely no reason to assume anything in the code is doing what you want it to.

You're arguing that the code is exhibiting undefined behavior. You don't know this to be true, and floating point inaccuracies are not necessarily indicative of undefined behavior.

By the definition you now provided but forgot to then, your point is moot, tangent or simply useless.
Steel talked about bugs in general, you changed it to a specific type.
So which is it; goalposts or strawman?
(Now mind you I don't agree with all of Steel's specifics, I agree with you for instance regarding it most probably not being low level code).

If you did, you would know what the fuck I was talking about when I said undefined behavior, and you wouldn't be checking Merriam Webster as if we were arguing about the meaning of the word "undefined." But apparently the concept of is "technobabble" to you.

That's just funny. I just went and tested it on our software architect and our senior db guy. Neither recognized it either out of memory. So I will bring that up on their next evaluation shall I? I don't think they should be calling themselves experts anymore. (I'll see if I get any takers during the coffeebreak later).
Lets have some fun and change your quote:

You're arguing that the code is exhibiting guru meditation. You don't know this to be true, and floating point inaccuracies are not necessarily indicative of guru meditation.

Another technobabble, showing my age.

You have no idea if their program is NOT exhibiting undefined behaviour. Wow, that got us far.

I know - which is why I don't claim that it is exhibiting undefined behavior, like you seemed to be saying when you claimed that floating point inaccuracies imply that the program could literally do anything.

Now I might have misunderstood here, was he only point of your using undefined behavior with Steel a minor nitpick continuation of the "not a low level" argument? If so disregard the next passage.

All I said was that inaccurate floating point calculations does not necessarily imply undefined behavior in software. Therefore, just because the software is coming up with inaccurate numbers doesn't necessarily mean it can literally just do "anything" like accidentally target the wrong person or something.

Two 'necessarily ' this time...
Did you miss the whole part where instead of using the ported code Netezza reverse engineered it and rewrote it?
Then to your example, of course it could target the wrong person if used incorrectly. If their algorithm compounds the float issue then it could be way off. Then if some schmuck takes those coordinate output and thinks that its accurate then of course it could target the wrong person.
I mean we are still talking about warfare here, where colletarals and friendly fire are part of the deal. It just takes one schmuck to misunderstand and the shit hits the fan.