Comment by game_the0ry
19 hours ago
> At 4:59 pm, he asked an AI tool, “How do i clear system logs from SQL servers after deleting databases?” He later asked, “How do you clear all event and application logs from Microsoft windows server 2012?”
So many red flags, I can't even.
> In the space of a single hour, Muneeb deleted around 96 databases with US government information. He downloaded 1,805 files belonging to the EEOC and stashed them on a USB drive, then grabbed federal tax information for at least 450 people.
Maybe whoever runs infosec at that place should also be fired?
Brave of you to assume they had anyone running infosec by the sounds of it
Wasn't that .. these guys themselves?
Elon's brother's landscaper's nephew's girlfriend was sacked along with Elon, so nobody was filling that role in the government.
Which MAGAts applaud. Emptying the swamp!
Yep, Windows Server 2012 being a big one :o
They forgot a
> "How do I clear chat logs from LLM?"
I guess?
I love how this leaks out the fact that the DHS is running production databases on operating systems that are months away from end of extended support.
Windows Server has 5 years of mainstream support, 5 years of extended support, and then an extra 3 years paid Extended Security Updates (ESU) support. For 2012 and 2012 R2 that ends in October 2026.
The three years of ESU exists only for organisations like government departments that would rather pay Microsoft millions of dollars for patches than pay a competitive wage and hire competent IT staff that can complete upgrade projects on time.
> The three years of ESU exists only for organisations like government departments that would rather pay Microsoft millions of dollars for patches than pay a competitive wage and hire competent IT staff that can complete upgrade projects on time.
I'm not going to say the wages are fine but the issue is likely not to be the competence of the IT staff, but rather the overbearing IT management processes the U.S. Federal government uses. "Enterprise change management" processes separate from the already-long cybersecurity review processes can add weeks or even months to system updates.
In that kind of construct, you optimize for fewer but larger changes and then it's no surprise to see that there's no time in the project update schedule to update the OS in addition to making all the other long-overdue library / middleware / application changes that also are pending once a change finally can be made.
I wonder how foreign governments do it? Better or worse
1 reply →
It can be quite politically valuable to kick the can to the next administration.
The day-to-day operation of large government bureaucracies is surprisingly immune to elections. The same people stay in the same job for decades, the "churn" only happens at the highest levels, and even those positions tend to outlast changes in the current political party in charge.
4 replies →
That's normal in big bureaucracies. I've worked on systems nobody wanted to breath around because nothing could be fixed.
It’s a contractor to the DHS, but I’m not sure that makes it worse or better.
To be fair, this transpired last year, so they actually had one year and some months before losing extended support.
That said, they should have migrated it years ago.
Ready access to AI tools sure makes vandalism easy.
This vandalism is a joke. You could find the method in an XKCD comic.
The fact that they didn't already know how to do it is the crazy part.
A tool which is supposed to supercharge you - supercharges you.
Ai is just a tool. You can kill with hammer, doesn't mean you ban hammers. And they could have used stack overflow instead of ai.
The tools we use are not neutral. A sword can be made to work like an axe, but we use axes for chopping wood because a sword makes a shitty axe. A sword is designed to kill people. The handle, the mass, the weight distribution, and every other aspect I am not qualified to get in to, means swords are designed to kill. They are a tool, and their use is not neutral.
This is a clear example, but I don't believe any tools are neutral. Your immediate fallback was to a hammer, not a mouse, with the obvious corrollary being to bludgeon, but the same line applies. Tools are not neutral, and that's why when you looked for something that causes harm, you grabbed something that's objectively been serving a dual-purpose for hundreds of years. Nobody's using a computer mouse to bludgeon someone to death; it makes a shitty bludgeon, and the design of the tool reflects that.
That's also why these comparisons always fall back to knives, or hammers, or the AK-47: they are dangerous tools that are designed to make killing easier. Nobody is making these comparisons to more benign tools, like desk lamps, coffee cups, or car stereos, and it's because tools are not neutral, and none of my examples are designed to make direct, bodily harm, easier.
8 replies →
My god, they didn't say ban ai they said it makes vandalism easy.
No need to knee jerk react to an argument that hasn't been made.
4 replies →
That’s a non-sequitur. You don’t need to defend AI, your parent comment isn’t attacking it, simply making an observation.
> doesn't mean you ban hammers
They didn’t suggest banning anything.
> You can kill with hammer
Not if you don’t have a hammer available. Which is the point. Ready access to a tool makes misusing the tool easy. And some tools are more conductive to misuse than others. You can kill maybe a couple of people in a crowd with a hammer, a few more with a handgun, a ton more with a machine gun or a bomb. The tool itself matters, and you should regulate each accordingly to their capacity and likelihood of harm. For example, plenty of countries restrict gun use significantly more than the US. Those countries have much fewer gun-related deaths and violence. This isn’t (shouldn’t be, in an honest discussion) hard to understand.
You are the first person in this conversation to mention banning. I am not sure what your comment has to do with anything.
> So many red flags
starting with Windows Server _2012_ :O