Commentary on the Implementation Plan for the 2023 US National Cybersecurity Strategy

The Atlantic Council released a detailed commentary on the White House’s new “Implementation Plan for the 2023 US National Cybersecurity Strategy.” Lots of interesting bits.

So far, at least three trends emerge:

First, the plan contains a (somewhat) more concrete list of actions than its parent strategy, with useful delineation of lead and supporting agencies, as well as timelines aplenty. By assigning each action a designated lead and timeline, and by including a new nominal section (6) focused entirely on assessing effectiveness and continued iteration, the ONCD suggests that this is not so much a standalone text as the framework for an annual, crucially iterative policy process. That many of the milestones are still hazy might be less important than the commitment. the administration has made to revisit this plan annually, allowing the ONCD team to leverage their unique combination of topical depth and budgetary review authority.

Second, there are clear wins. Open-source software (OSS) and support for energy-sector cybersecurity receive considerable focus, and there is a greater budgetary push on both technology modernization and cybersecurity research. But there are missed opportunities as well. Many of the strategy’s most difficult and revolutionary goals—­holding data stewards accountable through privacy legislation, finally implementing a working digital identity solution, patching gaps in regulatory frameworks for cloud risk, and implementing a regime for software cybersecurity liability—­have been pared down or omitted entirely. There is an unnerving absence of “incentive-shifting-focused” actions, one of the most significant overarching objectives from the initial strategy. This backpedaling may be the result of a new appreciation for a deadlocked Congress and the precarious present for the administrative state, but it falls short of the original strategy’s vision and risks making no progress against its most ambitious goals.

Third, many of the implementation plan’s goals have timelines stretching into 2025. The disruption of a transition, be it to a second term for the current administration or the first term of another, will be difficult to manage under the best of circumstances. This leaves still more of the boldest ideas in this plan in jeopardy and raises questions about how best to prioritize, or accelerate, among those listed here.

Tags: ,

Posted on July 20, 2023 at 7:12 AM20 Comments

Comments

Ted July 20, 2023 8:31 AM

Chris Wysopal commented on the following text of the Implementation Plan (under section 4.3.3):

New public-key cryptography standards

His comment was:

… Will there be a requirement to not purchase technology with old cryptography? There needs to be a transition plan that suppliers adhere to.

Is this something still in the works?

Topper July 20, 2023 12:28 PM

…. extremely vague on details of the “implementation”.

basically, the only tools available to the Federal Government for their strategy implementation are ‘Carrots & Sticks’.

… so HOW will the Feds incentivize change via specific rewards & punishments in legislative/regulatory edicts ?

vas pup July 20, 2023 3:34 PM

Artificial intelligence: Experts propose guidelines for safe systems
https://www.bbc.com/news/technology-6225855

A global group of AI experts and data scientists has released a new voluntary framework for developing artificial intelligence products safely.

The World Ethical Data Foundation has 25,000 members including staff working at various tech giants such as Meta, Google and Samsung.

The framework contains a checklist of 84 questions for developers to consider at the start of an AI project.

The Foundation is also inviting the public to submit their own questions.

It says they will all be considered at its next annual conference.

The framework has been released in the form of an open letter, seemingly the preferred format of the AI community. It has hundreds of signatories.

Computers can be fed huge amounts of information and trained to identify the patterns in it, in order to make predictions, solve problems, and even learn from their own mistakes.

As well as data, AI relies on algorithms – lists of rules which must be followed in the correct order to complete a task.

=>Its questions for developers include how they will prevent an AI product from incorporating bias, and how they would deal with a situation in which the result
generated by a tool results in law-breaking.

Other considerations in the framework include the data protection laws of various territories, whether it is clear to a user that they are interacting with AI, and whether human workers who input or tag data used to train the product were treated fairly.
The full list is divided into three chapters: questions for individual developers, questions for a team to consider together, and questions for people testing the product.

Some of the 84 questions are as follows:

Do I feel rushed or pressured to input data from questionable sources?

Is the team of people who are working on selecting the training data from a diverse
set of backgrounds and experiences to help reduce the bias in the data selection?

What is the intended use of the model once it is trained?

If, for example, a model has been trained using some data that is copyright protected, it’s not an option to just strip it out – the entire model may have to be trained again.

“That can cost hundreds of millions of dollars sometimes. It is incredibly expensive to get it wrong,” Mr Lynch said.

“There are certain areas where AI is really applicable, for example, scheduling
interviews… but making the decision on whether to move forward [with hiring a
candidate] or not, that’s always going to be left to the human as far as we’re
concerned.”

Clive Robinson July 20, 2023 5:19 PM

@ Topper,

“… so HOW will the Feds incentivize change via specific rewards & punishments in legislative/regulatory edicts ?”

They can’t because of time and interferance.

Legislation and regulation take a long time to happen. In part because a “harm” has to be both seen clearly enough to warrant it, and importantly of sufficiently attributable to a “cause” that is amenable to legislation and regulation mostly they are not. Which consequently is why we have a lot of ill thought out, over scoped and in other ways bad legislation that then gets abused by prosecutors and those who work for them including much of Law Enforcment and other guard labour to their benifit, not that of society.

The game that Silicon Valley and similar Corps pull these days is, to realise that legislation takes time to move something to the point where legislation finally happens. But before that point hammer it as hard as possible for maximum not unlawful benifit / profit.

To extend this benifit time, they use delaying tactics of all sorts not just lobbying. For instance making the harms less visable by upping the noise around them, and likewise making it difficult to impossible to clearly recognise the cause. But even when legislation / regulation is in place to in effect ignore it by claims it does not apply for some reason.

But also the Corps are of such size that even the largest of fines are in effect negligable compard to the benifit gained.

Fine either Microsoft or Google a trillion dollars and put all their senior managers in “hard labour” prisons where life is brutal and often short, and you might have a chance for a short while.

But the Corps will change in various ways so it will quickly become ineffective and often actually harmfull to society (see the effects of the EU GDPR).

These are the problems you have to find a way to address, and as these Corps not only pay via lobbyists very well they also are in effect the only part of various economies to “create churn” thus hide the ugly political fact that many western economies are flat lined or worse and as a result general society is getting pushed over the cliff…

You can see why the legislators have little incentive to “actuall act” rather than hand wave and vascilate ambivalently. And you, I, and most other readers here get harmed and pushed that little bit closer to that cliff edge tipping point.

I know that might appear shocking or even unbelievable, which is why I urge you to check it out. What you will find will make you realise just how crooked the whole system is currently, and just how near impossible it is going to be to change.

Clive Robinson July 20, 2023 6:43 PM

@ ALL,

One of the roost of this problem goes back to the 1980’s or earlier. It was the notion of “leasing not selling” software and the EULAs that came out of Microsoft and the like, disclaiming all responsability for their work, or more correctly failure to test adequately.

The result is a huge industry that is “to big to fail” or be “accountable” in the way other industries that sell to the public are. They have become so powerfull that even talking about fair “accountability” and accompanying “liability” brings down screams of “No can do” from so many that are in effect “shills” if they realise it or not.

The current game these Corps are playing is the same one the Banking Industry did. Which is to extetnalise the risk onto those who can least likely defend themselves. So it becomes the “end users fault” and that they should carry full liability thus be “insured”. The Insurance Industry is waking up to the fact that as I indicated over a decade ago cyber-security is not amenable to insurance[1].

Have a read of,

https://www.wired.com/story/white-house-national-cybersecurity-strategy/

And,

https://www.scmagazine.com/perspective/policy/three-ways-to-keep-the-national-cybersecurity-strategy-on-track

But there are other considerations that people need to be aware of.

For accountability to work, undoing the harms caused has to be viable,

1, In action.
2, In resources.
3, In culpability.

Whilst big Corporates could be squeased into these on “their own code” what about where they are shown as the victim of another, who can not in any way be squeased into any of the three addresses.

We’ve seen this with the rampant use of Open Source Software by large Corps “free-riding” on sole/lone developers work.

Any measure by legislation or regulation has to stop the “free-riding” and importantly “buck-passing” of responsability.

The notion of a “Software Bill of Materials” does not work because it has no control feedback mechanism untill at best “after the event” when someone with “agency” has acted as “an army of one” and hundreds in effect lie wounded in just a few moments.

Software is at best dificult to audit and if of even moderate complexity has too many states to alow for timely and meaningful testing.

Worse we have the issue of

1, Known, Knowns,
2, Unknown, Knowns,
4, Unknown, Unknowns,

Of instances within classes of vulnerabilities.

Made worse by the “throw in the kitchen sink as well” mentality, where often an Open Source developer tries to “broaden the appeal” by making their product “All things to all people” thus having an unwaranted overload of function thus complexity. Resulting in “More corner and edge cases than a sphere”.

Worse in even “closed shops” is the notion of “code reuse” that again pushes unwaranted function and complexity.

But if you’ve looked at the mess C++ has evolved into, you can see that even standards committees that should know better have the same unwaranted function and complexity issues.

Not untill the idustry actually takes action at every level of the computing stack will we have anything even remotely close to “product safety”.

I know I’m going to get shot at over this, but we need to stop with the “artisanal push it out the door quick” mentality and move to the “Engineering release only when it is reasonably believed to be safe to do so” work flow as with nearly every other product type put into the consumer and commetcial markets.

Currently very little code or computer hardware actually is even remotely close to being safe in the consumer and commercial markets and it’s getting rapidly worse. We have no choice but to undo the mess of the last half century and ensure there is no avoidable “technical debt” being knowingly shipped. Which requires a major change in the way we educate industry practitioners and the managment of their working practices.

We are going to have to do it at some point, so rather than let things get worse for another half century and bodies start getting stacked up[2], we should “bite the bullet” and get it under way as soon as possible.

[1] Over simply the Insurance industry works by what they insure having three properties,

1, They are random.
2, They have a flat distrabution.
3, There is no agency involved.

This alows premiums to be set on a year to year basis for any sufficiently large distributed population.

Importantly note the third point. As a rule up untill very recently anything that was not an “act of god” was not insurable, to try to prevent or limit fraud.

All cyber-security events boil down to an “Army of One” with “full agency”… Thus none of the three cautionary rules apply, thus traditional insurance is not even as close to being “badly ill matched”. Something that is being now recognised over the “new market, new premiums” hype.

[2] Back in the 1970’s and through to the turn of this century, most consumer and commercial software had little or no “Physical Agency”. This is very far from true now and I’m not just talking of $20 IoT devices but cars in the $200,000 range and oh so much more in between. People are getting maimed, mutilated and bludgend to death by software and the hardware it runs on faults. It’s hard to put actual numbers on it but at times it’s been hundreds a month in the MSM, how much else is oft kept hidden. This death, injury and harm toll is only going to rise, and do so exponentially from now on untill legislators are forced almost at the point of a gun to change it. Unfortunately history shows that such “Knee Jerk” legislation always is ill thought out and as a result falls prey to the law of “unintended consequences” that we also know will then be abused to create more harms. Thus we need to approach it now with clear and rational minds and think it through with care.

c1ue August 13, 2023 8:17 AM

Clearly the Atlantic Council is way behind the times.
One of the people behind the original Open Source is More Secure statement retracted: Paul Vixie.
His rationale is very clear: when he first made that statement, there were millions of lines of open source code. Every line had a high probability of having been reviewed. Today (2015 I think? Maybe 2016), there are billions of lines of open source code that no one but the original author has ever reviewed.
Yes, there are still sections which are heavily audited, but the notion that open source is a magic bullet is fantasy.
As for the rest of the Atlantic Council statement excerpt:
It is very clear that the objective is to attempt to create a “cybersecurity DHS” equivalent. And the result will be equally futile.
There is a clear path towards improving overall cybersecurity – it is the insurance one. Create a new category of insurance: cyber.
Make payout criteria clear and ensure cyber insurance company rights and responsibilities to gather data and/or force action and/or unilaterally act within customers – some version of setup based on the 100+ year old insurance practices used for steam turbines (i.e. not just written best practices but inspections).
Force cyber security service and software providers to have skin in the game (i.e. be liable for failures and omissions).
And last but not least: force all government agencies to prioritize cyber security first as opposed to cyber vulnerability hoarding. This isn’t just about failure to disclose vulns, it is also about designing backdoors and vulns into systems for “national security” purposes.
But none of this is ever going to happen.
Too much profit to be made with the existing setup much like the US health care shambolic mess.

c1ue August 13, 2023 8:40 AM

@Clive
You wrote: “People are getting maimed, mutilated and bludgend to death by software and the hardware it runs on faults. It’s hard to put actual numbers on it but at times it’s been hundreds a month in the MSM, how much else is oft kept hidden.”
Sorry, but this statement really looks unsupported.
Yes, there has been a spike since 2020, but COVID:
https://injuryfacts.nsc.org/all-injuries/historical-preventable-fatality-trends/where-weve-been/
Overall, the numbers simply don’t add up.
The rates of “preventable” deaths are steady from the 1980s to the 2010s; the increase since then is far more likely due to fentanyl than cyber with a flourish due to increased suicides, overdoses and auto deaths during the COVID era.

Clive Robinson August 13, 2023 10:49 AM

@ c1ue,

“Sorry, but this statement really looks unsupported.”

Really?

How about a couple of Boeing aircraft?

That software was supposedly checked audited and signed off…

That alone covers,

“but at times it’s been hundreds a month in the MSM”

Then there have been trains with passangers crashing due to faults in signalling code, that again was supposedly checked audited and signed off…

The US apparently was pre-Covid having a ten year average of 40,000 road vehicle deaths a year. And it would appear not much has changed now things are getting back to normal. So a percent or so due to software and electronics faults, are almost certainly going to happen, but almost certainly won’t get investigated such is the nature of these things.

c1ue August 13, 2023 1:27 PM

Boeing deaths were due to the Boeing attempting to retrofit the 737 into a very different type of plane. If you want to believe the 737 MAX’s issues are because of software quality, that is your prerogative but most people including Boeing pilots believe it is the Rube Goldbergian way which Boeing got the 737 MAX created and certified.

As for auto deaths: I would posit that it is far more due to texting while driving combined with COVID idiocy. Both phenomenon are very well documented whereas your assertion is not.
Even your chain of reasoning in this area is highly simplistic: how exactly does a software failure in a car cause a crash and death? Does it lock up the steering wheel? Lock down the accelerator? Prevent braking? Does it obstruct the user’s vision or give false information? Does it cause key safety systems like air bags, seat belts, ultrasound based proximity alerts to not function properly?

Note I am not saying that software can be/is/will be crap in many instances.

What I am saying is that a lot of people greatly overestimate the actual real world impact software has on bottom lines – as opposed to being a tool in the hands of people.

The only instances I can think of where software has some clear responsibility for death in the automobile sphere is the various Tesla “Autopilot” crashes: where dumbasses relied on Autopilot to actually work but wound up crashing into fire trucks, semi trucks, police cars, etc plus the one poor woman hit by a self driving car in Arizona. This is perhaps a dozen or two over several years – nowhere remotely close to “hundreds per month”.

I also have done work with CAN bus and associated ECS systems; again, the mechanism by which any of the above failure modes get triggered by software are either completely nonexistent or require active human intervention to occur. It is a myth that car systems are closely interconnected; the CAN bus is primarily just a way for various emission control systems to communicate with sensors.

Clive Robinson August 14, 2023 1:18 AM

@ c1ue,

“Boeing deaths were due to the Boeing attempting to retrofit the 737 into a very different type of plane.”

It appears you either have a nebulous view point on what actually happened, and importantly what was reported in the MSM at the time or you have some kind of other agenda.

“I would posit that it is far more due to texting while driving combined with COVID idiocy.”

I’ve not seen either reported in the MSM in the past few years, where as we have seen a lot on the software in certain vehicles, to which you say,

“where dumbasses relied on Autopilot to actually work”

Well correct me if I’m wrong but the “autopilot” to which you refere was “software” and those using it were simply following what they had been told by the manufacturer was the correct usage…

So we then find,

“It is a myth that car systems are closely interconnected”

Which I’ve certainly not mentioned in any way, and nor have I seen it mentioned in the MSM.

So you obvioulsly want to have a rant about something else not related to what I said.

So I’ll leave you to do your blowing off steam to yourself, or somebody else you decide to misconstrue to use as an excuse.

Winter August 14, 2023 1:57 AM

@Clive

It appears you either have a nebulous view point on what actually happened, and importantly what was reported in the MSM at the time or you have some kind of other agenda.

I read a lot of analysis about Boeing Max and they all supported @c1ue’s account: Boeing retrofitted an old plane with too large, heavy and powerful engines and then skimped on security. They rather overran the authorities than test.

All in the name of Shareholders Value

Clive Robinson August 14, 2023 3:40 AM

@ Winter,

Think before you leap…

You say,

“they all supported @c1ue’s account”

Then say,

“Boeing retrofitted an old plane…”

However @c1ue said,

“into a very different type of plane”

As any sensible engineer would tell you not the same thing at all.

In fact it was so different it should have been a “new plane” and that’s why the critical avionics software had to be fundamentally changed.

But that is actually beside the point, as I was talking about what “the MSM reported” at the time.

So your argument supporting @c1ue and their false argument, does not reflect well on you.

But further you add,

“and then skimped on security”

As I know that French uses the same word “sécurité” for the two English words “Safety” and “Security” which usually have quite different meanings, I have to ask what you actually mean by “skimped on security” as I do not remember anything in the MSM reporting about “security” but quite a bit on “safety”.

Anyway, the point is @c1ue has misrepresented my point for reasons I can guess at, but you have “lept in with both feet” which means that you are trying to support a falsification…

If you want to argue about what the English language MSM reported about it being the fault of that changed avionics software then best to use a non irrelevant argument.

Winter August 14, 2023 5:19 AM

@Clive

As any sensible engineer would tell you not the same thing at all.

In this case it was the same (I meant using an old boeing plane design, not an actual old plane).

In fact it was so different it should have been a “new plane” and that’s why the critical avionics software had to be fundamentally changed.

Boeing did want this MAX not to be a new plane as this would require a new training for pilots reducing the sales.

The point of the software was to make new training not required. The failure was that one of the sensors needed to fly the MAX as if it was the old plane was fragile and broke often. When that happened, the software flew the plane into the ground.

Boeing did not train pilots correctly on how to overrule the software. IIRC, they also lied about that part.

So your argument supporting @c1ue and their false argument, does not reflect well on you.

You simply did not document yourself on the case. Do your “research” before lashing out.

I have to ask what you actually mean by “skimped on security”

I meant skimmed on safety. We do not stress the difference between safety and security neither in my native language so I miswrote.

c1ue August 14, 2023 9:16 PM

@Clive
You have made a number of statements which I believe are unsupported.
You have then followed it up with a complete lack of support – choosing only to try and attack what I have noted are clear public examples which are NOT software related.
Once again: provide some evidence for your assertions.
Autopilot is software, but it is not software for basic car functionality. It is unlicensed, unapproved and most importantly, available to literal a tiny fraction of cars on the road.
The notion that Autopilot represents overall auto safety compromise due to software is ludicrous.
Back up your statements with some data.

Clive Robinson August 14, 2023 11:05 PM

@ c1ue, Winter

“You have made a number of statements which I believe are unsupported.”

I realy do not care what you believe, you have not actually said in your comments anything that contradicts my comment footnote I made about the MSM making statments. Further I realy do not care that much about your unsupported, irrelevent and non factual observations.

To my foot note you claimed,

“Sorry, but this statement really looks unsupported.”

And immediately went off on some unrelated tangents,

“Yes, there has been a spike since 2020, but COVID:”

“the increase since then is far more likely due to fentanyl “

The latter of which I’m surprised @Moderator did not immediately remove as normaly happens when ever pain relief and US citizens are mentioned.

Which were absolutly nothing to do with what I’d said about MSM reporting about software and hardware faults killing people, occasionaly in the hundreds.

So staying within what I’d said I pointed out,

“How about a couple of Boeing aircraft?”

Which is perfectly factual and within what I’d originally stated in my footnote.

But no you decided to start misrepresenting and making your own incorrect claims.

But also claimed stuff that might have been reported in trade journals and possibly web blogs BUT was not mentioned in the MSM at the time.

So was not at all relevant to what I’d said and the MSM reporting and the point I was making.

But you went on to claim what I was saying could not be true, then went on to confirm it was true with, your
“where dumbasses relied on Autopilot” statment.

You clearly have some kind of alternative truther viewpoint and are trying to use false or fake statments to support your view. Clearly with your mention of drugs going well outside anything I’d said.

As I pointed out,

“So you obvioulsly want to have a rant about something else not related to what I said.”

Fine if you want to do so but do not falsely drag me into it.

@ Winter for some reason said you were correct but then contradicted you, which appears to be consistant with other odd behaviour he has been exhibiting recently.

But as I replied to him,

“Anyway, the point is @c1ue has misrepresented my point for reasons I can guess at, but you have “lept in with both feet” which means that you are trying to support a falsification…”

Which is factually correct.

I could go on but all you do is make claims that have been pointed out to you are not true or not relevant.

Just grow up and stop trying to make it look like I’ve made some mistake when I have not.

Oh and if you want to be taken seriously how about using your real name?

Winter August 15, 2023 3:22 AM

Re: MSM on Boeing MAX

For those wanting to see MSM reports about the Boeing MAX disaster:

‘https://www.bbc.com/news/topics/c2g0x3qg9q1t

Clive Robinson August 15, 2023 5:32 AM

@ Winter,

That produces 7 pages of articles in “out of time order” of which the first written pre march 2019 are at the far end which is the start of the time period being talked about. Also it’s from just one MSM outlet (which has been accused of political and other bias in recent times).

So one from another MSM outlet

https://www.theverge.com/2020/4/9/21197162/boeing-737-max-software-hardware-computer-fcc-crash

“The Max has been grounded since March 2019, after some badly written software caused two crashes that killed 346 people. And while Boeing has received plenty of scrutiny for its bad code, it’s the Max’s computing power — or lack thereof — that has kept it on the ground since then.”

And some from that overly long list

https://www.bbc.co.uk/news/business-48276232

“Both crashes were linked to the Boeing 737 Max’s Manoeuvring Characteristics Augmentation System – a new feature on the aircraft which was designed to improve the handling of the plane and to stop it pitching up at too high an angle.”

The MCAS was a piece of software that ran on those “underpowered computers” the Verge talked about.

Here they make it a little clearer

https://www.bbc.com/news/business-48276232

“Boeing completes 737 Max software upgrade

And again mentions the two crashes and the hundreds killed.

As does

https://www.bbc.com/news/business-48174797

“Boeing maintained that the software problem “did not adversely impact airplane safety or operation”.”

And another,

https://www.bbc.com/news/business-47722258

This time they call the part of the software they chose to leave out an “alert system” or “safety system”,

“Neither of the planes, operated by Lion Air in Indonesia and Ethiopian Airlines, that were involved in the fatal crashes carried the alert systems, which are designed to warn pilots when sensors produce contradictory readings.

Boeing said that airlines would no longer be charged extra for that safety system to be installed.”

I could carry on “proving the point” of the MSM linking the hundredsds of deaths to the software but the auto-mod will kill the post.

But to further make my point about the difference between MSM and “trade journals” an article from a trade journal,

https://spectrum.ieee.org/how-the-boeing-737-max-disaster-looks-to-a-software-developer

But note the big orange scary writing,

“I’m a software developer turned network engineer and have written airliner avionics software in the past. It was interesting how many hoops we had to jump through to get an add-on board for the computer certified, while software certifications were nil (other than “cannot run on Windows,” “must be written in C++”). This was, admittedly, nearly 10 years ago, and I hope that things have changed since.”

Winter August 15, 2023 6:38 AM

@Clive

MSM coverage

As with all disasters, there was a very long road to the grounding of the Max 8. But the crucial parts were using a single (fragile) sensor for kicking off the correction and hiding the use of the software from the pilots and, obviously, during the training. The software could be overleden by the pilots, but they were not even told it could do what it did.

All made possible by Boeing’s pulling the wool over the eyes of the FAA and deliberately lying to their customers and pilots over the plane.

In safety terms, having a single hardware point of failure and inadequate training of pilots were the crucial causes of the crashes.

c1ue August 15, 2023 10:39 AM

@Clive
Yet another example of your failure to provide data, but instead reliance on attack.

You stated there were hundreds of deaths and cited Boeing.
The only deaths I am aware of regarding Boeing had to do with the 737 MAX – and I furthermore clarified that the 737 MAX was not a software problem but rather a design problem. This view is one expressed by many pilots, airplane designers and more.
I have yet see a specific example of Boeing deaths that are not 737 MAX or that the 737 MAX deaths were caused by software as opposed to the specific failure mechanisms identified by the many people noted above.

You then proceed to try and get the Moderator to intercede on your behalf – failing yet again to note that this was another part of my original question to you. I provided the actual data on historical deaths from injury which clearly show zero trend changes from the 1980s to 2010s – which, it is clear, you missed the point that this is precisely the era of software encroachment into all areas of society.
And while there is some increase from 2016 onwards and a spike after 2020 – again I noted that fentanyl deaths (70K+ a year) plus COVID related societal upheavals are clearly factors in the respective periods.

I was actually looking forward to learning more about this area, sadly, whatever merits lie behind your beliefs are obscured by your inability to present facts and/or coherent points as opposed to feebly attempt ad hominem attacks.

I can’t even be amused due your lack of skill in that area.

You have always seemed like a bit of a blowhard in your constant patrolling of this blog’s comment section; this interchange has now updated my personal view of you for the worse.

Clive Robinson August 15, 2023 2:56 PM

@ c1ue, ALL

Re : You have been shown to be wrong.

You claim,

“You stated there were hundreds of deaths and cited Boeing.”

Err just how many deaths in the two aircraft?

As shown by both @Winter and myself the MSM said,

“… after some badly written software caused two crashes that killed 346 people.”

Now 346 is not just more than one hundred, and more then two hundred so it’s very definately hundreds.

Also in that MSM article they clearly say “badly written software” was the cause of the two crashes.

Which shows my footnote point of,

It’s hard to put actual numbers on it but at times it’s been hundreds a month in the MSM

Is correct and you have been proved wrong.

With regards,

“You then proceed to try and get the Moderator to intercede on your behalf”

No I pointed out that you had brought up without reason a subject area that @Moderator had previously deleted. Other regular posters have bumped into this before. So I was respondeng to your non relevent statment and attenpt to change the subject into it, by warning you about a potential outcome that had been seen in the past.

But,

1, You initiated it for no good reason.
2, So I should enquire as to why?
3, Was it in the hope you would attract noderation attention?
4, Thus get your already failed arguments deleted?
5, You appear to still be trying to attract the attention.

You then have repeatedly raised an irrelevant argument that I was not going to enter into as,

1, It had no relevance to what I’d said and you had made false claimes over.
2, Warned you against raising it as a subject as it would probably be deleted as it had in the past.

Claim,

“I was actually looking forward to learning more about this area, sadly, whatever merits lie behind your beliefs are obscured by your inability to present facts and/or coherent points as opposed to feebly attempt ad hominem attacks.”

I was obviously not going to go into an irrelrvant subject area that was based on past experience going to get deleted, and you knew that.

And I was certainly not going to do your research for you. And I certainly did not attack you but warn you it’s a subject area not to go into.

If you think that is an “ad hominem attack” you need to go and look the term up.

Which might account for this,

“I can’t even be amused due your lack of skill in that area.”

Which is an “ad hominem attack” and again an attempt to move the argument away from your proven false argument.

Oh and your final paragraph is just more of you doing the same “crying over spilt milk”.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.