SoylentNews

AnonTechie writes:

Source: General Robots

A very interesting article about programming Robots, written by BENJIE HOLSON:

I worked on this idea for months before I decided it was a mistake. The second time I heard someone mention it, I thought, "That's strange, these two groups had the same idea. Maybe I should tell them it didn't work for us." The third and fourth time I rolled my eyes and ignored it. The fifth time I heard about a group struggling with this mistake I decided it was worth a blog post all on its own. I call this idea "The Mythical Non-Roboticist".

The idea goes something like this: Programming robots is hard. And there are some people with really arcane skills and PhDs who are really expensive and seem to be required for some reason. Wouldn't it be nice if we could do robotics without them?1 What if everyone could do robotics? That would be great, right? We should make a software framework so that non-roboticists can program robots.

This idea is so close to a correct idea that it's hard to tell why it doesn't work out. On the surface, it's not wrong: all else being equal, it would be good if programming robots was more accessible. The problem is that we don't have a good recipe for making working robots. So we don't know how to make that recipe easier to follow. In order to make things simple, people end up removing things that folks might need, because no one knows for sure what's absolutely required. It's like saying you want to invent an invisibility cloak and want to be able to make it from materials you can buy from Home Depot. Sure, that would be nice, but if you invented an invisibility cloak that required some mercury and neodymium to manufacture would you toss the recipe?

In robotics, this mistake is based on a very true and very real observation: programming robots is super hard. Famously hard. It would be super-great if programming robots was easier. The issue is this: programming robots has two different kinds of hard parts.

Original Submission

Arthur T Knackerbracket has processed the following story:

Roughly a year ago, astronomers announced that they had observed an object that shouldn't exist. Like a pulsar, it emitted regularly timed bursts of radio emissions. But unlike a pulsar, those bursts were separated by over 20 minutes. If the 22-minute gap between bursts represents the rotation period of the object, then it is rotating too slowly to produce radio emissions by any known mechanism.

Now, some of the same team (along with new collaborators) are back with the discovery of something that, if anything, is acting even more oddly. The new source of radio bursts, ASKAP J193505.1+214841.0, takes nearly an hour between bursts. And it appears to have three different settings, sometimes producing weaker bursts and sometimes skipping them entirely. While the researchers suspect that, like pulsars, this is also powered by a neutron star, it's not even clear that it's the same class of object as their earlier discovery.

[...] We don't have a clear idea of how long the time between pulses can get before a pulsar will shut down. But we do know that it's going to be far less than 22 minutes.

Which is why the 2023 discovery was so strange. The object, GPM J1839–10, not only took a long time between pulses, but archival images showed that it had been pulsing on and off since at least 35 years ago.

To figure out what is going on, we really have two options. One is more and better observations of the source we know about. The second is to find other examples of similar behavior. There's a chance we now have a second object like this, although there are enough differences that it's not entirely clear.

The object, ASKAPJ193505.1+214841.0, was discovered by accident when the Australian Square Kilometre Array Pathfinder telescope was used to observe the area due to detections of a gamma-ray burst. It picked up a bright radio burst in the same field of view, but it was unrelated to the gamma-ray burst. Further radio bursts showed up in later observations, as did a few far weaker bursts. A search of the telescope's archives also spotted a weaker burst from the same location.

Checking the timing of the radio bursts, the team found that they could be explained by an object that emitted bursts every 54 minutes, with bursts lasting from 10 seconds to just under a minute. Checking additional observations, however, showed that there were often instances where a 54-minute period would not end with a radio burst, suggesting the source sometimes skipped radio emissions entirely.

upstart writes:

OpenSSH introduces options to penalize undesirable behavior:

In a recent commit, Damien Miller (djm@) introduced the new sshd(8) configurations options, PerSourcePenalties and PerSourcePenaltyExemptList, to provide a built in facility in sshd(8) itself to penalize undesirable behavior, and to shield specific clients from penalty, respectively.

The commit message reads,

List: openbsd-cvs Subject: CVS: cvs.openbsd.org: src From: Damien Miller <djm () cvs ! openbsd ! org Date: 2024-06-06 17:15:26 CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2024/06/06 11:15:26 Modified files: usr.bin/ssh : misc.c misc.h monitor.c monitor_wrap.c servconf.c servconf.h srclimit.c srclimit.h sshd-session.c sshd.c sshd_config.5 Log message: Add a facility to sshd(8) to penalise particular problematic client behaviours, controlled by two new sshd_config(5) options: PerSourcePenalties and PerSourcePenaltyExemptList.

When PerSourcePenalties are enabled, sshd(8) will monitor the exit status of its child pre-auth session processes. Through the exit status, it can observe situations where the session did not authenticate as expected. These conditions include when the client repeatedly attempted authentication unsucessfully (possibly indicating an attack against one or more accounts, e.g. password guessing), or when client behaviour caused sshd to crash (possibly indicating attempts to exploit sshd). When such a condition is observed, sshd will record a penalty of some duration (e.g. 30 seconds) against the client's address. If this time is above a minimum threshold specified by the PerSourcePenalties, then connections from the client address will be refused (along with any others in the same PerSourceNetBlockSizeCIDR range). Repeated offenses by the same client address will accrue greater penalties, up to a configurable maximum. A PerSourcePenaltyExemptList option allows certain address ranges to be exempt from all penalties. We hope these options will make it significantly more difficult for attackers to find accounts with weak/guessable passwords or exploit bugs in sshd(8) itself. PerSourcePenalties is off by default, but we expect to enable it automatically in the near future.

This new facility comes in addition to the already well known and loved pf.confstate tracking options, and is for now available only in OpenBSD-current, but is almost certainly to be available in the upcoming OpenBSD 7.6 release.

Windows Recall Demands an Extraordinary Level of Trust That Microsoft Hasn't Earned

upstart writes:

Op-ed: The risks to Recall are way too high for security to be secondary:

Microsoft's Windows 11 Copilot+ PCs come with quite a few new AI and machine learning-driven features, but the tentpole is Recall. Described by Microsoft as a comprehensive record of everything you do on your PC, the feature is pitched as a way to help users remember where they've been and to provide Windows extra contextual information that can help it better understand requests from and meet the needs of individual users.

This, as many users in infosec communities on social media immediately pointed out, sounds like a potential security nightmare. That's doubly true because Microsoft says that by default, Recall's screenshots take no pains to redact sensitive information, from usernames and passwords to health care information to NSFW site visits. By default, on a PC with 256GB of storage, Recall can store a couple dozen gigabytes of data across three months of PC usage, a huge amount of personal data.

The line between "potential security nightmare" and "actual security nightmare" is at least partly about the implementation, and Microsoft has been saying things that are at least superficially reassuring. Copilot+ PCs are required to have a fast neural processing unit (NPU) so that processing can be performed locally rather than sending data to the cloud; local snapshots are protected at rest by Windows' disk encryption technologies, which are generally on by default if you've signed into a Microsoft account; neither Microsoft nor other users on the PC are supposed to be able to access any particular user's Recall snapshots; and users can choose to exclude apps or (in most browsers) individual websites to exclude from Recall's snapshots.

This all sounds good in theory, but some users are beginning to use Recall now that the Windows 11 24H2 update is available in preview form, and the actual implementation has serious problems.

[...] The short version is this: In its current form, Recall takes screenshots and uses OCR to grab the information on your screen; it then writes the contents of windows plus records of different user interactions in a locally stored SQLite database to track your activity. Data is stored on a per-app basis, presumably to make it easier for Microsoft's app-exclusion feature to work. Beaumont says "several days" of data amounted to a database around 90KB in size. In our usage, screenshots taken by Recall on a PC with a 2560×1440 screen come in at 500KB or 600KB apiece (Recall saves screenshots at your PC's native resolution, minus the taskbar area).

See also:

• A PR disaster: Microsoft has lost trust with its users, and Windows Recall is the straw that broke the camel's back

Motor Trend is running a story that summarizes a number of different sources that look at vehicle privacy, https://www.motortrend.com/news/connected-cars-data-privacy-issues-sex-speeding/ It isn't favorable to the car companies, which (historically) is a change of direction for Motor Trend--long ago accused of making back room deals over their long-running "Car of the Year" award and other industry-favorable coverage.

As well as stories covered here earlier from Mozilla and NY Times, they also link to this possibly interesting page,

Amico created Privacy4cars.com as a potential solution. "We built a tool called the Vehicle Privacy Report," https://vehicleprivacyreport.com/ he said. "It's free for consumers. You can punch in a VIN, and we'll tell you what data your car collects and where it's going." Privacy4Cars also created a smartphone app that allows consumers to delete data in a car, and its Assert Your Data Rights services allows Privacy4Cars to act as authorized agent to submit requests for access to personal information collected by a car, to delete the information, and request that personal information not be sold as defined by respective state laws.

I tried it on a 10 year old car and it pretty much matched what I expected -- no Wi-Fi, no linking to phones, but possible data collected if satellite radio was used (it's not).

Then there is this, provided for curiosity only, since sex and SN users are not typically intersecting sets (grin):

Of all the data that car companies can potentially capture, one of the most eye-opening from the Mozilla report was people having sex in vehicles. "One of the things that everybody latched onto was Nissan and Kia saying they could collect information on your sex life or your sexual activity," Caltrider said. "That really freaked people out." While the researchers couldn't determine exactly how the automakers would gather data on sexual activity in cars, the educated guess is it wouldn't be that hard for cameras and sensors to gather the information necessary.

After the Mozilla Foundation report was released, Kia Connect Services (a suite of services Kia extends to its vehicle owners) and Nissan USA removed wording about collecting information on sexual activity from their online privacy policies, Caltrider said. She sent us a PDF of the original wording on the Nissan site, and under Types of Personal Data collected, it read: "Sensitive personal information, including ... sexual orientation, sexual activity, precise geolocation, health diagnosis data, and genetic information." On Kia's broader corporate privacy page under Sensitive Personal Information as of press time, it still read, "This category may include ... sex life or sexual orientation information."

Original Submission

quietus writes:

Historically, high-speed rail travel by Train a Grande Vitesse (TGV) in France was the monopoly of the French national rail service, SNCF.

Under EU rules, all national operators have to make their rail system available to other willing operators. So in 2021, Trentalia, a unit of Italy's state rail operator, decided to offer high-speed train rides in France too.

Now a third company has decided to enter the fray. The difference is that this is a private company named Proxima, backed by a (French) private equity firm (Antin Infrastructure Partners) to the initial tune of $1.1bn.

Proxima will offer high-speed rail trips between Paris and four cities in western France - Bordeaux, Nantes, Rennes, and Angers, using 12 Avelia Horizon Trains. This will add 10 million new passenger seats on these lines, per year. According to the company,

"Travel between key cities in France has increased over the last 10 years, reflecting new ways of living. High-speed rail is the answer favored by the French, and train occupancy levels are at all-time highs.

As France's first independent high speed train operator, Proxima aims to reinvent the experience for its different customers groups by listening to their needs, and reflecting the changes in consumer behaviour and changing ways of life. These include trends to teleworking and the erosion of the business/leisure boundary, as well as the demand for better on-board connectivity and relevant services on-board."

It might be noteworthy that earlier this year, the EU decided to speed-up the implementation of the TEN-T network. The TEN-T is an EU-wide network of rail, inland waterways, short-sea shipping routes, and roads. It connects 424 major cities with ports, airports and railway terminals. When the TEN-T is complete, it will cut travel times between these cities. For example, passengers will be able to travel between Copenhagen and Hamburg in 2.5 hours by train, instead of the 4.5 hours required today. You can find an interactive map detailing the project(s) here.

While in 2021, the deadline for completion of the network's core was set at 2040, a recent update stated that the core transport links must be finished by 2030. It is speculation, but it could be -- given that Proxima's service will start in 2027 -- that the current initiative is in anticipation of that completion.

Related: Highspeed to the Future

Original Submission

fab23 writes:

Thomas A. Limoncelli writes in Make Two Trips:

During an interview on The Late Show with Stephen Colbert, comedian Larry David explained that his New Year's Resolution was "make two trips" (episode 857, January 8, 2020).

For example, when carrying groceries into the house, it is tempting to carry everything at once, but then you drop the cantaloupe, and now you have to clean up that mess. While it seemed like one trip would have been faster, if you include the time it takes to clean up the mess, it would have been faster to simply make two trips.

[...] This "make two trips" strategy isn't an earth-shattering breakthrough. It won't cure cancer, end world hunger, or fix the climate crisis. However, I have adopted this philosophy, and it has had many benefits.

The immediate benefit is that I am now more likely to have a free hand to open my house door. Pulling keys out of my pocket no longer involves smashing a grocery bag between my chest and the house.

The larger benefit has come from adopting this philosophy in both coding and operations.

The other day, I was adding a feature to some old code. The code reported results of an earlier calculation with various formatting options that could be enabled or disabled.

The code was quite complex because certain options affected the format in ways that had downstream implications for other options. The code was able to satisfy all the various options and controls in one pass over the data, printing a report along the way.

[...] I struggled in earnest to add my new feature to this ever-growing complicated loop.

Then I remembered Larry's advice: Make two trips.

The code would be significantly simpler if it made two passes over the data. One pass would collect data, count things that needed to be counted, sum subtotals, and so on. The second pass would take all this information and output the report, and would be much easier because it had all the information it needed from the start. No Schrödinger's cat.

[...] It was a classic complexity vs. memory engineering decision: Suffer from complexity or suffer from potential memory exhaustion.

... continue reading the whole article at ACM Queue.

Original Submission

Arthur T Knackerbracket has processed the following story:

Astronauts driving a vehicle around the landscape of the moon must not only face dangers related to [low] gravity and falling into craters, but also the problem of extreme fluctuations in temperature. The lunar environment oscillates between blistering highs of 127°C (260°F) and frigid lows of -173°C (-280°F).

Future missions to explore the moon will need reliable machines that can function under these harsh conditions. This led a team from Nagoya University in Japan to invent a heat-switch device that promises to extend the operational lifespan of lunar-roving vehicles. Their study, conducted in collaboration with the Japan Aerospace Exploration Agency, was published in the journal Applied Thermal Engineering.

"Heat-switch technology that can switch between daytime heat dissipation and nighttime insulation is essential for long-term lunar exploration," said lead researcher Masahito Nishikawara. "During the day, the lunar rover is active, and the electronic equipment generates heat. Since there is no air in space, the heat generated by the electronics must be actively cooled and dissipated. On the other hand, during extremely cold nights, electronics must be insulated from the outside environment so that they don't get too cold."

[...] The thermal control device developed by the team combines a loop heat pipe (LHP) with an electrohydrodynamic (EHD) pump. During the day, the EHD pump is inactive, allowing the LHP to operate as usual. In lunar rovers, the LHP uses a refrigerant that cycles between vapor and liquid states.

When the device heats up, the liquid refrigerant in the evaporator vaporizes, releasing heat through the rover's radiator. The vapor then condenses back into liquid, which returns to the evaporator to absorb heat again. This cycle is driven by capillary forces in the evaporator, making it energy efficient.

At night, the EHD pump applies pressure opposite to the LHP flow, stopping the movement of the refrigerant. Electronics are completely insulated from the cold night environment with minimal electricity use.

quietus writes:

Are you looking for something more titillating to read than the usual low-brow stuff you find here at soylentnews?

You might just be in luck, as MIT Press has released an impact report about its Direct-To-Open (D2O) program, under which faculty members do not publish with pay-for-play journals and publishers anymore, but release [some of] their good stuff directly to the public.

Next to lots of happy geeks directly downloading juicy titles like Model Systems in Biology, Tor: From the Dark Web to the Future of Privacy and No Heavenly Bodies: A History of Satellite Communications Infrastructure, MIT claims that "D2O has exceeded expectations in its first three years, and we're thrilled to share the impact."

To date, D2O has funded 240 books: 159 in the humanities and social sciences (HSS) and 81 in science, technology, engineering, art/design, and mathematics (STEAM). The data show that, on average, open-access HSS books in the program are used 3.75 times more and receive 21 percent more citations than their paywalled counterparts. Open-access books in STEAM fields are used 2.67 times more and receive 15 percent more citations than their non-open counterparts, on average. Regardless of their field, D2O books are making meaningful contributions to debates both within and beyond the academy.

Books in the program have on average a little over 3,000 downloads, compared to the few hundred they'd normally get if hidden behind a paywall.

The whole program isn't completely free though: it is funded by libraries which agree to pay recurring participation fees. In exchange, these libraries also get access to the previously published MIT Press products, which remain gated.

Original Submission

quietus writes:

Programming style is not a matter of efficiency in a program. It is a matter of how easy it is to write or read a program, how easy it is to explain the program to someone else, how easy it is to figure out what the program does a year after you've written it; and above all, style is a matter of taste, of aesthetics, of what you think looks nice, of what you think is elegant.

Although style is mainly a matter of taste, a programmer with a "good" style will find his programs easy to write, easy to read, and easy to explain to others. ...

In particular, you may have acquired special programming tricks that you are very fond of, and that aren't used by other programmers, but that don't make your programs much more efficient. I urge you to stop using those tricks. As Samuel Johnson once said, "Read over your compositions, and when you meet with a passage which you think is particularly fine, strike it out."

In other words, make your style simple, not complicated, even though the complicated style may seem to have some abstract virtues. ...

(F. Black, "Styles of Programming in LISP," in The Programming Language LISP: Its Operations and Applications, ed. E. Berkeley and D. Bobrow (1964), p96 (p106 of the PDF))

When teaching an algorithms course, Craig Partridge, of Colorado State University, discovered that his students had little to no idea of how to divide their code into functions. So he wrote a short guidance paper (pdf).

What other advice, oh battle-hardened developer, would you give starting-out programmers/developers about how to approach a project/codebase?

Original Submission

anubi writes:

I just found this while browsing Russian Television :

It has pictures. Much like art has been through the millennia, done with today's digital media.

https://www.rt.com/pop-culture/596257-ai-models-beauty-pageant/

So contestants from all over the world can gather and compete for the title of "Miss AI".

Excerpt from RT:
------------------
The event, called 'Miss AI', is being organized by the World AI Creator Awards (WAICA) in collaboration with Fanvue – an OnlyFans-like subscription-based platform that already hosts a number of virtual models, including those who offer adult content.

The digital contestants hoping to secure the Miss AI crown will be judged on their beauty, underlying tech, as well as their social media pull, according to WAICA's official website. The AI creator's "social media clout" will also be assessed based on their engagement numbers with fans, rate of audience growth, and ability to utilize social media platforms such as Instagram.
---------------------

I don't quite know what to make of this. There are so many viewpoints and I hope to see what others feel about it. One thing, it's an inevitable outcome of combining our technology and artistic expression, even done on ancient cave walls. Soon our digital presence can be tailored to anything we want it to be. Work from home. Zoom calls ( with your AI proxy, of course, which would handle as many simultaneous interactions as your server technology can handle ).

Original Submission

upstart writes:

With PoC code available and active Internet scans, speed is of the essence:

A critical vulnerability in the PHP programming language can be trivially exploited to execute malicious code on Windows devices, security researchers warned as they urged those affected to take action before the weekend starts.

Within 24 hours of the vulnerability and accompanying patch being published, researchers from the nonprofit security organization Shadowserver reported Internet scans designed to identify servers that are susceptible to attacks. That—combined with (1) the ease of exploitation, (2) the availability of proof-of-concept attack code, (3) the severity of remotely executing code on vulnerable machines, and (4) the widely used XAMPP platform being vulnerable by default—has prompted security practitioners to urge admins check to see if their PHP servers are affected before starting the weekend.

"A nasty bug with a very simple exploit—perfect for a Friday afternoon," researchers with security firm WatchTowr wrote.

CVE-2024-4577, as the vulnerability is tracked, stems from errors in the way PHP converts unicode characters into ASCII. A feature built into Windows known as Best Fit allows attackers to use a technique known as argument injection to pass user-supplied input into commands executed by an application, in this case, PHP. Exploits allow attackers to bypass CVE-2012-1823, a critical code execution vulnerability patched in PHP in 2012.

"While implementing PHP, the team did not notice the Best-Fit feature of encoding conversion within the Windows operating system," researchers with Devcore, the security firm that discovered CVE-2024-4577, wrote. "This oversight allows unauthenticated attackers to bypass the previous protection of CVE-2012-1823 by specific character sequences. Arbitrary code can be executed on remote PHP servers through the argument injection attack."

CVE-2024-4577 affects PHP only when it runs in a mode known as CGI, in which a web server parses HTTP requests and passes them to a PHP script for processing. Even when PHP isn't set to CGI mode, however, the vulnerability may still be exploitable when PHP executables such as php.exe and php-cgi.exe are in directories that are accessible by the web server. This configuration is set by default in XAMPP for Windows, making the platform vulnerable unless it has been modified.

looorg writes:

Interested in a career selling virtual meatballs at IKEA? I guess it's some kind of gimmick between IKEA and Roblox but it seems somewhat weird, selling virtual products in a virtual world to people. Is this the future of employment?

https://thecoworker.co.uk/

Original Submission

Arthur T Knackerbracket has processed the following story:

Also reported at: FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out

These decryption keys were uncovered by the FBI after a massive joint operation disrupted LockBit earlier this year, though the gang appears to still be operational.

The US FBI has revealed that it has more than 7,000 decryption keys to help victims of the notorious LockBit ransomware gang.

These decryption keys were recovered by the FBI as a result of a disruptive operation international law enforcement conducted against LockBit earlier this year. This gang provides ransomware-as-a-service to a global network of ‘affiliates’, giving criminals tools to carry out their own cyberattacks.

In February, the joint operation managed to take down LockBit’s data leak website and managed to uncover a large amount of data about the gang and its activities. Authorities also seized the decryption keys that the FBI is now offering to victims.

In a recent statement, the FBI’s cyber assistant director Bryan Vorndran claimed LockBit was the most deployed ransomware variant in the world by 2022 and that the gang has caused “billions of dollars in damages to victims”.

“We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center,” Vorndran said.

[...] Raj Samani, SVP and chief scientist at Rapid7, said the release of these decryption keys is “another kick in the teeth” for the LockBit gang and “a great win for law enforcement”.

“The likes of LockBit survive and thrive on victims paying ransom demands, therefore, it’s great to see the US government be proactive and prevent this by releasing the decryption keys for free,” Samani said.

“Ever since law enforcement took down LockBit’s infrastructure in February 2024, they’ve engaged in PR and damage control in order to show strength and maintain the confidence of affiliates. However, such announcements by the FBI damages this confidence, and hopefully we’ll soon see the end of the LockBit ransomware group.”

Not everyone is so optimistic however. Ricardo Villadiego, the founder and CEO of cybersecurity firm Lumu, told SiliconRepublic.com recently that gangs such as LockBit are prepared for these potential risks – evident by the fact that the gang was offering its services again in “less than four days”.

Original Submission

Editors note: This article has been been *greatly* shortened; it is well worth reading the whole article. --Bytram

----------

upstart writes:

This AI-powered "black box" could make surgery safer:

While most algorithms operate near perfectly on their own, Peter Grantcharov explains that the OR black box is still not fully autonomous. For example, it's difficult to capture audio through ceiling mikes and thus get a reliable transcript to document whether every element of the surgical safety checklist was completed; he estimates that this algorithm has a 15% error rate. So before the output from each procedure is finalized, one of the Toronto analysts manually verifies adherence to the questionnaire. "It will require a human in the loop," Peter Grantcharov says, but he gauges that the AI model has made the process of confirming checklist compliance 80% to 90% more efficient. He also emphasizes that the models are constantly being improved.

In all, the OR black box can cost about $100,000 to install, and analytics expenses run $25,000 annually, according to Janet Donovan, an OR nurse who shared with MIT Technology Review an estimate given to staff at Brigham and Women's Faulkner Hospital in Massachusetts. (Peter Grantcharov declined to comment on these numbers, writing in an email: "We don't share specific pricing; however, we can say that it's based on the product mix and the total number of rooms, with inherent volume-based discounting built into our pricing models.")

[...] At some level, the identity protections are only half measures. Before 30-day-old recordings are automatically deleted, Grantcharov acknowledges, hospital administrators can still see the OR number, the time of operation, and the patient's medical record number, so even if OR personnel are technically de-identified, they aren't truly anonymous. The result is a sense that "Big Brother is watching," says Christopher Mantyh, vice chair of clinical operations at Duke University Hospital, which has black boxes in seven ORs. He will draw on aggregate data to talk generally about quality improvement at departmental meetings, but when specific issues arise, like breaks in sterility or a cluster of infections, he will look to the recordings and "go to the surgeons directly."

In many ways, that's what worries Donovan, the Faulkner Hospital nurse. She's not convinced the hospital will protect staff members' identities and is worried that these recordings will be used against them—whether through internal disciplinary actions or in a patient's malpractice suit. In February 2023, she and almost 60 others sent a letter to the hospital's chief of surgery objecting to the black box. She's since filed a grievance with the state, with arbitration proceedings scheduled for October.

If you were having an operation, how much of the operation would you want an AI to do?

Original Submission