I enjoy the art of programming and the study of algorithms. However, from what I'm told, more advanced study requires a strong knowledge of mathematics. Mathematics, much like the hard sciences, are not my interest.
I'm having trouble understanding this comment. First you say that you enjoy studying algorithms... and then you go on to say that you aren't interested in mathematics.
Since these two statements don't really fit together, I see two possibilities: 1. Your idea of what the "study of algorithms" is doesn't match mine. Are you interested in finding new algorithms, analyzing how long it takes them to run, and proving that they work? That's all computer science, and thus a part of mathematics. 2. Your idea of what "mathematics" is doesn't match mine. What exactly do you find uninteresting? If the only things you dislike are vector calculus and complex analysis -- hey, join the club. Fortunately, very little computer science needs those.
"Irhabi" means terrorist in Arabic. That should be more than enough to put him behind bars.
Lots of people adopt stupid names online. I remember seeing someone using the name "AxEMuRDeReR" in a FPS game (possibly with slightly different capitalization -- I wasn't paying that much attention).
Judge: So what did this guy do? Prosecutor: He's a self-proclaimed axe murderer. Judge: Can't argue with that.
FreeBSD also has details in their security notification. Those guys are fast - if you want to have up to date info on security vulns., FreeBSD has them (usually with patches) way before the news hits slashdot
We do our best.:-)
Seriously though, CERT told us that the embargo was going to end at 16:00 UTC, so I had a shell window open with a series of "cvs commit" commands waiting for me to hit <enter>, a window with the commit messages I was going to use, a window with the advisory text waiting for me to type in the correction times, a shell window open to ftp-master.freebsd.org waiting for me to copy the patches into the right directory...
When you have two weeks advance notice, it's easy to get advisories out soon after the embargo ends -- the hardest part of the process was making sure that I'd be awake at 8:00 AM (PST).
Other sub-exponential algorithms include Pomerance's Quadratic Sieve, Lanstra's Elliptic Curve Method, and the Brillhart-Morrison Continued Fraction Algorithm.
3. More conventional computer power than the rest of the world combined. (Extremely unlikely.)
I'll agree that the NSA certainly doesn't have more general purpose computing power than the rest of the world combined, but I suspect that they may have more special purpose computing power. The NSA uses a lot of custom hardware and has access to significant microprocessor fabrication capacity, and when you're looking at integer factorization, it's not unreasonable to expect a hundred-fold increase in performance when going from general purpose hardware to custom circuitry.
I would personally be very surprised if the NSA were unable to factor several 1024-bit composites per day.
Search engines may be effecting the quantity of the web, but they are certainly affecting the quality of the web. The WWW would be nowhere near as large as it is without search engines; but the content which existed would probably be of a higher quality.
If I had to interview people for a developper position, here's what I would do : I would ask them to write a "sort" function, preferably in whatever language they would be assigned to work in.
If that's all the instructions you give them, I wouldn't hire anyone who even wrote a single line of code. If you were interviewing me, I'd want at very least the following questions answered before I'd touch a keyboard:
How many elements would typically need to be sorted? Three, three thousand, or three million?
Can I expect the inputs to be randomly distributed?
How fast does the code need to be?
... On average, or in the worst case?
If you're only going to sort three elements, a bubblesort is all you need. If you need good performance when handling worst-case inputs, you should only use quicksort if you're picking pivots randomly. If you need to sort three million elements and performance is critical, you'd better pay attention to cache effects.
Writing working code which solves a problem is easy. Writing working code which solves the right problem is much harder, and starts with obtaining a good definition of what the problem is.
For example, here's a complete and useful program in Basic: 10 input a, b, c 20 print (-b + sqr(b*b - 4*a*c)) / (2*a) 30 print (-b - sqr(b*b - 4*a*c)) / (2*a) 40 goto 10 This is readily understandable by anyone who knows a little maths, and more to the point, is gets the job done.
And that, of course, is exactly the problem. While that program is readily understandable by anyone who knows a little mathematics, it in fact doesn't work -- it is horribly numerically unstable. Unfortunately, computer languages haven't evolved to the point of having a "do what I mean, not what I say" option; until that point, programming (and especially numerical analysis) is best left to those people who are able to say what they mean.
We will soon enough run into the same problems with nuclear power that we're running into with coal power. Such plants still consume very finite, non-renewable resources
We have a finite supply of nuclear fuel, sure. On the other hand, if we reprocess nuclear waste and take advantage of existing Thorium reserves, our finite supply will last over a hundred thousand years.
Considering that ice ages tend to disrupt hydro power generation and occur rather more frequently than once every hundred thousand years, I'd say that nuclear power is less finite than hydro power.
[my laptop's touchpad decided that I was clicking "submit" halfway through a sentence.]... squirrel (something about staples puncturing vital organs), and the dead squirrels didn't do much to help my code be free.
Have you experimented with other animals? Elephants might work well -- they have lots of surface area for attaching code, and staples probably wouldn't hurt them much either.
I usually print it out and staple it to a squirrel.
I ran into problems with that approach. If I stapled my code to a squirrel's tail, the squirrel would turn around and chew on it, rendering the code illegible; but if I stapled my code to the squirrel's body, I'd often end up killing the
Will concerns about privacy and reliability kill these or is this the wave of the future?
If you think reliability is likely to kill this, I have two questions for you: 1. When was the last time Google stopped working? 2. When was the last time Windows stopped working?
The simple fact is that a single centrally administered server farm is vastly easier to administrate -- and will be vastly more reliable -- than a hundred million home PCs, most of which are managed by people who are vastly less competent than the average server farm administrator. Of course, if Windows broke and your home PC isn't working, you won't be able to use it to connect to sites online; but this isn't much of a problem. People care far more about their data than their hardware; if all else fails, they can borrow a friend's terminal.
Privacy and security, on the other hand, are much more serious issues; but (sadly) I don't think they have much chance of stopping something like this. Computer security is something which most people simply don't understand.
On March 2nd, 2005, I sent an email to the Microsoft Security Response Center (secure@microsoft.com) with a draft of my paper "Cache Missing for Fun and Profit", in which I described an information leakage attack against systems with shared caches in general, and systems with Hyper-Threading in specific. Among other things, I showed how this could be used to steal an RSA private key.
Over the following two months, I was told by three independent third parties that Microsoft was "very concerned" about this issue and had "several people" looking at it; but while one of your managers, Stephen Toulouse, claimed in an eWeek article that you commit to providing [researchers] with a progress report on the Microsoft investigation every time they ask for one, my repeated emails inquiring as to whether you had made any progress or intended to fix the problem at all went unanswered.
Since you've agreed to answer questions from slashdot, I'm going to try again: What action, if any, do you intend to take to protect systems against side channel attacks exploiting the shared caches on Intel Hyper-Threading processors?
The lack of splits is why the price of any individual share is so high; but it doesn't excuse the inflated total capitalization. According to the market, Google is worth 132.5 billion dollars; but is it really worth more than IBM or Coca-Cola, and almost three times as much as Disney?
As long as "CS251: Introduction to Funny Walks" remains an elective, I'm fine with it.
I'm not, and you shouldn't be either. If half of the people graduating with the same degree as you reached that point by taking basket-weaving courses, potential employers are going to decide that your degree is worthless -- even if you happen to be someone who didn't take any basket-weaving courses.
It is in the interests of students (both present and past) to ensure that their institution maintains or increases its academic standards, since their degrees will otherwise be devalued. (See also: medieval guilds.)
What's wrong with displaying rules ostentatiously?
Clients are becoming too smart
on
The Future of HTML
·
· Score: 5, Insightful
Yes, there is such a thing as being too smart -- at least if you're a piece of software. These days, if you're a web browser, it isn't good enough to know how to perform HTTP requests and parse HTML; you have to understand images in many different formats, interpret Javascript, keep track of cookies, parse XML, and maybe even execute Java or Flash applets.
So what's the problem? People like having all of these features, right?
The problem is that there is a hidden cost to having all of these features: Security, or rather a lack thereof. Remember that every line of code is a potential security flaw; and then think about the fact that FireFox is about 15x larger than lynx. Unsurprisingly, there aren't many security flaws in lynx.
I'm not suggesting that we should never add new features. Adding support for embedded images, for example, was a pretty significant step forward for the web. However, every time somebody steps forward and says "look at this new feature which I've added to the web browser and all the cool things I can do with it", our first questions should be "how much code does it take?" and "how easily can it be done securely?" -- and if the answers are "lots" and "umm, I haven't thought about that", then it's probably not a worthwhile feature, regardless of the amazing tricks it can be used to perform.
wouldn't it be more useful to provide certain other things to third world countries, such as medical care ?
These laptops might pay for themselves by reducing the costs of medical care. When people have more information, they are likely to notice and seek treatment for a serious condition sooner than otherwise; to take your example of tuberculosis, providing a laptop and internet connection to a remote village could easily make the difference between the entire village being infected and only one person suffering (and being quarantined until medical help can arrive).
The discussion so far seems to have centered around comments which are not good, but rather mediocre -- comments which are likely to give a hint as to what the code does, but not to provide a convincing explanation as to why the code works.
In my opinion, a good comment is one which starts with \begin{theorem}, ends with \end{proof}, and provides a formal statement of what the code in question is supposed to accomplish, along with a proof that it works.
Slashdot Mirror
I enjoy the art of programming and the study of algorithms. However, from what I'm told, more advanced study requires a strong knowledge of mathematics. Mathematics, much like the hard sciences, are not my interest.
I'm having trouble understanding this comment. First you say that you enjoy studying algorithms... and then you go on to say that you aren't interested in mathematics.
Since these two statements don't really fit together, I see two possibilities:
1. Your idea of what the "study of algorithms" is doesn't match mine. Are you interested in finding new algorithms, analyzing how long it takes them to run, and proving that they work? That's all computer science, and thus a part of mathematics.
2. Your idea of what "mathematics" is doesn't match mine. What exactly do you find uninteresting? If the only things you dislike are vector calculus and complex analysis -- hey, join the club. Fortunately, very little computer science needs those.
"Irhabi" means terrorist in Arabic. That should be more than enough to put him behind bars.
Lots of people adopt stupid names online. I remember seeing someone using the name "AxEMuRDeReR" in a FPS game (possibly with slightly different capitalization -- I wasn't paying that much attention).
Judge: So what did this guy do?
Prosecutor: He's a self-proclaimed axe murderer.
Judge: Can't argue with that.
FreeBSD also has details in their security notification. Those guys are fast - if you want to have up to date info on security vulns., FreeBSD has them (usually with patches) way before the news hits slashdot
:-)
We do our best.
Seriously though, CERT told us that the embargo was going to end at 16:00 UTC, so I had a shell window open with a series of "cvs commit" commands waiting for me to hit <enter>, a window with the commit messages I was going to use, a window with the advisory text waiting for me to type in the correction times, a shell window open to ftp-master.freebsd.org waiting for me to copy the patches into the right directory...
When you have two weeks advance notice, it's easy to get advisories out soon after the embargo ends -- the hardest part of the process was making sure that I'd be awake at 8:00 AM (PST).
Perhaps you could post your algorithm here.
_ sieve
It isn't my algorithm, it's Pollard's algorithm:
http://en.wikipedia.org/wiki/General_number_field
Other sub-exponential algorithms include Pomerance's Quadratic Sieve, Lanstra's Elliptic Curve Method, and the Brillhart-Morrison Continued Fraction Algorithm.
Adding a single bit to the key length doubles the search space.
Integer factorization does not rely upon brute force exhaustive searches.
3. More conventional computer power than the rest of the world combined. (Extremely unlikely.)
I'll agree that the NSA certainly doesn't have more general purpose computing power than the rest of the world combined, but I suspect that they may have more special purpose computing power. The NSA uses a lot of custom hardware and has access to significant microprocessor fabrication capacity, and when you're looking at integer factorization, it's not unreasonable to expect a hundred-fold increase in performance when going from general purpose hardware to custom circuitry.
I would personally be very surprised if the NSA were unable to factor several 1024-bit composites per day.
Making a copy of a djb subroutine for pedantic purposes ("see how he does this") would be fair use.
I hate to be pedantic about this, but I think you mean pedagogical purposes.
international air flight regulators changed rules that banned passengers from carrying flammable methanol onto aircraft
Yes, but what about the rules which ban passengers from carrying inflammable methanol onto aircraft?
Search engines may be effecting the quantity of the web, but they are certainly affecting the quality of the web. The WWW would be nowhere near as large as it is without search engines; but the content which existed would probably be of a higher quality.
If that's all the instructions you give them, I wouldn't hire anyone who even wrote a single line of code. If you were interviewing me, I'd want at very least the following questions answered before I'd touch a keyboard:
If you're only going to sort three elements, a bubblesort is all you need. If you need good performance when handling worst-case inputs, you should only use quicksort if you're picking pivots randomly. If you need to sort three million elements and performance is critical, you'd better pay attention to cache effects.
Writing working code which solves a problem is easy. Writing working code which solves the right problem is much harder, and starts with obtaining a good definition of what the problem is.
And that, of course, is exactly the problem. While that program is readily understandable by anyone who knows a little mathematics, it in fact doesn't work -- it is horribly numerically unstable. Unfortunately, computer languages haven't evolved to the point of having a "do what I mean, not what I say" option; until that point, programming (and especially numerical analysis) is best left to those people who are able to say what they mean.
We will soon enough run into the same problems with nuclear power that we're running into with coal power. Such plants still consume very finite, non-renewable resources
We have a finite supply of nuclear fuel, sure. On the other hand, if we reprocess nuclear waste and take advantage of existing Thorium reserves, our finite supply will last over a hundred thousand years.
Considering that ice ages tend to disrupt hydro power generation and occur rather more frequently than once every hundred thousand years, I'd say that nuclear power is less finite than hydro power.
[my laptop's touchpad decided that I was clicking "submit" halfway through a sentence.] ... squirrel (something about staples puncturing vital organs), and the dead squirrels didn't do much to help my code be free.
Have you experimented with other animals? Elephants might work well -- they have lots of surface area for attaching code, and staples probably wouldn't hurt them much either.
I usually print it out and staple it to a squirrel.
I ran into problems with that approach. If I stapled my code to a squirrel's tail, the squirrel would turn around and chew on it, rendering the code illegible; but if I stapled my code to the squirrel's body, I'd often end up killing the
Will concerns about privacy and reliability kill these or is this the wave of the future?
If you think reliability is likely to kill this, I have two questions for you:
1. When was the last time Google stopped working?
2. When was the last time Windows stopped working?
The simple fact is that a single centrally administered server farm is vastly easier to administrate -- and will be vastly more reliable -- than a hundred million home PCs, most of which are managed by people who are vastly less competent than the average server farm administrator. Of course, if Windows broke and your home PC isn't working, you won't be able to use it to connect to sites online; but this isn't much of a problem. People care far more about their data than their hardware; if all else fails, they can borrow a friend's terminal.
Privacy and security, on the other hand, are much more serious issues; but (sadly) I don't think they have much chance of stopping something like this. Computer security is something which most people simply don't understand.
On March 2nd, 2005, I sent an email to the Microsoft Security Response Center (secure@microsoft.com) with a draft of my paper "Cache Missing for Fun and Profit", in which I described an information leakage attack against systems with shared caches in general, and systems with Hyper-Threading in specific. Among other things, I showed how this could be used to steal an RSA private key.
Over the following two months, I was told by three independent third parties that Microsoft was "very concerned" about this issue and had "several people" looking at it; but while one of your managers, Stephen Toulouse, claimed in an eWeek article that you commit to providing [researchers] with a progress report on the Microsoft investigation every time they ask for one, my repeated emails inquiring as to whether you had made any progress or intended to fix the problem at all went unanswered.
Since you've agreed to answer questions from slashdot, I'm going to try again: What action, if any, do you intend to take to protect systems against side channel attacks exploiting the shared caches on Intel Hyper-Threading processors?
Here people might not properly capitalize a proper noun. They might transpose letters in 'thier'. They might use jargon that isn't in oxford.
Clearly CmdrTaco counts himself as one of the people who don't feel obliged to capitalize proper nouns.
In other news, a typical teenager can neither properly operate nor name the components in a horse and buggy.
That's unfair. Most teenagers could name the horse. Probably something like "Bob" or "George".
The lack of splits is why the price of any individual share is so high; but it doesn't excuse the inflated total capitalization. According to the market, Google is worth 132.5 billion dollars; but is it really worth more than IBM or Coca-Cola, and almost three times as much as Disney?
As long as "CS251: Introduction to Funny Walks" remains an elective, I'm fine with it.
I'm not, and you shouldn't be either. If half of the people graduating with the same degree as you reached that point by taking basket-weaving courses, potential employers are going to decide that your degree is worthless -- even if you happen to be someone who didn't take any basket-weaving courses.
It is in the interests of students (both present and past) to ensure that their institution maintains or increases its academic standards, since their degrees will otherwise be devalued. (See also: medieval guilds.)
Please flout rules. Do not flaunt them.
What's wrong with displaying rules ostentatiously?
Yes, there is such a thing as being too smart -- at least if you're a piece of software. These days, if you're a web browser, it isn't good enough to know how to perform HTTP requests and parse HTML; you have to understand images in many different formats, interpret Javascript, keep track of cookies, parse XML, and maybe even execute Java or Flash applets.
So what's the problem? People like having all of these features, right?
The problem is that there is a hidden cost to having all of these features: Security, or rather a lack thereof. Remember that every line of code is a potential security flaw; and then think about the fact that FireFox is about 15x larger than lynx. Unsurprisingly, there aren't many security flaws in lynx.
I'm not suggesting that we should never add new features. Adding support for embedded images, for example, was a pretty significant step forward for the web. However, every time somebody steps forward and says "look at this new feature which I've added to the web browser and all the cool things I can do with it", our first questions should be "how much code does it take?" and "how easily can it be done securely?" -- and if the answers are "lots" and "umm, I haven't thought about that", then it's probably not a worthwhile feature, regardless of the amazing tricks it can be used to perform.
sort | uniq
Useless use of | detected. Did you mean: sort -u ?
wouldn't it be more useful to provide certain other things to third world countries, such as medical care ?
These laptops might pay for themselves by reducing the costs of medical care. When people have more information, they are likely to notice and seek treatment for a serious condition sooner than otherwise; to take your example of tuberculosis, providing a laptop and internet connection to a remote village could easily make the difference between the entire village being infected and only one person suffering (and being quarantined until medical help can arrive).
The discussion so far seems to have centered around comments which are not good, but rather mediocre -- comments which are likely to give a hint as to what the code does, but not to provide a convincing explanation as to why the code works.
In my opinion, a good comment is one which starts with \begin{theorem}, ends with \end{proof}, and provides a formal statement of what the code in question is supposed to accomplish, along with a proof that it works.