I'm looking at the source to Syme's Google Chrome plug-in. While I'm not a crypto expert, I've found three things that seem to weaken the encryption.
In "crypto.js", lines 262-270:
diffieHellman: function (privateKey, publicKey) { // Calculate the Diffie-Hellman shared key.
return privateKey.dh(publicKey); // Strengthen the key by running through PBKDF2. //return this.deriveKey(symKey, salt);
},
Note the commented-out line for strengthening the key. That looks like something was done to weaken the key generation.
Syme uses the Stanford JavaScript crypto library, which has a crypo-grade random number generator. But it only works if you turn on its entropy collector before asking for random bits. Otherwise you just get a function of the current time, which is easy to guess. The enthropy collector is turned on by calling startCollectors(). There is no call to startCollectors() in the add-on.
There are two copies of the "sjcl" crypto library, one in "sjcl.jh" and one in "app.js". They may be different. One of them is dead code. Not clear which one.
This is highly suspicious. This code needs a close look by a security expert before anyone trusts it.
Vocational education by correspondence has a long history. There was a big boom in it a century ago. Popular Mechanics, for 1920: "Learn the automobile trade at home - spare times" - Dyke's Correspondence School of Motoring.
International Correspondence Schools was established in 1890, and they're still in business. For decades, they had ads in Popular Mechanics, Popular Electronics, etc. By 1906 total enrollments reached 900,000. The dropout rates were high; only one in six made it past the first third of the material in a course. Only 2.6% of students who began a course finished it. Udacity had stats like that at times.
"The regular technical school or college aims to educate a man broadly; our aim, on the contrary, is to educate him only along some particular line." - Clarke, "The Correspondence School", 1906
"I'd aspired to give people a profound education--to teach them something substantial, but the data was at odds with this idea."...
"At the end of the day, the true value proposition of education is employment." - Thrun, 2013
What really happened was that new ways were found to monetize open source. Most of them involve advertising. Some of them involve spyware. Others involve making programs dependent on "the cloud", or on an endless stream of patches, so some company can cut off your air supply unless you pay.
Durability of an exotic surface structure can be a problem. An example is ultra-hydrophobic coatings. (Now available at retail as Rust-Oleum NeverWet.) They really do repel liquids so thoroughly that coated surfaces can't even get muddy. But they seem to wear out quickly. There are YouTube videos showing that stuff working for ten minutes, then failing. But maybe someone will come up with an improved coating that's tougher.
"Paint-on solar cells" also fall into this category.
"Push until you meet resistance, then pull back, then push again when people aren't looking" that is the facebook/zuckerberg motto.
That follows "When they advance, we retreat. When they hunt, we hide. When they sleep, we attack. When they retreat, we advance." from "On Guerrilla Warfare", Mao Zedong, 1930. This is the standard operating procedure for guerrilla groups. Classically it is a strategy of the weak against the strong. It's interesting to see it used by tycoons.
Lots of people like that linkage. Someone recently built a big rideable one from plywood at TechShop. A dynamics researcher at Stanford has a small one made on a 3D printer. Neither is wind-powered.
The linkage theory is interesting. This is an 8-bar linkage evolved using a genetic algorithm.
Many types of batteries have a low enough internal resistance to self-discharge when not in use. Nickel-cadmium batteries are notable for a high self-discharge rate. But lithium batteries generally have a low self-discharge rate, only a few percent a month. This Tesla owner is reporting something like 5% discharge overnight. That's a huge self-discharge rate for any modern battery chemistry.
Tesla's battery has a series-parallel arrangement, and if some cells fail, they could drag down the rest of the pack. There's so much monitoring in the charging system that this would be detected. (Whether it would be reported to the customer or just phoned in to HQ is a separate issue.)
The problem is that 23andMe started making medical claims. As the FDA says, "your company's website at www.23andme.com/health... markets the PGS for providing "health reports on 254 diseases and conditions," including categories such as "carrier status," "health risks," and "drug response," and specifically as a "first step in prevention" that enables users to "take steps toward mitigating serious diseases" such as diabetes, coronary heart disease, and breast cancer." Those are health claims. Those have to be clinically tested.
The history of their web site shows the health claims becoming more blatant over time.
From 2008:"Find out what current research can tell you about your genes."
From 2013:"Living well starts with knowing your DNA. Our genes make us who we are, so naturally they impact our health. By knowing your DNA, you can take steps toward living a healthier life. Find out if your children are at risk for inherited conditions, so you can plan for the health of your family. Order now."
Their advertising thus shows a progression from marketing to the technically curious to marketing to parents worried about their kids. That's what properly concerns the FDA.
This is going to help with object recognition, but not behavior. Behavior is time-based. As an R&D project, looking at TV shows might be useful, with the goal of predicting what's likely to happen next. TV shows have patterns in them which people pick up, and observation systems should be able to do that.
Predicting is important. Science is prediction, not explanation.
China is a 3rd world country wholly dependent economically on the US...China's economy is only as good as the 'Full faith and credit' of the US Bond's it is based on.
There is no "shortfall" of coders. There's just a glut of employers who want just-in-time employees cheap. Ones they can lay off at any time. Ones they don't have to send to training classes.
Women went into IT in the late 1990s, when it looked like a good career choice. Now it isn't, so they don't.
The first attempt at DARPA Grand Challenge autonomous car race (http://en.wikipedia.org/wiki/DARPA_Grand_Challenge) made it less than 12km before getting stuck - in 2004. Now only nine years later people are talking about the imminent arrival of driverless vehicles.
I've made that point before. I was at the 2004 DRC (and in the 2005 one). The 2004 DRC was pathetic. It was covered by the Comedy Channel. The Ohio State entry (a huge Oskosh truck) ran into a parked vehicle at slow speed and pushed it for a while until DARPA people finally sent it an emergency stop signal. The CMU approach was to have a semitrailer full of people at workstations doing detailed manual path planning. The CD with the route was released an hour or so before the start, so their people had a short period to plan the exact path, using recent high-res aerial photos. DARPA's competition chief, an active-duty USMC colonel, found out they were pre-planning, and so, the night before, a few of his troops went out and moved some obstacles. This was the result. CMU's vehicle plowed right through a highly visible sheet metal fence. They were the most successful team. The others did much worse.
Then in 2005, there were 23 teams with working vehicles running around the California Motor Speedway, none running into anything. The second day of the 2005 Grand Challenge was the day the press suddenly recognized that automatic driving was real.
That's the amateur version from the Florida Institute For Human and Machine Cognition. Here's the pro version from Boston Dynamics, showing some walking over rocks. The balance control is better, the walking is faster, and the arms and torso are being used more effectively for balance.
The "DARPA Humanoid Challenge" teams are struggling along. They had to write their software to run in a poor simulator, then use it on the real robot, with a competition next month in December. So the control software is crude. Most of the team efforts seem to be going into the perception side. Performance in the simulated humanoid challenge was poor; the best team fell down about 12 times. This looks like they're still using the basic balance controller from Boston Dynamics for control. Entrants in the competition get a closed-source.so file that will operate the Atlas robot for a few basic functions (slow walk, stand, etc.) for debugging purposes. This isn't the good stuff; Boston Dynamics keeps the better algorithms a secret. Entrants are supposed to replace those algorithms with better ones, but since they've only had about two months with the real robot, that probably hasn't happened.
Dr. Who, Star [Wars|Gate|Dreck]. Too retro. I'm old enough to remember when they all started. They had their day. They need to disappear into history.
Even Ender's Game is retro. I read the original short story when it came out in 1977. It was a good short story. Then it was turned into a long, dreary series. Then a movie. Now Lionsgate is planning a second movie or TV series. Are we going to have to put up with that whole series as movies?
This week "Hunger Games #2", which is at least original. Its first copy is "Divergent", coming out soon. There's a whole section of post-apocalyptic teen novels in print, and, the vampire/werewolf/zombie thing having run its course, we'll be seeing more of those. There's a glut of "chosen one teen hero" movies. It worked for Harry Potter, but it's been downhill since then. Low point: "The Last Airbender", or "Why M. Night Shyamalan sucks".
(Recommended reading in that genre: "Stormdancer", by Jay Kristoff. It's Japanese drama by a gaijin, but it's well executed and has film potential.)
CEO pay should be set by the stockholders. This is a right of ownership that has been taken away from stockholders. Stockholders need to take it back.
Each year, stockholders get the proxy, and put in a number. The maximum pay for the top 5 employees (the SEC tracks that) is then limited to the weighted median (by stock ownership) of that figure.
The right to vote the proxy belongs to the party that pays taxes on the stock. Pass-through entities like funds have to pass through the voting rights. For funds, holders can choose to pick a figure for the whole fund, and that's their figure for all stocks in that fund, or they can pick a figure for individual companies.
This would put an end to excessive CEO pay for loser companies. Some CEOs are worth paying a lot of money, but that's under 10% of the CEO population.
Note that the Swiss proposal is a tax on INCOME, *not* wealth.
Switzerland already has a net worth tax. Each year, individuals must pay 0.3% to 0.5% of their net worth. That seems small, but it's applied to net worth every year, so it adds up.
Handling of floating point overflow is a big problem. Under Windows on x86, you can get exact (as in at the right instruction location) floating point exceptions, and I've used that to catch overflow in a physics engine. But on some CPUs, there's a speed penalty for enabling exact FPU exceptions. Java and Go don't support floating point exceptions; they return NaN or +INF or -INF or 0 (for underflow). One problem with IEEE floating point is that you don't have trichotomy. When you compare with a NAN, the result is always supposed to be false. So a != b and !(a == b) are not equivalent.
Doing a numerical compare against a NaN should raise an exception. That way, you can crunch your matrices at full speed, any operation with a NaN as an input has a NaN as an output, and if there's a NaN in the final results, code that uses it without checking for it faults out.
But when IEEE floating point was designed, FPUs were separate chips. (In some cases, separate boards.) So the floating point design group didn't have the mandate to affect what the branching part of the CPU did.
As a result, you can generate a NaN, miscompare against it (all comparisons return false) and take the wrong branch in the code without recognizing the problem. Not many people care about this stuff, but where it matters, it's usually about something important.
This is an organization that takes years to fix bugs and has a huge legacy code base they can barely manage. (There's still a lot of Netscape stuff in there.)
When Capt Sullenberger landed on the Hudson, the aircraft software worked to prevent his stall.
That's exactly right. There's a book, "Fly by Wire", by William Langewiesche, one of the best aviation writers (son of Wolfgang Langewiesche, who wrote "Stick and Rudder", the 1944 classic for pilots). Langewiesche points out that it was the Airbus control system which delivered the super-smooth ride right on the edge of a stall down to the river. Once Sullenberger had decided to land in the river (the right decision; he didn't have enough altitude and airspeed to make it back to LGA or to Teterboro), everything else followed from that and was relatively straightforward. His co-pilot admits that.
The really lucky thing was that there happened to be enough nearby boats to rescue the passengers before they were dumped into the Hudson in winter.
The patent troll industry exists because, in the last decade, it's become much tougher for inventors to enforce patent rights. Four changes in law did this:
(2006) "eBay v. MercExchange " The patent holder can't get an injunction against infringement any more, except in extreme cases. This destroyed the concept of a patent as property that only the patent holder could use.
(2007) "In re Seagate" The patent holder can't get triple damages unless there is "reckless infringement", which means the worst that can happen to an infringer is that they have to pay a royalty, the same royalty they might have negotiated. So infringement by a big company is risk-free.
(2007) MedImmune, Inc. v. Genentech, Inc. If a patent holder writes to an infringer asking them to pay royalties, they can be sued for a judgement that the patent is invalid, in a court of the infringer's choosing. So, as a patent holder, you have to file suit before you can negotiate. This is why "patent trolling" became necessary.
(2011) The "America Invents Act" The "America Invents Act" added "post-grant opposition" proceedings, so now infringers can harass patent owners and stall infringement claims in multiple forums. Note that one of the "features" of HR 3309 is to limit estoppel so that similar issues can be raised once in a post-grant opposition and then re-raised in an infringement case. This makes it clear it's all about raising the cost of enforcing a patent by wearing down the patent holder.
Because of those changes, enforcing a single patent is no longer financially feasible in most cases. A big patent portfolio is needed. You either have to be a big patent holder like IBM or Google, or you have to deal with a company that aggregates patents to monetize them. This created the "patent troll" industry.
HR 3309 is an anti-inventor act, designed to make it more expensive to enforce a patent. After the removal of the "covered business method" patent section, patents are as strong as ever. You just have to be richer to enforce them. That's why this is supported by Google, Facebook, etc.
The current Senate bill on patent trolls, S.1720, the "Patent Transparency and Improvements Act of 2013" is much more narrowly focused than HR 3309. It has most of the anti-trolling provisions, but not loser-pays fee shifting. (Loser-pays means if a little guy sues a big company, they can get stuck with the big guy's big-law legal bills. That's a killer.) Instead, S.1720 has a study for a patent small claims court for small patent cases to get litigation costs down. That could work.
Slashdot Mirror
Watching the home page load, this shows up:
[17:06:07.510] GET https://stats.g.doubleclick.net/dc.js [HTTP/1.1 304 Not Modified 40ms]
[17:06:06.192] GET https://cdn.optimizely.com/js/166688199.js [HTTP/1.1 304 Not Modified 40ms]
Hm.
I'm looking at the source to Syme's Google Chrome plug-in. While I'm not a crypto expert, I've found three things that seem to weaken the encryption.
return privateKey.dh(publicKey);
},
Note the commented-out line for strengthening the key. That looks like something was done to weaken the key generation.
This is highly suspicious. This code needs a close look by a security expert before anyone trusts it.
Vocational education by correspondence has a long history. There was a big boom in it a century ago. Popular Mechanics, for 1920: "Learn the automobile trade at home - spare times" - Dyke's Correspondence School of Motoring.
International Correspondence Schools was established in 1890, and they're still in business. For decades, they had ads in Popular Mechanics, Popular Electronics, etc. By 1906 total enrollments reached 900,000. The dropout rates were high; only one in six made it past the first third of the material in a course. Only 2.6% of students who began a course finished it. Udacity had stats like that at times.
"The regular technical school or college aims to educate a man broadly; our aim, on the contrary, is to educate him only along some particular line." - Clarke, "The Correspondence School", 1906
"I'd aspired to give people a profound education--to teach them something substantial, but the data was at odds with this idea." ...
"At the end of the day, the true value proposition of education is employment." - Thrun, 2013
Not much has changed.
What really happened was that new ways were found to monetize open source. Most of them involve advertising. Some of them involve spyware. Others involve making programs dependent on "the cloud", or on an endless stream of patches, so some company can cut off your air supply unless you pay.
Durability of an exotic surface structure can be a problem. An example is ultra-hydrophobic coatings. (Now available at retail as Rust-Oleum NeverWet.) They really do repel liquids so thoroughly that coated surfaces can't even get muddy. But they seem to wear out quickly. There are YouTube videos showing that stuff working for ten minutes, then failing. But maybe someone will come up with an improved coating that's tougher.
"Paint-on solar cells" also fall into this category.
"Push until you meet resistance, then pull back, then push again when people aren't looking" that is the facebook/zuckerberg motto.
That follows "When they advance, we retreat. When they hunt, we hide. When they sleep, we attack. When they retreat, we advance." from "On Guerrilla Warfare", Mao Zedong, 1930. This is the standard operating procedure for guerrilla groups. Classically it is a strategy of the weak against the strong. It's interesting to see it used by tycoons.
On a 0..10 scale of problems to worry about, this ranks around 0.01.
The dynamics of on line food ordering could get interesting. Has anyone noted interesting suggestions from Amazon Fresh?
Buy Price $968.80 Sell Price $963.76 (Coinbase).
Coinbase prices are real, because if you sell there, you get the money. Mt. Gox prices are higher, but you can't get US dollars out.
Lots of people like that linkage. Someone recently built a big rideable one from plywood at TechShop. A dynamics researcher at Stanford has a small one made on a 3D printer. Neither is wind-powered.
The linkage theory is interesting. This is an 8-bar linkage evolved using a genetic algorithm.
Many types of batteries have a low enough internal resistance to self-discharge when not in use. Nickel-cadmium batteries are notable for a high self-discharge rate. But lithium batteries generally have a low self-discharge rate, only a few percent a month. This Tesla owner is reporting something like 5% discharge overnight. That's a huge self-discharge rate for any modern battery chemistry.
Tesla's battery has a series-parallel arrangement, and if some cells fail, they could drag down the rest of the pack. There's so much monitoring in the charging system that this would be detected. (Whether it would be reported to the customer or just phoned in to HQ is a separate issue.)
Yahoo doesn't do search. They dumped the search engine years ago. Yahoo resells Bing, with Yahoo branding and ads.
Part of the job of reporting is to digest talking heads down to something useful.
The problem is that 23andMe started making medical claims. As the FDA says, "your company's website at www.23andme.com/health ... markets the PGS for providing "health reports on 254 diseases and conditions," including categories such as "carrier status," "health risks," and "drug response," and specifically as a "first step in prevention" that enables users to "take steps toward mitigating serious diseases" such as diabetes, coronary heart disease, and breast cancer." Those are health claims. Those have to be clinically tested.
The history of their web site shows the health claims becoming more blatant over time.
Their advertising thus shows a progression from marketing to the technically curious to marketing to parents worried about their kids. That's what properly concerns the FDA.
This is going to help with object recognition, but not behavior. Behavior is time-based. As an R&D project, looking at TV shows might be useful, with the goal of predicting what's likely to happen next. TV shows have patterns in them which people pick up, and observation systems should be able to do that.
Predicting is important. Science is prediction, not explanation.
China is a 3rd world country wholly dependent economically on the US...China's economy is only as good as the 'Full faith and credit' of the US Bond's it is based on.
That's about 20 years out of date.
There is no "shortfall" of coders. There's just a glut of employers who want just-in-time employees cheap. Ones they can lay off at any time. Ones they don't have to send to training classes.
Women went into IT in the late 1990s, when it looked like a good career choice. Now it isn't, so they don't.
The first attempt at DARPA Grand Challenge autonomous car race (http://en.wikipedia.org/wiki/DARPA_Grand_Challenge) made it less than 12km before getting stuck - in 2004. Now only nine years later people are talking about the imminent arrival of driverless vehicles.
I've made that point before. I was at the 2004 DRC (and in the 2005 one). The 2004 DRC was pathetic. It was covered by the Comedy Channel. The Ohio State entry (a huge Oskosh truck) ran into a parked vehicle at slow speed and pushed it for a while until DARPA people finally sent it an emergency stop signal. The CMU approach was to have a semitrailer full of people at workstations doing detailed manual path planning. The CD with the route was released an hour or so before the start, so their people had a short period to plan the exact path, using recent high-res aerial photos. DARPA's competition chief, an active-duty USMC colonel, found out they were pre-planning, and so, the night before, a few of his troops went out and moved some obstacles. This was the result. CMU's vehicle plowed right through a highly visible sheet metal fence. They were the most successful team. The others did much worse.
Then in 2005, there were 23 teams with working vehicles running around the California Motor Speedway, none running into anything. The second day of the 2005 Grand Challenge was the day the press suddenly recognized that automatic driving was real.
That's the amateur version from the Florida Institute For Human and Machine Cognition. Here's the pro version from Boston Dynamics, showing some walking over rocks. The balance control is better, the walking is faster, and the arms and torso are being used more effectively for balance.
The "DARPA Humanoid Challenge" teams are struggling along. They had to write their software to run in a poor simulator, then use it on the real robot, with a competition next month in December. So the control software is crude. Most of the team efforts seem to be going into the perception side. Performance in the simulated humanoid challenge was poor; the best team fell down about 12 times. This looks like they're still using the basic balance controller from Boston Dynamics for control. Entrants in the competition get a closed-source .so file that will operate the Atlas robot for a few basic functions (slow walk, stand, etc.) for debugging purposes. This isn't the good stuff; Boston Dynamics keeps the better algorithms a secret. Entrants are supposed to replace those algorithms with better ones, but since they've only had about two months with the real robot, that probably hasn't happened.
In a year, this will probably suck a lot less.
Dr. Who, Star [Wars|Gate|Dreck]. Too retro. I'm old enough to remember when they all started. They had their day. They need to disappear into history.
Even Ender's Game is retro. I read the original short story when it came out in 1977. It was a good short story. Then it was turned into a long, dreary series. Then a movie. Now Lionsgate is planning a second movie or TV series. Are we going to have to put up with that whole series as movies?
This week "Hunger Games #2", which is at least original. Its first copy is "Divergent", coming out soon. There's a whole section of post-apocalyptic teen novels in print, and, the vampire/werewolf/zombie thing having run its course, we'll be seeing more of those. There's a glut of "chosen one teen hero" movies. It worked for Harry Potter, but it's been downhill since then. Low point: "The Last Airbender", or "Why M. Night Shyamalan sucks".
(Recommended reading in that genre: "Stormdancer", by Jay Kristoff. It's Japanese drama by a gaijin, but it's well executed and has film potential.)
CEO pay should be set by the stockholders. This is a right of ownership that has been taken away from stockholders. Stockholders need to take it back.
Each year, stockholders get the proxy, and put in a number. The maximum pay for the top 5 employees (the SEC tracks that) is then limited to the weighted median (by stock ownership) of that figure.
The right to vote the proxy belongs to the party that pays taxes on the stock. Pass-through entities like funds have to pass through the voting rights. For funds, holders can choose to pick a figure for the whole fund, and that's their figure for all stocks in that fund, or they can pick a figure for individual companies.
This would put an end to excessive CEO pay for loser companies. Some CEOs are worth paying a lot of money, but that's under 10% of the CEO population.
Note that the Swiss proposal is a tax on INCOME, *not* wealth.
Switzerland already has a net worth tax. Each year, individuals must pay 0.3% to 0.5% of their net worth. That seems small, but it's applied to net worth every year, so it adds up.
Kahan, of course, is the authority on this.
Handling of floating point overflow is a big problem. Under Windows on x86, you can get exact (as in at the right instruction location) floating point exceptions, and I've used that to catch overflow in a physics engine. But on some CPUs, there's a speed penalty for enabling exact FPU exceptions. Java and Go don't support floating point exceptions; they return NaN or +INF or -INF or 0 (for underflow). One problem with IEEE floating point is that you don't have trichotomy. When you compare with a NAN, the result is always supposed to be false. So a != b and !(a == b) are not equivalent.
Doing a numerical compare against a NaN should raise an exception. That way, you can crunch your matrices at full speed, any operation with a NaN as an input has a NaN as an output, and if there's a NaN in the final results, code that uses it without checking for it faults out. But when IEEE floating point was designed, FPUs were separate chips. (In some cases, separate boards.) So the floating point design group didn't have the mandate to affect what the branching part of the CPU did.
As a result, you can generate a NaN, miscompare against it (all comparisons return false) and take the wrong branch in the code without recognizing the problem. Not many people care about this stuff, but where it matters, it's usually about something important.
Mozilla's CTO, Brendan Eich, gets $652,194.
This is an organization that takes years to fix bugs and has a huge legacy code base they can barely manage. (There's still a lot of Netscape stuff in there.)
When Capt Sullenberger landed on the Hudson, the aircraft software worked to prevent his stall.
That's exactly right. There's a book, "Fly by Wire", by William Langewiesche, one of the best aviation writers (son of Wolfgang Langewiesche, who wrote "Stick and Rudder", the 1944 classic for pilots). Langewiesche points out that it was the Airbus control system which delivered the super-smooth ride right on the edge of a stall down to the river. Once Sullenberger had decided to land in the river (the right decision; he didn't have enough altitude and airspeed to make it back to LGA or to Teterboro), everything else followed from that and was relatively straightforward. His co-pilot admits that.
The really lucky thing was that there happened to be enough nearby boats to rescue the passengers before they were dumped into the Hudson in winter.
The patent troll industry exists because, in the last decade, it's become much tougher for inventors to enforce patent rights. Four changes in law did this:
Because of those changes, enforcing a single patent is no longer financially feasible in most cases. A big patent portfolio is needed. You either have to be a big patent holder like IBM or Google, or you have to deal with a company that aggregates patents to monetize them. This created the "patent troll" industry.
HR 3309 is an anti-inventor act, designed to make it more expensive to enforce a patent. After the removal of the "covered business method" patent section, patents are as strong as ever. You just have to be richer to enforce them. That's why this is supported by Google, Facebook, etc.
The current Senate bill on patent trolls, S.1720, the "Patent Transparency and Improvements Act of 2013" is much more narrowly focused than HR 3309. It has most of the anti-trolling provisions, but not loser-pays fee shifting. (Loser-pays means if a little guy sues a big company, they can get stuck with the big guy's big-law legal bills. That's a killer.) Instead, S.1720 has a study for a patent small claims court for small patent cases to get litigation costs down. That could work.