[...] remember that TPM is about keeping you our of your own computer[...]
Um, no. TPMs are designed for three things: 1) establish a hardware root of trust for boot (i.e., make sure that you're actually booting your OS and not a rootkit first), 2) provide lightweight, secure and fast cryptographic operations (so you don't have to do something stupid like store a cryptographic key in plaintext on your HD), and 3) allow remote attestation of a computer's software stack (i.e., verifying the integrity of the OS and other pieces of software...very useful for distributed systems).
Yes, there are applications of TPMs for DRM, but that is a side effect and not a primary factor. Furthermore, in the case of general purpose computers (which does not include gaming platforms like the Xbox), the TPM best practices make it very clear that the TPM should only be activated with the user's explicit knowledge and consent. I.e., it is the owner of the hardware who decides if the TPM will be used, not the software vendors. Of course, hardware vendors are not obliged to follow the best practices, but that's not the fault of TCG.
Actually, no, that wasn't the key to my argument. The key point of my argument was that, by and large, the majority of patents granted (based on the several that I have examined in depth) are not for major, new inventions. Most patents awarded are for specific, minor things that have little value in and of themselves. As I said before, if your patent was for something truly novel and grandiose, and evil Company A stole your idea, then, yes you deserve to sue Company A into oblivion. But if your patented idea (which a bright Company A engineer thought of at the same time, but felt it was a trivial improvement) adds about a billionth of a cent to the value of a new car, here's $10, now go away.
Let's say I invent something, which some company uses in their flagship product, making millions off my invention.
Do you mean something like the ability to make an online purchase using only a single click? More likely than not, they made millions off their flagship product, and your invention added very little value. Is it really going to make a difference to Adobe whether or not they use some image manipulation filter that you thought up at the same time their designers did? Their millions resulted from the combination of brand recognition, ability to keep costs down by streamlining manufacturing, the development of a clever user interface, etc.
Let's say that I am unable to bring my product to market (because of limited capital, because of limited knowledge, because of a single market for my invention that someone else has control of... pick a reason, or multiple ones).
So, are you implying that you should somehow be compensated for failing in business? Look, if you invented something really amazing and non-obvious (e.g., arms that extended from my laptop to give me a shoulder massage while I worked...that would be cool...), then yes, you should get paid. But if you expect to live a life of luxury just because you thought it'd be a good idea if your car let out a beep as you approach a red light (and failed to build a business model around this idea), then you're exactly what's wrong with the system.
Well, there's also the fact that 20-somethings just out of school work for about half the pay of a 40-year-old looking at how to pay for their kids' college tuition and put a little aside to retire before they hit 70.
You are essentially correct (since we're talking about a US company), but it gets a little more complicated. See here for a description of at-will employment. For the most part, unless you signed a contract (which generally only happens for executive-level management), you are free to quit or be fired at any point for any reason, unless your termination would explicitly violate certain laws (such as discrimination or whistle-blowing). Several states have passed exceptions that would require employers have a just cause for termination, but that is not universal.
...and your point would be...? Linus went on to create his own kernel while he was a graduate student in computer science. If you read the article, you'd know that Kolivas works as an anaesthetist, and did kernel hacking solely as a hobby. For an operating system that relies on volunteers and hobbyists, the Kolivas incident serves as a pretty bad precedent.
I've seen claims that mothers who have a Caesarean section give birth to kids who don' have the ability to handle stress. The theory goes something like: the final pains labor trigger the a release of hormones into the fetus that then give the child the ability to deal with stress.
I am extremely skeptical of these claims. The idea that there are particular hormones that are released during such a short time period with such life-long effects seems a bit of a stretch to me. I'm not saying it's impossible, but it does seem like a bit of deus ex machina to imply that there is some omnipotent hormone behind it all.
I find it much more likely that a combination of factors, particularly cultural and social, offers a better explanation. See here and here for a couple of articles examining the link between Cesareans and psychosocial effects. Cesareans often result in a certain amount of psychological trauma for the mother that often impairs the mother's ability to bond with her child immediately. To complicate matters, for multiple reasons, delivery rooms often take the child for a number of examinations immediately after the birth. As a result, some mothers do not get to see their child's face until almost an hour after they are born. In my opinion, it would be better to let the mother see the child right away, even if only for a few seconds, before whisking them away. Additionally, better post-partum psychological support would be greatly beneficial toward reducing the effect of this trauma.
Another factor to consider is what became the dominant US culture for child-rearing in the 20th century. Breastfeeding declined immensely (though it's been making a comeback recently). There is also a cultural bias toward early detachment (such as letting babies "cry it out") that is unique in the history of the world. Co-sleeping is another common element in other cultures that is frowned upon in the US. (And if you are concerned about the risks, there are plenty of products that place a barrier around the baby that makes it nearly impossible to roll onto them. There are also bed-side cribs that offer nearly the same benefits of co-sleeping without the risk of roll overs.) As an alternative, my wife and I adopted the attachment parenting philosophy. The basic idea behind AP is that developing a strong bond with your infant and toddler helps to create a much better foundation for life-long emotional and psychological stability. That is, babies first need to feel secure and loved before they can begin to mature into independent children. You may disagree, but we've been happy with the results.
I would also assume that a woman too afraid to go natural might also have a genetic predisposition of an inability to handle stress, but that is my own conjecture.
Wow. That is one hell of an audacious statement. I have yet to find a woman who is "too afraid to go natural" and would prefer to have a Cesarean. My wife and I spent months going through Bradley method classes (i.e., no medication at all), and still ended up with a Cesarean. The reality is that the vast majority of women do not want to have a Cesarean. But the current state of the American health care system has lead to a dramatic rise in their occurrence. Two major factors are the lack of adequate childbirth preparation and the scarcity of doulas to advocate for the mothers. The decision to have a Cesarean is often
[...] The second is going to give you practical skills in programming -- a wide array of practical skills. The first is most likely going to give you some automata theory for computers but unless you're going into theoretical research, the second is the obvious answer. Graphics and games are all vectors, the web is becoming even more so with new browser rendering technologies. Rendering is all euclidean space transposed onto a two dimensional plane (screen) using points (pixels). Differentials are huge in the vision and image processing world and again, in graphics. This is your obvious selection[...]
I couldn't disagree more. There is no "obvious selection," because the OP didn't mention what type of programming interests him. If you're going to specialize in graphics or scientific computing, yes, the analysis course would be helpful. However, I find that branch of mathematics completely useless for the programming work that I do.
In more systems-oriented programming (e.g., OS, compilers, networking, databases), a strong background in algorithms, data structures, and graph theory is absolutely essential. If you start moving into security and cryptography, you need to understand modern algreba topics like number theory and group theory; having a solid foundation in set theory is a prerequisite for any of those topics.
[...] although I challenge you to take both [emph. added]. Also, look for courses on classes that blur the lines between stats/math and computer science. Like courses on error correcting codes or computer language design and theory.
Wow. You actually managed to interpret my comment as an implication that one should not read primary sources? That is quite a remarkable feat. I felt it was pretty obvious that my point was that people should make up their own damn minds after reading multiple sources of information, including primary sources.
You offered links to three primary sources (IOIA text, Ex. Order 12425, and the amendment). The ABC article links to both the amendment and IOIA. But it also links to the Vienna Conventions to offer a primary source as to what actually constitutes diplomatic immunity. It also offers links to other primary sources for applications of IOIA to other organizations. It also provides a link to another Ex. Order 12971, which also amended 12425. After just a quick glance, that ABC article offers links to twelve primary sources. So I hate to break it to you, but that article wins the battle of primary sources.
No, I don't think you have multiple personality disorder. I simply think you are a troll that is hell-bent on blaming Obama for all the woes in the world. Note that my statement should not be interpreted as an endorsement of Obama; I have my own criticisms of the man. Rather, I am just stating that, if you're going to criticism him, you should at least make sure that you base your arguments on points that are not complete misinterpretations of primary sources.
I'm the submitter, and I'd recommend not clicking on the news link. Not only is it wrong, but the Slashdot editors added it in to my submission, which just had a link to the Executive Order and to the UN Parking Ticket Scandal.
Yeah, I always hate it when people add links that put things into context and provide more information. Why can't they just post the little snippets that I misinterpret to fit my preconceived notions? Everybody knows that trying to listen to both sides of an argument and decide for yourself is just stupid.
Hmm, I must be confused, because that link you pointed to states that the right to notice of accusation and the right to assistance of counselhave been incorporated against the states as a result of In re Oliver (1948) and Gideon v. Wainwright (1963). Furthermore, if you are being detained by any government entity within the country, any federal court can issue a writ of habeas corpus to release you from custody. Or am I missing something in your argument?
I call BS. Go to Google and try searching for "burn a cd" and "burn cd." The results are pretty similar because decent search engines do more than simple text parsing and regular expression matching. As long as the vast majority of people continue to use Google, Bing, Yahoo, etc., they will come to expect that the search tool is actually trying to be helpful.
As an academic researcher, I regularly copy and paste the title of a paper that I am looking for into Google. When I do that, I also find similar papers on the same topic because their titles share words with the original title. This is very helpful. If "basic search technique" required me to get rid of "a," "an," "the," etc., my job would be a whole lot more frustrating.
First, I would not say that they can convert arbitrary shell code to English-like prose. Rather, the only instructions that can be used are the ones that are identical to the ASCII encoding of the alphabet. For instance, the ASCII encoding of the letter "r" is identical to the binary for the unconditional jmp instruction. Granted, the authors showed that you can do a lot with this limited set of instructions, but I still wouldn't call it arbitrary.
According to the PDF it does convert arbitrary shell code. FTA: What follows is a brief description of the method we have developed for encoding arbitrary shellcode as English text... It looks like they can encode anything once they have built an English-like decoder (judging by their language and the 3rd figure).
Ah, I forgot about that part. Yes, the first part of the shell code decodes the remaining message so that they are no longer limited to just typical ASCII characters. You are correct.
The tight constraints on the instructions that can be encoded into ASCII make crafting decent English syntax nearly impossible. Spam filters based on natural language processing could probably detect and flag them.
If they were sending SPAM... which they aren't.
Here, you missed my point. I was not implying that they were actually sending spam. The sentences they crafted are essentially identical to the kinds of sentences you see in spam. My point was that NLP techniques could be applied to flag these sentences just as they are with spam.
This talk was probably my favorite at CCS this year. Unlike MANY researchers, the lead author of this paper was quite entertaining. Regarding the work itself, there are a few details that the current discussion has missed.
First, I would not say that they can convert arbitrary shell code to English-like prose. Rather, the only instructions that can be used are the ones that are identical to the ASCII encoding of the alphabet. For instance, the ASCII encoding of the letter "r" is identical to the binary for the unconditional jmp instruction. Granted, the authors showed that you can do a lot with this limited set of instructions, but I still wouldn't call it arbitrary.
Second, he showed several examples of the sentences created. They make about as much sense as "Lorem ipsum dolor sit amet..." The tight constraints on the instructions that can be encoded into ASCII make crafting decent English syntax nearly impossible. Spam filters based on natural language processing could probably detect and flag them.
While disguising the binary as ASCII is cool, I don't see that it's all that different than other exploits. Once a sentence containing an exploit is detected, you'll have signatures just like any other type of virus/trojan. I highly doubt that contemporary anti-virus scanners stop working on data that looks like ASCII. Rather, they look for tell-tale signs of particular instructions that appear in particular orders, etc.
And, as many others have pointed out, this code is only harmful if it is executed in the right context (i.e., you have a vulnerability to exploit). Disguising the code as ASCII doesn't really make it different than any other type of zero-day attack.
This work was very sophisticated, and there's no way that script kiddies could build something like this. I don't know that more advanced attackers would bother, because I really don't see all that much of a payoff given the amount of work that this attack requires. It's a whole lot easier to take over a vulnerable web server and launch a XSS attack. The incentives simply do not seem to suggest that this technique will become widespread.
So, no, I don't think the sky is falling because of this attack. Having said that, though, this was a very cool piece of work.
According to the article, she'd been on leave for a year and a half since being diagnosed. Then her payments just stopped coming with no notification. She had to call the company to find out why, and, at that point, they informed her that she was doing well enough to work. In response to the article, the company put out a written statement that they do not cancel policies based solely on Facebook.
Either there's more to this case than what is being reported, or this company needs to get nailed to the wall.
I, for one, thank the U.N. for their censorship in this case. I had never heard of this book. Were it not for this incident, I may never have learned of it. So I think the U.N. for bringing my attention to it.
Also, note that the parent's quote comes from the section on Web applications (i.e., server-side). The section on Web browsers does not provide even a hint as to their sources.
I've previously driven a manual and now have a 2007 Prius. Like you, my first intuition would be to put the car in neutral. Except in my Prius, I don't have a traditional gear shift that has direct control over the matter. Instead, I have a little nob that I can push in the direction of "D," "N," "R," or "B" (engine breaking). When I push the nob in one of those directions, an electronic component evaluates the command. If my car doesn't like my choice (like trying to shift from D to R while going 45 mph), it makes a little beep and ignores my request.
So if it is a problem with the electronic system, and it's ignoring basic requests from the accelerator and the brake pedal, I'm tempted to think it'll ignore the request to shift to neutral. Hopefully, I'll never experience this and find out.
I'm confused. Yesterday, I was told it was Obama's failure. Now you're telling me it's the fault of the post-9/11 policies of G.W. Bush. So it's Bush's fault.
But 9/11 happened because Clinton didn't do enough to take out Bin Laden in the '90s. So it's Clinton's fault!
Wait, wasn't Bin Laden originally pissed because of the US presence in Saudi Arabia during Gulf War I? So it's G.H.W. Bush's fault!
Hold on... Didn't Bin Laden and the Mujahedeen get their training from the US in the '80s to fight the Soviets in Afghanistan? So it's Reagan's fault!
Eh, to hell with it. Will somebody just tell me who to blame?
I know many brilliant people who never lived up to their potential partly because, among other reasons, they were completely stifled in a public education system. They were never taught how to work hard to learn, how to challenge themselves. [...] The purpose [of the educational system in the US] is to create a functional workforce that is conditioned to structured systems.
I definitely understand feeling underserved by the US public education system. My performance in my undergrad was mediocre because I was very unprepared for college. In my HS calculus class, fewer than half of the students actually had plans to go to college. The others were there because their friends were taking it.
But I disagree with your claim regarding the system's purpose, because I argue that there is no unifying purpose. And that is part of the problem. The US public school system is for the most part dominated by local control. Yes, states set curricula. Yes, No Child Left Standing--I mean, Behind--mandates a number of standards. But you have to follow the money. Local schools get a certain amount of money per student, based on the classes they are taking. So those non-college-bound students earned my school more money by enrolling in calculus instead of taking a study hall. I tried to convince my guidance counselor to let me take calculus through a local university, because I knew what my school's class was going to be like. She wouldn't let me. If I wasn't enrolled in our school's version, their budget dropped.
Want to solve the problem of under-motivated talented kids? Create some publicly funded charter schools for gifted and talented kids. Make the admission criteria rigorous. Make it tuition free so that socioeconomic status is not a barrier to application. AND create a funding structure that would encourage schools to send their students there. Without the proper incentive structure for the local schools, it can't work.
[...] every skill I now use professionally [...] [emphasis added]
So it seems you are advocating replacing traditional education with vocational school. After all, if it's not a skill that you need for your job, then there's no reason to learn it.
Yes, a lot of school is boring and completely useless. (Anybody else forced to suffer through Jude the Obscure?) However, an education that requires exposure to a broad range of topics is invaluable. The most interesting and intelligent people that I know can go off on tangents about John Cage, Hermann Hesse, or Shinto in between discussions of cryptographic protocols or data structures. If the breadth of your conversations consists of functional programming on one end and OOP on the other, I pity you. Life is about more than just problem solving.
Myriad claims their patents cover ALL tests related to the genes. Go to http://www.accessmylibrary.com/coms2/summary_0286-15489528_ITM. Scroll down to the Myriad case study, and read about the cease-and-desist letters Myriad sent to Canadian provinces in 2001:
"The cease-and-desist orders sent by Myriad to the provincial health care authorities stated that the provincial screening tests infringed Myriad's patents by using the patented genes. The fact that the test used by the provinces was different from the one claimed by Myriad in its patents was not relevant because ultimately any screening test required use of the patented genes."
it's just that without Myriad, *no one* would know that having the BRCA1 gene was a precursor to breast cancer.
Really? Then why is there research on the topic that predates the company? Here's a paper from 1994 that includes at least one co-founder of Myriad: http://www.sciencemag.org/content/vol266/issue5182/index.dtl. Of course, 1994 is after the founding of Myriad in 1991-1992, but you already pointed out that the research takes 5-6 years. Additionally, that paper cites work from http://www.sciencemag.org/cgi/content/abstract/250/4988/1684, which was published in 1990 (before Myriad). The title of that article is "Linkage of early-onset familial breast cancer to chromosome 17q21."
My understanding of the history of Myriad is that they are an example of university research commercialization. That is, the company was founded to establish and protect intellectual property based on work that was done by researchers at the University of Utah. A lot of universities are doing this now, where start-up companies are formed to expand on and profit from research. If the start-ups do well, the universities get a share of the profits.
Just one problem... As this was university research, it was almost certainly publically funded through grants from NIH, NSF, etc. Hence, we US taxpayers funded the research, not Myriad. Yes, Myriad continues to do research to further develop their products, but Myriad's flagship is still BRACAnalysis, which is the product of university research.
Furthermore, Myriad aggressively pursues their IP rights. In 2001, they sent cease-and-desist letters to the Canadian government, claiming that ANY BRCA1 or BRCA2 testing method other than BRACAnalysis violates their patents. So, yes, they are claiming ownership of ALL information relating to the genes, and not just the process. Many provinces are fighting back, and the outcome of those legal battles is unclear.
The moral of the story? Public schools suck. They're useless, the teachers are incompetent[...] So until schools [...] start hiring qualified teachers[...], public (and a lot of private) schools will always be useless.
Once upon a time, I was a math ed major. There were a lot of interesting things I learned in those classes (e.g., that was where I discovered the writings of Jonathan Kozol, which I recommend). But the most important lesson that I learned was how pathetic teaching salaries are. If I took a technical job in the math/CS fields, my starting salary would be triple what I would make as a teacher.
As long as teachers are not respected as professionals and their starting salaries remain low, the vast majority of people with a true passion for the field and the most knowledge of the material will continue to go into industry. I still love to teach--I am currently working on my Ph.D. and intend to stay in academia--but teaching is too much work for the salary offered.
Slashdot Mirror
[...] remember that TPM is about keeping you our of your own computer[...]
Um, no. TPMs are designed for three things: 1) establish a hardware root of trust for boot (i.e., make sure that you're actually booting your OS and not a rootkit first), 2) provide lightweight, secure and fast cryptographic operations (so you don't have to do something stupid like store a cryptographic key in plaintext on your HD), and 3) allow remote attestation of a computer's software stack (i.e., verifying the integrity of the OS and other pieces of software...very useful for distributed systems).
Yes, there are applications of TPMs for DRM, but that is a side effect and not a primary factor. Furthermore, in the case of general purpose computers (which does not include gaming platforms like the Xbox), the TPM best practices make it very clear that the TPM should only be activated with the user's explicit knowledge and consent. I.e., it is the owner of the hardware who decides if the TPM will be used, not the software vendors. Of course, hardware vendors are not obliged to follow the best practices, but that's not the fault of TCG.
Actually, no, that wasn't the key to my argument. The key point of my argument was that, by and large, the majority of patents granted (based on the several that I have examined in depth) are not for major, new inventions. Most patents awarded are for specific, minor things that have little value in and of themselves. As I said before, if your patent was for something truly novel and grandiose, and evil Company A stole your idea, then, yes you deserve to sue Company A into oblivion. But if your patented idea (which a bright Company A engineer thought of at the same time, but felt it was a trivial improvement) adds about a billionth of a cent to the value of a new car, here's $10, now go away.
Let's say I invent something, which some company uses in their flagship product, making millions off my invention.
Do you mean something like the ability to make an online purchase using only a single click? More likely than not, they made millions off their flagship product, and your invention added very little value. Is it really going to make a difference to Adobe whether or not they use some image manipulation filter that you thought up at the same time their designers did? Their millions resulted from the combination of brand recognition, ability to keep costs down by streamlining manufacturing, the development of a clever user interface, etc.
Let's say that I am unable to bring my product to market (because of limited capital, because of limited knowledge, because of a single market for my invention that someone else has control of... pick a reason, or multiple ones).
So, are you implying that you should somehow be compensated for failing in business? Look, if you invented something really amazing and non-obvious (e.g., arms that extended from my laptop to give me a shoulder massage while I worked...that would be cool...), then yes, you should get paid. But if you expect to live a life of luxury just because you thought it'd be a good idea if your car let out a beep as you approach a red light (and failed to build a business model around this idea), then you're exactly what's wrong with the system.
Except the hours and pay are both better.
Well, there's also the fact that 20-somethings just out of school work for about half the pay of a 40-year-old looking at how to pay for their kids' college tuition and put a little aside to retire before they hit 70.
You are essentially correct (since we're talking about a US company), but it gets a little more complicated. See here for a description of at-will employment. For the most part, unless you signed a contract (which generally only happens for executive-level management), you are free to quit or be fired at any point for any reason, unless your termination would explicitly violate certain laws (such as discrimination or whistle-blowing). Several states have passed exceptions that would require employers have a just cause for termination, but that is not universal.
...and your point would be...? Linus went on to create his own kernel while he was a graduate student in computer science . If you read the article, you'd know that Kolivas works as an anaesthetist, and did kernel hacking solely as a hobby. For an operating system that relies on volunteers and hobbyists, the Kolivas incident serves as a pretty bad precedent.
I've seen claims that mothers who have a Caesarean section give birth to kids who don' have the ability to handle stress. The theory goes something like: the final pains labor trigger the a release of hormones into the fetus that then give the child the ability to deal with stress.
I am extremely skeptical of these claims. The idea that there are particular hormones that are released during such a short time period with such life-long effects seems a bit of a stretch to me. I'm not saying it's impossible, but it does seem like a bit of deus ex machina to imply that there is some omnipotent hormone behind it all.
I find it much more likely that a combination of factors, particularly cultural and social, offers a better explanation. See here and here for a couple of articles examining the link between Cesareans and psychosocial effects. Cesareans often result in a certain amount of psychological trauma for the mother that often impairs the mother's ability to bond with her child immediately. To complicate matters, for multiple reasons, delivery rooms often take the child for a number of examinations immediately after the birth. As a result, some mothers do not get to see their child's face until almost an hour after they are born. In my opinion, it would be better to let the mother see the child right away, even if only for a few seconds, before whisking them away. Additionally, better post-partum psychological support would be greatly beneficial toward reducing the effect of this trauma.
Another factor to consider is what became the dominant US culture for child-rearing in the 20th century. Breastfeeding declined immensely (though it's been making a comeback recently). There is also a cultural bias toward early detachment (such as letting babies "cry it out") that is unique in the history of the world. Co-sleeping is another common element in other cultures that is frowned upon in the US. (And if you are concerned about the risks, there are plenty of products that place a barrier around the baby that makes it nearly impossible to roll onto them. There are also bed-side cribs that offer nearly the same benefits of co-sleeping without the risk of roll overs.) As an alternative, my wife and I adopted the attachment parenting philosophy. The basic idea behind AP is that developing a strong bond with your infant and toddler helps to create a much better foundation for life-long emotional and psychological stability. That is, babies first need to feel secure and loved before they can begin to mature into independent children. You may disagree, but we've been happy with the results.
I would also assume that a woman too afraid to go natural might also have a genetic predisposition of an inability to handle stress, but that is my own conjecture.
Wow. That is one hell of an audacious statement. I have yet to find a woman who is "too afraid to go natural" and would prefer to have a Cesarean. My wife and I spent months going through Bradley method classes (i.e., no medication at all), and still ended up with a Cesarean. The reality is that the vast majority of women do not want to have a Cesarean. But the current state of the American health care system has lead to a dramatic rise in their occurrence. Two major factors are the lack of adequate childbirth preparation and the scarcity of doulas to advocate for the mothers. The decision to have a Cesarean is often
[...] The second is going to give you practical skills in programming -- a wide array of practical skills. The first is most likely going to give you some automata theory for computers but unless you're going into theoretical research, the second is the obvious answer. Graphics and games are all vectors, the web is becoming even more so with new browser rendering technologies. Rendering is all euclidean space transposed onto a two dimensional plane (screen) using points (pixels). Differentials are huge in the vision and image processing world and again, in graphics. This is your obvious selection[...]
I couldn't disagree more. There is no "obvious selection," because the OP didn't mention what type of programming interests him. If you're going to specialize in graphics or scientific computing, yes, the analysis course would be helpful. However, I find that branch of mathematics completely useless for the programming work that I do.
In more systems-oriented programming (e.g., OS, compilers, networking, databases), a strong background in algorithms, data structures, and graph theory is absolutely essential. If you start moving into security and cryptography, you need to understand modern algreba topics like number theory and group theory; having a solid foundation in set theory is a prerequisite for any of those topics.
[...] although I challenge you to take both [emph. added]. Also, look for courses on classes that blur the lines between stats/math and computer science. Like courses on error correcting codes or computer language design and theory.
On this point, we agree.
Wow. You actually managed to interpret my comment as an implication that one should not read primary sources? That is quite a remarkable feat. I felt it was pretty obvious that my point was that people should make up their own damn minds after reading multiple sources of information, including primary sources.
You offered links to three primary sources (IOIA text, Ex. Order 12425, and the amendment). The ABC article links to both the amendment and IOIA. But it also links to the Vienna Conventions to offer a primary source as to what actually constitutes diplomatic immunity. It also offers links to other primary sources for applications of IOIA to other organizations. It also provides a link to another Ex. Order 12971, which also amended 12425. After just a quick glance, that ABC article offers links to twelve primary sources. So I hate to break it to you, but that article wins the battle of primary sources.
No, I don't think you have multiple personality disorder. I simply think you are a troll that is hell-bent on blaming Obama for all the woes in the world. Note that my statement should not be interpreted as an endorsement of Obama; I have my own criticisms of the man. Rather, I am just stating that, if you're going to criticism him, you should at least make sure that you base your arguments on points that are not complete misinterpretations of primary sources.
I'm the submitter, and I'd recommend not clicking on the news link. Not only is it wrong, but the Slashdot editors added it in to my submission, which just had a link to the Executive Order and to the UN Parking Ticket Scandal.
Yeah, I always hate it when people add links that put things into context and provide more information. Why can't they just post the little snippets that I misinterpret to fit my preconceived notions? Everybody knows that trying to listen to both sides of an argument and decide for yourself is just stupid.
Unfortunately for your argument, that part of the sixth amendment does not seem to have been incorporated against the states, so Texas could theoretically never tell you why you were being held, even if a federal prosecutor would have to tell you under the sixth amendment.
Hmm, I must be confused, because that link you pointed to states that the right to notice of accusation and the right to assistance of counsel have been incorporated against the states as a result of In re Oliver (1948) and Gideon v. Wainwright (1963). Furthermore, if you are being detained by any government entity within the country, any federal court can issue a writ of habeas corpus to release you from custody. Or am I missing something in your argument?
I call BS. Go to Google and try searching for "burn a cd" and "burn cd." The results are pretty similar because decent search engines do more than simple text parsing and regular expression matching. As long as the vast majority of people continue to use Google, Bing, Yahoo, etc., they will come to expect that the search tool is actually trying to be helpful.
As an academic researcher, I regularly copy and paste the title of a paper that I am looking for into Google. When I do that, I also find similar papers on the same topic because their titles share words with the original title. This is very helpful. If "basic search technique" required me to get rid of "a," "an," "the," etc., my job would be a whole lot more frustrating.
First, I would not say that they can convert arbitrary shell code to English-like prose. Rather, the only instructions that can be used are the ones that are identical to the ASCII encoding of the alphabet. For instance, the ASCII encoding of the letter "r" is identical to the binary for the unconditional jmp instruction. Granted, the authors showed that you can do a lot with this limited set of instructions, but I still wouldn't call it arbitrary.
According to the PDF it does convert arbitrary shell code. FTA: What follows is a brief description of the method we have developed for encoding arbitrary shellcode as English text... It looks like they can encode anything once they have built an English-like decoder (judging by their language and the 3rd figure).
Ah, I forgot about that part. Yes, the first part of the shell code decodes the remaining message so that they are no longer limited to just typical ASCII characters. You are correct.
The tight constraints on the instructions that can be encoded into ASCII make crafting decent English syntax nearly impossible. Spam filters based on natural language processing could probably detect and flag them.
If they were sending SPAM... which they aren't.
Here, you missed my point. I was not implying that they were actually sending spam. The sentences they crafted are essentially identical to the kinds of sentences you see in spam. My point was that NLP techniques could be applied to flag these sentences just as they are with spam.
This talk was probably my favorite at CCS this year. Unlike MANY researchers, the lead author of this paper was quite entertaining. Regarding the work itself, there are a few details that the current discussion has missed.
First, I would not say that they can convert arbitrary shell code to English-like prose. Rather, the only instructions that can be used are the ones that are identical to the ASCII encoding of the alphabet. For instance, the ASCII encoding of the letter "r" is identical to the binary for the unconditional jmp instruction. Granted, the authors showed that you can do a lot with this limited set of instructions, but I still wouldn't call it arbitrary.
Second, he showed several examples of the sentences created. They make about as much sense as "Lorem ipsum dolor sit amet..." The tight constraints on the instructions that can be encoded into ASCII make crafting decent English syntax nearly impossible. Spam filters based on natural language processing could probably detect and flag them.
While disguising the binary as ASCII is cool, I don't see that it's all that different than other exploits. Once a sentence containing an exploit is detected, you'll have signatures just like any other type of virus/trojan. I highly doubt that contemporary anti-virus scanners stop working on data that looks like ASCII. Rather, they look for tell-tale signs of particular instructions that appear in particular orders, etc.
And, as many others have pointed out, this code is only harmful if it is executed in the right context (i.e., you have a vulnerability to exploit). Disguising the code as ASCII doesn't really make it different than any other type of zero-day attack.
This work was very sophisticated, and there's no way that script kiddies could build something like this. I don't know that more advanced attackers would bother, because I really don't see all that much of a payoff given the amount of work that this attack requires. It's a whole lot easier to take over a vulnerable web server and launch a XSS attack. The incentives simply do not seem to suggest that this technique will become widespread.
So, no, I don't think the sky is falling because of this attack. Having said that, though, this was a very cool piece of work.
According to the article, she'd been on leave for a year and a half since being diagnosed. Then her payments just stopped coming with no notification. She had to call the company to find out why, and, at that point, they informed her that she was doing well enough to work. In response to the article, the company put out a written statement that they do not cancel policies based solely on Facebook.
Either there's more to this case than what is being reported, or this company needs to get nailed to the wall.
I, for one, thank the U.N. for their censorship in this case. I had never heard of this book. Were it not for this incident, I may never have learned of it. So I think the U.N. for bringing my attention to it.
Also, note that the parent's quote comes from the section on Web applications (i.e., server-side). The section on Web browsers does not provide even a hint as to their sources.
I've previously driven a manual and now have a 2007 Prius. Like you, my first intuition would be to put the car in neutral. Except in my Prius, I don't have a traditional gear shift that has direct control over the matter. Instead, I have a little nob that I can push in the direction of "D," "N," "R," or "B" (engine breaking). When I push the nob in one of those directions, an electronic component evaluates the command. If my car doesn't like my choice (like trying to shift from D to R while going 45 mph), it makes a little beep and ignores my request. So if it is a problem with the electronic system, and it's ignoring basic requests from the accelerator and the brake pedal, I'm tempted to think it'll ignore the request to shift to neutral. Hopefully, I'll never experience this and find out.
I'm confused. Yesterday, I was told it was Obama's failure. Now you're telling me it's the fault of the post-9/11 policies of G.W. Bush. So it's Bush's fault. But 9/11 happened because Clinton didn't do enough to take out Bin Laden in the '90s. So it's Clinton's fault! Wait, wasn't Bin Laden originally pissed because of the US presence in Saudi Arabia during Gulf War I? So it's G.H.W. Bush's fault! Hold on... Didn't Bin Laden and the Mujahedeen get their training from the US in the '80s to fight the Soviets in Afghanistan? So it's Reagan's fault! Eh, to hell with it. Will somebody just tell me who to blame?
I know many brilliant people who never lived up to their potential partly because, among other reasons, they were completely stifled in a public education system. They were never taught how to work hard to learn, how to challenge themselves. [...] The purpose [of the educational system in the US] is to create a functional workforce that is conditioned to structured systems.
I definitely understand feeling underserved by the US public education system. My performance in my undergrad was mediocre because I was very unprepared for college. In my HS calculus class, fewer than half of the students actually had plans to go to college. The others were there because their friends were taking it.
But I disagree with your claim regarding the system's purpose, because I argue that there is no unifying purpose. And that is part of the problem. The US public school system is for the most part dominated by local control. Yes, states set curricula. Yes, No Child Left Standing--I mean, Behind--mandates a number of standards. But you have to follow the money. Local schools get a certain amount of money per student, based on the classes they are taking. So those non-college-bound students earned my school more money by enrolling in calculus instead of taking a study hall. I tried to convince my guidance counselor to let me take calculus through a local university, because I knew what my school's class was going to be like. She wouldn't let me. If I wasn't enrolled in our school's version, their budget dropped.
Want to solve the problem of under-motivated talented kids? Create some publicly funded charter schools for gifted and talented kids. Make the admission criteria rigorous. Make it tuition free so that socioeconomic status is not a barrier to application. AND create a funding structure that would encourage schools to send their students there. Without the proper incentive structure for the local schools, it can't work.
[...] every skill I now use professionally [...] [emphasis added]
So it seems you are advocating replacing traditional education with vocational school. After all, if it's not a skill that you need for your job, then there's no reason to learn it.
Yes, a lot of school is boring and completely useless. (Anybody else forced to suffer through Jude the Obscure?) However, an education that requires exposure to a broad range of topics is invaluable. The most interesting and intelligent people that I know can go off on tangents about John Cage, Hermann Hesse, or Shinto in between discussions of cryptographic protocols or data structures. If the breadth of your conversations consists of functional programming on one end and OOP on the other, I pity you. Life is about more than just problem solving.
Myriad claims their patents cover ALL tests related to the genes. Go to http://www.accessmylibrary.com/coms2/summary_0286-15489528_ITM. Scroll down to the Myriad case study, and read about the cease-and-desist letters Myriad sent to Canadian provinces in 2001:
"The cease-and-desist orders sent by Myriad to the provincial health care authorities stated that the provincial screening tests infringed Myriad's patents by using the patented genes. The fact that the test used by the provinces was different from the one claimed by Myriad in its patents was not relevant because ultimately any screening test required use of the patented genes."
it's just that without Myriad, *no one* would know that having the BRCA1 gene was a precursor to breast cancer.
Really? Then why is there research on the topic that predates the company? Here's a paper from 1994 that includes at least one co-founder of Myriad: http://www.sciencemag.org/content/vol266/issue5182/index.dtl. Of course, 1994 is after the founding of Myriad in 1991-1992, but you already pointed out that the research takes 5-6 years. Additionally, that paper cites work from http://www.sciencemag.org/cgi/content/abstract/250/4988/1684, which was published in 1990 (before Myriad). The title of that article is "Linkage of early-onset familial breast cancer to chromosome 17q21."
My understanding of the history of Myriad is that they are an example of university research commercialization. That is, the company was founded to establish and protect intellectual property based on work that was done by researchers at the University of Utah. A lot of universities are doing this now, where start-up companies are formed to expand on and profit from research. If the start-ups do well, the universities get a share of the profits.
Just one problem... As this was university research, it was almost certainly publically funded through grants from NIH, NSF, etc. Hence, we US taxpayers funded the research, not Myriad. Yes, Myriad continues to do research to further develop their products, but Myriad's flagship is still BRACAnalysis, which is the product of university research.
Furthermore, Myriad aggressively pursues their IP rights. In 2001, they sent cease-and-desist letters to the Canadian government, claiming that ANY BRCA1 or BRCA2 testing method other than BRACAnalysis violates their patents. So, yes, they are claiming ownership of ALL information relating to the genes, and not just the process. Many provinces are fighting back, and the outcome of those legal battles is unclear.
The moral of the story? Public schools suck. They're useless, the teachers are incompetent[...] So until schools [...] start hiring qualified teachers[...], public (and a lot of private) schools will always be useless.
Once upon a time, I was a math ed major. There were a lot of interesting things I learned in those classes (e.g., that was where I discovered the writings of Jonathan Kozol, which I recommend). But the most important lesson that I learned was how pathetic teaching salaries are. If I took a technical job in the math/CS fields, my starting salary would be triple what I would make as a teacher.
As long as teachers are not respected as professionals and their starting salaries remain low, the vast majority of people with a true passion for the field and the most knowledge of the material will continue to go into industry. I still love to teach--I am currently working on my Ph.D. and intend to stay in academia--but teaching is too much work for the salary offered.