The suckage in searching from a google product struck me as strange too. I've thought about it some though, and it *might* make sense.
In google's web search, they don't do regexes either. And I understand it. Regexes are expensive, and it's difficult to optimize for an arbitrary regex search. And they don't usually do substring searches either. I'm suspecting that google primarily indexes on whole words. However, their results are eerily accurate. One of the big things that helps this is their spelling suggestions. Often they're wrong, but often they're right too. So why don't they suggest other spellings when I search my mail? My suspicion is that they aren't being as clever as I'd like to think they are. My suspicion is that they aren't using some amazing algorithm to figure out what I meant, instead they're using the much simpler method of a million monkeys at typewriters (that would be us) giving them suggestions as to the types of spelling mistakes that people generally make.
And my suspicion is that that's a lot harder to do for ostensibly private e-mail messages than it is for the large and public corpus they have with the internet at large.
But I could be completely wrong on all points. I just know that they suck at searching e-mail. And if their concept of "archive, don't delete" is going to work well, search has to be better.
Re:I like gmail.
on
Gmail vs Pine
·
· Score: 2, Interesting
That is bad. I could almost forgive that one, if the raw ascii strings didn't show up in the binary format. But Google has the "show as HTML" link for many binary formats, so they obviously have the capability to figure out what the raw text is... They're just not using it.
I guess that's why they call it "beta".
Wonder how much of an impact it would make if we (all of slashdot) submitted feature requests for all of these things via google's feedback mechanism.
Re:I like gmail.
on
Gmail vs Pine
·
· Score: 5, Insightful
I like gmail too, but one thing that really bugs me is that, in my experience, search is fairly anemic too. I'm pretty well certain regexes can't be used, and I don't find that too surprising. But even worse, I don't think that wildcards can be used either, and even worse than that, it seems that substrings can't be used either. As an example, I needed to find a message that I had recieved from citibank. Or maybe it was citifinancial. Perhaps citimortgage. But definitely one of the citigroup companies. So I searched for "citi". There were no results. I eventually found the message by having firefox do a text search on each page of headers for the string "citi". Fortunately, that was in the subject of the message.
Maybe there's something I don't know about searching gmail, but at the least, it certainly doesn't seem intuitively obvious to me.
Maybe google should get the DOJ in touch with representative Tom Lantos and have a bit of a discussion on the moral implications of complying with legal orders. Just sayin'.
We are not the only life on the planet which deliberately change our environments to make then suitable for our own well being.
Neither are we the only organism to change the environment for its own not-so-well-being. Human pollution levels are usually measured in the parts-per-million range. Once we've generated enough pollution that 20% of the atmosphere is made up of our poisonous waste products, then we'll start to be in the same class of polluters as the cyanobacteria. (who, by the way, seem to be doing fairly well even after the climate change they precipitated. So to speak.)
I've argued with my boss several times that we should dump the SSN and just keep a few hashes instead (md5/sh1/whatever). He doesn't like that idea for valid reasons (mainly compatibility with other systems that don't know shit about a hashed SSN).
I could be wrong about this, but here's another reason to think of. Hashing the SSN's in the database doesn't raise the bar much for ID thieves. There are 1G possible SSN's. According to my calculations (and the output of "openssl speed md5"), calculating and storing the MD5 of all of them would take my computer about 30 minutes and would take up about 20GB of drive space. After which, looking up an ssn from the hash would be fairly easy.
My first thought was "add some salt", but SSN's aren't passwords (although they're used like passwords fairly often), they're indexes. So if I've got info on my John Doe, and want to see what info you have on that same John Doe, unless we happened to use the same salt we're screwed.
The only solution I can see would be to use deterministic salt. store the MD5 of, for instance, the person's SSN.DOB. That would make it so that the problem for the attacker is (assuming he only cares about people 18-65 years old) 17,155 times harder. So now the database is over 300 TB, and it takes a year to calculate (on my machine). But it means that everyone has to start collecting DOB (which they mostly do anyway - but it would now be necessary) and would have to agree to use MD5(SSN.DOB) as a person's identifier. Thinking about it, that might not be so bad... But it'll still take an act of God or congress to get everyone to start doing it. And I'm guessing God might be more likely.
So what we need in order to have a proper control for this experiment is to take some people who don't game, expose them to Jack Thompson, and see if they develop a desire to torture and kill him.
No, but what I did think was "Wow, cool. Hardware rootkit detection. Intel's really on the ball with this one, already thinking about protecting the flashable on-CPU microcode from malicious activity before anyone (that we know of) has developed a rootkit that roots your hardware as opposed to your operating system."
I stand corrected. I knew that transformers don't tend to work so well on DC, but didn't know how the PSU worked. Reading through that wikipedia article, I'm still not 100% sure of exactly why that kHz chopping is necessary. It sounds like it's all about size and weight, that you need a chunkier transformer at 60Hz, and you'd obviously need a larger capacitor for smoothing the rectified output. My gut feeling is that you'd be better off in the long run paying the price in size and weight, but then again, IANAEE, and the fact that all of the people who actually are EE's decided to do it the other way is a strong indication that my gut feeling is better attributed to indigestion.
"So, here's what we'll do, we'll convert 120v AC to 120v DC, then distribute it to the servers where they'll convert it to 2v DC."
"but how do we convert from 120vDC to 2vDC?"
"With a DC to DC converter"
"How does that work?"
"Well, it's a little box, and inside the box is a chopper which converts the 120vDC to 120vAC, a transformer which converts 120vAC to 2vAC, and a rectifier which converts 2vAC to 2vDC."
"Brilliant!"
Eliminate the middle man. Distribute your voltage as AC, transform it to what you want to use, then convert to DC.
I actually do get the joke, but I feel it's worthwhile to point out that fuel cells combine hydrogen with oxygen to produce power and water. My understanding is that in cold temperatures, that water freezes and does nasty things to fuel cells. IIRC, Honda is one of the few companies to have produced a viable sub-zero fuel cell car.
Still funny to think "maybe they should road test this on Pluto, to see what happens if the fuel freezes..."
(Granted, this story has more focus on the actual use, not the original discovery, but you wouldn't know that from the slashdot article)
And I found myself amused by the sentence: "tests focusing on multiple hits from.50 caliber rounds and improvised explosive devices are in the works. " So just how long does it take our military to Improvise some Explosive Devices? Or scare up more than 1.50 cal round? You'd think when they were testing out that one, they might have brought a whole box full.
As some luminary once said, "It's funny because it's true." Drunk driving is just one of the evils exacerbated by zoning, liquor licence laws, etc.
I wouldn't say so much that DWI convictions have lost their stigma as I would say that DWI is just one of many ways of being really stupid, and being stupid has, for many people (but certainly not me), lost any social stigma it ever had.
The [SM.]ADD crowd have become infected (as most groups struggling to effect change eventually do) by the desire to command and control in excess of the desire to do good works. Sticks are more fun to use than carrots.
On a trip to Ireland I completely figured out why there's a drunk driving problem in the US: There isn't a pub within walking distance of your house. In Ireland, there is. It doesn't matter where you live, there's a pub just around the corner. Why drive there and back, when it's easier to walk?
So the solution to the US drunk driving problem is simple: Build more pubs.
With a $42.6 million grant that originated at the Bill and Melinda Gates Foundation, Berkeley researchers are creating a new malaria drug by removing genetic material of the E. coli bacterium and replacing it with genes from wormwood and yeast."
OK, so here we have a bunch of money, originating from Bill Gates, going to Berkely (of BSD and LSD fame) to do high-tech cross-breeding of fecal bacteria, the plant responsible for the drug-like qualities of absinthe, and the organism responsible for the beer-like qualities of beer.
Some day soon, a hallucinigenic, but otherwise shitty beer will take over the world. I'm convinced of it.
I'm glad I wasn't the only one that read it that way at first. It took me a moment to re-arrange things to where I understood that the phrase "that we find in nature" described behaviors, not machines.
Probably would have been better to say something like "...interest in modeling on machines those behaviors that we find in nature."
But then, what do geeks know about english grammar?
So the question here is, why does that book cost $90? Sure, it's a big book, but so is Cryptonomicon, and I picked that up for under $20, and could pick up a paperback of it for under $10. I would posit that there are three reasons for that $70 difference.
First, there are probably a lot more man-hours of work researching, writing, and checking the average textbook. Not to say that Neal doesn't do a great job, but the fact density of a textbook is (or should be) very high.
Second, economies of scale are severe for information. And a textbook doesn't usually have quite the readership of a bestseller.
Third, economies of scale for printing exist as well. Typesetting a book and doing a printing run have a relatively fixed cost, whether you're printing one book or a bazillion.
Of those three problems, e-books only solve the third (which is probably of the least magnitude of the three).
Of course, pirated e-textbooks would neatly solve all three problems, but I wouldn't exactly call that a shining example.
But what would be interesting is to solve the first two problems with open-sourced textbooks. There are currently several projects to do exactly that, producing textbooks under various open licences. From what I've seen, they haven't gotten very far with that... but it's still a fun idea, and I hope it works out well in the long run.
And that would be a shining example of open source, even if all they did was print them out on dead trees and hand them to the students.
As it is, I looks to me like this project is probably selling these students relatively high-priced information delivered via moderately priced hardware using free software. If the people who are paying for it think it's worth buying, then I'd say that everyone wins, which is always a good thing. But from the article, it looks like they're not 100% sure that they're winning.
I had a friend who had a perfect quote for this sort of thing. "The left hand doesn't know which foot the right is shooting." It's an IPC failure. A "recruitment process" is designed to find good people. These are then handed off to a "hiring process", which begins with an "interview process". Unfortunately, the "interview process" recieves input from both recruitment *and* people walking in off the street. It's geared for weeding out the in-off-the-street group until all that's left is good people. That process doesn't know to act differently when fed a diet of people who are already known to be qualified, but aren't as desparate for a job as the street crowd.
It looks funny from the outside, because even though we know better, it's easy to think of any large organization (i.e., Microsoft) as a single entity, when it's actually a group of individuals flying in loose formation, each doing what they percieve to be their job. Sometimes two people's jobs in such an organization will run to cross-purposes.
My situation is that I have an 18 month old son, and no family in the area. I can watch a movie at home while he's sleeping peacefully in his room.
I can go out to a theater and watch a movie while he's sleeping peacefully in his room too, however, that involves one of:
1) scheduling with and hiring a babysitter, which usually puts the cost of going to a movie at about $100. 2) going to a movie while my wife stays home, which I've never done, but I'm fairly confident would make me kinda unpopular around the house. Especially since my wife likes a lot of the same movies I do. 3) Leaving my son home alone, which I've also never done, and I would consider to be extremely bad parenting.
So, the best option ends up being the $100 per movie option.
OTOH, I pay about $70/month for cable, another $13/month to Tivo, and about $20/month to Blockbuster, and I've got all the movies I can eat. If I watch 1 movie in a month, I'm still basically breaking even.
It is incredibly rare that there's a movie that's actually worth seeing in the theater to me.
first there's "Internet Explorer's Share Dips Below 90%", and now we learn that "Firefox is already used by about 10 percent of IBM's staff". So, it seems that IBM's employees are a lot like the rest of the internet.
3) IOS doesn't have an execution environment with "open" interfaces like a desktop OS. Routers don't execute transport data or routing data. This means no script kiddies. There are of course other ways to crash a router.
I kinda wonder about this sometimes. As a for instance, here is an excellent example of how to write an SMTP client in the TCL shell included in recent IOS versions. Of course, getting the shell to start out with is left as an exercise to the reader, but routers operate more and more heavily on the data that passes through them and arrives at them. On a modern IOS router, you have a bunch of routing processes handling routing protocols, as you would expect, and then you've also got a telnet server, an ssh server, a couple of small tcp/udp services (if for who knows what reason you've decided to turn them on), snmp support, a web server with the capability of executing scripted code directly on the router... In short, there's a lot that's potentially explotiable there.
Of course, I completely agree with your basic assertion that the leak of the source code isn't a particularly big deal, from a security standpoint. The best evidence of this, for me, is the fact that I don't feel at all insecure with the linux-based routers I use, and (sarcasm) I understand the source code to linux got leaked quite a while ago. (/sarcasm)
Slashdot Mirror
The suckage in searching from a google product struck me as strange too. I've thought about it some though, and it *might* make sense.
In google's web search, they don't do regexes either. And I understand it. Regexes are expensive, and it's difficult to optimize for an arbitrary regex search. And they don't usually do substring searches either. I'm suspecting that google primarily indexes on whole words. However, their results are eerily accurate. One of the big things that helps this is their spelling suggestions. Often they're wrong, but often they're right too. So why don't they suggest other spellings when I search my mail? My suspicion is that they aren't being as clever as I'd like to think they are. My suspicion is that they aren't using some amazing algorithm to figure out what I meant, instead they're using the much simpler method of a million monkeys at typewriters (that would be us) giving them suggestions as to the types of spelling mistakes that people generally make.
And my suspicion is that that's a lot harder to do for ostensibly private e-mail messages than it is for the large and public corpus they have with the internet at large.
But I could be completely wrong on all points. I just know that they suck at searching e-mail. And if their concept of "archive, don't delete" is going to work well, search has to be better.
That is bad. I could almost forgive that one, if the raw ascii strings didn't show up in the binary format. But Google has the "show as HTML" link for many binary formats, so they obviously have the capability to figure out what the raw text is... They're just not using it.
I guess that's why they call it "beta".
Wonder how much of an impact it would make if we (all of slashdot) submitted feature requests for all of these things via google's feedback mechanism.
I like gmail too, but one thing that really bugs me is that, in my experience, search is fairly anemic too. I'm pretty well certain regexes can't be used, and I don't find that too surprising. But even worse, I don't think that wildcards can be used either, and even worse than that, it seems that substrings can't be used either. As an example, I needed to find a message that I had recieved from citibank. Or maybe it was citifinancial. Perhaps citimortgage. But definitely one of the citigroup companies. So I searched for "citi". There were no results. I eventually found the message by having firefox do a text search on each page of headers for the string "citi". Fortunately, that was in the subject of the message.
Maybe there's something I don't know about searching gmail, but at the least, it certainly doesn't seem intuitively obvious to me.
Not only should nerds know what snort is, but a story about a firewall company that involves port security should be at least somewhat confusing.
Fortunately, the defective yeti comes to the rescue to enlighten us about what all the fuss over the ports is.
Maybe google should get the DOJ in touch with representative Tom Lantos and have a bit of a discussion on the moral implications of complying with legal orders. Just sayin'.
Neither are we the only organism to change the environment for its own not-so-well-being. Human pollution levels are usually measured in the parts-per-million range. Once we've generated enough pollution that 20% of the atmosphere is made up of our poisonous waste products, then we'll start to be in the same class of polluters as the cyanobacteria. (who, by the way, seem to be doing fairly well even after the climate change they precipitated. So to speak.)
I've argued with my boss several times that we should dump the SSN and just keep a few hashes instead (md5/sh1/whatever). He doesn't like that idea for valid reasons (mainly compatibility with other systems that don't know shit about a hashed SSN).
I could be wrong about this, but here's another reason to think of. Hashing the SSN's in the database doesn't raise the bar much for ID thieves. There are 1G possible SSN's. According to my calculations (and the output of "openssl speed md5"), calculating and storing the MD5 of all of them would take my computer about 30 minutes and would take up about 20GB of drive space. After which, looking up an ssn from the hash would be fairly easy.
My first thought was "add some salt", but SSN's aren't passwords (although they're used like passwords fairly often), they're indexes. So if I've got info on my John Doe, and want to see what info you have on that same John Doe, unless we happened to use the same salt we're screwed.
The only solution I can see would be to use deterministic salt. store the MD5 of, for instance, the person's SSN.DOB. That would make it so that the problem for the attacker is (assuming he only cares about people 18-65 years old) 17,155 times harder. So now the database is over 300 TB, and it takes a year to calculate (on my machine). But it means that everyone has to start collecting DOB (which they mostly do anyway - but it would now be necessary) and would have to agree to use MD5(SSN.DOB) as a person's identifier. Thinking about it, that might not be so bad... But it'll still take an act of God or congress to get everyone to start doing it. And I'm guessing God might be more likely.
So what we need in order to have a proper control for this experiment is to take some people who don't game, expose them to Jack Thompson, and see if they develop a desire to torture and kill him.
Sounds like fun. I'll take bets.
No, but what I did think was "Wow, cool. Hardware rootkit detection. Intel's really on the ball with this one, already thinking about protecting the flashable on-CPU microcode from malicious activity before anyone (that we know of) has developed a rootkit that roots your hardware as opposed to your operating system."
Then I realized: No, they're not that cool.
too bad.
I stand corrected. I knew that transformers don't tend to work so well on DC, but didn't know how the PSU worked. Reading through that wikipedia article, I'm still not 100% sure of exactly why that kHz chopping is necessary. It sounds like it's all about size and weight, that you need a chunkier transformer at 60Hz, and you'd obviously need a larger capacitor for smoothing the rectified output. My gut feeling is that you'd be better off in the long run paying the price in size and weight, but then again, IANAEE, and the fact that all of the people who actually are EE's decided to do it the other way is a strong indication that my gut feeling is better attributed to indigestion.
Thanks for the information.
Mmmm... bad answer.
"So, here's what we'll do, we'll convert 120v AC to 120v DC, then distribute it to the servers where they'll convert it to 2v DC."
"but how do we convert from 120vDC to 2vDC?"
"With a DC to DC converter"
"How does that work?"
"Well, it's a little box, and inside the box is a chopper which converts the 120vDC to 120vAC, a transformer which converts 120vAC to 2vAC, and a rectifier which converts 2vAC to 2vDC."
"Brilliant!"
Eliminate the middle man. Distribute your voltage as AC, transform it to what you want to use, then convert to DC.
(btw, excellent description here.
I actually do get the joke, but I feel it's worthwhile to point out that fuel cells combine hydrogen with oxygen to produce power and water. My understanding is that in cold temperatures, that water freezes and does nasty things to fuel cells. IIRC, Honda is one of the few companies to have produced a viable sub-zero fuel cell car.
Still funny to think "maybe they should road test this on Pluto, to see what happens if the fuel freezes..."
That's OK, the original did have pics in the linked article.
.50 caliber rounds and improvised explosive devices are in the works. " .50 cal round? You'd think when they were testing out that one, they might have brought a whole box full.
(Granted, this story has more focus on the actual use, not the original discovery, but you wouldn't know that from the slashdot article)
And I found myself amused by the sentence:
"tests focusing on multiple hits from
So just how long does it take our military to Improvise some Explosive Devices? Or scare up more than 1
As some luminary once said, "It's funny because it's true." Drunk driving is just one of the evils exacerbated by zoning, liquor licence laws, etc.
I wouldn't say so much that DWI convictions have lost their stigma as I would say that DWI is just one of many ways of being really stupid, and being stupid has, for many people (but certainly not me), lost any social stigma it ever had.
The [SM.]ADD crowd have become infected (as most groups struggling to effect change eventually do) by the desire to command and control in excess of the desire to do good works. Sticks are more fun to use than carrots.
On a trip to Ireland I completely figured out why there's a drunk driving problem in the US: There isn't a pub within walking distance of your house. In Ireland, there is. It doesn't matter where you live, there's a pub just around the corner. Why drive there and back, when it's easier to walk?
So the solution to the US drunk driving problem is simple: Build more pubs.
With a $42.6 million grant that originated at the Bill and Melinda Gates Foundation, Berkeley researchers are creating a new malaria drug by removing genetic material of the E. coli bacterium and replacing it with genes from wormwood and yeast."
OK, so here we have a bunch of money, originating from Bill Gates, going to Berkely (of BSD and LSD fame) to do high-tech cross-breeding of fecal bacteria, the plant responsible for the drug-like qualities of absinthe, and the organism responsible for the beer-like qualities of beer.
Some day soon, a hallucinigenic, but otherwise shitty beer will take over the world. I'm convinced of it.
I'm glad I wasn't the only one that read it that way at first. It took me a moment to re-arrange things to where I understood that the phrase "that we find in nature" described behaviors, not machines.
Probably would have been better to say something like "...interest in modeling on machines those behaviors that we find in nature."
But then, what do geeks know about english grammar?
So the scientist went home, told his wife what he'd done, and she said "So what? I knitted an afghan today too..."
So the question here is, why does that book cost $90? Sure, it's a big book, but so is Cryptonomicon, and I picked that up for under $20, and could pick up a paperback of it for under $10. I would posit that there are three reasons for that $70 difference.
First, there are probably a lot more man-hours of work researching, writing, and checking the average textbook. Not to say that Neal doesn't do a great job, but the fact density of a textbook is (or should be) very high.
Second, economies of scale are severe for information. And a textbook doesn't usually have quite the readership of a bestseller.
Third, economies of scale for printing exist as well. Typesetting a book and doing a printing run have a relatively fixed cost, whether you're printing one book or a bazillion.
Of those three problems, e-books only solve the third (which is probably of the least magnitude of the three).
Of course, pirated e-textbooks would neatly solve all three problems, but I wouldn't exactly call that a shining example.
But what would be interesting is to solve the first two problems with open-sourced textbooks. There are currently several projects to do exactly that, producing textbooks under various open licences. From what I've seen, they haven't gotten very far with that... but it's still a fun idea, and I hope it works out well in the long run.
And that would be a shining example of open source, even if all they did was print them out on dead trees and hand them to the students.
As it is, I looks to me like this project is probably selling these students relatively high-priced information delivered via moderately priced hardware using free software. If the people who are paying for it think it's worth buying, then I'd say that everyone wins, which is always a good thing. But from the article, it looks like they're not 100% sure that they're winning.
Still seems like a worthwhile endeavor.
I had a friend who had a perfect quote for this sort of thing. "The left hand doesn't know which foot the right is shooting." It's an IPC failure. A "recruitment process" is designed to find good people. These are then handed off to a "hiring process", which begins with an "interview process". Unfortunately, the "interview process" recieves input from both recruitment *and* people walking in off the street. It's geared for weeding out the in-off-the-street group until all that's left is good people. That process doesn't know to act differently when fed a diet of people who are already known to be qualified, but aren't as desparate for a job as the street crowd.
It looks funny from the outside, because even though we know better, it's easy to think of any large organization (i.e., Microsoft) as a single entity, when it's actually a group of individuals flying in loose formation, each doing what they percieve to be their job. Sometimes two people's jobs in such an organization will run to cross-purposes.
Here's another reason that applies to some.
My situation is that I have an 18 month old son, and no family in the area. I can watch a movie at home while he's sleeping peacefully in his room.
I can go out to a theater and watch a movie while he's sleeping peacefully in his room too, however, that involves one of:
1) scheduling with and hiring a babysitter, which usually puts the cost of going to a movie at about $100.
2) going to a movie while my wife stays home, which I've never done, but I'm fairly confident would make me kinda unpopular around the house. Especially since my wife likes a lot of the same movies I do.
3) Leaving my son home alone, which I've also never done, and I would consider to be extremely bad parenting.
So, the best option ends up being the $100 per movie option.
OTOH, I pay about $70/month for cable, another $13/month to Tivo, and about $20/month to Blockbuster, and I've got all the movies I can eat. If I watch 1 movie in a month, I'm still basically breaking even.
It is incredibly rare that there's a movie that's actually worth seeing in the theater to me.
As an AC pointed out, this should be attributed to Arthur C. Clark. The so-far-as-I-know unattributed corollaries are:
Any sufficintly advanced magic is indistinguishable from technology.
Any technology distinguishable from magic is insufficiently advanced.
Yes I would!
first there's "Internet Explorer's Share Dips Below 90%", and now we learn that "Firefox is already used by about 10 percent of IBM's staff". So, it seems that IBM's employees are a lot like the rest of the internet.
I kinda wonder about this sometimes. As a for instance, here is an excellent example of how to write an SMTP client in the TCL shell included in recent IOS versions. Of course, getting the shell to start out with is left as an exercise to the reader, but routers operate more and more heavily on the data that passes through them and arrives at them. On a modern IOS router, you have a bunch of routing processes handling routing protocols, as you would expect, and then you've also got a telnet server, an ssh server, a couple of small tcp/udp services (if for who knows what reason you've decided to turn them on), snmp support, a web server with the capability of executing scripted code directly on the router... In short, there's a lot that's potentially explotiable there.
Of course, I completely agree with your basic assertion that the leak of the source code isn't a particularly big deal, from a security standpoint. The best evidence of this, for me, is the fact that I don't feel at all insecure with the linux-based routers I use, and (sarcasm) I understand the source code to linux got leaked quite a while ago. (/sarcasm)