Higher pay means higher bars and harsher judgement.
Where do you work such that management is put to a higher standard and face harsher penalties when they fail to live up to it? I would like to submit a resume, since I've never seen such a magical place.
I can 100% correlate this type of staff appraisal with the successful companies I have worked at.
TLDR, I think its a disservice to lump women engineers in with management oriented women in the discussion about sexism in the technical industry, since management is always judged harder.
And paid more. Higher pay means higher bars and harsher judgement. Don't feel sad for them.
Now I have to go back and read the papers to re-establish why I think there is not a free choice of seed......
See section 3, just past the table. here. A limited subset of triples give a full period.
Reading it again, I might be wrong. That's all about picking the right matrix for a full period, not the initial state. It is normal for me to be wrong.
Nope. It has a fixed starting point. The cycle space of xorshift is smaller than the full state space of the internal state variable. If you just stuff in a random value, it won't behave as intended.
There might be a way to compute an arbitrary intermediate state on the cycle, but I never seen it described.
Nope. It has a fixed starting point. The cycle space of xorshift is smaller than the full state space of the internal state variable. If you just stuff in a random value, it won't behave as intended.
It seems to me the main time sink is physically rolling the die. Instead put several dice of different colors in the cup and have the computer read them all and sort by colour. And instant increase in speed.
As someone who has studied the subject, I can tell you that software-based "pseudo-" random number generators aren't really good enough for competition use, and making a true random number generator that actually generates bits of equal probability is somewhat difficult (it's been done but requires a lot of know-how). There are some very interesting designs. The other major problem is that as a user it's very difficult to validate that the device will work correctly. Sure you can do lots of tests, but it's a software based device, so it could be programmed to change odds at a later time, or change odds based on how you hold it, etc. I wouldn't trust one for the same reason I don't trust electronic voting machines: it's too easy to tamper with them and hide the evidence.
It's not 'difficult'. But you do have to know what you are doing and why you are doing it. Fortunately my day job is designing cryptographically secure RNGs. You need and entropy source and you need to know lower bounds for its Renye min-entropy (Hinf(X)). Then you can implement an extractor to create seeds that is tolerant to the source quality (or lack thereof) - SP800-90B for appropriate algorithms for single sources or various IACR papers for multiple input extractors. The output of the extractor can be used directly or can seed a secure PRNG such as the AES-CTR-DRBG or HMAC-DRBG if you need more numbers more quickly.
If you're going for a simple PRNG, xorshift is generaly much better than the LCRNG. Fast, too since it uses only XOR and shift instructions. I wouldn't be surprised if you could make a nearly 2^32-1 period one using 8 bit integers, so it would run like a bat on an 8 bitter like an arduino.
The new king in town for non-cryptographic PRNGs is the permuted congruential generator. xorshift sucks because you can't seed it.
Beware the creator of PCGs seems to know statistics, but doesn't know crypto and appeared naive as to why PCGs are useless for crypto.
Eh, more like their situation/life circumstances than "who they really are"
This maybe true also. However someone's life situation can be affected by the person and the person can be affected by the life situation, so statistically untangling these confounding factors would require a randomized trial with interventions that wouldn't be allowed, E.G. Forcing people onto heroin and/or sending them to a war in Vietnam.
Trick question - in certain parts of rural England feathers are dirt cheap and a pound's worth will yield far more grams than gold which has a relatively constant value regardless of geography.
Think of literally *any* activity, object or substance, and you can find a person who has serious addiction issues with it. Usually it has more to do with the personality type than the subject of their addiction.
Too lazy to find the citation - it was an article in the New Scientist, but data from the heroin riddled veins of Vietnam vets returning to the USA backs this up. Home grown junkies are a self selected group. When you take a broad chunk of society and put them on heroin (as happened in the Vietnam war), they mostly drop it when they return home.
This was pretty good evidence that the addition is more a function of the addict than the drug.
I coded the payment system on our store's website in python CGI scripts.
You can write secure code or insecure code in any language. You haven't shown anything that proves PHP itself is less secure than Python or Perl or ASP or $favorite_language.
I've written hundreds of thousands of lines of PHP and I put security as my primary concern. None of them have been hacked because I rigorously sanitize data and don't allow users to access things they shouldn't. Yes, it's a bit of a pain to try and cover every conceivable attack vector, but you can write secure code in PHP just as you can in any language. It's not the language, it's the implementation of the code you write.
I was answering the question as asked, not filling in the details to satisfy your curiosity. The relevant bit is attack surface and the reduction thereof, by doing things outside the memory space of the web server and passing all data through a well controlled pipe. You might be able to write secure code in PHP. But the language is largely irrelevant to the method of attack surface reduction I was employing that I was referring to, whereas CGI is. Old school, simple, separated.
The honeypot is a simple way to identify an attack source. It's only one thing. As for any defense-in-depth structure, the failure of one thing doesn't compromise the whole. Preferably the failure of several things doesn't compromise the whole.
If you think there is anything to do with security in the PCI-DSS specs, you are sadly mistaken. They are a pile of poo.
heh, and how many websites get updated? If it ain't hacked yet... well, don't look... we don't want to upgrade.
It is the norm for these frameworks that the installation involves fifteen pages of "put that there, set that permission, put this in the apache config, install this pre-req". Tomato Cart and Zen Cart, I'm looking at you.
By the time you finally get it running, it seems like you have a massively fragile configuration consisting of many small changes. The idea of dropping an upgraded codebase on that is akin to saying "Your website will go down for a week while you get it running again, because that's how long it took you last time".
What is needed for a fix is instructions to "Change this line to say this" in your existing codebase. So you can make a minimally invasive change.
Slashdot Mirror
Higher pay means higher bars and harsher judgement.
Where do you work such that management is put to a higher standard and face harsher penalties when they fail to live up to it? I would like to submit a resume, since I've never seen such a magical place.
I can 100% correlate this type of staff appraisal with the successful companies I have worked at.
TLDR, I think its a disservice to lump women engineers in with management oriented women in the discussion about sexism in the technical industry, since management is always judged harder.
And paid more. Higher pay means higher bars and harsher judgement. Don't feel sad for them.
Really? I would have thought it would have been completely binomial and only somewhat normal.
Normal is just the limit of binomial. 100 D1s is effectively infinite after enough drinks.
Now I have to go back and read the papers to re-establish why I think there is not a free choice of seed. .....
See section 3, just past the table. here. A limited subset of triples give a full period.
Reading it again, I might be wrong. That's all about picking the right matrix for a full period, not the initial state. It is normal for me to be wrong.
xorshift sucks because you can't seed it.
Can't you?
Nope. It has a fixed starting point. The cycle space of xorshift is smaller than the full state space of the internal state variable. If you just stuff in a random value, it won't behave as intended.
There might be a way to compute an arbitrary intermediate state on the cycle, but I never seen it described.
xorshift sucks because you can't seed it.
Can't you?
Nope. It has a fixed starting point. The cycle space of xorshift is smaller than the full state space of the internal state variable. If you just stuff in a random value, it won't behave as intended.
It seems to me the main time sink is physically rolling the die. Instead put several dice of different colors in the cup and have the computer read them all and sort by colour. And instant increase in speed.
As someone who has studied the subject, I can tell you that software-based "pseudo-" random number generators aren't really good enough for competition use, and making a true random number generator that actually generates bits of equal probability is somewhat difficult (it's been done but requires a lot of know-how). There are some very interesting designs. The other major problem is that as a user it's very difficult to validate that the device will work correctly. Sure you can do lots of tests, but it's a software based device, so it could be programmed to change odds at a later time, or change odds based on how you hold it, etc. I wouldn't trust one for the same reason I don't trust electronic voting machines: it's too easy to tamper with them and hide the evidence.
It's not 'difficult'. But you do have to know what you are doing and why you are doing it. Fortunately my day job is designing cryptographically secure RNGs.
You need and entropy source and you need to know lower bounds for its Renye min-entropy (Hinf(X)). Then you can implement an extractor to create seeds that is tolerant to the source quality (or lack thereof) - SP800-90B for appropriate algorithms for single sources or various IACR papers for multiple input extractors. The output of the extractor can be used directly or can seed a secure PRNG such as the AES-CTR-DRBG or HMAC-DRBG if you need more numbers more quickly.
If you're going for a simple PRNG, xorshift is generaly much better than the LCRNG. Fast, too since it uses only XOR and shift instructions. I wouldn't be surprised if you could make a nearly 2^32-1 period one using 8 bit integers, so it would run like a bat on an 8 bitter like an arduino.
The new king in town for non-cryptographic PRNGs is the permuted congruential generator. xorshift sucks because you can't seed it.
Beware the creator of PCGs seems to know statistics, but doesn't know crypto and appeared naive as to why PCGs are useless for crypto.
You should have tested the distribution with a $\chi^2$ test.
Bzzt! You fail the "I know how to test for randomness" test.
Chi square TOR is a bias test and only a bias test.
>> I was rolling 100 D1s.
It might also explain why 99% of your results are between 37 and 63.
Don't worry. That's completely normal.
Eh, more like their situation/life circumstances than "who they really are"
This maybe true also. However someone's life situation can be affected by the person and the person can be affected by the life situation, so statistically untangling these confounding factors would require a randomized trial with interventions that wouldn't be allowed, E.G. Forcing people onto heroin and/or sending them to a war in Vietnam.
The Ferry Redox Mediator was the band member who used break up fights in Roxy Music.
Wrong band. You're thinking of Redoxy Music.
I have no idea. But you could try to reverse bias a dead lemon equipped with the appropriate electrodes and see if it charges up.
This is something you can test for yourself. Just save the limes for garnishing gin.
I don't think you understood the humour inherent in my arbitrage answer.
I think you are correct. What is the humor?
Evil birds growing their feathers where feathers are cheap, then employing arbitrage by flying to where they are more expensive.
I don't think you understood the humour inherent in my arbitrage answer.
1982.
Enough said.
Prestel in the same time frame.
Does the conductivity change?
Yes.
Next.
Trick question - in certain parts of rural England feathers are dirt cheap and a pound's worth will yield far more grams than gold which has a relatively constant value regardless of geography.
I don't think the question allows for arbitrage.
Think of literally *any* activity, object or substance, and you can find a person who has serious addiction issues with it. Usually it has more to do with the personality type than the subject of their addiction.
Too lazy to find the citation - it was an article in the New Scientist, but data from the heroin riddled veins of Vietnam vets returning to the USA backs this up. Home grown junkies are a self selected group. When you take a broad chunk of society and put them on heroin (as happened in the Vietnam war), they mostly drop it when they return home.
This was pretty good evidence that the addition is more a function of the addict than the drug.
But the language is largely irrelevant to the method of attack surface reduction I was employing that I was referring to
And that was my point entirely.
But not a contradiction of mine, which is how you cast it.
I coded the payment system on our store's website in python CGI scripts.
You can write secure code or insecure code in any language. You haven't shown anything that proves PHP itself is less secure than Python or Perl or ASP or $favorite_language.
I've written hundreds of thousands of lines of PHP and I put security as my primary concern. None of them have been hacked because I rigorously sanitize data and don't allow users to access things they shouldn't. Yes, it's a bit of a pain to try and cover every conceivable attack vector, but you can write secure code in PHP just as you can in any language. It's not the language, it's the implementation of the code you write.
I was answering the question as asked, not filling in the details to satisfy your curiosity.
The relevant bit is attack surface and the reduction thereof, by doing things outside the memory space of the web server and passing all data through a well controlled pipe. You might be able to write secure code in PHP. But the language is largely irrelevant to the method of attack surface reduction I was employing that I was referring to, whereas CGI is. Old school, simple, separated.
The honeypot is a simple way to identify an attack source. It's only one thing. As for any defense-in-depth structure, the failure of one thing doesn't compromise the whole. Preferably the failure of several things doesn't compromise the whole.
If you think there is anything to do with security in the PCI-DSS specs, you are sadly mistaken. They are a pile of poo.
heh, and how many websites get updated? If it ain't hacked yet... well, don't look... we don't want to upgrade.
It is the norm for these frameworks that the installation involves fifteen pages of "put that there, set that permission, put this in the apache config, install this pre-req". Tomato Cart and Zen Cart, I'm looking at you.
By the time you finally get it running, it seems like you have a massively fragile configuration consisting of many small changes. The idea of dropping an upgraded codebase on that is akin to saying "Your website will go down for a week while you get it running again, because that's how long it took you last time".
What is needed for a fix is instructions to "Change this line to say this" in your existing codebase. So you can make a minimally invasive change.
I don't know about zen cart, but it's based on osCommerce which is a nasty piece of shit.
I tried to use it. Learn from my experience. Don't.