Not only did I watch it to the end intently, but I then called my g/f over so that she could watch it too, so I saw it *again*. Best of all, I didn't really notice how long his pause was on the knight the first time, but when you knew its implications, it was shockingly obvious and lasted a lifetime the second time you watch it.
The first link describes a privilege escalation bug, where an *untrusted user* becomes root. That doesn't describe a linux user browsing the web on his own machine. You need an arbitrary code execution bug as well in order to give this bug teeth.
password hints generally are not cool, unless you have to do some pretty rigorous proof of identity first. Just clicking "help", and getting something which reduces the entropy of the password to a dozen bits means that the password only has a dozen bits of entropy, no matter how long or complex it was.
Password hint: "xkcd" Bang! Almost certainly, 0 bits of entropy remain to be found.
No computation at all tells you which passwords are <=8 characters and which are >8 characters. So you can immediately know which targets are better dictionary brute force victims. I would guess that 9 character passwords could be rather obvious too, as there are only likely to be 40 or so 2nd blocks (most will be lower case alpha or a digit). So far fewer 10+-character passwords are likely to have identical 2nd blocks, and the 9-character ones should stand out.
It's not passwords, but it's information. As xkcd says, it's the world's biggest crossword puzzle.
>> if the encryption key is not compromised, then [... not X]
>Horseshit.
>If all of your passwords are encrypted with a single key, a single leak of that key [... lots of X]
You don't understand logic, do you?
Your first argument is basically homomorphic to the following:
A: If it doesn't rain then I won't get wet at all. B: Horseshit. Where you live, when it rains you get drenched
There's probably a formal name for this logical fallacy, but I can't be arsed to look it up, and it's certainly accurate to just call it good old fashioned bollocks logic.
Do you walk across the road as soon as the light shows green, and then hold the car driver responsible if you get hit?
Personally, I think the safest bet is to assume the worst from the other party. Or at least to not expect any more smarts than you're willing to invest yourself.
Thanks for confirmation. My perspective, as you can probably deduce from my language, was from a European perspective, and the case that came to mind was from the UK. It indeed is quite reasonable.
I wonder if in defence one could demand not a "reasonable person" test, but a "reasonable drunk person" test. "She was so hot I had to go and throw up, and then came back to chat to her! She seemed really intelligent, way smarter than me, so she had to be at college, like she said she was!"
In some ways, the vigilante investigators are on very shaky ground legally, if they do anything to feed the fire. If the researchers/fake-kid did anything apart from the equivalent of just running away from any kind of advances (i.e. completely blunt statements, or just terminating the chat, immediately), I'd say they've poisoned the fruit. Even a "what do you mean" is encouraging them. The various links to various news sites around the world really don't give me enough information to know how much of a mess these researchers made of things, alas, but I fear they did something that might invalidate any of the findings. I'm pretty sure they found a thousand slimeballs, but they should have assisted a law enforcement agency in doing this sting, rather than doing it themselves.
Predators are just going to start doing things like reverse-visual CAPTCHAs (i.e. the subject has to provide the visual answer, given a textual/verbal request). If all they've done is build a physics model for the upper torso, then "Show me your shoes" is gonna be a killer request. And even then, "Pull a funny face" or "blow a raspberry" is likely to break all but the most complex of models. ILM can barely do that offline, what hope has something with a less-than-9-figure budget in real time?
Hence the "but she was in a pub/bar/club, so she *must have been* over 18/21" defence, which does actually work on occasion. I'm not sure exactly how it's been worded, but the gist is that the defendent could reasonably believe the age of the other party was what he/she claimed.
Korea is very culturally rich, and very beautiful. I've only been there once, for work earlier this year, and after reporting back to my g/f, we're planning on both heading there next year for several weeks. If you ignore the concrete jungles, the ancient parts are wonderful. However, if you spend all day in the concrete jungles, you are stupid and get what you deserve.
Yeah even javascript isn't required, if I remember the last time I used it, a year or two ago (Nordea). Things are mostly similar in Estonia, Nordea's an even cleaner interace. My SEB needs javascript, but it's pretty lightweight. (And that SEB identity is enough for me to do all kinds of bill-paying, so is extremely useful.)
Finland was even more back-to-basics 20 years ago, IIRC, you could just SSH into the bank, and have an interactive banking session from a menu driven interface.
And some parts of the world still have cheques, sigh...
It's effectively a poisson distribution, in which case the standard deviation is significant in comparison to the average.
Of course, the law of large numbers will converge a large enough number of individual poissons (or anythings) onto a normal distribution, but for bitcoin the proof of work is not for "a large enough number of" results, but for a single one. That single tweak - asking for 16 results that are 16 times easier, say - would increase the fairness, and decrease the luck aspect, significantly. Likewise it would make the generation rate far more predictable. Alas, I suspect it would have some other unwanted side-effects too
That video looks like the slow version 1 (which makes no reference to there being any other versions), this video's the quicker version 2 (which explicitly refers back to the existence of prior versions).
However, it still cheats, as it always follows the human. Perhaps the hands should be forced to touch down on a pad, such that the shape is defined at the precise instant that the first of the hands touches down. There are clear instances where the bot hasn't yet decided what to do. Or rather than doing its 1-2-3 counting by following, with lag obviously, the movements of the humans hand, it should have to follow audio counting by the human instead. That would permit the human to push the limits of mechanical lag in the same way as the bot can. If you can time that pushing perfectly, you can force the bot to default.
So I don't think all is lost, this experiment is clearly set up to favour the robot by overlooking what it's unable to do. V3 might be faster still though, there's no reason to imagine otherwise, and eventually it will be so instantanious it's impossible to detect its lag.
> when this all went down, Terry Childs was the Slashdot Poster Child
I just looked at all the old stories, and couldn't see a single post by on any of them that I'd made. It's impossible to accurately remember what I thought back then, as I'll just project my current views onto my former self. It would be interesting to see if anyone who has expressed a strong opinion historically has now changed tack.
Personally, I think he gives those who work in the same industry as me a bad name. He probably has fantasies about being Simon Travaglia.
Indeed. The question is how inevitable do the subsequent steps have to be in order for the predicted slippery slope to be fallacious. That's a judgement call. Fuzzy things like "a significant proportion of those familiar with the field would expect the outcome" is meaningless, as you just pad the field with people who spout the line you want (thus invoking "appeal to authority").
Almost nothing non-trivial that is actually being argued about can be formally proved. Which means that every argument must have at least one weak point that could be wrong. And almost certainly that weak point matches some logical fallacy. Therefore playing "pin the logical fallacy on the grand argument" is a fairly useless game.
It's far more constructive to actually find the shared set of premises which lead you to a different conclusion from that which is claimed by your antagonist. But that requires a lot more effort, in particular the willingness to disect the opponent's argument into smaller steps. A lot of the time people aren't willing to waste time analysing things that they "know" are wrong.
For your pleasure, there's at least a "no true scotsman" in the above.
They'd maybe not have had a Reagan, Bushes Sr. and Jr., and a second term of Obama were that to be the case, so perhaps it's something to hope for. However, those with the ambition and drive to become president at 35 might be *even worse*.
My former employer used home-brewed tools. I wish I hadn't read this story, as I was just starting to forget the daily brain-rape that I had to endure. This has set me back weeks. Index cards would have been more effective, certainly.
Slashdot Mirror
"Funny"? That was "interesting" to say the least.
Not only did I watch it to the end intently, but I then called my g/f over so that she could watch it too, so I saw it *again*. Best of all, I didn't really notice how long his pause was on the knight the first time, but when you knew its implications, it was shockingly obvious and lasted a lifetime the second time you watch it.
The reactions were beautiful.
The first link describes a privilege escalation bug, where an *untrusted user* becomes root. That doesn't describe a linux user browsing the web on his own machine. You need an arbitrary code execution bug as well in order to give this bug teeth.
What really matters is "accepted standards", there's no need to bring the concept of "morals" into things.
password hints generally are not cool, unless you have to do some pretty rigorous proof of identity first. Just clicking "help", and getting something which reduces the entropy of the password to a dozen bits means that the password only has a dozen bits of entropy, no matter how long or complex it was.
Password hint: "xkcd"
Bang! Almost certainly, 0 bits of entropy remain to be found.
> Massive computation buys you nothing here
No computation at all tells you which passwords are <=8 characters and which are >8 characters. So you can immediately know which targets are better dictionary brute force victims. I would guess that 9 character passwords could be rather obvious too, as there are only likely to be 40 or so 2nd blocks (most will be lower case alpha or a digit). So far fewer 10+-character passwords are likely to have identical 2nd blocks, and the 9-character ones should stand out.
It's not passwords, but it's information. As xkcd says, it's the world's biggest crossword puzzle.
>> if the encryption key is not compromised, then [... not X]
>Horseshit.
>If all of your passwords are encrypted with a single key, a single leak of that key [... lots of X]
You don't understand logic, do you?
Your first argument is basically homomorphic to the following:
A: If it doesn't rain then I won't get wet at all.
B: Horseshit. Where you live, when it rains you get drenched
There's probably a formal name for this logical fallacy, but I can't be arsed to look it up, and it's certainly accurate to just call it good old fashioned bollocks logic.
Do you walk across the road as soon as the light shows green, and then hold the car driver responsible if you get hit?
Personally, I think the safest bet is to assume the worst from the other party. Or at least to not expect any more smarts than you're willing to invest yourself.
Thanks for confirmation. My perspective, as you can probably deduce from my language, was from a European perspective, and the case that came to mind was from the UK. It indeed is quite reasonable.
I wonder if in defence one could demand not a "reasonable person" test, but a "reasonable drunk person" test. "She was so hot I had to go and throw up, and then came back to chat to her! She seemed really intelligent, way smarter than me, so she had to be at college, like she said she was!"
In some ways, the vigilante investigators are on very shaky ground legally, if they do anything to feed the fire. If the researchers/fake-kid did anything apart from the equivalent of just running away from any kind of advances (i.e. completely blunt statements, or just terminating the chat, immediately), I'd say they've poisoned the fruit. Even a "what do you mean" is encouraging them. The various links to various news sites around the world really don't give me enough information to know how much of a mess these researchers made of things, alas, but I fear they did something that might invalidate any of the findings. I'm pretty sure they found a thousand slimeballs, but they should have assisted a law enforcement agency in doing this sting, rather than doing it themselves.
Predators are just going to start doing things like reverse-visual CAPTCHAs (i.e. the subject has to provide the visual answer, given a textual/verbal request). If all they've done is build a physics model for the upper torso, then "Show me your shoes" is gonna be a killer request. And even then, "Pull a funny face" or "blow a raspberry" is likely to break all but the most complex of models. ILM can barely do that offline, what hope has something with a less-than-9-figure budget in real time?
Hence the "but she was in a pub/bar/club, so she *must have been* over 18/21" defence, which does actually work on occasion. I'm not sure exactly how it's been worded, but the gist is that the defendent could reasonably believe the age of the other party was what he/she claimed.
WTF? WTFingF?
Korea is very culturally rich, and very beautiful. I've only been there once, for work earlier this year, and after reporting back to my g/f, we're planning on both heading there next year for several weeks. If you ignore the concrete jungles, the ancient parts are wonderful. However, if you spend all day in the concrete jungles, you are stupid and get what you deserve.
Yeah even javascript isn't required, if I remember the last time I used it, a year or two ago (Nordea). Things are mostly similar in Estonia, Nordea's an even cleaner interace. My SEB needs javascript, but it's pretty lightweight. (And that SEB identity is enough for me to do all kinds of bill-paying, so is extremely useful.)
Finland was even more back-to-basics 20 years ago, IIRC, you could just SSH into the bank, and have an interactive banking session from a menu driven interface.
And some parts of the world still have cheques, sigh...
That's lacist!
(hanging head in shame at having stooped so low)
Well, it is undoubtedly an *amoral* way of achieving that goal.
It's effectively a poisson distribution, in which case the standard deviation is significant in comparison to the average.
Of course, the law of large numbers will converge a large enough number of individual poissons (or anythings) onto a normal distribution, but for bitcoin the proof of work is not for "a large enough number of" results, but for a single one. That single tweak - asking for 16 results that are 16 times easier, say - would increase the fairness, and decrease the luck aspect, significantly. Likewise it would make the generation rate far more predictable. Alas, I suspect it would have some other unwanted side-effects too
http://slashdot.org/story/13/10/23/1414248/surgeon-simulator-inside-the-worlds-hardest-game
Before modding the obvious way, please watch *all* of http://www.youtube.com/watch?v=G8Sux0n-kAM
It won't complete the first round, as both will just sit there waiting for the other to move. "Never loses" might be the best way of describing it.
That video's much more impressive than the one in TFA. The catching of the phone was astounding!
That video looks like the slow version 1 (which makes no reference to there being any other versions), this video's the quicker version 2 (which explicitly refers back to the existence of prior versions).
However, it still cheats, as it always follows the human. Perhaps the hands should be forced to touch down on a pad, such that the shape is defined at the precise instant that the first of the hands touches down. There are clear instances where the bot hasn't yet decided what to do. Or rather than doing its 1-2-3 counting by following, with lag obviously, the movements of the humans hand, it should have to follow audio counting by the human instead. That would permit the human to push the limits of mechanical lag in the same way as the bot can. If you can time that pushing perfectly, you can force the bot to default.
So I don't think all is lost, this experiment is clearly set up to favour the robot by overlooking what it's unable to do. V3 might be faster still though, there's no reason to imagine otherwise, and eventually it will be so instantanious it's impossible to detect its lag.
> when this all went down, Terry Childs was the Slashdot Poster Child
I just looked at all the old stories, and couldn't see a single post by on any of them that I'd made. It's impossible to accurately remember what I thought back then, as I'll just project my current views onto my former self. It would be interesting to see if anyone who has expressed a strong opinion historically has now changed tack.
Personally, I think he gives those who work in the same industry as me a bad name. He probably has fantasies about being Simon Travaglia.
Indeed. The question is how inevitable do the subsequent steps have to be in order for the predicted slippery slope to be fallacious. That's a judgement call. Fuzzy things like "a significant proportion of those familiar with the field would expect the outcome" is meaningless, as you just pad the field with people who spout the line you want (thus invoking "appeal to authority").
Almost nothing non-trivial that is actually being argued about can be formally proved. Which means that every argument must have at least one weak point that could be wrong. And almost certainly that weak point matches some logical fallacy. Therefore playing "pin the logical fallacy on the grand argument" is a fairly useless game.
It's far more constructive to actually find the shared set of premises which lead you to a different conclusion from that which is claimed by your antagonist. But that requires a lot more effort, in particular the willingness to disect the opponent's argument into smaller steps. A lot of the time people aren't willing to waste time analysing things that they "know" are wrong.
For your pleasure, there's at least a "no true scotsman" in the above.
Would you like me to upload a photo of my denim jacket, complete with patches, that I bought in the 80s, which I still have and wear?
And quite how you can effectively parody X without doing some X, I'm not exactly sure...
> do most people die in their 40's there?
They'd maybe not have had a Reagan, Bushes Sr. and Jr., and a second term of Obama were that to be the case, so perhaps it's something to hope for. However, those with the ambition and drive to become president at 35 might be *even worse*.
>> SAP can easily run organizations an order of magnitude bigger
..."
> I lost it at easily.
I misread it as "SAP can easily ruin
My former employer used home-brewed tools. I wish I hadn't read this story, as I was just starting to forget the daily brain-rape that I had to endure. This has set me back weeks. Index cards would have been more effective, certainly.