To a large extent, I agree with you. I'd like to point out though that sometimes algorithmic decisions end up ingrained into the rest of the system. Come to think of it, much of the heavy lifting in fixing up the aformentioned login process came from maintaining bug compatibility. There were a number of eccentricities and a very large security model built to work with them. If you've modularized enough to replace algorithms easily you are in very good shape irregardless.
Regarding the obviousness of algorithms, I'm reminded of another problem from the real world. You've a bunch of montly payroll data 30 years for each person, perhaps. The specification requires that you find for each person the four highest non-overlapping years of salary. I.E. the four non-overlapping 12 month periods which when averaged give the highest number. There is a solution which is O(n log n) in the number of months. I took me a day or two to find it, but maybe it is obvious to some...
For many parts of many real world systems, one can get by without awareness of O(n) versus O(n^2), etc.
But then every once in a while will bite you in ass badly. I once fixed a system that was slow to log in, at least for administrators. They had a multi-tiered security model with each "role" assigning multiple individual permissions. Similarly, a particular permission could and would be granted by multiple roles.
The problem code turned out to be a "cache" which contained an aray element for each (role, permission) where the role was held by the user logging in. Effectivly, it was an O(n^2) solution to an O(n) or at most O(n log n) problem. It meant that administrator logins took on the order of a minute, and it increased the size of the client memory footprint by about ten of megabytes.
Thing is, this whole assembly was the result of an "optimization". Somebody had found a need to reduce the number of database accesses. The problem wasn't a question of focus, it was a question of competance and a programmer who failed to acknowledge a certain lack. Letting yourself become sloppy with regards to algorithm selection has it's own dangers.
Regarding point 4, this is a big deal for any nuclear power. A very big deal. It is perhaps the standard method by which a country demonstrates their ability to build ICBMs. Shorter ranged weapons are great deal smaller, and do not require heat shielding, etc.
So what beligerant states does India need near orbital devices to reach?
Argh. Teach me to be lazy when citing companies. I meant Medeco
, purveyer of lock cores to the DOD. And mul-t-lock, which seems to be at least a tad harder to pick than a conventional lock.
The problem is that kryptonite bought POS cores for their locks. A lock core made with close manufacturing tolerances is hard to pick, whether or not a BIC pen happens to fit around the center post.
Without studying locksmithing, how can we know Kyptonite has changed lock core vendors? How do you know that they have solved the root problem? A $50 lock should be good against far more specialized tools than a Bic pen - how can you be sure that they have done a real security audit, when they didn't find this themselves? How can you believe that they even have the capability?
You are waiting for a patch from Microsoft for a buffer overflow in an obvious location. You can wait for a patch, and hope that the next flaw is sufficiently less obvious, or you can install OpenBSD. That is, buy a big sold steel padlock from a vendor which at least tries for real security. Something that you'll actually see on the streets of NYC - Medico, Multilock, etc.
This is a common misconception. You are looking at the historical return of U.S. stocks over what is now known as the "American Century". Compare to other country's stock markets. Ask yourself if the next 100 years are likely to be as good. Ask yourself if they are guaranteed to be as good.
At one point in time there was a serious movement by the administration to allow people to invest their social security monies in the stock market - with a federal guarantee of the same yield as the alternative of government bonds.
I know somebody who ended up calling a number of friends on wall street, asking them to evalute the implicit option being written by the government. Typically, their models, models which they use to stay in buisiness, gave a valuation of about 30 cents on the dollar. Added to the fact that the government would have to pay out on the option in precisely the case where it has no income, and you start to realize the inannity of assuming that stocks are panacea.
Gene Wolfe has often written about what is involved in starting as a science fiction author. I believe the specific essays which I am thinking of are included in "Castle of Days".
Anyway, there two bit of advice that I remember most clearly. Subject to memory error, the first is to try to publish some short stories first - less risk for the publisher, and then they know you. Second is to look for an agent once you've a letter of interest from a publisher. If they won't help you negotiate a deal with a publisher lined up and talking to you, then they won't help.
The referenced website doesn't take questions over 500 characters. I'm trying to decide how to cut this down to submit it there. In the meantime:
Social security collects about 12% each year. Take somebody who works from age 15 to 65. Using simple high school math, we find that they have put in about 6 years of salary. The current average lifespan is 77. So having put in 6 years of salary, it is typical to take out 12.
These numbers are rough, particularly in that they don't include SSA investment returns. However, they also leave out inflation, which largely offsets any such gains.
Mr. Kerry, these numbers make no reference to the strength of the economy, or to any other of your "three pillars". Also, it is always harder to fix you financial problems after you run out of money. Solvancy till 2040 isn't so very reassuring.
Mr. Bush, privatization is risky. There is a reason for the spread between treasuries and other instruments.
In any case, a requirement for a financialy sound social security program is that the typical retiree has paid for their retirement. This is an actuarial question, and the retirement age was originally set to ensure this. Since then, the actuarial tables have changed by more than the retirement age.
From your platforms, you don't believe this argument. Otherwise you'd be starting to push for another slow shift in the retirement age. So I ask, with specificity, where exactly do you think I have gone wrong?
I share this view, and have been pointing it out for some time. Code bloat, be it legal or computer, occurs for known reasons. These include disorganization, multiple cooks, and feature creep. Once upon a time, the tax code just tried to take in money. Subsidising education wasn't in the IRS's parameters.
Computer engineers do study the problem at times, and solutions are known: refactoring, strict modularization, and moderation of features.
Strictly speaking, there are formal methods for verifying properties of a computer system. In practice, there are several problems.
One is that formal methods require a formal specification, and one can have a bug in a specification almost, but not quite, as easily as one can have a bug in code. And the day you security requirements change there is no reason anything you've done can be reused.
Another is that it is expensive. To be safe you need to verify the hardware, the OS, and every program (unless you can prove that the OS fully isolates the programs from each other). I heard that some academics once built a computer and OS with this level of verification. By the time it was done, it was out of date, and the cost was extravagent back when computers were expensive.
A limited form of this sort of technology is used in the Java VM. The VM verifies that the code is safe by creating a proof of safety before executing the code. There was once a bug in the verifier (in princicple one could prove correctness of the verifier, or at least create a proven correct verifier, but in practice...) also, there was at least once of case of a bug in a library which gave too much access to an applet. More discussion of this sort of technology can be found by look up, say, Proof Carrying Code (PCC) on google.
Yes, but if the reflective layer degrades, it becomes a data recovery problem. Evaporating a relective layer back on isn't impossible, but is probably a finicky (read expensive) processes.
No, the dye won't last forever. However, in harsh conditions it lasts noticably longer than most alternatives. Or at least, it is claimed to last much longer in, say, the direct sunlight challenge.
As of a few months ago you could certainly still get gold reflecting layers with Phthalocyanine dye, though you have to pay for it. I ordered 100 Mitsui gold's (now apparently called MAM-A) from dsgi for digital photo archival.
I have to burn them at less than max speed, apparently the more stable dye requires more laser power. Otherwise no surprises so far. (knock on wood)
..most exploits are found by security firms of some sort...
I once knew I guy who claimed to have come across a few "non-public" solaris exploits. Said it was a few years before a patch was released. All that I would say for sure is that of the exploits posted to bugtraq, most are posted by white hats.
The fact that microchips aren't inheriently all that sturdy in space. Microchips that need to last any time in space must be radiation hardened. While they use laptops in the shuttle, a laptop that would last for months in space would probably require custom silicon.
So, it wouldn't surprise me at all for some eventual mission to mars to take mechanical watches.
I think the lesson learned from LTCM is that you shouldn't gamble with money that you cannot afford to lose, even with odds tilted in your favor. But shouldn't keep you playing a game with an expected profit. Just be carefull that you leave enough to play again if you lose.
This makes clear the danger of margin trading, and hence my comment about hedging by using puts instead. Yes you pay more for the strategy when it works - a bigger drop is required to turn a profit, but you are paying for insurance against the stock rising.
LTCM kept doubling down. It is a wonderful standard paradox (in the statistics sense of being strange but true) that always doubling down at the casino has an infinite expected yield. The problem is that casinos have house limits and maximum credit lines.
Often better than shorting is to buy "put" options on the stock.
Put options give you the right to sell the stock at a later date, but at, say, today's price. The only risk is the price of the put, wheras when you short stock you have arbitrary exposure if the stock goes up.
Also, it is probably easier to get approval from a broker to trade puts. Shorting stock basically means him lending you stock. Buying puts avoids that aspect of it.
Those are skills, not facts. Ever memorize the telephone directory? The win32 api? Any large disorganized collection of information? Quickly and permanently? Without exercising the knowledge regularly?
Perhaps for some people it is easier to learn rote fact and procedures. Some people are in such a habit of doing so that it is disconcerning.
My mother runs a clinical DNA lab at a hospital. At regular intervals she was complaining about how every six months to a year she had to have her boss, an MD, sign off on a report. And every time she'd have a re-explain to her boss what was going on. Not little details like which chemicals are being used, but big picture stuff.
I pointed out to her that usually when I have trouble rembering a complicated structure, it is because I don't have the reasoning behind it. The implication being that she should try to give enough theory to bind the procedures together. Her response? "Oh, these are MDs, they always just want to know the answers."
Such a reassuring attitude for a doctor to have, no?
This is true, but I doubt the fellow with the question is interested in real math. Quite frankly, the proofs are a hindrance to understanding the mathematics. Proofs are often the result of hundreds of years of mathematical development.
That's true, we have been using proofs in math and physics since the greeks realized that they allowed truth by demonstration instead of authority. Now everybody forgets that they are the foundation of everything in math past arithmatic. My guess is that this is because they aren't taught in high school. Well, they used to be in geometry, but I don't think they get much emphasis anymore. It took awhile for western civilization to forget Euclid's contribution, no?
The game w'ff-n-proof, which I mentioned before, is recommended for grade schoolers, and teaches logic better than any logic course. For this reason I tend to think that people who don't get proofs approach them wrong. The alternative is simply to troublesome to think about:-/
Ok, OK. Technically, all the proofs in the math journals should be fed through HOL. In fact a fairly large amount of standard textbook analysis and algebra has been run through it.
But it is very time consuming to implement thngs in HOL and mathematician aren't actually that bad at proof checking, for all that they are human.
As far as proof and mathematics, one can, of course, use formulas provided by mathematicians without seeing the derivations. But sometimes, mathematicians do screw up and bad proofs are published, and so if nothing else one should at least have a sense for how wild the derivation was before using it.
I could never do that. I need the explanation of why and always have. Quite frankly, I can't be bothered to learn facts without understanding. Furthermore, I claim that this need to understand relationships is absolutly key to being a scientist or mathematician.
Real math involves proofs. In fact, for mathematicians that is the definition of mathematics. The rest is "just" application. Since the original poster is complaining about the lack of explanation why, I suggest that he look into proofs and other creative aspects of real mathmatics. If you haven't learned that math is a creative art you haven't learned jack. Ok, so I'm opinionated, but this is slashdot and what else is new.
Anyway I suggest that anybody of any age interested in math check out equations and wff-n-proof from the wff-n-proof people.
Regarding books, he had a vague request so I'll make some vague suggestions. Springer Verlag publishes lots of great mathbooks, as well as quite a few not so great. Some of them I can even read, and they do have a some series and books advertised for undergraduates. Look for yellow in any self respecting University library or technical bookstore.
Actually, going through a university library or bookstore is probably the best advice I can give under the teach a man to fish philosophy. Learning to go through a stack and pick out books that are readable but challenging is basically the secret to scholarhood. That and faith in the fact that once you've ground through one the rest will be a smidgen easier.
Oh, and you can also check out the math section of Cononical Tomes I made a few contributions when it first started, and would assume that it has only grown.
It is pretty much impossible to design something to "float" passivly at a fixed distance underwater. If denser than water, it sinks, if less dense, some portion (potentially small) will be above water, if exactly equal it will drift up and down with the currents.
Also note that 'essentially random' only dodges so much. Within every somewhat random file is a shorter truely random file.
For example, I believe that the accepted amount of randomness in typical english text is about 3 bits per word. So, unless you know something else about the text (that it is the text of Moby Dick, or was written by somebody who overuses certain phrases), you need at an absolute theoretical minimum of 3 non-redundant bits for each word to reconstruct the text.
Slashdot Mirror
Regarding the obviousness of algorithms, I'm reminded of another problem from the real world. You've a bunch of montly payroll data 30 years for each person, perhaps. The specification requires that you find for each person the four highest non-overlapping years of salary. I.E. the four non-overlapping 12 month periods which when averaged give the highest number. There is a solution which is O(n log n) in the number of months. I took me a day or two to find it, but maybe it is obvious to some...
But then every once in a while will bite you in ass badly. I once fixed a system that was slow to log in, at least for administrators. They had a multi-tiered security model with each "role" assigning multiple individual permissions. Similarly, a particular permission could and would be granted by multiple roles.
The problem code turned out to be a "cache" which contained an aray element for each (role, permission) where the role was held by the user logging in. Effectivly, it was an O(n^2) solution to an O(n) or at most O(n log n) problem. It meant that administrator logins took on the order of a minute, and it increased the size of the client memory footprint by about ten of megabytes.
Thing is, this whole assembly was the result of an "optimization". Somebody had found a need to reduce the number of database accesses. The problem wasn't a question of focus, it was a question of competance and a programmer who failed to acknowledge a certain lack. Letting yourself become sloppy with regards to algorithm selection has it's own dangers.
So what beligerant states does India need near orbital devices to reach?
Ah, no actually. Tracker doesn't have any part of the file. Well, it has some checksums for the file, but then, those are already in the .torrent.
Or the ware in question can just enmesh itself in IE, or (presumably) some other browser that you actually use. Never send an app to do a DLL's job.
Argh. Teach me to be lazy when citing companies. I meant Medeco , purveyer of lock cores to the DOD. And mul-t-lock, which seems to be at least a tad harder to pick than a conventional lock.
Without studying locksmithing, how can we know Kyptonite has changed lock core vendors? How do you know that they have solved the root problem? A $50 lock should be good against far more specialized tools than a Bic pen - how can you be sure that they have done a real security audit, when they didn't find this themselves? How can you believe that they even have the capability?
You are waiting for a patch from Microsoft for a buffer overflow in an obvious location. You can wait for a patch, and hope that the next flaw is sufficiently less obvious, or you can install OpenBSD. That is, buy a big sold steel padlock from a vendor which at least tries for real security. Something that you'll actually see on the streets of NYC - Medico, Multilock, etc.
At one point in time there was a serious movement by the administration to allow people to invest their social security monies in the stock market - with a federal guarantee of the same yield as the alternative of government bonds.
I know somebody who ended up calling a number of friends on wall street, asking them to evalute the implicit option being written by the government. Typically, their models, models which they use to stay in buisiness, gave a valuation of about 30 cents on the dollar. Added to the fact that the government would have to pay out on the option in precisely the case where it has no income, and you start to realize the inannity of assuming that stocks are panacea.
Anyway, there two bit of advice that I remember most clearly. Subject to memory error, the first is to try to publish some short stories first - less risk for the publisher, and then they know you. Second is to look for an agent once you've a letter of interest from a publisher. If they won't help you negotiate a deal with a publisher lined up and talking to you, then they won't help.
Social security collects about 12% each year. Take somebody who works from age 15 to 65. Using simple high school math, we find that they have put in about 6 years of salary. The current average lifespan is 77. So having put in 6 years of salary, it is typical to take out 12.
These numbers are rough, particularly in that they don't include SSA investment returns. However, they also leave out inflation, which largely offsets any such gains.
Mr. Kerry, these numbers make no reference to the strength of the economy, or to any other of your "three pillars". Also, it is always harder to fix you financial problems after you run out of money. Solvancy till 2040 isn't so very reassuring.
Mr. Bush, privatization is risky. There is a reason for the spread between treasuries and other instruments.
In any case, a requirement for a financialy sound social security program is that the typical retiree has paid for their retirement. This is an actuarial question, and the retirement age was originally set to ensure this. Since then, the actuarial tables have changed by more than the retirement age.
From your platforms, you don't believe this argument. Otherwise you'd be starting to push for another slow shift in the retirement age. So I ask, with specificity, where exactly do you think I have gone wrong?
Computer engineers do study the problem at times, and solutions are known: refactoring, strict modularization, and moderation of features.
One is that formal methods require a formal specification, and one can have a bug in a specification almost, but not quite, as easily as one can have a bug in code. And the day you security requirements change there is no reason anything you've done can be reused.
Another is that it is expensive. To be safe you need to verify the hardware, the OS, and every program (unless you can prove that the OS fully isolates the programs from each other). I heard that some academics once built a computer and OS with this level of verification. By the time it was done, it was out of date, and the cost was extravagent back when computers were expensive.
A limited form of this sort of technology is used in the Java VM. The VM verifies that the code is safe by creating a proof of safety before executing the code. There was once a bug in the verifier (in princicple one could prove correctness of the verifier, or at least create a proven correct verifier, but in practice...) also, there was at least once of case of a bug in a library which gave too much access to an applet. More discussion of this sort of technology can be found by look up, say, Proof Carrying Code (PCC) on google.
No, the dye won't last forever. However, in harsh conditions it lasts noticably longer than most alternatives. Or at least, it is claimed to last much longer in, say, the direct sunlight challenge.
Umm... what literature would that be? There is a white paper which explicitly states that the reflective later is 24k gold.
I have to burn them at less than max speed, apparently the more stable dye requires more laser power. Otherwise no surprises so far. (knock on wood)
I once knew I guy who claimed to have come across a few "non-public" solaris exploits. Said it was a few years before a patch was released. All that I would say for sure is that of the exploits posted to bugtraq, most are posted by white hats.
While they use laptops in the shuttle, a laptop that would last for months in space would probably require custom silicon.
So, it wouldn't surprise me at all for some eventual mission to mars to take mechanical watches.
This makes clear the danger of margin trading, and hence my comment about hedging by using puts instead. Yes you pay more for the strategy when it works - a bigger drop is required to turn a profit, but you are paying for insurance against the stock rising.
LTCM kept doubling down. It is a wonderful standard paradox (in the statistics sense of being strange but true) that always doubling down at the casino has an infinite expected yield. The problem is that casinos have house limits and maximum credit lines.
Put options give you the right to sell the stock at a later date, but at, say, today's price. The only risk is the price of the put, wheras when you short stock you have arbitrary exposure if the stock goes up.
Also, it is probably easier to get approval from a broker to trade puts. Shorting stock basically means him lending you stock. Buying puts avoids that aspect of it.
Those are skills, not facts. Ever memorize the telephone directory? The win32 api? Any large disorganized collection of information? Quickly and permanently? Without exercising the knowledge regularly?
Perhaps for some people it is easier to learn rote fact and procedures. Some people are in such a habit of doing so that it is disconcerning.
My mother runs a clinical DNA lab at a hospital. At regular intervals she was complaining about how every six months to a year she had to have her boss, an MD, sign off on a report. And every time she'd have a re-explain to her boss what was going on. Not little details like which chemicals are being used, but big picture stuff.
I pointed out to her that usually when I have trouble rembering a complicated structure, it is because I don't have the reasoning behind it. The implication being that she should try to give enough theory to bind the procedures together. Her response? "Oh, these are MDs, they always just want to know the answers."
Such a reassuring attitude for a doctor to have, no?
This is true, but I doubt the fellow with the question is interested in real math. Quite frankly, the proofs are a hindrance to understanding the mathematics. Proofs are often the result of hundreds of years of mathematical development.
That's true, we have been using proofs in math and physics since the greeks realized that they allowed truth by demonstration instead of authority. Now everybody forgets that they are the foundation of everything in math past arithmatic. My guess is that this is because they aren't taught in high school. Well, they used to be in geometry, but I don't think they get much emphasis anymore. It took awhile for western civilization to forget Euclid's contribution, no?
The game w'ff-n-proof, which I mentioned before, is recommended for grade schoolers, and teaches logic better than any logic course. For this reason I tend to think that people who don't get proofs approach them wrong. The alternative is simply to troublesome to think about :-/
But it is very time consuming to implement thngs in HOL and mathematician aren't actually that bad at proof checking, for all that they are human.
As far as proof and mathematics, one can, of course, use formulas provided by mathematicians without seeing the derivations. But sometimes, mathematicians do screw up and bad proofs are published, and so if nothing else one should at least have a sense for how wild the derivation was before using it.
Real math involves proofs. In fact, for mathematicians that is the definition of mathematics. The rest is "just" application. Since the original poster is complaining about the lack of explanation why, I suggest that he look into proofs and other creative aspects of real mathmatics. If you haven't learned that math is a creative art you haven't learned jack. Ok, so I'm opinionated, but this is slashdot and what else is new.
Anyway I suggest that anybody of any age interested in math check out equations and wff-n-proof from the wff-n-proof people.
Regarding books, he had a vague request so I'll make some vague suggestions. Springer Verlag publishes lots of great mathbooks, as well as quite a few not so great. Some of them I can even read, and they do have a some series and books advertised for undergraduates. Look for yellow in any self respecting University library or technical bookstore.
Actually, going through a university library or bookstore is probably the best advice I can give under the teach a man to fish philosophy. Learning to go through a stack and pick out books that are readable but challenging is basically the secret to scholarhood. That and faith in the fact that once you've ground through one the rest will be a smidgen easier.
Oh, and you can also check out the math section of Cononical Tomes I made a few contributions when it first started, and would assume that it has only grown.
It is pretty much impossible to design something to "float" passivly at a fixed distance underwater. If denser than water, it sinks, if less dense, some portion (potentially small) will be above water, if exactly equal it will drift up and down with the currents.
Try Janes and Foreign Affairs give fairly unbiased analysis of such things.
For example, I believe that the accepted amount of randomness in typical english text is about 3 bits per word. So, unless you know something else about the text (that it is the text of Moby Dick, or was written by somebody who overuses certain phrases), you need at an absolute theoretical minimum of 3 non-redundant bits for each word to reconstruct the text.
So even 'effectivly random' only goes so far.