The show is nice in that it portrays a group of scientists as the main protagonists, but most of the "science" that is shown is absolute junk. How many times have they "enhanced" something that realistically couldn't be enhanced. Sometimes I laugh out loud at it.
I also take issue with how the treatment of the "facts" presented by the evidence is apparently for people with very short attention spans. One moment, they can be absolutely certain that things happened a certain way, five minutes later it's a different way, then fifteen minutes later, it's something else that is the complete opposite of the original certainty. The show always seems to take a rigid interpretation of the evidence which they find, which leads to jumping to conclusions.
The show is fun to watch as long as you don't try to think for yourself. I believe that that is referred to as the suspension of disbelief. It's pure fantasy for entertainment purposes.
prosecutors throughout the country now worry about juries that refuse to accept eyewitness accounts or even outright confessions, and instead exclusively demand the kind of forensic evidence they see on CSI. But of course, in the real world, you don't get a test like that in mere seconds - or without spending a substantial amount of money. So where does CSI rate on the geek scale for you
That's A Good Thing(tm) in my opinion. There have been numerous studies showing how eye-witness testimony is unreliable. From identifications from photo line-ups, to the simple relaying of events which occurred. Convicting someone based entirely on circumstantial evidence and an eye-witness identification is a questionable practise.
From the article, its not that setters/getters are bad themselves, but that overuse of them is bad. Here is the key quote: Don't ask for the information you need to do the work; ask the object that has the information to do the work for you.
I don't mean to harp on this, but this point is about both Abstraction and Encapsulation. Which may help put it into perspective as to why you should do it this way.
About RSA: Current hardware means key lengths should be 1024 bits for complete security. The present generation of web browsers use 128-bit keys so cannot be considered secure against a determined and sufficiently well-resourced attack.
Firstly, directly comparing symetric and asymetric key lengths shows that the authour has no knowledge of encryption. They are not directly comparable since they are used in different ways and have different meanings.
Secondly, claiming 128-bit keys are insecure shows that the authour has no knowledge of encryption. 80-bit keys are widely considered infeasible to break.
I've been looking for work, and I ended up at the EA website. I'm available for the next year, and they had a one year contract position in my area of expertise, so I applied. I didn't hear back from them for about a month. Then I got a call from EA for a "phone interview." We start going throught the questions, and they don't apply to the position that I applied for. They were all, "what part of the game do you want to make," and my response was "I didn't apply for a game development job" every time (I also provided answers that were related to what I really applied for). I eventually asked if she was calling in response to the job that I applied to. She said that EA was calling all "new grads" to find out about them, and that she didn't know about the job that I had applied to. Thanks for wasting my time EA, I'm obviously not a serious candidate to you.
I think it was from the stagnation of palm. They had the number one spot for so long they rarely made any large changes to their os. When Microsoft came out with their os for mobile devices palm tried to catch up and wasnt able to
It was stagnation due to a change in leadership. Back when palm was #1, they brought in a guy from Pepsi to be their CEO. All he did was focus on marketing and promoting the brand. That is how you sell sugar-water, after all. They did no real R&D and made no major advances. He stayed there for a couple of years while the PocketPCs just got better and better. They didn't get rid of him until the PocketPCs were way beyond Palm's technical capabilities and Palm had no chance of catching up.
In Boulder, Colorado tonight there is going to be a rather unusual announcement about the DaVinci Institute's effort to create a Museum of Future Inventions. This will be a museum where they exhibit things that haven't been invented yet, like spray on clothing, instant sleep, genetically engineered Velcro sheep, and metric time.
If the voting machines gave a paper receipt and the exit polls were based on people willing to show their receipt then you'd have a reasonably accurate exit poll. You'd eliminate the possibility of people not accurately saying who they voted for which I think is a known problem. You'd have to factor for any bias between people will to show their receipt and those not willing to show it but statisticians can work out that and other sampling biases.
With really accurate exit polling, it would be really hard for anyone to tamper with the election results.
The secret ballot is one of the fundamental requirements for the western election system. People have to be able to cast their vote in secrecy, so that they can't be threatened or bribed. Sure you can vote for whomever you want. Just be sure to vote for the patriotic choice, or you'll be arrested. Oh, and I'll give you $10 if you give me your ballot to prove that you voted for candidate A; otherwise you are fired. Exit polls are not part of the voting process.
What you are really proposing is a double counting system, where votes are counted two different ways, which I have no problem with as long a the secret ballot is maintained.
The article author gives two suggestions for improving electronic voting systems:
1. Leave a paper trail.....
In response to issue one, I don't think that's really necessary in pure technical terms.
It absolutely is. Without a physical, voter-verifiable paper ballot, a user can never be sure what the machine did when they pushed the button to vote. The user may have pushed "A" and the machine said "confirmed vote for A" on the screen, but it could have really recorded a vote for "B". Everything between the button and the screen is black-box. You don't know what happens in there.
The voting machine needs some record that it creates, then leaves the machine for the user to verify, and remains outside of the machine's control once the user has verified it.
2. Make the code open source.
With issue two, I'm sure greed and corporate paranoia played into the decision to not release voting machine code as open source. But I agree that it will quell plenty of the critics to know exactly what's going on in the box. Will this happen? Possibly, but I doubt it.
It isn't necessary if point (1) is met and all voters take the care to verify that their vote was cast correctly, and those ballots are compared to the electronic tallies. But in security, there is a mantra that says that "obscurity is not security." Whenever a vendor says that they can't show you their implementation because it would compromise security, it means that the system has some flaw that they don't want you to see. Security through obscurity can be defeated by insiders, bribes, reverse-engineering, or collusion, so it offers no security. Extending this to the extreme, we expect all security products to be open about their details. If they aren't we get suspicious.
He brought up one important point then that I didn't see in his blog -- accuracy is the most important thing.
That's interesting. In the article, he says that it's acceptable to have a 5% error rate, as long as it is evenly distributed. I'd suspect that that is correct when held up against statistical analysis. Perhaps some less savvy readers got upset about it and he changed his mind.
As an aside to the above point, the original "WEP" stood for "Wired Equivalency Protocol." They chose that because it acknowledged that wires weren't inherently secure either. It's name didn't claim security at all... just that it was equivalent to a wire. The inside joke was that that didn't mean anything from a security standpoint either.
When you really think about it, by nature wireless networking can never be too secure. I mean, your data is being broadcasted across the air to another point. Think about it.
Your wired network can't be too secure either. All that you need to do is attach a listening device to a wire somewhere. Or just compromise a machine.
See the sibling post about how the basis of cryptography is asuming that someone has access to your encrypted data and the encryption algorithm. All security rests in the key. Cryptographic algorithms exist that can make it infeasable to decrypt a block of cyphertext without the key.
You can potentially address this by adding something like a PIN or password into the system, but that loses both the supposed benefits of the biometric identification and simply shifts the burden of security back where it's always been: remembering a unique piece of information that no one else has.
There are three types of security credentials.
Something that the user is: biometric data.
Something that the user has: a physical security card
Something that the user knows: a password
Each has its own strengths and weeknesses (left as an excercise to the reader). They can all be combined in different ways to create differnt levels of security.
If you ship software that has code in it that is covered by a patent what does that mean?
Patents cover the manufacture, sale, and use of an item.
Can the owner of the patent hit the author up for money?
Yes, the author manufactured and sold it without a license to the patent. This is what patents mainly protect. What will be more likely that the patent holder will get an injunction saying that the author can no longer sell his product, and then seek damages.
Can they hit the users of the code up for money?
Yes, the user used it without a license. See cases involving geneticaly modified seeds.
Can the author say "you, the user, are responsible for getting licenses for any patents that cover this code" and pass the buck?
Yes and no. If they the author doesn't have permision to grant further licenses for use of the patent, then the users must get one themselves from the patent holder. But the author needs a license to produce and sell the item in the first place too.
I've open accounts at hotmail and NEVER used them and had them fill with spam. Most of it porn.
I've seen this claim repeated over and over, but I don't believe it. I have opened five hotmail accounts in the last two years. Only one of them has ever received spam -- the one that I use as my addres to put into web forms. There are boxes that you can check during sign-up to not get listed in directories and not receive partner mailings.
Measuring performance on a curve is bad for a variety of reasons.
Those who tend to be below the curve will be less motivated to work. They perceive that no matter how hard they work, they will never be rewarded because someone else will always be above them. They see that they will never measure up, so they lose motivation.
Those in the middle fo the curve will be knocked down by those above. They could be competent, and putting in good effort, but they will never be recognised as good workers since the competetition at the top keeps them held down.
Those at the top of the curve will always be competing with each other and will never be satisfied with their level of work. They will put in increadible efforts that will be evaluated as "acceptable". If there are 10 superior employees putting in superior work, only one or two of them can be graded "above" and the others will be "punnished" by not being rewarded for their hard work. Eventually, they will see that the rewards that they get are not matching their effort, and they will either leave to go somewhere else where they will be apreciated, or the will stop working so hard.
Competing for limited rewards always creates a climate of hostility. It creates competition between groups and individuals.
Rewards should be based meeting on pre-established criteria, not a relative, sliding scale.
I think you might have a point. Such a tactic would be a classic monopolist tactic. Charge different prices to different people based on their demand level (money willing to spend.) That way you maximize your fleecing of the public.
They already do. See Personal (or Home) vs Plus vs Professional vs Enterprise (or Data Centre).
They already spent the cost in developing the more advanced version. There is fiscal reason to make someone pay more for an advanced version (excepting support costs, but those could be marketed as as service). It's pure marketing.
Tho it has always been hard to explain to the buisiness world the concept of gpl style license agreements.
I never understood why it was hard. The terms are easy.
If you modify or statically use this code that someone else wrote, and distribute it in a compiled form, then you have to distribute the changes that you made and the code that statically uses it in source form under the GPL. If you don't like those terms, then you don't have license to redistribute it in compiled form. The person who originally wrote it only gives you license to use it in this manner.
Tho, i do disagree 100% with the idea that developers do not need to be concerned with the legal side of this argument
I definitely think that they have to know about it. The last project that I worked on heavily used open source components. Most were Apache and BSD style licences. But there was one LGPL that we had to be careful of.
If you're a developer and you are writing some tiered app... why write your own connection pool, logger, encryption layer, application server, XML parser, etc, when you could just plug in someone else's open source stuff. You need to be aware that open source components do exist, and that you need to examine their licenses and be able to understand them.
If you are just some monkey programmer, then you don't need to be aware of these things. A real developer will make the decisions for you.
I don't think blame should be assigned to the technician who missed the task; rather, it seems a gross oversight for the FAA to guarantee that such a critical system will crash after only one missed maintenance task.
Yes, it really is. They had a system in place which they chose, knowing its deficiencies. To combat one of the deficiencies, they proscribed a procedure to be followed monthly. The procedure was not followed by the technician, so it was human error.
Would you expect your car to run flawlessly if you never put gas in it or changed the oil on a regular basis? If you didn't, whos fault is it? The car's or yours?
Slashdot Mirror
The show is nice in that it portrays a group of scientists as the main protagonists, but most of the "science" that is shown is absolute junk. How many times have they "enhanced" something that realistically couldn't be enhanced. Sometimes I laugh out loud at it.
I also take issue with how the treatment of the "facts" presented by the evidence is apparently for people with very short attention spans. One moment, they can be absolutely certain that things happened a certain way, five minutes later it's a different way, then fifteen minutes later, it's something else that is the complete opposite of the original certainty. The show always seems to take a rigid interpretation of the evidence which they find, which leads to jumping to conclusions.
The show is fun to watch as long as you don't try to think for yourself. I believe that that is referred to as the suspension of disbelief. It's pure fantasy for entertainment purposes.
prosecutors throughout the country now worry about juries that refuse to accept eyewitness accounts or even outright confessions, and instead exclusively demand the kind of forensic evidence they see on CSI. But of course, in the real world, you don't get a test like that in mere seconds - or without spending a substantial amount of money. So where does CSI rate on the geek scale for you
That's A Good Thing(tm) in my opinion. There have been numerous studies showing how eye-witness testimony is unreliable. From identifications from photo line-ups, to the simple relaying of events which occurred. Convicting someone based entirely on circumstantial evidence and an eye-witness identification is a questionable practise.
From the article, its not that setters/getters are bad themselves, but that overuse of them is bad. Here is the key quote:
Don't ask for the information you need to do the work; ask the object that has the information to do the work for you.
I don't mean to harp on this, but this point is about both Abstraction and Encapsulation. Which may help put it into perspective as to why you should do it this way.
About RSA: Current hardware means key lengths should be 1024 bits for complete security. The present generation of web browsers use 128-bit keys so cannot be considered secure against a determined and sufficiently well-resourced attack.
Firstly, directly comparing symetric and asymetric key lengths shows that the authour has no knowledge of encryption. They are not directly comparable since they are used in different ways and have different meanings.
Secondly, claiming 128-bit keys are insecure shows that the authour has no knowledge of encryption. 80-bit keys are widely considered infeasible to break.
Just a recent EA story from me.
I've been looking for work, and I ended up at the EA website. I'm available for the next year, and they had a one year contract position in my area of expertise, so I applied. I didn't hear back from them for about a month. Then I got a call from EA for a "phone interview." We start going throught the questions, and they don't apply to the position that I applied for. They were all, "what part of the game do you want to make," and my response was "I didn't apply for a game development job" every time (I also provided answers that were related to what I really applied for). I eventually asked if she was calling in response to the job that I applied to. She said that EA was calling all "new grads" to find out about them, and that she didn't know about the job that I had applied to. Thanks for wasting my time EA, I'm obviously not a serious candidate to you.
I think it was from the stagnation of palm. They had the number one spot for so long they rarely made any large changes to their os. When Microsoft came out with their os for mobile devices palm tried to catch up and wasnt able to
It was stagnation due to a change in leadership. Back when palm was #1, they brought in a guy from Pepsi to be their CEO. All he did was focus on marketing and promoting the brand. That is how you sell sugar-water, after all. They did no real R&D and made no major advances. He stayed there for a couple of years while the PocketPCs just got better and better. They didn't get rid of him until the PocketPCs were way beyond Palm's technical capabilities and Palm had no chance of catching up.
In Boulder, Colorado tonight there is going to be a rather unusual announcement about the DaVinci Institute's effort to create a Museum of Future Inventions. This will be a museum where they exhibit things that haven't been invented yet, like spray on clothing, instant sleep, genetically engineered Velcro sheep, and metric time.
Where are the flying cars?
They could just be comparing results between the two engines... for testing purposes.
If the voting machines gave a paper receipt and the exit polls were based on people willing to show their receipt then you'd have a reasonably accurate exit poll. You'd eliminate the possibility of people not accurately saying who they voted for which I think is a known problem. You'd have to factor for any bias between people will to show their receipt and those not willing to show it but statisticians can work out that and other sampling biases.
With really accurate exit polling, it would be really hard for anyone to tamper with the election results.
The secret ballot is one of the fundamental requirements for the western election system. People have to be able to cast their vote in secrecy, so that they can't be threatened or bribed. Sure you can vote for whomever you want. Just be sure to vote for the patriotic choice, or you'll be arrested. Oh, and I'll give you $10 if you give me your ballot to prove that you voted for candidate A; otherwise you are fired. Exit polls are not part of the voting process.
What you are really proposing is a double counting system, where votes are counted two different ways, which I have no problem with as long a the secret ballot is maintained.
The article author gives two suggestions for improving electronic voting systems:
....
1. Leave a paper trail.
In response to issue one, I don't think that's really necessary in pure technical terms.
It absolutely is. Without a physical, voter-verifiable paper ballot, a user can never be sure what the machine did when they pushed the button to vote. The user may have pushed "A" and the machine said "confirmed vote for A" on the screen, but it could have really recorded a vote for "B". Everything between the button and the screen is black-box. You don't know what happens in there.
The voting machine needs some record that it creates, then leaves the machine for the user to verify, and remains outside of the machine's control once the user has verified it.
2. Make the code open source.
With issue two, I'm sure greed and corporate paranoia played into the decision to not release voting machine code as open source. But I agree that it will quell plenty of the critics to know exactly what's going on in the box. Will this happen? Possibly, but I doubt it.
It isn't necessary if point (1) is met and all voters take the care to verify that their vote was cast correctly, and those ballots are compared to the electronic tallies. But in security, there is a mantra that says that "obscurity is not security." Whenever a vendor says that they can't show you their implementation because it would compromise security, it means that the system has some flaw that they don't want you to see. Security through obscurity can be defeated by insiders, bribes, reverse-engineering, or collusion, so it offers no security. Extending this to the extreme, we expect all security products to be open about their details. If they aren't we get suspicious.
He brought up one important point then that I didn't see in his blog -- accuracy is the most important thing.
That's interesting. In the article, he says that it's acceptable to have a 5% error rate, as long as it is evenly distributed. I'd suspect that that is correct when held up against statistical analysis. Perhaps some less savvy readers got upset about it and he changed his mind.
Only when it's counting votes. The PTBs never seem to have problems counting how much money I owe.
Why not just save primes on a disk instead of recalculating them all the time?
Because it's faster to calculate all of the small primes in memory than to read them off of disk. At least it was not too long ago.
As an aside to the above point, the original "WEP" stood for "Wired Equivalency Protocol." They chose that because it acknowledged that wires weren't inherently secure either. It's name didn't claim security at all... just that it was equivalent to a wire. The inside joke was that that didn't mean anything from a security standpoint either.
When you really think about it, by nature wireless networking can never be too secure. I mean, your data is being broadcasted across the air to another point. Think about it.
Your wired network can't be too secure either. All that you need to do is attach a listening device to a wire somewhere. Or just compromise a machine.
See the sibling post about how the basis of cryptography is asuming that someone has access to your encrypted data and the encryption algorithm. All security rests in the key. Cryptographic algorithms exist that can make it infeasable to decrypt a block of cyphertext without the key.
You can potentially address this by adding something like a PIN or password into the system, but that loses both the supposed benefits of the biometric identification and simply shifts the burden of security back where it's always been: remembering a unique piece of information that no one else has.
There are three types of security credentials.
Something that the user is: biometric data.
Something that the user has: a physical security card
Something that the user knows: a password
Each has its own strengths and weeknesses (left as an excercise to the reader). They can all be combined in different ways to create differnt levels of security.
When did we suddenly become able to patent Mathematics?
See the RSA algorithm. It is non-obvious, and deserving of a patent.
IANAL.
If you ship software that has code in it that is covered by a patent what does that mean?
Patents cover the manufacture, sale, and use of an item.
Can the owner of the patent hit the author up for money?
Yes, the author manufactured and sold it without a license to the patent. This is what patents mainly protect. What will be more likely that the patent holder will get an injunction saying that the author can no longer sell his product, and then seek damages.
Can they hit the users of the code up for money?
Yes, the user used it without a license. See cases involving geneticaly modified seeds.
Can the author say "you, the user, are responsible for getting licenses for any patents that cover this code" and pass the buck?
Yes and no. If they the author doesn't have permision to grant further licenses for use of the patent, then the users must get one themselves from the patent holder. But the author needs a license to produce and sell the item in the first place too.
I've open accounts at hotmail and NEVER used them and had them fill with spam. Most of it porn.
I've seen this claim repeated over and over, but I don't believe it. I have opened five hotmail accounts in the last two years. Only one of them has ever received spam -- the one that I use as my addres to put into web forms. There are boxes that you can check during sign-up to not get listed in directories and not receive partner mailings.
What's the criticism?
Measuring performance on a curve is bad for a variety of reasons.
Those who tend to be below the curve will be less motivated to work. They perceive that no matter how hard they work, they will never be rewarded because someone else will always be above them. They see that they will never measure up, so they lose motivation.
Those in the middle fo the curve will be knocked down by those above. They could be competent, and putting in good effort, but they will never be recognised as good workers since the competetition at the top keeps them held down.
Those at the top of the curve will always be competing with each other and will never be satisfied with their level of work. They will put in increadible efforts that will be evaluated as "acceptable". If there are 10 superior employees putting in superior work, only one or two of them can be graded "above" and the others will be "punnished" by not being rewarded for their hard work. Eventually, they will see that the rewards that they get are not matching their effort, and they will either leave to go somewhere else where they will be apreciated, or the will stop working so hard.
Competing for limited rewards always creates a climate of hostility. It creates competition between groups and individuals.
Rewards should be based meeting on pre-established criteria, not a relative, sliding scale.
*sigh*
"There is fiscal reason..." = "There is no fiscal reason...
I think you might have a point. Such a tactic would be a classic monopolist tactic. Charge different prices to different people based on their demand level (money willing to spend.) That way you maximize your fleecing of the public.
They already do. See Personal (or Home) vs Plus vs Professional vs Enterprise (or Data Centre).
They already spent the cost in developing the more advanced version. There is fiscal reason to make someone pay more for an advanced version (excepting support costs, but those could be marketed as as service). It's pure marketing.
Read the section titled "Price Is Not Just a Number" in Product Pricing Primer.
Tho it has always been hard to explain to the buisiness world the concept of gpl style license agreements.
I never understood why it was hard. The terms are easy.
If you modify or statically use this code that someone else wrote, and distribute it in a compiled form, then you have to distribute the changes that you made and the code that statically uses it in source form under the GPL. If you don't like those terms, then you don't have license to redistribute it in compiled form. The person who originally wrote it only gives you license to use it in this manner.
Tho, i do disagree 100% with the idea that developers do not need to be concerned with the legal side of this argument
I definitely think that they have to know about it. The last project that I worked on heavily used open source components. Most were Apache and BSD style licences. But there was one LGPL that we had to be careful of.
If you're a developer and you are writing some tiered app... why write your own connection pool, logger, encryption layer, application server, XML parser, etc, when you could just plug in someone else's open source stuff. You need to be aware that open source components do exist, and that you need to examine their licenses and be able to understand them.
If you are just some monkey programmer, then you don't need to be aware of these things. A real developer will make the decisions for you.
I don't think blame should be assigned to the technician who missed the task; rather, it seems a gross oversight for the FAA to guarantee that such a critical system will crash after only one missed maintenance task.
Yes, it really is. They had a system in place which they chose, knowing its deficiencies. To combat one of the deficiencies, they proscribed a procedure to be followed monthly. The procedure was not followed by the technician, so it was human error.
Would you expect your car to run flawlessly if you never put gas in it or changed the oil on a regular basis? If you didn't, whos fault is it? The car's or yours?
I don't understand why they don't simply expand the pie. Let the PSTN system become broadband, let somebody else handle voice calling.
Because change threatens existing business models.
Who gets to lobby government? Existing businesses.
almost every salesperson will approach it from the viewpoint that what they're selling is exactly what the customer should buy
S.W.A.T.
Sell What's Available Today