Certainly we need to protect our environment but I feel this push is dictated more by politics and social engineering than any legitimate threat.
Why would you say that? Because tackling environmental issues is a winning political strategy? Because there's huge money in going up against the hugely influential fossil-fuel industry?
Without a proper justification this statement falls into the category of things like "the illuminati rule the world". I'll take it seriously when:
1. Somebody gives me a non-kooky explanation of why politicians and scientists would voluntarily choose to do something so politically suicidal. 2. Someone gives me one, single, credible piece of scientific evidence to convince me that we have nothing to worry about.
You're right that no major scientific organization is openly skeptical of climate change now. But the American Association of Petroleum Geologists.... have all issued statements that are non-committal
Cite your references. All of these statements can be found on this page. If you actually read them you'll basically see that every single one of those organizations acknowledges the science behind global warming. None of them claim that the science is bad or made up or some kind of conspiracy --- they just note that there's considerable uncertainty (and for god's sake, the American Association of Petroleum Geologists????)
None of these groups subscribe to your paranoid view of academics. That's all on you.
and the snow piled up so high in Washington D.C. that
Interesting point. But... should we take the snow in D.C. as an indication that climate change is bunk? Or should we take the desperate lack of snow in Vancouver as an indication that climate change is happening? Or should we just agree that the weather in one particular location has nothing to do with global climate change?
These taxes on small businesses ARE unfair, because they dramatically raise the bar for starting or operating a small business. You might argue that even if that tax were placed square on the employee, then businesses would have to raise their wages so that employees could afford to pay. And that's valid. But at least then it wouldn't be a half-hidden cost. It would be direct, and people would have a much better idea of where the money is coming from, and where it is going. Which is ALWAYS better.
So let me reiterate, for the record, that I am a small business owner, bringing several years experience to the discussion. I'm also the one who's absorbing all of this alleged unfairness.
In fact I do agree with you that it's ridiculous to assign half of each employee's FICA to the business rather than the employee. Unlike you I don't think it's ridiculous because it's unfair to the business, rather I think it's ridiculous because it's transparently just a tax on the employee that's being "hidden" by stashing it on the employer's books rather than on the employee's tax statement. Anyone who pays self-employment tax knows that the government will gladly take both halves from the worker when there's no business to hide it behind. And furthermore, any competent business owner makes hiring decisions based on loaded employee cost (including taxes, benefits, etc.) anyway, so they're already folding those cost into the employee's take-home wage. (Like I already said, the exception here is minimum-wage employees.)
You might argue that even if that tax were placed square on the employee, then businesses would have to raise their wages so that employees could afford to pay. And that's valid.
This is the entire point. I wish that the tax were placed transparently on the employee. But the existence of these taxes is hardly a secret and I'm confident that the market is pricing them in quite effectively. Moving them over to the employee's side of the ledger wouldn't magically make it easier to start or run a small business. It sounds great in a Slashdot post, but it's almost meaningless as public policy.
The only tangible exception to this rule is the case of minimum-wage employees. If you moved the employer's share of the tax onto the employee then thousands of fast food franchises would benefit, but they'd do it at the expense of their worst-paid employees. If you want to help small businesses, don't do it on the backs of people who are making sub-poverty-level wages.
All that said, let me say that on a personal level I really, really hate payroll taxes. Not because it hurts my business, but because it's a transparent ripoff. You see, payroll taxes only apply to the first $100k or so of income, so they're essentially a tax on the working class. Anyone with a really high income is paying a much lower tax rate. That would be ok if these taxes were actually being used to finance retirement benefits, but back in the 1980s a Republican President and a Republican Fed Chairman hiked them way above the level needed to fund benefits. That excess money was (and still is) being used to finance huge tax cuts which primarily benefit the wealthy. I see this as a crime against the American people and it absolutely disgusts me. So while I'd like to see these taxes reformed, I absolutely do not trust the Republican party to fix it. Just my two cents.
You know what creates jobs? Small business. The overwhelming majority of Americans are employed by small businesses. And what is the enemy of small business? Taxes. And what drives higher taxes? Pork.
Taxes, schmaxes. I'm a small business owner with 14 employees. And clearly you are not. If you were, you'd know that the overwhelming concern for any small business owner right now is healthcare costs. Ours have gone up by double-digits for each of the past few years. And it's not like we have an old, sick workforce --- our employees are mostly young, 20somethings who can drink Mountain Dew all day and still stay thin.
If this trend continues (and most people think it will) I can't see how I'm going to stay in business and still employ anyone (except in benefits-free Walmart style). That's why I'm so amused when I hear people talking about healthcare reform and how it will bring "socialism", destroy the economy and all that.
Honestly, at this point I'd be willing to vote for Karl Marx's ghost if he could get my healthcare premium increases down to 5% per year.
Small businesses pay a lot of employment taxes, even if they aren't profitable. The business has to match the employee's contribution to Social Security and Medicare, and pay into federal and state unemployment funds.
Yes, but on the other hand, all competing employers have to pay these taxes as well. So the taxes essentially reduce the cash wages that you can afford to pay an employee, but it's not unfair (to the business owner) since it has the effect of reducing the employee's market wage. It can be a problem when you bump into the minimum wage, since these taxes essentially increase the loaded cost of a minimum wage employee.
The real problem --- and I say this as a small business owner with 14 employees --- is healthcare. Healthcare costs do/not/ impact all employers equally, and small businesses are particularly vulnerable to rate increases since we have very little bargaining power. Blue Cross is much less likely to hike IBM's rates when Joe Employee's wife get cancer, but small businesses have to worry about this constantly.
Why is NASA's ~20 billion so hard to pay for when we seem to have little trouble finding enough to spend about 2.5** trillion on entitlements yearly?
Because much of those entitlements are financed through dedicated taxes (FICA) that come directly out of your paycheck. For whatever reason people seem to think those taxes are worth the benefit. I imagine you could fund NASA's budget in the same way if you could convince working Americans to pay an similar NASA tax.
Don't get me wrong, I'm all in favor of fully funding NASA, but thirty years of mostly conservative rule have essentially destroyed our finances.
This was nothing fundamentally new; google "secure multiparty computation." Or, FTFA, Gentry's technique requires a "trillion times" more computational power than existing techniques.
Since I did my dissertation in this area, I can tell you there was definitely something fundamentally new. Previous secure multi-party computation techniques are a fundamentally interactive process. Two or more parties compute some function such that neither party learns the other party's secret input --- but to do this they have to exchange information at every step of the process. In practice the function gets converted into a circuit and computing the output of each gate (AND/OR/NOT) requires a substantial amount of communication.
Computing on encrypting data is a different beast: one party provides a bunch of data in encrypted form, and the other party can then operate on it. There's no limit to the amount of computation that party can do, and it doesn't need to interact with the original party at any point during the computation. Only when it's done does it send back the result of the computation (still encrypted), so the original party can decrypt it.
It's been known for a long, long time that you can compute on encrypted data if only you have a doubly-homomorphic encryption system --- one where you can both multiply/and/ add ciphertexts together such that the underlying plaintexts are also added/multiplied. However, nobody knew of such a scheme until Gentry's result (though there were some schemes published and broken a few years ago).
And yes, Gentry's scheme is horrifically inefficient, but inefficient isn't the end of the world. Just means it's a first step towards something better. One hopes.
As a researcher in the academic side of the Information Security field, I can't help but notice a significant increase in the level of puffery and misleading promotion of research results. Self-promotion obviously isn't new, it's just that as the amount of newspaper-assisted promotion increases, the level of accuracy has dropped significantly. And more importantly, researchers seem much less apologetic about it. It's generating some real blowback.
The best recent example I can think of is Vanish, a cryptographic system for "destroying" data that was proposed out of University of Washington. It's not just that the system was broken a few days after it was presented, it's that this relatively minor result got more press than all of the perfectly legitimate crypto-systems research that was going on at the time. In fact, during the same time period a guy named Craig Gentry solved a major open crypto problem --- namely, how to compute on encrypted data --- and it got a fraction of the press coverage.
Not that I'm saying these researchers specifically asked to have their invention described as an "effectively perfect" solution to preventing spam --- which I guarantee you 100% it is not --- but that by going out on a University-encouraged PR junket, they've more or less encouraged this kind of coverage. This kind of stuff is damaging; people should describe their work as what it is. They've developed a technique that is highly effective at filtering/current-gen/ spam generators, in the lab. It won't stop all spam, and it's not effectively perfect, since spamfiltering is by nature an arms race. But of course that's not how it's going to be presented. In the long run this'll just make people more jaded with our field.
As far as the iPhone goes, I'd MUCH rather have a Nexus One if I was in the market for a fancy smart phone.
What is it about the Nexus One that's got people so worked up? As best I can tell it's a great piece of hardware with a UI that's (admittedly by Android fans) only about 95% as good as the iPhone. It's manufactured by a company that doesn't really have any experience making phones, and could easily get out of the business, leaving you high and dry.
In any case, it's about 180 degrees out of sync from the iPhone release schedule. I plan to wait til the next iPhone comes out before I make any decisions about what phone to buy.
If you have food, and I have a gun and am starving, do you truly believe cultural influences matter that much? Yes, although probably not as much as personality and upbringing. If I'm the one with the gun, I'll offer to help you protect your resources as well as contributing my skills and labor in other ways.
This kind of thing is easy to say while sitting in front of a computer, presumably well-fed. But if there's a limited amount of food and you're starving, how can you say that's what you'll do? What if you had a child to protect as well?
I'm not saying you wouldn't do the right thing, I'm just saying that extremely decent, moral people who survive this kind of disaster routinely talk about the terrible things they did to survive, and how guilty they feel about them. Many of those people are better than I'll ever be, and probably better than either of us. Your morals are important, but so is humility.
Slate did this, the NYT should talk to their management about lessons learedn.
You make a number of valid points. However, I believe that you're talking about Salon.com. Slate is and (with possibly some limited exceptions I'm not aware of) an advertising-supported site that still gets tons of links and traffic.
On a more substantive note, two things: (1) stories will still be free to users who read only a few per month, which helps to avoid the Salon.com problem. (2) It doesn't take effect until 2011 which means they still have time to abandon the whole thing if advertising revenues tick upwards.
First of all, the amazingly high probability should be 2^14 (or 1/2^14 = 1 / 16,384), not "214". This is the danger with cutting and pasting mathematics.
That is, it should be 2^{-14} -- this is the danger with posting in the morning before finishing my coffee...
First of all, the amazingly high probability should be 2^14 (or 1/2^14 = 1 / 16,384), not "214". This is the danger with cutting and pasting mathematics. In a slightly simplified explanation, distinguishing attacks work by looking at encrypted data and trying to distinguish it from random bits. This means that the distinguisher succeeds with the probability above, which may not seem very high, but believe me --- it's much higher than what it should be for a cipher like this. And as they show, efficient distinguishing attacks can lead to nastier things like key recovery.
I saw Adi Shamir stand up in front of a crowd at Crypto 2008 and introduce a new set of techniques he and his colleagues had developed for simplifying complex algebraic equations. People jokingly asked him if he thought it might work against AES (yes, it did). I haven't seen this paper, but my guess is that they're running around applying their techniques to everything they can find. And so Kasumi bites the dust. (Meaning that I must update my course slides, agh.)
More to the point, this is unlikely to be a practical issue right now because it's a related key attack. You have to encrypt something with multiple keys that are closely related (similar in many respects) before the attack applies. This usually doesn't happen unless the implementers are idiots. But the point is that it's bad news --- related key attacks are the camel's nose under the tent for much worse things to come. I'd say they should upgrade to AES, but I'm not even sure if that's a great idea:)
Oh, and I'm doing the thing I hate the most: giving the senior person all the credit. No doubt an equal or greater share of the credit goes to Orr Dunkelman and Nathan Keller, his hungry PhD student and post-doc who probably spent the last zillion hours of their lives working this out in their lab only to see people like me attribute all of their work to Shamir. Good job, guys.
But I really suspect that most people can just find a ton of other movies to add to their queues and not care about when a movie is released.
That may be your habit. In my experience, the #1 reason people quit Netflix is that they run out of movies that they want to see. Not that there aren't movies out there --- they just can't find enough interesting movies to keep them going. Movies pile up. They bail.
In this case, reducing the flow of high-profile new releases is not helpful.
Netflix has no risk in this deal, actually they may even have a bit to gain, they only buy a limited number of each movie. If one of Netflix's customers buys a movie because they were too impatient to wait for it to appear on Netflix; Netflix now has slightly better customer approval because there will be slightly less of a wait time on some of the new releases.
With respect, I think this analysis is exactly wrong. Hollywood goes to a lot of trouble to excite people about the latest DVD releases. They throw tons of money at it. While that might not have much impact on me, I know plenty of people who are waiting to get Action-Flick-X on the weekend it's released. Some of those people buy, some of those people go to Blockbuster, some go to Redbox, but probably many of them count on Netflix.
The thing is, now Netflix is saying to those people: sorry, you're paying the same subscription fee but we're not going to be able to provide that service that Hollywood has spent a zillion dollars exciting you about (watching new releases anywhere near the date they're released). So instead those people will spend $X obtaining the service from somewhere else. Consider that purchasing a movie costs nearly as much as a month of Netflix, and even Redbox can run you 1/4 of a month if you forget to return the movie for a few days. All of a sudden it becomes much harder to justify spending $20/mo on Netflix when you're on a limited budget. This is very, very bad for Netflix.
This might not be a big deal if we were talking about a week or two, but a month is a long time for some people. I'm really surprised they're willing to take such a huge and visible hit when I imagine that they could just pay retail prices for new DVDs (as Redbox does) and avoid pissing off their customers. The best guess I've got is that WB has them by the balls on the streaming service and they've determined that playing nice with the manufacturers is the only way to build up this business, and the DVD business is about to die anyway.
After hearing that description, I would rather eat glass than read this book. Nonetheless, as much as I hate to admit it, the attitude of the higher execs really will make the difference between an organization that follows security policy, and one that just buys a bunch of equipment and pretends that it's helping them.
Sadly, I don't think that any of this fuzzy management advice is going to make much of a difference in the current environment. What will happen is that criminal groups will become more effective and/that/ will have an effect on the stock price. As a result, CEOs will emphasize security as a top priority. Then you'll see them hiring & giving real power to bright folks who know what they're doing, and making sure that the employees follow policy. The results will trickle down. But there has to be real pain before this is anything more than buzzwords.
Christ, I know everyone has their own personal style and everything, but this is just pernicious. In any case, the author gives the game away: when he thinks code is overcommented, he can ask Emacs to hide the comments. So far as I know there's no automatic system that will generate the comments that the author failed to put in because the code was "self-documenting". This is particularly important when you're working with anything other than standard libraries --- you might know what "libfzp_inc_param_count_fast", but your reader probably won't.
Right now I'm working on a crypto library that incorporates a lot of very specific elliptic curve operations. My technique is to comment the hell out of every damned interesting piece of code on the assumption that a picky reader can turn off the damned comments if they get in his way. In fact, there are various places where I've actually scaffolded all of the comments before writing a line of code. Doing otherwise would have been an enormous headache and made bugs a whole lot more likely. And this way even a non-expert should be able to understand the entire program flow.
Unfortunately, one of the previous pieces of software in this area followed the poster's "self documenting code" style (very nice, clean, well written code with no comments), and even I find it difficult to piece together what's going on in places --- not because all of the code is crypto-specific, but because the author has thrown so much effort into writing "clean, pretty" code that it's actually hard to know where the crucial pieces are. I can't quite explain why I find this so irritating, but perhaps some of you will know what I mean.
Even then you may note that in those very quotes Apple themselves note that they were offered a different, much lower figure originally but still refused it citing it was excessive.
A lower figure plus cross licensing rights to non-standards-essential technologies. Which I take to mean as indicating that Nokia wanted to leverage its GSM patens to get access to multi-touch and some other stuff.
The question is: how accurately can the GSM association value patents like multi-touch that have nothing to do with GSM. My guess is that Apple (and other industry players) probably value them very highly. The GSM association may or may not be able to render a fair opinion on that subject.
Re:And this is a nearly unsolveable problem.
on
GSM Decryption Published
·
· Score: 5, Insightful
I have never understood why systems like GSM, Wifi, or whatever didn't or don't use well known crypto algorithms A combination of factors:
1. GSM is very old (for a digital standard). The more robust cryptographic algorithms known at the time were enormously expensive on the limited hardware available (this is back in the 80s or so).
2. GSM was created by a consortium of manufacturers and national governments. Germany in particular was very concerned about calls being eavedropped by the eastern block; countries like France wanted the ability to (more) easily monitor calls. The France block won the negotiation.
3. Cryptographic techniques have been evolving, even over the past decades. Cracking hardware has gotten faster (distributed computing, FPGAs) and researchers have developed a lot of expertise at breaking symmetric ciphers. Key sizes that seemed appropriate really aren't anymore.
4. Carriers don't really give a crap about theoretical weaknesses. Unless you can buy a call decryptor on Amazon it doesn't count to them. And even then it's probably still not worth the money to upgrade.
Wifi does use well known cryptographic algorithms, at least if you use WPA-AES, not WEP or the TKIP hack, both of which were designed to enable secure communications on very weak chipsets.
I think it's high time we started shunning both parties and voting for independent. Both parties are corporate vetted.
Since our winner-take-all system is fundamentally rigged against third parties, voting for an independent just makes it that much cheaper and easier for corporations to get their way. Good for you. As a side bonus, it ensures that the party you like least is more likely to win.
Regardless of the hype, or the previous success of a franchise, a movie cannot be so popular without being liked or enjoyable to at least a very significant portion of the population.
Standard practice in the movie industry nowadays is to hype-hype-hype a movie and then hope that the opening week will bring in most of the profit. That ensures that if the movie sucks, they still make lots of money before word gets out. Another trick is to use a franchise that's so popular that people will go to see it even if they hear bad things from their friends. In these cases the revenue rarely correlates to the actual quality of the movie (example: Transformers ROTF).
Or to put it another way, Lucas could have released 90 minutes of people ramming their heads into walls and still made that money, provided he had some good trailers. Basically he capitalized on the fact that everyone who'd ever seen his earlier movies would want to see this one.
Granted, there are some people who really genuinely liked the movie. A lot of them being young kids, which seems to have been the real target audience of the movie;
It's not only about Maemo, it's about a phone manufacturer that has 40% of total market (of which smartphones are what, 15 - 20% now? Why do you talk only about them?).
Because the expectation is that smartphones to become 90% of the market within a few years, given the rapid drop in hardware prices and the availability of fast 3G networks. The typical cellphone's lifespan is only a couple of years, and the expectation is that more and more consumers will replace with a $50-$99 smartphone rather than buying another dumb phone that doesn't even have a working keyboard. The technology industry moves very quickly.
All of this maneuvering you see now is based on the correct observation that Nokia's current-gen phones are popular, but they haven't competed will in the smartphone market. They could still turn it around, but they're going to have to actually turn things around from where they are now (where iPhone is eating a big chunk of the market and Google is positioning Android to eat up a bunch of the rest.)
Keep the thermometers used, keep notes about what's being done, publish that as well. If we believe there's an outlier, we should test the thermometers and if those are defunct, then we can throw out the data without bias
We're talking about measurements made over the past century. Most of the thermometers are gone, and absent a time machine you're not going to get them back. What you're essentially suggesting is that we should throw out most of the data recorded before 1990.
Incidentally, most of the data and the rationale for their correction is described in published papers. It's unbelievably, mind-numbingly boring and detailed.
Slashdot Mirror
Certainly we need to protect our environment but I feel this push is dictated more by politics and social engineering than any legitimate threat.
Why would you say that? Because tackling environmental issues is a winning political strategy? Because there's huge money in going up against the hugely influential fossil-fuel industry?
Without a proper justification this statement falls into the category of things like "the illuminati rule the world". I'll take it seriously when:
1. Somebody gives me a non-kooky explanation of why politicians and scientists would voluntarily choose to do something so politically suicidal.
2. Someone gives me one, single, credible piece of scientific evidence to convince me that we have nothing to worry about.
You're right that no major scientific organization is openly skeptical of climate change now. But the American Association of Petroleum Geologists .... have all issued statements that are non-committal
Cite your references. All of these statements can be found on this page. If you actually read them you'll basically see that every single one of those organizations acknowledges the science behind global warming. None of them claim that the science is bad or made up or some kind of conspiracy --- they just note that there's considerable uncertainty (and for god's sake, the American Association of Petroleum Geologists????)
None of these groups subscribe to your paranoid view of academics. That's all on you.
and the snow piled up so high in Washington D.C. that
Interesting point. But... should we take the snow in D.C. as an indication that climate change is bunk? Or should we take the desperate lack of snow in Vancouver as an indication that climate change is happening? Or should we just agree that the weather in one particular location has nothing to do with global climate change?
These taxes on small businesses ARE unfair, because they dramatically raise the bar for starting or operating a small business. You might argue that even if that tax were placed square on the employee, then businesses would have to raise their wages so that employees could afford to pay. And that's valid. But at least then it wouldn't be a half-hidden cost. It would be direct, and people would have a much better idea of where the money is coming from, and where it is going. Which is ALWAYS better.
So let me reiterate, for the record, that I am a small business owner, bringing several years experience to the discussion. I'm also the one who's absorbing all of this alleged unfairness.
In fact I do agree with you that it's ridiculous to assign half of each employee's FICA to the business rather than the employee. Unlike you I don't think it's ridiculous because it's unfair to the business, rather I think it's ridiculous because it's transparently just a tax on the employee that's being "hidden" by stashing it on the employer's books rather than on the employee's tax statement. Anyone who pays self-employment tax knows that the government will gladly take both halves from the worker when there's no business to hide it behind. And furthermore, any competent business owner makes hiring decisions based on loaded employee cost (including taxes, benefits, etc.) anyway, so they're already folding those cost into the employee's take-home wage. (Like I already said, the exception here is minimum-wage employees.)
You might argue that even if that tax were placed square on the employee, then businesses would have to raise their wages so that employees could afford to pay. And that's valid.
This is the entire point. I wish that the tax were placed transparently on the employee. But the existence of these taxes is hardly a secret and I'm confident that the market is pricing them in quite effectively. Moving them over to the employee's side of the ledger wouldn't magically make it easier to start or run a small business. It sounds great in a Slashdot post, but it's almost meaningless as public policy.
The only tangible exception to this rule is the case of minimum-wage employees. If you moved the employer's share of the tax onto the employee then thousands of fast food franchises would benefit, but they'd do it at the expense of their worst-paid employees. If you want to help small businesses, don't do it on the backs of people who are making sub-poverty-level wages.
All that said, let me say that on a personal level I really, really hate payroll taxes. Not because it hurts my business, but because it's a transparent ripoff. You see, payroll taxes only apply to the first $100k or so of income, so they're essentially a tax on the working class. Anyone with a really high income is paying a much lower tax rate. That would be ok if these taxes were actually being used to finance retirement benefits, but back in the 1980s a Republican President and a Republican Fed Chairman hiked them way above the level needed to fund benefits. That excess money was (and still is) being used to finance huge tax cuts which primarily benefit the wealthy. I see this as a crime against the American people and it absolutely disgusts me. So while I'd like to see these taxes reformed, I absolutely do not trust the Republican party to fix it. Just my two cents.
You know what creates jobs? Small business. The overwhelming majority of Americans are employed by small businesses. And what is the enemy of small business? Taxes. And what drives higher taxes? Pork.
Taxes, schmaxes. I'm a small business owner with 14 employees. And clearly you are not. If you were, you'd know that the overwhelming concern for any small business owner right now is healthcare costs. Ours have gone up by double-digits for each of the past few years. And it's not like we have an old, sick workforce --- our employees are mostly young, 20somethings who can drink Mountain Dew all day and still stay thin.
If this trend continues (and most people think it will) I can't see how I'm going to stay in business and still employ anyone (except in benefits-free Walmart style). That's why I'm so amused when I hear people talking about healthcare reform and how it will bring "socialism", destroy the economy and all that.
Honestly, at this point I'd be willing to vote for Karl Marx's ghost if he could get my healthcare premium increases down to 5% per year.
Small businesses pay a lot of employment taxes, even if they aren't profitable. The business has to match the employee's contribution to Social Security and Medicare, and pay into federal and state unemployment funds.
Yes, but on the other hand, all competing employers have to pay these taxes as well. So the taxes essentially reduce the cash wages that you can afford to pay an employee, but it's not unfair (to the business owner) since it has the effect of reducing the employee's market wage. It can be a problem when you bump into the minimum wage, since these taxes essentially increase the loaded cost of a minimum wage employee.
The real problem --- and I say this as a small business owner with 14 employees --- is healthcare. Healthcare costs do /not/ impact all employers equally, and small businesses are particularly vulnerable to rate increases since we have very little bargaining power. Blue Cross is much less likely to hike IBM's rates when Joe Employee's wife get cancer, but small businesses have to worry about this constantly.
Why is NASA's ~20 billion so hard to pay for when we seem to have little trouble finding enough to spend about 2.5** trillion on entitlements yearly?
Because much of those entitlements are financed through dedicated taxes (FICA) that come directly out of your paycheck. For whatever reason people seem to think those taxes are worth the benefit. I imagine you could fund NASA's budget in the same way if you could convince working Americans to pay an similar NASA tax.
Don't get me wrong, I'm all in favor of fully funding NASA, but thirty years of mostly conservative rule have essentially destroyed our finances.
Matt
This was nothing fundamentally new; google "secure multiparty computation." Or, FTFA, Gentry's technique requires a "trillion times" more computational power than existing techniques.
Since I did my dissertation in this area, I can tell you there was definitely something fundamentally new. Previous secure multi-party computation techniques are a fundamentally interactive process. Two or more parties compute some function such that neither party learns the other party's secret input --- but to do this they have to exchange information at every step of the process. In practice the function gets converted into a circuit and computing the output of each gate (AND/OR/NOT) requires a substantial amount of communication.
Computing on encrypting data is a different beast: one party provides a bunch of data in encrypted form, and the other party can then operate on it. There's no limit to the amount of computation that party can do, and it doesn't need to interact with the original party at any point during the computation. Only when it's done does it send back the result of the computation (still encrypted), so the original party can decrypt it.
It's been known for a long, long time that you can compute on encrypted data if only you have a doubly-homomorphic encryption system --- one where you can both multiply /and/ add ciphertexts together such that the underlying plaintexts are also added/multiplied. However, nobody knew of such a scheme until Gentry's result (though there were some schemes published and broken a few years ago).
And yes, Gentry's scheme is horrifically inefficient, but inefficient isn't the end of the world. Just means it's a first step towards something better. One hopes.
As a researcher in the academic side of the Information Security field, I can't help but notice a significant increase in the level of puffery and misleading promotion of research results. Self-promotion obviously isn't new, it's just that as the amount of newspaper-assisted promotion increases, the level of accuracy has dropped significantly. And more importantly, researchers seem much less apologetic about it. It's generating some real blowback.
The best recent example I can think of is Vanish, a cryptographic system for "destroying" data that was proposed out of University of Washington. It's not just that the system was broken a few days after it was presented, it's that this relatively minor result got more press than all of the perfectly legitimate crypto-systems research that was going on at the time. In fact, during the same time period a guy named Craig Gentry solved a major open crypto problem --- namely, how to compute on encrypted data --- and it got a fraction of the press coverage.
Not that I'm saying these researchers specifically asked to have their invention described as an "effectively perfect" solution to preventing spam --- which I guarantee you 100% it is not --- but that by going out on a University-encouraged PR junket, they've more or less encouraged this kind of coverage. This kind of stuff is damaging; people should describe their work as what it is. They've developed a technique that is highly effective at filtering /current-gen/ spam generators, in the lab. It won't stop all spam, and it's not effectively perfect, since spamfiltering is by nature an arms race. But of course that's not how it's going to be presented. In the long run this'll just make people more jaded with our field.
As far as the iPhone goes, I'd MUCH rather have a Nexus One if I was in the market for a fancy smart phone.
What is it about the Nexus One that's got people so worked up? As best I can tell it's a great piece of hardware with a UI that's (admittedly by Android fans) only about 95% as good as the iPhone. It's manufactured by a company that doesn't really have any experience making phones, and could easily get out of the business, leaving you high and dry.
In any case, it's about 180 degrees out of sync from the iPhone release schedule. I plan to wait til the next iPhone comes out before I make any decisions about what phone to buy.
If you have food, and I have a gun and am starving, do you truly believe cultural influences matter that much? Yes, although probably not as much as personality and upbringing. If I'm the one with the gun, I'll offer to help you protect your resources as well as contributing my skills and labor in other ways.
This kind of thing is easy to say while sitting in front of a computer, presumably well-fed. But if there's a limited amount of food and you're starving, how can you say that's what you'll do? What if you had a child to protect as well?
I'm not saying you wouldn't do the right thing, I'm just saying that extremely decent, moral people who survive this kind of disaster routinely talk about the terrible things they did to survive, and how guilty they feel about them. Many of those people are better than I'll ever be, and probably better than either of us. Your morals are important, but so is humility.
This is why I love right-to-work states, where no one can make me join a union.
As an employer I love them too. I can pay those idiots substantially less to do the same work.
Slate did this, the NYT should talk to their management about lessons learedn.
You make a number of valid points. However, I believe that you're talking about Salon.com. Slate is and (with possibly some limited exceptions I'm not aware of) an advertising-supported site that still gets tons of links and traffic.
On a more substantive note, two things: (1) stories will still be free to users who read only a few per month, which helps to avoid the Salon.com problem. (2) It doesn't take effect until 2011 which means they still have time to abandon the whole thing if advertising revenues tick upwards.
I still think it's a rotten idea.
First of all, the amazingly high probability should be 2^14 (or 1/2^14 = 1 / 16,384), not "214". This is the danger with cutting and pasting mathematics.
That is, it should be 2^{-14} -- this is the danger with posting in the morning before finishing my coffee...
First of all, the amazingly high probability should be 2^14 (or 1/2^14 = 1 / 16,384), not "214". This is the danger with cutting and pasting mathematics. In a slightly simplified explanation, distinguishing attacks work by looking at encrypted data and trying to distinguish it from random bits. This means that the distinguisher succeeds with the probability above, which may not seem very high, but believe me --- it's much higher than what it should be for a cipher like this. And as they show, efficient distinguishing attacks can lead to nastier things like key recovery.
I saw Adi Shamir stand up in front of a crowd at Crypto 2008 and introduce a new set of techniques he and his colleagues had developed for simplifying complex algebraic equations. People jokingly asked him if he thought it might work against AES (yes, it did). I haven't seen this paper, but my guess is that they're running around applying their techniques to everything they can find. And so Kasumi bites the dust. (Meaning that I must update my course slides, agh.)
More to the point, this is unlikely to be a practical issue right now because it's a related key attack. You have to encrypt something with multiple keys that are closely related (similar in many respects) before the attack applies. This usually doesn't happen unless the implementers are idiots. But the point is that it's bad news --- related key attacks are the camel's nose under the tent for much worse things to come. I'd say they should upgrade to AES, but I'm not even sure if that's a great idea :)
Oh, and I'm doing the thing I hate the most: giving the senior person all the credit. No doubt an equal or greater share of the credit goes to Orr Dunkelman and Nathan Keller, his hungry PhD student and post-doc who probably spent the last zillion hours of their lives working this out in their lab only to see people like me attribute all of their work to Shamir. Good job, guys.
But I really suspect that most people can just find a ton of other movies to add to their queues and not care about when a movie is released.
That may be your habit. In my experience, the #1 reason people quit Netflix is that they run out of movies that they want to see. Not that there aren't movies out there --- they just can't find enough interesting movies to keep them going. Movies pile up. They bail.
In this case, reducing the flow of high-profile new releases is not helpful.
Netflix has no risk in this deal, actually they may even have a bit to gain, they only buy a limited number of each movie. If one of Netflix's customers buys a movie because they were too impatient to wait for it to appear on Netflix; Netflix now has slightly better customer approval because there will be slightly less of a wait time on some of the new releases.
With respect, I think this analysis is exactly wrong. Hollywood goes to a lot of trouble to excite people about the latest DVD releases. They throw tons of money at it. While that might not have much impact on me, I know plenty of people who are waiting to get Action-Flick-X on the weekend it's released. Some of those people buy, some of those people go to Blockbuster, some go to Redbox, but probably many of them count on Netflix.
The thing is, now Netflix is saying to those people: sorry, you're paying the same subscription fee but we're not going to be able to provide that service that Hollywood has spent a zillion dollars exciting you about (watching new releases anywhere near the date they're released). So instead those people will spend $X obtaining the service from somewhere else. Consider that purchasing a movie costs nearly as much as a month of Netflix, and even Redbox can run you 1/4 of a month if you forget to return the movie for a few days. All of a sudden it becomes much harder to justify spending $20/mo on Netflix when you're on a limited budget. This is very, very bad for Netflix.
This might not be a big deal if we were talking about a week or two, but a month is a long time for some people. I'm really surprised they're willing to take such a huge and visible hit when I imagine that they could just pay retail prices for new DVDs (as Redbox does) and avoid pissing off their customers. The best guess I've got is that WB has them by the balls on the streaming service and they've determined that playing nice with the manufacturers is the only way to build up this business, and the DVD business is about to die anyway.
After hearing that description, I would rather eat glass than read this book. Nonetheless, as much as I hate to admit it, the attitude of the higher execs really will make the difference between an organization that follows security policy, and one that just buys a bunch of equipment and pretends that it's helping them.
Sadly, I don't think that any of this fuzzy management advice is going to make much of a difference in the current environment. What will happen is that criminal groups will become more effective and /that/ will have an effect on the stock price. As a result, CEOs will emphasize security as a top priority. Then you'll see them hiring & giving real power to bright folks who know what they're doing, and making sure that the employees follow policy. The results will trickle down. But there has to be real pain before this is anything more than buzzwords.
Christ, I know everyone has their own personal style and everything, but this is just pernicious. In any case, the author gives the game away: when he thinks code is overcommented, he can ask Emacs to hide the comments. So far as I know there's no automatic system that will generate the comments that the author failed to put in because the code was "self-documenting". This is particularly important when you're working with anything other than standard libraries --- you might know what "libfzp_inc_param_count_fast", but your reader probably won't.
Right now I'm working on a crypto library that incorporates a lot of very specific elliptic curve operations. My technique is to comment the hell out of every damned interesting piece of code on the assumption that a picky reader can turn off the damned comments if they get in his way. In fact, there are various places where I've actually scaffolded all of the comments before writing a line of code. Doing otherwise would have been an enormous headache and made bugs a whole lot more likely. And this way even a non-expert should be able to understand the entire program flow.
Unfortunately, one of the previous pieces of software in this area followed the poster's "self documenting code" style (very nice, clean, well written code with no comments), and even I find it difficult to piece together what's going on in places --- not because all of the code is crypto-specific, but because the author has thrown so much effort into writing "clean, pretty" code that it's actually hard to know where the crucial pieces are. I can't quite explain why I find this so irritating, but perhaps some of you will know what I mean.
Even then you may note that in those very quotes Apple themselves note that they were offered a different, much lower figure originally but still refused it citing it was excessive.
A lower figure plus cross licensing rights to non-standards-essential technologies. Which I take to mean as indicating that Nokia wanted to leverage its GSM patens to get access to multi-touch and some other stuff.
The question is: how accurately can the GSM association value patents like multi-touch that have nothing to do with GSM. My guess is that Apple (and other industry players) probably value them very highly. The GSM association may or may not be able to render a fair opinion on that subject.
I have never understood why systems like GSM, Wifi, or whatever didn't or don't use well known crypto algorithms
A combination of factors:
1. GSM is very old (for a digital standard). The more robust cryptographic algorithms known at the time were enormously expensive on the limited hardware available (this is back in the 80s or so).
2. GSM was created by a consortium of manufacturers and national governments. Germany in particular was very concerned about calls being eavedropped by the eastern block; countries like France wanted the ability to (more) easily monitor calls. The France block won the negotiation.
3. Cryptographic techniques have been evolving, even over the past decades. Cracking hardware has gotten faster (distributed computing, FPGAs) and researchers have developed a lot of expertise at breaking symmetric ciphers. Key sizes that seemed appropriate really aren't anymore.
4. Carriers don't really give a crap about theoretical weaknesses. Unless you can buy a call decryptor on Amazon it doesn't count to them. And even then it's probably still not worth the money to upgrade.
Wifi does use well known cryptographic algorithms, at least if you use WPA-AES, not WEP or the TKIP hack, both of which were designed to enable secure communications on very weak chipsets.
I think it's high time we started shunning both parties and voting for independent. Both parties are corporate vetted.
Since our winner-take-all system is fundamentally rigged against third parties, voting for an independent just makes it that much cheaper and easier for corporations to get their way. Good for you. As a side bonus, it ensures that the party you like least is more likely to win.
Regardless of the hype, or the previous success of a franchise, a movie cannot be so popular without being liked or enjoyable to at least a very significant portion of the population.
Standard practice in the movie industry nowadays is to hype-hype-hype a movie and then hope that the opening week will bring in most of the profit. That ensures that if the movie sucks, they still make lots of money before word gets out. Another trick is to use a franchise that's so popular that people will go to see it even if they hear bad things from their friends. In these cases the revenue rarely correlates to the actual quality of the movie (example: Transformers ROTF).
Or to put it another way, Lucas could have released 90 minutes of people ramming their heads into walls and still made that money, provided he had some good trailers. Basically he capitalized on the fact that everyone who'd ever seen his earlier movies would want to see this one.
Granted, there are some people who really genuinely liked the movie. A lot of them being young kids, which seems to have been the real target audience of the movie;
It's not only about Maemo, it's about a phone manufacturer that has 40% of total market (of which smartphones are what, 15 - 20% now? Why do you talk only about them?).
Because the expectation is that smartphones to become 90% of the market within a few years, given the rapid drop in hardware prices and the availability of fast 3G networks. The typical cellphone's lifespan is only a couple of years, and the expectation is that more and more consumers will replace with a $50-$99 smartphone rather than buying another dumb phone that doesn't even have a working keyboard. The technology industry moves very quickly.
All of this maneuvering you see now is based on the correct observation that Nokia's current-gen phones are popular, but they haven't competed will in the smartphone market. They could still turn it around, but they're going to have to actually turn things around from where they are now (where iPhone is eating a big chunk of the market and Google is positioning Android to eat up a bunch of the rest.)
Keep the thermometers used, keep notes about what's being done, publish that as well. If we believe there's an outlier, we should test the thermometers and if those are defunct, then we can throw out the data without bias
We're talking about measurements made over the past century. Most of the thermometers are gone, and absent a time machine you're not going to get them back. What you're essentially suggesting is that we should throw out most of the data recorded before 1990.
Incidentally, most of the data and the rationale for their correction is described in published papers. It's unbelievably, mind-numbingly boring and detailed.