WTF??? The moron installers didn't even use a $1.50 chunk of bird spike to keep the housings clear?
Like the cameras, installing "bird spike" isn't always as effective as its sellers might tell you. A few years ago, a local historic church had a bird problem. The main doors opened onto a large covered walkway, the width of the build, which had the usual decorative ledges and decorations that were excellent bird perches, and they decided to Do Something About It. They installed bird spike on top of the ledges.
The local sparrows, starlings and pigeons understood just what this was for. They started bringing in large amounts of nesting material and jamming it between the spikes. This worked really well, and the ledges were quickly covered with a long, narrow bird nest used by more birds than you'd believe. You can imagine how well this went over with the churchgoers.
After a few years of trying to make it work, the bird spikes were removed.
This whole "let's just blame the government" nonsense is simply a blind cooked up by corporate shills trying to cover up their own ineptitude. The governments are equally to blame with the corporates for their foolishness and stupidity. Blaming just one of them alone isn't simply incorrect, it's dangerous.
Some years ago, when I was preparing to leave academia for a much better-paying job in "industry", I read a rather timely bit of "advice to graduates". The author predicted that nearly everyone present would, after a few months in their first job, slowly come to realize that the company was incredibly incompetent, especially the people at the top who had little if any understanding of how their company worked but still gave orders to their underlings. Many of you will eventually ask yourself "How could this business continue to operate at a profit?" And the smarter of you will realize the answer: Every other company in the field is just as incompetent and bungling and poorly managed as this one. That's the only way to explain their continued success.
The writer's conclusion was that humans are not actually capable of behaving intelligently in groups of more that a few. All human organizations are in fact incompetent, to the point of near idiocy for the larger ones. This is the only way to explain the behavior of most human organizations.
A more geeky formulation that I've run across is that the intelligence of a group of humans is an inverse function of the number of people in it. Exactly what this function is doesn't seem to be known, and may well vary from group to group. And a few organizations have stumbled across a sort of anti-Peter-Principle, of learning what each individual is good at, and keeping them in jobs where their expertise is helpful rather than promoting them to their level of incompetence. But this is usually only partly successful, at the lowest "hands-on" level, and mostly in small organizations.
I wonder if anyone has actually worked out the inverse-intelligence function(s) for any organizations. It could be interesting to read about.
"Is it possible for a company to blame a computer based system for making stereotypical choices"?
Sure. It's possible for a company (or individual humans) to blame a computer for anything, even something that no computer can do. People blame computers for their own mistakes (and intentional actions) all the time.
[Y]our method for determining single-path-routing is flawed. The routing takes the "best" path, in many cases the "best" path is so much better than any other that it is essentially static. However, if that connection were to go down then other routes would start being used.
Well, yes and no. If you're only interested in speed, you're right. But I've worked on several projects that explicitly and intentionally scattered a connection's packets across as many (reasonably fast) routes as were available. This was done for several reasons. One of them is directly relevant to the topic at hand: Using multiple routes defeats attempts to intercept your packets and collect them. Many encryption-cracking schemes require large contiguous chunks of a message to succeed in decoding the content. If a message's packet is scattered across multiple routes, collecting all of the message's packets (or enough to decrypt it) becomes materially more difficult.
This is, or should be, of interest to anyone with security concerns. And it has been used in military communications. Actually, the projects I did this for had a different primary motive: They wanted to achieve a data transfer rate higher than any single route could provide. We were quite successful at this. But our code was also of interest to the security guys, who wanted it for security reasons rather than speed.
We did run into a problem similar to the famous incident in which all of New England was simultaneously disconnected from the rest of North America. The long-line providers (mostly the phone companies) sometimes managed to map all our connections to a single physical wire, reducing our speed to that wire's speed and making packet collection possible (though still a bit tricky). As usual, this is a primary example of why you don't want the lower layers strictly invisible to the upper layers. Regardless of whether you are doing this for speed or security, you want to know quickly when the physical layer has defeated your multi-routing scheme and reduced it to a single physical route. The people running the physical layer can't be trusted to maintain such separation, even when you've paid for it.
Doing such multi-routing from the application level is tricky. It's usually done by having multiple interfaces with different network numbers. But this can be easily reduced to a single path by the routing system. This can often be detected by using traceroute to report the paths. That, combined with knowledge of which machines have each of the reported addresses can determine that two (application-level) routes are actually one (physical level) route, and raising the appropriate alarm. But this approach has statistical behavior, with a time lag before merging of routes is discovered. Doing better generally requires hooks into the lower levels that most commercial libraries (and OSs) don't provide. This is yet another way in which the current commercial internet has defeated part of the original (military-funded) design of the Internet.
Nah; I don't think it's anything especially American. The US population is one of the most "mongrelized" on the planet. There hasn't been nearly enough time for that population to merge into any kind of self-consistent sub-population. So the behavior shown by Americans (even American politicians) is a jumble of the behaviors of all the source populations from other parts of the world.
Visually, the US population looks mostly "white", i.e., European. But the demographers tell us that this really is only skin deep, and hides a lot more mixing than most people would guess. Thus, it's estimated that some time around 1980 (give or take a few years), we reached the point where more than 50% of the US population has black African ancestry. Granted, most of those people are maybe 1/8 or 1/32 African, and look white, but most of them know that they're not "pure". I'm part of the 20-25% that has "Native-American" (the current euphemism) ancestry. I look pure white, but I'm 1/8 Ojibwa, and my father's family has a collection of stories about the treatment of the 1st and 2nd generation hybrids who looked visibly "Injun". I have a daughter who is also 1/8 Injun; her mother had a Comanche great-grandparent. The US population with Asian ancestry is around 15-20% now. And so on.
The purely European part of the US population can't be easily estimated, but may be as low as 25% now. And Europe itself has been rather mongrelized for a long time. Consider the etymology of the term "mongrelized".
So any claim to a separate "American" nature is highly bogus. They're just a jumbled mixture of humans, with all sorts of built-in (mostly culturally-derived) beliefs and behaviors. Treating them as morally superior or inferior to the rest of the world is just incorrect.
I'm pretty sure that (D)ARPA had no intention of neutrality in terms of who was "supposed to" benefit from the communication.....
It might be informative (and maybe enlightening) if we can get people to look back at what (D)ARPA actually had in mind back in the 1960s and 1970s when they were funding the development that led to the Internet. Their original documents mostly talked in terms of just the sort of "warfare" that people are getting so upset about now.
An important part of the design was multi-path routing that could be rapidly modified, as an enemy found and took out your routers. The idea was that as long as a path existed between two points, the routing system would find it and keep those two points in communication, despite the best efforts of the enemy.
Of course, in current terms, most of the Internet would consider the US government (along with various others in China, Iran, wherever) as "enemy", since people in the US government are talking openly about actively interfering with our communication without knowing or caring who we might be.
One of the major failures in the current Internet is that multi-path routing has been pretty much nixed by the ISPs. How many data paths do you have out of your home or office? 99% of us have only one, which is a blatant violation of the original design. You should try using traceroute to list the machines along the path to a remote site. Do it several times, and see if the same path comes up each time. If so, then you are a victim of single-path routing, and that path can be taken out at any time by an enemy who has access to any of those machines along the route. Or, even worse, they can make a copy of every packet between you and that site, without you knowing that they're doing this . The original ARPA/Internet design was specifically to avoid such security risks.
If we want to keep the Internet safe from "cyber warfare", maybe we should be looking seriously at what the military people are doing with it in their private networks. And we should implement the parts of IP that have been ignored in favor of a fragile design that provides mostly single-path routes.
Then we might be safer from not just the US's perceived enemies, but also from the US government itself.
And part of human nature seems to be to frame everything as a kind of "war". But this can backfire. Back in 1964, here in the US, President Lyndon Johnson declared a "War on Poverty". Quickly, millions of poor people started asking where they could go to surrender. That war was quietly shelved soon thereafter.
We just need to find as clever a way to respond to the US government declaring war on the Internet. Is there a good way to make us all look like opponents, so we can surrender and get funds for reconstruction?
They're talking about dropping untraceable containers containing nuclear material into the shipping system and redirecting them to the relevant place on an ad hoc basis. Nobody gives a shit about your spanking schoolgirls DVDs.
If history is any guide, those spanking schoolgirls DVDs are what people (and government agencies) will get really excited about. Containers full of nuclear material, though? Hardly anyone wants to get involved with them. They're booooooriiiiiiing!
Also, the way most organizations work, if you are involved with inspecting packages for radioactive material, and you catch 999 out of 1000 of them, the one that you missed will get you fired (and possibly jailed). So you'd expect that people who value their own lives, safety, freedom, etc. to avoid such jobs. Let someone else take the blame for missing a dangerous package.
This principle is especially strong in the "cyber security" field. Anyone ever involved with it knows that you get no credit for doing things right. Nobody ever notices that. But let a single exploit affect your systems, and you're hauled before investigative committees consisting of people who don't have a clue about the inner working of a computer or network. People with a desire for self-preservation tend to avoid such situations. In particular, when they fire you, you don't look for a second job with similar responsibilities.
Until this problem is fixed, we can expect all our systems to remain as insecure as they are now.
Another likely cause is some software package that uses "dearbook" as the default password, or uses it in examples. People have a way of making minimal changes in things that they install, out of fear of breaking something. They also tend to copy examples literally, even the fields that are supposed to contain personal information.
The entire concept of "now" is pure fiction. Neurologically, physically, metaphorically and scientifically.
Nah; that's only true if you don't understand (or refuse to deal with) concepts like "digits of precision" or "error bars" or "resolution limit", which are used all over the place in scientific and engineering circles.
If you understand those concepts, then it's fairly trivial to define "now" internally to your brain and/or body; it's just the time interval that your mental processes can resolve. This interval differs for different people, of course. It's generally greater than a millisecond for humans, because that's (very roughly) the time required for nerve signals to transit the brain.
One thing that some people have to deal with is that message transit time between your brain and your extremities can be greater than what your eyes and brain can resolve. This is known to many athletes and musicians, who have to deal with millisecond-level precision in many of the things they do. This has also been proposed as an important factor in the evolution of the human brain, triggered by the need to throw things (rocks, spears,) to kill prey.
Thus, it has been estimated that for primitive hunters and baseball pitchers, the hand's release of the projectile must be precise to less than a millisecond. But the brain-to-muscle nerves transmit at about 100 m/s, so the roughly 1 m trip to your hands takes about 10 ms, ten times longer than the release "window" for accuracy in throwing something. This requires some sophisticated processing power to calculate the timing of nerve signals
Similarly, musicians routinely time notes to a precision of around 1 ms, so from the brain's viewpoint, the commands must be sent out before the note begins. Also, some instruments (mostly bass instruments) have a time lag of several ms before they sound, which adds to the time. So in some cases, musicians' brains are sending muscle commands for several notes ahead of the one sounding right "now".
This is all part of the complex task of earning to perform such precise high-speed actions. But it's all based on a fairly clear concept of "now" as the smallest time interval that your brain can resolve. The interesting part is that our brains can learn to automatically adjust for the nerve-speed delays, and can learn to "see" the delays well enough to send out messages that will arrive in the near future, outside the brain's "now" window.
Of course, when you're dealing with astronomical distances, Einstein was right when he pointed out that there are some serious problems with the concept of "now" that we use in our everyday lives. It took a bit of thought (and some fairly sophisticated math) to get things right on such scales. It's not surprising that people without advanced physics degrees tend to resort to somewhat mystical language when they try to talk about the topic. Or claim that it's meaningless.;-)
Simple. You rank the bug by the all-conquering financial cost of continuing to have software out there, that has that bug.
It's easy to say "Simple." But that doesn't make it simple. Estimating time and/or cost of fixing a bug can easily take a lot more time (and money) than does the actual fix. This is especially true for software, where time/cost estimates are purely guesswork. After all, if you knew how long it would take to diagnose and fix a bug, you'd probably have already done it, and you wouldn't have the bug. The actual fix typically is just a few seconds of typing. But this typically follows hours or days (or weeks or...) of studying and testing to figure out WTF is going on in the code, and there's no usually no way to accurately estimate this diagnostic phase until after you've finished it.
I have ignored bugs, not because it doesnt need to be addressed, but because it is low priority.
You have had priorities? Nearly every place I've worked, every problem (and every development task) is rated as top priority. That is, there's only one priority level ever used, which is logically equivalent to there being no priority ranking at all. The developers' natural reaction to this is to work on whatever seems most interesting at the moment. Some things then "fall through the cracks" for a very long time.
How do you get people (customers, bosses, etc._ to prioritize things like bug reports as anything other than "highest"?
If you'd ever had a broken ankle you'd know there was no confusing it for a sprain.
Maybe, but for the other 99% of us, if we have some sort of accident that results in serious pain in an ankle, how do we determine which we have?
The obvious way is to go to a hospital and ask them. But if you know a better (i.e., more reliable) way, how about telling us inexperienced folks how to tell the two apart.
Note that a well-known online language forum has picked up this story as the latest examle of a crash blossom, i.e., a headline that has two or more radically different parsings.
This one seems to have originated in the beeb, and there are suspicions that they have headline writers who specialize in this sort of ambiguity. They have had a lot of hilarious headlines recently, that are often read completely wrong by most readers.
Average Joe doesn't seem able to find the clearly labelled Help menu in most programs, so the difference between that and not knowing man is negligible.
Or maybe Joe has just learned that that Help menu only rarely provides any help with the current problem.
I'm typing this (to Firefox) on a Mac, perhaps the most vaunted "user-friendly" system in the industry. I've tried using that Help menu on many occasions, but most of the time, I seem to just get links to anything anywhere in the system that contains the keywords that I type into the Search widget. These hardly ever have anything to do with the app that I'm running at the moment. Actually, the FF Help menu does seem to have some things that deal with FF. When I move the pointer to the first (Sidebar > Bookmarks) item, a number of other menus suddenly pop up, and they're rather baffling. But there's a little wavering arrow pointing at the an item in one of the menus, so I clicked on it. All the menus instantly disappeared, and waiting didn't result in any new window to pop up with the expected Help information. I've worked with Macs off and on for a decade, and I still find most of Help's behavior this baffling. Occasionally it finds me help; usually it just wastes my time. So I ask google, which usually does find me information, though it's often buried in the 3rd or 17th page of totally irrelevant stuff.;-)
These days, I think I prefer the original unix man-based stuff. If it doesn't know, I discover that very quickly, and I ask google after wasting far less time than I waste on Mac's crappy Help menu.
It's disappointing when it's so much harder to get good information about something on the "user-friendly" systems than on the "user-hostile" systems like unix and linux.;-)
You can't find any *human* motives for harming us.
Maybe not, but any alien species could easily share a common attitude of humans and many other species on our planet: They could just not care about us one way or another, but while carrying out their ordinary activities ("life"), they do things that kill us off.
This isn't hypothetical. We're in the middle of a "mass extinction episode" on our world, and the extinctions are about 99% due to human activity. Only a few of these (e.g., the smallpox and measles viruses) have been explicit targets of humans. Most have died out do to "habitat loss" associated with spreading human habitation, agriculture, mining, etc. The humans responsible for the extinctions aren't intentionally killing off most species; they just don't notice or care about critters that are irrelevant to their own lives.
This was part of the plot of the Hitchhiker's Guide novels, of course. In the first chapter, the Earth is vaporized (along with most of its life forms), simply because the planet happened to be in the way of a galactic construction crew's work, and we hadn't registered any objections in the nearest government office at Alpha Centauri. And it gets funnier from there on...
It's probably true that an alien species that finds us would probably view us as a cute new semi-intelligent species that's worth protecting. But if our own world is any guide, by the time that happens, we could well have been (nearly) exterminated by their construction crews, who can't be bothered to look out for insignificant life forms like us.
We must never, ever have government dictating technological design.
Heh. You're a bit late with that suggestion. Even the least competent investigation will quickly turn up the fact that around 99% of the money that paid for the development of first the ARPAnet and then its successor the Internet came from the US government. Not just the US government, but the US Department of Defense.;-)
If it weren't for government agencies "dictating technological design", we wouldn't have the Internet at at all. We'd just have a lot of corporate walled-garden private networks that didn't interoperate, and for which you and I couldn't develop software.
Actually, we still have such private walled-garden networks, but IP can be installed on top of almost all of them, so they don't really matter at the network layer and above. Except that the corporations keep trying to push us back into their gardens, where they control what can be developed and run, and we pay them for the "right" to run a limited set of apps on the only gadgets that they permit to be "sold" (actually leased) in our neighborhoods where they have monopolies.
Anyone with a grain of sense would want to see more government control of the communication systems. That's the only thing that has ever permitted an actual "market" of comm devices and software to develop.
Of course, we then have the issue of "Who watches the watchers?". But we do have centuries of experience dealing with that question. Much of the US's current problems with expanding walled gardens is due to our neglecting this issue and letting the corporate world buy the government regulators. But a lot of us are aware of this problem. The current topic is just one of many skirmishes in that particular ongoing battle.
I've seen comments that to a lot of management, the IT department is is conceptually similar to the janitorial department, except that the latter keeps the physical facilities clean while the former keeps the data clean (and does a poorer job at its task;-). Both are pure operational costs that bring in no income, so their cost should be minimized.
It's funny that I've seen this attitude even when the company's products depends in large part on their software people. But the people who build the software are still considered an overhead cost, while the credit for sales goes to the marketers. We've seen this in physical manufacturing, too, where many companies have historically treated their assembly-line workers as "overhead", giving them no credit for sales of the products.
There's gotta be an economics term for this attitude...
Another related problem I've had is that XSS seems to have a wide range of definitions, and is such a vaguely-defined concept that it applies to a lot of valid web applications.
I've seen a number of definitions of XSS that include all cases where a CGI program gets a URL for a third site, and sends an HTTP request there. I have a number of sites whose CGI software is designed to work exactly this way. The data is distributed across several hundred other sites, only a few of them mine. My main sites have small databases where they can look up parts of requests, figure out where the data can be found, pass the request over to that server, wait for the replies, and combine the results into the web page that the client wants.
I don't especially like the idea that self-styled security experts would classify such setups between cooperating sites to be security violations. And I suspect that the folks who did this study would classify our distributed database (and probably google's;-) as implementing XSS attacks. Our main "public" web sites would be classified as doing an XSS attack on our database sites.
So is there any sensible way to figure out what any given security researcher means by an "XSS attack"? Is there a reasonable way to argue for a more restrictive definition that would permit a flock of cooperating web servers to bounce requests back and forth like ours do, without being classified as an insecure "XSS attack" site?
(Actually, we've known from the start that, in a weak sense, our CGI software can be used to "attack" other sites. Just call it with a random URL; it'll send a GET request to that site. It'll then find that the data isn't in the expected format, drop it after the first data packet, and sent you a "failed" reply. If you do this more than N times, you'll end up in our blacklist, and you'll get a reply explaining why you're blacklisted. An actual attack process would be over in a few seconds, so this isn't very useful as a way of DDOSing some victim site.;-)
Why _would_ you [send valid content with a 4xx or 4xx code]? Is there incentive to be standards-compliant, friendly, and heterogenous-mix-of-clients interoperative with attackers?
Perhaps because you know that the "attacks" are coming from sites that don't know they're attacking you, but are merely asking for content.
The specific cases I'm thinking of are some sites that I'm responsible for, which can deliver the "content" information in a list of different formats such as HTML, PS, EPS, PS, RTF, GIF, PNG (and even plain text;-). The request pages list the formats that are available; a client clicks on the one(s) that they want and presses the "Send" button, and gets back the information in the requested format(s). The data is stored in a database, of course, and converted on the fly to whatever format is requested. Things like PS and PDF are huge in comparison, so we don't save them. The required disk space would be exorbitantly expensive.
There is a real problem with such an approach: The search sites' bots tend to hit your site with requests for all of your data in all of your formats. Some of them do this from several addresses simultaneously, hitting the poor little server with large numbers of conversion requests per second, bringing the server to its knees. Converting plain text to all the above formats can be quite expensive.
How I handled this was to, first (as an emergency measure), simply drop the request from an "attacker" IP address. This gave breathing space, while I implemented the rest. What's in place now is code that honors single requests, but if it sees multiple such requests in the same second coming from a single address or a known search-site address block, replies to just one of them, and sends the rest an HTML page explaining why their request was rejected.
Over time, this tends to get the message through to the guys behind the search bots, and they add code on their side to be nicer to smaller sites like ours.
I've also used this approach to explain to search-site developers why they should honor a nofollow attribute. After all, they get no information from the expensive formats like PS, PDF or PNG that's not in the plain-text or HTML file, so there's no real reason for a search site to request them.
Note that, in this case, we do actually refer to such misbehaved search bots as "attackers". They're clearly DOSing us, for no good reason. But the people responsible aren't actually malevolent; they just didn't realize what they're doing to small sites. If you can defuse their attacks gently, with human-readable explanations, they'll usually relent and become better neighbors. This helps their site, too, since they no longer waste disk space and cpu time dealing with duplicate information in formats that are expensive to decode and eat disks.
It's yet another case where the usual simplistic approach to "security" doesn't match well with reality.
(It should be noted that the above code also has a blacklist, which lists addresses that are simply blocked, because the code at that site either doesn't relent, or attempts things like XSS or SQL attacks, which are recognized during the input-parsing phase. Those sites simple get a 404. But those are a minority of our rejections. We don't mind being in the search site's indexes; we just don't like being DOS'd by their search bots.)
They may, but we'll probably never know, because they're not posting anything.
I often hang out with a number of crowds that play several kinds of music, and often play for related dancing. There are occasional comments about the people in these crowds not being "normal". I like to reply along the lines of "Of course not; if we were normal, we'd all be at home, watching the Tube."
This usually gets grins, and the topic is dropped. It's obvious to all of us that this is literally true. Statistically "normal" people don't do things; they watch other people doing things. If you're the one actually out there doing something, no matter what it is, you're part of a tiny minority. By the standards of the large majority, you aren't normal.
We don't know how many people actually read/., but one thing we can safely say is that the population that posts here is a very tiny minority of humanity. These people are actively taking part in a public conversation (even those who just post "Frist Psot!";-) So nothing you read here was written by a "normal" human being. We're all participants, not spectators, so we're not normal.
I learned to accept my abnormality decades ago. You can too. The first step is to publicly admit that you're not normal...
There is some content on the Internet that "any normal human being would be offended by,"
I don't think I could write a better one-sentence example of institutional conformism. "Normal human beings" are a myth,...
Nah; you just have to understand something that he left out: his definition of a "normal human being", which is "anyone who agrees with me".
Note that, by this definition, there exists at least one normal human being: Mr. Sibal himself.
And, in a bit of recursion, we might note that the above definition of "normal" is in fact the normal definition used by most people. So when I talk about normal people, we also know that there is at least one person who fits my definition.
Can I claim to be a normal human being who is offended by this proposal? Perhaps HE should be censored.
Certainly you can, and he should. This might be the most effective approach. Back when I was in college, there were a lot of complaints about the "pornographic" publications in the student bookstore. You know, Playboy, etc. The bookstore tried setting a policy of removing publications that more than N customers found offensive. When flocks of students started declaring that publications like Time and Newsweek were publishing offensive material, they had to quickly reverse that policy. The bottom line was that they kept selling Playboy, and the other "porn" magazines (like TIme and Newsweek;-).
What we should do is ask for the URL where we can register that we find some site offensive. Then we go there and feed it links to stories about Mr. Sibal. We repeat this when others try the same thing in other countries.
A lot of these errors have been found in neuroscience journals, too, which fancies itself a harder science...
Actually, this is mostly a special case of a problem that's recognized in most scientific fields: Much scientific work (experimental or observational) has a statistical component, and scientists generally don't have as good an understanding of statistics as their work requires.
Statistics shares a common problem with other basic subject such as quantum theory, relativity, and chaos theory: They don't fit well with human "intuitive" concepts of how the world works. With quantum theory and relativity, this is fairly blatant, and people usually don't try to pretend to understand them until they've done some serious study. But with statistics (and chaos;-), people tend to think they have at least a basic understanding of probability, and they also tend to think that that's all they need. They end up publishing data on the basis of output from packaged software that they don't understand well.
A while back, there was a discussion in a linguistic forum that I follow, about the Pirahã language which lacks words for numbers. As a way of explaining how people could survive without numbers, one contributor came up with an informative parallel: In the modern Western world, there are many important things (economics and climate are hot-topic examples) that can't be understood without an understanding of the important concepts of statistics. But one can easily argue that the dominant "modern" languages lack words for statistical concepts.
Nearly everyone will object that, for instance, English has well-known terms like "chance", "probability", "mean", "standard deviation", "correlation", etc. But, the author pointed out, these are "cargo-cult" terms, borrowed from an alien (i.e., scientific) language, with little or no actual understanding of their meanings by most of the native speakers of English. This is clear if you look for statistical terms in the English media, and figure out how they're being used. They are just magical terms used to sound convincing, but it's usually clear that the speaker/write doesn't actually understand their technical meaning. Similarly, "quantum" is a common English word, but it's common meaning is very nearly an antonym of the technical meaning in physics. Most English speakers have little or no understanding of the technical meanings of these terms
In the case of statistical terms, scientists do tend to have taken a course or two in college. But understanding is low, barely above the common understanding used in the media and politics. So it's not surprising that a good number of papers in many scientific fields claim results that don't strictly follow from the data. If there is any sampling done to get the data (and there usually is), it's likely that the conclusions came partly from an interpretation of some software's output that is based on a misunderstanding of the statistical terminology.
Of course, when you get to the pseudo-sciences and the political arena, this process isn't accidental. Statistical buzz-words are often used as part of the psychological weaponry, to convince readers/listeners of whatever the writer/speaker is trying to convince them of. This is often done with malice aforethought, knowing that the public has almost no understanding of statistics.
Slashdot Mirror
WTF??? The moron installers didn't even use a $1.50 chunk of bird spike to keep the housings clear?
Like the cameras, installing "bird spike" isn't always as effective as its sellers might tell you. A few years ago, a local historic church had a bird problem. The main doors opened onto a large covered walkway, the width of the build, which had the usual decorative ledges and decorations that were excellent bird perches, and they decided to Do Something About It. They installed bird spike on top of the ledges.
The local sparrows, starlings and pigeons understood just what this was for. They started bringing in large amounts of nesting material and jamming it between the spikes. This worked really well, and the ledges were quickly covered with a long, narrow bird nest used by more birds than you'd believe. You can imagine how well this went over with the churchgoers.
After a few years of trying to make it work, the bird spikes were removed.
This whole "let's just blame the government" nonsense is simply a blind cooked up by corporate shills trying to cover up their own ineptitude. The governments are equally to blame with the corporates for their foolishness and stupidity. Blaming just one of them alone isn't simply incorrect, it's dangerous.
Some years ago, when I was preparing to leave academia for a much better-paying job in "industry", I read a rather timely bit of "advice to graduates". The author predicted that nearly everyone present would, after a few months in their first job, slowly come to realize that the company was incredibly incompetent, especially the people at the top who had little if any understanding of how their company worked but still gave orders to their underlings. Many of you will eventually ask yourself "How could this business continue to operate at a profit?" And the smarter of you will realize the answer: Every other company in the field is just as incompetent and bungling and poorly managed as this one. That's the only way to explain their continued success.
The writer's conclusion was that humans are not actually capable of behaving intelligently in groups of more that a few. All human organizations are in fact incompetent, to the point of near idiocy for the larger ones. This is the only way to explain the behavior of most human organizations.
A more geeky formulation that I've run across is that the intelligence of a group of humans is an inverse function of the number of people in it. Exactly what this function is doesn't seem to be known, and may well vary from group to group. And a few organizations have stumbled across a sort of anti-Peter-Principle, of learning what each individual is good at, and keeping them in jobs where their expertise is helpful rather than promoting them to their level of incompetence. But this is usually only partly successful, at the lowest "hands-on" level, and mostly in small organizations.
I wonder if anyone has actually worked out the inverse-intelligence function(s) for any organizations. It could be interesting to read about.
"Is it possible for a company to blame a computer based system for making stereotypical choices"?
Sure. It's possible for a company (or individual humans) to blame a computer for anything, even something that no computer can do. People blame computers for their own mistakes (and intentional actions) all the time.
[Y]our method for determining single-path-routing is flawed. The routing takes the "best" path, in many cases the "best" path is so much better than any other that it is essentially static. However, if that connection were to go down then other routes would start being used.
Well, yes and no. If you're only interested in speed, you're right. But I've worked on several projects that explicitly and intentionally scattered a connection's packets across as many (reasonably fast) routes as were available. This was done for several reasons. One of them is directly relevant to the topic at hand: Using multiple routes defeats attempts to intercept your packets and collect them. Many encryption-cracking schemes require large contiguous chunks of a message to succeed in decoding the content. If a message's packet is scattered across multiple routes, collecting all of the message's packets (or enough to decrypt it) becomes materially more difficult.
This is, or should be, of interest to anyone with security concerns. And it has been used in military communications. Actually, the projects I did this for had a different primary motive: They wanted to achieve a data transfer rate higher than any single route could provide. We were quite successful at this. But our code was also of interest to the security guys, who wanted it for security reasons rather than speed.
We did run into a problem similar to the famous incident in which all of New England was simultaneously disconnected from the rest of North America. The long-line providers (mostly the phone companies) sometimes managed to map all our connections to a single physical wire, reducing our speed to that wire's speed and making packet collection possible (though still a bit tricky). As usual, this is a primary example of why you don't want the lower layers strictly invisible to the upper layers. Regardless of whether you are doing this for speed or security, you want to know quickly when the physical layer has defeated your multi-routing scheme and reduced it to a single physical route. The people running the physical layer can't be trusted to maintain such separation, even when you've paid for it.
Doing such multi-routing from the application level is tricky. It's usually done by having multiple interfaces with different network numbers. But this can be easily reduced to a single path by the routing system. This can often be detected by using traceroute to report the paths. That, combined with knowledge of which machines have each of the reported addresses can determine that two (application-level) routes are actually one (physical level) route, and raising the appropriate alarm. But this approach has statistical behavior, with a time lag before merging of routes is discovered. Doing better generally requires hooks into the lower levels that most commercial libraries (and OSs) don't provide. This is yet another way in which the current commercial internet has defeated part of the original (military-funded) design of the Internet.
Nah; I don't think it's anything especially American. The US population is one of the most "mongrelized" on the planet. There hasn't been nearly enough time for that population to merge into any kind of self-consistent sub-population. So the behavior shown by Americans (even American politicians) is a jumble of the behaviors of all the source populations from other parts of the world.
Visually, the US population looks mostly "white", i.e., European. But the demographers tell us that this really is only skin deep, and hides a lot more mixing than most people would guess. Thus, it's estimated that some time around 1980 (give or take a few years), we reached the point where more than 50% of the US population has black African ancestry. Granted, most of those people are maybe 1/8 or 1/32 African, and look white, but most of them know that they're not "pure". I'm part of the 20-25% that has "Native-American" (the current euphemism) ancestry. I look pure white, but I'm 1/8 Ojibwa, and my father's family has a collection of stories about the treatment of the 1st and 2nd generation hybrids who looked visibly "Injun". I have a daughter who is also 1/8 Injun; her mother had a Comanche great-grandparent. The US population with Asian ancestry is around 15-20% now. And so on.
The purely European part of the US population can't be easily estimated, but may be as low as 25% now. And Europe itself has been rather mongrelized for a long time. Consider the etymology of the term "mongrelized".
So any claim to a separate "American" nature is highly bogus. They're just a jumbled mixture of humans, with all sorts of built-in (mostly culturally-derived) beliefs and behaviors. Treating them as morally superior or inferior to the rest of the world is just incorrect.
I'm pretty sure that (D)ARPA had no intention of neutrality in terms of who was "supposed to" benefit from the communication.....
It might be informative (and maybe enlightening) if we can get people to look back at what (D)ARPA actually had in mind back in the 1960s and 1970s when they were funding the development that led to the Internet. Their original documents mostly talked in terms of just the sort of "warfare" that people are getting so upset about now.
An important part of the design was multi-path routing that could be rapidly modified, as an enemy found and took out your routers. The idea was that as long as a path existed between two points, the routing system would find it and keep those two points in communication, despite the best efforts of the enemy.
Of course, in current terms, most of the Internet would consider the US government (along with various others in China, Iran, wherever) as "enemy", since people in the US government are talking openly about actively interfering with our communication without knowing or caring who we might be.
One of the major failures in the current Internet is that multi-path routing has been pretty much nixed by the ISPs. How many data paths do you have out of your home or office? 99% of us have only one, which is a blatant violation of the original design. You should try using traceroute to list the machines along the path to a remote site. Do it several times, and see if the same path comes up each time. If so, then you are a victim of single-path routing, and that path can be taken out at any time by an enemy who has access to any of those machines along the route. Or, even worse, they can make a copy of every packet between you and that site, without you knowing that they're doing this . The original ARPA/Internet design was specifically to avoid such security risks.
If we want to keep the Internet safe from "cyber warfare", maybe we should be looking seriously at what the military people are doing with it in their private networks. And we should implement the parts of IP that have been ignored in favor of a fragile design that provides mostly single-path routes.
Then we might be safer from not just the US's perceived enemies, but also from the US government itself.
And part of human nature seems to be to frame everything as a kind of "war". But this can backfire. Back in 1964, here in the US, President Lyndon Johnson declared a "War on Poverty". Quickly, millions of poor people started asking where they could go to surrender. That war was quietly shelved soon thereafter.
We just need to find as clever a way to respond to the US government declaring war on the Internet. Is there a good way to make us all look like opponents, so we can surrender and get funds for reconstruction?
Anyone got any good ways to phrase this?
It presumably also mean an extension of some of the industry's crappiest "customer support" to that part of the spectrum.
What I wonder is: Where is Lily Tomlin when we need her?
They're talking about dropping untraceable containers containing nuclear material into the shipping system and redirecting them to the relevant place on an ad hoc basis. Nobody gives a shit about your spanking schoolgirls DVDs.
If history is any guide, those spanking schoolgirls DVDs are what people (and government agencies) will get really excited about. Containers full of nuclear material, though? Hardly anyone wants to get involved with them. They're booooooriiiiiiing!
Also, the way most organizations work, if you are involved with inspecting packages for radioactive material, and you catch 999 out of 1000 of them, the one that you missed will get you fired (and possibly jailed). So you'd expect that people who value their own lives, safety, freedom, etc. to avoid such jobs. Let someone else take the blame for missing a dangerous package.
This principle is especially strong in the "cyber security" field. Anyone ever involved with it knows that you get no credit for doing things right. Nobody ever notices that. But let a single exploit affect your systems, and you're hauled before investigative committees consisting of people who don't have a clue about the inner working of a computer or network. People with a desire for self-preservation tend to avoid such situations. In particular, when they fire you, you don't look for a second job with similar responsibilities.
Until this problem is fixed, we can expect all our systems to remain as insecure as they are now.
Another likely cause is some software package that uses "dearbook" as the default password, or uses it in examples. People have a way of making minimal changes in things that they install, out of fear of breaking something. They also tend to copy examples literally, even the fields that are supposed to contain personal information.
By only employing people who are willing to work for money, and paying them well?
I don't believe having money relates to being honest
Actually, they are related - but the correlation coefficient is negative. ;-)
The entire concept of "now" is pure fiction. Neurologically, physically, metaphorically and scientifically.
Nah; that's only true if you don't understand (or refuse to deal with) concepts like "digits of precision" or "error bars" or "resolution limit", which are used all over the place in scientific and engineering circles.
If you understand those concepts, then it's fairly trivial to define "now" internally to your brain and/or body; it's just the time interval that your mental processes can resolve. This interval differs for different people, of course. It's generally greater than a millisecond for humans, because that's (very roughly) the time required for nerve signals to transit the brain.
One thing that some people have to deal with is that message transit time between your brain and your extremities can be greater than what your eyes and brain can resolve. This is known to many athletes and musicians, who have to deal with millisecond-level precision in many of the things they do. This has also been proposed as an important factor in the evolution of the human brain, triggered by the need to throw things (rocks, spears,) to kill prey.
Thus, it has been estimated that for primitive hunters and baseball pitchers, the hand's release of the projectile must be precise to less than a millisecond. But the brain-to-muscle nerves transmit at about 100 m/s, so the roughly 1 m trip to your hands takes about 10 ms, ten times longer than the release "window" for accuracy in throwing something. This requires some sophisticated processing power to calculate the timing of nerve signals
Similarly, musicians routinely time notes to a precision of around 1 ms, so from the brain's viewpoint, the commands must be sent out before the note begins. Also, some instruments (mostly bass instruments) have a time lag of several ms before they sound, which adds to the time. So in some cases, musicians' brains are sending muscle commands for several notes ahead of the one sounding right "now".
This is all part of the complex task of earning to perform such precise high-speed actions. But it's all based on a fairly clear concept of "now" as the smallest time interval that your brain can resolve. The interesting part is that our brains can learn to automatically adjust for the nerve-speed delays, and can learn to "see" the delays well enough to send out messages that will arrive in the near future, outside the brain's "now" window.
Of course, when you're dealing with astronomical distances, Einstein was right when he pointed out that there are some serious problems with the concept of "now" that we use in our everyday lives. It took a bit of thought (and some fairly sophisticated math) to get things right on such scales. It's not surprising that people without advanced physics degrees tend to resort to somewhat mystical language when they try to talk about the topic. Or claim that it's meaningless. ;-)
Simple. You rank the bug by the all-conquering financial cost of continuing to have software out there, that has that bug.
It's easy to say "Simple." But that doesn't make it simple. Estimating time and/or cost of fixing a bug can easily take a lot more time (and money) than does the actual fix. This is especially true for software, where time/cost estimates are purely guesswork. After all, if you knew how long it would take to diagnose and fix a bug, you'd probably have already done it, and you wouldn't have the bug. The actual fix typically is just a few seconds of typing. But this typically follows hours or days (or weeks or ...) of studying and testing to figure out WTF is going on in the code, and there's no usually no way to accurately estimate this diagnostic phase until after you've finished it.
I have ignored bugs, not because it doesnt need to be addressed, but because it is low priority.
You have had priorities? Nearly every place I've worked, every problem (and every development task) is rated as top priority. That is, there's only one priority level ever used, which is logically equivalent to there being no priority ranking at all. The developers' natural reaction to this is to work on whatever seems most interesting at the moment. Some things then "fall through the cracks" for a very long time.
How do you get people (customers, bosses, etc._ to prioritize things like bug reports as anything other than "highest"?
If you'd ever had a broken ankle you'd know there was no confusing it for a sprain.
Maybe, but for the other 99% of us, if we have some sort of accident that results in serious pain in an ankle, how do we determine which we have?
The obvious way is to go to a hospital and ask them. But if you know a better (i.e., more reliable) way, how about telling us inexperienced folks how to tell the two apart.
Note that a well-known online language forum has picked up this story as the latest examle of a crash blossom, i.e., a headline that has two or more radically different parsings.
This one seems to have originated in the beeb, and there are suspicions that they have headline writers who specialize in this sort of ambiguity. They have had a lot of hilarious headlines recently, that are often read completely wrong by most readers.
Average Joe doesn't seem able to find the clearly labelled Help menu in most programs, so the difference between that and not knowing man is negligible.
Or maybe Joe has just learned that that Help menu only rarely provides any help with the current problem.
I'm typing this (to Firefox) on a Mac, perhaps the most vaunted "user-friendly" system in the industry. I've tried using that Help menu on many occasions, but most of the time, I seem to just get links to anything anywhere in the system that contains the keywords that I type into the Search widget. These hardly ever have anything to do with the app that I'm running at the moment. Actually, the FF Help menu does seem to have some things that deal with FF. When I move the pointer to the first (Sidebar > Bookmarks) item, a number of other menus suddenly pop up, and they're rather baffling. But there's a little wavering arrow pointing at the an item in one of the menus, so I clicked on it. All the menus instantly disappeared, and waiting didn't result in any new window to pop up with the expected Help information. I've worked with Macs off and on for a decade, and I still find most of Help's behavior this baffling. Occasionally it finds me help; usually it just wastes my time. So I ask google, which usually does find me information, though it's often buried in the 3rd or 17th page of totally irrelevant stuff. ;-)
These days, I think I prefer the original unix man-based stuff. If it doesn't know, I discover that very quickly, and I ask google after wasting far less time than I waste on Mac's crappy Help menu.
It's disappointing when it's so much harder to get good information about something on the "user-friendly" systems than on the "user-hostile" systems like unix and linux. ;-)
You can't find any *human* motives for harming us.
Maybe not, but any alien species could easily share a common attitude of humans and many other species on our planet: They could just not care about us one way or another, but while carrying out their ordinary activities ("life"), they do things that kill us off.
This isn't hypothetical. We're in the middle of a "mass extinction episode" on our world, and the extinctions are about 99% due to human activity. Only a few of these (e.g., the smallpox and measles viruses) have been explicit targets of humans. Most have died out do to "habitat loss" associated with spreading human habitation, agriculture, mining, etc. The humans responsible for the extinctions aren't intentionally killing off most species; they just don't notice or care about critters that are irrelevant to their own lives.
This was part of the plot of the Hitchhiker's Guide novels, of course. In the first chapter, the Earth is vaporized (along with most of its life forms), simply because the planet happened to be in the way of a galactic construction crew's work, and we hadn't registered any objections in the nearest government office at Alpha Centauri. And it gets funnier from there on ...
It's probably true that an alien species that finds us would probably view us as a cute new semi-intelligent species that's worth protecting. But if our own world is any guide, by the time that happens, we could well have been (nearly) exterminated by their construction crews, who can't be bothered to look out for insignificant life forms like us.
We must never, ever have government dictating technological design.
Heh. You're a bit late with that suggestion. Even the least competent investigation will quickly turn up the fact that around 99% of the money that paid for the development of first the ARPAnet and then its successor the Internet came from the US government. Not just the US government, but the US Department of Defense. ;-)
If it weren't for government agencies "dictating technological design", we wouldn't have the Internet at at all. We'd just have a lot of corporate walled-garden private networks that didn't interoperate, and for which you and I couldn't develop software.
Actually, we still have such private walled-garden networks, but IP can be installed on top of almost all of them, so they don't really matter at the network layer and above. Except that the corporations keep trying to push us back into their gardens, where they control what can be developed and run, and we pay them for the "right" to run a limited set of apps on the only gadgets that they permit to be "sold" (actually leased) in our neighborhoods where they have monopolies.
Anyone with a grain of sense would want to see more government control of the communication systems. That's the only thing that has ever permitted an actual "market" of comm devices and software to develop.
Of course, we then have the issue of "Who watches the watchers?". But we do have centuries of experience dealing with that question. Much of the US's current problems with expanding walled gardens is due to our neglecting this issue and letting the corporate world buy the government regulators. But a lot of us are aware of this problem. The current topic is just one of many skirmishes in that particular ongoing battle.
I've seen comments that to a lot of management, the IT department is is conceptually similar to the janitorial department, except that the latter keeps the physical facilities clean while the former keeps the data clean (and does a poorer job at its task ;-). Both are pure operational costs that bring in no income, so their cost should be minimized.
It's funny that I've seen this attitude even when the company's products depends in large part on their software people. But the people who build the software are still considered an overhead cost, while the credit for sales goes to the marketers. We've seen this in physical manufacturing, too, where many companies have historically treated their assembly-line workers as "overhead", giving them no credit for sales of the products.
There's gotta be an economics term for this attitude ...
Another related problem I've had is that XSS seems to have a wide range of definitions, and is such a vaguely-defined concept that it applies to a lot of valid web applications.
I've seen a number of definitions of XSS that include all cases where a CGI program gets a URL for a third site, and sends an HTTP request there. I have a number of sites whose CGI software is designed to work exactly this way. The data is distributed across several hundred other sites, only a few of them mine. My main sites have small databases where they can look up parts of requests, figure out where the data can be found, pass the request over to that server, wait for the replies, and combine the results into the web page that the client wants.
I don't especially like the idea that self-styled security experts would classify such setups between cooperating sites to be security violations. And I suspect that the folks who did this study would classify our distributed database (and probably google's ;-) as implementing XSS attacks. Our main "public" web sites would be classified as doing an XSS attack on our database sites.
So is there any sensible way to figure out what any given security researcher means by an "XSS attack"? Is there a reasonable way to argue for a more restrictive definition that would permit a flock of cooperating web servers to bounce requests back and forth like ours do, without being classified as an insecure "XSS attack" site?
(Actually, we've known from the start that, in a weak sense, our CGI software can be used to "attack" other sites. Just call it with a random URL; it'll send a GET request to that site. It'll then find that the data isn't in the expected format, drop it after the first data packet, and sent you a "failed" reply. If you do this more than N times, you'll end up in our blacklist, and you'll get a reply explaining why you're blacklisted. An actual attack process would be over in a few seconds, so this isn't very useful as a way of DDOSing some victim site. ;-)
Why _would_ you [send valid content with a 4xx or 4xx code]? Is there incentive to be standards-compliant, friendly, and heterogenous-mix-of-clients interoperative with attackers?
Perhaps because you know that the "attacks" are coming from sites that don't know they're attacking you, but are merely asking for content.
The specific cases I'm thinking of are some sites that I'm responsible for, which can deliver the "content" information in a list of different formats such as HTML, PS, EPS, PS, RTF, GIF, PNG (and even plain text ;-). The request pages list the formats that are available; a client clicks on the one(s) that they want and presses the "Send" button, and gets back the information in the requested format(s). The data is stored in a database, of course, and converted on the fly to whatever format is requested. Things like PS and PDF are huge in comparison, so we don't save them. The required disk space would be exorbitantly expensive.
There is a real problem with such an approach: The search sites' bots tend to hit your site with requests for all of your data in all of your formats. Some of them do this from several addresses simultaneously, hitting the poor little server with large numbers of conversion requests per second, bringing the server to its knees. Converting plain text to all the above formats can be quite expensive.
How I handled this was to, first (as an emergency measure), simply drop the request from an "attacker" IP address. This gave breathing space, while I implemented the rest. What's in place now is code that honors single requests, but if it sees multiple such requests in the same second coming from a single address or a known search-site address block, replies to just one of them, and sends the rest an HTML page explaining why their request was rejected.
Over time, this tends to get the message through to the guys behind the search bots, and they add code on their side to be nicer to smaller sites like ours.
I've also used this approach to explain to search-site developers why they should honor a nofollow attribute. After all, they get no information from the expensive formats like PS, PDF or PNG that's not in the plain-text or HTML file, so there's no real reason for a search site to request them.
Note that, in this case, we do actually refer to such misbehaved search bots as "attackers". They're clearly DOSing us, for no good reason. But the people responsible aren't actually malevolent; they just didn't realize what they're doing to small sites. If you can defuse their attacks gently, with human-readable explanations, they'll usually relent and become better neighbors. This helps their site, too, since they no longer waste disk space and cpu time dealing with duplicate information in formats that are expensive to decode and eat disks.
It's yet another case where the usual simplistic approach to "security" doesn't match well with reality.
(It should be noted that the above code also has a blacklist, which lists addresses that are simply blocked, because the code at that site either doesn't relent, or attempts things like XSS or SQL attacks, which are recognized during the input-parsing phase. Those sites simple get a 404. But those are a minority of our rejections. We don't mind being in the search site's indexes; we just don't like being DOS'd by their search bots.)
BUT, do normal human beings frequent slashdot?
They may, but we'll probably never know, because they're not posting anything.
I often hang out with a number of crowds that play several kinds of music, and often play for related dancing. There are occasional comments about the people in these crowds not being "normal". I like to reply along the lines of "Of course not; if we were normal, we'd all be at home, watching the Tube."
This usually gets grins, and the topic is dropped. It's obvious to all of us that this is literally true. Statistically "normal" people don't do things; they watch other people doing things. If you're the one actually out there doing something, no matter what it is, you're part of a tiny minority. By the standards of the large majority, you aren't normal.
We don't know how many people actually read /., but one thing we can safely say is that the population that posts here is a very tiny minority of humanity. These people are actively taking part in a public conversation (even those who just post "Frist Psot!" ;-) So nothing you read here was written by a "normal" human being. We're all participants, not spectators, so we're not normal.
I learned to accept my abnormality decades ago. You can too. The first step is to publicly admit that you're not normal ...
There is some content on the Internet that "any normal human being would be offended by,"
I don't think I could write a better one-sentence example of institutional conformism. "Normal human beings" are a myth, ...
Nah; you just have to understand something that he left out: his definition of a "normal human being", which is "anyone who agrees with me".
Note that, by this definition, there exists at least one normal human being: Mr. Sibal himself.
And, in a bit of recursion, we might note that the above definition of "normal" is in fact the normal definition used by most people. So when I talk about normal people, we also know that there is at least one person who fits my definition.
Can I claim to be a normal human being who is offended by this proposal? Perhaps HE should be censored.
Certainly you can, and he should. This might be the most effective approach. Back when I was in college, there were a lot of complaints about the "pornographic" publications in the student bookstore. You know, Playboy, etc. The bookstore tried setting a policy of removing publications that more than N customers found offensive. When flocks of students started declaring that publications like Time and Newsweek were publishing offensive material, they had to quickly reverse that policy. The bottom line was that they kept selling Playboy, and the other "porn" magazines (like TIme and Newsweek ;-).
What we should do is ask for the URL where we can register that we find some site offensive. Then we go there and feed it links to stories about Mr. Sibal. We repeat this when others try the same thing in other countries.
A lot of these errors have been found in neuroscience journals, too, which fancies itself a harder science...
Actually, this is mostly a special case of a problem that's recognized in most scientific fields: Much scientific work (experimental or observational) has a statistical component, and scientists generally don't have as good an understanding of statistics as their work requires.
Statistics shares a common problem with other basic subject such as quantum theory, relativity, and chaos theory: They don't fit well with human "intuitive" concepts of how the world works. With quantum theory and relativity, this is fairly blatant, and people usually don't try to pretend to understand them until they've done some serious study. But with statistics (and chaos ;-), people tend to think they have at least a basic understanding of probability, and they also tend to think that that's all they need. They end up publishing data on the basis of output from packaged software that they don't understand well.
A while back, there was a discussion in a linguistic forum that I follow, about the Pirahã language which lacks words for numbers. As a way of explaining how people could survive without numbers, one contributor came up with an informative parallel: In the modern Western world, there are many important things (economics and climate are hot-topic examples) that can't be understood without an understanding of the important concepts of statistics. But one can easily argue that the dominant "modern" languages lack words for statistical concepts.
Nearly everyone will object that, for instance, English has well-known terms like "chance", "probability", "mean", "standard deviation", "correlation", etc. But, the author pointed out, these are "cargo-cult" terms, borrowed from an alien (i.e., scientific) language, with little or no actual understanding of their meanings by most of the native speakers of English. This is clear if you look for statistical terms in the English media, and figure out how they're being used. They are just magical terms used to sound convincing, but it's usually clear that the speaker/write doesn't actually understand their technical meaning. Similarly, "quantum" is a common English word, but it's common meaning is very nearly an antonym of the technical meaning in physics. Most English speakers have little or no understanding of the technical meanings of these terms
In the case of statistical terms, scientists do tend to have taken a course or two in college. But understanding is low, barely above the common understanding used in the media and politics. So it's not surprising that a good number of papers in many scientific fields claim results that don't strictly follow from the data. If there is any sampling done to get the data (and there usually is), it's likely that the conclusions came partly from an interpretation of some software's output that is based on a misunderstanding of the statistical terminology.
Of course, when you get to the pseudo-sciences and the political arena, this process isn't accidental. Statistical buzz-words are often used as part of the psychological weaponry, to convince readers/listeners of whatever the writer/speaker is trying to convince them of. This is often done with malice aforethought, knowing that the public has almost no understanding of statistics.