Remotely accessing parts of (many versions of) Windows written in JavaScript (!) without the user having to do almost anything (!) by granting what sounds like almost absolute privileges! Wow! How couldn't I want to know more about such an apocalypse-like situation? So, I took a look at the Google report linked by some comments above.
Apparently, it seems that they are provoking certain part of Windows Defender (which is triggered automatically by virtually any action on the target computer) to take a wrong input which it cannot gracefully manage. By quoting the aforementioned report:
Nscript supports "short" strings, with length and values contained in the handle and "long" strings with out-of-line memory. If the string is "long" (or appears to be due to type confusion), a vtable call is made to retrieve the length.
As I understand it, this isn't precisely an ideal situation although seems to belong to the kind of software-crashing-because-of-not-adequately-managing-all-scenarios problems. An assumption which seems to be confirmed in that same report when they say:
The attached proof of concept demonstrates this, but please be aware that downloading it will immediately crash MsMpEng in it's default configuration and possibly destabilize your system.
So, how is this weak point expected to be truly exploited? Are they only planning to provoke Windows Defender in random machines to crash and, eventually, the system to become unstable? This should certainly be looked at, but is it a real threat? Another part of this report seems to clarify this point further:
Integer handles are represented as four-byte values with the final bit set to one by the engine. The integer itself is left shifted by one bit, and the final bit set to create the handle. Handles to most objects, including strings are represented as the value of the pointer to the object with no modification. Therefore, this type confusion allows an integer to be specified and treated as pointer (though the bits need to shifted to get the correct value in the handle, and only odd pointer values are possible).
Are they implying that the only way of this attack to perform any action on the target computer (other than crashing Windows Defender) is to guess how a pointer might look like (by bearing in mind that they have to perform some bit-shifting actions and that only half of all the possible scenarios can be considered!)??!! How such a thing could ever by accomplished under absolutely any circumstance? Guessing the pointers of the objects in a (very complex) code from an external machine? This is orders of magnitude more complicated (actually, it can be considered plainly impossible) than exploiting a problem which I analysed in an old version of CoreRun.exe (used to test open-source modifications in one of the most basic.NET libraries) and my conclusion back then was that it wasn’t a threat! (Although Microsoft did modify this part a short time later; not sure if because of my public analysis, nobody said never anything to me. Anyone interested in all this can take a look at Project 8 in varocarbas.com).
This situation can also be described by using a perhaps-clearer-for-a-wider-audience SQL injection analogy: by assuming that you can access a database because its inputs aren't adequately sanitised (refer to the famous Little Bobby Tables study), you would need to know where to look at (e.g., table or column names), an action which is relatively easy when dealing with the most logical configuration of almost any database. But now imagine that you are accessing a database where the names of all the entities are randomly assigned and you have no way to know about their current values; in that scenario, how would accessing that database via injection be useful at all? Should the inputs be adequately sanitised and each single step should be done properly just in case and because developing properly-built-at-each-poi
My post wasn't meant to be focused on politics, much less in the US with the current president there, how he uses social media and my not-too-good actual knowledge about the whole situation there. In any case, note that I am a leftist who doesn't like Trump at all; certainly no fan of fanaticism-prone movements of any type and also not interested in starting a discussion about politics (look at some of my old posts to know about some of my ideas on this front and my intention of not talking about them anymore here).
I meant more abstract and long-term expectations, apparently not addressed to a specific group of people (US voters) and not meant to accomplish a specific short-term goal (US election), but for less clear reasons. Testing the actual social-media-manipulation effect? Contributing towards the appearance of fears towards certain people/countries? Too bored people getting some distraction? No idea. Just weird, curious and worth sharing.
I am reasonably sure that some people with lots of money are actively working on trying to somehow condition the feelings and fears of the masses via social media (e.g., over-promotion of isolated or even completely false events of violence or chaos). Just as an example, I have seen various "curious" global trends which, after a quick research, seemed to be almost exclusively triggered by accounts associated with certain online-positioning companies (note that validated/good-track-record accounts can get global trends easier) which, after a little further digging, seemed to also be related to certain bigger companies/millionaires.
Note that I am not too much into the paranoid conspiracy world and have an eminently practical attitude ("We have no online privacy? OK, I guess that I will have to accept this reality. I certainly don't agree with it and expect social pressure to gradually reduce abuses like this."). I am plainly sharing my objective impressions about some things which I have been seeing lately.
I will take advantage of all these ideas (+ my references in some other recent posts to having fully accepted the huge number of stupid people and the impossibility to help them understand even the simplest idea) to highlight that both my sites, customsolvers.com and varocarbas.com, get a surprisingly high number of visits (mostly bots but also what seem real people) from the weirdest places; sometimes visiting valid pages and other times what never was and never will be there. Nothing of this related at all with me, my business (custom software development) or any conscious action which I have ever performed. I also get a relevant number of crawling bots from sites/search-engines from countries/languages/fields which don't seem to make any sense either. Other relevant issue is that I continue getting a relevant number of "visitors" (bots visiting the same page over and over without doing anything else) looking for a tool which stopped being relevant to me quite a few years ago (whose name I will not write in order to precisely avoid further-promoting all this weirdness) or for the years-ago name of my main domain.
I think that all this isn't the consequence of pure chance on account of the huge relevance of this traffic with respect to the in-principle-logical one. Additionally, note that my sites aren’t meant to get a relevant number of visitors (I neither get a penny for visits nor sell any kind of product), random people finding them rarely become clients, virtually nobody gets in touch with me through them (even though the contact-form page gets a surprisingly high number of visits!). They are just meant to be a mere self-promotion of my skills and attitude, which potential clients might want to look at. Also bear in mind that I don't do any kind of SEO/positioning/marketing anything, although I gave a shot at some of these approaches for a short period years ago. In any case, I have never been involved in anything even partially dishonest (e.g., the aforementioned hidden-links from random sites) or spent relevant amounts of money on any online-visibility action.
I have never tried to carefully analyse all these weird issues in order to find a common pattern or acceptable explanation for all this nonsense. As said, I have plainly accepted stupidity as a sadly common reality.
Honestly, no idea. Dealing with something so extremely illegal has never (and will ever) be my business or my concern. But if I was in their shoes, I would make completely sure that only people who I fully trust know about the site. I would never post public (not even partially hidden, which are actually completely public) links anywhere. For what? For allowing a random bot to find the site?
(Side comment: I am currently running some public-web-backlink-counting bots and can confirm that these kind-of-hidden links are used by many sites to improve their visibility and are a big problem for me. When I developed the bots, I wasn't counting on this issue to be so common and that's why didn't come up with a way to avoid it; what, on the other hand, isn't too easy as far as I don't want to ignore kind-of-valid links like the ones associated with technical warnings, programming languages, GUI themes, etc.)
If I had to do anything on these lines, I would set a very weird URL (e.g., asdfasdfaserasrfeaseflalksjnflasrkjasr11111111144444444444888888888.onion) and distribute it exclusively among people I fully trust (ideally, handing it in person). That's why I was assuming in my first comment that random visitors finding the site should be virtually impossible.
Good clarification. On the other hand, there would always be the question of how a random innocent visitor could find "holyshitCP.onion" (or the more logical "121asdfasf1215454asfaflookinglegalstuff.onion") when only the carefully selected members of a small group should know about it.
I think that there is a line and this is a good example of it. They already know for sure that certain site is extremely illegal (everywhere and without a single but). They also know that accessing that site by accident is almost impossible, that people visiting it are most likely fully aware of its contents. And even under so extreme conditions, I only see acceptable to track visitors and label them as most-likely-offenders, but this assumption would need to be further validated on a case by case basis. I think that any change of these exact conditions would be either abuse or negligence. The line is very thin, but there is certainly a line.
Some people don't know where to draw the line. You cannot defend a right like protecting your privacy when trying to avoid the immediate violation of other peoples' much more important rights.
Logically, this should be done under very exceptional and fully-justified circumstances; and never preventively, systematically or arbitrarily. Not to mention that "law-enforcers"/governmental entities unfairly abusing this or any other power should be severely punished by each single unmotivated violation of any person's rights.
The conclusions of a model forecasting a non-deterministic phenomenon should always be taken as mere supporting information, helpful to make more educated decisions. Human understanding is way much more powerful than what any numerical model will be during the next quite a few years (ever?). Easily managing and summarising huge amounts of information is the only aspect where computers are ahead humans; its conclusion-drawing skills are still much weaker. Additionally, having actually-relevant information is a basic requirement for any model/person to output accurate conclusions.
Coming up with a model accounting for most of the relevant variables in a horse race would be virtually impossible (+ the quality of this information would also need to be very high). Even by assuming that you have all this information, creating an algorithm able to adequately maximise all of it would also be virtually impossible. But even in case of having all this place, the results of a sport event can be defined as almost-random (= not really suitable to be predicted). The objectively better team might lose even under ideal conditions or the outcome of a match might be decided by somehow-unfair aspects (referee) or force majeure (weather or players getting injured).
On the other hand, high-quality information and good numerical models might bring lots of valuable insights to adequately-understanding people. For example, it would be possible to clearly rank all the objective features of horses/riders to determine the ones which start the race under better conditions. It could be a much more accurate version of the conventional "this horse seems promising" impressions of an expert. But the final decision, knowing how to weight all the involved factors to determine the most likely outcome, should be delivered by a knowledgeable person.
These models are certainly useful here and virtually anywhere, but only for people with actual knowledge who take them as a source of additional information. Someone seriously thinking that just the mere analysis of past events can deliver an accurate estimate of future outcomes, mainly when dealing with too-complex/almost-random situations and relevant amounts of money, is too naive. A person thinking that such magical predictions might be publicly and generously given to everyone is plainly an idiot. Numerical models are just about maximising (certain kind of) available information, not about delivering perfect answers out of thin air.
I heard that the real reason was that the head programmer in their Silicon Valley branch (Jian Yang, worldwide known by his "JENIEEEEN!"-sounding bachmanism), preferred to focus on other projects. Something about water and animals; a new software to communicate with dolphins, perhaps?
Yes, it was pretty clear. In fact, I was looking at the corresponding site visitor logs in that moment and saw a couple of visits from this thread. It was just an excuse to somehow censure that pathetically arbitrary attack a bit more (some people have serious difficulties to understand too-many-word/complex ideas). I think that differentiating between the important and not-important-at-all parts in my comment is pretty easy; and I guess that focusing on the extremely irrelevant parts doesn't make too much sense, right? I mean not too much sense by assuming what a priori seems your intention of being helpful and constructively contributing to a conversation, right? Or perhaps, I am assuming too many things.
Let me put an easier example: in the sentence "by the way, I think that you should live and let live rather than arbitrarily bothering others. I understand that the increasing complexity of the world might be somehow overwhelming for a dishonest and insecure person whose only goal is being accepted, what can only happen within groups of very stupid people. But you should try to be honest, fair and respectful and will be surprised with the results; even the pieces of crap you call friends will respect your new attitude, because what dishonest, unfair idiots despise the most is precisely people like them! Even the most pathetically coward piece of shit will respect honest, fair and brave attitudes. Ironic, don't you think?". There are two types of persons: the ones reading this sentence, adequately understanding it (by asking as many questions as they need + doing some research) and acting accordingly (e.g., agreeing with it, disagreeing with it, wanting to discuss certain parts, etc.); and the ones plainly focusing on irrelevant parts (e.g., "why are you using 'by the way' at the start of the sentence when..."). What do you think that your comment is telling about your personality regarding this differentiation? To which group do you think that the aforementioned born-to-be-lied idiots belong?
To be completely honest with you, the exact motivation of your post doesn't seem too clear to me. Were you the AC? (Certainly not the person who modded me down although you might have other accounts and/or be part of some kind of group). Even in case of being that AC, the motivation of that first comment wouldn’t be clear. Why posting in a so secondary thread, after a so innocent-in-appearance post, reacting so aggressively (or passive-aggressively or ignorant-aggressively, not sure how to define your last comment)? It seems like you didn't find my comment by pure chance and/or answered it regardless of its author. It seems that you were especially interested in "answering" (= attacking) me. What might be your motivation to do such a thing? Your nick, the "nuke" part, might be kind of helpful to understand this point. Note that I have recently participated in a fusion-related thread where quite a few fanatics seemed to think that their stupid nonsense had anything to do with me; there I got my first enemy (or foe or freak obsessed with me) ever, not just in Slashdot, in general; at least, the first one clearly telling me so! All this is certainly curious(ly sad)! But as said in my first comment here, I now fully accept the sad reality and that's why I will not try to help anyone understand. This post is more about bothering a bit + providing a clear picture about myself to future non-stupid readers:)
?! You mean my main webpage (customsolver.com), my secondary webpage (varocarbas.com) or the description in my profile here? What part is more confusing for your evident limited understanding skills (a frustration which you seem to release via arbitrary attacking people you don't know).
BTW, what you mean with giving up? I haven't given up on anything! I have plainly accepted that some people (like you) are too stupid to understand anything no matter how hard I try to help them understand (perhaps, eventually, some day they might get something right). That's why there are spammers, scammers, liars, people-like-you-arbitrarily-getting-offended-and-COWARDLY-attacking-another-person, etc. all these are just the answer to the infinite stupidity resources. Your attitude is precisely what explains why all these things exist; and am not giving up on you, I plainly accept that you are meant to be cheated, lied, tricked, etc. (perhaps because you would do the same thing; perhaps because this is an easier option for you than getting a deeper understanding; perhaps because you don't know any better; no idea why) and that no matter what I do, nothing will change (other than me getting tired and disappointed). I haven't given up on anything, have just accepted the reality and started living accordingly (= as far from stupids and their nonsense as I can).
... and, some years ago, I was seriously thinking that should fight it, that I could contribute towards its eradication. How could a stupidity-based method succeed?
I was sooo naive and spammers were way ahead of me in the adequate understanding of the sad real nature of most of people: they are intrinsically idiots; idiots who feel safer among idiots and idiocy; idiots who prefer to complain about not understanding, being afraid, being fooled, etc. than making the slightest effort to actually understand.
Now, I do understand stupidity much better than before. That's why I also understand why spam (and many other things) exist, will continue existing and I shouldn’t spend even a second of my life by trying to change that reality. I will always fight for what is right, but stupidity-related stuff isn’t a concern for me anymore. Now, I plainly accept it, its unfixable essence and, eventually, enjoy it.
What is your exact problem? Cannot you get a nice "let's avoid problems and just deal with people like us"? I even wrote a summary clearly explaining my position to everyone: https://slashdot.org/comments.....
Do you prefer a different version? OK, here it goes: I think that you and all the other people getting arbitrarily angry with me and/or misunderstanding each single word I said are stupid, quite fanatic (+ coward) and extremely ignorant. Each of my explanations was provoked by your limited understanding capabilities (not sure if intentionally; perhaps you are too dumb/ignorant or perhaps you are plainly a fanatic wanting a specific nonsense to prevail via obsessive repetitions of extremely misleading information). Just the fact of you not understanding my words adequately, just the first clarification you and your pals needed was enough for me to not want to talk to you anymore. I was nice by spending my time explaining what I consider extremely evident for anyone with basic physics and/or general understanding skills; a gesture which you have repaid me by getting involved in an endless loop of misunderstanding-prone obsessive repetitions of pure nonsense, further confirming your limited knowledge on many fronts.
Do you want me to go even further? OK. I have seen this kind of obsessive, aggressive, tremendously-ignorant-but-seriously-thinking-to-be-knowledgeable attitudes various times in Slashdot and in other places; and every time it was when dealing with the same "fields of knowledge": modern physics, quantum whatever, relativity whatever, etc. The kind of sick attitudes provoking two innocent (perhaps a bit too aggressive and too clear, but proper-understanding-prone and clearly meant to help and to get involved in a constructive discussions) comments to grow into a recursive set of misunderstandings of each single word across multiple other comments. I have always shown the same attitude here and anywhere else and only got reactions of this kind in these specific situations! All this makes me think that there are quite a few people with attitudes very far from what I consider scientific (although very similar to what I think that can be found in religious and/or group-thinking organisation/sects) in certain fields. In fact and although I am quite generic-prejudice-free person who traditionally had a quite good perception of physicists, I am starting to think twice before assuming that something coming from (theoretical) physics is reliable, true and even actually-scientific.
I have read only the first line of your comment; exactly the same than what I did with quite a few previous ones from you and/or others like you in this thread. As said in my aforementioned aftermath post, I am not afraid of any kind of person (and/or fanatic) and I will never allow aggressive nonsense to succeed when I am around. I have plainly accepted that you/your whole world has only one thing for me: sadness. Please, stop being sad and stop getting angry with a person plainly ignoring you and all your concerns. BTW, if you want to know a bit more about the first moment when I stopped taking certain people and ideas seriously, you might want to take a look at the only article which I have submitted here. It refers to a small research which I did quite a few years ago (while studying actual physics/engineering/science), but made public only two years ago (not exactly saying that I regret it, but I would have preferred to never witness certainly reactions). Feel free to read it as slowly as you need because it will be there for a very long time. Please, don't talk to me ever again.
After seeing the video with so many smiling faces basically doing cool-looking anything, I cannot even imagine how anyone could cheat. Some of the students didn't accept the terms of the cool site from where they downloaded the cool videos submitted to their assignments? Were some of the smiles in the evaluation provoked by beyond-acceptable amounts of alcohol/drugs? Or perhaps some of them cheated in the tough cool-and-serious-looking-while-holding-a-laptop part by taking forbidden yoga lessons? Poor students! Their daddies might reduce their monthly allowance by over $5000! They might even have to be in the university for another whole semester before the company they want hire them to do the "work" they feel like doing!
Note that I am not anti- rich, spoiled, living-in-a-bubble, etc. people for as long as they accept themselves and don’t unfairly affect others. But what I saw in that video was too much! How can anyone think that all this is appealing and/or related to college-computer-anything at all?
As said, teaching kids isn't my work. If experts consider that learning Scratch is better, I guess that I would agree with them. I was just trying to highlight that learning the actual applicability of the given knowledge is also very important. People with a distorted perception of the real value of their knowledge might be even more problematic than those not having that knowledge.
Just take it for what it really is: a means of lowering the barrier of entry of a greater knowledge domain.
This was precisely the whole point of my post: teaching kids whatever but by making sure that they are fully aware about the exact value of what they are learning, about the actual applicability of that knowledge outside the class. For example, when learning Scratch they should know that they will never be able do anything relevant with it, that it is more a toy than a tool.
While giving a programming advice to an anonymous, probably-native-English-speaker someone, I said something about writing the code from scratch and that person answered "No. I want to learn a proper language". Back then I didn't even know what this Scratch was, apparently an extremely limited environment for kids to play. What puzzled me of this association of "from scratch" with a so unrelated-to-programming toy was how easily a so wrong idea appeared as evident. The programming knowledge of that person (as per our short conversation) was extremely low, most likely non-existent; but s/he wasn't aware about that fact, perhaps because of having once used this Scratch thing and assuming that this was all what programming was. I don’t remember the exact question, but it was a very simple concept like why the loop was showing 2 in the second iteration? who wasn’t able to grasp despite my explanations; was expecting an even simpler explanation?!.
I cannot be against what I don't know (as said, never really used that thing) and much less regarding a field outside my expertise like educating kids, but am certainly against pseudo-/partially-/dishonestly-educating people by over-simplifying what isn't simple. This is especially important in fields like programming, which are usually associated with long learning periods and where only certain types of personalities tend to succeed. Knowing a bit of everything sounds good to me, but only within the right context (e.g., real-life applicability of that knowledge).
"I swear that the consequences will be horrible!! Never even think about doing that!". I said it before and say it again: piracy is clearly winning. At least, this is what the big corporations think by expecting their greedy and detached from reality gains to be maintained no matter what. They are being so short-sighted that seriously believe that forcing consumers to do what they want is an option, that they are actually in charge!!
And how are they expecting all the viewers to know if they are actually doing what the authors want? Shall I do a deep research about a given film, the distributing companies, its author, review all the associated legal documentation, etc. before starting watching it? And what about if I make an error or get fouled by a dark-hearted projectionist and involuntarily watch an illegal movie? And what about if a given site is doing everything legally in appearance form, but they are actually pirating? And what about if various parties claim that they are doing the right thing? How can I, as a user, care about all this and be eventually responsible for it?
Or even better, how are they expecting to apply such a nonsense? According to some surveys, around half of the population is regularly enjoying pirated multimedia content, are they planning to put half of (UK's) population in jail for 10 years? Wouldn't that provoke a much higher expense (for big companies/capital and for everyone)? Just having one person in jail or even just going through the judicial process might imply serious expenses not just for that person, but also for the local/regional/national government. So, that person isn't paying £5 for a movie and, to compensate it, you provoke an additional £100 and this person (+ other persons not liking all this) doing all what is in their hands to never pay again. Yes, this seems a perfectly logical, realistic and sensible proceeding. I am now so afraid of what might happen that will stop consuming any kind of audiovisual material, just in case. LOL.
DISCLAIMER: I am not defending piracy, but common sense, honesty and fairness. I am also showing the only logical-to-me behaviour against mobster-wannabes trying to scare people as a way to allow their unreasonable expectations to prevail: making fun of their ridiculous nonsense.
Just in case there is even the slightest doubt: I have tons of experience in algorithm optimisation and even in Fortran (although this issue is quite secondary). Honestly, I don't like contests of this kind too much, but I would have loved taking part in this one. In fact, this is pretty much my ideal work: being paid to (over-)optimise algorithms and/or data management; the more complex the situation, the better.
Nowadays? When dealing with a complex piece of software about which nobody else will probably care? When trying to optimise very specific parts which were most likely developed by applying well-known theories?
Come on! This is the worst kind of discrimination! This is discrimination against me! LOL
No expense other than a temporary ding on their reputation
For a company like IBM, mainly nowadays, reputation is a lot, almost everything. In fact, knowing that the company was IBM had a notable contribution to my initial surprise.
This sounds much more like the typical behaviour of a company. I didn't read the article. IBM voluntarily recognising something like that sounded too weird, but what can I say? In case of doubt, I prefer to think that someone might have acted with good faith.
Slashdot Mirror
Apparently, it seems that they are provoking certain part of Windows Defender (which is triggered automatically by virtually any action on the target computer) to take a wrong input which it cannot gracefully manage. By quoting the aforementioned report:
Nscript supports "short" strings, with length and values contained in the handle and "long" strings with out-of-line memory. If the string is "long" (or appears to be due to type confusion), a vtable call is made to retrieve the length.
As I understand it, this isn't precisely an ideal situation although seems to belong to the kind of software-crashing-because-of-not-adequately-managing-all-scenarios problems. An assumption which seems to be confirmed in that same report when they say:
The attached proof of concept demonstrates this, but please be aware that downloading it will immediately crash MsMpEng in it's default configuration and possibly destabilize your system.
So, how is this weak point expected to be truly exploited? Are they only planning to provoke Windows Defender in random machines to crash and, eventually, the system to become unstable? This should certainly be looked at, but is it a real threat? Another part of this report seems to clarify this point further:
Integer handles are represented as four-byte values with the final bit set to one by the engine. The integer itself is left shifted by one bit, and the final bit set to create the handle. Handles to most objects, including strings are represented as the value of the pointer to the object with no modification. Therefore, this type confusion allows an integer to be specified and treated as pointer (though the bits need to shifted to get the correct value in the handle, and only odd pointer values are possible).
Are they implying that the only way of this attack to perform any action on the target computer (other than crashing Windows Defender) is to guess how a pointer might look like (by bearing in mind that they have to perform some bit-shifting actions and that only half of all the possible scenarios can be considered!)??!! How such a thing could ever by accomplished under absolutely any circumstance? Guessing the pointers of the objects in a (very complex) code from an external machine? This is orders of magnitude more complicated (actually, it can be considered plainly impossible) than exploiting a problem which I analysed in an old version of CoreRun.exe (used to test open-source modifications in one of the most basic .NET libraries) and my conclusion back then was that it wasn’t a threat! (Although Microsoft did modify this part a short time later; not sure if because of my public analysis, nobody said never anything to me. Anyone interested in all this can take a look at Project 8 in varocarbas.com).
This situation can also be described by using a perhaps-clearer-for-a-wider-audience SQL injection analogy: by assuming that you can access a database because its inputs aren't adequately sanitised (refer to the famous Little Bobby Tables study), you would need to know where to look at (e.g., table or column names), an action which is relatively easy when dealing with the most logical configuration of almost any database. But now imagine that you are accessing a database where the names of all the entities are randomly assigned and you have no way to know about their current values; in that scenario, how would accessing that database via injection be useful at all? Should the inputs be adequately sanitised and each single step should be done properly just in case and because developing properly-built-at-each-poi
My post wasn't meant to be focused on politics, much less in the US with the current president there, how he uses social media and my not-too-good actual knowledge about the whole situation there. In any case, note that I am a leftist who doesn't like Trump at all; certainly no fan of fanaticism-prone movements of any type and also not interested in starting a discussion about politics (look at some of my old posts to know about some of my ideas on this front and my intention of not talking about them anymore here).
I meant more abstract and long-term expectations, apparently not addressed to a specific group of people (US voters) and not meant to accomplish a specific short-term goal (US election), but for less clear reasons. Testing the actual social-media-manipulation effect? Contributing towards the appearance of fears towards certain people/countries? Too bored people getting some distraction? No idea. Just weird, curious and worth sharing.
In case there is even the slightest doubt, I meant Twitter global trends.
I am reasonably sure that some people with lots of money are actively working on trying to somehow condition the feelings and fears of the masses via social media (e.g., over-promotion of isolated or even completely false events of violence or chaos). Just as an example, I have seen various "curious" global trends which, after a quick research, seemed to be almost exclusively triggered by accounts associated with certain online-positioning companies (note that validated/good-track-record accounts can get global trends easier) which, after a little further digging, seemed to also be related to certain bigger companies/millionaires.
Note that I am not too much into the paranoid conspiracy world and have an eminently practical attitude ("We have no online privacy? OK, I guess that I will have to accept this reality. I certainly don't agree with it and expect social pressure to gradually reduce abuses like this."). I am plainly sharing my objective impressions about some things which I have been seeing lately.
I will take advantage of all these ideas (+ my references in some other recent posts to having fully accepted the huge number of stupid people and the impossibility to help them understand even the simplest idea) to highlight that both my sites, customsolvers.com and varocarbas.com, get a surprisingly high number of visits (mostly bots but also what seem real people) from the weirdest places; sometimes visiting valid pages and other times what never was and never will be there. Nothing of this related at all with me, my business (custom software development) or any conscious action which I have ever performed. I also get a relevant number of crawling bots from sites/search-engines from countries/languages/fields which don't seem to make any sense either. Other relevant issue is that I continue getting a relevant number of "visitors" (bots visiting the same page over and over without doing anything else) looking for a tool which stopped being relevant to me quite a few years ago (whose name I will not write in order to precisely avoid further-promoting all this weirdness) or for the years-ago name of my main domain.
I think that all this isn't the consequence of pure chance on account of the huge relevance of this traffic with respect to the in-principle-logical one. Additionally, note that my sites aren’t meant to get a relevant number of visitors (I neither get a penny for visits nor sell any kind of product), random people finding them rarely become clients, virtually nobody gets in touch with me through them (even though the contact-form page gets a surprisingly high number of visits!). They are just meant to be a mere self-promotion of my skills and attitude, which potential clients might want to look at. Also bear in mind that I don't do any kind of SEO/positioning/marketing anything, although I gave a shot at some of these approaches for a short period years ago. In any case, I have never been involved in anything even partially dishonest (e.g., the aforementioned hidden-links from random sites) or spent relevant amounts of money on any online-visibility action.
I have never tried to carefully analyse all these weird issues in order to find a common pattern or acceptable explanation for all this nonsense. As said, I have plainly accepted stupidity as a sadly common reality.
Honestly, no idea. Dealing with something so extremely illegal has never (and will ever) be my business or my concern. But if I was in their shoes, I would make completely sure that only people who I fully trust know about the site. I would never post public (not even partially hidden, which are actually completely public) links anywhere. For what? For allowing a random bot to find the site?
(Side comment: I am currently running some public-web-backlink-counting bots and can confirm that these kind-of-hidden links are used by many sites to improve their visibility and are a big problem for me. When I developed the bots, I wasn't counting on this issue to be so common and that's why didn't come up with a way to avoid it; what, on the other hand, isn't too easy as far as I don't want to ignore kind-of-valid links like the ones associated with technical warnings, programming languages, GUI themes, etc.)
If I had to do anything on these lines, I would set a very weird URL (e.g., asdfasdfaserasrfeaseflalksjnflasrkjasr11111111144444444444888888888.onion) and distribute it exclusively among people I fully trust (ideally, handing it in person). That's why I was assuming in my first comment that random visitors finding the site should be virtually impossible.
Good clarification. On the other hand, there would always be the question of how a random innocent visitor could find "holyshitCP.onion" (or the more logical "121asdfasf1215454asfaflookinglegalstuff.onion") when only the carefully selected members of a small group should know about it.
There is no line.
I think that there is a line and this is a good example of it. They already know for sure that certain site is extremely illegal (everywhere and without a single but). They also know that accessing that site by accident is almost impossible, that people visiting it are most likely fully aware of its contents. And even under so extreme conditions, I only see acceptable to track visitors and label them as most-likely-offenders, but this assumption would need to be further validated on a case by case basis. I think that any change of these exact conditions would be either abuse or negligence. The line is very thin, but there is certainly a line.
Some people don't know where to draw the line. You cannot defend a right like protecting your privacy when trying to avoid the immediate violation of other peoples' much more important rights.
Logically, this should be done under very exceptional and fully-justified circumstances; and never preventively, systematically or arbitrarily. Not to mention that "law-enforcers"/governmental entities unfairly abusing this or any other power should be severely punished by each single unmotivated violation of any person's rights.
The conclusions of a model forecasting a non-deterministic phenomenon should always be taken as mere supporting information, helpful to make more educated decisions. Human understanding is way much more powerful than what any numerical model will be during the next quite a few years (ever?). Easily managing and summarising huge amounts of information is the only aspect where computers are ahead humans; its conclusion-drawing skills are still much weaker. Additionally, having actually-relevant information is a basic requirement for any model/person to output accurate conclusions.
Coming up with a model accounting for most of the relevant variables in a horse race would be virtually impossible (+ the quality of this information would also need to be very high). Even by assuming that you have all this information, creating an algorithm able to adequately maximise all of it would also be virtually impossible. But even in case of having all this place, the results of a sport event can be defined as almost-random (= not really suitable to be predicted). The objectively better team might lose even under ideal conditions or the outcome of a match might be decided by somehow-unfair aspects (referee) or force majeure (weather or players getting injured).
On the other hand, high-quality information and good numerical models might bring lots of valuable insights to adequately-understanding people. For example, it would be possible to clearly rank all the objective features of horses/riders to determine the ones which start the race under better conditions. It could be a much more accurate version of the conventional "this horse seems promising" impressions of an expert. But the final decision, knowing how to weight all the involved factors to determine the most likely outcome, should be delivered by a knowledgeable person.
These models are certainly useful here and virtually anywhere, but only for people with actual knowledge who take them as a source of additional information. Someone seriously thinking that just the mere analysis of past events can deliver an accurate estimate of future outcomes, mainly when dealing with too-complex/almost-random situations and relevant amounts of money, is too naive. A person thinking that such magical predictions might be publicly and generously given to everyone is plainly an idiot. Numerical models are just about maximising (certain kind of) available information, not about delivering perfect answers out of thin air.
I heard that the real reason was that the head programmer in their Silicon Valley branch (Jian Yang, worldwide known by his "JENIEEEEN!"-sounding bachmanism), preferred to focus on other projects. Something about water and animals; a new software to communicate with dolphins, perhaps?
Yes, it was pretty clear. In fact, I was looking at the corresponding site visitor logs in that moment and saw a couple of visits from this thread. It was just an excuse to somehow censure that pathetically arbitrary attack a bit more (some people have serious difficulties to understand too-many-word/complex ideas). I think that differentiating between the important and not-important-at-all parts in my comment is pretty easy; and I guess that focusing on the extremely irrelevant parts doesn't make too much sense, right? I mean not too much sense by assuming what a priori seems your intention of being helpful and constructively contributing to a conversation, right? Or perhaps, I am assuming too many things.
:)
Let me put an easier example: in the sentence "by the way, I think that you should live and let live rather than arbitrarily bothering others. I understand that the increasing complexity of the world might be somehow overwhelming for a dishonest and insecure person whose only goal is being accepted, what can only happen within groups of very stupid people. But you should try to be honest, fair and respectful and will be surprised with the results; even the pieces of crap you call friends will respect your new attitude, because what dishonest, unfair idiots despise the most is precisely people like them! Even the most pathetically coward piece of shit will respect honest, fair and brave attitudes. Ironic, don't you think?". There are two types of persons: the ones reading this sentence, adequately understanding it (by asking as many questions as they need + doing some research) and acting accordingly (e.g., agreeing with it, disagreeing with it, wanting to discuss certain parts, etc.); and the ones plainly focusing on irrelevant parts (e.g., "why are you using 'by the way' at the start of the sentence when..."). What do you think that your comment is telling about your personality regarding this differentiation? To which group do you think that the aforementioned born-to-be-lied idiots belong?
To be completely honest with you, the exact motivation of your post doesn't seem too clear to me. Were you the AC? (Certainly not the person who modded me down although you might have other accounts and/or be part of some kind of group). Even in case of being that AC, the motivation of that first comment wouldn’t be clear. Why posting in a so secondary thread, after a so innocent-in-appearance post, reacting so aggressively (or passive-aggressively or ignorant-aggressively, not sure how to define your last comment)? It seems like you didn't find my comment by pure chance and/or answered it regardless of its author. It seems that you were especially interested in "answering" (= attacking) me. What might be your motivation to do such a thing? Your nick, the "nuke" part, might be kind of helpful to understand this point. Note that I have recently participated in a fusion-related thread where quite a few fanatics seemed to think that their stupid nonsense had anything to do with me; there I got my first enemy (or foe or freak obsessed with me) ever, not just in Slashdot, in general; at least, the first one clearly telling me so! All this is certainly curious(ly sad)! But as said in my first comment here, I now fully accept the sad reality and that's why I will not try to help anyone understand. This post is more about bothering a bit + providing a clear picture about myself to future non-stupid readers
?! You mean my main webpage (customsolver.com), my secondary webpage (varocarbas.com) or the description in my profile here? What part is more confusing for your evident limited understanding skills (a frustration which you seem to release via arbitrary attacking people you don't know).
BTW, what you mean with giving up? I haven't given up on anything! I have plainly accepted that some people (like you) are too stupid to understand anything no matter how hard I try to help them understand (perhaps, eventually, some day they might get something right). That's why there are spammers, scammers, liars, people-like-you-arbitrarily-getting-offended-and-COWARDLY-attacking-another-person, etc. all these are just the answer to the infinite stupidity resources. Your attitude is precisely what explains why all these things exist; and am not giving up on you, I plainly accept that you are meant to be cheated, lied, tricked, etc. (perhaps because you would do the same thing; perhaps because this is an easier option for you than getting a deeper understanding; perhaps because you don't know any better; no idea why) and that no matter what I do, nothing will change (other than me getting tired and disappointed). I haven't given up on anything, have just accepted the reality and started living accordingly (= as far from stupids and their nonsense as I can).
... and, some years ago, I was seriously thinking that should fight it, that I could contribute towards its eradication. How could a stupidity-based method succeed?
I was sooo naive and spammers were way ahead of me in the adequate understanding of the sad real nature of most of people: they are intrinsically idiots; idiots who feel safer among idiots and idiocy; idiots who prefer to complain about not understanding, being afraid, being fooled, etc. than making the slightest effort to actually understand.
Now, I do understand stupidity much better than before. That's why I also understand why spam (and many other things) exist, will continue existing and I shouldn’t spend even a second of my life by trying to change that reality. I will always fight for what is right, but stupidity-related stuff isn’t a concern for me anymore. Now, I plainly accept it, its unfixable essence and, eventually, enjoy it.
What is your exact problem? Cannot you get a nice "let's avoid problems and just deal with people like us"? I even wrote a summary clearly explaining my position to everyone: https://slashdot.org/comments.....
Do you prefer a different version? OK, here it goes: I think that you and all the other people getting arbitrarily angry with me and/or misunderstanding each single word I said are stupid, quite fanatic (+ coward) and extremely ignorant. Each of my explanations was provoked by your limited understanding capabilities (not sure if intentionally; perhaps you are too dumb/ignorant or perhaps you are plainly a fanatic wanting a specific nonsense to prevail via obsessive repetitions of extremely misleading information). Just the fact of you not understanding my words adequately, just the first clarification you and your pals needed was enough for me to not want to talk to you anymore. I was nice by spending my time explaining what I consider extremely evident for anyone with basic physics and/or general understanding skills; a gesture which you have repaid me by getting involved in an endless loop of misunderstanding-prone obsessive repetitions of pure nonsense, further confirming your limited knowledge on many fronts.
Do you want me to go even further? OK. I have seen this kind of obsessive, aggressive, tremendously-ignorant-but-seriously-thinking-to-be-knowledgeable attitudes various times in Slashdot and in other places; and every time it was when dealing with the same "fields of knowledge": modern physics, quantum whatever, relativity whatever, etc. The kind of sick attitudes provoking two innocent (perhaps a bit too aggressive and too clear, but proper-understanding-prone and clearly meant to help and to get involved in a constructive discussions) comments to grow into a recursive set of misunderstandings of each single word across multiple other comments. I have always shown the same attitude here and anywhere else and only got reactions of this kind in these specific situations! All this makes me think that there are quite a few people with attitudes very far from what I consider scientific (although very similar to what I think that can be found in religious and/or group-thinking organisation/sects) in certain fields. In fact and although I am quite generic-prejudice-free person who traditionally had a quite good perception of physicists, I am starting to think twice before assuming that something coming from (theoretical) physics is reliable, true and even actually-scientific.
I have read only the first line of your comment; exactly the same than what I did with quite a few previous ones from you and/or others like you in this thread. As said in my aforementioned aftermath post, I am not afraid of any kind of person (and/or fanatic) and I will never allow aggressive nonsense to succeed when I am around. I have plainly accepted that you/your whole world has only one thing for me: sadness. Please, stop being sad and stop getting angry with a person plainly ignoring you and all your concerns. BTW, if you want to know a bit more about the first moment when I stopped taking certain people and ideas seriously, you might want to take a look at the only article which I have submitted here. It refers to a small research which I did quite a few years ago (while studying actual physics/engineering/science), but made public only two years ago (not exactly saying that I regret it, but I would have preferred to never witness certainly reactions). Feel free to read it as slowly as you need because it will be there for a very long time. Please, don't talk to me ever again.
After seeing the video with so many smiling faces basically doing cool-looking anything, I cannot even imagine how anyone could cheat. Some of the students didn't accept the terms of the cool site from where they downloaded the cool videos submitted to their assignments? Were some of the smiles in the evaluation provoked by beyond-acceptable amounts of alcohol/drugs? Or perhaps some of them cheated in the tough cool-and-serious-looking-while-holding-a-laptop part by taking forbidden yoga lessons? Poor students! Their daddies might reduce their monthly allowance by over $5000! They might even have to be in the university for another whole semester before the company they want hire them to do the "work" they feel like doing!
Note that I am not anti- rich, spoiled, living-in-a-bubble, etc. people for as long as they accept themselves and don’t unfairly affect others. But what I saw in that video was too much! How can anyone think that all this is appealing and/or related to college-computer-anything at all?
As said, teaching kids isn't my work. If experts consider that learning Scratch is better, I guess that I would agree with them. I was just trying to highlight that learning the actual applicability of the given knowledge is also very important. People with a distorted perception of the real value of their knowledge might be even more problematic than those not having that knowledge.
Just take it for what it really is: a means of lowering the barrier of entry of a greater knowledge domain.
This was precisely the whole point of my post: teaching kids whatever but by making sure that they are fully aware about the exact value of what they are learning, about the actual applicability of that knowledge outside the class. For example, when learning Scratch they should know that they will never be able do anything relevant with it, that it is more a toy than a tool.
While giving a programming advice to an anonymous, probably-native-English-speaker someone, I said something about writing the code from scratch and that person answered "No. I want to learn a proper language". Back then I didn't even know what this Scratch was, apparently an extremely limited environment for kids to play. What puzzled me of this association of "from scratch" with a so unrelated-to-programming toy was how easily a so wrong idea appeared as evident. The programming knowledge of that person (as per our short conversation) was extremely low, most likely non-existent; but s/he wasn't aware about that fact, perhaps because of having once used this Scratch thing and assuming that this was all what programming was. I don’t remember the exact question, but it was a very simple concept like why the loop was showing 2 in the second iteration? who wasn’t able to grasp despite my explanations; was expecting an even simpler explanation?!.
I cannot be against what I don't know (as said, never really used that thing) and much less regarding a field outside my expertise like educating kids, but am certainly against pseudo-/partially-/dishonestly-educating people by over-simplifying what isn't simple. This is especially important in fields like programming, which are usually associated with long learning periods and where only certain types of personalities tend to succeed. Knowing a bit of everything sounds good to me, but only within the right context (e.g., real-life applicability of that knowledge).
"I swear that the consequences will be horrible!! Never even think about doing that!". I said it before and say it again: piracy is clearly winning. At least, this is what the big corporations think by expecting their greedy and detached from reality gains to be maintained no matter what. They are being so short-sighted that seriously believe that forcing consumers to do what they want is an option, that they are actually in charge!!
And how are they expecting all the viewers to know if they are actually doing what the authors want? Shall I do a deep research about a given film, the distributing companies, its author, review all the associated legal documentation, etc. before starting watching it? And what about if I make an error or get fouled by a dark-hearted projectionist and involuntarily watch an illegal movie? And what about if a given site is doing everything legally in appearance form, but they are actually pirating? And what about if various parties claim that they are doing the right thing? How can I, as a user, care about all this and be eventually responsible for it?
Or even better, how are they expecting to apply such a nonsense? According to some surveys, around half of the population is regularly enjoying pirated multimedia content, are they planning to put half of (UK's) population in jail for 10 years? Wouldn't that provoke a much higher expense (for big companies/capital and for everyone)? Just having one person in jail or even just going through the judicial process might imply serious expenses not just for that person, but also for the local/regional/national government. So, that person isn't paying £5 for a movie and, to compensate it, you provoke an additional £100 and this person (+ other persons not liking all this) doing all what is in their hands to never pay again. Yes, this seems a perfectly logical, realistic and sensible proceeding. I am now so afraid of what might happen that will stop consuming any kind of audiovisual material, just in case. LOL.
DISCLAIMER: I am not defending piracy, but common sense, honesty and fairness. I am also showing the only logical-to-me behaviour against mobster-wannabes trying to scare people as a way to allow their unreasonable expectations to prevail: making fun of their ridiculous nonsense.
Just in case there is even the slightest doubt: I have tons of experience in algorithm optimisation and even in Fortran (although this issue is quite secondary). Honestly, I don't like contests of this kind too much, but I would have loved taking part in this one. In fact, this is pretty much my ideal work: being paid to (over-)optimise algorithms and/or data management; the more complex the situation, the better.
Nowadays? When dealing with a complex piece of software about which nobody else will probably care? When trying to optimise very specific parts which were most likely developed by applying well-known theories?
Come on! This is the worst kind of discrimination! This is discrimination against me! LOL
He is too busy cleaning in Philly.
No expense other than a temporary ding on their reputation
For a company like IBM, mainly nowadays, reputation is a lot, almost everything. In fact, knowing that the company was IBM had a notable contribution to my initial surprise.
Brave my ass. They were called out.
This sounds much more like the typical behaviour of a company. I didn't read the article. IBM voluntarily recognising something like that sounded too weird, but what can I say? In case of doubt, I prefer to think that someone might have acted with good faith.