Except when the big correction comes and you lose 90% of it, and 10 years later still have not recovered. I know quite a few people who have taken to working in old age because their 401(k) funds became worthless. That's a black swan event, but it happens. The market was simply overbought.
Over the last 60 years, stocks have returned an 8% compound return - through all the dips and bumps and whatever. There is no subperiod you could be talking about (longer than 10 years) where stocks wouldn't have done well. So either your anecdote people weren't in for long enough (and only saw a dip) or were actively/narrowly trading and swerving to avoid profit.
There's a lot more money on paper than there is actual, accessible money; and for you to get your money on paper, somebody has to give you their actual, real, physical dollars.
We could say this about any non-cash asset. We could say this about your bank account - the bank doesn't have nearly enough money to pay out everyone's accounts if everyone wanted their money out. Liquidity is not an all or none thing. Stocks, over a long time, have proven to be very liquid. And the core of their valuation - the ability of a company to create value - is more stable than most other asset classes.
We can change this dynamic by bringing more dollars into the game: Jake or Tim pony up more money in the bidding war
There's plenty of other ways money effectively enters the market. Companies pay dividends to investors. They buy back shares. Public companies are bought or liquidated. The reason stocks are worth money is because companies create value; they did that, and were worth money, before there were stock markets. Owning part of a company isn't just trading baseball cards for companies you like, it's owning a productive asset - and that's why companies are largely evaluated by their price/earnings.
Nobody who has any understanding of economics thinks it's a zero sum game.
If I had $500,000 right now, in cash, I could simply retire.
In your ridiculous fantasy, how much interest are you getting back over inflation? How much are you spending a year? There's no way it adds up to anything like "luxury".
Oh my god are you KIDDING ME?! This again?!
So yeah... actually, don't answer those questions, because you've obviously already tuned out. I know you're proud of your sad, average financial achievements, but you don't understand any of this (really, honestly, this is very clear) and don't seem keen on learning. I mean, from your comment there, clearly people have tried to explain this to you before. And you can see, in thousands of ways all around you, that reality disagrees with your views on this.
But you've decided that you've got this all sorted out better than people who have more experience, money, and understanding. One day perhaps you'll figure some stuff out, but I don't think it'll be through someone's rational explanation - so I give up.
401(k) is a place to play the market, which is a lot like playing poker: it's not the cards and the luck that make you win or lose, but rather the other players shaking your inexperienced ass down so you make bad decisions and lose all your cash.
It's not really much like poker, because it's not a zero sum game. Stock value has gone up fairly steadily over a century. Sure you can find ways to lose money if you're trading actively and poorly, but passive stock investment has outperformed other investment options consistently for a long time.
To be clear, I'm kind of "you in the future". I paid off my first house when I was 28 or so; I also started investing in stocks. The money in stocks did a lot better than the money that paid down my mortgage (you can measure this easily; interest is interest - and when mortgage interest rates are as low as they are, they're not hard to beat). It's riskier too, but when you're young is the right time to be taking that kind of risk (assuming you have your basic obligations covered); over time, stocks will win out, so they're the right choice for long term investment even if they may entail short term setbacks.
I mean, say 5 years ago today you had put $50,000 into a vanilla ETF (we'll say QQQ). You'd currently have $128,860. I didn't cherry pick that or something, I just picked a round number time frame and an extremely common ETF. In the same time as you gained $78,000 on stocks, you could have, instead, saved $10,000 of interest on a 4% mortgage.
That's not to say that there isn't other things worth doing. Maybe you want more education or windows or who knows what. Lots of things can make sense. But eventually, you'll almost certainly want money in the stock market if you're ever going to retire.
I agree she was probably well meaning to start - but she was also dangerously irresponsible.
And now I think she understands she was at least partly wrong - but instead of coming out and saying "Hey, I got some stuff wrong about vaccines and autism and autism treatment", which I think could really help sway some people in a positive way, she's equivocating.
In terms of "how should we talk to people who don't want to vaccinate", I'd agree villainizing McCarthy is probably not helpful. But, personally, I think she did something ethically wrong by staking so many people's health on her own little anecdote. I mean, she didn't just make a personal call on some health decision, she evangelized this idea as hard as she could.
And I think she's choosing now to downplay all that to avoid embarassment, or maybe to avoid feeling like she betrayed people - instead of owning up to mistakes and potentially doing a lot of good.
I agree that this does harm, but it's mainly because there are real anti-vaxxers who don't get any vaccines, primarily out of religious belief.
There's lots of people who don't get vaccines because they think it'll give their kids autism. Which they think because people, including Jenny McCarthy, told them it did. She held onto this belief, virulently, in the face of a lot of evidence - supporting Dr. What's his name long after it made any sense.
Yeah... Uh, go back to 2008 and listen to her talk, in fairly certain terms, about how vaccines (and fungus and who the hell knows what else) cause autism and mental regression in children. This was when this wave of anti-vaccination scare was just getting going, and she played a big part in popularizing it.
I don't know if it's in that video, but I remember her saying, pretty much "Would you rather your child have measles, or autism?"
At the same time, she was supporting very dangerous crap like chelation as an autism treatment (with the idea that you could remove the mercury from the vaccinations, and then the autism would go away or something) - pretty much telling parents with autistic children to "try everything", so they could be cured like she believed her son was (there's a good chance her son didn't actually have autism to begin with.. but that's another story).
Again, the fact that she's now moderated some of these views doesn't mean she didn't do real harm.
Uhh.. The point of the article is that her op-ed is disingenuous and doesn't correspond to what she has said over the years. Quoting from that op-ed to argue that the article writer isn't giving her true position... well, that's not really grasping the chain of argument here.
The reality is that she's been virulently anti-vaccine over a long period, has played a real part in convincing others to forego vaccination, and is now trying to sell us on something like "she didn't really mean it that way", and pretending she's always held some more moderate position. I mean, go read stuff she wrote years ago.
Lots of people have always got attached to their first language or IDE or whatever, but the core skills learned are transferable. What's being talked about isn't vocational training; it's introducing, for example, programming to patrons at a library.
I think a Chromebook has some very good properties for a public library. They're not just cheap, they're simple and maintainable. If they couldn't support learning how to program at all, I think that would be an important disadvantage. But I think in the context of a library, having online tools and sites available to learn programming is perfectly reasonable, and "ticks that box" so to speak.
Try playing 20 games of Heroes of Newerth, then 20 games of League. You'll feel the difference.
I much prefer Heroes as a game - but in HoN it's routine that over the in game voice chat people will threaten to kill you because (for example) you missed denying a creep - and if you mute people, you lose any kind of coordination. In League, strangers have to type out their abuse - and if you get tired of it, you just mute them (because most "real" communication is done via pings anyway). But for the most part, you don't have to mute people - because the whole happy sticker tribunal thing actually seems to work. Heck, people are often legitimately friendly, even when you're losing.
Overall, in League, 1 in 10 games will be ruined by someone going nutbars griefing or hurling abuse, or leaving because they feel abused. In HoN, 5 out of 10 games are ruined that way.
So even though I love the game (Newerth), I'll probably never play again. The League stuff works.
I don't think you're an asshole at all (though there's plenty of condescending jerks in this thread, on both sides). This subject just has a lot of baggage and history - much more emotional content than makes any sense. There's a good chance many people responding negatively to you have just been primed by encountering a lot of condescending idiots in the past.
It'd be like trying to start a new discussion of "Intelligent Design" or something. Whatever your argument or question is, or its merits, many people would be likely to get very mad very quick.
If that same person said they had mathematical evidence that proved he could see Saturn with his naked eye, I don't think I'm out of line for asking to see that data.
Well yeah - if someone could actually see the moons, they'd likely be able to produce evidence pretty easily (or at least they'd conciously know they're lying). You could ask them to say, for example, whether the moons are currently aligned or whatever. The positive side of this is really easy to resolve - if you find a dead Sasquatch, that kind of resolves things.
It's the flip side - "can you prove nobody can see the moons?" that's more the question here. I mean, you can give an explanation of why this would be very unexpected based on normal human visual acuity and how eyes work. And you can say that you've tested lots of humans and none of them can see the moons. But you can't stamp out the possibility that SOMEONE can tell the difference, just like you can't eliminate the possiblity of Sasquatches just based on never having seen one.
To be clear though, the presence of this possibility is not usually what's being argued by the "other" side. Rather, they're saying that the differences are large, reasonably easily heard, and attributable to phenomenon that don't make sense or they don't understand. It's not like they're saying "there MIGHT be Sasquatches". It'd be like if 1/3rd of the people in every discussion claimed Sasquatches were common and they saw them every day. And when questioned further, it really sounds like they're just seeing a dog - but they get very defensive when you mention dogs. Meanwhile, any time you've gone out to meet these people, they've been unable to show you a Sasquatch (time and time again) - but have pointed out several dogs.
You could imagine how it would get tiring being a "Sasquatch denier" and having this discussion often - so I don't envy people who are involved in, say, making audio equipment, and I don't fault them for being a bit chippy.
The fact that it isn't 100% mathematically provable is true, but also kind of uninteresting.
I mean, if someone comes and claims they can see the moons of Saturn during the day with their naked eyes, that's an extraordinary claim. I can't invalidate it with 100% mathematical reasoning. It's far outside the bounds of what we know about human visual perception, but it's not impossible.
Still, there's also no reason to take their claim seriously - especially when other people have made the same claim many times (and done so with honest belief they're right) and always been shown to be wrong. There's just something about human perception of audio that attracts a lot of superstition and false conclusions.
Can you show me the math that proves that there's no difference between an uncompressed audio source and a 320kbps mp3?
The best I can say is to read something like http://en.wikipedia.org/wiki/P.... But the proof you're looking for isn't going to be mathematical - and is not 100% sound or something. The only real proof is empirical (people can't tell the difference in double blind tests); the psychoacoustic stuff is just an explanation for why that result makes sense given basics of how our ears and brains work.
It's also interesting to look at how audio compression works, and frequency space transforms and what not. But that's very easy information to find.
It isn't like Code Jam is their main stream of employee finding, and in general their engineer interviews are less puzzly than they used to be.
Google has a broad variety of problems that need solving, including a lot of problems where understanding algorithms is tremendously important. If anything Code Jam allows Google to cast a broader, more inclusive, fairer net - giving opportunities to people to shine who don't have a degree from MIT education or who don't fit the average software developer mold.
Well, the starting point for this discussion a discussion like this is "the attacker has access to the hashed passwords and they understand our hashing algorithm, are they able to recover the passwords". Nobody is talking about attempting a million logins through their interface.
Rather, my comment was just stating the obvious - if you are capable of logging in a single user based on the information at rest, then an attacker can use that same test, with the same information, in a brute force attack on a short password.
Their actual solution, which I didn't realize when I wrote my first comment there, is that their system can't just validate a single user.
Google Code Jam is a really super excellent way to get into algorithm programming competitions, at least in North American. The serious competitors are pretty thin on the ground here (or at least they have been in past years) so with a bit of commitment, some programming experience, and a little luck, getting to the on site rounds is very achievable.
It's especially a great opportunity if you're interested in working at Google - doing well will definitely attract their attention.
It's also one of the most approachable competition formats; it's very "approach agnostic", and doesn't focus on anything too obscure in terms of required knowledge or skills. The time bounds are loose enough that you don't have to worry about things like "reading from a file efficiently". The initial rounds usually just test whether you can do basic programming. The test cases they supply do a good job of making sure you get things like formatting right - meaning you get to focus on the actual problem instead of goofy side issues.
Very well run contest, and lots of fun even if you're not a real expert.
Yes, that is the point. My point, in turn, was that you can't do what they describe while still being able to log in a single user.
The surprising resolution to this little dilemma (as discussed in other posts) is that they can't log in a single user (they need kind of a quorum of login attempts before a newly rebooted server can actually log someone in). This wasn't what I expected, so my first post there is kind of misleading (because I was, in turn, mislead by the summary).
The point of this thing is to get an effective key into memory without storing it somewhere (ie. you can reconstruct it based on login attempts). If you just store the logins somewhere, you might as well just store the key there instead (and this, combined with communication restrictions, is how a normal setup like this would work), because from the logins you can get the effective key you need to do authentication. So this scheme isn't really adding anything to that scenario.
To be clear, I don't think you're wrong - you could do a setup like you describe; I just don't think adding this process into the mix would effectively increase security (or, at least, wouldn't help any more than storing passwords in 1000 different files around your network would - it makes things less convenient for the attacker, but not really more secure given the assumptions we have about the attack).
Well, the starting point for this kind of discussion (and the reason you'd use a system like this) is "they've stolen the database and they know how the hash algorithm works". This system is to prevent you from getting passwords out from here by making them more difficult to brute force (and they can't exactly stop you from trying more passwords after you have the database).
They do this by having an effective key that isn't stored in the database and is required for authentication, but is instead reconstructed based on a number of logins (and those logins don't "work" until there's a quorum). Like my post suggested, with something like this you have to pick between "can you authenticate a user" and "can you prevent a brute force attack on short passwords". I assumed they picked the former, but they actually picked the latter - using this system you can't just authenticate a single user on a newly rebooted system.
Anyway, it's a cool thing, but I think there's practical problems.
Yeah - I was wrong. I had assumed that the system would need to be able to log in a single user based on their password (crazy me!) and that was incorrect.
Yeah - but that system would have nothing to do with this. If you want to do that, it's cool and it'll work.
The interesting part of THIS system is that it can recover the secret it needs just by having multiple users authenticate. Which is a really cool property for some possible purpose, but I don't see how it fits well with the requirements of a "normal" authentication system and how that needs to respond.
So it turns out their system, after a reboot, can't just validate a single user (I guess that was a crazy assumption on my part) - it has to have logins from a number of users before it can authenticate anyone. And if you don't want the system breakable by someone just creating a bunch of accounts (eg. normal users on a public website), these prime logins have to be more "special accounts".
Practically, if you need some special logins after every reboot in order for the system to come online, you're going to have to have multiple people assigned this job. Or one person with N passwords he logs in with. In which case, why not just give that guy a one time pad sort of thing that he primes each server with? I mean, these passwords are going to be unrecoverable and encrypted with, effectively, an unchanging key. So... uh, we have ways to do that.
Oh wait, there's an extension that gets around this, and has the property of "the server can check and eliminate most wrong passwords right after reboot". I'm sure a lot of bosses will like that - it'll reject most wrong passwords. Great.
It's a clever idea, but I think there's some real hard sell problems there.
To be useful, the system still needs to be able to tell whether a single user password is correct (and needs to do so reasonably efficiently). So if someone has a 6 character password (which is dumb) you can just try all possible passwords (there isn't that many possible 6 realistic character passwords). Either lots of them work (which would a problem) or you found the password. And it didn't take all the computers in the universe forever to do so.
Maybe this is a great system, but the hyperbole in the summary is ridiculous.
There are some games that WD TV can play - but I have no idea how they're packaged, what their limitations are; the ones I've seen have all been very simple affairs.
If one of these low cost set top boxes could get a good selection of games, I could certainly see that being a big differentiator (and possibly a blow to consoles).
Slashdot Mirror
Over the last 60 years, stocks have returned an 8% compound return - through all the dips and bumps and whatever. There is no subperiod you could be talking about (longer than 10 years) where stocks wouldn't have done well. So either your anecdote people weren't in for long enough (and only saw a dip) or were actively/narrowly trading and swerving to avoid profit.
We could say this about any non-cash asset. We could say this about your bank account - the bank doesn't have nearly enough money to pay out everyone's accounts if everyone wanted their money out. Liquidity is not an all or none thing. Stocks, over a long time, have proven to be very liquid. And the core of their valuation - the ability of a company to create value - is more stable than most other asset classes.
There's plenty of other ways money effectively enters the market. Companies pay dividends to investors. They buy back shares. Public companies are bought or liquidated. The reason stocks are worth money is because companies create value; they did that, and were worth money, before there were stock markets. Owning part of a company isn't just trading baseball cards for companies you like, it's owning a productive asset - and that's why companies are largely evaluated by their price/earnings.
Nobody who has any understanding of economics thinks it's a zero sum game.
In your ridiculous fantasy, how much interest are you getting back over inflation? How much are you spending a year? There's no way it adds up to anything like "luxury".
So yeah... actually, don't answer those questions, because you've obviously already tuned out. I know you're proud of your sad, average financial achievements, but you don't understand any of this (really, honestly, this is very clear) and don't seem keen on learning. I mean, from your comment there, clearly people have tried to explain this to you before. And you can see, in thousands of ways all around you, that reality disagrees with your views on this.
But you've decided that you've got this all sorted out better than people who have more experience, money, and understanding. One day perhaps you'll figure some stuff out, but I don't think it'll be through someone's rational explanation - so I give up.
It's not really much like poker, because it's not a zero sum game. Stock value has gone up fairly steadily over a century. Sure you can find ways to lose money if you're trading actively and poorly, but passive stock investment has outperformed other investment options consistently for a long time.
To be clear, I'm kind of "you in the future". I paid off my first house when I was 28 or so; I also started investing in stocks. The money in stocks did a lot better than the money that paid down my mortgage (you can measure this easily; interest is interest - and when mortgage interest rates are as low as they are, they're not hard to beat). It's riskier too, but when you're young is the right time to be taking that kind of risk (assuming you have your basic obligations covered); over time, stocks will win out, so they're the right choice for long term investment even if they may entail short term setbacks.
I mean, say 5 years ago today you had put $50,000 into a vanilla ETF (we'll say QQQ). You'd currently have $128,860. I didn't cherry pick that or something, I just picked a round number time frame and an extremely common ETF. In the same time as you gained $78,000 on stocks, you could have, instead, saved $10,000 of interest on a 4% mortgage.
That's not to say that there isn't other things worth doing. Maybe you want more education or windows or who knows what. Lots of things can make sense. But eventually, you'll almost certainly want money in the stock market if you're ever going to retire.
I agree she was probably well meaning to start - but she was also dangerously irresponsible.
And now I think she understands she was at least partly wrong - but instead of coming out and saying "Hey, I got some stuff wrong about vaccines and autism and autism treatment", which I think could really help sway some people in a positive way, she's equivocating.
In terms of "how should we talk to people who don't want to vaccinate", I'd agree villainizing McCarthy is probably not helpful. But, personally, I think she did something ethically wrong by staking so many people's health on her own little anecdote. I mean, she didn't just make a personal call on some health decision, she evangelized this idea as hard as she could.
And I think she's choosing now to downplay all that to avoid embarassment, or maybe to avoid feeling like she betrayed people - instead of owning up to mistakes and potentially doing a lot of good.
There's lots of people who don't get vaccines because they think it'll give their kids autism. Which they think because people, including Jenny McCarthy, told them it did. She held onto this belief, virulently, in the face of a lot of evidence - supporting Dr. What's his name long after it made any sense.
Yeah... Uh, go back to 2008 and listen to her talk, in fairly certain terms, about how vaccines (and fungus and who the hell knows what else) cause autism and mental regression in children. This was when this wave of anti-vaccination scare was just getting going, and she played a big part in popularizing it.
http://www.youtube.com/watch?v...
I don't know if it's in that video, but I remember her saying, pretty much "Would you rather your child have measles, or autism?"
At the same time, she was supporting very dangerous crap like chelation as an autism treatment (with the idea that you could remove the mercury from the vaccinations, and then the autism would go away or something) - pretty much telling parents with autistic children to "try everything", so they could be cured like she believed her son was (there's a good chance her son didn't actually have autism to begin with.. but that's another story).
Again, the fact that she's now moderated some of these views doesn't mean she didn't do real harm.
Uhh.. The point of the article is that her op-ed is disingenuous and doesn't correspond to what she has said over the years. Quoting from that op-ed to argue that the article writer isn't giving her true position... well, that's not really grasping the chain of argument here.
The reality is that she's been virulently anti-vaccine over a long period, has played a real part in convincing others to forego vaccination, and is now trying to sell us on something like "she didn't really mean it that way", and pretending she's always held some more moderate position. I mean, go read stuff she wrote years ago.
Lots of people have always got attached to their first language or IDE or whatever, but the core skills learned are transferable. What's being talked about isn't vocational training; it's introducing, for example, programming to patrons at a library.
I think a Chromebook has some very good properties for a public library. They're not just cheap, they're simple and maintainable. If they couldn't support learning how to program at all, I think that would be an important disadvantage. But I think in the context of a library, having online tools and sites available to learn programming is perfectly reasonable, and "ticks that box" so to speak.
There's no reason you couldn't learn to program inside a web application - it limits the tools you can use, sure, but it's certainly not impossible.
Try playing 20 games of Heroes of Newerth, then 20 games of League. You'll feel the difference.
I much prefer Heroes as a game - but in HoN it's routine that over the in game voice chat people will threaten to kill you because (for example) you missed denying a creep - and if you mute people, you lose any kind of coordination. In League, strangers have to type out their abuse - and if you get tired of it, you just mute them (because most "real" communication is done via pings anyway). But for the most part, you don't have to mute people - because the whole happy sticker tribunal thing actually seems to work. Heck, people are often legitimately friendly, even when you're losing.
Overall, in League, 1 in 10 games will be ruined by someone going nutbars griefing or hurling abuse, or leaving because they feel abused. In HoN, 5 out of 10 games are ruined that way.
So even though I love the game (Newerth), I'll probably never play again. The League stuff works.
I don't think you're an asshole at all (though there's plenty of condescending jerks in this thread, on both sides). This subject just has a lot of baggage and history - much more emotional content than makes any sense. There's a good chance many people responding negatively to you have just been primed by encountering a lot of condescending idiots in the past.
It'd be like trying to start a new discussion of "Intelligent Design" or something. Whatever your argument or question is, or its merits, many people would be likely to get very mad very quick.
Well yeah - if someone could actually see the moons, they'd likely be able to produce evidence pretty easily (or at least they'd conciously know they're lying). You could ask them to say, for example, whether the moons are currently aligned or whatever. The positive side of this is really easy to resolve - if you find a dead Sasquatch, that kind of resolves things.
It's the flip side - "can you prove nobody can see the moons?" that's more the question here. I mean, you can give an explanation of why this would be very unexpected based on normal human visual acuity and how eyes work. And you can say that you've tested lots of humans and none of them can see the moons. But you can't stamp out the possibility that SOMEONE can tell the difference, just like you can't eliminate the possiblity of Sasquatches just based on never having seen one.
To be clear though, the presence of this possibility is not usually what's being argued by the "other" side. Rather, they're saying that the differences are large, reasonably easily heard, and attributable to phenomenon that don't make sense or they don't understand. It's not like they're saying "there MIGHT be Sasquatches". It'd be like if 1/3rd of the people in every discussion claimed Sasquatches were common and they saw them every day. And when questioned further, it really sounds like they're just seeing a dog - but they get very defensive when you mention dogs. Meanwhile, any time you've gone out to meet these people, they've been unable to show you a Sasquatch (time and time again) - but have pointed out several dogs.
You could imagine how it would get tiring being a "Sasquatch denier" and having this discussion often - so I don't envy people who are involved in, say, making audio equipment, and I don't fault them for being a bit chippy.
The fact that it isn't 100% mathematically provable is true, but also kind of uninteresting.
I mean, if someone comes and claims they can see the moons of Saturn during the day with their naked eyes, that's an extraordinary claim. I can't invalidate it with 100% mathematical reasoning. It's far outside the bounds of what we know about human visual perception, but it's not impossible.
Still, there's also no reason to take their claim seriously - especially when other people have made the same claim many times (and done so with honest belief they're right) and always been shown to be wrong. There's just something about human perception of audio that attracts a lot of superstition and false conclusions.
Looking back at your original question:
The best I can say is to read something like http://en.wikipedia.org/wiki/P.... But the proof you're looking for isn't going to be mathematical - and is not 100% sound or something. The only real proof is empirical (people can't tell the difference in double blind tests); the psychoacoustic stuff is just an explanation for why that result makes sense given basics of how our ears and brains work.
It's also interesting to look at how audio compression works, and frequency space transforms and what not. But that's very easy information to find.
This video explains sampling and reconstruction of digital audio very well, and is a good jumping off point if you want to learn more.
http://www.youtube.com/watch?v...
It isn't like Code Jam is their main stream of employee finding, and in general their engineer interviews are less puzzly than they used to be.
Google has a broad variety of problems that need solving, including a lot of problems where understanding algorithms is tremendously important. If anything Code Jam allows Google to cast a broader, more inclusive, fairer net - giving opportunities to people to shine who don't have a degree from MIT education or who don't fit the average software developer mold.
Well, the starting point for this discussion a discussion like this is "the attacker has access to the hashed passwords and they understand our hashing algorithm, are they able to recover the passwords". Nobody is talking about attempting a million logins through their interface.
Rather, my comment was just stating the obvious - if you are capable of logging in a single user based on the information at rest, then an attacker can use that same test, with the same information, in a brute force attack on a short password.
Their actual solution, which I didn't realize when I wrote my first comment there, is that their system can't just validate a single user.
Google Code Jam is a really super excellent way to get into algorithm programming competitions, at least in North American. The serious competitors are pretty thin on the ground here (or at least they have been in past years) so with a bit of commitment, some programming experience, and a little luck, getting to the on site rounds is very achievable.
It's especially a great opportunity if you're interested in working at Google - doing well will definitely attract their attention.
It's also one of the most approachable competition formats; it's very "approach agnostic", and doesn't focus on anything too obscure in terms of required knowledge or skills. The time bounds are loose enough that you don't have to worry about things like "reading from a file efficiently". The initial rounds usually just test whether you can do basic programming. The test cases they supply do a good job of making sure you get things like formatting right - meaning you get to focus on the actual problem instead of goofy side issues.
Very well run contest, and lots of fun even if you're not a real expert.
Yes, that is the point. My point, in turn, was that you can't do what they describe while still being able to log in a single user.
The surprising resolution to this little dilemma (as discussed in other posts) is that they can't log in a single user (they need kind of a quorum of login attempts before a newly rebooted server can actually log someone in). This wasn't what I expected, so my first post there is kind of misleading (because I was, in turn, mislead by the summary).
The point of this thing is to get an effective key into memory without storing it somewhere (ie. you can reconstruct it based on login attempts). If you just store the logins somewhere, you might as well just store the key there instead (and this, combined with communication restrictions, is how a normal setup like this would work), because from the logins you can get the effective key you need to do authentication. So this scheme isn't really adding anything to that scenario.
To be clear, I don't think you're wrong - you could do a setup like you describe; I just don't think adding this process into the mix would effectively increase security (or, at least, wouldn't help any more than storing passwords in 1000 different files around your network would - it makes things less convenient for the attacker, but not really more secure given the assumptions we have about the attack).
Well, the starting point for this kind of discussion (and the reason you'd use a system like this) is "they've stolen the database and they know how the hash algorithm works". This system is to prevent you from getting passwords out from here by making them more difficult to brute force (and they can't exactly stop you from trying more passwords after you have the database).
They do this by having an effective key that isn't stored in the database and is required for authentication, but is instead reconstructed based on a number of logins (and those logins don't "work" until there's a quorum). Like my post suggested, with something like this you have to pick between "can you authenticate a user" and "can you prevent a brute force attack on short passwords". I assumed they picked the former, but they actually picked the latter - using this system you can't just authenticate a single user on a newly rebooted system.
Anyway, it's a cool thing, but I think there's practical problems.
Yeah - I was wrong. I had assumed that the system would need to be able to log in a single user based on their password (crazy me!) and that was incorrect.
Yeah - but that system would have nothing to do with this. If you want to do that, it's cool and it'll work.
The interesting part of THIS system is that it can recover the secret it needs just by having multiple users authenticate. Which is a really cool property for some possible purpose, but I don't see how it fits well with the requirements of a "normal" authentication system and how that needs to respond.
So it turns out their system, after a reboot, can't just validate a single user (I guess that was a crazy assumption on my part) - it has to have logins from a number of users before it can authenticate anyone. And if you don't want the system breakable by someone just creating a bunch of accounts (eg. normal users on a public website), these prime logins have to be more "special accounts".
Practically, if you need some special logins after every reboot in order for the system to come online, you're going to have to have multiple people assigned this job. Or one person with N passwords he logs in with. In which case, why not just give that guy a one time pad sort of thing that he primes each server with? I mean, these passwords are going to be unrecoverable and encrypted with, effectively, an unchanging key. So... uh, we have ways to do that.
Oh wait, there's an extension that gets around this, and has the property of "the server can check and eliminate most wrong passwords right after reboot". I'm sure a lot of bosses will like that - it'll reject most wrong passwords. Great.
It's a clever idea, but I think there's some real hard sell problems there.
To be useful, the system still needs to be able to tell whether a single user password is correct (and needs to do so reasonably efficiently). So if someone has a 6 character password (which is dumb) you can just try all possible passwords (there isn't that many possible 6 realistic character passwords). Either lots of them work (which would a problem) or you found the password. And it didn't take all the computers in the universe forever to do so.
Maybe this is a great system, but the hyperbole in the summary is ridiculous.
There are some games that WD TV can play - but I have no idea how they're packaged, what their limitations are; the ones I've seen have all been very simple affairs.
If one of these low cost set top boxes could get a good selection of games, I could certainly see that being a big differentiator (and possibly a blow to consoles).