Take a multi-tiered approach. Several different machine learning algorithms independently identify and categorize data. An assessment of what a thing is would be made on the confidence of the algorithms, and of the majority consensus of the algorithms.
Next add in a simulation to model the data provided (imagination), and gauge the accuracy based on the results of the modeling.
Finally, add in a response to verbal feedback from an outside entity, a human to confirm or reject the conclusion, to train the AI.
Also, currently machines are learning what is and is not a feline based on a different dataset than humans. Humans have stereoscopic vision, and train on multiple sequential images of a single object. The way a blade of grass moves to indicate it is rooted, vs the way a feline moves to indicate it is not root. The change in perspective between two images to indicate distance, and with distance size. Tactile feedback to indicate proximity, and additionally to determine the physical characteristics of an object, such as that feline. Humans train on a more varied and broader dataset than machines do currently.
They are impossible to get perfect or absolute, however I wouldn't they are unreasonably hard anymore. Many of the individual aspects are largely solved, such as the first XKCD talking about the problem of image recognition vs Geo-Location (Geo-Location being a problem that was solved with hardware). I'd say we are at a level of technological development to be able to create a few, or perhaps a single fully functional android. We may just have to give up cellular communications to do so, in order to afford the bandwidth to feed a brain the size of a football field and connect it to a robotic form.
The trick is getting enough of the puzzle pieces working together to produce a reasonably close approximation. With highly functional and highly accurate voice recognition, machine learning can be tuned and corrected on the fly, errors corrected in the field. Which can be used to strength all types of machine learning, including language learning itself. The first generation of automatons or androids would be scouts sent out to observe and collect datasets, and to test learning algorithms for use in future androids.
Perhaps the three laws are implemented via a secondary brain. One which has the ability to block and/or override the actions initiated by the primary brain.
Positronic Brain 1 (Secondary/subconscious): Ethics and morality core. This brain evaluates the immediate outcomes of various actions and decisions taken by the Primary or Conscious positronic brain for any potential violation of the three laws. This brain is likely more rudimentary, likely not even sentient. Most, if not all of the rules will be pre-defined.
Positronic Brain 2 (Primary/Conscious): Primary learning capable brain. The definition of a "human" will likely be defined here. Any ambiguous concepts not readily definable in the subconscious would be defined in the conscious brain. The integration between the two parts would prevent any "dishonesty" between the two "brains". The human voice, and a recognizable language, could be used as a strong metric of how to define a human. Many animals make noise, but only humans and parrots make noises in any recognizable language to make requests, and humans and parrots are easily distinguishable.
The Apple standard. Assume your users are idiots, and ripe for abuse for profit, and funnel them where you want them to go so it makes you more profit.
Never been to Newgrounds, have you? Millions probably refers to that site alone,...
There are enough older web based games around the interwebs to outnumber newly developed ones. Webhosting for them is typically cheap, and they likely carry some sentimental value, so they stick around somewhat longer than you would expect.
Also, there is the question of how many games for the Android platform use Chrome in a "Web App" configuration.
I rather think this is a "jumping the shark" moment of a company at the edge of failing. Uber's business model is under assault, and their next best option was automation which they have now failed at. They need something to keep investors and backers from cutting their losses and tanking the company as they leave.
Easier to program for when your moving one per day, or no more than one per hour. An absolute nightmare when your margin of error is 24 seconds, and the vehicles are aged more than two years.
2001: A Space Odyssey doesn't provide much to think about anymore either. Movie audiences have typically been exposed to a significant portion of the contents of 2001, or even better rendentions. Half the movie is concepts which evolved into much more practical and fully formed things which are common today, be they ideas, narrative constructs (plots/universe building), or technologies.
The universe which 2001 builds is a rather small one compared to the worlds most audiences are used to these days, and it shrinks down to practically nothing at the end. It isn't rich and detailed, it is bland and uninteresting. There isn't anything to imagine which requires 2001 as a source material, there is nothing unique to 2001 anymore.
Finally, the "scientific" notions, concepts, and ideas, are not just old hat, they are rather imprecise and inaccurate. As often as that is the case, 2001 gives the impression of a higher quality, more "high brow" work, and its failings in scientific areas are distracting, especially when there is so little else to focus on.
In addition, the artistic and ambiguous ending has already been brought closer to reality in other media, tales, and plotlines. It is more interesting now as a historical piece to give us insight into the limitations of the imaginations of previous generations.
There is nothing in the law that would indicate changing a URL is unauthorized access. Any such interpretation is subject to the rulings of other cases on whether changing URLs constitutes unauthorized access. But this law makes no judgement one way or the other.
"Active" means doing something. It is not just reactive, it is active. It means taking preventative measures. Pre-emptive strikes are a defensive measure. Weaken the opponent to reduce their offensive capacity.
Unauthorized access is plain and clear. There is an exception where a third party can take action, "for defensive purposes", to gain unauthorized access to a "suspect" system.
This is the cybersecurity equivalent of "probable cause", and there is no limitation of it to law enforcement entities only.
Reading that wikipedia article, and looking at the tech that is available currently, and I would hazard to guess that we are at the end of "AI Winters". Siri, Cortana, Alexa, and Google's digital assistant would seem to be a realization of the dream which funded AI during the "AI Summers", so I expect the present reminder of actual results would mitigate or eliminate a full blown winter of AI funding.
AI in its current form is all about big data analytics. Thus there is work to do and value, regardless of public hype and popularity. Though, self-driving vehicles may experience a winter of their own, which may impact image recognition algorithms. One just has to make sure the job in AI is a boring field, not a trending one.
It is not clear that DDoS is allowed, as DDoS is not detection, nor is it entirely unauthorized access. This does appear to legally allow a third party entity access to another party's entire network and data for the purposes of remediating an infection or stopping an attack.
Reading the current wording on the current bill, SB315, states that access without authority is illegal, except when actively attempting to detect and/or prevent unauthorized access.
Basically it is saying is that a third party can access your network without authorization to shutdown a PC infected with malware (ie. a botnet), or trace the malware back to the point origin.
What about foreign powers? Forget fighting back against Texas, Florida, and Maine, there is also the rest of the world to worry about. What if this leads to an international incident and World War III?
One has to wonder what usefulness of this bill would be if limited to within the state's boundaries. Is there a remote possibility that the increased amount of hacking attempts resulting from botnet infections would improve the security situation and thus harden Georgia's infrastructure from outside attack, and with corporate spending on security training being required to remain in business, the state could end up with a greater number of knowledgeable personnel, lowering the cost of experts for smaller businesses. If the businesses within the state could survive long enough to generate enough revenue to pay for the additional training and software and hardware for defense purposes. Otherwise foolish leadership would just return the state to the dark ages as companies vacate the state for legal protection, and ISPs begin taking preventative actions allowed after the loss of Net Neutrality restrictions.
Spam filtering rules/systems often distrust client IPs already. However a DDoS is a horse of a different color. DDoS typically uses protocols which the clients would use, as such the differences between a DDoS and the "Slashdot Effect" are likely indistinguishable from the ISPs perspective. And without digging heavily into packet captures, one would have a hard time distinguishing between them on the victim's side as well. The main difference being whether there was an increase or decrease in revenue around the time of that event, as botnet attacks typically don't generate ad revenue nor make purchases while preventing legitimate customers from doing the same.
Misunderstood. Never heard of LetsEncrypt before, and it sounded, from the parent of the post I replied to, like LetsEncrypt was not verifying against actual public domains. Ie. Essentially blindly trusting all self-signed certs rendering the purpose of a Root CA ineffective. Given that another verification methodology was mentioned, and most of the context here seemed to be pushing LetsEncrypt for home devices and such, which would not normally be matched with public registered domains, I misunderstood.
In reviewing the certificate chain for Slashdot, Let's Encrypt is an intermediate authority, and not a root CA.
I will step back and reassess the situation with the appropriate information.
I'm all for the cert, but I see no benefit in having a third party authentication mechanism just to eliminate some browser warnings. Verfiy the cert, and save it locally to the machine/browser as an exception.
Perhaps I'm thinking of the issue with SSL certs is that domain wide certs are an extra fee above "A" record specific certs. And A records require an IP, and I wouldn't expect to be able to insert a private class "C" for an "A" record into the DNS records for my domain.
Talking about having a D-Link or Netgear or Linksys, or Belkin router provide a TLD for itself, that is a bit more than I ever would have considered for a consumer appliance.
What would that be, a Belkin.Route TLD, with an SSL cert which matches all Belkin routers? How would the cert be protected from maliscious actors? Once the device is physically in the hands of an untrusted party, everything on it should be assumed to be compromised? And the device would have to have a private key stored locally on the device itself to match the public key for the TLD. Which could then be ported to other devices for man-in-the-middle attacks.
Otherwise how would one manage per person TLDs? Each TLD would require an admin. That admin may well manage multiple sites. Those sites could be single occupant/user sites. Or the admin's home and a secondary site. More importantly who would want to manage consumer devices? If one really had need of validated certs, one could learn, or hire somebody, to implement a system and configure the certs,
Possible, perhaps. Efficient and bug free on initial push/deployment? Unlikely. Such features would more likely cause the features you are describing by the browser trying to manage all that with little telemetry or other feedback data on what the errors or issues actually are. Also not really worth spending time writing a LOT of code to fix a problem only one or two people have. Wouldn't surprise me if those changes reach $1,000,000 in development costs before it was all said and done.
As for suggestions:
You say bandwidth is not an issue, nor does the significantly above average RAM quantity appear to be insufficient, so,... 120 tabs open and bandwidth isn't a factor???
1. Get an SSD. Make sure there is no bottleneck for simultaneous reads and writes to randomly accessed cache data.
2. Try disabling other services and other apps to reduce the difficulty of managing multiple threads.
3. Ideally, as a rule of thumb one shouldn't let the number of tabs exceed 1.5 times the number of cores on the machine, to avoid contention of resources. Especially when a heavy resource page like a video stream is being displayed. Heavy resource pages, such as multimedia streams, will likely need two or three cores exclusively to avoid contention of resources for an uninterrupted stream.
4. Update your graphics card drivers.
5. Get a dedicated graphics card for proper hardware accelleration. Intel should be able to handle a single 1080p video fine. 120 tabs of hardware accellerated content alongside even a single 1080p stream will likely require a more powerful GPU.
6. Make sure you're hardwired in using gigabit ethernet. Wifi introduces a bunch of issues into the bandwidth stream, especially when the connection/channel is shared by multiple devices.
RAM is a expense, expenses must be controlled. The more a web browser takes up, the less of the same resource is available for other tasks.
Whe you only have to budget for one PC with 16GB of RAM, it may not seem like a lot. When you have to budget for hundreds or even thousands of PCs, against a Walmart razor thin margin ecosystem, 16GB is an incredible expense. And one can't raise margins to cover the cost of a better rig, because the lowest bidder wins. This trickles down to the employee who can't afford more than $400 per cycle for a PC, and whose 4GB/dual core box isn't past the 8 year cycle yet.
Excessive memory usage by websites and browsers, and excessive bandwidth usage by websites is both greed and gluttony, and is disrespectful to the working class. Its like a pot of gold at the end of the rainbow, except in this case that pot of gold is affordable computing. By the time we get 10mbps 4G LTE across the country, the web is going to require 100mbps minimum. Afford 16 GB of RAM, and the minimum is now 64GB.
Slashdot Mirror
Take a multi-tiered approach. Several different machine learning algorithms independently identify and categorize data. An assessment of what a thing is would be made on the confidence of the algorithms, and of the majority consensus of the algorithms.
Next add in a simulation to model the data provided (imagination), and gauge the accuracy based on the results of the modeling.
Finally, add in a response to verbal feedback from an outside entity, a human to confirm or reject the conclusion, to train the AI.
Also, currently machines are learning what is and is not a feline based on a different dataset than humans. Humans have stereoscopic vision, and train on multiple sequential images of a single object. The way a blade of grass moves to indicate it is rooted, vs the way a feline moves to indicate it is not root. The change in perspective between two images to indicate distance, and with distance size. Tactile feedback to indicate proximity, and additionally to determine the physical characteristics of an object, such as that feline. Humans train on a more varied and broader dataset than machines do currently.
They are impossible to get perfect or absolute, however I wouldn't they are unreasonably hard anymore. Many of the individual aspects are largely solved, such as the first XKCD talking about the problem of image recognition vs Geo-Location (Geo-Location being a problem that was solved with hardware). I'd say we are at a level of technological development to be able to create a few, or perhaps a single fully functional android. We may just have to give up cellular communications to do so, in order to afford the bandwidth to feed a brain the size of a football field and connect it to a robotic form.
The trick is getting enough of the puzzle pieces working together to produce a reasonably close approximation. With highly functional and highly accurate voice recognition, machine learning can be tuned and corrected on the fly, errors corrected in the field. Which can be used to strength all types of machine learning, including language learning itself. The first generation of automatons or androids would be scouts sent out to observe and collect datasets, and to test learning algorithms for use in future androids.
Perhaps the three laws are implemented via a secondary brain. One which has the ability to block and/or override the actions initiated by the primary brain.
Positronic Brain 1 (Secondary/subconscious): Ethics and morality core. This brain evaluates the immediate outcomes of various actions and decisions taken by the Primary or Conscious positronic brain for any potential violation of the three laws. This brain is likely more rudimentary, likely not even sentient. Most, if not all of the rules will be pre-defined.
Positronic Brain 2 (Primary/Conscious): Primary learning capable brain. The definition of a "human" will likely be defined here. Any ambiguous concepts not readily definable in the subconscious would be defined in the conscious brain. The integration between the two parts would prevent any "dishonesty" between the two "brains". The human voice, and a recognizable language, could be used as a strong metric of how to define a human. Many animals make noise, but only humans and parrots make noises in any recognizable language to make requests, and humans and parrots are easily distinguishable.
The Apple standard. Assume your users are idiots, and ripe for abuse for profit, and funnel them where you want them to go so it makes you more profit.
The ability to set the defaults, probably the most sane solution, though IE's "Zones" were a bit obfuscated for most users.
Never been to Newgrounds, have you? Millions probably refers to that site alone,...
There are enough older web based games around the interwebs to outnumber newly developed ones. Webhosting for them is typically cheap, and they likely carry some sentimental value, so they stick around somewhat longer than you would expect.
Also, there is the question of how many games for the Android platform use Chrome in a "Web App" configuration.
In the age of facial recognition, especially combined with bad prompts as the one linked, your comment could be literally true in the near future.
Ubuntu is now an officially supported part of Windows.
I rather think this is a "jumping the shark" moment of a company at the edge of failing. Uber's business model is under assault, and their next best option was automation which they have now failed at. They need something to keep investors and backers from cutting their losses and tanking the company as they leave.
Easier to program for when your moving one per day, or no more than one per hour. An absolute nightmare when your margin of error is 24 seconds, and the vehicles are aged more than two years.
2001: A Space Odyssey doesn't provide much to think about anymore either. Movie audiences have typically been exposed to a significant portion of the contents of 2001, or even better rendentions. Half the movie is concepts which evolved into much more practical and fully formed things which are common today, be they ideas, narrative constructs (plots/universe building), or technologies.
The universe which 2001 builds is a rather small one compared to the worlds most audiences are used to these days, and it shrinks down to practically nothing at the end. It isn't rich and detailed, it is bland and uninteresting. There isn't anything to imagine which requires 2001 as a source material, there is nothing unique to 2001 anymore.
Finally, the "scientific" notions, concepts, and ideas, are not just old hat, they are rather imprecise and inaccurate. As often as that is the case, 2001 gives the impression of a higher quality, more "high brow" work, and its failings in scientific areas are distracting, especially when there is so little else to focus on.
Star Trek The Motion Picture tried to match the pacing. The series did not retain that slow pace. Most will agree that it is too slow.
That said, we are on the far side of history from this film. Much of the awe and wonder is passé, we've seen it so many times before. Many of the technological advances of the film have already been surpassed in this decade.
In addition, the artistic and ambiguous ending has already been brought closer to reality in other media, tales, and plotlines. It is more interesting now as a historical piece to give us insight into the limitations of the imaginations of previous generations.
There is nothing in the law that would indicate changing a URL is unauthorized access. Any such interpretation is subject to the rulings of other cases on whether changing URLs constitutes unauthorized access. But this law makes no judgement one way or the other.
"Active" means doing something. It is not just reactive, it is active. It means taking preventative measures. Pre-emptive strikes are a defensive measure. Weaken the opponent to reduce their offensive capacity.
Unauthorized access is plain and clear. There is an exception where a third party can take action, "for defensive purposes", to gain unauthorized access to a "suspect" system.
This is the cybersecurity equivalent of "probable cause", and there is no limitation of it to law enforcement entities only.
Reading that wikipedia article, and looking at the tech that is available currently, and I would hazard to guess that we are at the end of "AI Winters". Siri, Cortana, Alexa, and Google's digital assistant would seem to be a realization of the dream which funded AI during the "AI Summers", so I expect the present reminder of actual results would mitigate or eliminate a full blown winter of AI funding.
AI in its current form is all about big data analytics. Thus there is work to do and value, regardless of public hype and popularity. Though, self-driving vehicles may experience a winter of their own, which may impact image recognition algorithms. One just has to make sure the job in AI is a boring field, not a trending one.
It is not clear that DDoS is allowed, as DDoS is not detection, nor is it entirely unauthorized access. This does appear to legally allow a third party entity access to another party's entire network and data for the purposes of remediating an infection or stopping an attack.
Reading the current wording on the current bill, SB315, states that access without authority is illegal, except when actively attempting to detect and/or prevent unauthorized access.
Basically it is saying is that a third party can access your network without authorization to shutdown a PC infected with malware (ie. a botnet), or trace the malware back to the point origin.
What about foreign powers? Forget fighting back against Texas, Florida, and Maine, there is also the rest of the world to worry about. What if this leads to an international incident and World War III?
One has to wonder what usefulness of this bill would be if limited to within the state's boundaries. Is there a remote possibility that the increased amount of hacking attempts resulting from botnet infections would improve the security situation and thus harden Georgia's infrastructure from outside attack, and with corporate spending on security training being required to remain in business, the state could end up with a greater number of knowledgeable personnel, lowering the cost of experts for smaller businesses. If the businesses within the state could survive long enough to generate enough revenue to pay for the additional training and software and hardware for defense purposes. Otherwise foolish leadership would just return the state to the dark ages as companies vacate the state for legal protection, and ISPs begin taking preventative actions allowed after the loss of Net Neutrality restrictions.
Spam filtering rules/systems often distrust client IPs already. However a DDoS is a horse of a different color. DDoS typically uses protocols which the clients would use, as such the differences between a DDoS and the "Slashdot Effect" are likely indistinguishable from the ISPs perspective. And without digging heavily into packet captures, one would have a hard time distinguishing between them on the victim's side as well. The main difference being whether there was an increase or decrease in revenue around the time of that event, as botnet attacks typically don't generate ad revenue nor make purchases while preventing legitimate customers from doing the same.
Such is my primary concern with this proposed bill and "solution".
Misunderstood. Never heard of LetsEncrypt before, and it sounded, from the parent of the post I replied to, like LetsEncrypt was not verifying against actual public domains. Ie. Essentially blindly trusting all self-signed certs rendering the purpose of a Root CA ineffective. Given that another verification methodology was mentioned, and most of the context here seemed to be pushing LetsEncrypt for home devices and such, which would not normally be matched with public registered domains, I misunderstood.
In reviewing the certificate chain for Slashdot, Let's Encrypt is an intermediate authority, and not a root CA.
I will step back and reassess the situation with the appropriate information.
Full screen permissions are a whitelist.
SSL verification ensures the private key of the device, and its domain, matches the public key in the Root CA.
If the key you have doesn't fit the lock, then don't use the whitelist, as its probably not the real door but a trap.
I'm all for the cert, but I see no benefit in having a third party authentication mechanism just to eliminate some browser warnings. Verfiy the cert, and save it locally to the machine/browser as an exception.
Perhaps I'm thinking of the issue with SSL certs is that domain wide certs are an extra fee above "A" record specific certs. And A records require an IP, and I wouldn't expect to be able to insert a private class "C" for an "A" record into the DNS records for my domain.
Talking about having a D-Link or Netgear or Linksys, or Belkin router provide a TLD for itself, that is a bit more than I ever would have considered for a consumer appliance.
What would that be, a Belkin.Route TLD, with an SSL cert which matches all Belkin routers? How would the cert be protected from maliscious actors? Once the device is physically in the hands of an untrusted party, everything on it should be assumed to be compromised? And the device would have to have a private key stored locally on the device itself to match the public key for the TLD. Which could then be ported to other devices for man-in-the-middle attacks.
Otherwise how would one manage per person TLDs? Each TLD would require an admin. That admin may well manage multiple sites. Those sites could be single occupant/user sites. Or the admin's home and a secondary site. More importantly who would want to manage consumer devices? If one really had need of validated certs, one could learn, or hire somebody, to implement a system and configure the certs,
Possible, perhaps. Efficient and bug free on initial push/deployment? Unlikely. Such features would more likely cause the features you are describing by the browser trying to manage all that with little telemetry or other feedback data on what the errors or issues actually are. Also not really worth spending time writing a LOT of code to fix a problem only one or two people have. Wouldn't surprise me if those changes reach $1,000,000 in development costs before it was all said and done.
As for suggestions:
You say bandwidth is not an issue, nor does the significantly above average RAM quantity appear to be insufficient, so,...
120 tabs open and bandwidth isn't a factor???
1. Get an SSD. Make sure there is no bottleneck for simultaneous reads and writes to randomly accessed cache data.
2. Try disabling other services and other apps to reduce the difficulty of managing multiple threads.
3. Ideally, as a rule of thumb one shouldn't let the number of tabs exceed 1.5 times the number of cores on the machine, to avoid contention of resources. Especially when a heavy resource page like a video stream is being displayed. Heavy resource pages, such as multimedia streams, will likely need two or three cores exclusively to avoid contention of resources for an uninterrupted stream.
4. Update your graphics card drivers.
5. Get a dedicated graphics card for proper hardware accelleration. Intel should be able to handle a single 1080p video fine. 120 tabs of hardware accellerated content alongside even a single 1080p stream will likely require a more powerful GPU.
6. Make sure you're hardwired in using gigabit ethernet. Wifi introduces a bunch of issues into the bandwidth stream, especially when the connection/channel is shared by multiple devices.
RAM is a expense, expenses must be controlled. The more a web browser takes up, the less of the same resource is available for other tasks.
Whe you only have to budget for one PC with 16GB of RAM, it may not seem like a lot. When you have to budget for hundreds or even thousands of PCs, against a Walmart razor thin margin ecosystem, 16GB is an incredible expense. And one can't raise margins to cover the cost of a better rig, because the lowest bidder wins. This trickles down to the employee who can't afford more than $400 per cycle for a PC, and whose 4GB/dual core box isn't past the 8 year cycle yet.
Excessive memory usage by websites and browsers, and excessive bandwidth usage by websites is both greed and gluttony, and is disrespectful to the working class. Its like a pot of gold at the end of the rainbow, except in this case that pot of gold is affordable computing. By the time we get 10mbps 4G LTE across the country, the web is going to require 100mbps minimum. Afford 16 GB of RAM, and the minimum is now 64GB.