Some implementations have been broken. Encryption itself is generally fine (as long as you go with well-studied, standardized methods). There is a point that encryption is always subject to real-world factors, but the most common libraries are pretty good. Whenever you read about a data breach in the news, it's not because encryption was broken--something else went wrong (and, frequently, exposed data that wasn't encrypted in the first place).
especially the kind that exposes useful information about the plaintext as this one does.
Homomorphic encryption does not expose useful information about the plaintext, although the article doesn't make that clear. You start with an encrypted input, perform an operation, and get an encrypted output. Only the person with the key--who is not the person performing the computation--can decrypt the result.
There is a somewhat-related but distinct concept, called "functional encryption", in which one can distribute a key associated with a function f. That key allows a user to take an encryption of x and obtain f(x)--but nothing else about x other than f(x), where "nothing else" has a mathematical formalization. So you could (conceptually) encrypt your entire medical record and give your doctor a key for the function that calculates the probability that you'll have a heart attack in the next five years. Then they'll be able to calculate that probability, but nothing else about you.
A much simpler alternative is to keep your genetic information in your own control, processing it on your own computer with open source software. You know, just what we already do with other sensitive information like passwords.
This I agree with, in an ideal world. Will we be living in such a world, 5, 10, or 20 years down the line? I don't know. Right now, the trends are largely in outsourcing everything--more and more, your data and computation live on the cloud. For medical information, your doctor doesn't do all the tests himself--he outsources them to a lab. For genetic information, 23andMe doesn't sell software that lets you analyze your own genetic markers--they take your information and perform the analysis on it themselves. So these trends will need to change before the above takes place.
It would be great to keep one's own data and get all the various analysis tools via FOSS. But someone needs to write and distribute those tools--as well as make it feasible to obtain one's own data in the first place (I don't know about you, but I don't have an MRI machine in my house). So until that world exists, homomorphic encryption is a potentially useful tool in this area.
[It also has uses beyond securely outsourcing computation, but that's somewhat off-topic.]
If I had been talking about Swartz, or the case itself, it would be an argument from authority. But as I mentioned at the beginning, I was talking about Abelson.
Various commenters are slamming Abelson for making a comment they disagree with, when they don't have a clue who he is or what work he's done--he isn't saying what the knee-jerk/. mentality wants him to say, so he has to be tarred as The Enemy.
I'm not arguing that people should agree with Abelson about Swartz. I'm saying that given his history, it might make sense for people to at least give a reasonable look at what he's saying, and if they then disagree with him to address that on the issues, rather than rushing to post inaccurate, sarcastic posts based on a headline.
IT was MIT who insisted on tough ]punishments and wouldn't allow a slap on the wrist.
No, it wasn't, despite what the highly-modded-up comments on/. and elsewhere would like you to believe. Have you read Abelson's report? It's long but actually quite easy to read. It starts with a detailed description of the facts, and maintains that MIT took a completely hands-off approach. They did not push for any punishment whatsoever. They didn't take action in explicit support of him either--and the report gives a large amount of attention to this decision, its reasoning, and its ramifications. I haven't heard any credible source [read: anyone other than ill-informed Internet commentators] dispute Abelson's facts in any meaningful way, including the claim of MIT's "hands-off" approach.
NO, he wasn't naive, his punishment was overblown.
Well, Hal, if this is what it takes to let you sleep at night despite your and your school's part in Swartz's persecution, have at it. But I doubt too many people are buying it; at this late date pretty much everyone's mind is made up anyway.
Including Slashdotters', apparently. But since you're making this about Abelson rather than Swartz, here are a few facts about the man you're casually brushing off.
Abelson is an old Lisp hacker. He has a long history of standing up for Freedom, in the sense/. appreciates. He's on the Board of Directors of the FSF, and was in fact one of the directors at its founding. He has solidly been in support of David LaMacchia, bunnie Huang, and Keith Winstein.
He has not shied away from standing up for freedom of information, even if there are heavy legal consequences involved.
He also puts his money where his mouth is, releasing a number of his own works for free. Before ebooks were a thing, he made sure his book was available for free online. He helped get OpenCourseWare off the ground. Heck, he's released (under Creative Commons) video of some of his own lectures...from 1986.
He's an expert in the area (in addition to the above personal experience, he also teaches a course on Ethics and Law in the Electronic Frontier). He also spent six months investigating and writing a book-length report about the Swartz case, and MIT's response to it, in particular. The summary describes the report as MIT "clearing itself"--while the report details that MIT did nothing legally wrong, it also goes into the moral and ethical issues of MIT's response without reaching a bright-line conclusion.
So, with all of this as context, which is more likely: -Abelson is trying to make Swartz look like a bad guy in order that he can "sleep at night", or -The man with a long history of views and actions supporting freedom of information, with a background in ethics and law on computer-related issues, who quite possibly is the single individual who has done the most thinking about the details of the Swartz case and MIT's response to it (and certainly knows more about it and has thought more about it than any Slashdotter), honestly and genuinely thinks that Swartz was naive about the realities of the situation he got himself into....and maybe, just maybe, it might make sense to give at least a small amount of genuine, honest consideration to his views?
Aaronson himself works on quantum complexity theory. Much of his work deals with quantum computers (at a conceptual level--what is and isn't possible). Yet there are some people who reject the idea the quantum computers can scale to "useful" sizes--including some very smart people like Leonid Levin (of Cook-Levin Theorem fame)--and some of them send him email, questions, comments on his blog, etc. saying so. These people are essentially asserting that Aaronson's career is rooted in things that can't exist. Thus, Aaronson essentially said "prove it."
It's true that proving such a statement would be very difficult, and you raise some good points as to why. But the context is that Aaronson gets mail and questions all the time from people who simply assert that scalable QC is impossible, and he's challenging them to be more formal about it.
He also mentions, in fairness, that if he does have to pay out, he'd consider it an honor, because it would be a great scientific advance.
Assuming no relationship between decisions is ludicrous. On many items that aren't terribly controversial, Ginsburg and Scalia, for example, would rule similarly just because they are trained judges with a background in US law.
[...]
I'd be really surprised if you didn't have a correlation between how one particular justice votes and how the rest of the justices vote.
TL,DR: Last Supreme Court term, -Almost half of all Supreme Court decisions were unanimous -The two Justices who disagreed most frequently in judgment were Ginsburg and Alito--and they still agreed with each other noticeably more than half the time (62.5%). Ginsburg and Scalia, in your example, agreed in judgment 65% of the time. -That said, there is at least some truth to there being a "liberal wing" and a "conservative wing" (with Kennedy being the "swing vote"): of the 16 cases that were decided 5-4, 14 of them were Roberts-Scalia-Thomas-Alito vs. Ginsburg-Breyer-Sotomayor-Kagan with Kennedy casting the deciding vote. But a number of the lineups are more interesting.
The Justices are highly educated professionals, and as such agree with each other a lot of the time about what the law actually says. None of them is blindly ideological--but just the same, they do have their individual opinions about how the law should be interpreted, so some level of ideology is certainly present.
It's not just "the ones who fail the metal detector" who get pat-downs, and that's not what the article is about. The TSA is increasingly using backscatter x-ray machines; if they decide to put you through one of those, you can opt to get a manual pat-down instead. This is the category of people we're talking about; they are trying to get more people to choose the backscatter x-ray by making the manual search more uncomfortable.
As for there not being enough scanners, TFA says "Agents were funneling every passenger at this particular checkpoint through a newly installed back-scatter body imaging device." I can confirm this; the last few times I've been to Logan Airport in Boston, they were putting every adult through the scanner. (They allowed a few small children to go through the metal detector instead.) Perhaps this is true only at some airports or only at non-peak times, but there are certainly situations where everyone gets funneled to the backscatter machine, and opt-outs get patted down.
The second time this happened to me, the TSA agent announced that we would go through the scanner, and didn't mention that anyone had the option to get a manual pat-down instead. When I politely requested to opt out of the scanner, the TSA agent kept trying to talk me out of it, repeatedly asking why I wanted a pat-down, informing me that it would be degrading, etc., before finally allowing it. (Honestly, one of the reasons I wanted to request a pat-down was so that other people knew it was an option!)
it would be more work to re-engineer somebody else's code to avoid detection than to just write it from scratch.
Very true. I've been a TA in CS at a well-known university, and it's surprising how many students don't realize how easy it is to catch cheaters.
Much of our work is cooperative--either explicitly group work, or of the "you can talk with friends about the ideas or help them debug, but write it up yourself" variety. In addition, the TAs are available for any questions (and don't mind helping you--really!). So, it's really not that hard to do the work honestly and do ok. Maybe you won't do great, but you'll do ok.
But I never saw the people who ended up cheating during office hours, or saw other signs that they were putting forth any effort to actually learn. So I don't think cheating is a matter of ability so much as laziness. The issue, as parent rightly points out, is that while it's certainly possible to cheat in an undetectable manner, doing so requires at least as much work as doing the assignment. And if someone is cheating due to laziness in the first place, they often don't put much effort into cheating, and it's very, very easy to catch them.
If you are too stupid to realize that when you hand in plagiarized code, you aren't taking a *risk* that you will be caught, you are engaging in the certainty that you will be caught, then you don't deserve to be at a university of this caliber.
I'd agree, but sadly the full consequences don't always filter through, because departments and institutions make it hard. One of my students once blatantly cheated on a large final project. As a TA, I would have supported very harsh penalties. I was a bit let down when the professor gave a lesser penalty...and mentioned the reason for it to me: ultimately, if the professor tried to institute a penalty with long-lasting academic effects, it would mean a ton of paperwork and annoyance on the professor's part. I don't blame the professor for this (since I know how much he really had going on at the time), but I think the department should have made it a bit easier for people to deal with cheaters.
If you can confirm your vote, you can prove how you voter to others. This makes room for buying and extorting votes! I can imagine some employers requiring you to prove you voted correctly to keep your job.
Or union bosses. Or the local political-organizing group slipping you some money in exchange for voting a certain way. Or even an unorganized gang of thugs trying to intimidate you (think a group of rednecks who suspect you might have voted Democratic, or a group of Berkeley hippies who suspect you might have voted for Prop 8).
But I disagree with your first sentence. It's certainly true about the scheme proposed by GP, but contrary to intuition, there are ways to confirm your vote without being able to prove how you voted to others.
Such voting systems typically use a "cut-and-choose" method in which your vote is split into two or more pieces, any one of which is useless for determining how someone voted, yet together create the full vote. The voter takes a copy of one of the pieces as a receipt and can verify that the piece was counted correctly. So if there are two pieces overall, someone trying to tamper with the votes would have a 50% chance of being caught for each vote tampered with, which quickly becomes negligible for any significant number of votes. Yet the voter can show the piece to others, and it doesn't give any information about how they voted.
Here (PDF) is one method for doing this, by David Chaum. Here (PDF) is another (without cryptography!), by Ron Rivest.
The issues with these new systems seem to be usability, inertia, and public trust. Usability: Voting should be extremely simple for the voter. If Great-Grandma can't do it, it's not going to be our voting system. Inertia: Current election systems seem to be "good enough" for most people; despite some agitated geeks and the occasional news story about voting machines being laughably insecure, there isn't a huge popular movement to change. (Cost of switching systems can also be included here.) Public trust: Even if cryptographers agree that a system is secure, if the system involves a user experience any different from the familiar "check off from a list of names" protocol, they'll have to work to convince the lay public that it's ok.
Legally, the difference between a bar and a country club is that the bar is what is frequently referred to as a semi-public space. That is, it is private property, but is open to the general public. Restaurants, shops, etc. typically fall into this category.
Owners of semi-public spaces do have some rights to control their property (e.g. enforcing a rule that they'll kick you out of the store if you don't buy anything, or a movie theater not allowing kids into a theater hall that is currently showing an R-rated film). However, they have fewer rights over the property than owners of private spaces do (e.g. they can't prevent someone from entering solely based on their race).
A country club is typically a fully private space--while there are procedures for gaining access, the general public is excluded. A bar is a semi-public space--there is a general expectation that it is "open to the public" (subject to legal age restrictions). Your proposal of "membership" might be seen as an attempt to make a bar a letter-of-the-law private space. IANAL, but I'd expect it to fail in one of two ways: 1) Someone could legitimately argue that the temporary "membership" is basically a farce and the bar is still a semi-public space, since the general public can--and, indeed, is desired to--still access it by gaining trivial membership. 2) There may be zoning restrictions involved. Bars are frequently located in commercial zones; cities may require any businesses operating in the area to be semi-public.
What's more, you shouldn't have to dig around in about:config to change a setting that doesn't actually do what you want.
The max rich results setting just means it won't display any search results. That's not even remotely the same as going back to an old-school auto-complete functionality.
Exactly. (Mod parent up.) There is no way to disable the Awesome Bar in the sense that d3ac0n means, i.e. returning to a sensible autocomplete dropdown rather than the search-based algorithm it uses now. And there apparently won't be, given that this bug is "RESOLVED WONTFIX".
To be fair, I hated it at first (and at times I still do) but while it sometimes has completely random matches, there are a number of sites that I can now get to much more easily, even without having bookmarked and tagged them. About the only thing that I do always do is use the oldbar extension as a basis for my CSS to get a slightly more sensible appearance (i.e. something that doesn't go half way down your screen with half a dozen results).
I don't hate it as much as I used to, and I recognize that 95% of users love it, but I'd still switch back if I had the option. I have miscellaneous usage problems I could rant in detail about (and yes, I have "trained" it--I've been using FF3 since Download Day), but my biggest problem is philosophical: it breaks expectations. The location bar is for typing locations. If I start typing a location, if it employs any kind of "smart" searching technology, then I can't predict what will be in the dropdown--whereas a bar that simply autocompletes rather than searches is predictable and useful.
In the WONTFIXed bug, the developers encourage feedback about how to make the awesome bar customizable, how to change the weightings applied to the search function, etc. They completely miss the point that no amount of tweaking and preference-weighting will make an algorithm that can exactly predict what I want 100% of the time. The entire premise of "search" in the location bar is flawed.
Admittedly, that's my opinion. And as I mentioned above, I recognize that the vast majority of people like it. I don't ask for it to be removed, or for it to not be the default. All I ask is for the option to revert to the old behavior.
I could understand citing the political blogosphere as a whole, but to specifically mention the Huffington Post is just creepy. It's neither revolutionary nor reputable.
It is, however, the source of the best news correction I've ever seen: "UPDATE: The Huffington Post has learned that the below video has been doctored. We regret the error and apologize to Mr. Gibson. John Gibson never compared Eric Holder to a monkey with a bright blue scrotum." Source
You don't, and as scientific proof of the Earth's rotation, this is obviously completely useless. But if you trust the motor, this is a fun way to see what a Foucault pendulum does, without the expense and inconvenience of needing a full-sized model.
True enough, but if you ever want to show it to others, there will be skeptics.
I once saw a full-size Foucault pendulum at a science museum. If you stood and watched it for a few minutes you could see the precession (there were markings on a ring around the pendulum, so it was easy to see where it swung before). I overheard some other patrons asking if it was powered, why it didn't come to a stop, etc. The museum guide explained that it was not powered and how it worked, and mentioned that because of air resistance they used an electromagnetic ring to give it a tiny "push" with each swing to keep it going. He also explained that because the magnet was circular, it would always push the pendulum directly back the way it came rather than from side to side.
Several onlookers remained convinced that it was a trick and the electromagnet was causing the precession. And remember, these are people standing in a science museum, looking at an exhibit so massive it required the entire building to be designed around it, whose entire point was to show this effect.
Now imagine if there had been a motor attached to it, designed to "compensate for ellipsoidal motion"....
Indeed. Google's PageRank algorithm started off as citation analysis for academic papers--one could find out which papers were notable in a given field by the quantity and notability of the papers citing it. Then they realized that the same approach could work for the Web, treating links as citations.
As a sibling post points out, this says nothing about the correctness of the paper, only its notability--but ideally if a paper is shown to be faulty, then the paper exposing the faults will get many citations too.
The proposed system might give a more detailed granularity than a purely citation-based system, so in that sense might have a reasonable benefit. However, as a "social network" of sorts, it will tend to have a life of its own, and consequently could very easily be subject to failings at the social/political layer (as other commenters have noted).
Several points about this: -DES was never algorithmically broken--it was just designed with too small a key size. 3DES effectively doubles the key size to something reasonable. MD5, however, is actually broken--it has algorithmic weaknesses that can be exploited. Thus, it's not an analogous case. -We know a lot more about hash functions now than was known when MD5 was designed. From new attacks (e.g. multicollisions) to new design techniques (e.g. HAIFA), there's a lot more knowledge for cryptographers to use. -As a corollary to the above, any new algorithm, even your 3MD5, would require application support. If we're going to ask people to code that up, why not get something entirely new? -Finally, practical considerations. NIST wants something flexible for SHA-3, and there are various requirements that are not met by the above proposal. (Digest size from 224 to 512 bits, for example.) There are additional implementation considerations that make your proposal worse than MD5 itself--notably, the requirement that the bytes be read three times in various orders. Just about every practical hash function proposal (including all the major existing ones, and all the SHA-3 candidates I've looked at) is computable "online"--that is, it can be computed in a single pass reading through the message. It doesn't require multiple passes or even keeping the entire message in memory at once.
In short: NIST is looking for something better than SHA-2 (and definitely better than SHA-1). 3DES was a good idea because DES itself was still good, but in this case it's better to start fresh than throw a random patch on an old-and-broken algorithm.
Read the Federal Register notice to get an idea of what NIST wants out of this. It's a lot broader than "a patch on MD5."
I expect it will take a little while for NIST to compile all the submissions and put them online. In the meantime, someone has started compiling a list (which is unofficial and incomplete, but still useful):
That's probably a duplicate of other bugs that have already been resolved. The answer seems to be "yes" for providing a way to disable this behavior.
No, it's not a duplicate--at least not of any of the bugs you link to. The bug I linked was to have the FF2-like "match-only-the-first-characters-of-the-URL" functionality. The bugs you referenced have "search only in URLs," which is a step in the right direction, but still doesn't address the fundamental issue that if you perform a search--any search--you're breaking the expected, predictable functionality of the location bar.
What do people hate about it? I'm genuinely curious.
Basically, it's never smart enough to Know What I Want 100% of the time.
If I start typing something in FF2's location bar, I know exactly what the results will be (conceptually, and often exactly): they'll be the URLs that begin with the letters I typed, arranged by frequency. I know and can predict this behavior.
If I start typing something in FF3's location bar, it will sometimes display what I want, and sometimes display oddball matches, with no rhyme or reason. The problem is not lack of training the algorithm--I've been using FF3 since Download Day--but rather that sites I visit frequently will be matched (based on title or other characters) above sites I visit infrequently that I try to type directly.
Examples: -First of all, it seems to match "http". If I type "h", it will match a completely unrelated, frequently-visited page (whose only "h" in URL/title is in the "http") above hulu.com (which I visit occasionally). This is inexcusable. -Even if the above is fixed, the same problem occurs with "ancillary" data. If I type "e", the first hit is...http://www.cnn.com. Because I visit that site frequently, and there's an "E" in the title ("CNN.com - Breaking news, U.S., World, Weather, Entertainment & Video News"). I would much prefer the first hit to be a site whose URL starts with "e", or at least one that uses "e" in some meaningful rather than meaningless keyword. (There are several such sites in my history, but I only visit them occasionally.)
There is, AFAICT, no way to fix this latter problem, since there's no way for me to specify that I want a site that starts with "e" rather than going off a keyword. I thus get spurious results. (And no, the answer isn't "type keywords instead"--sometimes the most logical keyword is the URL.)
So basically, it tries to be too smart, but because it doesn't actually know whether I'm typing the beginning of a URL or a (mid-URL or title) keyword, it inevitably presents spurious results in the dropdown. FF2, OTOH, is entirely predictable. This predictability allows me to get to the result I want quickly, because I know exactly how to get it to the top of the dropdown list.
I recognize that the "Awesome Bar" is popular with a number of people. I'm fine with it being the default behavior. I just want an option to revert to the FF2-like model, and don't understand why such an option doesn't exist.
This is assuming you're using "disable completely" to mean "FF2-like functionality". I dislike the Awesome Bar, but it's better than having no location bar dropdown at all (which, for some reason, is what people seem to recommend when I complain--maxRichResults is not what I want, and neither are the other about:config options).
So let me get mind around this, California bans cellphones [sfgate.com] while behind the wheel but will possibly tie this to cellphones or even a confusing screen on your dashboard?
Hands-free cell phones are allowed. I believe the idea is to make sure you have both hands on the wheel--which makes the law of questionable value for a variety of reasons (is a hands-free unit really less distracting? Why is it still legal to have one hand on the wheel and one hand holding a Big Mac while you talk on your hands-free phone?). But still, locating empty parking spaces via cell phones isn't a priori a violation of the law. (Besides, the ideal case is having a passenger look for spots on their cell phone while you're driving....)
Took me all of 10 seconds with google: "Firefox3 Awesomebar disable". And yet, that page is absolutely not what the GP was asking for.
To quote:
Some things are more important than resource conservation, such as not screwing the user by needlessly taking away functionality and telling them "you'll get over it".
I'd gladly have Firefox 3 with the same footprint as Firefox 2 if that's the price to pay for keeping the old address bar autocomplete functionality in the code.
gumpish--and I, and a lot of people as far as I can tell--want the "classic" (read: FF2) location bar behavior. There is currently no way to get that in FF3. There used to be an about:config setting for it in some of the betas, but they took it out and told those people who liked the old functionality to shut up and deal.
The about:config tweaks on the page you linked to will disable the location bar dropdown entirely (heck, it even says as much in the edit--did you even read the page you linked?).
A sibling post suggests the oldbar extension, but that only changes the appearance of the bar and not the behavior.
As I said, there is currently no way to get this functionality in FF3. The closest thing is this extension, but that's not perfect. Really, this bug needs to be fixed.
It's not just Google that's doing this. CNBC and the Wall Street Journal also started providing free real-time quotes today. MSN Money has been doing this for a while.
Granted, some of these require a subscription (MSN, WSJ)--a point noted by the submitter--but all of these services appear to be free-as-in-beer. I don't think a subscription is that big a deal; YMMV.
From what I can tell, CNBC doesn't mention either a subscription or a daily/monthly limit; I admit I haven't looked at their service in detail though.
Maybe someone can explain why the act of entering the country nullifies my constitutional rights. It's called the border search exception. Like it or not, it's been upheld by the Supreme and federal courts.
Slashdot Mirror
Hi. I'm a theoretical cryptographer.
Encryption can be broken,
Some implementations have been broken. Encryption itself is generally fine (as long as you go with well-studied, standardized methods). There is a point that encryption is always subject to real-world factors, but the most common libraries are pretty good. Whenever you read about a data breach in the news, it's not because encryption was broken--something else went wrong (and, frequently, exposed data that wasn't encrypted in the first place).
especially the kind that exposes useful information about the plaintext as this one does.
Homomorphic encryption does not expose useful information about the plaintext, although the article doesn't make that clear. You start with an encrypted input, perform an operation, and get an encrypted output. Only the person with the key--who is not the person performing the computation--can decrypt the result.
There is a somewhat-related but distinct concept, called "functional encryption", in which one can distribute a key associated with a function f. That key allows a user to take an encryption of x and obtain f(x)--but nothing else about x other than f(x), where "nothing else" has a mathematical formalization. So you could (conceptually) encrypt your entire medical record and give your doctor a key for the function that calculates the probability that you'll have a heart attack in the next five years. Then they'll be able to calculate that probability, but nothing else about you.
A much simpler alternative is to keep your genetic information in your own control, processing it on your own computer with open source software. You know, just what we already do with other sensitive information like passwords.
This I agree with, in an ideal world. Will we be living in such a world, 5, 10, or 20 years down the line? I don't know. Right now, the trends are largely in outsourcing everything--more and more, your data and computation live on the cloud. For medical information, your doctor doesn't do all the tests himself--he outsources them to a lab. For genetic information, 23andMe doesn't sell software that lets you analyze your own genetic markers--they take your information and perform the analysis on it themselves. So these trends will need to change before the above takes place.
It would be great to keep one's own data and get all the various analysis tools via FOSS. But someone needs to write and distribute those tools--as well as make it feasible to obtain one's own data in the first place (I don't know about you, but I don't have an MRI machine in my house). So until that world exists, homomorphic encryption is a potentially useful tool in this area.
[It also has uses beyond securely outsourcing computation, but that's somewhat off-topic.]
Actually, it's not.
If I had been talking about Swartz, or the case itself, it would be an argument from authority. But as I mentioned at the beginning, I was talking about Abelson.
Various commenters are slamming Abelson for making a comment they disagree with, when they don't have a clue who he is or what work he's done--he isn't saying what the knee-jerk /. mentality wants him to say, so he has to be tarred as The Enemy.
I'm not arguing that people should agree with Abelson about Swartz. I'm saying that given his history, it might make sense for people to at least give a reasonable look at what he's saying, and if they then disagree with him to address that on the issues, rather than rushing to post inaccurate, sarcastic posts based on a headline.
IT was MIT who insisted on tough ]punishments and wouldn't allow a slap on the wrist.
No, it wasn't, despite what the highly-modded-up comments on /. and elsewhere would like you to believe. Have you read Abelson's report? It's long but actually quite easy to read. It starts with a detailed description of the facts, and maintains that MIT took a completely hands-off approach. They did not push for any punishment whatsoever. They didn't take action in explicit support of him either--and the report gives a large amount of attention to this decision, its reasoning, and its ramifications. I haven't heard any credible source [read: anyone other than ill-informed Internet commentators] dispute Abelson's facts in any meaningful way, including the claim of MIT's "hands-off" approach.
NO, he wasn't naive, his punishment was overblown.
It can't be both?
Well, Hal, if this is what it takes to let you sleep at night despite your and your school's part in Swartz's persecution, have at it. But I doubt too many people are buying it; at this late date pretty much everyone's mind is made up anyway.
Including Slashdotters', apparently. But since you're making this about Abelson rather than Swartz, here are a few facts about the man you're casually brushing off.
Abelson is an old Lisp hacker. He has a long history of standing up for Freedom, in the sense /. appreciates. He's on the Board of Directors of the FSF, and was in fact one of the directors at its founding. He has solidly been in support of David LaMacchia, bunnie Huang, and Keith Winstein.
He has not shied away from standing up for freedom of information, even if there are heavy legal consequences involved.
He also puts his money where his mouth is, releasing a number of his own works for free. Before ebooks were a thing, he made sure his book was available for free online. He helped get OpenCourseWare off the ground. Heck, he's released (under Creative Commons) video of some of his own lectures...from 1986.
He's an expert in the area (in addition to the above personal experience, he also teaches a course on Ethics and Law in the Electronic Frontier). He also spent six months investigating and writing a book-length report about the Swartz case, and MIT's response to it, in particular. The summary describes the report as MIT "clearing itself"--while the report details that MIT did nothing legally wrong, it also goes into the moral and ethical issues of MIT's response without reaching a bright-line conclusion.
So, with all of this as context, which is more likely:
-Abelson is trying to make Swartz look like a bad guy in order that he can "sleep at night", or
-The man with a long history of views and actions supporting freedom of information, with a background in ethics and law on computer-related issues, who quite possibly is the single individual who has done the most thinking about the details of the Swartz case and MIT's response to it (and certainly knows more about it and has thought more about it than any Slashdotter), honestly and genuinely thinks that Swartz was naive about the realities of the situation he got himself into....and maybe, just maybe, it might make sense to give at least a small amount of genuine, honest consideration to his views?
There's some needed context.
Aaronson himself works on quantum complexity theory. Much of his work deals with quantum computers (at a conceptual level--what is and isn't possible). Yet there are some people who reject the idea the quantum computers can scale to "useful" sizes--including some very smart people like Leonid Levin (of Cook-Levin Theorem fame)--and some of them send him email, questions, comments on his blog, etc. saying so. These people are essentially asserting that Aaronson's career is rooted in things that can't exist. Thus, Aaronson essentially said "prove it."
It's true that proving such a statement would be very difficult, and you raise some good points as to why. But the context is that Aaronson gets mail and questions all the time from people who simply assert that scalable QC is impossible, and he's challenging them to be more formal about it.
He also mentions, in fairness, that if he does have to pay out, he'd consider it an honor, because it would be a great scientific advance.
Assuming no relationship between decisions is ludicrous. On many items that aren't terribly controversial, Ginsburg and Scalia, for example, would rule similarly just because they are trained judges with a background in US law.
[...]
I'd be really surprised if you didn't have a correlation between how one particular justice votes and how the rest of the justices vote.
Exactly. (PDF)
TL,DR:
Last Supreme Court term,
-Almost half of all Supreme Court decisions were unanimous
-The two Justices who disagreed most frequently in judgment were Ginsburg and Alito--and they still agreed with each other noticeably more than half the time (62.5%). Ginsburg and Scalia, in your example, agreed in judgment 65% of the time.
-That said, there is at least some truth to there being a "liberal wing" and a "conservative wing" (with Kennedy being the "swing vote"): of the 16 cases that were decided 5-4, 14 of them were Roberts-Scalia-Thomas-Alito vs. Ginsburg-Breyer-Sotomayor-Kagan with Kennedy casting the deciding vote. But a number of the lineups are more interesting.
The Justices are highly educated professionals, and as such agree with each other a lot of the time about what the law actually says. None of them is blindly ideological--but just the same, they do have their individual opinions about how the law should be interpreted, so some level of ideology is certainly present.
It's not just "the ones who fail the metal detector" who get pat-downs, and that's not what the article is about. The TSA is increasingly using backscatter x-ray machines; if they decide to put you through one of those, you can opt to get a manual pat-down instead. This is the category of people we're talking about; they are trying to get more people to choose the backscatter x-ray by making the manual search more uncomfortable.
As for there not being enough scanners, TFA says "Agents were funneling every passenger at this particular checkpoint through a newly installed back-scatter body imaging device." I can confirm this; the last few times I've been to Logan Airport in Boston, they were putting every adult through the scanner. (They allowed a few small children to go through the metal detector instead.) Perhaps this is true only at some airports or only at non-peak times, but there are certainly situations where everyone gets funneled to the backscatter machine, and opt-outs get patted down.
The second time this happened to me, the TSA agent announced that we would go through the scanner, and didn't mention that anyone had the option to get a manual pat-down instead. When I politely requested to opt out of the scanner, the TSA agent kept trying to talk me out of it, repeatedly asking why I wanted a pat-down, informing me that it would be degrading, etc., before finally allowing it. (Honestly, one of the reasons I wanted to request a pat-down was so that other people knew it was an option!)
it would be more work to re-engineer somebody else's code to avoid detection than to just write it from scratch.
Very true. I've been a TA in CS at a well-known university, and it's surprising how many students don't realize how easy it is to catch cheaters.
Much of our work is cooperative--either explicitly group work, or of the "you can talk with friends about the ideas or help them debug, but write it up yourself" variety. In addition, the TAs are available for any questions (and don't mind helping you--really!). So, it's really not that hard to do the work honestly and do ok. Maybe you won't do great, but you'll do ok.
But I never saw the people who ended up cheating during office hours, or saw other signs that they were putting forth any effort to actually learn. So I don't think cheating is a matter of ability so much as laziness. The issue, as parent rightly points out, is that while it's certainly possible to cheat in an undetectable manner, doing so requires at least as much work as doing the assignment. And if someone is cheating due to laziness in the first place, they often don't put much effort into cheating, and it's very, very easy to catch them.
If you are too stupid to realize that when you hand in plagiarized code, you aren't taking a *risk* that you will be caught, you are engaging in the certainty that you will be caught, then you don't deserve to be at a university of this caliber.
I'd agree, but sadly the full consequences don't always filter through, because departments and institutions make it hard. One of my students once blatantly cheated on a large final project. As a TA, I would have supported very harsh penalties. I was a bit let down when the professor gave a lesser penalty...and mentioned the reason for it to me: ultimately, if the professor tried to institute a penalty with long-lasting academic effects, it would mean a ton of paperwork and annoyance on the professor's part. I don't blame the professor for this (since I know how much he really had going on at the time), but I think the department should have made it a bit easier for people to deal with cheaters.
If you can confirm your vote, you can prove how you voter to others. This makes room for buying and extorting votes! I can imagine some employers requiring you to prove you voted correctly to keep your job.
Or union bosses. Or the local political-organizing group slipping you some money in exchange for voting a certain way. Or even an unorganized gang of thugs trying to intimidate you (think a group of rednecks who suspect you might have voted Democratic, or a group of Berkeley hippies who suspect you might have voted for Prop 8).
But I disagree with your first sentence. It's certainly true about the scheme proposed by GP, but contrary to intuition, there are ways to confirm your vote without being able to prove how you voted to others.
Such voting systems typically use a "cut-and-choose" method in which your vote is split into two or more pieces, any one of which is useless for determining how someone voted, yet together create the full vote. The voter takes a copy of one of the pieces as a receipt and can verify that the piece was counted correctly. So if there are two pieces overall, someone trying to tamper with the votes would have a 50% chance of being caught for each vote tampered with, which quickly becomes negligible for any significant number of votes. Yet the voter can show the piece to others, and it doesn't give any information about how they voted.
Here (PDF) is one method for doing this, by David Chaum.
Here (PDF) is another (without cryptography!), by Ron Rivest.
The issues with these new systems seem to be usability, inertia, and public trust. Usability: Voting should be extremely simple for the voter. If Great-Grandma can't do it, it's not going to be our voting system.
Inertia: Current election systems seem to be "good enough" for most people; despite some agitated geeks and the occasional news story about voting machines being laughably insecure, there isn't a huge popular movement to change. (Cost of switching systems can also be included here.)
Public trust: Even if cryptographers agree that a system is secure, if the system involves a user experience any different from the familiar "check off from a list of names" protocol, they'll have to work to convince the lay public that it's ok.
Legally, the difference between a bar and a country club is that the bar is what is frequently referred to as a semi-public space. That is, it is private property, but is open to the general public. Restaurants, shops, etc. typically fall into this category.
Owners of semi-public spaces do have some rights to control their property (e.g. enforcing a rule that they'll kick you out of the store if you don't buy anything, or a movie theater not allowing kids into a theater hall that is currently showing an R-rated film). However, they have fewer rights over the property than owners of private spaces do (e.g. they can't prevent someone from entering solely based on their race).
A country club is typically a fully private space--while there are procedures for gaining access, the general public is excluded. A bar is a semi-public space--there is a general expectation that it is "open to the public" (subject to legal age restrictions). Your proposal of "membership" might be seen as an attempt to make a bar a letter-of-the-law private space. IANAL, but I'd expect it to fail in one of two ways:
1) Someone could legitimately argue that the temporary "membership" is basically a farce and the bar is still a semi-public space, since the general public can--and, indeed, is desired to--still access it by gaining trivial membership.
2) There may be zoning restrictions involved. Bars are frequently located in commercial zones; cities may require any businesses operating in the area to be semi-public.
You mean Ensign Ricky?
What's more, you shouldn't have to dig around in about:config to change a setting that doesn't actually do what you want.
The max rich results setting just means it won't display any search results. That's not even remotely the same as going back to an old-school auto-complete functionality.
Exactly. (Mod parent up.) There is no way to disable the Awesome Bar in the sense that d3ac0n means, i.e. returning to a sensible autocomplete dropdown rather than the search-based algorithm it uses now. And there apparently won't be, given that this bug is "RESOLVED WONTFIX".
To be fair, I hated it at first (and at times I still do) but while it sometimes has completely random matches, there are a number of sites that I can now get to much more easily, even without having bookmarked and tagged them. About the only thing that I do always do is use the oldbar extension as a basis for my CSS to get a slightly more sensible appearance (i.e. something that doesn't go half way down your screen with half a dozen results).
I don't hate it as much as I used to, and I recognize that 95% of users love it, but I'd still switch back if I had the option. I have miscellaneous usage problems I could rant in detail about (and yes, I have "trained" it--I've been using FF3 since Download Day), but my biggest problem is philosophical: it breaks expectations. The location bar is for typing locations. If I start typing a location, if it employs any kind of "smart" searching technology, then I can't predict what will be in the dropdown--whereas a bar that simply autocompletes rather than searches is predictable and useful.
In the WONTFIXed bug, the developers encourage feedback about how to make the awesome bar customizable, how to change the weightings applied to the search function, etc. They completely miss the point that no amount of tweaking and preference-weighting will make an algorithm that can exactly predict what I want 100% of the time. The entire premise of "search" in the location bar is flawed.
Admittedly, that's my opinion. And as I mentioned above, I recognize that the vast majority of people like it. I don't ask for it to be removed, or for it to not be the default. All I ask is for the option to revert to the old behavior.
I could understand citing the political blogosphere as a whole, but to specifically mention the Huffington Post is just creepy. It's neither revolutionary nor reputable.
It is, however, the source of the best news correction I've ever seen:
"UPDATE: The Huffington Post has learned that the below video has been doctored. We regret the error and apologize to Mr. Gibson. John Gibson never compared Eric Holder to a monkey with a bright blue scrotum." Source
You don't, and as scientific proof of the Earth's rotation, this is obviously completely useless. But if you trust the motor, this is a fun way to see what a Foucault pendulum does, without the expense and inconvenience of needing a full-sized model.
True enough, but if you ever want to show it to others, there will be skeptics.
I once saw a full-size Foucault pendulum at a science museum. If you stood and watched it for a few minutes you could see the precession (there were markings on a ring around the pendulum, so it was easy to see where it swung before). I overheard some other patrons asking if it was powered, why it didn't come to a stop, etc. The museum guide explained that it was not powered and how it worked, and mentioned that because of air resistance they used an electromagnetic ring to give it a tiny "push" with each swing to keep it going. He also explained that because the magnet was circular, it would always push the pendulum directly back the way it came rather than from side to side.
Several onlookers remained convinced that it was a trick and the electromagnet was causing the precession. And remember, these are people standing in a science museum, looking at an exhibit so massive it required the entire building to be designed around it, whose entire point was to show this effect.
Now imagine if there had been a motor attached to it, designed to "compensate for ellipsoidal motion"....
Indeed. Google's PageRank algorithm started off as citation analysis for academic papers--one could find out which papers were notable in a given field by the quantity and notability of the papers citing it. Then they realized that the same approach could work for the Web, treating links as citations.
As a sibling post points out, this says nothing about the correctness of the paper, only its notability--but ideally if a paper is shown to be faulty, then the paper exposing the faults will get many citations too.
The proposed system might give a more detailed granularity than a purely citation-based system, so in that sense might have a reasonable benefit. However, as a "social network" of sorts, it will tend to have a life of its own, and consequently could very easily be subject to failings at the social/political layer (as other commenters have noted).
It's not a "Batleth", it's a "Bat'leth". Without the apostrophe it just looks ridiculous.
Congratulations; you pass.
Several points about this:
-DES was never algorithmically broken--it was just designed with too small a key size. 3DES effectively doubles the key size to something reasonable. MD5, however, is actually broken--it has algorithmic weaknesses that can be exploited. Thus, it's not an analogous case.
-We know a lot more about hash functions now than was known when MD5 was designed. From new attacks (e.g. multicollisions) to new design techniques (e.g. HAIFA), there's a lot more knowledge for cryptographers to use.
-As a corollary to the above, any new algorithm, even your 3MD5, would require application support. If we're going to ask people to code that up, why not get something entirely new?
-Finally, practical considerations. NIST wants something flexible for SHA-3, and there are various requirements that are not met by the above proposal. (Digest size from 224 to 512 bits, for example.) There are additional implementation considerations that make your proposal worse than MD5 itself--notably, the requirement that the bytes be read three times in various orders. Just about every practical hash function proposal (including all the major existing ones, and all the SHA-3 candidates I've looked at) is computable "online"--that is, it can be computed in a single pass reading through the message. It doesn't require multiple passes or even keeping the entire message in memory at once.
In short: NIST is looking for something better than SHA-2 (and definitely better than SHA-1). 3DES was a good idea because DES itself was still good, but in this case it's better to start fresh than throw a random patch on an old-and-broken algorithm.
Read the Federal Register notice to get an idea of what NIST wants out of this. It's a lot broader than "a patch on MD5."
I expect it will take a little while for NIST to compile all the submissions and put them online. In the meantime, someone has started compiling a list (which is unofficial and incomplete, but still useful):
http://131002.net/sha3lounge/
That's probably a duplicate of other bugs that have already been resolved. The answer seems to be "yes" for providing a way to disable this behavior.
No, it's not a duplicate--at least not of any of the bugs you link to.
The bug I linked was to have the FF2-like "match-only-the-first-characters-of-the-URL" functionality. The bugs you referenced have "search only in URLs," which is a step in the right direction, but still doesn't address the fundamental issue that if you perform a search--any search--you're breaking the expected, predictable functionality of the location bar.
What do people hate about it? I'm genuinely curious.
Basically, it's never smart enough to Know What I Want 100% of the time.
If I start typing something in FF2's location bar, I know exactly what the results will be (conceptually, and often exactly): they'll be the URLs that begin with the letters I typed, arranged by frequency. I know and can predict this behavior.
If I start typing something in FF3's location bar, it will sometimes display what I want, and sometimes display oddball matches, with no rhyme or reason. The problem is not lack of training the algorithm--I've been using FF3 since Download Day--but rather that sites I visit frequently will be matched (based on title or other characters) above sites I visit infrequently that I try to type directly.
Examples:
-First of all, it seems to match "http". If I type "h", it will match a completely unrelated, frequently-visited page (whose only "h" in URL/title is in the "http") above hulu.com (which I visit occasionally). This is inexcusable.
-Even if the above is fixed, the same problem occurs with "ancillary" data. If I type "e", the first hit is...http://www.cnn.com. Because I visit that site frequently, and there's an "E" in the title ("CNN.com - Breaking news, U.S., World, Weather, Entertainment & Video News"). I would much prefer the first hit to be a site whose URL starts with "e", or at least one that uses "e" in some meaningful rather than meaningless keyword. (There are several such sites in my history, but I only visit them occasionally.)
There is, AFAICT, no way to fix this latter problem, since there's no way for me to specify that I want a site that starts with "e" rather than going off a keyword. I thus get spurious results. (And no, the answer isn't "type keywords instead"--sometimes the most logical keyword is the URL.)
So basically, it tries to be too smart, but because it doesn't actually know whether I'm typing the beginning of a URL or a (mid-URL or title) keyword, it inevitably presents spurious results in the dropdown. FF2, OTOH, is entirely predictable. This predictability allows me to get to the result I want quickly, because I know exactly how to get it to the top of the dropdown list.
I recognize that the "Awesome Bar" is popular with a number of people. I'm fine with it being the default behavior. I just want an option to revert to the FF2-like model, and don't understand why such an option doesn't exist.
As far as I can tell, no.
This is assuming you're using "disable completely" to mean "FF2-like functionality". I dislike the Awesome Bar, but it's better than having no location bar dropdown at all (which, for some reason, is what people seem to recommend when I complain--maxRichResults is not what I want, and neither are the other about:config options).
So let me get mind around this, California bans cellphones [sfgate.com] while behind the wheel but will possibly tie this to cellphones or even a confusing screen on your dashboard?
Hands-free cell phones are allowed. I believe the idea is to make sure you have both hands on the wheel--which makes the law of questionable value for a variety of reasons (is a hands-free unit really less distracting? Why is it still legal to have one hand on the wheel and one hand holding a Big Mac while you talk on your hands-free phone?). But still, locating empty parking spaces via cell phones isn't a priori a violation of the law. (Besides, the ideal case is having a passenger look for spots on their cell phone while you're driving....)
Parent is not informative.
Took me all of 10 seconds with google: "Firefox3 Awesomebar disable". And yet, that page is absolutely not what the GP was asking for.To quote:
Some things are more important than resource conservation, such as not screwing the user by needlessly taking away functionality and telling them "you'll get over it".I'd gladly have Firefox 3 with the same footprint as Firefox 2 if that's the price to pay for keeping the old address bar autocomplete functionality in the code.
gumpish--and I, and a lot of people as far as I can tell--want the "classic" (read: FF2) location bar behavior. There is currently no way to get that in FF3. There used to be an about:config setting for it in some of the betas, but they took it out and told those people who liked the old functionality to shut up and deal.The about:config tweaks on the page you linked to will disable the location bar dropdown entirely (heck, it even says as much in the edit--did you even read the page you linked?).
A sibling post suggests the oldbar extension, but that only changes the appearance of the bar and not the behavior.
As I said, there is currently no way to get this functionality in FF3. The closest thing is this extension, but that's not perfect. Really, this bug needs to be fixed.
It's not just Google that's doing this. CNBC and the Wall Street Journal also started providing free real-time quotes today. MSN Money has been doing this for a while.
Granted, some of these require a subscription (MSN, WSJ)--a point noted by the submitter--but all of these services appear to be free-as-in-beer. I don't think a subscription is that big a deal; YMMV.
From what I can tell, CNBC doesn't mention either a subscription or a daily/monthly limit; I admit I haven't looked at their service in detail though.