I think the number you want is the "Illicit Drug Use in Lifetime" for people 18 and over. This table (part of a much larger report) gives the number as 49.3% in 2009, so not quite 50% (although if you scroll up to Table 1.11B, you can see that people 60 and above are pulling the average below 50%).
I am not really sure where to look for data on ill effects or even exactly how you would quantify them, but the same study does make some attempt to do so. For example this table shows (past year, not lifetime) rates of dependence and abuse for both illicit drugs and alcohol.
I am well aware of how Facebook actually works and do not post any information about myself (other than the occasional friend request) on Facebook for that reason. I was trying to argue that the expectation of privacy on Facebook is reasonable, not that it actually corresponds to reality.
Since Facebook users volunteer up the information that pretty much makes it public information.
Okay, so if I post information on Facebook (either editing my profile or posting a status) then I am voluntarily giving that information to Facebook, so that makes it public information? Even though I expect only people I have marked as friends to see such information by my privacy settings? What if I send a Facebook message? It has a clear "To" header like an e-mail; should that information be considered public? For that matter what about GMail? I am inputting information into a textbox on a website with the intent that (specific) other people will read that text. Should I therefore treat that text as public knowledge? For a physical analogue, suppose I write my text on paper (perhaps multiple copies) and put those pieces of paper into envelopes and send them to my friends via snail mail. I, once again, have written text and tendered it to a third-party for delivery to a specific set of private individuals. Should I still expect this text to be public?
The United States has laws about privacy and due process. New technology should not make it so the government no longer has to follow due process in collecting private information on its citizens. Unfortunately, due to the nature of network effects, a lot of information gets concentrated in the hands of a few entities (in this case, Facebook) who do not necessarily have much interest in dealing with the government, so they simply freely hand over the information. I suppose privacy laws could be written to make it illegal for Facebook to hand over information about its users to the government, but it is not clear what such laws would even look like nor who would be supporting them.
Seriously, I don't care if you know that I'm at the book store buying a coffee. If I don't want this information to be public I don't post it. Problem solved.
You are right that a lot of this information actually is not that important. At the same time, I do not like the idea that law enforcement personnel can peer into my private life as recorded by various services I use without even having to justify the invasion of my privacy to a judge.
Of course, see my sig: I dislike the idea of monolithic services that are able to collect such information and would prefer that social networking (and other) services be made up of collections of smaller separately administered nodes, each of which would have far less information. How to do that while still having a usable service is, unfortunately, an open problem.
The reasoning is that the vast majority of the time, no one is doing a man-in-the-middle attack and furthermore that doing a man-in-the-middle attack on any significant proportion of the connections on the internet is assumed to be above the capabilities of any known attacker, so it means that you are probably talking to the owner of the DNS entry and normal passive sniffing attacks (ex. Firesheep) won't work. Also, the attacker may not be able to tell which connections are verified and which ones aren't (especially if the browser assumes self-signed sites will always use the same certificate until it expires), so even man-in-the-middle attacks on self-signed certs are non-trivial.
Also, the information being protected is generally assumed to be relatively low value, so protecting it with a relatively easy to break security layer is not a large problem: after all, it is currently being sent unencrypted.
Of course, hopefully verifying certificates via DNSSEC will be supported soon, which will make the entire self-signed certificates argument moot. (Err... well, eventually, once it is widely deployed.)
My high school gave an unweighted GPA as you describe but also a QPA ("Quality Point Average") score that was weighted by the level of course. Other people I have talked to have mentioned weighted GPA systems that offer a similar correction. Of course, the best way to maximize QPA/weighted GPA may still not have been to get As in the most challenging courses, but such a system at least makes an attempt in that direction.
That said, it is currently extremely expensive because it requires skilled programmers spending a lot of time on the verification, so it is only done when the correctness of the program is very important. Making it cheap enough to be used in any significant proportion of software projects is indeed a pretty far off. Having a large, carefully considered test suite is much more tractable and generally considered good enough (the vast majority of software, in practice, does not need to be bug-free).
On the other hand, proving a specific algorithm (as opposed to an entire system) formally correct may require a lot less work and is often the only way to convince oneself that it is actually correct.
Also, I think the GP was talking about the formal thinking of mathematics in general carrying over to programming.
It seems like Blu-Ray support on Linux a bit limited at the moment, but there is at least some freeware/shareware that can handle it: MakeMKV which has a Linux beta and DVDFab which appears to run under Wine. DumpHD may also be worth looking at.
Since any new computer with a DVI or HDMI port (i.e. almost all of them) will probably have an HDCP license, yes, it is safe to say that Intel gets money from pretty much every laptop or desktop computer purchase. Also, as a sibling pointed out, Intel has plenty of other tech that they license, so finding a computer with absolutely no Intel tech sounds like a rather difficult task. Of course, they will almost certainly get a significantly larger cut if you buy a processor from them than if you just buy an HDCP license included in a video card, so you could limit the money you give to Intel by avoiding Intel-branded parts.
Actually, it looks like HDMI does not support compressed video, only uncompressed. Your cable video signal may be overcompressed, but from your cable box (or whatever is decoding your cable signal) to your TV, the HDMI cable is transferring those artifacts uncompressed so there is no further loss in quality. Of course, the data rate of uncompressed video is determined by the resolution and color depth which your cable video signal is probably not maxing out, especially given deep color support in more recent revisions of HDMI.
Oops, accidentally modded redundant. I was sure I clicked "insightful"...
But, yes, I agree. The source code is useful to have as a proof-of-concept, but actual real world implementations will be in different languages. Not everybody wants to---or even can in the case of a shared web hosting environment---run Ruby or whatever specific language and database is used.
Of course, as others replying have pointed out, there are other projects with social networking protocols which just do not have as much hype.
I am not exactly sure what you are looking for here. What you quote is an empirical fact verified by psychology studies. If you want a reason for that trait to be common in humans, I guess the reason would probably be something along the lines of it being an evolutionarily successful trait as it allows humans to trust each other and therefore work together, but IANAEP.
As I understand it, they aren't allowed to do that, but there's a workaround: both sites show ads from the same ad service which has an image or iframe on the page which gets the shared cookies.
Firefox has a setting for allowing third party cookies, which I think is disabled by default. You can have Firefox ask to accept all cookies or you can use an extension like CookieSafe to manage which sites you accept cookies from. Someone in this thread already recommended the RequestPolicy extension which lets you set which sites can have content from which other sites. Of course, you can also use AdBlock Plus to block the ads, but I don't know how effectively its ad blocking list blocks sites that set tracking cookies.
As far as I can tell, the key innovation is that the Khan Academy education videos are actually good. He explains concepts in a way that actually works for a lot of people. It is quite possible that there are other good educational videos, which leads into the other innovation: free internet video is a very accessible medium, so the opportunity cost of trying out the Khan Academy videos is almost nothing, and someone who likes the videos can easily and quickly recommend them to their friends who can start watching them immediately if they are interested. To be fair, anyone who is going to be watching the Khan Academy videos is probably self-motivated to learn the topic or they would not be watching the video, so there may be some bias on how well they work vs. a teacher in a classroom who cannot guarantee an interested and well-motivated audience.
I agree that a good, real, live teacher who could answer questions is important for a good education... but a good lecturer means you do not have as many questions in the first place. Putting a good teacher in every classroom is, obviously, a hard problem. I recall from school that pretty much any time there was an educational video, it was awful. I cannot imagine anyone volunteering to sit through any educational video we were shown in school; luckily they were rare. It is possible that a video of a good lecture has its place in a high school classroom. At the same time, doing so seems like admitting that the teacher can't deliver a good lecture.
I should note that I have not actually watched any of the Khan Academy videos; I strongly prefer learning from written information, but I realize that is a personal preference.
I have seen the suggestion before that although the fraud is obvious (the product "sold" never arrives), the spammers use products which people would be embarrassed to admit they were trying to buy, so the scam tends to not get reported.
Peer-to-peer networks solved that issue a long time ago. Kad, Freenet, Tor, and i2p all have ways for a client on the network to maintain an identity tied to something other than an IP address. People should be identified by public keys not IP addresses (especially as mobile internet becomes more popular so static IPs become even more difficult). Figuring out how to tie those keys to real people reliably is a separate issue... but then again Facebook does not even attempt to provide anywhere near that level of security on who you are actually talking to, so leaving key verification/signing to the cryptography geeks/paranoid would probably not be a huge issue.
It looks like they were working on GCJ support a long time ago. This mailing list post from 2005 says it was working with some minor issues. I would suspect the current version would also compile under GCJ... if it doesn't, submit a bug report. I agree that relying on the Java runtime complicates installation and might make it slower (it certainly means that the start time is slower, but i2p is intended to be a long-running application and JITs sometimes do better with those overall).
But the idea of "social network" and privacy/anonymity seems kind of at odds, doesn't it?
No, not at all. I want to socialize with my friends and acquaintances and possibly their friends as well, not Mark Zuckerberg. What is so strange about that?
Wait a minute, now instead of needing to give online retailers a mailing address for them to send junk mail to (which isn't so bad as most of the time I am buying a physical item that needs to be shipped to a real address anyway), I would be giving them the phone number for a phone I regularly have on me? Who could have possibly thought this would be a good idea? It would make far more sense for identifier given to the retailer be some random unique number (like a credit card number), which the retailer would give to Verizon who would in turn use it to text the verification code to the user's cell phone (hopefully in a text with the amount which will be billed).
There's more to the internet than other people's web sites. The design of the web is intended for each server to control and serve its own information. This is broken by the fact that the vast majority of internet users want to share information via the web but do not run their own servers. The web was simply not designed for this use-case and cannot handle it sanely in the case of information that is private to a group of people who do not run their own servers.
That may be a good reason to assert that currently the prospects for privacy on the internet look rather bleak, but other methods for sharing information involving encryption and/or friend-to-friend networks, etc. could be developed. Even without key verification being commonplace, they could make spying on the everyday communications of ordinary citizens untenable.
The Linux way of handling that is including the whitelisting information in the packages/updates and simply trusting updates (i.e. telling your package manager to completely trust the private key for each software source you have). Needless to say, this is not a great solution. It works okay as most of the time, you have a trusted third-party (the repository manager/distribution (which is sorta fulfilling the role of an "IT department" here) which has a reputation to uphold) providing the software, but I am not familiar with any systems where you can tell a package manager that you trust a repository to provide office suites but not kernel modules.
There is the model (which I believe Android uses) where the system simply asks the user if unknown requests are okay (sorta like Core Force will do in learning mode), but that, of course, requires a technical enough user to understand and a patient enough one to actually care. As I mentioned before, the web in a way handles this by simply not allowing "web applications" to do anything really damaging. That concept is how I think applications should actually evolve, although it is hard to define "not doing damage" for an application.
To some extent, current anti-virus companies, I believe, handle this by continually checking their software against popular software packages and making sure they do not get marked as false positives (or, well, actually have viruses in them).
In short, yes, whitelisting has issues because, as you say, maintaining the whitelist sanely and securely is a difficult (impossible?) problem.
To the contrary, most users are quite capable of watching dancing bunnies without any untrusted code running outside of a sandbox. Of course, the sandbox could have bugs in its security, but at least the design is secure.
Linux and Windows both are pretty bad at sandboxing applications (Linux has SELinux and AppArmor which are not used much / not very user-friendly and Windows has various third-party firewall programs that almost no one uses), but the browser works as an okay application sandbox.
Not automatic, but whitelisting security systems like that exist. Core Force is the one I know of. It has some sort of system for sharing whitelists for specific applications among users.
The difference here is that we're giving this information to people by choice -- people we know. Our friends, family, and acquaintances. But the only way to do that is to have a central authority to proxy that exchange. The problem is that this central authority abuses its power and -- even worse -- that the government wants its hands in everything as well. It should require a warrant because although a billion billion people might have access to the data, that doesn't mean you gave permission to the next guy.
Agreed, but, then again, it seems like a much better solution is to get rid of the central authority. It is not really needed. It is just easier.
Or is it like the "law" of gravity, not proven but correct according to a large body of evidence? Do you mean to say that we know no absolutes?
Yes, I think that is pretty much what the GP meant.
Science, and learning in general as the GP pointed out, relies on extrapolation, or, more generally, the idea that unknown facts/observations will be somehow related to known facts/observations. You cannot know for certain that this is true. For example, for all you know, you are in a Matrix-type simulation which has been running by perfectly regular rules so far, but in a minute someone is going to mess with the simulation and make random stuff start happening.
Slashdot Mirror
I think the number you want is the "Illicit Drug Use in Lifetime" for people 18 and over. This table (part of a much larger report) gives the number as 49.3% in 2009, so not quite 50% (although if you scroll up to Table 1.11B, you can see that people 60 and above are pulling the average below 50%).
I am not really sure where to look for data on ill effects or even exactly how you would quantify them, but the same study does make some attempt to do so. For example this table shows (past year, not lifetime) rates of dependence and abuse for both illicit drugs and alcohol.
I am well aware of how Facebook actually works and do not post any information about myself (other than the occasional friend request) on Facebook for that reason. I was trying to argue that the expectation of privacy on Facebook is reasonable, not that it actually corresponds to reality.
Since Facebook users volunteer up the information that pretty much makes it public information.
Okay, so if I post information on Facebook (either editing my profile or posting a status) then I am voluntarily giving that information to Facebook, so that makes it public information? Even though I expect only people I have marked as friends to see such information by my privacy settings? What if I send a Facebook message? It has a clear "To" header like an e-mail; should that information be considered public? For that matter what about GMail? I am inputting information into a textbox on a website with the intent that (specific) other people will read that text. Should I therefore treat that text as public knowledge? For a physical analogue, suppose I write my text on paper (perhaps multiple copies) and put those pieces of paper into envelopes and send them to my friends via snail mail. I, once again, have written text and tendered it to a third-party for delivery to a specific set of private individuals. Should I still expect this text to be public?
The United States has laws about privacy and due process. New technology should not make it so the government no longer has to follow due process in collecting private information on its citizens. Unfortunately, due to the nature of network effects, a lot of information gets concentrated in the hands of a few entities (in this case, Facebook) who do not necessarily have much interest in dealing with the government, so they simply freely hand over the information. I suppose privacy laws could be written to make it illegal for Facebook to hand over information about its users to the government, but it is not clear what such laws would even look like nor who would be supporting them.
Seriously, I don't care if you know that I'm at the book store buying a coffee. If I don't want this information to be public I don't post it. Problem solved.
You are right that a lot of this information actually is not that important. At the same time, I do not like the idea that law enforcement personnel can peer into my private life as recorded by various services I use without even having to justify the invasion of my privacy to a judge.
Of course, see my sig: I dislike the idea of monolithic services that are able to collect such information and would prefer that social networking (and other) services be made up of collections of smaller separately administered nodes, each of which would have far less information. How to do that while still having a usable service is, unfortunately, an open problem.
The reasoning is that the vast majority of the time, no one is doing a man-in-the-middle attack and furthermore that doing a man-in-the-middle attack on any significant proportion of the connections on the internet is assumed to be above the capabilities of any known attacker, so it means that you are probably talking to the owner of the DNS entry and normal passive sniffing attacks (ex. Firesheep) won't work. Also, the attacker may not be able to tell which connections are verified and which ones aren't (especially if the browser assumes self-signed sites will always use the same certificate until it expires), so even man-in-the-middle attacks on self-signed certs are non-trivial.
Also, the information being protected is generally assumed to be relatively low value, so protecting it with a relatively easy to break security layer is not a large problem: after all, it is currently being sent unencrypted.
Of course, hopefully verifying certificates via DNSSEC will be supported soon, which will make the entire self-signed certificates argument moot. (Err... well, eventually, once it is widely deployed.)
My high school gave an unweighted GPA as you describe but also a QPA ("Quality Point Average") score that was weighted by the level of course. Other people I have talked to have mentioned weighted GPA systems that offer a similar correction. Of course, the best way to maximize QPA/weighted GPA may still not have been to get As in the most challenging courses, but such a system at least makes an attempt in that direction.
Yes, formal verification of non-trivial program has been done. The "industry usage" section of the Wikipedia article on formal verification for a few examples.
That said, it is currently extremely expensive because it requires skilled programmers spending a lot of time on the verification, so it is only done when the correctness of the program is very important. Making it cheap enough to be used in any significant proportion of software projects is indeed a pretty far off. Having a large, carefully considered test suite is much more tractable and generally considered good enough (the vast majority of software, in practice, does not need to be bug-free).
On the other hand, proving a specific algorithm (as opposed to an entire system) formally correct may require a lot less work and is often the only way to convince oneself that it is actually correct.
Also, I think the GP was talking about the formal thinking of mathematics in general carrying over to programming.
It seems like Blu-Ray support on Linux a bit limited at the moment, but there is at least some freeware/shareware that can handle it: MakeMKV which has a Linux beta and DVDFab which appears to run under Wine. DumpHD may also be worth looking at.
Since any new computer with a DVI or HDMI port (i.e. almost all of them) will probably have an HDCP license, yes, it is safe to say that Intel gets money from pretty much every laptop or desktop computer purchase. Also, as a sibling pointed out, Intel has plenty of other tech that they license, so finding a computer with absolutely no Intel tech sounds like a rather difficult task. Of course, they will almost certainly get a significantly larger cut if you buy a processor from them than if you just buy an HDCP license included in a video card, so you could limit the money you give to Intel by avoiding Intel-branded parts.
Actually, it looks like HDMI does not support compressed video, only uncompressed. Your cable video signal may be overcompressed, but from your cable box (or whatever is decoding your cable signal) to your TV, the HDMI cable is transferring those artifacts uncompressed so there is no further loss in quality. Of course, the data rate of uncompressed video is determined by the resolution and color depth which your cable video signal is probably not maxing out, especially given deep color support in more recent revisions of HDMI.
Oops, accidentally modded redundant. I was sure I clicked "insightful"...
But, yes, I agree. The source code is useful to have as a proof-of-concept, but actual real world implementations will be in different languages. Not everybody wants to---or even can in the case of a shared web hosting environment---run Ruby or whatever specific language and database is used.
Of course, as others replying have pointed out, there are other projects with social networking protocols which just do not have as much hype.
I am not exactly sure what you are looking for here. What you quote is an empirical fact verified by psychology studies. If you want a reason for that trait to be common in humans, I guess the reason would probably be something along the lines of it being an evolutionarily successful trait as it allows humans to trust each other and therefore work together, but IANAEP.
As I understand it, they aren't allowed to do that, but there's a workaround: both sites show ads from the same ad service which has an image or iframe on the page which gets the shared cookies.
Firefox has a setting for allowing third party cookies, which I think is disabled by default. You can have Firefox ask to accept all cookies or you can use an extension like CookieSafe to manage which sites you accept cookies from. Someone in this thread already recommended the RequestPolicy extension which lets you set which sites can have content from which other sites. Of course, you can also use AdBlock Plus to block the ads, but I don't know how effectively its ad blocking list blocks sites that set tracking cookies.
As far as I can tell, the key innovation is that the Khan Academy education videos are actually good. He explains concepts in a way that actually works for a lot of people. It is quite possible that there are other good educational videos, which leads into the other innovation: free internet video is a very accessible medium, so the opportunity cost of trying out the Khan Academy videos is almost nothing, and someone who likes the videos can easily and quickly recommend them to their friends who can start watching them immediately if they are interested. To be fair, anyone who is going to be watching the Khan Academy videos is probably self-motivated to learn the topic or they would not be watching the video, so there may be some bias on how well they work vs. a teacher in a classroom who cannot guarantee an interested and well-motivated audience.
I agree that a good, real, live teacher who could answer questions is important for a good education... but a good lecturer means you do not have as many questions in the first place. Putting a good teacher in every classroom is, obviously, a hard problem. I recall from school that pretty much any time there was an educational video, it was awful. I cannot imagine anyone volunteering to sit through any educational video we were shown in school; luckily they were rare. It is possible that a video of a good lecture has its place in a high school classroom. At the same time, doing so seems like admitting that the teacher can't deliver a good lecture.
I should note that I have not actually watched any of the Khan Academy videos; I strongly prefer learning from written information, but I realize that is a personal preference.
I have seen the suggestion before that although the fraud is obvious (the product "sold" never arrives), the spammers use products which people would be embarrassed to admit they were trying to buy, so the scam tends to not get reported.
Peer-to-peer networks solved that issue a long time ago. Kad, Freenet, Tor, and i2p all have ways for a client on the network to maintain an identity tied to something other than an IP address. People should be identified by public keys not IP addresses (especially as mobile internet becomes more popular so static IPs become even more difficult). Figuring out how to tie those keys to real people reliably is a separate issue... but then again Facebook does not even attempt to provide anywhere near that level of security on who you are actually talking to, so leaving key verification/signing to the cryptography geeks/paranoid would probably not be a huge issue.
It looks like they were working on GCJ support a long time ago. This mailing list post from 2005 says it was working with some minor issues. I would suspect the current version would also compile under GCJ... if it doesn't, submit a bug report. I agree that relying on the Java runtime complicates installation and might make it slower (it certainly means that the start time is slower, but i2p is intended to be a long-running application and JITs sometimes do better with those overall).
You seem to have described almost exactly the functionality of Perspectives, which has been discussed on Slashdot, although not recently.
But the idea of " social network" and privacy/anonymity seems kind of at odds, doesn't it?
No, not at all. I want to socialize with my friends and acquaintances and possibly their friends as well, not Mark Zuckerberg. What is so strange about that?
Wait a minute, now instead of needing to give online retailers a mailing address for them to send junk mail to (which isn't so bad as most of the time I am buying a physical item that needs to be shipped to a real address anyway), I would be giving them the phone number for a phone I regularly have on me? Who could have possibly thought this would be a good idea? It would make far more sense for identifier given to the retailer be some random unique number (like a credit card number), which the retailer would give to Verizon who would in turn use it to text the verification code to the user's cell phone (hopefully in a text with the amount which will be billed).
There's more to the internet than other people's web sites. The design of the web is intended for each server to control and serve its own information. This is broken by the fact that the vast majority of internet users want to share information via the web but do not run their own servers. The web was simply not designed for this use-case and cannot handle it sanely in the case of information that is private to a group of people who do not run their own servers.
That may be a good reason to assert that currently the prospects for privacy on the internet look rather bleak, but other methods for sharing information involving encryption and/or friend-to-friend networks, etc. could be developed. Even without key verification being commonplace, they could make spying on the everyday communications of ordinary citizens untenable.
The Linux way of handling that is including the whitelisting information in the packages/updates and simply trusting updates (i.e. telling your package manager to completely trust the private key for each software source you have). Needless to say, this is not a great solution. It works okay as most of the time, you have a trusted third-party (the repository manager/distribution (which is sorta fulfilling the role of an "IT department" here) which has a reputation to uphold) providing the software, but I am not familiar with any systems where you can tell a package manager that you trust a repository to provide office suites but not kernel modules.
There is the model (which I believe Android uses) where the system simply asks the user if unknown requests are okay (sorta like Core Force will do in learning mode), but that, of course, requires a technical enough user to understand and a patient enough one to actually care. As I mentioned before, the web in a way handles this by simply not allowing "web applications" to do anything really damaging. That concept is how I think applications should actually evolve, although it is hard to define "not doing damage" for an application.
To some extent, current anti-virus companies, I believe, handle this by continually checking their software against popular software packages and making sure they do not get marked as false positives (or, well, actually have viruses in them).
In short, yes, whitelisting has issues because, as you say, maintaining the whitelist sanely and securely is a difficult (impossible?) problem.
To the contrary, most users are quite capable of watching dancing bunnies without any untrusted code running outside of a sandbox. Of course, the sandbox could have bugs in its security, but at least the design is secure.
Linux and Windows both are pretty bad at sandboxing applications (Linux has SELinux and AppArmor which are not used much / not very user-friendly and Windows has various third-party firewall programs that almost no one uses), but the browser works as an okay application sandbox.
Not automatic, but whitelisting security systems like that exist. Core Force is the one I know of. It has some sort of system for sharing whitelists for specific applications among users.
The difference here is that we're giving this information to people by choice -- people we know. Our friends, family, and acquaintances. But the only way to do that is to have a central authority to proxy that exchange. The problem is that this central authority abuses its power and -- even worse -- that the government wants its hands in everything as well. It should require a warrant because although a billion billion people might have access to the data, that doesn't mean you gave permission to the next guy.
Agreed, but, then again, it seems like a much better solution is to get rid of the central authority. It is not really needed. It is just easier.
Or is it like the "law" of gravity, not proven but correct according to a large body of evidence? Do you mean to say that we know no absolutes?
Yes, I think that is pretty much what the GP meant.
Science, and learning in general as the GP pointed out, relies on extrapolation, or, more generally, the idea that unknown facts/observations will be somehow related to known facts/observations. You cannot know for certain that this is true. For example, for all you know, you are in a Matrix-type simulation which has been running by perfectly regular rules so far, but in a minute someone is going to mess with the simulation and make random stuff start happening.