Python is part of the answer
on
Open Source Math
·
· Score: 5, Insightful
I am no a mathematician but surely if you're going to submit a computer aided proof you must submit a full copy of the program. The are all manor of subtle mistakes that can be made in a program that could cause serious problems with a proof.
Suppose you inspect the source and find it to be faultless, how can you trust the compiler. And if you hand compile the compiler, how can you trust the CPU? Surely it's turtles all the way down.
In many ways, establishing the correctness of a computer-aided proof is very much like security engineering. You want to verify that the whole software stack is operating correctly before you can trust the result. Having the source-code is a pre-requisite to this exercise.
Changing to topic slightly, I was particularly heartened to see that the open-source mathematics framework being developed one of the authors of the article involves the use of Python.
My immediate thought when seeing the title to the article was "Python is the answer." When some problem or algorithm intrigues me the first thing that happens is that I reach for the Python interpreter.
Python seems to deftly marry precision with looseness. When code is laid out in Python I find it is easier to see what it's trying to do than other languages. It's aesthetic qualities aside, it supports a number of features out of the box which I imagine would be ideal of mathematicians. To list a few, it's treating of lists and tuples as first class objects, support for large integers, complex numbers, it's ability to integrate with C for high-performance work.
I often think of Python as "basic done right" and it's ideal for mathematicians (or anybody) who don't want to think about programming but the problem at hand.
Let's say I had a service that would shrink a given domain name to a sequence of eight
base-64 symbols. This gives me sixty-four to the power of eight different unique names.
That's 281,474,976,710,656 different unique names that can point to somewhere on the
web. Even if each eight-character shrunken name was assigned permanently then it is
difficult to see how you could ever run out of names.
So in short the answer is that these name shortening services are not going to damage the
web - provided the links they provide are permanent.
Another thing to chew on is what service does Google provide? To me, it's the ultimate URL shrinker. I remember one domain, www.google.com, and then from there I can go to anywhere else through a search-able database of links.
Has Google damaged the web? I think the benefits out-weigh the problems. Search Engine Optimisation firms are damaging the semantics of the web in reaction to the power of the search engine but there can be no doubt that far more sites get exposure because of search engines than without them. On the whole, I'm willing to deal with Google spammers because the quality of the links is still high in-spite of them.
URL shrinking services are the same. They have benefits and drawbacks. If you're listening to web-radio, it's far easier to give a shrunken URL which your listeners can jot down in a few seconds than spend thirty-seconds on a much larger URL.
With shrunken URLs everyone wins! If you're not interested in the URL, that section of air-time is done within a few seconds. If you want to go to the URL, you have less to write down and less chance of making an error.
The drawback is that the URL has no semantic meaning. I personally think the semantic meaning is less important than getting the URL out there.
How can you ever win a war against your own customers?
If you fight them, they don't pay you and you die. How did they ever expect to win?
I think the reason they haven't made as much money recently has little to do with piracy and everything to do with the changing perception of value. Personally, I think that the value per pound spent on an album compared to something like Halo 3 is vastly different. Halo 3 at the £40 it costs is at least ten times the value to me than the equivalent number of albums I could buy for that price.
There is only a limited number of areas I can spend my disposable income. Between, Halo, the X-box 360 to play it, the iPod, iPhone there just isn't room for such an overpriced product.
And that's why I haven't bought a single CD since 1999 - and I imagine I'm not alone. That's why the music industry is shrinking. They expect to be paid rather than realising they're competing for our money just like everyone else.
I have never worked for Microsoft and to be honest, I'd probably never want to.
I think the key problem for Microsoft is that nothing they do is exciting anymore.
I think Vista has really damaged Microsoft. Not in terms of revenue, since a sale of Windows XP is still a sale for Microsoft. No, the damage is in morale. Vista was an absolute disaster for morale. They worked for a couple of years only to ditch it and start again from the Windows 2003 Server source-code. Nothing they put in to Vista was in anyway something you can get developers energised about. Every feature had nightmarish committees which destroyed any hope of motivation. They even developed anti-features like SecurePath that nobody cares about.
I read somewhere that Microsoft developers write something like 1,000 lines of code a year. Last-year, I contributed around forty times that to our source control at work. When you're paid so much to do so little - that has to destroy morale too. Most developers I know like to work.
Vista is a symptom of a much deeper problem. Microsoft doesn't know how to be sexy. it doesn't now how to to be secure and it doesn't know how to please it's users. Worst of all, it doesn't know how to make it's huge base of developers happy!
All of this makes Google a very attractive place. If all your talent walks right of your door, it isn't too long until there is no way whatsoever to fix any of the problems I've just mentioned.
Put more succinctly, Microsoft sucks and Google rocks.
This is shocking. I really mean that in the full sense of the word. This has completely and totally shocked me. It's not necessarily the actions the media-industry that have disappointed me; that was no surprise and this sort of behaviour is totally expected of them.
It's the out-and-out corruption of the people who hold office. They don't even try to conceal the fact they're bought and paid for. It's completely obscene. There is no way that any rational politician would draft such a proposal.
What the hell do you do about it? Like the United Kingdom [1] you have a first-past-the-post system of electing government. What this means is that you have two parties who exchange power at regular intervals with very little prospect of a third, forth or fifth party getting in to the running.
In my view, this is no improvement whatsoever on the aristocratic feudal system that the whole American enterprise was meant to fix. In the United Kingdom the Catholic aristocracy and the Protestant aristocracy fought for political supremacy down a number of centuries.
You might have different names for them, "Republican" and "Democrat", and their values are different to our aristocrats but the mechanics are fundamentally the same. I mean, you're on your second aristocrat from the Bush family and you're likely to get your second helping of from the Clinton family. Without wanting to flame-bate: Does that sound like the American dream to you?
Once you have accepted the difficult fact that you are under the thumb of two aristocratic bodies then corruption is essentially impossible to eliminate without a revolution. Corruption just comes at twice the price.
How we fight them? I am not an expert on the political structure of the United States, but could the recent Real ID rebellion be expanded in to a more protracted battle? I broadly think that the threatening the cut of funds to a state to ram through some policy decision from Washington offends the nature of the Constitution. If the forefathers wanted an Omnipotent Congress they would have adopted a Parliamentary system like our own.
In a sense, Congress has exploited a hole in the Constitution via a broad interpretation of the Interstate Commerce clause and using the stick of withholding funds to pressure state legislatures.
I think the states are the solution to this problem but it will require radical swift action to succeed.
Simon
[1] - I want to preface it with this comment with this - our country is no better and everything I say here can be said of the United Kingdom.
I hate these meetings because I have to constantly be the guy that says 'No'. My worst fear for Slashdot is that someday someone with
deep enough pockets comes along with a check so big that someone in the company with a shortsighted view of the future is willing to
cash over top of my objections.
I share your fear that one day that will happen, Rob. I don't want to see that happen: not now, not ever.
To make this absolutely clear, the day that happens is the day I tip my cap and leave this site for good.
Personally, I wish you'd never sold the site and continued to run it with the original team but there is no use crying over spilt milk.
We are where we are.
At some point, Rob is going to have to take a stand against these goons and defend Slashdot from corporate greed. He says
he already is but I fear like the Ring of Power, the pull becomes stronger over time and it will develop in to a darker
more insidious threat. To defend against this threat successfully he will need convincing evidence
that Slashdot will be thoroughly destroyed if the enemy prevails.
I hope people will stand with me today and that this thread will form part of that defence.
If you agree with what I've said can you please reply to this thread with "I agree." Let's send these people
a message that ultimately this site exists for us. We are their customers, not the advertisers.
Isn't a super-computer a relative term? I mean, I don't know the exact figure but I would that my Dual Core Intel box at home is probably a good deal faster than a
super-computer from the 80s. It is probably hundreds of thousands or perhpas millions of times more powerful than the computers used in the Apollo programme.
Surely the measure of what is a super-computer and what isn't must be based upon what the fastest machines are in the world at that time.
Perhaps what he means is that what we currently do with supercomputers today will be able to be done with low cost computing. I can certainly see
that being true. In fifteen years, it may be possible to adequately simulate nuclear weapons tests, climate models, or protein folding from a
run-of-the-mill desktop.
However, the improvements in computing speed will also apply to super-computers. With that extra power you can run more refined models so I can't see how this could obsolete the traditional bulky super-computer.
In short, I can't really understand the super-computer slant of the article. Why not just talk about general-purpose computing instead?
As the Glasgow "terrorists" so brilliantly displayed, anybody can be a terrorist.
All it takes is a car, a bunch of primitive explosive, flammable material and the
motivation to endanger human life.
In my view, after September 11th the United States should have responded by doing one thing:
Passing regulations that ensure that the cockpits of passenger aircraft are unable to be accessed
from the passenger carrying part of the plane.
That's a proportionate response to the threat.
In reality, the terrorist threat is a several orders of a magnitude less than being killed by heart-disease. It's my view
that in any problem solving situation, you should seek to solve the worst problem first and the smallest problem last.
The problem from where I'm sitting is that billions are being spent on a tiny fraction of deaths that occur in our countries.
Where are the billions of dollars of funding to research heart-disease treatment, improving car safety, cancer treatments or the
plethora of other much more likely ways you'll meet your sticky end?
What makes this irrational reaction so much worse is that we're selling our rights down the river for a false sense of security.
If somebody passes me in the street and decides they want to kill me, there is nothing the long-arm of the state can do to stop them.
I will likely die and the fact the person who killed me will spend a considerable time in prison is of little solace.
There are enough nut cases in the world to ensure that the chances of being killed in such a fashion are always going to be none zero.
We all choose to walk about the street with our heads held high because we're not going to let that threat intimidate us. So why are
we being intimidated by nutters who want to kill not just one person but quite a few of us?
It reminds me of the story of an elderly women in Warrington interviewed just after the IRA bomb detonated there, killing a young boy. The
reporter asked why she was still shopping despite a bomb going off and she defiantly replied: "The Germans didn't stop me shopping so the Irish certainly won't."
Defiance is not giving away your freedom. Defiance is refusing to give away your freedom even if you life is at risk. We only need to look
at those brave monks in Burma a few weeks ago to see what real defiance looks like. We've lost our back-bone and passed all sorts of onerous laws because we're afraid. We're pathetic and afraid.
When are we going to stand up and say - "To hell with stupid incompetent security. I want my freedom and I want it now."
So if you are one of the lucky few who gets chosen [or at least pre-selected] for this sort of thing, then will you have to submit a "proof" of the finiteness of your program before you're given the green light?
The halting problem is actually tractable for the vast majority of algorithms. If you were to select a program at random from the vast sea of possible programs, the vast majority are known to halt, however, the precise percentage is itself in-computable.
Most commonly used algorithms such as quicksort or the myriad network traversing algorithms have a strict proof of correctness. These proofs must include a proof that algorithm terminates on any given finite input, since it would be a bug if the program failed on a particular input!
In fact, modern static analysis tools have pretty much solved the halting problem from a practical stand-point. That said, there are very simple programs whose halting status is unknown. For example, consider:
def f(n): print n if n == 1: return
if n % 2 == 0: f(n/2) return if n % 2 == 1: f(3*n + 1) return
Slashdot mangeled the proper indentation but you get the drift. Nobody currently knows whether this halts on all inputs.
Of course, you probably wouldn't do any of this on a real machine. You'd probably pay for time up-front and the program is killed after that time has been exhausted. You probably wouldn't do any static analysis on it.
I was bullied extensively in the early part of my school life. My parents reported it to the teacher and when that didn't work, we went to the Headmaster at the school. The abuse did not stop.
So I changed schools - and I got yet more abuse. We went through the same procedures again and again and again and it was no use. The teachers didn't want to know.
I finally made it to High School and then I decided this time, it wasn't going to happen again. Some kid tried it on and I opted to belt him one in the nose. His nose was thoroughly broken and he was out of school for a week.
After that, I was set for the rest of school. Nobody really tried anything on after that. You see the athaphy that I ran in to in my earlier episodes worked to my advantage now. Precisely nothing was done to me and my schooling carried on as normal.
It seems that these days we attach an "e-" or a "cyber-" on to a pre-existing social problem and suddenly everyone treats the issue as urgent . The problem with such initiatives is there fail to realise that this is a human problem first and a technological problem a distant second.
The way to deal with bulling in schools is in my view is very simple. The punishment should be swift, harsh and feared. They should be charged with assault or harassment in a full criminal court and ordered to do a suitable amount of community service. Failure to comply should immediately mean jail-time which should be served in school holidays.
It's a pity that the type of people who bully are the sorts who have violence all around them at home. As such, the only thing they understand is violence. A short, sharp shock may be enough to put them back on the straight and narrow coupled with some kind of therapy. I do not believe such people are beyond help but if left to there own devices, they will become the criminals of tomorrow.
While I don't wish to burden legitimate users, I do want to prevent most piracy. How much copy protection is appropriate?
This may not be what you want to hear but any copy-protection will burden legitimate users.
Pirates will remove the copy protection from your software and the unprotected version they create
will be more usable than the version you offer.
It doesn't just hurt your customers, it hurts you too. The time you waste trying to create some copy-protection
and losing the arms race with the pirates (which you will lose) is time you could have spent making your product better.
The way to beat the pirates is to provide a better service to your customers than they do. The commonly advocated business
model is to provide support on the software to paying users - and since your target is business customers this makes a lot of
sense.
Businesses, by the way, tend not to pirate on the scale of the private user. Piracy is a big risk to business because businesses have
very deep pockets.
In short, the answer is to have no copy protection at all and trust your customers. Trusting the customer is hard but they'll appreciate it.
What happens when this goes wrong? What happens when Vista is running in the Bank of America and it accidentally trips the entire network
in to "Black Screen of Darkness" mode? What happens when a virus triggers this?
The first job of any operating system has to be stability. Without stability you have nothing and I can't honestly see a good reason
to mess with the stability of your OS when you're making billions of dollars of profit a year. People do not have short
memories when you turn off their company. They will avoid you for decades because an event like that could literally cost a
company its existence.
Good enough is hard to shift. I personally think Grolsh is a superior larger to Fosters yet Fosters outsells Grolsh by a wide margin in the United Kingdom. Fosters is inoffensive and does the job well, it is "good enough." Windows is the same, it is good enough for the vast majority of people even though it is technically deficient to Mac OSX and Linux.
I think Microsoft is making a lot of mistakes with Vista. First of all, they released an early beta as the final product which left a lot of basic functionality horribly broken. Second, they added features that no end user wants at the request of record labels and the like. Thirdly, they've got sucked in to yet more anti-user copy protection.
How many more mistakes can you make before it starts to hurt? Who knows, but the competition is getting good very quickly indeed. I moved from Windows in January to Ubuntu and then Kubuntu..
To my surprise it is vastly superior to Windows XP and Vista. A year ago I would have called that fanboy-ism. Many of you are probably thinking that right now but I urge you to try it; you'll quickly learn you're wrong.
There has been much talk of the year of Linux and when that would be. The problem with the year of Linux is that you can only see it in retrospect. However, the signs are present that 2007 is in fact that year. We've had Ubuntu convince users like me to give it a go, I've heard people around me talk about Ubuntu who otherwise wouldn't have the inclination to try it. We're having people like ATI take the platform seriously and just today we've had Eve on-line announce a Linux port.
My arm-chair understand of Entanglement suggests that it should violate causality. Consider the following thought experiment.
We have two pairs of quantum mechanically entangled electrons. We sent a single electron from each pair five light minutes in to space. A long with a small machine that measures that's designed to react when it an electron comes "de-entangled". When it senses this, it immediately the spin of the electron in the other pair.
Here on earth we have a Tsar Bombe linked to one of the electrons from one of the pairs. Five meters away, the other electron is linked to a button. When a person presses the button, it measures one of the electron, thus breaking its entanglement. That instantly breaks the entanglement of the other electron live light minutes away. The machine then breaks the entanglement of the other pair thus instantly triggering the Tsar Bombe destroying the hut and everything in 100 Sq miles.
The problem is that, as I understand it, this would happen ten minutes before I press the button. Whoops! You see, when I de-entangle the first electron the disentanglement on the other side happens five minutes in my past. When the machine disentangles the second electron, the other electron is five minutes in its past. Totalling to ten minutes. Can you see what I'm getting at? I'm assuming this argument isn't new - What mistake have I made here?
Quite simply, you *cannot* have too much processing power when doing OCR -- I'm running multiple instances of ABBYY FineReader Corporate on a 2x Quad Core Xeon that has been pegged for two weeks now.
This is an application task and I'm inclined to agree with you. You can never have enough resources, whether you're encoding HD-DVDs all day or just using Notepad.
However, I was talking about the operating system. The role of an operating system should be to provide a framework for performing
tasks and running application as cheaply as possible; that is, using the least amount of resources as possible.
It's a fair bet your program would work on Windows 2000 and Windows Vista. Yet Windows Vista will "tax" your system more to achieve exactly the same result. This is my point - the operating system is gobbling more and more resources that should be used by your applications without giving the user anything in return. In this sense, we are moving backwards.
This sort of ties in with what I was saying on IRC with my friends yesterday. My central point was that
all operating system have got worse over the past ten years.
I'm currently reading the Mythical Man Month (which I imagine most of you of heard of and already read) and in it he talks
about the OS/360 operating system in great detail. I'm recalling this from memory so I'm sure someone will correct my mistakes
but anyway, the machine had 2MB of memory and the operating system cost 400Kb of the memory. They charged something
like $9.50 a month for 1Kb of system memory. That meant that every Kilobyte of memory saved was worth hundered or even thousands
of dollars over the life time of the machine.
It made me realise what is in retrospect a fairly obvious statement. The cost of the operating system on your hardware is an effect
that should be minizimed. The operating system exists as a framework for runs tasks and applications, not for being a self-serving
execuse to munch resources.
While Moore's Law technically means something different; the adage has held true that computing power has doubled every eighteen months.
This means that my machine which I bought in January should be roughly 100 times more powerful than the machine I had in 1997. Yet do I have
hundred times more power to run my applications on a modern Operating System? Absolutely not.
Strictly speaking, there are no tasks I do today that I couldn't do in 1997. I can be honest that computing hasn't really got easier since then either.
There's the odd innovation here and there that's nice from a usability point of view, but fundamentally nothing has really changed.
For an example, Office 97 and Windows 98 are no harder to use than XP and Office 2003. The addition of an extra monitor to my compute has impacted
my productivity more than the choice of software in this period.
In short, where did all these cycles go?
Now Microsoft Vista is a sort of a post-modern operating system. In every sense it is a regression. It does not allow tasks to be managed easier yet requires an enormous amount of extra resources just to operate. WGA in a sense breaks the very stability of the system. The point of the OS is to perform tasks and applications yet Microsoft can take this away from you either by malice or stupidity.
When are we going to demand more from OS vendors? When are we going to demand that future versions do the same as the previous version with less memory and less CPU overhead? Why do we pay to upgrade only to find our upgrades are wiped out by OS bloat? All of these are interesting questions, and while off-topic slightly, I'd like to see what you think!
Dr Sinclair added that the changes would help to stop children being turned off by science.
I can't believe he would possibly think this would attract people to science! I very nearly
didn't do Physics at A-Level because GCSE science was too easy. They watered down stuff
so much that you couldn't possibly reason with it. You could only solve a limited range of problems
with the mathematics available and none of them were remotely interesting.
I was sad to see the same was true in A-Level Chemistry. A-Level Chemistry isn't really science, it's more like religion.
You learn an enormous table of facts with some spirtual-esc "electron cloud" explanation for it. There's no way to work
through it from first principles - there is no understanding and a vague promise it would come some day.
I am convinced that the way to get people in to science is to get down to brass-tax much earlier on;
get down to the real physics of what's going on. In my opinion, there is no reason that the bright kids could not be walked through
a solution to the Schrodinger Equation's solution for the Hydrogen atom energy levels at sixteen. There is no reason you can't teach them
basic calculus either. There's no reason why you can't walk them through how to derive the equations for circular motion.
You see, it's not the details of the mathematics really matters at this early stage but an appreciation how the solution is arrived at.
It's seeing that we take a fundamental postulate, which they would establish by experiment in class, and run with it and here's the physics
that we come up with. In short, it's showing them that with rigorous application of the scientific method and a few years of training on the
mathematics, that all of this interesting stuff can be arrived at with nothing more than a pencil and paper.
That, my friends, is how you really inspire! You do not inspire anybody by making a intellectual Mount Everest in to a word-search.
I think the "mono-culture" thing is an interesting argument, but nobody is going to add or change operating systems because of this reason. So the argument is mostly academic. Furthermore, to solve this problem, you would need to replace the Skype mono-culture, not the Windows mono-culture.
Yes, that's also a good point. My argument isn't specific to an operating system monoculture; it applies equally to an application-level monoculture. This is why I believe in multiple implementations around a central open standard. Not only does the competition between the different implementations drive up the quality of each implementation but also its security too.
If this really is true reason behind the outage, you can't really blame Skype! How on earth
could you anticipate this failure mode?
And that's really the point. This is why a software monoculture sucks. Suddenly the security
of each node on the network has the potential to affect the reliability of every other node.
This would be just as true if everyone ran BSD or everyone ran Linux or everyone ran OSX. It's not so much the product (although none of the operating systems available today were designed with security in mind from the start) that's the problem but the fact it forms a monoculture.
A hard-nosed person might say the real solution is to design a secure OS. The problem with that approach is that an OS is very complicated. There's an adage that it takes a certain amount of effort to write some code, it takes the square of that effort to debug it. I want to add to that and say it probably takes the cube of that effort to get security; possibly more. In light of that , designing a secure OS is uneconomical and maybe even impossible.
This is why breaking the monoculture is important was to reduce the damage a defect can cause; it allows us to divide the risk across many separate implementations.
But that's a ridiculous assumption! It makes sense in the context of cryptography research, but you're turning it into a assertion that publicizing software vulnerabilities doesn't have any negative consequences, which is absurd. There *are* two genuine conflicting sides here and you can't just wave one of them away.
It's a ridiculous assumption until you try to work out how you can usefully weaken the assumption! Ask yourself this, how do you know how good the attacker is? They're not going to share their successes with you, in fact, they will probably never make contact with you.
You are only as strong as your weakest link but with the vast distribution that's possible this days you have to expect to be up against the very best attackers. So what then is the plausible attacker your meant to be up against?
Incidentally, this is why cryptographers choose such a harsh threat-model in which to place their protocols and ciphers. Only by designing against an attacker who is effectively omniscient can you truly get security. You need to look no further than Diebold to see what happens when you don't do this.
Sure in the real world, disclosing vulnerabilities has an impact! Of course it does, but to say it decreases the security of the users of the software is simply nonsense. It may well do in the very short term, but in the longer term it is absolutely vital that full disclosure occurs if security is to improve.
In the threat-models used by cryptographers, the attacker is assumed to know everything except cryptographic keys and other pre-defined secrets.
These secrets are small in number and small in size. Their size and their limited distribution means we can trust protocols based on these secrets.
Software that is used by millions of people is the very antonym of a secret. Compiled source is routinely reverse engineered by
black hats. Web-sites are routinely attached using vectors such as SQL injection. In short, you can't assume that any of the source code is secret.
Taken to its logical conclusion, you must therefore assume the worst; that the black-hats know of far more bugs than you do.
In fact, strictly speaking you assume they know every bug that exists in your software.
In light of adopting such a severe threat-model, the argument over full disclosure is a non-debate. Black-hats with sufficient resources
probably already know of the bug. The only people aided by disclosing it wide and publically are the people who run the software who can
take evasive action. In contrast, you only told black-hats what they already know.
British scientists are reporting today that the odds of life starting on Earth rather than inside a comet are one trillion trillion (10 to the power of 24) to one against.
It's probably also worth pointing out that this result has probably increased the chance of life existing elsewhere in the universe by a similar amount. There are far more commets than planet and they are a truly huge number of stars.
Moreover, it is more plausible that a comet could fertilize many star systems if it was knocked out of the orbit of various stars in its life-time.
While this sort of event is in itself unlikely it is orders of magnitude more likely than life being liberated from a planet from a violent impact. The life would have to survive the fiery, high G, exit from whatever atmosphere there was surrounding the planet and would still have to have
sufficient momentum to escape the star. These properties taken together pretty much eliminate any chance of that happening.
Compare this to the following comet hypothesis. Life gets started on a comet with a highly elliptical orbit billions of years ago. How this happens is open question but for the moment assume it does. As the star uses up its fuel it loses mass and the orbit slowly stretches. Eventually, the comet is able to free itself from the gravity of the parent star. Hundred of millions of years later, the star goes supernova. The blast wave from the supernova gently accelerates the comet into a planetary nebular. It just happens to be the one that our Earth was forged in. As the nebular condenses the life that started inside the comet transfers itself to the billions of water droplets and mineral material. You can guess what happens next.
I've always suspected we are not alone. It's just whether we're all too far away from each other for the knowledge to make any difference.
Despite the rap that bloggers simply 'bloviate' and 'don't try to find things out,' as conservative newspaper columnist Robert Novak once sniffed.
The greatest strength of the web is that anyone can publish to a worldwide audience. The greatest weakness of the web is that anyone can publish to a worldwide audience. However, this is only a minor weakness. I'm not forced at gun point to read everybody else's blogs, I get to pick and choose what I read and when I read it.
And this is what the old media don't like about the rise of the blog. They no longer get to control content and the blogs are eating in to what used to be their advertising revenue.
And last August, the NSA issued a directive to its employees to report leaks of classified information to the media -- "including blogs,"
A leak, however it happens, is a leak. I don't think the fact they mentioned blogs means much. If people started leaking by carrier pigeon I'm sure that would get included in such a directive as well.
For every parent that picks this up so they can just plop their kids in front of the computer and ignore them all day, there's going to be one that actually uses it the right way: as a means to enforce rules that have already been set down in the house. If mom and dad say "no porn," a kid is going to try to look for some anyway. If he's blocked, he'll probably think "damn" and find something else to do, instead. If he's motivated enough to circumvent the block, then perhaps another talk with the parents is in order. Also, the filter could be useful for a lot of those instances where "accidental" porn come up, like every other Google image search.
What's wrong with letting him/her view the porn? What's so wrong with porn? This is the problem I have with this constant "think of the children" argument. It's not them we're trying to protect, it's the parents clinging on to the sanctity of their children as they become more and more adult each day. It's the parent's complex not the child; the child doesn't care.
I'm not a parent myself but I just feel that if you give children arbitrary rules with no logical consistency behind them then they may think all of them are suspect and rebel against the ones that really matter.
Perhaps the best way to approach this is to tell your child that the porn on the Internet isn't like real sex. There's no love, there's often no real passion. It's just about cheap gratification. I think if you approached it like this they'd be smart enough to see why some people disagree with it. Hell, they may even choose for themselves that this material isn't for them! Imagine that!
It is my view that if you teach your child to be a moral consequentialist then your job as a parent is basically done. You don't do this by setting arbitrary rules, you do this by teaching them to think.
In the United Kingdom we lost fifty or so people in the carnage of bombings last-year, in the United States you lost four or so thousand.
I don't for a second want to say that the loss of these lives through an unspeakable act of senseless violence is a trivial matter, but we need to put these figures in perspective.
In the United Kingdom, more are killed in road traffic accidents in a couple of weeks than were in the July 7th bombings. In the United States roughly three times as many people are killed
in gun accidents per year than 9/11.
Somebody even said to me that more people were killed putting their socks on in the United Kingdom than by terrorists last-year. It's probably true.
This stuff is right in the noise level of the threats we encounter each day. It's dramatic when we see some idiots attempt to blow a car up
at Glasgow airport but in terms of actual risk, these people are up there with being struck by lightning or having a bad reaction to asprin.
So why is there talk about trading liberty for security? Even though the security vs liberty argument is as flawed as the mythical man month, the point still remains -
why do I need this extra security anyway? It's expensive, it costs me my rights and it's ineffective.
It feels like that we've forgotten what it is really like to be a nation threatend with annihilation. In the 1940s our country nearly didn't make it and we have the United States
to thank for that as much as our own heroic airmen. That was a time where the agressors really could have destroyed our way of life. Yet we did not yield
in the face our adversity. We held our resolve!
And we should hold our resolve now. In comparison to the Nazis these modern day terrorists are like flies trying to stare down a tank. I don't know whether to laugh or cry why we even take them so seriously.
We should not give a shred of our liberty to these people - they are pathetic and worthless; you only need to look at the Glasgow "terrorist" attack to see this for yourselves.
This is stupid for a couple of reasons. The first is that biometrics suck and are usually almost trivial to subvert. See the $10 fake finger, for an example. What do you do if somebody hacks your credentials as well? Have facial re-constructive surgery? But even if you had very good biometrics that were hard to fake, it still less secure than having separate credentials to access everything.
Why is this? Well for the sake of argument, let's suppose it costs £50 to create a duplicate of my chip and pin card that will work in any cash point. I have four such cards in my wallet so the
cost of duplicating them all is £200. In order for the biometric to replace my cards completely and be equally secure, it has to cost more than £200 to fake.
The problem is that the unified security mechanism rarely costs more to subvert then all the IDs it replaced. This doesn't just apply to bank-cards
it also applies to national ID cards and any centralisation of security.
The fundamental principle here is that centralising security often reduces security. This is something to keep in mind when you're consolidating servers.
Slashdot Mirror
I am no a mathematician but surely if you're going to submit a computer aided proof you must submit a full copy of the program. The are all manor of subtle mistakes that can be made in a program that could cause serious problems with a proof.
Suppose you inspect the source and find it to be faultless, how can you trust the compiler. And if you hand compile the compiler, how can you trust the CPU? Surely it's turtles all the way down.
In many ways, establishing the correctness of a computer-aided proof is very much like security engineering. You want to verify that the whole software stack is operating correctly before you can trust the result. Having the source-code is a pre-requisite to this exercise.
Changing to topic slightly, I was particularly heartened to see that the open-source mathematics framework being developed one of the authors of the article involves the use of Python.
My immediate thought when seeing the title to the article was "Python is the answer." When some problem or algorithm intrigues me the first thing that happens is that I reach for the Python interpreter.
Python seems to deftly marry precision with looseness. When code is laid out in Python I find it is easier to see what it's trying to do than other languages. It's aesthetic qualities aside, it supports a number of features out of the box which I imagine would be ideal of mathematicians. To list a few, it's treating of lists and tuples as first class objects, support for large integers, complex numbers, it's ability to integrate with C for high-performance work.
I often think of Python as "basic done right" and it's ideal for mathematicians (or anybody) who don't want to think about programming but the problem at hand.
Simon
Let's say I had a service that would shrink a given domain name to a sequence of eight base-64 symbols. This gives me sixty-four to the power of eight different unique names.
That's 281,474,976,710,656 different unique names that can point to somewhere on the web. Even if each eight-character shrunken name was assigned permanently then it is difficult to see how you could ever run out of names.
So in short the answer is that these name shortening services are not going to damage the web - provided the links they provide are permanent.
Another thing to chew on is what service does Google provide? To me, it's the ultimate URL shrinker. I remember one domain, www.google.com, and then from there I can go to anywhere else through a search-able database of links.
Has Google damaged the web? I think the benefits out-weigh the problems. Search Engine Optimisation firms are damaging the semantics of the web in reaction to the power of the search engine but there can be no doubt that far more sites get exposure because of search engines than without them. On the whole, I'm willing to deal with Google spammers because the quality of the links is still high in-spite of them.
URL shrinking services are the same. They have benefits and drawbacks. If you're listening to web-radio, it's far easier to give a shrunken URL which your listeners can jot down in a few seconds than spend thirty-seconds on a much larger URL.
With shrunken URLs everyone wins! If you're not interested in the URL, that section of air-time is done within a few seconds. If you want to go to the URL, you have less to write down and less chance of making an error.
The drawback is that the URL has no semantic meaning. I personally think the semantic meaning is less important than getting the URL out there.
Simon
How can you ever win a war against your own customers? If you fight them, they don't pay you and you die. How did they ever expect to win?
I think the reason they haven't made as much money recently has little to do with piracy and everything to do with the changing perception of value. Personally, I think that the value per pound spent on an album compared to something like Halo 3 is vastly different. Halo 3 at the £40 it costs is at least ten times the value to me than the equivalent number of albums I could buy for that price.
There is only a limited number of areas I can spend my disposable income. Between, Halo, the X-box 360 to play it, the iPod, iPhone there just isn't room for such an overpriced product.
And that's why I haven't bought a single CD since 1999 - and I imagine I'm not alone. That's why the music industry is shrinking. They expect to be paid rather than realising they're competing for our money just like everyone else.
Simon.
I have never worked for Microsoft and to be honest, I'd probably never want to. I think the key problem for Microsoft is that nothing they do is exciting anymore.
I think Vista has really damaged Microsoft. Not in terms of revenue, since a sale of Windows XP is still a sale for Microsoft. No, the damage is in morale. Vista was an absolute disaster for morale. They worked for a couple of years only to ditch it and start again from the Windows 2003 Server source-code. Nothing they put in to Vista was in anyway something you can get developers energised about. Every feature had nightmarish committees which destroyed any hope of motivation. They even developed anti-features like SecurePath that nobody cares about.
I read somewhere that Microsoft developers write something like 1,000 lines of code a year. Last-year, I contributed around forty times that to our source control at work. When you're paid so much to do so little - that has to destroy morale too. Most developers I know like to work.
Vista is a symptom of a much deeper problem. Microsoft doesn't know how to be sexy. it doesn't now how to to be secure and it doesn't know how to please it's users. Worst of all, it doesn't know how to make it's huge base of developers happy!
All of this makes Google a very attractive place. If all your talent walks right of your door, it isn't too long until there is no way whatsoever to fix any of the problems I've just mentioned.
Put more succinctly, Microsoft sucks and Google rocks.
Simon.
This is shocking. I really mean that in the full sense of the word. This has completely and totally shocked me. It's not necessarily the actions the media-industry that have disappointed me; that was no surprise and this sort of behaviour is totally expected of them.
It's the out-and-out corruption of the people who hold office. They don't even try to conceal the fact they're bought and paid for. It's completely obscene. There is no way that any rational politician would draft such a proposal.
What the hell do you do about it? Like the United Kingdom [1] you have a first-past-the-post system of electing government. What this means is that you have two parties who exchange power at regular intervals with very little prospect of a third, forth or fifth party getting in to the running.
In my view, this is no improvement whatsoever on the aristocratic feudal system that the whole American enterprise was meant to fix. In the United Kingdom the Catholic aristocracy and the Protestant aristocracy fought for political supremacy down a number of centuries.
You might have different names for them, "Republican" and "Democrat", and their values are different to our aristocrats but the mechanics are fundamentally the same. I mean, you're on your second aristocrat from the Bush family and you're likely to get your second helping of from the Clinton family. Without wanting to flame-bate: Does that sound like the American dream to you?
Once you have accepted the difficult fact that you are under the thumb of two aristocratic bodies then corruption is essentially impossible to eliminate without a revolution. Corruption just comes at twice the price.
How we fight them? I am not an expert on the political structure of the United States, but could the recent Real ID rebellion be expanded in to a more protracted battle? I broadly think that the threatening the cut of funds to a state to ram through some policy decision from Washington offends the nature of the Constitution. If the forefathers wanted an Omnipotent Congress they would have adopted a Parliamentary system like our own.
In a sense, Congress has exploited a hole in the Constitution via a broad interpretation of the Interstate Commerce clause and using the stick of withholding funds to pressure state legislatures.
I think the states are the solution to this problem but it will require radical swift action to succeed.
Simon
[1] - I want to preface it with this comment with this - our country is no better and everything I say here can be said of the United Kingdom.
I share your fear that one day that will happen, Rob. I don't want to see that happen: not now, not ever. To make this absolutely clear, the day that happens is the day I tip my cap and leave this site for good.
Personally, I wish you'd never sold the site and continued to run it with the original team but there is no use crying over spilt milk. We are where we are.
At some point, Rob is going to have to take a stand against these goons and defend Slashdot from corporate greed. He says he already is but I fear like the Ring of Power, the pull becomes stronger over time and it will develop in to a darker more insidious threat. To defend against this threat successfully he will need convincing evidence that Slashdot will be thoroughly destroyed if the enemy prevails.
I hope people will stand with me today and that this thread will form part of that defence.
If you agree with what I've said can you please reply to this thread with "I agree." Let's send these people a message that ultimately this site exists for us. We are their customers, not the advertisers.
Simon
Isn't a super-computer a relative term? I mean, I don't know the exact figure but I would that my Dual Core Intel box at home is probably a good deal faster than a super-computer from the 80s. It is probably hundreds of thousands or perhpas millions of times more powerful than the computers used in the Apollo programme. Surely the measure of what is a super-computer and what isn't must be based upon what the fastest machines are in the world at that time.
Perhaps what he means is that what we currently do with supercomputers today will be able to be done with low cost computing. I can certainly see that being true. In fifteen years, it may be possible to adequately simulate nuclear weapons tests, climate models, or protein folding from a run-of-the-mill desktop.
However, the improvements in computing speed will also apply to super-computers. With that extra power you can run more refined models so I can't see how this could obsolete the traditional bulky super-computer.
In short, I can't really understand the super-computer slant of the article. Why not just talk about general-purpose computing instead?
Simon
As the Glasgow "terrorists" so brilliantly displayed, anybody can be a terrorist. All it takes is a car, a bunch of primitive explosive, flammable material and the motivation to endanger human life.
In my view, after September 11th the United States should have responded by doing one thing: Passing regulations that ensure that the cockpits of passenger aircraft are unable to be accessed from the passenger carrying part of the plane.
That's a proportionate response to the threat.
In reality, the terrorist threat is a several orders of a magnitude less than being killed by heart-disease. It's my view that in any problem solving situation, you should seek to solve the worst problem first and the smallest problem last.
The problem from where I'm sitting is that billions are being spent on a tiny fraction of deaths that occur in our countries. Where are the billions of dollars of funding to research heart-disease treatment, improving car safety, cancer treatments or the plethora of other much more likely ways you'll meet your sticky end?
What makes this irrational reaction so much worse is that we're selling our rights down the river for a false sense of security. If somebody passes me in the street and decides they want to kill me, there is nothing the long-arm of the state can do to stop them. I will likely die and the fact the person who killed me will spend a considerable time in prison is of little solace.
There are enough nut cases in the world to ensure that the chances of being killed in such a fashion are always going to be none zero. We all choose to walk about the street with our heads held high because we're not going to let that threat intimidate us. So why are we being intimidated by nutters who want to kill not just one person but quite a few of us?
It reminds me of the story of an elderly women in Warrington interviewed just after the IRA bomb detonated there, killing a young boy. The reporter asked why she was still shopping despite a bomb going off and she defiantly replied: "The Germans didn't stop me shopping so the Irish certainly won't."
Defiance is not giving away your freedom. Defiance is refusing to give away your freedom even if you life is at risk. We only need to look at those brave monks in Burma a few weeks ago to see what real defiance looks like. We've lost our back-bone and passed all sorts of onerous laws because we're afraid. We're pathetic and afraid.
When are we going to stand up and say - "To hell with stupid incompetent security. I want my freedom and I want it now."
Simon
The halting problem is actually tractable for the vast majority of algorithms. If you were to select a program at random from the vast sea of possible programs, the vast majority are known to halt, however, the precise percentage is itself in-computable.
Most commonly used algorithms such as quicksort or the myriad network traversing algorithms have a strict proof of correctness. These proofs must include a proof that algorithm terminates on any given finite input, since it would be a bug if the program failed on a particular input!
In fact, modern static analysis tools have pretty much solved the halting problem from a practical stand-point. That said, there are very simple programs whose halting status is unknown. For example, consider:
Slashdot mangeled the proper indentation but you get the drift. Nobody currently knows whether this halts on all inputs.
Of course, you probably wouldn't do any of this on a real machine. You'd probably pay for time up-front and the program is killed after that time has been exhausted. You probably wouldn't do any static analysis on it.
Simon
I was bullied extensively in the early part of my school life. My parents reported it to the teacher and when that didn't work, we went to the Headmaster at the school. The abuse did not stop.
So I changed schools - and I got yet more abuse. We went through the same procedures again and again and again and it was no use. The teachers didn't want to know.
I finally made it to High School and then I decided this time, it wasn't going to happen again. Some kid tried it on and I opted to belt him one in the nose. His nose was thoroughly broken and he was out of school for a week.
After that, I was set for the rest of school. Nobody really tried anything on after that. You see the athaphy that I ran in to in my earlier episodes worked to my advantage now. Precisely nothing was done to me and my schooling carried on as normal.
It seems that these days we attach an "e-" or a "cyber-" on to a pre-existing social problem and suddenly everyone treats the issue as urgent . The problem with such initiatives is there fail to realise that this is a human problem first and a technological problem a distant second.
The way to deal with bulling in schools is in my view is very simple. The punishment should be swift, harsh and feared. They should be charged with assault or harassment in a full criminal court and ordered to do a suitable amount of community service. Failure to comply should immediately mean jail-time which should be served in school holidays.
It's a pity that the type of people who bully are the sorts who have violence all around them at home. As such, the only thing they understand is violence. A short, sharp shock may be enough to put them back on the straight and narrow coupled with some kind of therapy. I do not believe such people are beyond help but if left to there own devices, they will become the criminals of tomorrow.
Simon
This may not be what you want to hear but any copy-protection will burden legitimate users. Pirates will remove the copy protection from your software and the unprotected version they create will be more usable than the version you offer.
It doesn't just hurt your customers, it hurts you too. The time you waste trying to create some copy-protection and losing the arms race with the pirates (which you will lose) is time you could have spent making your product better.
The way to beat the pirates is to provide a better service to your customers than they do. The commonly advocated business model is to provide support on the software to paying users - and since your target is business customers this makes a lot of sense.
Businesses, by the way, tend not to pirate on the scale of the private user. Piracy is a big risk to business because businesses have very deep pockets.
In short, the answer is to have no copy protection at all and trust your customers. Trusting the customer is hard but they'll appreciate it.
Simon
What happens when this goes wrong? What happens when Vista is running in the Bank of America and it accidentally trips the entire network in to "Black Screen of Darkness" mode? What happens when a virus triggers this?
The first job of any operating system has to be stability. Without stability you have nothing and I can't honestly see a good reason to mess with the stability of your OS when you're making billions of dollars of profit a year. People do not have short memories when you turn off their company. They will avoid you for decades because an event like that could literally cost a company its existence.
Good enough is hard to shift. I personally think Grolsh is a superior larger to Fosters yet Fosters outsells Grolsh by a wide margin in the United Kingdom. Fosters is inoffensive and does the job well, it is "good enough." Windows is the same, it is good enough for the vast majority of people even though it is technically deficient to Mac OSX and Linux.
I think Microsoft is making a lot of mistakes with Vista. First of all, they released an early beta as the final product which left a lot of basic functionality horribly broken. Second, they added features that no end user wants at the request of record labels and the like. Thirdly, they've got sucked in to yet more anti-user copy protection.
How many more mistakes can you make before it starts to hurt? Who knows, but the competition is getting good very quickly indeed. I moved from Windows in January to Ubuntu and then Kubuntu..
To my surprise it is vastly superior to Windows XP and Vista. A year ago I would have called that fanboy-ism. Many of you are probably thinking that right now but I urge you to try it; you'll quickly learn you're wrong.
There has been much talk of the year of Linux and when that would be. The problem with the year of Linux is that you can only see it in retrospect. However, the signs are present that 2007 is in fact that year. We've had Ubuntu convince users like me to give it a go, I've heard people around me talk about Ubuntu who otherwise wouldn't have the inclination to try it. We're having people like ATI take the platform seriously and just today we've had Eve on-line announce a Linux port.
Is the year of Linux really upon us?
Simon
My arm-chair understand of Entanglement suggests that it should violate causality. Consider the following thought experiment.
We have two pairs of quantum mechanically entangled electrons. We sent a single electron from each pair five light minutes in to space. A long with a small machine that measures that's designed to react when it an electron comes "de-entangled". When it senses this, it immediately the spin of the electron in the other pair.
Here on earth we have a Tsar Bombe linked to one of the electrons from one of the pairs. Five meters away, the other electron is linked to a button. When a person presses the button, it measures one of the electron, thus breaking its entanglement. That instantly breaks the entanglement of the other electron live light minutes away. The machine then breaks the entanglement of the other pair thus instantly triggering the Tsar Bombe destroying the hut and everything in 100 Sq miles.
The problem is that, as I understand it, this would happen ten minutes before I press the button. Whoops! You see, when I de-entangle the first electron the disentanglement on the other side happens five minutes in my past. When the machine disentangles the second electron, the other electron is five minutes in its past. Totalling to ten minutes. Can you see what I'm getting at? I'm assuming this argument isn't new - What mistake have I made here?
Simon.
This is an application task and I'm inclined to agree with you. You can never have enough resources, whether you're encoding HD-DVDs all day or just using Notepad.
However, I was talking about the operating system. The role of an operating system should be to provide a framework for performing tasks and running application as cheaply as possible; that is, using the least amount of resources as possible.
It's a fair bet your program would work on Windows 2000 and Windows Vista. Yet Windows Vista will "tax" your system more to achieve exactly the same result. This is my point - the operating system is gobbling more and more resources that should be used by your applications without giving the user anything in return. In this sense, we are moving backwards.
Simon
This sort of ties in with what I was saying on IRC with my friends yesterday. My central point was that all operating system have got worse over the past ten years.
I'm currently reading the Mythical Man Month (which I imagine most of you of heard of and already read) and in it he talks about the OS/360 operating system in great detail. I'm recalling this from memory so I'm sure someone will correct my mistakes but anyway, the machine had 2MB of memory and the operating system cost 400Kb of the memory. They charged something like $9.50 a month for 1Kb of system memory. That meant that every Kilobyte of memory saved was worth hundered or even thousands of dollars over the life time of the machine.
It made me realise what is in retrospect a fairly obvious statement. The cost of the operating system on your hardware is an effect that should be minizimed. The operating system exists as a framework for runs tasks and applications, not for being a self-serving execuse to munch resources.
While Moore's Law technically means something different; the adage has held true that computing power has doubled every eighteen months. This means that my machine which I bought in January should be roughly 100 times more powerful than the machine I had in 1997. Yet do I have hundred times more power to run my applications on a modern Operating System? Absolutely not.
Strictly speaking, there are no tasks I do today that I couldn't do in 1997. I can be honest that computing hasn't really got easier since then either. There's the odd innovation here and there that's nice from a usability point of view, but fundamentally nothing has really changed. For an example, Office 97 and Windows 98 are no harder to use than XP and Office 2003. The addition of an extra monitor to my compute has impacted my productivity more than the choice of software in this period.
In short, where did all these cycles go?
Now Microsoft Vista is a sort of a post-modern operating system. In every sense it is a regression. It does not allow tasks to be managed easier yet requires an enormous amount of extra resources just to operate. WGA in a sense breaks the very stability of the system. The point of the OS is to perform tasks and applications yet Microsoft can take this away from you either by malice or stupidity.
When are we going to demand more from OS vendors? When are we going to demand that future versions do the same as the previous version with less memory and less CPU overhead? Why do we pay to upgrade only to find our upgrades are wiped out by OS bloat? All of these are interesting questions, and while off-topic slightly, I'd like to see what you think!
Simon
I can't believe he would possibly think this would attract people to science! I very nearly didn't do Physics at A-Level because GCSE science was too easy. They watered down stuff so much that you couldn't possibly reason with it. You could only solve a limited range of problems with the mathematics available and none of them were remotely interesting.
I was sad to see the same was true in A-Level Chemistry. A-Level Chemistry isn't really science, it's more like religion. You learn an enormous table of facts with some spirtual-esc "electron cloud" explanation for it. There's no way to work through it from first principles - there is no understanding and a vague promise it would come some day.
I am convinced that the way to get people in to science is to get down to brass-tax much earlier on; get down to the real physics of what's going on. In my opinion, there is no reason that the bright kids could not be walked through a solution to the Schrodinger Equation's solution for the Hydrogen atom energy levels at sixteen. There is no reason you can't teach them basic calculus either. There's no reason why you can't walk them through how to derive the equations for circular motion.
You see, it's not the details of the mathematics really matters at this early stage but an appreciation how the solution is arrived at. It's seeing that we take a fundamental postulate, which they would establish by experiment in class, and run with it and here's the physics that we come up with. In short, it's showing them that with rigorous application of the scientific method and a few years of training on the mathematics, that all of this interesting stuff can be arrived at with nothing more than a pencil and paper.
That, my friends, is how you really inspire! You do not inspire anybody by making a intellectual Mount Everest in to a word-search.
Simon
Yes, that's also a good point. My argument isn't specific to an operating system monoculture; it applies equally to an application-level monoculture. This is why I believe in multiple implementations around a central open standard. Not only does the competition between the different implementations drive up the quality of each implementation but also its security too.
Simon
If this really is true reason behind the outage, you can't really blame Skype! How on earth could you anticipate this failure mode?
And that's really the point. This is why a software monoculture sucks. Suddenly the security of each node on the network has the potential to affect the reliability of every other node.
This would be just as true if everyone ran BSD or everyone ran Linux or everyone ran OSX. It's not so much the product (although none of the operating systems available today were designed with security in mind from the start) that's the problem but the fact it forms a monoculture.
A hard-nosed person might say the real solution is to design a secure OS. The problem with that approach is that an OS is very complicated. There's an adage that it takes a certain amount of effort to write some code, it takes the square of that effort to debug it. I want to add to that and say it probably takes the cube of that effort to get security; possibly more. In light of that , designing a secure OS is uneconomical and maybe even impossible.
This is why breaking the monoculture is important was to reduce the damage a defect can cause; it allows us to divide the risk across many separate implementations.
Simon
It's a ridiculous assumption until you try to work out how you can usefully weaken the assumption! Ask yourself this, how do you know how good the attacker is? They're not going to share their successes with you, in fact, they will probably never make contact with you.
You are only as strong as your weakest link but with the vast distribution that's possible this days you have to expect to be up against the very best attackers. So what then is the plausible attacker your meant to be up against?
Incidentally, this is why cryptographers choose such a harsh threat-model in which to place their protocols and ciphers. Only by designing against an attacker who is effectively omniscient can you truly get security. You need to look no further than Diebold to see what happens when you don't do this.
Sure in the real world, disclosing vulnerabilities has an impact! Of course it does, but to say it decreases the security of the users of the software is simply nonsense. It may well do in the very short term, but in the longer term it is absolutely vital that full disclosure occurs if security is to improve.
Simon
In the threat-models used by cryptographers, the attacker is assumed to know everything except cryptographic keys and other pre-defined secrets. These secrets are small in number and small in size. Their size and their limited distribution means we can trust protocols based on these secrets.
Software that is used by millions of people is the very antonym of a secret. Compiled source is routinely reverse engineered by black hats. Web-sites are routinely attached using vectors such as SQL injection. In short, you can't assume that any of the source code is secret. Taken to its logical conclusion, you must therefore assume the worst; that the black-hats know of far more bugs than you do. In fact, strictly speaking you assume they know every bug that exists in your software.
In light of adopting such a severe threat-model, the argument over full disclosure is a non-debate. Black-hats with sufficient resources probably already know of the bug. The only people aided by disclosing it wide and publically are the people who run the software who can take evasive action. In contrast, you only told black-hats what they already know.
Simon
It's probably also worth pointing out that this result has probably increased the chance of life existing elsewhere in the universe by a similar amount. There are far more commets than planet and they are a truly huge number of stars.
Moreover, it is more plausible that a comet could fertilize many star systems if it was knocked out of the orbit of various stars in its life-time. While this sort of event is in itself unlikely it is orders of magnitude more likely than life being liberated from a planet from a violent impact. The life would have to survive the fiery, high G, exit from whatever atmosphere there was surrounding the planet and would still have to have sufficient momentum to escape the star. These properties taken together pretty much eliminate any chance of that happening.
Compare this to the following comet hypothesis. Life gets started on a comet with a highly elliptical orbit billions of years ago. How this happens is open question but for the moment assume it does. As the star uses up its fuel it loses mass and the orbit slowly stretches. Eventually, the comet is able to free itself from the gravity of the parent star. Hundred of millions of years later, the star goes supernova. The blast wave from the supernova gently accelerates the comet into a planetary nebular. It just happens to be the one that our Earth was forged in. As the nebular condenses the life that started inside the comet transfers itself to the billions of water droplets and mineral material. You can guess what happens next.
I've always suspected we are not alone. It's just whether we're all too far away from each other for the knowledge to make any difference.
Simon
The greatest strength of the web is that anyone can publish to a worldwide audience. The greatest weakness of the web is that anyone can publish to a worldwide audience. However, this is only a minor weakness. I'm not forced at gun point to read everybody else's blogs, I get to pick and choose what I read and when I read it.
And this is what the old media don't like about the rise of the blog. They no longer get to control content and the blogs are eating in to what used to be their advertising revenue.
A leak, however it happens, is a leak. I don't think the fact they mentioned blogs means much. If people started leaking by carrier pigeon I'm sure that would get included in such a directive as well.
Simon.
What's wrong with letting him/her view the porn? What's so wrong with porn? This is the problem I have with this constant "think of the children" argument. It's not them we're trying to protect, it's the parents clinging on to the sanctity of their children as they become more and more adult each day. It's the parent's complex not the child; the child doesn't care.
I'm not a parent myself but I just feel that if you give children arbitrary rules with no logical consistency behind them then they may think all of them are suspect and rebel against the ones that really matter.
Perhaps the best way to approach this is to tell your child that the porn on the Internet isn't like real sex. There's no love, there's often no real passion. It's just about cheap gratification. I think if you approached it like this they'd be smart enough to see why some people disagree with it. Hell, they may even choose for themselves that this material isn't for them! Imagine that!
It is my view that if you teach your child to be a moral consequentialist then your job as a parent is basically done. You don't do this by setting arbitrary rules, you do this by teaching them to think.
Simon.
In the United Kingdom we lost fifty or so people in the carnage of bombings last-year, in the United States you lost four or so thousand.
I don't for a second want to say that the loss of these lives through an unspeakable act of senseless violence is a trivial matter, but we need to put these figures in perspective. In the United Kingdom, more are killed in road traffic accidents in a couple of weeks than were in the July 7th bombings. In the United States roughly three times as many people are killed in gun accidents per year than 9/11.
Somebody even said to me that more people were killed putting their socks on in the United Kingdom than by terrorists last-year. It's probably true. This stuff is right in the noise level of the threats we encounter each day. It's dramatic when we see some idiots attempt to blow a car up at Glasgow airport but in terms of actual risk, these people are up there with being struck by lightning or having a bad reaction to asprin.
So why is there talk about trading liberty for security? Even though the security vs liberty argument is as flawed as the mythical man month, the point still remains - why do I need this extra security anyway? It's expensive, it costs me my rights and it's ineffective.
It feels like that we've forgotten what it is really like to be a nation threatend with annihilation. In the 1940s our country nearly didn't make it and we have the United States to thank for that as much as our own heroic airmen. That was a time where the agressors really could have destroyed our way of life. Yet we did not yield in the face our adversity. We held our resolve!
And we should hold our resolve now. In comparison to the Nazis these modern day terrorists are like flies trying to stare down a tank. I don't know whether to laugh or cry why we even take them so seriously. We should not give a shred of our liberty to these people - they are pathetic and worthless; you only need to look at the Glasgow "terrorist" attack to see this for yourselves.
Simon
This is stupid for a couple of reasons. The first is that biometrics suck and are usually almost trivial to subvert. See the $10 fake finger, for an example. What do you do if somebody hacks your credentials as well? Have facial re-constructive surgery? But even if you had very good biometrics that were hard to fake, it still less secure than having separate credentials to access everything.
Why is this? Well for the sake of argument, let's suppose it costs £50 to create a duplicate of my chip and pin card that will work in any cash point. I have four such cards in my wallet so the cost of duplicating them all is £200. In order for the biometric to replace my cards completely and be equally secure, it has to cost more than £200 to fake.
The problem is that the unified security mechanism rarely costs more to subvert then all the IDs it replaced. This doesn't just apply to bank-cards it also applies to national ID cards and any centralisation of security.
The fundamental principle here is that centralising security often reduces security. This is something to keep in mind when you're consolidating servers.
Simon