I've thought about this for some time and I can't find the catch, so I'll bounce it off of you guys. Microsoft is pissing off their user base and risking corporate and government conversions to competitors due to them continually trying to create vendor lock-in. Here's an idea that sounds like the absolute worst thing (from MS's point of view), but I'm starting to think it is the most profitable thing that MS could do, and would guarantee MS's future prosperity in a way that nothing else could:
Make MS products open source. MS is already losing ground among the genuinely technically adept (not those taught to use a particular app, but those who have a greater understanding of computing), so why not join the competition? If that were to happen, MS would instantly gain thousands of pro-bono security reviewers, feature implementers, etc.; they'd have all the benefits that open source projects have. I would bet anything that a team (it would be wise for MS to start it) would form to port MS operating systems onto the Linux kernel. ODF would be written into all Office apps, and the best part is that MS would stand to lose nothing. The open source environment has a way of coalescing around the most mature applications. How many OpenOffice developers would love nothing more than to work all the features they love about OO into Office? If MS truly GPL'd their software, they would gain unstoppable momentum. Developers, developers, developers!
I know, I know, here's the obvious reason this would never work: MS doesn't want to give away their software. The kicker is, people would buy the packaged and supported official OS, even if they could roll their own for free. Look at the Red Hat business model; corporations and other large entities want support, and they want a large company holding their hand and telling them that it will be OK. Your grandmother isn't going to download tarballs and compile Vista because the majority of people will happily pay for convenience. OK, so other people can roll their own MS based packages and try to sell them, you say? MS has the most brand-awareness that has ever existed. Ubunista (now with Office 2007 and Exchange!) will not out sell Microsoft's CollabOS.
It seems to me that MS would retain the majority of their customers, be given the labor that would transform their products into the best software that exists for free, gain market share in the tech crowd as their products mature, and steal developers from their OSS competitors. All at the same time. What am I missing here?
Okay, I'm not familiar with the internal rules of national ISO committees, but it sounds like in all those cases that the decision makers made a decision. And in some cases it was in disagreement with their technical advising committees.
So maybe it wasnt a good decision, but I am not seeing bribing or corruption here.
In other words, if the people who cast the final vote werent the actual decision makers, then why would the ISO accept their vote? If they are the decision makers, then it was properly done, just unpopular. I'm not quite sure what your point is here. No one is saying that a masked bandit usurped the administrative voting process and forged the vote of a national ISO committee. In most of the 'irregularities' the committee met to discuss the issues and the majority of the members were not in favor of OOXML, many for specific technical reasons. The 'technical advising committee' _is_ the committee, because this is a vote on accepting a technical specification. So, the committee as a population says 'no', then the executive members of the committee (in your terms, and President Bush's, the 'decision makers') decide to submit a 'yes' vote and give a very vague justification for why they overruled the committee. A vote being 'properly done' according to administrative process and a vote being 'properly done' according to the spirit of the committee are two different things. In these cases we have an administrative functionary effectively negating the opinions of the committee as a whole for no justifiable reason. I wonder what may have caused that?
I'm with AC here. Are Groklaw, etc, really suggesting that several standards bodies in several nations are/all/ corrupt? And not one leak? Not one failed, incorruptible whistleblower? Well, I am all about questioning the groupthink, but you're missing something. Stories like the above are the leaks you're looking for. These are written by people who are/were involved with their country's standardization process and feel that there's a problem with what happened.
If you can read German, here's the story on what happened there. For those who can't, when they went to vote, they were not allowed to vote disapprove, so the choice was to approve or to abstain. It was a tie, 6:6, which means no consensus. [...] the representative from DIN decided to cast a vote, which isn't the process. DIN isn't supposed to vote, because it's supposed to advise. But this, they rationalized, was a vote not about whether to accept OOXML on the basis of *technical* issues, but whether to accept the approval suggestion of the technical committee. So DIN voted to accept DIN's suggestion. Hence Germany ends up in the Approve column. That's a German 'whistleblower' who is familiar with how the process should run and is stating that it did not run that way.
Here's an article from Norway [...] The article says there should be an investigation of the irregularities there, because while there were only two votes to approve, from Microsoft and a business partner, Statoilhydro, and all the others voted no, 21 votes [...] So they put everyone out of the room, and Standards Norway, three people were left in the room, and they usurped the decision and made it their business to decide to approve anyway. There's another independent report from another country. The list goes on... One should always be skeptical of believing in massive cover-ups and the like, but let's be honest here: there are plenty of legitimate signs that something untoward is going on.
Disclaimer: I sometimes tend to come off as aggressive or demeaning in discussions, so here's the notice that I think this is an interesting discussion.;)
what you have done is *decided* what penalties, when, where and why. The program hasn't "learned" anything, it's doing the only thing that lets it make any progress in the universe that you've put it into [...] This is rule-following and strictly-controlled evolution, not intelligence. [...]
My point was that: "you can't "write" an AI. It's silly to try unless you have very limited targets in mind." If you have targets, you are controlling the progress of the program, shoehorning it into a particular result, which it will obviously "evolve" into something given enough time and suitable pruning. Sure, you can get something resembling AI from that but the concept is just too rigorous. True AI is about intelligence and (quite a lot of) pattern-recognition, not the ability to perform a certain task. The AI isn't recognising a pattern, it's following rules. There's a difference.
I would argue that humans are nothing more than beings that make progress in the universe we're put into. The progress (or reward function, explained below) is measured by pleasure, emotion, and intellectual satisfaction (ambition). I would say that ambition is what sets us apart and makes us 'sentient'.
At the core, reinforcement learning and GAs are essentially the same. In a GA (taking a course right now) you have to define the fitness function in order to select the members that procreate. In a RL agent you have to define a reward function in order to tell the agent when it has done something 'good'. They both serve the same purpose: the rule that specifies the goal to be accomplished.
I have found, tend to want a purely mathematical solution to a problem - the document linked to has more lambda's and Monte Carlo methods than my maths degree did.
Pedantic note: GA is a mathematical solution at heart. There are very established formulas for creating a GA.
As a (contrived) simple example, there's a thing online about evolving a small, three-point physics-controlled organism to move along a plane as fast as possible by genetic algorithm - [...] It was simplified, it was logical, it was rigorous but it was left to play by itself in a universe with some extremely simple "reward/punishment" rules and, eventually, it came to being.
This is an ideal scenario for a RL agent. The fitness function (speed of crossing the plane, or the like) can become the reward function with no change made at all. The classic example of a 'typical AI' is a neural network. A neural network is to reinforcement learning AI as a brick is to a brick house. RL can use NNs to improve its pattern recognition, but an NN by itself does not make decisions. Both a GA and a RL agent will arrive at the optimal solution (given enough time) in that problem you mentioned, and I'd wager some reputation on my bet that the RL agent will get there first (measured by number of times a creature has to cross the plane).
My point was that: "you can't "write" an AI. It's silly to try unless you have very limited targets in mind." [...] You'll know you've hit true AI when the program runs around the maze, gets lost, tries to peep through the computer's memory to find the exit
That's setting an unrealistic goal. A GA could not evolve to do that unless memory reading was explicitly part of the problem, in which case RL agents could do it as well. This is analogous to saying that a human is only intelligent if he is able to look outside the universe and determine the path to a destination using only the power of the brain. GPS is an artificial addition to the environment, and given the opportunity a RL (or GA) agent could devise a similar solution. My point was that the 'limited target' aspect is what we're improving right now. If approved, my Ph.D. research area will be devising hierarc
The only legitimate need for trusted computing is in situations like that. Here's the thought I had: every federal computer ought to run trusted computing to ensure that records are kept and government transparency upheld. Politicians are the employees of the people, we should require them to behave.
FWIW, there are currently hardware level resets and overrides built into the TPM system, but that's of questionable value. Unless the motherboard manufacturer disables or neglects to enable the resets, a user can clear ownership from the TPM by verifying physical presence (i.e. motherboard jumper). The reason it may not be of much value is the same reason that OpenOffice isn't more used today; I can assert ownership over my machine, but it is well within the trusted computer specifications for Microsoft to arrange it such that non-trusted (non-Windows) computers simply cannot access data created by Windows trusted computers. There are even a number of politically viable justifications that take advantage of the confused image that the general public has/will have about 'trusted computing' ("This is sensitive data, we can't allow you to send it to un-trustworthy people, can we?").
There are a good number of legitimate powerful uses for the TPM, and I really hope that the situation I'm describing doesn't occur. However, it would be the essence of naivety to not realize that this is exactly what the system is designed for. It's the ultimate trump card for cementing lock-in. To quote the great Zapp Brannigan: "If we can hit that bull's-eye, the rest of the dominos will fall like a house of cards. Checkmate."
The parents are correct, there's no way that Microsoft would be stupid enough to design an open and modular OS because competitors would rip them apart. MS may be lacking in many areas, but predatory business practices is not one of them. I'm betting that Windows 7 will re-introduce us all to one of our old friends. Remember way back when, when people were ranting and raving about trusted computing and something called the Trusted Platform Module? After all the fuss died down, plans continued as before and as a result the majority of the people reading this post have a TPM installed into their motherboard. It's a truly fascinating device (I've read an implementer's guide, it does a LOT. Go here and download the latest 'Commands' doc. Just take a look at the descriptions and capabilities of the TPM's API. It's chilling.), and there have yet to be any products that really hinge on the TPM. With Windows 7, "With Trusted Computing technology for an even greater level of security and reliability!", here's how MS can block out third party modules, even if they published the API in the Wall Street Journal:
Installation of Windows 7: the OS communicates with the TPM and 'takes ownership' of the TPM. (The tech docs can't spell it out any clearer: the programmer controls the computer, not the user.) When taking ownership of the TPM, Windows provides the public key of Microsoft to the TPM.
Booting the computer: During installation, Windows installs a hash of the bootloader code and the OS code into the TPM. The bootloader performs a sanity check using the TPM to ensure that it has not been compromised. The bootloader then verifies the OS against the TPM and only loads 'genuine' copies of Windows. Note that the definition of genuine is entirely up to MS; at any time the TPM can be instructed, only by its owner, to invalidate any credentials. It's perfectly possible, and in fact designed into the specs, for the TPM owner to completely disable TPM protected software at any time. Irreversibly, because the binaries are encrypted and require the TPM's cooperation to run.
Updating Windows: Before updating, the OS instructs the TPM to provide a guarantee that it is a genuine TPM (using information manufactured into the chip), and the TPM signs MS's public key. This cryptographically proves that the computer has a TPM and that Microsoft owns the TPM. Microsoft then transmits the update to the computer, encrypting it with the TPM's key to prevent the native code from being revealed to the user or installed on a non-authenticated machine.
Installing a module: Similar to updating, but more insidious. The user purchases a certificate to run a module, then the module is securely transferred to the machine. The certificate is stored by the TPM itself to prevent it from being read from disk or RAM by a third party. This is done for all the TPM's information. The module is then installed if and only if it is authenticated by Microsoft. This may seem to have some flaws, but that's taken care of with the following...
Running a binary executable: The OS can require that every single binary be signed by a person who is authenticated by the owner. The TPM verifies this, and then either provides the OS with the decrypted binary or a failure notice. 'Configuration states' are a key principle here; at any time the state of the system (all programs that are running) can be saved into the TPM. This can be used for example by Windows update. The updater saves a configuration where only the core OS and the updater are running, and then can ensure that it will not update if not in this configuration. This keeps any on-the-fly memory editors out.
A lot of very smart people put a lot of effort into this system; it works. It's just been waiting for that 'killer app' to use it...
It can be achieved (in particular cases). It can even sometimes be surpassed [...] Theoretically, the limit shouldn't be surpassable (and very hard to actually reach). I was with you until that, what do you mean?
Besides, rendering the holotextures required to accurately represent the shape and movement of disembodied hands is no small task. In fact, it's so difficult that it will not be supported until Windows 17 (aka 'Fettershorn') is released. Never mind the fact that the requirements for that edition are so steep that it'd requi... hold on a sec, someone's at the door...
Considering the typical work-time problem, let's say a piece of work takes n seconds to complete by 1 processor. If there are m processors, the work gets completed in n/m seconds. Unless the parallel system can somehow do better than this, it is usually not worth the effort. If the work is perfectly divisible between m processors, then why have a parallel system? Why not a distributed system (like beowulf, etc.)? Wait, what? How is this insightful? If you have a piece of work that can be completed faster by using multiple processors concurrently... why that sounds an awful lot like parallel processing! Also, to say that a problem that takes N seconds to complete with 1 processor takes N/M seconds to complete with M processors is just plain wrong. N/M seconds would be amount of time taken by a theoretically 'perfect' setup; it cannot be achieved in practice (I am fairly certain, can someone correct me if I'm wrong?).
If it is not perfectly distributable, the code can get really complicated. ... Welcome to the discussion. That's the central problem of parallel (or distributed, for that matter) systems. Did you major in a non-tech field like civil engineering, or did you just not pay attention?
Supercache apparently considers about 1.5 gigabytes on a system with 3 gigabytes of RAM to be a reasonable amount of physical memory to use for this process.
The net effect of all of the above is that Vista spends a hell of a lot of time sitting there churning away using your disks and RAM to load "stuff" into memory that you "might" need. All of this for the 1-2 seconds you are likely saving by not having to load Word or Quake III or whatever from disk should you happen to want to use it. While Microsoft's approach to implementing that technique may be flawed (hah!), what's wrong with the technique itself? As long as the memory and processes used for pre-caching are given a lower priority than everything else that sort of 'supercaching' is a great way to get a speed increase. Assuming there's a sensible implementation that causes the OS to stop reading a program into memory when there is a disk access, treats preallocated memory as available (freeing the memory according to which supercached program is probabilistically least likely to be used), and only records when the program is run (the overhead of making a timestamp in the program's record compared to loading the actual program is not too big of a slowdown), then... what's the problem, exactly?
The way you write, it would seem to be the case that you have a problem with 'wasting' 50% of your unused ram. Unless you're in a special situation and trying to use absolutely minimal power or whatnot, RAM is a 'free' resource unless it's being claimed by an active program. I paid for all of my RAM and my processor already; if it makes my computer perform faster (subjectively, after the smoke and mirrors) then I absolutely want 100% of my RAM storing relevant information and 100% of my processor cycles calculating things that may prove useful...
Ok, so that's one case of one building being impervious to a car bomb placed out front. I'd wager a good bit of money that there exist a number of federal buildings that are not protected from that. Even assuming that no external attack would damage a federal building, you run into the same logical fallacy that the airports subscribe to; if we keep all threats out of the area behind the checkpoint, then no attacks can occur. Even assuming the checkpoint is infallible (it's not), the reality is you've only moved the point of attack to the checkpoint. You haven't eliminated any threats, you just changed them.
So, let's look at which seems more likely: well-intentioned politicians debated the subject, and decided that federal buildings are (or ought to be) impervious to all outside attacks and have a blast-proof area suitable for a RealID checkpoint, therefore denying those without RealIDs access to federal buildings would eliminate that particular threat; OR politicians who have a vested interest in seeing RealID adopted publicly realized that, citizen or not, a person who cannot enter a public building (the DMV, the post office, city hall, the list is very long...) until they get a RealID are effectively forced to get one. Hrmm...
You would hope that innocent people would eventually be found innocent after their computer(s) had been ransacked, copied, examined, etc., but there is also the chance that the logs alone would be deemed sufficient.
People need to understand what kind of liability they open themselves up to by not securing their wireless. Or they need to know that they had better keep excellent logs themselves in order to prove their own innocence, but then that can be turned against them as well if they don't monitor and police for illegal activity. I'm not picking on you, but this is exactly the problem with the attitude in this country. The poster is more than likely just some law abiding person who's trying to look out for others, but look at what is being said (emphasis mine):
You would hope that innocent people would eventually be found innocent [...] they had better keep excellent logs themselves in order to prove their own innocence The wording is unintentional, but it reflects how the poster and a lot of others have come to feel about our legal system. I remember a time when one would remain innocent until they were found guilty and only the one doing the accusing would have to prove anything...
You can't "write" an AI. It's silly to try unless you have very limited targets in mind. You're right that you have to have a target in mind, but the scope and definition of the target is what we're improving. I'm just finishing undergrad and going into a doctoral program for artificial intelligence. We're no where near human AI, we're not even close to it. But, we are getting closer.
Computers work by doing what they are told, perfectly, quickly and repeatably. Now that is, in effect, how our bodies are constructed at the molecular/sub-molecular level. But as soon as you try to enforce your knowledge onto such a computer, you either create a database/expert system or a mess. It might even be a useful mess, sometimes, but it's still a mess and still not intelligence. You don't have to give it the knowledge, you just program an agent (AI program) to make observations and correlate those observations with what the agent did, if anything, and what the environment is. For a 'reinforcement learning' course, I made a program that would navigate a maze. The agent was told that it was in cell X, and it always had the option of moving left/right/up/down. If it tried to move into a wall it would remain in cell X. If it gets to cell Y, it gets a reward of +1. For every action it takes that doesn't get it to the reward it gets a penalty of -.01. So what the program does is learn that (cell X + move right) = (cell B), etc. Eventually it gets to Y, and yes it's all dumb luck the first time because the agent has no idea what is 'good'. Once it gets that positive reward, it essentially makes the observation "(cell C + move left) = (cell Y) + reward! cell Y must be good, and if (cell C,move left) leads to Y then that state-action pair is good, but not quite as good as Y". There are all manner of tricks to overcoming large (continuous) possibilities of what the environment is (state space) and for solving the 'assignment problem' (how much did state S0 contribute to the reward we got in S4?). It's no where near Turing-level AI, but it's a lot closer than many other things.
Quick access in an emergency is something that didn't occur to me; that would pose a problem. I'll grant that I am no MD nor am I at all qualified to manage hospital processes, but I do know something about cryptography. I would think moron is a bit strong, as your 'rebuttals' reflect a person about as qualified to speak about cryptology as I am to speak about hospital procedure. So, just for fun:
) Requiring doctors to carry smart cards with encryption data 2) Requiring doctors to keep said cards with "the morphine" (showing you have never seen how a hospital manages secure resources) 3) Said hideously rare and necessarily hard to obtain cards would be required to save a life in dire emergent situations. 1) Doctors presumably already have some identification card that they are required to keep on them. If not, they likely have had either a driver's license or a credit card at one point in their life, so they are familiar with the idea of keeping a card with them... 2) I was making reference to the fact that hospitals already keep things securely, so whatever method should work just as well for the cards. I have no knowledge whatsoever how a hospital manages secure resources, but they have a means for doing so. 3) Cards would not necessarily be rare nor hard to obtain. The purpose of the card would be to link a particular doctor at a particular hospital with the permission to update or send commands to the device, as opposed to assuming anyone with proper equipment is authorized to do so.
1) You have never seen how an emergency room or hospital inpatient floor works. 2) You have no idea how a pacemaker interrogator works. Furthermore, you suggest: 1) A hideously complex encryption system based on ONE point of weakness: the manufacture's private key. 2) You KNOW this is a weak point by your suggestion of "armed guards" (where should they be? in yur hard drivez guardin' your bites?) 1) Yep, you are correct. 2) Right again 1) This is already done, so it is a non-issue. Verisign and all the other certificate authorities that issue SSL and other certificates have a private key kept at this level of security. I am unaware of a case where the private key became known and every computer on the internet needed to have the CA public key changed, so it seems that they do a decent job. 2)... The key is stored on a computer isolated from all others in a locked room. The system is set up such that the private key does not get revealed when it is used to sign a certificate. Two or more trusted parties are required for entry to the room, and no one is left in there alone. Presumably there would be a chair for the guard... Again, this is something that is already done; there is established procedure.
1) You have suggested a security by obscurity scheme which even the RIAA is learning just doesn't work. 2) You have definitively solved a "hard" problem in a field of experience vastly different from your own by applying your specific brand of expertise without any form of intellectual humility 1) This is the polar opposite of security by obscurity. 'Security by obscurity' is keeping the method used for security secret, and if the method is revealed the security is defeated. This is a case where the methods are known and tested, but a key is kept secret. The RIAA has to use security by obscurity because DRM requires that you provide an encrypted media file, the key to decrypt it, and then dictate the terms under which the key can be used. That doesn't work, because the second the method used to obscure the key becomes known the security is broken. 2) And you have rebuked my argument by showing that you lack knowledge about cryptography and I lack knowledge about hospitals. My search for security is precisely because of the human life involved. It should go without saying that I am capable of being wrong, that doesn't mean I should be required to be timid with my suggestions; you certainly are not.
So, I am no moron nor am I a doctor, and you are no cryptographer nor are you capable of having a discussion without resorting to personal attacks and name calling.
Cryptography consists of basic math operations, exponentiating and modulus. I am not assuming that they make 200MHz pacemakers, nor do they have to. A budget chip that performs on the order of 5 mathematical operations (iterations, it would have to support 3 operations IIRC) is not out of the question. You already have the foundation for receiving signal and determining what the signal is. A device that interpreted the signal by performing a few mathematical transformations on it before sending it along the pathway that already exists is not out of the question. There's no reason that the chip should be getting clock cycles and using power unless the device is being updated, so what's the big problem with using a slightly larger amount for an update that likely takes a nontrivial amount of power in the first place?
Older model pacemakers were susceptible to microwaves from your kitchen 'nuke'. [...] are also subject to getting whacked by an electromagnetic pulse, so this isn't 'news' Yes, and someone could break into my home by smashing a window or driving a bulldozer through the wall, but I'm still going to lock my doors. Just because there are known faults and vulnerabilities doesn't mean that we should pretend there are no consequences to introducing new ones.
It already is receiving signals and acting upon those signals. All the stuff that I mentioned requires is another chip and a small flash storage for logging. 'Right now' it takes $30,000 to do this hack. If the information becomes well known and the technique becomes easier, being in contact isn't really a big deal. The problem is that the person goes into heart failure for what is apparently no reason at the time. The fact that someone in a crowd has their hand on his chest or did for a brief moment is a lot different than watching that same person stab the guy...
Sure. It's impractical, because cryptography uses "magical hard math," right? Nevermind that the math involved can be done with relatively cheap chips made for the purpose. An hour best case for what? The doctor gets certified to update the device as a part of employee training, not 'on demand'. There already is a trail... how, exactly?/Done feeding trolls
Yes, I want it to be programmable. But I want the designer to keep in mind that it's my life at stake. We know how to do these things securely.
Public-Private Key cryptography. The manufacturer has a public key, and it's embedded into the device. The manufacturer's private key is kept secret in the same way as the PKI people do it; there are multiple parties required to do anything to the key, there is armed security 24/7, and the key is treated as if people's lives depend on it because that's the situation. There's a process to go through for a hospital to get certified to update the device. When the hospital certifies a doctor to update the device, the doctor's public key is signed by the manufacturer's private key. The doctor keeps his private key on a smart card that requires a PIN with the full knowledge that people could die if he loses it. Preferably the smart cards are kept under lock and key at the hospital next to the lethal drugs and the morphine. When an update command is done, a specially formatted message is signed by the doctor's private key, and the message is send along with the doctor's certificate (the doctor's public key signed by the manufacturer's private key). If there's no valid certificate or the message format is not correct, no command interpretation takes place. If everything checks out, the command is logged in onboard flash memory and the device updates. If someone's pacemaker is updated in a manner that kills them, there is an audit trail pointing to exactly who's at fault. I don't care how much more expensive it is, particularly when the answer is 'not very.'
People's lives are at stake here, the manufacturers should be held liable and negligible if they aren't using already existing methods that essentially guarantee security.
The peaceful protests of Anonymous against the CoS are also legal. Anonymous is ONLY protesting the CoS organization, no other religion and not religious beliefs themselves. There is a campaign of fabricating/doctoring Anonymous protest images and footage to try to frame Anonymous for anti-religious protests (they started by attempting to attack the Vatican): take a guess at who might want to be doing that! OK, doing good so far...
Rather worrying, a similar anti Anonymous "ad hominem" attack force is trying to re-define the cake meme from the game Portal into one about underage pornography. OK, stop. The first time Slashdot covered the "anonymous" group protesting/declaring war on CoS, I saw a comment that claimed that 'Anonymous' was nothing more than the name that people who go to the 'random' (referred to as/b) section on various *chan sites. So, I lurked at those sites (listed at the bottom of post) for a while, and it was a very fascinating look into an internet subculture, albeit a somewhat disturbed subculture. The *chan sites are image boards that allow anyone to post any image, comment on them, and reply to comments. Indeed, if one is to lurk on *chan for a while one would see many references to the CoS and the war against them. Interestingly enough, there are also many references to how the CoS war is raising the profile of the *chan sites and attracting all sorts of new people (newfags) who then annoy the regulars (oldfags). The people who frequent the/b section call themselves 'Anonymous',/btards, and other things.
That is relevant to the cake thing, because many of these image boards have pornography sections. There is a wide range of porn, some of it pretty disturbing, and there are sections for (very) underage girls. There's not usually actual child porn there, and it gets removed quickly if someone posts it, but there are many non-nude pictures of 'lolis' and many animate nude pictures. What is the section called? On one site, it is '/loli/ - Delicious Cake', on another it is '/cake/ - Lolicon'. So, say what you want, but the cake = pedophilia connection isn't made up.
The *chan sites that you can peruse (take that, oldfags!):
4chan.org
7chan.org
711chan.org
420chan.org
I'm sure there are many others, as new chans tend to pop up when the chan gets overrun by newfags.
Take a look there some time, it's fascinating really.
While it is NICE to want Universal Health Care, it isn't a "right" because it requires something from others. I'll ignore the actual health care issue, and instead point out the ass-hattery of the statement itself. Something is not a right if it requires something from others...
You have the right to freedom. That requires that I give up my desire to imprison you. You have the right to free speech. That requires that I not restrain you from speaking. You have the right to an education (not a constitutional right, but it's legally enshrined and I'd argue that it's as fundamental as all the others...). That requires that the government provide you the opportunity to become educated.
Every right has an associated obligation. If you actually knew anything at all about 'rights', you'd know that there are 'negative' rights and 'positive' rights. These are classified based on the nature of the obligation that goes with it: the right to free speech is a negative right because it requires that I not do something that infringes upon that right; the right to vote is a positive right, because it requires that the government provide you with the means and methods to vote. The idea that a right only exists if no one else has to do anything is utter nonsense. Your rights still exist on that desert island only because I am still obligated to acknowledge them.
Here's a newsflash for you: ethics are not just used by professional organizations. Some people actually have personal codes of ethic; other people go so far as to believe that there are universal codes of ethic that apply to everyone whether or not they recognize them. Morality is more how one feels about certain actions, ethics dictates the obligations one has to do or not do something.
Slashdot Mirror
I've thought about this for some time and I can't find the catch, so I'll bounce it off of you guys. Microsoft is pissing off their user base and risking corporate and government conversions to competitors due to them continually trying to create vendor lock-in. Here's an idea that sounds like the absolute worst thing (from MS's point of view), but I'm starting to think it is the most profitable thing that MS could do, and would guarantee MS's future prosperity in a way that nothing else could:
Make MS products open source. MS is already losing ground among the genuinely technically adept (not those taught to use a particular app, but those who have a greater understanding of computing), so why not join the competition? If that were to happen, MS would instantly gain thousands of pro-bono security reviewers, feature implementers, etc.; they'd have all the benefits that open source projects have. I would bet anything that a team (it would be wise for MS to start it) would form to port MS operating systems onto the Linux kernel. ODF would be written into all Office apps, and the best part is that MS would stand to lose nothing. The open source environment has a way of coalescing around the most mature applications. How many OpenOffice developers would love nothing more than to work all the features they love about OO into Office? If MS truly GPL'd their software, they would gain unstoppable momentum. Developers, developers, developers!
I know, I know, here's the obvious reason this would never work: MS doesn't want to give away their software. The kicker is, people would buy the packaged and supported official OS, even if they could roll their own for free. Look at the Red Hat business model; corporations and other large entities want support, and they want a large company holding their hand and telling them that it will be OK. Your grandmother isn't going to download tarballs and compile Vista because the majority of people will happily pay for convenience. OK, so other people can roll their own MS based packages and try to sell them, you say? MS has the most brand-awareness that has ever existed. Ubunista (now with Office 2007 and Exchange!) will not out sell Microsoft's CollabOS.
It seems to me that MS would retain the majority of their customers, be given the labor that would transform their products into the best software that exists for free, gain market share in the tech crowd as their products mature, and steal developers from their OSS competitors. All at the same time. What am I missing here?
what you have done is *decided* what penalties, when, where and why. The program hasn't "learned" anything, it's doing the only thing that lets it make any progress in the universe that you've put it into [...] This is rule-following and strictly-controlled evolution, not intelligence.
[...]
My point was that: "you can't "write" an AI. It's silly to try unless you have very limited targets in mind." If you have targets, you are controlling the progress of the program, shoehorning it into a particular result, which it will obviously "evolve" into something given enough time and suitable pruning. Sure, you can get something resembling AI from that but the concept is just too rigorous. True AI is about intelligence and (quite a lot of) pattern-recognition, not the ability to perform a certain task. The AI isn't recognising a pattern, it's following rules. There's a difference.
I would argue that humans are nothing more than beings that make progress in the universe we're put into. The progress (or reward function, explained below) is measured by pleasure, emotion, and intellectual satisfaction (ambition). I would say that ambition is what sets us apart and makes us 'sentient'.
At the core, reinforcement learning and GAs are essentially the same. In a GA (taking a course right now) you have to define the fitness function in order to select the members that procreate. In a RL agent you have to define a reward function in order to tell the agent when it has done something 'good'. They both serve the same purpose: the rule that specifies the goal to be accomplished.
I have found, tend to want a purely mathematical solution to a problem - the document linked to has more lambda's and Monte Carlo methods than my maths degree did.
Pedantic note: GA is a mathematical solution at heart. There are very established formulas for creating a GA.
As a (contrived) simple example, there's a thing online about evolving a small, three-point physics-controlled organism to move along a plane as fast as possible by genetic algorithm - [...] It was simplified, it was logical, it was rigorous but it was left to play by itself in a universe with some extremely simple "reward/punishment" rules and, eventually, it came to being.
This is an ideal scenario for a RL agent. The fitness function (speed of crossing the plane, or the like) can become the reward function with no change made at all. The classic example of a 'typical AI' is a neural network. A neural network is to reinforcement learning AI as a brick is to a brick house. RL can use NNs to improve its pattern recognition, but an NN by itself does not make decisions. Both a GA and a RL agent will arrive at the optimal solution (given enough time) in that problem you mentioned, and I'd wager some reputation on my bet that the RL agent will get there first (measured by number of times a creature has to cross the plane).
My point was that: "you can't "write" an AI. It's silly to try unless you have very limited targets in mind."
[...]
You'll know you've hit true AI when the program runs around the maze, gets lost, tries to peep through the computer's memory to find the exit
That's setting an unrealistic goal. A GA could not evolve to do that unless memory reading was explicitly part of the problem, in which case RL agents could do it as well. This is analogous to saying that a human is only intelligent if he is able to look outside the universe and determine the path to a destination using only the power of the brain. GPS is an artificial addition to the environment, and given the opportunity a RL (or GA) agent could devise a similar solution. My point was that the 'limited target' aspect is what we're improving right now. If approved, my Ph.D. research area will be devising hierarc
The only legitimate need for trusted computing is in situations like that. Here's the thought I had: every federal computer ought to run trusted computing to ensure that records are kept and government transparency upheld. Politicians are the employees of the people, we should require them to behave.
FWIW, there are currently hardware level resets and overrides built into the TPM system, but that's of questionable value. Unless the motherboard manufacturer disables or neglects to enable the resets, a user can clear ownership from the TPM by verifying physical presence (i.e. motherboard jumper). The reason it may not be of much value is the same reason that OpenOffice isn't more used today; I can assert ownership over my machine, but it is well within the trusted computer specifications for Microsoft to arrange it such that non-trusted (non-Windows) computers simply cannot access data created by Windows trusted computers. There are even a number of politically viable justifications that take advantage of the confused image that the general public has/will have about 'trusted computing' ("This is sensitive data, we can't allow you to send it to un-trustworthy people, can we?").
There are a good number of legitimate powerful uses for the TPM, and I really hope that the situation I'm describing doesn't occur. However, it would be the essence of naivety to not realize that this is exactly what the system is designed for. It's the ultimate trump card for cementing lock-in. To quote the great Zapp Brannigan: "If we can hit that bull's-eye, the rest of the dominos will fall like a house of cards. Checkmate."
- Installation of Windows 7: the OS communicates with the TPM and 'takes ownership' of the TPM. (The tech docs can't spell it out any clearer: the programmer controls the computer, not the user.) When taking ownership of the TPM, Windows provides the public key of Microsoft to the TPM.
- Booting the computer: During installation, Windows installs a hash of the bootloader code and the OS code into the TPM. The bootloader performs a sanity check using the TPM to ensure that it has not been compromised. The bootloader then verifies the OS against the TPM and only loads 'genuine' copies of Windows. Note that the definition of genuine is entirely up to MS; at any time the TPM can be instructed, only by its owner, to invalidate any credentials. It's perfectly possible, and in fact designed into the specs, for the TPM owner to completely disable TPM protected software at any time. Irreversibly, because the binaries are encrypted and require the TPM's cooperation to run.
- Updating Windows: Before updating, the OS instructs the TPM to provide a guarantee that it is a genuine TPM (using information manufactured into the chip), and the TPM signs MS's public key. This cryptographically proves that the computer has a TPM and that Microsoft owns the TPM. Microsoft then transmits the update to the computer, encrypting it with the TPM's key to prevent the native code from being revealed to the user or installed on a non-authenticated machine.
- Installing a module: Similar to updating, but more insidious. The user purchases a certificate to run a module, then the module is securely transferred to the machine. The certificate is stored by the TPM itself to prevent it from being read from disk or RAM by a third party. This is done for all the TPM's information. The module is then installed if and only if it is authenticated by Microsoft. This may seem to have some flaws, but that's taken care of with the following...
- Running a binary executable: The OS can require that every single binary be signed by a person who is authenticated by the owner. The TPM verifies this, and then either provides the OS with the decrypted binary or a failure notice. 'Configuration states' are a key principle here; at any time the state of the system (all programs that are running) can be saved into the TPM. This can be used for example by Windows update. The updater saves a configuration where only the core OS and the updater are running, and then can ensure that it will not update if not in this configuration. This keeps any on-the-fly memory editors out.
A lot of very smart people put a lot of effort into this system; it works. It's just been waiting for that 'killer app' to use it...Besides, rendering the holotextures required to accurately represent the shape and movement of disembodied hands is no small task. In fact, it's so difficult that it will not be supported until Windows 17 (aka 'Fettershorn') is released. Never mind the fact that the requirements for that edition are so steep that it'd requi... hold on a sec, someone's at the door...
The way you write, it would seem to be the case that you have a problem with 'wasting' 50% of your unused ram. Unless you're in a special situation and trying to use absolutely minimal power or whatnot, RAM is a 'free' resource unless it's being claimed by an active program. I paid for all of my RAM and my processor already; if it makes my computer perform faster (subjectively, after the smoke and mirrors) then I absolutely want 100% of my RAM storing relevant information and 100% of my processor cycles calculating things that may prove useful...
Ok, so that's one case of one building being impervious to a car bomb placed out front. I'd wager a good bit of money that there exist a number of federal buildings that are not protected from that. Even assuming that no external attack would damage a federal building, you run into the same logical fallacy that the airports subscribe to; if we keep all threats out of the area behind the checkpoint, then no attacks can occur. Even assuming the checkpoint is infallible (it's not), the reality is you've only moved the point of attack to the checkpoint. You haven't eliminated any threats, you just changed them.
So, let's look at which seems more likely: well-intentioned politicians debated the subject, and decided that federal buildings are (or ought to be) impervious to all outside attacks and have a blast-proof area suitable for a RealID checkpoint, therefore denying those without RealIDs access to federal buildings would eliminate that particular threat; OR politicians who have a vested interest in seeing RealID adopted publicly realized that, citizen or not, a person who cannot enter a public building (the DMV, the post office, city hall, the list is very long...) until they get a RealID are effectively forced to get one. Hrmm...
People need to understand what kind of liability they open themselves up to by not securing their wireless. Or they need to know that they had better keep excellent logs themselves in order to prove their own innocence, but then that can be turned against them as well if they don't monitor and police for illegal activity. I'm not picking on you, but this is exactly the problem with the attitude in this country. The poster is more than likely just some law abiding person who's trying to look out for others, but look at what is being said (emphasis mine): You would hope that innocent people would eventually be found innocent
[...]
they had better keep excellent logs themselves in order to prove their own innocence The wording is unintentional, but it reflects how the poster and a lot of others have come to feel about our legal system. I remember a time when one would remain innocent until they were found guilty and only the one doing the accusing would have to prove anything...
If you're curious and have some time, here's the link to the (fairly readable) textbook for the class, Reinforcement Learning: An Introduction"
2) I was making reference to the fact that hospitals already keep things securely, so whatever method should work just as well for the cards. I have no knowledge whatsoever how a hospital manages secure resources, but they have a means for doing so.
3) Cards would not necessarily be rare nor hard to obtain. The purpose of the card would be to link a particular doctor at a particular hospital with the permission to update or send commands to the device, as opposed to assuming anyone with proper equipment is authorized to do so. 1) You have never seen how an emergency room or hospital inpatient floor works. 2) You have no idea how a pacemaker interrogator works. Furthermore, you suggest: 1) A hideously complex encryption system based on ONE point of weakness: the manufacture's private key. 2) You KNOW this is a weak point by your suggestion of "armed guards" (where should they be? in yur hard drivez guardin' your bites?) 1) Yep, you are correct.
2) Right again
1) This is already done, so it is a non-issue. Verisign and all the other certificate authorities that issue SSL and other certificates have a private key kept at this level of security. I am unaware of a case where the private key became known and every computer on the internet needed to have the CA public key changed, so it seems that they do a decent job.
2)
2) And you have rebuked my argument by showing that you lack knowledge about cryptography and I lack knowledge about hospitals. My search for security is precisely because of the human life involved. It should go without saying that I am capable of being wrong, that doesn't mean I should be required to be timid with my suggestions; you certainly are not.
So, I am no moron nor am I a doctor, and you are no cryptographer nor are you capable of having a discussion without resorting to personal attacks and name calling.
Look up public private key cryptography and get back to me. Asymmetric cryptography does not require revealing the private key to hospitals....
Cryptography consists of basic math operations, exponentiating and modulus. I am not assuming that they make 200MHz pacemakers, nor do they have to. A budget chip that performs on the order of 5 mathematical operations (iterations, it would have to support 3 operations IIRC) is not out of the question. You already have the foundation for receiving signal and determining what the signal is. A device that interpreted the signal by performing a few mathematical transformations on it before sending it along the pathway that already exists is not out of the question. There's no reason that the chip should be getting clock cycles and using power unless the device is being updated, so what's the big problem with using a slightly larger amount for an update that likely takes a nontrivial amount of power in the first place?
It already is receiving signals and acting upon those signals. All the stuff that I mentioned requires is another chip and a small flash storage for logging. 'Right now' it takes $30,000 to do this hack. If the information becomes well known and the technique becomes easier, being in contact isn't really a big deal. The problem is that the person goes into heart failure for what is apparently no reason at the time. The fact that someone in a crowd has their hand on his chest or did for a brief moment is a lot different than watching that same person stab the guy...
Sure. It's impractical, because cryptography uses "magical hard math," right? Nevermind that the math involved can be done with relatively cheap chips made for the purpose. An hour best case for what? The doctor gets certified to update the device as a part of employee training, not 'on demand'. There already is a trail... how, exactly? /Done feeding trolls
Yes, I want it to be programmable. But I want the designer to keep in mind that it's my life at stake. We know how to do these things securely.
Public-Private Key cryptography. The manufacturer has a public key, and it's embedded into the device. The manufacturer's private key is kept secret in the same way as the PKI people do it; there are multiple parties required to do anything to the key, there is armed security 24/7, and the key is treated as if people's lives depend on it because that's the situation. There's a process to go through for a hospital to get certified to update the device. When the hospital certifies a doctor to update the device, the doctor's public key is signed by the manufacturer's private key. The doctor keeps his private key on a smart card that requires a PIN with the full knowledge that people could die if he loses it. Preferably the smart cards are kept under lock and key at the hospital next to the lethal drugs and the morphine. When an update command is done, a specially formatted message is signed by the doctor's private key, and the message is send along with the doctor's certificate (the doctor's public key signed by the manufacturer's private key). If there's no valid certificate or the message format is not correct, no command interpretation takes place. If everything checks out, the command is logged in onboard flash memory and the device updates. If someone's pacemaker is updated in a manner that kills them, there is an audit trail pointing to exactly who's at fault. I don't care how much more expensive it is, particularly when the answer is 'not very.'
People's lives are at stake here, the manufacturers should be held liable and negligible if they aren't using already existing methods that essentially guarantee security.
That is relevant to the cake thing, because many of these image boards have pornography sections. There is a wide range of porn, some of it pretty disturbing, and there are sections for (very) underage girls. There's not usually actual child porn there, and it gets removed quickly if someone posts it, but there are many non-nude pictures of 'lolis' and many animate nude pictures. What is the section called? On one site, it is '/loli/ - Delicious Cake', on another it is '/cake/ - Lolicon'. So, say what you want, but the cake = pedophilia connection isn't made up.
The *chan sites that you can peruse (take that, oldfags!):
- 4chan.org
- 7chan.org
- 711chan.org
- 420chan.org
- I'm sure there are many others, as new chans tend to pop up when the chan gets overrun by newfags.
Take a look there some time, it's fascinating really.You have the right to freedom. That requires that I give up my desire to imprison you. You have the right to free speech. That requires that I not restrain you from speaking. You have the right to an education (not a constitutional right, but it's legally enshrined and I'd argue that it's as fundamental as all the others...). That requires that the government provide you the opportunity to become educated.
Every right has an associated obligation. If you actually knew anything at all about 'rights', you'd know that there are 'negative' rights and 'positive' rights. These are classified based on the nature of the obligation that goes with it: the right to free speech is a negative right because it requires that I not do something that infringes upon that right; the right to vote is a positive right, because it requires that the government provide you with the means and methods to vote. The idea that a right only exists if no one else has to do anything is utter nonsense. Your rights still exist on that desert island only because I am still obligated to acknowledge them.
Here's a newsflash for you: ethics are not just used by professional organizations. Some people actually have personal codes of ethic; other people go so far as to believe that there are universal codes of ethic that apply to everyone whether or not they recognize them. Morality is more how one feels about certain actions, ethics dictates the obligations one has to do or not do something.