Y'see, reusing a string does not significantly add entropy. That is why zip compression works.
Not quite. Entropy is a property of the probability distribution from which a sample (i.e., a password) is drawn. Whether or not reusing a string adds entropy depends on the underlying distribution.
Zip is designed to be most effective on text and other probability spaces where repetition is likely. Zip will not work so well when drawing upon a uniform distribution. On the contrapositive, using a repetition will increase entropy to the extent that a repetition is unlikely with respect to the underlying distribution.
Instead of using an "alphabet" with 26 characters (or 52 with capitals, or 70-something with capitals and punctuation) and choosing a short random string, you use an "alphabet" with 5000+ ideograms (i.e., words) and choose a short random string of these words.
For simplicity, just suppose there are 5000 commonly used English words. Then there are 5000^n passphrases of length n (i.e., containing n words). Obviously, this is much, much bigger than 70-something raised to the n. It does not matter that it is smaller than 70-something raised to the number of characters in the passphrase.
As a matter of fact, my computer's word list contains about 95,000 words. Try to guess the password I will generate with the following algorithm:
Pick 7 random numbers between 1 and 95000. Look at the word indexed by the random number. Memorize.
My PRNG yielded: 74019,69542,70792,42388,32916,63978,55632
which maps to: purchasing persecute platitudes escalations consummation mum intoned
A quick calculation shows that such a scheme has about bits 115 bits of entropy, compared to less than 44 for a "character" password with the same number of random tokens drawn from the alphabet.
So what's the big deal about using words instead of just longer random strings in the smaller 70-something character alphabet? You would need an 19 character random string drawn from an alphabet of 80 to get as much entropy as 7 words drawn from a dictionary of 95000 words. Clearly, the latter is far easier to memorize than something like "DtnqaELdIA=vozSkC" and provides the same cryptographic strength.
"X. Significance of the results Given the existence of musical-instrument energy above 20 kilohertz, it is natural to ask whether the energy matters to human perception or music recording. The common view is that energy above 20 kHz does not matter, but AES preprint 3207 by Oohashi et al. claims that reproduced sound above 26 kHz "induces activation of alpha-EEG (electroencephalogram) rhythms that persist in the absence of high frequency stimulation, and can affect perception of sound quality." [4]
Oohashi and his colleagues recorded gamelan to a bandwidth of 60 kHz, and played back the recording to listeners through a speaker system with an extra tweeter for the range above 26 kHz. This tweeter was driven by its own amplifier, and the 26 kHz electronic crossover before the amplifier used steep filters. The experimenters found that the listeners' EEGs and their subjective ratings of the sound quality were affected by whether this "ultra-tweeter" was on or off, even though the listeners explicitly denied that the reproduced sound was affected by the ultra-tweeter, and also denied, when presented with the ultrasonics alone, that any sound at all was being played.
From the fact that changes in subjects' EEGs "persist in the absence of high frequency stimulation," Oohashi and his colleagues infer that in audio comparisons, a substantial silent period is required between successive samples to avoid the second evaluation's being corrupted by "hangover" of reaction to the first.
The preprint gives photos of EEG results for only three of sixteen subjects. I hope that more will be published.
In a paper published in Science, Lenhardt et al. report that "bone-conducted ultrasonic hearing has been found capable of supporting frequency discrimination and speech detection in normal, older hearing-impaired, and profoundly deaf human subjects." [5] They speculate that the saccule may be involved, this being "an otolithic organ that responds to acceleration and gravity and may be responsible for transduction of sound after destruction of the cochlea," and they further point out that the saccule has neural cross-connections with the cochlea. [6]
Even if we assume that air-conducted ultrasound does not affect direct perception of live sound, it might still affect us indirectly through interfering with the recording process. Every recording engineer knows that speech sibilants (Figure 10), jangling key rings (Figure 15), and muted trumpets (Figures 1 to 3) can expose problems in recording equipment. If the problems come from energy below 20 kHz, then the recording engineer simply needs better equipment. But if the problems prove to come from the energy beyond 20 kHz, then what's needed is either filtering, which is difficult to carry out without sonically harmful side effects; or wider bandwidth in the entire recording chain, including the storage medium; or a combination of the two.
On the other hand, if the assumption of the previous paragraph be wrong â" if it is determined that sound components beyond 20 kHz do matter to human musical perception and pleasure â" then for highest fidelity, the option of filtering would have to be rejected, and recording chains and storage media of wider bandwidth would be needed."
You can't improve audio quality of *audible frequencies* by increasing resolution of the horizontal axis (sampling frequency) beyond a rate which surpasses the Nyquist frequency for human hearing.
Nyquist-Shannon notwithstanding, the range of human hearing is wider than 20kHz.
That said, doubling the sampling rate isn't going to do anything for a digital signal. At best, the new signal will simply play each of the old signal's samples twice.
You have no idea what my philosophical position is. You are assuming that I am an atheist merely because it suits you. In fact, I am a Platonic realist of the monadic variety. I am willing to bet you have no idea what that means. In fact, I am pretty sure the odds are better than 50:50, in my favor.
I suggest you get off the internet, sparing us all your worthless verbiage and eliminating the risk of somebody cracking your computer and stealing your credit card number.
If you are willing to believe in a Platonic universe, you must be willing to believe in string theory. The whole point of string theory is that it is the logical theory (in the sense of the first order logic) taken by taking the "known" laws of physics as axioms. This is Platonic realism in a scientific context.
Um, this is a fallacy. Just because there are two choices does not make them equally probable. You might get hit by lightning tomorrow. You might not. Are the odds 50:50? (No)
I see this as sane. The risk of terrorism has always been overblown. But there are literally tens of thousands (or even hundreds of thousands or millions) of black hats out there totally willing to steal your identity or crack your voicemail, like the Murdoch family did to anybody they wanted to investigate or intimidate.
"Require an amazing conspiracy" is closer to what trust means in terms of security than "trust but verify". But it is still too weak for a security context. And in some ways, it is the polar opposite of what "trust" means in context.
In security (of the mathematical, physical, or professional kind), a "trusted source" is a source that you are compelled to believe, because without their input, the security model would be impossible. Indeed, you want to have as few trusted sources as possible. For example, you rely on random numbers to seed a cryptographic system. Then you must trust your random number generator, because it is impossible (in general) that it is not biased in some way. You must trust your algorithm, because it is impossible to verify that it is unbreakable.
The fewer things in your security you have to take the word of, the more secure your model is, all things being equal. So "trust, but verify" runs counter to professional usage of the word "trust", because trusted things are unverifiable by definition (in context).
In security, everything that is not trusted is untrusted. And untrusted sources get all the scrutiny that is economically efficient.
I don't want to be excessively harsh but the summary was seriously a bunch of drivel. In silico either means it's data on the computer, or that you are simulating a biological process computationally. But as other posters have mentioned, unless you are purposely simulating evolution, mycoplasma sequences in your human databases isn't going to cause any "arms race." Yes, it seriously screws with validity, but that's a completely different issue.
You're still missing the point.
Methods to screen out junk contamination will all miss something. The data representation of a genome is reproduced, as a cost (and time) saving measure. In other words, the contamination that survives the screening process will "survive" as a silicon representation.
This is a problem in the long term, since we will presumably be using the genomic data to eradicate diseases. So our use of contaminated data will select for diseases which cannot be screened.
Although overly-broad laws are a serious problem, the real problem has little to do with them.
The police are not trained in the law. They are trained to a 350 page handbook, and are trained that if they have any doubt that an action is legal, to arrest or fine, and let the Courts sort it out. They are trained to hide behind their badge when they are wrong.
This is a classic economic externality. It costs a policeman or woman nothing to arrest or fine someone they will probably never see again. But doing so imposes enormous costs on all of us, through the direct costs of defense, and the social costs of operating courts beyond their capacity.
Why is compensation for penis size the canonical example? It doesn't take an idiot to not upgrade your own ram. If your time is worth more than a certain amount, it isn't even worth looking up how to do it. It is cheaper to just click the little "Upgrade RAM" button on the HP or Dell website and have them do it for you.
A lot of Americans are that rich. Many more think they are, but are uninformed. This has nothing to do with "compensation" for "deficiencies".
Similarly, here's a market for red sports cars for 50 year olds because they have wanted them since they were in their 20s, and can suddenly afford them as middle aged Boomers. The world isn't fair. Throwing stereotypes out there isn't making it any more fair.
Am I the only one who took Economics 100? Actually, my "corrected" summary is wrong. You should pay so that the marginal costs and benefits of the things you want are all equal. It doesn't take an infinite budget to do that.
You should learn how to use "abstract interpretation". "6 months ago" is a terrible excuse not to use a language. If you can express a complex idea quickly, by using "weird" operators, interpreting the idea is easy, specifically by ignoring the "weird" operators and focusing on the types/semantics of the things they combine. There are only so many sensible ways to combine values, so there are exactly that many possible semantics for the combinators that combine them.
"6 months ago" is the best reason to use a strongly typed programming language, so that you can be absolutely sure that abstract interpretation will work on parametric operators.
Perl5 is a lovely, expressive language, with a variety of strong abstraction operators. Perl6 brings all of Perl5 in, and extends the language with a built-in object system (using what experience with Perl5 hacking has shown to be the most useful)
Exactly. The telcos have no business snooping around in what I do on the web.
That is their business, full stop. If they are to optimize their network for real-life traffic patterns, they must "snoop".
Imagine if they did this to voice. Calling work is premium, immediate relatives sort of premium but distant relatives we'll give you at the base rate. You can call our business partners for a reduced rate, calling our competitors will cost triple.
Ever heard of "long distance"? "Calling our competitors" cost a lot more than triple, not too long ago.
A sovereign state is supposed to be able to defend its borders. If a state is not able to defend its borders, it is not sovereign. Yes, the argument was lost when other states invaded.
This is not health care. This is insurance. They are not the same. Insurance is a risk reduction strategy for preventing catastrophic loss of net worth.
They are the same thing at a national level. The healthcare provider/government must use the same risk management strategies as an insurance company does. They must have a predictable budget to pay out for all the flows. The budget is derived using the same mathematics an insurance company uses.
The government has several advantages over private insurance. The most important of which is that a competitive insurance industry raises costs for everyone involved, with mathematical force. The pool of risk is carved up, the pools' predictability declines, so they have to tie up more capital (at the cost of capital) to potentially pay claims, etc. And also, each company represents an administrative cost sink. In the limit, consider a world where everybody administers their own "competitive" health insurance plan. They would need to save up hundreds of thousands of dollars, just in case they get a 1 in 100,000 case of cancer.
Going off on a tangent, I am reminded of the phrase "There's no such thing as a free lunch." I find that people cling on to their first interpretation. Yes, we will pay for our lunch. But there is an important question to be answered: is the lunch deployment mechanism the cheapest one available for the quality of lunch we want? If the answer is no, we should find a new lunch deployment mechanism. Arguments for competition do not apply to insurance as it is currently structured, because the industry does not satisfy the competitive market axioms.
Republicans like insurance, yes? And they like things to be as inexpensive as possible, yes?
Then Republicans ought to love nationalized health care, as it reduces costs with the power of economic force. Statistics (you know, what people are, from an insurance company's perspective) become more predictable and thus cheaper as the pool of risk grows. Competition is counter-productive in this sphere, because it carves up the pool of risk, and increases the administrative burden. Insurance is not and cannot be a competitive industry. The market just does not satisfy the competitive market axioms.
Slashdot Mirror
dude, exclamation marks are totally unhip. ellipses, on the other hand...
Y'see, reusing a string does not significantly add entropy. That is why zip compression works.
Not quite. Entropy is a property of the probability distribution from which a sample (i.e., a password) is drawn. Whether or not reusing a string adds entropy depends on the underlying distribution.
Zip is designed to be most effective on text and other probability spaces where repetition is likely. Zip will not work so well when drawing upon a uniform distribution. On the contrapositive, using a repetition will increase entropy to the extent that a repetition is unlikely with respect to the underlying distribution.
You are totally missing the point.
Instead of using an "alphabet" with 26 characters (or 52 with capitals, or 70-something with capitals and punctuation) and choosing a short random string, you use an "alphabet" with 5000+ ideograms (i.e., words) and choose a short random string of these words.
For simplicity, just suppose there are 5000 commonly used English words. Then there are 5000^n passphrases of length n (i.e., containing n words). Obviously, this is much, much bigger than 70-something raised to the n. It does not matter that it is smaller than 70-something raised to the number of characters in the passphrase.
As a matter of fact, my computer's word list contains about 95,000 words. Try to guess the password I will generate with the following algorithm:
Pick 7 random numbers between 1 and 95000. Look at the word indexed by the random number. Memorize.
My PRNG yielded:
74019,69542,70792,42388,32916,63978,55632
which maps to:
purchasing persecute platitudes escalations consummation mum intoned
A quick calculation shows that such a scheme has about bits 115 bits of entropy, compared to less than 44 for a "character" password with the same number of random tokens drawn from the alphabet.
So what's the big deal about using words instead of just longer random strings in the smaller 70-something character alphabet? You would need an 19 character random string drawn from an alphabet of 80 to get as much entropy as 7 words drawn from a dictionary of 95000 words. Clearly, the latter is far easier to memorize than something like "DtnqaELdIA=vozSkC" and provides the same cryptographic strength.
"X. Significance of the results
Given the existence of musical-instrument energy above 20 kilohertz, it is natural to ask whether the energy matters to human perception or music recording. The common view is that energy above 20 kHz does not matter, but AES preprint 3207 by Oohashi et al. claims that reproduced sound above 26 kHz "induces activation of alpha-EEG (electroencephalogram) rhythms that persist in the absence of high frequency stimulation, and can affect perception of sound quality." [4]
Oohashi and his colleagues recorded gamelan to a bandwidth of 60 kHz, and played back the recording to listeners through a speaker system with an extra tweeter for the range above 26 kHz. This tweeter was driven by its own amplifier, and the 26 kHz electronic crossover before the amplifier used steep filters. The experimenters found that the listeners' EEGs and their subjective ratings of the sound quality were affected by whether this "ultra-tweeter" was on or off, even though the listeners explicitly denied that the reproduced sound was affected by the ultra-tweeter, and also denied, when presented with the ultrasonics alone, that any sound at all was being played.
From the fact that changes in subjects' EEGs "persist in the absence of high frequency stimulation," Oohashi and his colleagues infer that in audio comparisons, a substantial silent period is required between successive samples to avoid the second evaluation's being corrupted by "hangover" of reaction to the first.
The preprint gives photos of EEG results for only three of sixteen subjects. I hope that more will be published.
In a paper published in Science, Lenhardt et al. report that "bone-conducted ultrasonic hearing has been found capable of supporting frequency discrimination and speech detection in normal, older hearing-impaired, and profoundly deaf human subjects." [5] They speculate that the saccule may be involved, this being "an otolithic organ that responds to acceleration and gravity and may be responsible for transduction of sound after destruction of the cochlea," and they further point out that the saccule has neural cross-connections with the cochlea. [6]
Even if we assume that air-conducted ultrasound does not affect direct perception of live sound, it might still affect us indirectly through interfering with the recording process. Every recording engineer knows that speech sibilants (Figure 10), jangling key rings (Figure 15), and muted trumpets (Figures 1 to 3) can expose problems in recording equipment. If the problems come from energy below 20 kHz, then the recording engineer simply needs better equipment. But if the problems prove to come from the energy beyond 20 kHz, then what's needed is either filtering, which is difficult to carry out without sonically harmful side effects; or wider bandwidth in the entire recording chain, including the storage medium; or a combination of the two.
On the other hand, if the assumption of the previous paragraph be wrong â" if it is determined that sound components beyond 20 kHz do matter to human musical perception and pleasure â" then for highest fidelity, the option of filtering would have to be rejected, and recording chains and storage media of wider bandwidth would be needed."
You can't improve audio quality of *audible frequencies* by increasing resolution of the horizontal axis (sampling frequency) beyond a rate which surpasses the Nyquist frequency for human hearing.
Nyquist-Shannon notwithstanding, the range of human hearing is wider than 20kHz.
http://www.cco.caltech.edu/~boyk/spectra/spectra.htm (a properly conducted experiment)
That said, doubling the sampling rate isn't going to do anything for a digital signal. At best, the new signal will simply play each of the old signal's samples twice.
You have no idea what my philosophical position is. You are assuming that I am an atheist merely because it suits you. In fact, I am a Platonic realist of the monadic variety. I am willing to bet you have no idea what that means. In fact, I am pretty sure the odds are better than 50:50, in my favor.
I suggest you get off the internet, sparing us all your worthless verbiage and eliminating the risk of somebody cracking your computer and stealing your credit card number.
It's win-win!
If you are willing to believe in a Platonic universe, you must be willing to believe in string theory. The whole point of string theory is that it is the logical theory (in the sense of the first order logic) taken by taking the "known" laws of physics as axioms. This is Platonic realism in a scientific context.
Stop skipping class and lecturing us.
Um, this is a fallacy. Just because there are two choices does not make them equally probable. You might get hit by lightning tomorrow. You might not. Are the odds 50:50? (No)
I see this as sane. The risk of terrorism has always been overblown. But there are literally tens of thousands (or even hundreds of thousands or millions) of black hats out there totally willing to steal your identity or crack your voicemail, like the Murdoch family did to anybody they wanted to investigate or intimidate.
Microsoft's stock price - while fairly high - has remained constant for ten years, while many of its competitors have seen enormous growth
It has dropped, in real terms. You forgot about inflation. 100$ was worth more 10 years ago than today.
about RNGs: "because it is impossible (in general) that it is not biased in some way"
Impossible to prove it's not biased.
"Require an amazing conspiracy" is closer to what trust means in terms of security than "trust but verify". But it is still too weak for a security context. And in some ways, it is the polar opposite of what "trust" means in context.
In security (of the mathematical, physical, or professional kind), a "trusted source" is a source that you are compelled to believe, because without their input, the security model would be impossible. Indeed, you want to have as few trusted sources as possible. For example, you rely on random numbers to seed a cryptographic system. Then you must trust your random number generator, because it is impossible (in general) that it is not biased in some way. You must trust your algorithm, because it is impossible to verify that it is unbreakable.
The fewer things in your security you have to take the word of, the more secure your model is, all things being equal. So "trust, but verify" runs counter to professional usage of the word "trust", because trusted things are unverifiable by definition (in context).
In security, everything that is not trusted is untrusted. And untrusted sources get all the scrutiny that is economically efficient.
I don't want to be excessively harsh but the summary was seriously a bunch of drivel. In silico either means it's data on the computer, or that you are simulating a biological process computationally. But as other posters have mentioned, unless you are purposely simulating evolution, mycoplasma sequences in your human databases isn't going to cause any "arms race." Yes, it seriously screws with validity, but that's a completely different issue.
You're still missing the point.
Methods to screen out junk contamination will all miss something. The data representation of a genome is reproduced, as a cost (and time) saving measure. In other words, the contamination that survives the screening process will "survive" as a silicon representation.
This is a problem in the long term, since we will presumably be using the genomic data to eradicate diseases. So our use of contaminated data will select for diseases which cannot be screened.
9/11 was an unexpected attack.
Google "Project Bojinka".
Although overly-broad laws are a serious problem, the real problem has little to do with them.
The police are not trained in the law. They are trained to a 350 page handbook, and are trained that if they have any doubt that an action is legal, to arrest or fine, and let the Courts sort it out. They are trained to hide behind their badge when they are wrong.
This is a classic economic externality. It costs a policeman or woman nothing to arrest or fine someone they will probably never see again. But doing so imposes enormous costs on all of us, through the direct costs of defense, and the social costs of operating courts beyond their capacity.
Why is compensation for penis size the canonical example? It doesn't take an idiot to not upgrade your own ram. If your time is worth more than a certain amount, it isn't even worth looking up how to do it. It is cheaper to just click the little "Upgrade RAM" button on the HP or Dell website and have them do it for you.
A lot of Americans are that rich. Many more think they are, but are uninformed. This has nothing to do with "compensation" for "deficiencies".
Similarly, here's a market for red sports cars for 50 year olds because they have wanted them since they were in their 20s, and can suddenly afford them as middle aged Boomers. The world isn't fair. Throwing stereotypes out there isn't making it any more fair.
Pay for what you want, not what you don't want.
Am I the only one who took Economics 100? Actually, my "corrected" summary is wrong. You should pay so that the marginal costs and benefits of the things you want are all equal. It doesn't take an infinite budget to do that.
You should learn how to use "abstract interpretation". "6 months ago" is a terrible excuse not to use a language. If you can express a complex idea quickly, by using "weird" operators, interpreting the idea is easy, specifically by ignoring the "weird" operators and focusing on the types/semantics of the things they combine. There are only so many sensible ways to combine values, so there are exactly that many possible semantics for the combinators that combine them.
"6 months ago" is the best reason to use a strongly typed programming language, so that you can be absolutely sure that abstract interpretation will work on parametric operators.
Perl5 is a lovely, expressive language, with a variety of strong abstraction operators. Perl6 brings all of Perl5 in, and extends the language with a built-in object system (using what experience with Perl5 hacking has shown to be the most useful)
I thought his point was that 5 minutes was unrealistically long.
Exactly. The telcos have no business snooping around in what I do on the web.
That is their business, full stop. If they are to optimize their network for real-life traffic patterns, they must "snoop".
Imagine if they did this to voice. Calling work is premium, immediate relatives sort of premium but distant relatives we'll give you at the base rate. You can call our business partners for a reduced rate, calling our competitors will cost triple.
Ever heard of "long distance"? "Calling our competitors" cost a lot more than triple, not too long ago.
A sovereign state is supposed to be able to defend its borders. If a state is not able to defend its borders, it is not sovereign. Yes, the argument was lost when other states invaded.
This is not health care. This is insurance. They are not the same. Insurance is a risk reduction strategy for preventing catastrophic loss of net worth.
They are the same thing at a national level. The healthcare provider/government must use the same risk management strategies as an insurance company does. They must have a predictable budget to pay out for all the flows. The budget is derived using the same mathematics an insurance company uses.
The government has several advantages over private insurance. The most important of which is that a competitive insurance industry raises costs for everyone involved, with mathematical force. The pool of risk is carved up, the pools' predictability declines, so they have to tie up more capital (at the cost of capital) to potentially pay claims, etc. And also, each company represents an administrative cost sink. In the limit, consider a world where everybody administers their own "competitive" health insurance plan. They would need to save up hundreds of thousands of dollars, just in case they get a 1 in 100,000 case of cancer.
Going off on a tangent, I am reminded of the phrase "There's no such thing as a free lunch." I find that people cling on to their first interpretation. Yes, we will pay for our lunch. But there is an important question to be answered: is the lunch deployment mechanism the cheapest one available for the quality of lunch we want? If the answer is no, we should find a new lunch deployment mechanism. Arguments for competition do not apply to insurance as it is currently structured, because the industry does not satisfy the competitive market axioms.
Read Article 1, Section 8 of the US Constitution.
Republicans like insurance, yes? And they like things to be as inexpensive as possible, yes?
Then Republicans ought to love nationalized health care, as it reduces costs with the power of economic force. Statistics (you know, what people are, from an insurance company's perspective) become more predictable and thus cheaper as the pool of risk grows. Competition is counter-productive in this sphere, because it carves up the pool of risk, and increases the administrative burden. Insurance is not and cannot be a competitive industry. The market just does not satisfy the competitive market axioms.
Somehow, this is lost on many Americans.
Anything that leaves more rampant tottie for us straight guys is a good thing.
Is it "wrong" that worker bees can't reproduce? Of course not.