It's how politics works. You don't have to agree with it, it's just how it is.
I fully agree. Unfortunately, I don't really see a good way around it. You can't have more democracy, because that would risk demagoguery. However, less democracy doesn't work either, because then there's less recourse on your part when one of these people does make it into high office and decides to pass an obscenity law.
As a member of a minority, I feel that we need more "non-democracy" in the system, not less. Remember, one of the ultimate forms of democracy is a lynch mob.
Given the increasing importance of computer models in scientific research, I think that we need to make writing good code as important as writing good research papers. No journal would accept research that was filled with grammatical errors or lacked citations. So why are journals accepting results created by poor quality code? Attaching equal importance to the code and the paper would go a long way towards alleviating some of the problems you have described. For example, having to submit your code for journal review right along with your paper would motivated students to write clean, structured code that would be more fit for public release. Thus the student would have to spend less time doing cleanup after the fact.
Another thing that would help is encouraging citations for code as well as for results. That way, if a graduate student comes up with a particularly original computer model, then they can point to the number of citations their code has received, in order to show its significance.
I actually _have_ gotten personal responses from Theo DeRaadt on some OpenBSD issues but they all have the general form of "you're not interesting, don't waste my time".
Funny, I thought that was the only type of response Theo De Raadt was capable of making.
A more important concern is that someone else who does have your background should have access to your code. That would be part of "peer review". Otherwise they're taking your computations on faith, with no way to reproduce.
I fully agree. Perhaps something that scientific journals could do is to create a source code repository that allows researchers to publish the source code used to create the results along with the results themselves. At the very least, other researchers would be able to look at the code and see if there are any glaring errors or omissions.
At the same time, how can you say whether the bug affects the output of the program enough to invalidate the results? Lets say you find a bug and remove it. The program output 0.3452 before the bug was removed. Afterward, the program outputs 0.3754. How do you judge whether that's a significant enough divergence to invalidate the results of the original program?
If that's your test, then I'm pretty sure that every piece of software ever made would fail. Not all bugs are equally significant. Also, you can't assume that all effects on the outcome are equally significant. An implicit approximation that reduces the number of significant figures from six to four is not nearly as important as a module being sent measurements in the wrong units.
Both bugs affect the outcome of the program, but I know which one I'd rather have in my code.
Re:Yeah, this is going to be a major problem...
on
Hardware TPM Hacked
·
· Score: 1
The purpose of TPM is like the purpose of the lock on a door. Its not to keep the intruder out, but rather to slow the intruder down so that he either gives up or gets caught. I don't see this as a hack at all, given that by the time any intruder manages to gain access to the chip, the theft of the laptop would have been noticed, and any credentials stored on the TPM would have been invalidated.
Its not nearly as easy as you're making it sound. The chemicals used and steps required mean that there's an extraordinarily small margin of error, and constant observation is required to ensure that only the epoxy and outer layers of the chip are removed without damaging the core. The level of skill required means that this could not be easily programmed into a robot. In other words, a robot (or even an inexperienced human) has about the same chance at pulling off this hack as they do of cooking a meal fit for a five-star restaurant.
Well, given that TPM uses X.509 certificates, I'd say the chances of finding a vulnerability are rather less than the chances of finding a vulnerability in a poorly vetted algorithm like CSS.
Not to mention the most important layer of security - the physical layer. Sure, this guy might be able to get the X.509 certificate off the chip with acid and a few days of effort, but that implies that he's got the computer out of the building. If the attacker can't remove the computer from the building nor remove the motherboard from the computer, then this attack is meaningless.
The other nice thing about scrum is that you get feedback about your estimates relatively quickly and have an opportunity to revise your estimating methods if you notice a pattern. I know that I was much better at estimating by the end of the fourth sprint than I was at the end of the first sprint.
The thing that has bitten me before is that sometimes the spec. constrains the design and significantly increases the cost. To use the example provided by another post: lets say your client wants a Silverlight viewer for GIF images. The specification for the viewer is detailed enough that you can come up with a detailed estimate. However, unless you knew Silverlight very well ahead of time, you would not have realized that Silverlight could not display GIF images. This would blow any estimate out of the water, since now you have to spend a potentially indefinite amount of time looking for a reusable component or coding up your own viewer.
The point the parent was trying to make is that it is difficult in many cases to estimate the risk of a particular feature. Getting Silverlight to display an image? How hard can that be, right? Yet, because of an unforeseen circumstance, the feature became much more difficult to implement. I'm willing to bet that parent poster would have classified the image display feature as low risk before he or she started coding.
As I heard somewhere, "Its not what you don't know that gets you, its what you know that just ain't so." Parametric tools allow you to estimate what you don't know. In my experience, that hasn't been a problem - teams usually know when a feature is new or out of the ordinary and allocate extra time to implement it. They don't cause the project trouble. Its the things that should have been "easy" but ended up taking twice as long as they were supposed to that kill projects.
By that definition, the United States is socialist as well. The difference between the states you quote and the USA is one of degree not of kind.
All of them allow for private property, and have the majority of goods exchanged with money, rather than through central control. None of them are like the Mondragon Society, which divides all profit amongst its workers and has fixed wage ratios between the lowest and highest levels.
Well, what are the costs of giving up all fossil fuel based transportation? What are the costs of completely reworking our manufacturing systems? What is the cost (both in terms of monetary costs and human suffering) of reduced agricultural output?
All species influence their environment. Humans do so more than most. Before we radically alter our socio-economic systems, shouldn't we at least consider the alternatives? I agree that reducing carbon emissions is probably the cheapest, most cost-effective solution. However, I am troubled by the fact that there has been no discussion in the press of alternatives to carbon reduction. If the case for carbon reduction is so self evident, it should be trivial to come up with a cost-benefit analysis supporting it.
The problem with such an intuitionist approach is that eventually you're going to have to assign priorities between each of your numerical measures. At what point does the cost additional preventive measures outweigh the cost? Is spending a billion dollars to save small group of people who knowingly built their houses in a low lying area worth the expense? If you can't assign priorities between your basic axioms, these questions cannot be answered.
In a different context, this would be about the temperature of a period known as "The Holocene Climatic Optimum".
Its impossible to describe any climate as "optimal" without saying what species one is optimizing for. What's optimal for a wooly mammoth may or may not be optimal for a species like humans. Even if one can prove that the Holocene Optimum was optimal for humanity, our agricultural patterns will still have to change quite dramatically (e.g. no more alfalfa in California) to account for the fact that rainfall and seasonal patterns will change. Having a globally larger amount of rainfall doesn't help if the distribution of said rainfall doesn't match your existing agricultural areas.
So, even if the new climate that we're heading for is "better" in some way than the old climate, changes still have to be considered and planned for.
When you talk about comparing cost, we should be clear that there's no monetary value we can put on the possible outcomes.
People may disagree on the monetary costs associated with various outcomes. That does not mean that monetary costs are impossible to assign. In fact, we have to assign costs and benefits to various scenarios in order to judge if one outcome is more beneficial than another. Saying "costs are impossible to assign" is a fancy way of throwing up one's hands and giving up thinking about the problem. If you can't assign costs, how can you judge whether the course of action you've chosen is the best one?
No, the real question is does one group of people have the right to force others to change their lifestyle?
Well, I could put the same question to you. By what right do the "others" force the US, Europe and China to restructure their economies? In fact, the "others" in most cases would have meet a higher burden, since they are the ones asking for positive action, rather than defending the current state of affairs.
Slashdot Mirror
It's how politics works. You don't have to agree with it, it's just how it is.
I fully agree. Unfortunately, I don't really see a good way around it. You can't have more democracy, because that would risk demagoguery. However, less democracy doesn't work either, because then there's less recourse on your part when one of these people does make it into high office and decides to pass an obscenity law.
As a member of a minority, I feel that we need more "non-democracy" in the system, not less. Remember, one of the ultimate forms of democracy is a lynch mob.
Given the increasing importance of computer models in scientific research, I think that we need to make writing good code as important as writing good research papers. No journal would accept research that was filled with grammatical errors or lacked citations. So why are journals accepting results created by poor quality code? Attaching equal importance to the code and the paper would go a long way towards alleviating some of the problems you have described. For example, having to submit your code for journal review right along with your paper would motivated students to write clean, structured code that would be more fit for public release. Thus the student would have to spend less time doing cleanup after the fact.
Another thing that would help is encouraging citations for code as well as for results. That way, if a graduate student comes up with a particularly original computer model, then they can point to the number of citations their code has received, in order to show its significance.
I actually _have_ gotten personal responses from Theo DeRaadt on some OpenBSD issues but they all have the general form of "you're not interesting, don't waste my time".
Funny, I thought that was the only type of response Theo De Raadt was capable of making.
A more important concern is that someone else who does have your background should have access to your code. That would be part of "peer review". Otherwise they're taking your computations on faith, with no way to reproduce.
I fully agree. Perhaps something that scientific journals could do is to create a source code repository that allows researchers to publish the source code used to create the results along with the results themselves. At the very least, other researchers would be able to look at the code and see if there are any glaring errors or omissions.
At the same time, how can you say whether the bug affects the output of the program enough to invalidate the results? Lets say you find a bug and remove it. The program output 0.3452 before the bug was removed. Afterward, the program outputs 0.3754. How do you judge whether that's a significant enough divergence to invalidate the results of the original program?
If that's your test, then I'm pretty sure that every piece of software ever made would fail. Not all bugs are equally significant. Also, you can't assume that all effects on the outcome are equally significant. An implicit approximation that reduces the number of significant figures from six to four is not nearly as important as a module being sent measurements in the wrong units.
Both bugs affect the outcome of the program, but I know which one I'd rather have in my code.
The purpose of TPM is like the purpose of the lock on a door. Its not to keep the intruder out, but rather to slow the intruder down so that he either gives up or gets caught. I don't see this as a hack at all, given that by the time any intruder manages to gain access to the chip, the theft of the laptop would have been noticed, and any credentials stored on the TPM would have been invalidated.
Its not nearly as easy as you're making it sound. The chemicals used and steps required mean that there's an extraordinarily small margin of error, and constant observation is required to ensure that only the epoxy and outer layers of the chip are removed without damaging the core. The level of skill required means that this could not be easily programmed into a robot. In other words, a robot (or even an inexperienced human) has about the same chance at pulling off this hack as they do of cooking a meal fit for a five-star restaurant.
Well, given that TPM uses X.509 certificates, I'd say the chances of finding a vulnerability are rather less than the chances of finding a vulnerability in a poorly vetted algorithm like CSS.
Not to mention the most important layer of security - the physical layer. Sure, this guy might be able to get the X.509 certificate off the chip with acid and a few days of effort, but that implies that he's got the computer out of the building. If the attacker can't remove the computer from the building nor remove the motherboard from the computer, then this attack is meaningless.
The other nice thing about scrum is that you get feedback about your estimates relatively quickly and have an opportunity to revise your estimating methods if you notice a pattern. I know that I was much better at estimating by the end of the fourth sprint than I was at the end of the first sprint.
Hydrogen monoxide would be pretty reactive. Dihydrogen monoxide, on the other hand...
Then what are you doing here?
The thing that has bitten me before is that sometimes the spec. constrains the design and significantly increases the cost. To use the example provided by another post: lets say your client wants a Silverlight viewer for GIF images. The specification for the viewer is detailed enough that you can come up with a detailed estimate. However, unless you knew Silverlight very well ahead of time, you would not have realized that Silverlight could not display GIF images. This would blow any estimate out of the water, since now you have to spend a potentially indefinite amount of time looking for a reusable component or coding up your own viewer.
The point the parent was trying to make is that it is difficult in many cases to estimate the risk of a particular feature. Getting Silverlight to display an image? How hard can that be, right? Yet, because of an unforeseen circumstance, the feature became much more difficult to implement. I'm willing to bet that parent poster would have classified the image display feature as low risk before he or she started coding.
As I heard somewhere, "Its not what you don't know that gets you, its what you know that just ain't so." Parametric tools allow you to estimate what you don't know. In my experience, that hasn't been a problem - teams usually know when a feature is new or out of the ordinary and allocate extra time to implement it. They don't cause the project trouble. Its the things that should have been "easy" but ended up taking twice as long as they were supposed to that kill projects.
By that definition, the United States is socialist as well. The difference between the states you quote and the USA is one of degree not of kind.
All of them allow for private property, and have the majority of goods exchanged with money, rather than through central control. None of them are like the Mondragon Society, which divides all profit amongst its workers and has fixed wage ratios between the lowest and highest levels.
Not all of the boards on the internet have the same reputation for freedom and anonymity that 4Chan does.
Or even better, "Thanks for reminding me to put on there."
They don't have to be dead flowers. A small potted plant (a shrubbery, perhaps?) can go over quite well.
Well, what are the costs of giving up all fossil fuel based transportation? What are the costs of completely reworking our manufacturing systems? What is the cost (both in terms of monetary costs and human suffering) of reduced agricultural output?
All species influence their environment. Humans do so more than most. Before we radically alter our socio-economic systems, shouldn't we at least consider the alternatives? I agree that reducing carbon emissions is probably the cheapest, most cost-effective solution. However, I am troubled by the fact that there has been no discussion in the press of alternatives to carbon reduction. If the case for carbon reduction is so self evident, it should be trivial to come up with a cost-benefit analysis supporting it.
The problem with such an intuitionist approach is that eventually you're going to have to assign priorities between each of your numerical measures. At what point does the cost additional preventive measures outweigh the cost? Is spending a billion dollars to save small group of people who knowingly built their houses in a low lying area worth the expense? If you can't assign priorities between your basic axioms, these questions cannot be answered.
In a different context, this would be about the temperature of a period known as "The Holocene Climatic Optimum".
Its impossible to describe any climate as "optimal" without saying what species one is optimizing for. What's optimal for a wooly mammoth may or may not be optimal for a species like humans. Even if one can prove that the Holocene Optimum was optimal for humanity, our agricultural patterns will still have to change quite dramatically (e.g. no more alfalfa in California) to account for the fact that rainfall and seasonal patterns will change. Having a globally larger amount of rainfall doesn't help if the distribution of said rainfall doesn't match your existing agricultural areas.
So, even if the new climate that we're heading for is "better" in some way than the old climate, changes still have to be considered and planned for.
When you talk about comparing cost, we should be clear that there's no monetary value we can put on the possible outcomes.
People may disagree on the monetary costs associated with various outcomes. That does not mean that monetary costs are impossible to assign. In fact, we have to assign costs and benefits to various scenarios in order to judge if one outcome is more beneficial than another. Saying "costs are impossible to assign" is a fancy way of throwing up one's hands and giving up thinking about the problem. If you can't assign costs, how can you judge whether the course of action you've chosen is the best one?
No, the real question is does one group of people have the right to force others to change their lifestyle?
Well, I could put the same question to you. By what right do the "others" force the US, Europe and China to restructure their economies? In fact, the "others" in most cases would have meet a higher burden, since they are the ones asking for positive action, rather than defending the current state of affairs.