If you are looking for money, you don't look at making games.
That market consistently pays lower then equivilent skilled programmers in other areas. You make games for passion, not for money. In that case, whether you make more or less money then another country is really not relevant.
It is extortion and as stated in another reply, if this works, how long until the next ISP asks for money? Or the next government asks? Or even Cisco asks so that their packets get routed at a higher priority? Or the network card creator asks the same thing?
There are a lot of links in the chain, and if this is allowed to start, the cost per packet could end up being enormous and detrimental to us all.
You are looking at the problem from the wrong direction:
"the fear of losing our jobs and the necessity of supporting our families comes first before the security of highly confidential information"
And so it should.
However, you should put up a case to your higher ups about the business reasons why they need the security measures and that they need to be followed. The higher ups recognise this (in theory) and the practise of lowering security threats is classed as a "punishable offence". If a person's job is security, then their job should rely on that security being properly managed. If a critical security breach happens because of a "low risk" security bug, then heads will roll.
If you can't get the higher ups to understand, sit back, wait for the unavoidable security breach and being your "I told you so" speech. Don't be aggressive, but highlight that with proper measures this can be avoided in the future.
Your options are to either collect evidence and go over the heads of your managers (don't be stupid, do it in an explicitly confidential/anonymous manner) or to sit back and not do anything. I do not recommend doing this without actual solid evidence or the only thing that will happen is a lot of blame passing and eventually you will be known as 'that person', despite your good intentions.
I see this as one area where Google, MS and Yahoo can show some real leadership. Don't hand over any extra money, and if the customer's ISP is a known throttler, then place a message at the top of each page stating "The page you have requested is being slowed down by your internet provider. Click here to find out why and what you can do about it".
If the three biggest websites and their other websites (remember that Google owns YouTube and Yahoo owns Flickr) all put this message on, the backlash against the ISP would be way too big. Remember that speed is relative, especially when downloading webpages. Telling the user to expect the pages slower then usual will give the user the impression it is, even if the ISP hasn't yet started throttling.
Maybe don't go to the extremes of requiring everything to need high security (such as entering the building or doing everyday work), but things such as shutting down the power grid should require extra security. Access to the important controls should have extra security. With security, one size does not fit all.
I'm not an environmental crack pot, but two things make me consider 'peak' to be a unavoidable event:
1) Oil is being used quicker then it is being created. This is known from basic facts about how much oil we use and how it is known to be created (slowly)
2) Oil usage isn't decreasing at a fast enough rate. This is known again from facts about how much oil we use.
The simple mathematics are that if something is being used faster then it is created, it will reach zero. Whether that is now, or in 1000 years, I don't know. All of the data is being obfuscated on both sides for their own gain. The only way that the peak won't occur is if that idea about oil actually being a renewable resource (i.e. (1) above is false) is true, or if we remove our dependency on it so much that our usage doesn't make that much of a dent anymore (i.e. (2) above is made false). I can't see either of these happening, and I can't see the second one happening without the oil tycoons, the companies profiting from oil AND the countries tied in with these companies being force to do so.
Think less in sheer numbers and more in density. If there are 200 million possible 'combinations' (say, 50,000 customers and 4000 movies in a Netflix-like situation), then with 10 million data samples, we only have 5% of the possible data. This means that if we are predicting inside the data scope, we are predicting into an unknown field that is 19 times larger then the known. Say we were looking at 100 million fields, suddenly we have 50% of the possible data, and our unknown field is the same size as the known field. Much more likely to get a result then.
Maybe, but if all email is getting through, then the sysadmin may just add another layer of spam protection. This forces them to fix the fault (the fault being the reliance on an outdated system).
Aside from the above comments of "don't take personal stuff to work" (if your position requires it, then your work needs to get it for you); deal with the ventilation problem. Get a lockable cupboard with fans on the side, and lock you laptop, USB stuff and anything else you don't need to touch frequently in there and run cables. If your keyboard gets stolen by someone yanking the cord out, who cares? It is $15 worth of equipment and the laptop has a keyboard on it if you can't take the delay before you get a new one.
That said, what about moving your off-line app to a server in the server room? I know it isn't always possible to do this, but it would save a lot of pain. Your laptop was designed for burst use, not to be left on all the time. While you will probably be ok, it just adds strain to the components that they weren't designed to handle. The risk of failure increases the more you leave it on continuously. If you have a VMware server or similar, take 10gb of storage and very little resources, setup a virtual machine. When you aren't using it, the resources it uses will be minimal. When you are, it will be ready for you. You can also put the "green case" to your manager: leaving your laptop on uses power, leaving it on a server that will be running anyway has no impact on energy usage.
In any business environment, you must setup your work area on the basis that your computer won't be available tomorrow (fire, stolen, someone else stole your desk). If it ain't on the network, don't rely on it.*
* The full version is "If it ain't on the network, backed up regually including offsite tapes and part of an overall DRP strategy, don't rely on it"
I tend to find things easier in Linux then in Windows, purely for the reason that you can actually go in and change things around. I have been using Linux solely for about a year and use Windows at work. While I experience more problems at work because I am in a helpdesk role for part of my job, I find when problems can't be solved by either restarting the application or computer, reinstalling the application or increasing permissions to certain files, then the problem often has no easy solution. While the above listed steps will fix 90% of problems, those last 10% are often more difficult to solve then many of my Linux related problems, including those that require command line action.
Realistically, I don't see a difficulty difference between the registry editor and the bash command line. Both require you to have some idea of where things are or what they are called before you can start (try using a command line if you don't know what cat is). Both often require searches before you work out how to do something you need to do, both can leave you confused as to why the key/command exists in the way it does and both often don't have a standard 'form' in placement or use.
I may have been lucky in my switch to Linux. Things worked, or worked well enough that I could always work out or find a way, to solve any problem I've run into so far. However, I will disagree completely with your comment on progress. I recently installed Kubuntu on my desktop computer, while I didn't agree with having to boot to a live environment to install*. It took me far less time to install and less steps overall to get everything working, even if you discount that it comes with Open Office. Kubuntu downloaded by graphics card driver and asked me whether I wanted to use that one or the free one. You don't get that service with Windows. I will point out that I have tried some Linux distros on this computer that just couldn't work out my config correctly (the same Debian installer either worked or had difficulty automatically detecting, depending on whether it was a basic or advanced install). For me, I love messing with my computer to try new things, but for now, I need a computer that just works. I am at uni while working and if my computer goes down, I can fall behind in schedule quite quickly. For that reason, I chose Kubuntu, lost some ability to mess with the computer (I can get that back though when I chose, for now though) and have a computer that hasn't given me a problem I didn't cause myself when I just couldn't help myself messing with things.
* if there is a way to install without booting to the live environment, it didn't jump out at me when I put the CD in.
You know, those complex ones you copy and paste from the Ubuntu forums after getting an informative answer to your question.
My boss at work uses the "lack of support" argument to support his general "NO open source" stance. Yet the support I have received from there is a lot better then most of the call centres I have called. The only exceptions are the ones we pay a ridiculous amount of money for "remove the config file and restart the application" support.
A bit late in the discussion now, but for the sake of clarrifacation... Firstly, nothing in my post was intended to be FUD. Secondly, I found what I read, and it was speculative, not factual. That was my bad. Finally, I am a linux supporter. I use it solely at home. I push to get open-source projects used at work (against my bosses wishes).
I can't get a reference, but I read somewhere (may have been on linuxtoday) that said that sales of Linux PCs are typically brought back to the shop, with users complaining about either the lack of windows, or lack of windows-related compatibility. My guess is that in stores were brought back more then online sales (for whatever reason). In this case, while the PCs would of sold out (no suprises, at $200) having them brought back reduces the overall profit.
I agree with your point about plane hijacking, though this type of technology would help protect embassies against a rouge intruder and any area that is open to the public from someone walking in with a bomb hidden just out of view. From a purely maximal strategy, for the terrorists, a car bomb is the best "terror for each loss" return. However losing just a few lives to a suicide bomber is a very bad outcome for those involved.
The loss of some privacy is a concern. I can't see a solution to the "I want to be able to do whatever I want without the government spying on my" versus "I don't want people blowing up bombs next to me" problem. Everyone has that line with this type of security, anything up to the line is an acceptable loss of privacy for security and anything past the line is unacceptable. I would rather prefer going into a building and knowing I can safely walk back out again while some security guard finds out I'm not as fit as I should be. However, with the advancements in image processing recently, I can see these systems hooked up to image recognition that automatically detects for foreign objects and only shows "problem" ones to an actual human. Once the error rate for these programs gets over the error rates for humans, I feel a lot of this technology can be brought in more places, with less loss of privacy.
This used to be a valid point, but Safari ships with OSX and a lot of users get Firefox installed by their tech-savvy friends. Still, there is a very simple way of getting around these problems:
1) No financial institution should ever ask for your email address. Ever. Not as a required field, not as an optional field. The person signing up should be informed that they are deliberately not being asked for this information either.
2) The exception to this: Reminders. These are setup WHILE logged in to the site, and the email address is stored in relation to the reminder, not the account profile (so it will be indirectly linked, but a helpdesk person won't see it when troubleshooting account information).
3) All reminder emails are plain text only, with a clear message informing the user not to trust this email or any other email and to log in to the website by typing the address into a browser only.
Like was said above, people don't need to be stupid, they just need to be out of their expertise. I'm not a security expert, but through my knowledge of computers, I know when I get sent a phishing email, I know how to surf safely. You can't expect everyone to be the same though. This is just a case of needing to inform the users, and to keep reminding them.
* The method shown above is not foolproof, in the case of DNS attacks, or websites with similar names (user types in address, typos, and is sent to another site).
Ironically, very similar reasoning is why I moved to Linux. I got sick of a system that I paid good money for (both as stand-alone and preinstalled) not working, when I can get a free operating system and actually know what is going on.
Since then, the OS has become expendable for me (as I now backup and have separate partitions for data) so if it gets too much, I just install a new OS. When I tried doing that with Windows, I ran into all sorts of problems, mainly with Windows trying to be the boss of my system.
This isn't a counter-attack, just a different view. Each to their own I guess.
What does a human do to read a bluff? He observes his opponent, takes inputs such as bet size and heart rate, applies them to known patterns of bluffers and looks for a match. Sure a human does this without realizing, but little of how this happens is a mystery. Also, how do humans bluff? They just bet at a negative EV play*, and bluffing properly is a matter of knowing the probability that the opponent will call. I am researching applying AI to poker (look out in June for a lot of high quality research from the AAAI Computer Poker Championship) and this sort of argument, "Computers can't bluff, they just run numbers", is both understating what has been achieved in AI in this field and also overstates what humans do. Yes, computer programs aren't quite up to the standard of world class players (Limit poker has achieved this, but not No-Limit), but this game has only a couple of years to go before this milestone is reached. I predict that by the end of the year, we will have high quality bots that can beat 99% of players, and by the end of 2010 No Limit Texas will be a computer dominated game.
The only thing that humans do that AI doesn't (well) is automatically follow a few paths, rather then look at the whole picture. As an example, it has been shown (sorry no reference right now) that some chess grandmasters look only at a couple of moves and then calculate all the possible combinations from there rather then examine every possible move. This drastically speeds up the calculation, however it does miss moves that could be considered the "best". So while this act of "feeling" which is the best move is a good approximation done by humans, it isn't an optimal or maximal play.
As for the article, I don't agree with all of what he says (the idea of nanobots doing what Kurzweil says scares me and I doubt it will be legal to do this), but I do agree with the 2029 prediction, that is if proper resources are given to that particular problem. Replicating humans is a goal in AI for some researchers, but not all of them. Personally, I couldn't care less if there exists a robot that perfectly resembles a human, as long as there are intelligent computers systems that can do the problems that humans find hard (such as finding patterns in very large sets of data or solving complex mathematical equations).
*Technically, it isn't a low EV play if there is a high probability of the opponent folding. In which case, playing the highest EV play naturally involves bluffing if it can be assumed that the opponent will fold to a bet.
Slashdot Mirror
If you are looking for money, you don't look at making games.
That market consistently pays lower then equivilent skilled programmers in other areas. You make games for passion, not for money. In that case, whether you make more or less money then another country is really not relevant.
It is extortion and as stated in another reply, if this works, how long until the next ISP asks for money? Or the next government asks? Or even Cisco asks so that their packets get routed at a higher priority? Or the network card creator asks the same thing?
There are a lot of links in the chain, and if this is allowed to start, the cost per packet could end up being enormous and detrimental to us all.
You are looking at the problem from the wrong direction:
"the fear of losing our jobs and the necessity of supporting our families comes first before the security of highly confidential information"
And so it should.
However, you should put up a case to your higher ups about the business reasons why they need the security measures and that they need to be followed. The higher ups recognise this (in theory) and the practise of lowering security threats is classed as a "punishable offence". If a person's job is security, then their job should rely on that security being properly managed. If a critical security breach happens because of a "low risk" security bug, then heads will roll.
If you can't get the higher ups to understand, sit back, wait for the unavoidable security breach and being your "I told you so" speech. Don't be aggressive, but highlight that with proper measures this can be avoided in the future.
Your options are to either collect evidence and go over the heads of your managers (don't be stupid, do it in an explicitly confidential/anonymous manner) or to sit back and not do anything. I do not recommend doing this without actual solid evidence or the only thing that will happen is a lot of blame passing and eventually you will be known as 'that person', despite your good intentions.
I see this as one area where Google, MS and Yahoo can show some real leadership. Don't hand over any extra money, and if the customer's ISP is a known throttler, then place a message at the top of each page stating "The page you have requested is being slowed down by your internet provider. Click here to find out why and what you can do about it". If the three biggest websites and their other websites (remember that Google owns YouTube and Yahoo owns Flickr) all put this message on, the backlash against the ISP would be way too big. Remember that speed is relative, especially when downloading webpages. Telling the user to expect the pages slower then usual will give the user the impression it is, even if the ISP hasn't yet started throttling.
Maybe don't go to the extremes of requiring everything to need high security (such as entering the building or doing everyday work), but things such as shutting down the power grid should require extra security. Access to the important controls should have extra security. With security, one size does not fit all.
I'm not an environmental crack pot, but two things make me consider 'peak' to be a unavoidable event:
1) Oil is being used quicker then it is being created. This is known from basic facts about how much oil we use and how it is known to be created (slowly)
2) Oil usage isn't decreasing at a fast enough rate. This is known again from facts about how much oil we use.
The simple mathematics are that if something is being used faster then it is created, it will reach zero. Whether that is now, or in 1000 years, I don't know. All of the data is being obfuscated on both sides for their own gain. The only way that the peak won't occur is if that idea about oil actually being a renewable resource (i.e. (1) above is false) is true, or if we remove our dependency on it so much that our usage doesn't make that much of a dent anymore (i.e. (2) above is made false). I can't see either of these happening, and I can't see the second one happening without the oil tycoons, the companies profiting from oil AND the countries tied in with these companies being force to do so.
Take 5% - the 'known', leaves 95% - the 'unknown'. The unknown is 19 times larger then the known.
omgponieslikeinoffice97 ?
Think less in sheer numbers and more in density. If there are 200 million possible 'combinations' (say, 50,000 customers and 4000 movies in a Netflix-like situation), then with 10 million data samples, we only have 5% of the possible data. This means that if we are predicting inside the data scope, we are predicting into an unknown field that is 19 times larger then the known.
Say we were looking at 100 million fields, suddenly we have 50% of the possible data, and our unknown field is the same size as the known field. Much more likely to get a result then.
I am just waiting for the inevitable breaking of Godwin's law.
Maybe, but if all email is getting through, then the sysadmin may just add another layer of spam protection. This forces them to fix the fault (the fault being the reliance on an outdated system).
Aside from the above comments of "don't take personal stuff to work" (if your position requires it, then your work needs to get it for you); deal with the ventilation problem. Get a lockable cupboard with fans on the side, and lock you laptop, USB stuff and anything else you don't need to touch frequently in there and run cables. If your keyboard gets stolen by someone yanking the cord out, who cares? It is $15 worth of equipment and the laptop has a keyboard on it if you can't take the delay before you get a new one.
That said, what about moving your off-line app to a server in the server room? I know it isn't always possible to do this, but it would save a lot of pain. Your laptop was designed for burst use, not to be left on all the time. While you will probably be ok, it just adds strain to the components that they weren't designed to handle. The risk of failure increases the more you leave it on continuously. If you have a VMware server or similar, take 10gb of storage and very little resources, setup a virtual machine. When you aren't using it, the resources it uses will be minimal. When you are, it will be ready for you. You can also put the "green case" to your manager: leaving your laptop on uses power, leaving it on a server that will be running anyway has no impact on energy usage.
In any business environment, you must setup your work area on the basis that your computer won't be available tomorrow (fire, stolen, someone else stole your desk). If it ain't on the network, don't rely on it.*
* The full version is "If it ain't on the network, backed up regually including offsite tapes and part of an overall DRP strategy, don't rely on it"
And me without any mod points... thanks!
I tend to find things easier in Linux then in Windows, purely for the reason that you can actually go in and change things around. I have been using Linux solely for about a year and use Windows at work. While I experience more problems at work because I am in a helpdesk role for part of my job, I find when problems can't be solved by either restarting the application or computer, reinstalling the application or increasing permissions to certain files, then the problem often has no easy solution. While the above listed steps will fix 90% of problems, those last 10% are often more difficult to solve then many of my Linux related problems, including those that require command line action.
Realistically, I don't see a difficulty difference between the registry editor and the bash command line. Both require you to have some idea of where things are or what they are called before you can start (try using a command line if you don't know what cat is). Both often require searches before you work out how to do something you need to do, both can leave you confused as to why the key/command exists in the way it does and both often don't have a standard 'form' in placement or use.
I may have been lucky in my switch to Linux. Things worked, or worked well enough that I could always work out or find a way, to solve any problem I've run into so far. However, I will disagree completely with your comment on progress. I recently installed Kubuntu on my desktop computer, while I didn't agree with having to boot to a live environment to install*. It took me far less time to install and less steps overall to get everything working, even if you discount that it comes with Open Office. Kubuntu downloaded by graphics card driver and asked me whether I wanted to use that one or the free one. You don't get that service with Windows. I will point out that I have tried some Linux distros on this computer that just couldn't work out my config correctly (the same Debian installer either worked or had difficulty automatically detecting, depending on whether it was a basic or advanced install). For me, I love messing with my computer to try new things, but for now, I need a computer that just works. I am at uni while working and if my computer goes down, I can fall behind in schedule quite quickly. For that reason, I chose Kubuntu, lost some ability to mess with the computer (I can get that back though when I chose, for now though) and have a computer that hasn't given me a problem I didn't cause myself when I just couldn't help myself messing with things.
* if there is a way to install without booting to the live environment, it didn't jump out at me when I put the CD in.
You know, those complex ones you copy and paste from the Ubuntu forums after getting an informative answer to your question.
My boss at work uses the "lack of support" argument to support his general "NO open source" stance. Yet the support I have received from there is a lot better then most of the call centres I have called. The only exceptions are the ones we pay a ridiculous amount of money for "remove the config file and restart the application" support.
A bit late in the discussion now, but for the sake of clarrifacation...
Firstly, nothing in my post was intended to be FUD. Secondly, I found what I read, and it was speculative, not factual. That was my bad. Finally, I am a linux supporter. I use it solely at home. I push to get open-source projects used at work (against my bosses wishes).
I can't get a reference, but I read somewhere (may have been on linuxtoday) that said that sales of Linux PCs are typically brought back to the shop, with users complaining about either the lack of windows, or lack of windows-related compatibility. My guess is that in stores were brought back more then online sales (for whatever reason). In this case, while the PCs would of sold out (no suprises, at $200) having them brought back reduces the overall profit.
Weird, that's not what your wikipedia page says...
I agree with your point about plane hijacking, though this type of technology would help protect embassies against a rouge intruder and any area that is open to the public from someone walking in with a bomb hidden just out of view. From a purely maximal strategy, for the terrorists, a car bomb is the best "terror for each loss" return. However losing just a few lives to a suicide bomber is a very bad outcome for those involved.
The loss of some privacy is a concern. I can't see a solution to the "I want to be able to do whatever I want without the government spying on my" versus "I don't want people blowing up bombs next to me" problem. Everyone has that line with this type of security, anything up to the line is an acceptable loss of privacy for security and anything past the line is unacceptable. I would rather prefer going into a building and knowing I can safely walk back out again while some security guard finds out I'm not as fit as I should be. However, with the advancements in image processing recently, I can see these systems hooked up to image recognition that automatically detects for foreign objects and only shows "problem" ones to an actual human. Once the error rate for these programs gets over the error rates for humans, I feel a lot of this technology can be brought in more places, with less loss of privacy.
Highly secure RFID tags.
This used to be a valid point, but Safari ships with OSX and a lot of users get Firefox installed by their tech-savvy friends. Still, there is a very simple way of getting around these problems:
1) No financial institution should ever ask for your email address. Ever. Not as a required field, not as an optional field. The person signing up should be informed that they are deliberately not being asked for this information either.
2) The exception to this: Reminders. These are setup WHILE logged in to the site, and the email address is stored in relation to the reminder, not the account profile (so it will be indirectly linked, but a helpdesk person won't see it when troubleshooting account information).
3) All reminder emails are plain text only, with a clear message informing the user not to trust this email or any other email and to log in to the website by typing the address into a browser only.
Like was said above, people don't need to be stupid, they just need to be out of their expertise. I'm not a security expert, but through my knowledge of computers, I know when I get sent a phishing email, I know how to surf safely. You can't expect everyone to be the same though. This is just a case of needing to inform the users, and to keep reminding them.
* The method shown above is not foolproof, in the case of DNS attacks, or websites with similar names (user types in address, typos, and is sent to another site).
Does the following count as patent infringement?:
//Do stuff
//Do stuff
DB Table: Users
PK: userID (int)
Field: name (varchar)
DB Table: Class
PK: classID (int)
Field: Lecturer (Users.userID)
Field: Student (Users.userID)
Method: access
if (Class.isLecturer(curUser)){
}else if (Class.isStudent(curUser)){
}
I did a project like that in high school.
(late reply, if you are interested) Alpha beta pruning works, but depends on choosing good first moves.
Ironically, very similar reasoning is why I moved to Linux. I got sick of a system that I paid good money for (both as stand-alone and preinstalled) not working, when I can get a free operating system and actually know what is going on.
Since then, the OS has become expendable for me (as I now backup and have separate partitions for data) so if it gets too much, I just install a new OS. When I tried doing that with Windows, I ran into all sorts of problems, mainly with Windows trying to be the boss of my system.
This isn't a counter-attack, just a different view. Each to their own I guess.
What does a human do to read a bluff? He observes his opponent, takes inputs such as bet size and heart rate, applies them to known patterns of bluffers and looks for a match. Sure a human does this without realizing, but little of how this happens is a mystery. Also, how do humans bluff? They just bet at a negative EV play*, and bluffing properly is a matter of knowing the probability that the opponent will call. I am researching applying AI to poker (look out in June for a lot of high quality research from the AAAI Computer Poker Championship) and this sort of argument, "Computers can't bluff, they just run numbers", is both understating what has been achieved in AI in this field and also overstates what humans do. Yes, computer programs aren't quite up to the standard of world class players (Limit poker has achieved this, but not No-Limit), but this game has only a couple of years to go before this milestone is reached. I predict that by the end of the year, we will have high quality bots that can beat 99% of players, and by the end of 2010 No Limit Texas will be a computer dominated game.
The only thing that humans do that AI doesn't (well) is automatically follow a few paths, rather then look at the whole picture. As an example, it has been shown (sorry no reference right now) that some chess grandmasters look only at a couple of moves and then calculate all the possible combinations from there rather then examine every possible move. This drastically speeds up the calculation, however it does miss moves that could be considered the "best". So while this act of "feeling" which is the best move is a good approximation done by humans, it isn't an optimal or maximal play.
As for the article, I don't agree with all of what he says (the idea of nanobots doing what Kurzweil says scares me and I doubt it will be legal to do this), but I do agree with the 2029 prediction, that is if proper resources are given to that particular problem. Replicating humans is a goal in AI for some researchers, but not all of them. Personally, I couldn't care less if there exists a robot that perfectly resembles a human, as long as there are intelligent computers systems that can do the problems that humans find hard (such as finding patterns in very large sets of data or solving complex mathematical equations).
*Technically, it isn't a low EV play if there is a high probability of the opponent folding. In which case, playing the highest EV play naturally involves bluffing if it can be assumed that the opponent will fold to a bet.