If I know your ID number I can then steal your USB dongle and be you? Or kill you and then "100%" prove I _am_ you?
I suppose a pin could be added to protect against simple theft, with a security flag set if too many wrong guesses are detected. There's no real technical solution if someone is willing to murder you for your identity. I recommend a 12 gauge shotgun instead.
How much are these devices?
I've seen similar devices like the Yubikey for $25 to $50. I'd bet they could be mass produced for about $10 to $15 each at the numbers required to distribute them to the entire population of a country.
What if I don't have a computer or internet connection - say I'm traveling in a backwater like USA instead of SK:D
Har, har.;-) Keep in mind this is for security authenticating identity online, in the typical places where you'd need a national ID now. The typical reasons for doing that are to open financial accounts, like banks or credit cards, or signing up for government services. In SK, they're apparently used for more things, like online games. Even so, these are not things you'd typically do while traveling. Your passport should suffice for most normal transactions out of country. In general, I'd imagine most people would not wish to carry this device with them at all times because of it's inherent value.
For those that don't have a computer or internet connection of any sort (which is increasingly rare), you'd probably be required to meet with someone who could authenticate your identity for you in person through a device of their own - any smartphone would be capable of doing this, so the bar isn't that high.
a secret between you, your employer, your insurer, your financial institution, and the government.
And that's precisely why in today's world, such a system is broken by default.
It's fine for identification, but we should stop screwing around with a simple 10-digit numbers as a means of authentication. Rather, as citizens, we should be given a tamper-resistant USB hardware dongle that contains a completely secret private key (which literally NO ONE knows - a completely random 256-bit number generated at manufacturing) with a read-only API to decrypt messages created with the public key. The government then officially associates that device's PUBLIC key with our SSID. Even if we lose control of our SSID, only someone with that hardware dongle can definitely prove they are who they say they are, even online.
This way, we can easily and securely authenticate ourselves online for important transactions, like securing a loan or a credit card, or signing up for a service which would otherwise require your SSID today (like a health plan). The organization would request the public key for a given SSID from a public government database. The organization then would need to query that hardware device, which shouldn't be too much more difficult than what some second-factor authentication devices already do today.
If the dongle is lost, stolen, or breaks, we go into our local Social Security office (like I recently had to do for a new SSID card), prove we are who we say we are to a human being, and we purchase a new dongle and public key, which is then associated with our existing SSID. Existing accounts should only care about your SSID and the fact that you authorized correctly once. It's only when you need to authorize your identity again would the new public key be read from a central government repository.
This seems way too easy for me, so I'm sure I'm missing something. Any thoughts on why this might not work?
Yep, for me the issue is simply one of safety. I currently don't block ads in particular, but I refuse to allow scripting, which actually ends up blocking most of them as a side-effect. Just the other day Forbes.com was found to be serving ads that were trying to infect visitors through a Flash vulnerability, which of course was launched via scripting.
I understand that using no-script is probably too high a burden for most users, and honestly, it's a bit of a pain even for me. I'm considering using uBlock Origin instead of noscript. That will kill most advertisement that I'm currently fine with viewing. I'm not likely to grant exceptions, because that will mean turning scripting on for remote, untrusted sites.
Sorry advertisers and webmasters. You guys are pulling shit from literally dozens and dozens of different domains, and you have NO idea if that code is actually safe to execute on my machine or not. But it's profitable, so you don't care. Enough is enough. If you don't curb the ability for advertising agencies to run arbitrary code on my machine, I'm not going to let you serve ANY ads to me, period. These ad agents are performing real-time bidding, followed by redirection after redirection, so no one ever really knows when or where malware will come from. In short, safety can't be guaranteed. Not even close.
I agree that this reads like nonsense - pure corporate-speak.
“Traditional companies in this industry think linear,” he argued. “You’ve got to think exponentially. You’ve got to reinvent yourself as a leader, your organisation structure and a company.
This is about the former Cisco CEO talking about himself and how brilliant a leader he is. I read through the entire article, and didn't get a clue as to what role the government should actually have, at least in specifics. Perhaps I'm not smart enough to think exponentially like him, so I might have missed it.
I agree that VW should not be punished to the extent that they go out of business. They should, however, be punished to a degree that is proportional to the willful disregard of the rules and regulations by which they're supposed to be bound. It's this notion of intentional and blatant cheating, I think, that everyone is so upset about, not the actual damages incurred, which, honestly, are probably minimal.
Note that you can draw some interesting comparisons over the $900 million in fines and millions of vehicle recalls by GM due to faulty ignition switches. While the ignition switches didn't represent any initial fraud or deception, the decision was made to prioritize profits over actual human lives (which they were well aware of), something far more serious than what VW did, even if VW was the result of deliberate wrongdoing initially.
I think it will be interesting to compare the fines of VW and GM. If VW is fined as much or more than GM, who's decisions literally killed people in order to save money, then I think there may be a cause to complain that the fines are excessive. Until then, we need to put as much pressure on VW as possible to ensure they come completely clean with all the records. This will be best for VW and other automakers in the long run anyhow.
Yeah, I realize they're not the same problem... I was just reminiscing a bit about a slightly different problem that I spent some time thinking about as a student.
Another string-related problem I had fun figuring out (essentially re-inventing a variation of the Levenshtein distance formula) was a closest-match algorithm, say, for common search strings that are slightly misspelled, or as a spell-checker finding a closest potential match. A decent solution to this problem isn't terribly hard, but does require a bit of ingenuity. I'd imagine the folks at Google have a pretty impressive algorithm for doing this.
For whatever reason, these sorts of problems feel like CS-oriented puzzles to me, and I enjoy working on them. Often, if I see an algorithm which intrigues me, I'll expend some brain power theorizing how they work before I research how other people have approached or solved the problem so far. Reverse image searching and closest image matching were one example of this. I puzzled for quite a while about the best way to boil an image down to simple database-searchable numerical values that can be quickly queried and checked for ranges.
This article reminded me of learning about string-matching algorithms as a student. When you first naively implement a string-matching algorithm as a student yourself (sans prior research), you'd generally start with what I'd call the string-matching equivalent of a bubble sort - it works, but it's hopelessly inefficient, as you begin a simple search with each new character in the source text, backtracking if the match doesn't occur, and checking the next potential match.
When you try to get a bit more clever, you realize there's probably a way to ensure that you can get examine each character in the searched text once and only once, never having to backtrack at all, and you get something like the Knuth–Morris–Pratt algorithm.
However, it takes a fairly impressive leap of intuition / invention to get to the Boyer–Moore string search algorithm, which actually allows you to skip over checking some characters entirely, which I would have intuitively thought impossible without making that mental leap. Learning about these impressive algorithms was one of my favorite part of the Computer Science curriculum when I was in school.
It will be interesting to see if someone eventually breaks through the current state-of-the-art limits of string comparison in our lifetime. It would be a bit sad if the hypothetical maximum efficiency were already reached, as was predicted by these mathematical models, because the current best algorithms still require a lot of computation time. I've long since devoted myself to more practical topics as a working programmer, but it's fun to peek into what's happening at the bleeding edge of pure computer science research.
Yep, that's very true. Still, I have a feeling had he been well-educated or of noble birth, he would have been taken much more seriously, even despite the committee's predilection for an astronomical solution.
Chip-and-pin is no more secure than magswipes, it contains the same data and can often broadcast the data a 100m around you through RFID activation.
You're mistaken about a few point. First, these cards use near field communication technology, not RFID, and is readable at a distance of less than a few centimeters. Second, the card doesn't re-broadcast your credit card number. It uses on-card encryption to respond to queries without ever giving away the private key. And third, each transaction has a unique code generated by the card itself for each transaction, so replay attacks are not possible. This makes things like ATM skimmers much less practical for these types of cards, as the cards are difficult to reproduce with only externally-available data.
You should really read up a bit on the technology to see how things things really work. Chip-and-pin is definitely more secure than the old magnetic strips we use here.
You're simply focusing on the idealized mechanics, and ignoring the real world requirements of the device. Such a machine needs to be:
* Affordable - the machine has to pay for itself in a reasonable amount of time. * Reliable - a business will rely on this machine for it's daily revenue, and so it has to be extremely resistant to mechanical or electronic failures, and must produce high-quality products. * Flexible - it must be programmable, easily integrated into proprietary ordering systems, and be mechanically capable of creating a wide variety of hamburgers. * Easy to use - the machine must be operated, stocked, and maintained by typical fast food workers. * Safe - it must be easy to clean or sanitize, resist bacterial growth, and safeguard against mechanical accidents involving workers.
Naturally, you could pretty easily design a machine if you had an unlimited budget, or didn't care about the reliability of it's more fiddly mechanics, and so on. Being able to check off ALL these boxes is the tricky part. And of course, it's "trivial" to build anything when you're just imagining how it might work, or sketching an idea out on a napkin, or don't have to concern yourself with how to mass-produce the thing. As with most real-life projects, the devil is in the details.
I never read the book, but watched a really interesting documentary about his lifelong pursuit of that prize. It's really quite fascinating if you have any interest in maritime history.
It's also a bit sad how he was completely snubbed and denied proper credit for his inventions (in addition to the monetary prize for many years) at the time simply because of his social status (a relatively uneducated craftsman). From what I remember, it literally took the King of England to force the issue after he saw those amazing devices in action, and heard how irrationally stubborn the prize committee was being.
Maybe this works for regular burgers. Can this machine make a Big Mac, with it's three buns and two meat patties? How about bacon burgers? Can it fry up the bacon? Chicken burgers, with breaded or grilled patties? How hard it is to reprogram for new specialty items? What about your local Taco Time? They've got all sorts of menu items that require a wide variety of preparation techniques, and they add new products all the time.
Any sort of device that could effectively prepare all those items would be enormously complex and expensive. And after all that, you're still going to need humans to keep it stocked, cleaned, and maintained. This machine might have a future in a restaurant that had a menu designed exclusively around what these machines can produce, but would people really want to eat there, with nothing but vanilla burgers served? Does anyone really care about the "mix" of meats used, as the company is promoting as a future feature? No, I think fry cooks are going to be around for a while yet.
Yes, robots are coming, but I think people overestimate how well they'll do at any task that requires real hand-eye coordination or any sort of flexibility, at least for the foreseeable future. Restaurants and many other small specialty shops don't necessarily benefit from economy of scale like warehouses or assembly-line factories do.
I read the article, and failed to see how this had anything to do with IoT, other than the fact that the speaker was at an IoT conference. Maybe it's because orders placed on the internet are eventually routed to a command and control system that order these robots around? Or perhaps because IoT is a hot buzzword, and that robots just aren't cool enough by themselves?
Also, this line was hilarious:
To encourage workers to see robots as companions, each unit is given a different name by an Amazon employee, and the name is entered into the system, so workstation workers can refer to them by name instead of a serial number.
And yet, when they show a picture of a robot, right on the front is a big number "12828", not the name it was given. Either that, or some Amazon employee has a very limited imagination when it comes to naming robots.
My experience has been different. My two machines at home are essentially work machines for me, and as such, have a huge number of development tools, or audio/music tools, both of which together would probably take nearly a week of work to bring back from a clean install. On each machine, there are dozens of programs installed, all of which are important for my work, not to mention a few for entertainment (Steam, etc)
As such, I decided to try in-place upgrade, and it was absolutely flawless. I've seen absolutely no problems on either machine. It's almost been a month since the upgrade, so I'll be deleting the Windows.old folder soon. Obviously, I'm a data point of one, so you can't extrapolate too much from that, but I haven't heard much about wide-spread in-place installation issues.
My advice would be: if you're happy with your current Windows 7 or 8.1 setup, use the in-place upgrade. All your settings, programs, and data are nicely preserved for you, and you're up and running in just a couple of hours. This also automatically activates your machine. If you don't like what's happened, you have the option of completely rolling back, or you can just wipe and re-install from scratch if you want. You'll have only wasted a couple of hours, after all. Also, one nice thing is that the in-place upgrade understood that I was using a local account, and never even bothered asking me to sign up for a Microsoft account, which I didn't want to use.
Isn't it pretty much a tautology to accuse a corporation of wanting to make a profit? That's sort of like accusing the Pope of wanting to promote Catholicism.
For every person like you who may be qualified to do the job safely, there are probably many dozens that would still attempt this themselves simply for the cost savings, and risk injuring / electrocuting themselves, after which their families would sue the bejezus out of Honda.
While there certainly may be a profit motive here, I wouldn't discount a fear of lawsuits.
Yep, that sounds plausible... If I had to guess, I'd also say that the planners were probably so fixated on the horrifically complex logistics of landing troops and followup supplies on the beach that everything else seemed unimportant by comparison.
We know that the allies had ridiculously optimistic timetables as well, so perhaps overconfidence played a role as well. For instance, UK troops had originally planned to take the town of Caen as part of their D-Day objectives. Instead, thanks to German armor units and ongoing reinforcements, the fight for Caen dragged on for two months. There was a very real danger that the western front would turn into a contained, meat-grinder stalemate, like the northward advance up the Italian boot.
That's partly why this "tank hack" was important - it provided a means for US troops to start advancing through the hedgerows with greater efficiency, and eventually led to the breakthrough into open country, thanks also in part to the distraction of an intense UK attack as well. It was then that Gen. Patton was allowed to run wild with bold, lightning-fast armored thrusts, which was what he was so good at. And of course, ultimately, that breakout and subsequent actions finally sent the Germans reeling back on the western front.
Incidentally, I didn't actually know Roberts had given Culin the idea for the device. I'm glad to see he's given his historical due for the idea, even if it only ends up mostly as a footnote.
I had to look this up, because I was wondering how the heck it would take 40+ years to finish building a nuclear reactor. Apparently, the construction was started in 1973 but halted in 1988, then restarted in 2006 again. It's very close to completion - either end of this year or early next year.
Sort of sad that we're just now opening a reactor with state-of-the-art 1970's technology here in 2015.
Yep, it's an awesome improvised hack. I'm a WW2 history aficionado, so of course I'd heard about this before.
For all the unbelievably thorough preparations made for the allied invasion, historians and laypersons alike have always found it fascinating or puzzling that apparently no thought was given to the potential tactical disadvantages the bocage (hedgerows) would have on the allied advance, or how the allies might try to cope with it. It took a lone Sergeant in the Army tank corps to come up with a reasonable solution to the problem. I suppose nothing tends to motivate you like facing a potentially lethal situation.
I'd rank it up there with the CO2 scrubber hack on the Apollo 13 mission.
Anything sounds scary if you shine a flashlight under your face and read it in a low, spooky voice.
A lot of fairly innocuous stuff meant for large-scale corporate system administrators sounds positively Orwellian when applied to you personal computer. To put it bluntly, yes, corporate IT essentially has a "backdoor" into all the machines they administer. This is for the purpose of managing and maintaining a fleet of computers - for instance, it's useful to be able to apply patches and perform security scans in the middle of the night, even if a machine has been powered off. And as you mention yourself, we've been using this technology for many years now.
I'm not discounting the fact that nefarious actors would love to get universal access like this, but you can't get around the fact that these systems don't ping home, as it would be easy to detect, and would cause an international shitstorm if it were discovered. And any incoming attempt to access them from external sources is easily blocked by a simple router or firewall.
When I was working on a videogame a number of years ago, I was asked by the publisher to come up with an initial schedule. We had a more or less fixed deadline, and while we knew roughly what we were going to be working on, the design phase of the game hadn't even begun. I started working on a very rough outline of the phases of the game development based on my previous experience with such projects. Naturally, it was somewhat vague, because we didn't have a design yet.
The publisher rejected the timeline proposal, complaining that it didn't enumerate specific tasks in enough detail. For a year long project, they wanted each task broken down into 2-3 day increments optimally, and no more than one-week tasks. The only thing I could do was to break each task into more techno-babble bullshit, but it really just muddied things. Still not happy with my work, they found someone else to create a nonsensical schedule with lots of detailed tasks that were pulled out of the air. That was then our fixed schedule for the game which, again, hadn't yet been designed. It was entered into a clunky custom project manager we used, and whenever a task came due, we dutifully marked it off as "checked" whatever it was - it certainly had no relation to reality. But we were right on schedule!
What we actually ended up using was a simple Excel spreadsheet with all the *real* tasks listed, and assigned to each person. The project manager kept it organized for us, and as the project evolved, we drilled down and refined the tasks from larger goals to specific items. We had a list of features from core to "nice to have", and we kept focus on what we needed to do first, and only added the superfluous features later in the project. It was just common sense to us, and not surprisingly, it worked fairly well.
I always chuckle a bit at how people/organizations keep looking for some magical "methodology", which needs a fancy name to identify it, with method-specific terms and rules. In my opinion, the more you formalize stuff like this, the more likely you are to value process over projection, and you'll just end up getting mired in that process instead of focusing on the product. I like a lot of the concepts of "agile", but I just cringe whenever I hear about "sprints", "user stories", "stand-up meetings", and so on.
And creating a hashtag-based term doesn't provide any new insight.
Question: The summary and article is talking about the user's data that's collected. Is this data considered sensitive, other than the fact that one could potentially determine if someone is home or not if collected in real time? Do these smart-meters collect more than gas, power, and water usage? If it's just utility metrics, does anyone really care all that much about that? I'm trying to figure out how if any sort of data-leakage could really negatively affect someone. Maybe I'm just not imaginative enough.
Getting the meter hacked could be annoying or expensive, but probably not a catastrophe, as you'd simply dispute any ridiculous charges. Naturally, that's always an issue with any device tied to infrastructure.
As for using a proprietary network and protocol, I'd hope that the UK required exact documentation of what they're using, and how it works. That way, if the company goes belly up, another company could provide similar reading services based on those protocols. Of course, government bureaucracies being what they are, I guess I wouldn't be surprised if no one thought to do that.
That's certainly true. I suppose one could make two arguments about selfies:
1) People are taking pictures of themselves, not only diverting their attention in a potentially dangerous situation, but literally turning their backs to it. 2) People are trying to frame themselves in an interesting photo, and are in essence "daring themselves" to do something outrageous or risky for the benefit of the photograph in question.
As such, there may be a slightly elevated risk of freak accidents while trying to take a selfie, because of these two factors combined. Normally, it would just be one or the other.
I remember lots of stories about idiots being injured or killed by wildlife in Yellowstone or elsewhere before selfies were a thing, but a lot of examples *were* apparently about getting a good shot with a camera. For example, a NY woman recently on safari rolled down her window, and subsequently took pictures of a lioness right up to the moment it jumped through the window and ate her. As for the animal-related incidents, I simply subscribe it to the fact that fear of nature has been largely bred out of us here in the first world, having tamed it (more or less) long ago.
With billions of us on the planet, it's inevitable that people will have freak accidents. I suppose it's natural to tell yourself that *you* would never be so foolish, but let's face it, everyone has done foolish things at some point in our lives. Still... well, I would never try to pet a wild bison or roll down a window to take pictures of a lioness just a few feet away from me.
Reflection and automatic memory management have almost no runtime cost. In fact, C++ pretty much offers both.
In both C# and Java, using reflection is extremely expensive. And C++ most certainly does not have reflection (or "introspection"). Reflection is the ability to query an unknown class, interface, or method at runtime for it's structure and data elements. This requires language-standardized runtime metadata that can be queried and inspected. C++ has no such metadata built-in, and as such, no reflection.
And comparing C#/Java vs C++ automatic memory management schemes are pretty much apples vs oranges (garbage collection vs smart pointers/RAII).
Slashdot Mirror
If I know your ID number I can then steal your USB dongle and be you? Or kill you and then "100%" prove I _am_ you?
I suppose a pin could be added to protect against simple theft, with a security flag set if too many wrong guesses are detected. There's no real technical solution if someone is willing to murder you for your identity. I recommend a 12 gauge shotgun instead.
How much are these devices?
I've seen similar devices like the Yubikey for $25 to $50. I'd bet they could be mass produced for about $10 to $15 each at the numbers required to distribute them to the entire population of a country.
What if I don't have a computer or internet connection - say I'm traveling in a backwater like USA instead of SK :D
Har, har. ;-) Keep in mind this is for security authenticating identity online, in the typical places where you'd need a national ID now. The typical reasons for doing that are to open financial accounts, like banks or credit cards, or signing up for government services. In SK, they're apparently used for more things, like online games. Even so, these are not things you'd typically do while traveling. Your passport should suffice for most normal transactions out of country. In general, I'd imagine most people would not wish to carry this device with them at all times because of it's inherent value.
For those that don't have a computer or internet connection of any sort (which is increasingly rare), you'd probably be required to meet with someone who could authenticate your identity for you in person through a device of their own - any smartphone would be capable of doing this, so the bar isn't that high.
a secret between you, your employer, your insurer, your financial institution, and the government.
And that's precisely why in today's world, such a system is broken by default.
It's fine for identification, but we should stop screwing around with a simple 10-digit numbers as a means of authentication. Rather, as citizens, we should be given a tamper-resistant USB hardware dongle that contains a completely secret private key (which literally NO ONE knows - a completely random 256-bit number generated at manufacturing) with a read-only API to decrypt messages created with the public key. The government then officially associates that device's PUBLIC key with our SSID. Even if we lose control of our SSID, only someone with that hardware dongle can definitely prove they are who they say they are, even online.
This way, we can easily and securely authenticate ourselves online for important transactions, like securing a loan or a credit card, or signing up for a service which would otherwise require your SSID today (like a health plan). The organization would request the public key for a given SSID from a public government database. The organization then would need to query that hardware device, which shouldn't be too much more difficult than what some second-factor authentication devices already do today.
If the dongle is lost, stolen, or breaks, we go into our local Social Security office (like I recently had to do for a new SSID card), prove we are who we say we are to a human being, and we purchase a new dongle and public key, which is then associated with our existing SSID. Existing accounts should only care about your SSID and the fact that you authorized correctly once. It's only when you need to authorize your identity again would the new public key be read from a central government repository.
This seems way too easy for me, so I'm sure I'm missing something. Any thoughts on why this might not work?
Yep, for me the issue is simply one of safety. I currently don't block ads in particular, but I refuse to allow scripting, which actually ends up blocking most of them as a side-effect. Just the other day Forbes.com was found to be serving ads that were trying to infect visitors through a Flash vulnerability, which of course was launched via scripting.
I understand that using no-script is probably too high a burden for most users, and honestly, it's a bit of a pain even for me. I'm considering using uBlock Origin instead of noscript. That will kill most advertisement that I'm currently fine with viewing. I'm not likely to grant exceptions, because that will mean turning scripting on for remote, untrusted sites.
Sorry advertisers and webmasters. You guys are pulling shit from literally dozens and dozens of different domains, and you have NO idea if that code is actually safe to execute on my machine or not. But it's profitable, so you don't care. Enough is enough. If you don't curb the ability for advertising agencies to run arbitrary code on my machine, I'm not going to let you serve ANY ads to me, period. These ad agents are performing real-time bidding, followed by redirection after redirection, so no one ever really knows when or where malware will come from. In short, safety can't be guaranteed. Not even close.
I agree that this reads like nonsense - pure corporate-speak.
“Traditional companies in this industry think linear,” he argued. “You’ve got to think exponentially. You’ve got to reinvent yourself as a leader, your organisation structure and a company.
This is about the former Cisco CEO talking about himself and how brilliant a leader he is. I read through the entire article, and didn't get a clue as to what role the government should actually have, at least in specifics. Perhaps I'm not smart enough to think exponentially like him, so I might have missed it.
I agree that VW should not be punished to the extent that they go out of business. They should, however, be punished to a degree that is proportional to the willful disregard of the rules and regulations by which they're supposed to be bound. It's this notion of intentional and blatant cheating, I think, that everyone is so upset about, not the actual damages incurred, which, honestly, are probably minimal.
Note that you can draw some interesting comparisons over the $900 million in fines and millions of vehicle recalls by GM due to faulty ignition switches. While the ignition switches didn't represent any initial fraud or deception, the decision was made to prioritize profits over actual human lives (which they were well aware of), something far more serious than what VW did, even if VW was the result of deliberate wrongdoing initially.
I think it will be interesting to compare the fines of VW and GM. If VW is fined as much or more than GM, who's decisions literally killed people in order to save money, then I think there may be a cause to complain that the fines are excessive. Until then, we need to put as much pressure on VW as possible to ensure they come completely clean with all the records. This will be best for VW and other automakers in the long run anyhow.
Yeah, I realize they're not the same problem... I was just reminiscing a bit about a slightly different problem that I spent some time thinking about as a student.
Another string-related problem I had fun figuring out (essentially re-inventing a variation of the Levenshtein distance formula) was a closest-match algorithm, say, for common search strings that are slightly misspelled, or as a spell-checker finding a closest potential match. A decent solution to this problem isn't terribly hard, but does require a bit of ingenuity. I'd imagine the folks at Google have a pretty impressive algorithm for doing this.
For whatever reason, these sorts of problems feel like CS-oriented puzzles to me, and I enjoy working on them. Often, if I see an algorithm which intrigues me, I'll expend some brain power theorizing how they work before I research how other people have approached or solved the problem so far. Reverse image searching and closest image matching were one example of this. I puzzled for quite a while about the best way to boil an image down to simple database-searchable numerical values that can be quickly queried and checked for ranges.
This article reminded me of learning about string-matching algorithms as a student. When you first naively implement a string-matching algorithm as a student yourself (sans prior research), you'd generally start with what I'd call the string-matching equivalent of a bubble sort - it works, but it's hopelessly inefficient, as you begin a simple search with each new character in the source text, backtracking if the match doesn't occur, and checking the next potential match.
When you try to get a bit more clever, you realize there's probably a way to ensure that you can get examine each character in the searched text once and only once, never having to backtrack at all, and you get something like the Knuth–Morris–Pratt algorithm.
However, it takes a fairly impressive leap of intuition / invention to get to the Boyer–Moore string search algorithm, which actually allows you to skip over checking some characters entirely, which I would have intuitively thought impossible without making that mental leap. Learning about these impressive algorithms was one of my favorite part of the Computer Science curriculum when I was in school.
It will be interesting to see if someone eventually breaks through the current state-of-the-art limits of string comparison in our lifetime. It would be a bit sad if the hypothetical maximum efficiency were already reached, as was predicted by these mathematical models, because the current best algorithms still require a lot of computation time. I've long since devoted myself to more practical topics as a working programmer, but it's fun to peek into what's happening at the bleeding edge of pure computer science research.
Yep, that's very true. Still, I have a feeling had he been well-educated or of noble birth, he would have been taken much more seriously, even despite the committee's predilection for an astronomical solution.
Chip-and-pin is no more secure than magswipes, it contains the same data and can often broadcast the data a 100m around you through RFID activation.
You're mistaken about a few point. First, these cards use near field communication technology, not RFID, and is readable at a distance of less than a few centimeters. Second, the card doesn't re-broadcast your credit card number. It uses on-card encryption to respond to queries without ever giving away the private key. And third, each transaction has a unique code generated by the card itself for each transaction, so replay attacks are not possible. This makes things like ATM skimmers much less practical for these types of cards, as the cards are difficult to reproduce with only externally-available data.
You should really read up a bit on the technology to see how things things really work. Chip-and-pin is definitely more secure than the old magnetic strips we use here.
You're simply focusing on the idealized mechanics, and ignoring the real world requirements of the device. Such a machine needs to be:
* Affordable - the machine has to pay for itself in a reasonable amount of time.
* Reliable - a business will rely on this machine for it's daily revenue, and so it has to be extremely resistant to mechanical or electronic failures, and must produce high-quality products.
* Flexible - it must be programmable, easily integrated into proprietary ordering systems, and be mechanically capable of creating a wide variety of hamburgers.
* Easy to use - the machine must be operated, stocked, and maintained by typical fast food workers.
* Safe - it must be easy to clean or sanitize, resist bacterial growth, and safeguard against mechanical accidents involving workers.
Naturally, you could pretty easily design a machine if you had an unlimited budget, or didn't care about the reliability of it's more fiddly mechanics, and so on. Being able to check off ALL these boxes is the tricky part. And of course, it's "trivial" to build anything when you're just imagining how it might work, or sketching an idea out on a napkin, or don't have to concern yourself with how to mass-produce the thing. As with most real-life projects, the devil is in the details.
I never read the book, but watched a really interesting documentary about his lifelong pursuit of that prize. It's really quite fascinating if you have any interest in maritime history.
It's also a bit sad how he was completely snubbed and denied proper credit for his inventions (in addition to the monetary prize for many years) at the time simply because of his social status (a relatively uneducated craftsman). From what I remember, it literally took the King of England to force the issue after he saw those amazing devices in action, and heard how irrationally stubborn the prize committee was being.
Maybe this works for regular burgers. Can this machine make a Big Mac, with it's three buns and two meat patties? How about bacon burgers? Can it fry up the bacon? Chicken burgers, with breaded or grilled patties? How hard it is to reprogram for new specialty items? What about your local Taco Time? They've got all sorts of menu items that require a wide variety of preparation techniques, and they add new products all the time.
Any sort of device that could effectively prepare all those items would be enormously complex and expensive. And after all that, you're still going to need humans to keep it stocked, cleaned, and maintained. This machine might have a future in a restaurant that had a menu designed exclusively around what these machines can produce, but would people really want to eat there, with nothing but vanilla burgers served? Does anyone really care about the "mix" of meats used, as the company is promoting as a future feature? No, I think fry cooks are going to be around for a while yet.
Yes, robots are coming, but I think people overestimate how well they'll do at any task that requires real hand-eye coordination or any sort of flexibility, at least for the foreseeable future. Restaurants and many other small specialty shops don't necessarily benefit from economy of scale like warehouses or assembly-line factories do.
I read the article, and failed to see how this had anything to do with IoT, other than the fact that the speaker was at an IoT conference. Maybe it's because orders placed on the internet are eventually routed to a command and control system that order these robots around? Or perhaps because IoT is a hot buzzword, and that robots just aren't cool enough by themselves?
Also, this line was hilarious:
To encourage workers to see robots as companions, each unit is given a different name by an Amazon employee, and the name is entered into the system, so workstation workers can refer to them by name instead of a serial number.
And yet, when they show a picture of a robot, right on the front is a big number "12828", not the name it was given. Either that, or some Amazon employee has a very limited imagination when it comes to naming robots.
My experience has been different. My two machines at home are essentially work machines for me, and as such, have a huge number of development tools, or audio/music tools, both of which together would probably take nearly a week of work to bring back from a clean install. On each machine, there are dozens of programs installed, all of which are important for my work, not to mention a few for entertainment (Steam, etc)
As such, I decided to try in-place upgrade, and it was absolutely flawless. I've seen absolutely no problems on either machine. It's almost been a month since the upgrade, so I'll be deleting the Windows.old folder soon. Obviously, I'm a data point of one, so you can't extrapolate too much from that, but I haven't heard much about wide-spread in-place installation issues.
My advice would be: if you're happy with your current Windows 7 or 8.1 setup, use the in-place upgrade. All your settings, programs, and data are nicely preserved for you, and you're up and running in just a couple of hours. This also automatically activates your machine. If you don't like what's happened, you have the option of completely rolling back, or you can just wipe and re-install from scratch if you want. You'll have only wasted a couple of hours, after all. Also, one nice thing is that the in-place upgrade understood that I was using a local account, and never even bothered asking me to sign up for a Microsoft account, which I didn't want to use.
In other words it's all about the profit motive.
Isn't it pretty much a tautology to accuse a corporation of wanting to make a profit? That's sort of like accusing the Pope of wanting to promote Catholicism.
For every person like you who may be qualified to do the job safely, there are probably many dozens that would still attempt this themselves simply for the cost savings, and risk injuring / electrocuting themselves, after which their families would sue the bejezus out of Honda.
While there certainly may be a profit motive here, I wouldn't discount a fear of lawsuits.
Yep, that sounds plausible... If I had to guess, I'd also say that the planners were probably so fixated on the horrifically complex logistics of landing troops and followup supplies on the beach that everything else seemed unimportant by comparison.
We know that the allies had ridiculously optimistic timetables as well, so perhaps overconfidence played a role as well. For instance, UK troops had originally planned to take the town of Caen as part of their D-Day objectives. Instead, thanks to German armor units and ongoing reinforcements, the fight for Caen dragged on for two months. There was a very real danger that the western front would turn into a contained, meat-grinder stalemate, like the northward advance up the Italian boot.
That's partly why this "tank hack" was important - it provided a means for US troops to start advancing through the hedgerows with greater efficiency, and eventually led to the breakthrough into open country, thanks also in part to the distraction of an intense UK attack as well. It was then that Gen. Patton was allowed to run wild with bold, lightning-fast armored thrusts, which was what he was so good at. And of course, ultimately, that breakout and subsequent actions finally sent the Germans reeling back on the western front.
Incidentally, I didn't actually know Roberts had given Culin the idea for the device. I'm glad to see he's given his historical due for the idea, even if it only ends up mostly as a footnote.
I had to look this up, because I was wondering how the heck it would take 40+ years to finish building a nuclear reactor. Apparently, the construction was started in 1973 but halted in 1988, then restarted in 2006 again. It's very close to completion - either end of this year or early next year.
Sort of sad that we're just now opening a reactor with state-of-the-art 1970's technology here in 2015.
Yep, it's an awesome improvised hack. I'm a WW2 history aficionado, so of course I'd heard about this before.
For all the unbelievably thorough preparations made for the allied invasion, historians and laypersons alike have always found it fascinating or puzzling that apparently no thought was given to the potential tactical disadvantages the bocage (hedgerows) would have on the allied advance, or how the allies might try to cope with it. It took a lone Sergeant in the Army tank corps to come up with a reasonable solution to the problem. I suppose nothing tends to motivate you like facing a potentially lethal situation.
I'd rank it up there with the CO2 scrubber hack on the Apollo 13 mission.
Anything sounds scary if you shine a flashlight under your face and read it in a low, spooky voice.
A lot of fairly innocuous stuff meant for large-scale corporate system administrators sounds positively Orwellian when applied to you personal computer. To put it bluntly, yes, corporate IT essentially has a "backdoor" into all the machines they administer. This is for the purpose of managing and maintaining a fleet of computers - for instance, it's useful to be able to apply patches and perform security scans in the middle of the night, even if a machine has been powered off. And as you mention yourself, we've been using this technology for many years now.
I'm not discounting the fact that nefarious actors would love to get universal access like this, but you can't get around the fact that these systems don't ping home, as it would be easy to detect, and would cause an international shitstorm if it were discovered. And any incoming attempt to access them from external sources is easily blocked by a simple router or firewall.
When I was working on a videogame a number of years ago, I was asked by the publisher to come up with an initial schedule. We had a more or less fixed deadline, and while we knew roughly what we were going to be working on, the design phase of the game hadn't even begun. I started working on a very rough outline of the phases of the game development based on my previous experience with such projects. Naturally, it was somewhat vague, because we didn't have a design yet.
The publisher rejected the timeline proposal, complaining that it didn't enumerate specific tasks in enough detail. For a year long project, they wanted each task broken down into 2-3 day increments optimally, and no more than one-week tasks. The only thing I could do was to break each task into more techno-babble bullshit, but it really just muddied things. Still not happy with my work, they found someone else to create a nonsensical schedule with lots of detailed tasks that were pulled out of the air. That was then our fixed schedule for the game which, again, hadn't yet been designed. It was entered into a clunky custom project manager we used, and whenever a task came due, we dutifully marked it off as "checked" whatever it was - it certainly had no relation to reality. But we were right on schedule!
What we actually ended up using was a simple Excel spreadsheet with all the *real* tasks listed, and assigned to each person. The project manager kept it organized for us, and as the project evolved, we drilled down and refined the tasks from larger goals to specific items. We had a list of features from core to "nice to have", and we kept focus on what we needed to do first, and only added the superfluous features later in the project. It was just common sense to us, and not surprisingly, it worked fairly well.
I always chuckle a bit at how people/organizations keep looking for some magical "methodology", which needs a fancy name to identify it, with method-specific terms and rules. In my opinion, the more you formalize stuff like this, the more likely you are to value process over projection, and you'll just end up getting mired in that process instead of focusing on the product. I like a lot of the concepts of "agile", but I just cringe whenever I hear about "sprints", "user stories", "stand-up meetings", and so on.
And creating a hashtag-based term doesn't provide any new insight.
Question: The summary and article is talking about the user's data that's collected. Is this data considered sensitive, other than the fact that one could potentially determine if someone is home or not if collected in real time? Do these smart-meters collect more than gas, power, and water usage? If it's just utility metrics, does anyone really care all that much about that? I'm trying to figure out how if any sort of data-leakage could really negatively affect someone. Maybe I'm just not imaginative enough.
Getting the meter hacked could be annoying or expensive, but probably not a catastrophe, as you'd simply dispute any ridiculous charges. Naturally, that's always an issue with any device tied to infrastructure.
As for using a proprietary network and protocol, I'd hope that the UK required exact documentation of what they're using, and how it works. That way, if the company goes belly up, another company could provide similar reading services based on those protocols. Of course, government bureaucracies being what they are, I guess I wouldn't be surprised if no one thought to do that.
That's certainly true. I suppose one could make two arguments about selfies:
1) People are taking pictures of themselves, not only diverting their attention in a potentially dangerous situation, but literally turning their backs to it.
2) People are trying to frame themselves in an interesting photo, and are in essence "daring themselves" to do something outrageous or risky for the benefit of the photograph in question.
As such, there may be a slightly elevated risk of freak accidents while trying to take a selfie, because of these two factors combined. Normally, it would just be one or the other.
I remember lots of stories about idiots being injured or killed by wildlife in Yellowstone or elsewhere before selfies were a thing, but a lot of examples *were* apparently about getting a good shot with a camera. For example, a NY woman recently on safari rolled down her window, and subsequently took pictures of a lioness right up to the moment it jumped through the window and ate her. As for the animal-related incidents, I simply subscribe it to the fact that fear of nature has been largely bred out of us here in the first world, having tamed it (more or less) long ago.
With billions of us on the planet, it's inevitable that people will have freak accidents. I suppose it's natural to tell yourself that *you* would never be so foolish, but let's face it, everyone has done foolish things at some point in our lives. Still... well, I would never try to pet a wild bison or roll down a window to take pictures of a lioness just a few feet away from me.
Pedantically speaking, computers have been beating humans at videogames since they first appeared in arcades.
Reflection and automatic memory management have almost no runtime cost. In fact, C++ pretty much offers both.
In both C# and Java, using reflection is extremely expensive. And C++ most certainly does not have reflection (or "introspection"). Reflection is the ability to query an unknown class, interface, or method at runtime for it's structure and data elements. This requires language-standardized runtime metadata that can be queried and inspected. C++ has no such metadata built-in, and as such, no reflection.
And comparing C#/Java vs C++ automatic memory management schemes are pretty much apples vs oranges (garbage collection vs smart pointers/RAII).