The Bloomberg/Google slipup a while back also caused large-scale losses, in that instance to United Airlines. Bloomberg actually stated that it does not verify the accuracy of news from other sources. Basically, it trusted Google to do the verification.
This is actually the way it should be. Using automated trading and real-time news to speculate on the stock market should, on average, lose you money. It gives negative inducement to speculation. Investments need to be chosen based on real data, and concrete value. Not based on what you think others will do.
If this is a legitimate case of attempted manpulation, the SEC can do its job. If not, it's a small loss that should have been factored into any risk calculations when the investors decided to trade like this.
(5) The term "warrantor" means any supplier or other person who
gives or offers to give a written warranty or who is or may be
obligated under an implied warranty.
Oh shit, looks like it covers everyone.
(c) Prohibition on conditions for written or implied warranty;
waiver by Commission
No warrantor of a consumer product may condition his written or
implied warranty of such product on the consumer's using, in
connection with such product, any article or service (other than
article or service provided without charge under the terms of the
warranty) which is identified by brand, trade, or corporate name;
except that the prohibition of this subsection may be waived by the
Commission if -
Oh double shit, looks like you forgot to actually read the act before opening your mouth.
so I don't see why artificially tying the iPhone to AT&T would be considered illegal under current legal definitions
Seriously? Are you serious? Because there's an f'ing law against artificially tying products to services. It's illegal under current legal definitions because there's a law against it. Jesus.
This strikes me as one of those quotes that people are going to laugh at 30 years from now, like the oft-repeated quotes on how someday computers will be 'only a few tons' and 'take up only one room'. At least, I hope so.
I think he means "one day" as in "one day soon, when I'll get a big fat bonus for having revolutionized space". Kinda like someone at IBM predicting mainframes would be cheap enough for almost any business to own (and they most definitely got to that point).
sometimes it just feels like this anti-Chinese sentiment is pot calling kettle black.
What if the pot and the kettle are both black, and we just hope to god screaming about it might clean things up.
What's your alternative? That we stop complaining, stfu, and slit our wrists?
Which means I don't buy the hype around Android. It's a fantastically wonderful toy, but Google's track record is that they do not have the discipline to enforce usability at the expense of their fun toys. And, to my great sorrow, that is Google's great weakness.
Wow, can we get a "-1 fanboi" mod. All thing aside, Google has a market cap of $140 billion. Apple's market cap is $118. Apple was started in 1976 (22 years), Google's been around for 10 years. Sure, the iPhone seems popular. "Everyone" has one, right?
Wrong. Everyone has an LG, a Samsung, a Nokia. Incredibly few people have iPhones. The market is wide open, and Apple's marketing can't change the fact that, with enough popularity, Android phones could overtake the singular, Apple-only iPhone almost overnight.
I should clarify things. I love functional programming, particularly agent based-modeling concepts (objects that are purely accessed via functional message passing). But it took me 4 years to learn this. I think people learning programming need to "cut their teeth" on simpler, less oriented programming languages. Like I said, it took me 2 hours of thinking for one Haskell function. The extreme typing of Haskell in particular is irksome for learning.
That being said, beginners need to learn with something that will show them what everything is based on... i.e. the computer engineering side of things. The Glasgow Haskell Compiler was bootstrapped in the same manner every compiler is bootstrapped - it's written in C until it can compile itself.
I absolutely think every C.S. major should learn Haskell, Scheme, and Python. Just not at first. You need to crawl before you walk, and C is crawling. You bootstrap yourself up with languages in the same manner as the languages themselves.
In high-school algebra, you learn that a function f(x) takes a single number as input, and returns another number. This idea of 'functions' translates perfectly to functional programming.
Except you can't say "print f(x)" in a functional language. Try explaining monads and side-effects to a freshman. C and Java can do functions just fine... they can just also do other stuff. Like OOP.
Functional programming also teaches kids who may have limited experience in other languages to think differently. If you are used to loops, you learn recursion. If you have never used loops, recursion makes sense as a way to simplify a complex problem.
You can't be "used to loops" if you've never programmed before. Also, C and Java can do recursion just fine.
This is all stuff for maybe the sophomore or junior level. Before you can learn Scheme, you need to understand why you can implement a simple interpreter in Scheme in under an hour. It took me 2 hours of planning to write a simple Haskell program for one class. It was awesome just thinking for 2 hours, typing, and having it work, but for a freshman/sophomore, having "print x" not work is, quite frankly, bullshit.
Lisp and Scheme are useless for learning Computer Science. There is one topic they can be used for - functional programming. This is not a useless topic, but it is not Computer Science. Data structures, compiler design, operating system design - all of these require vastly different languages than purely functional ones.
C and Java are extremely powerful, robust languages. With just them you can do OOP, functional programming (what do you think the Lisp compiler is written in...), complex data structures, essentially anything. Lisp, Scheme, Haskell, and Erlang are domain-specific languages for domain-specific tasks. They should absolutely be taught, but only in certain courses. Computer Science departments must teach concepts, and those require languages flexible enough to express different paradigms.
Finally, I apologize for actually using "paradigm" in a sentence. It's just the only word that fits.
There are three areas AI is actually advancing - robotic control (MIT's learning heli's, fuzzy controllers), computational finance (billions of dollars being managed by humans augmented with AI's), and game design. Of those, only game AI is accessible to the average researcher. It's the future.
Mozilla needs to have 2 things. A license notification - this software is free to use and available for redistribution under the GPL - and a warranty agreement - by using this software, you agree it is not covered by any warranty or guarantee, period.
Trademark issues in the agreement are useless. Their trademark is already covered by trademark law, and only needs the "TM" symbol next to it for protection. I can't copy someone else's novel or software simply because I didn't "agree" to their copyright. It exists whether I agree to it or not. The only thing Mozilla needs protection from is guarantees of use and warranty.
I assume to protect against this vuln every page behind the login has to be 100% SSL secured so that you can keep sending the sessionid cookie? If so, that means I get to buy twice as many servers for my 2 little web apps (that already have 5 servers dedicated to them) to support all that SSL traffic?
I doubt it. Try turning on secure cookies and only having an SSL-enabled login page. Your webserver should be able to accept the secure cookies over SSL and insecure data over HTTP.
5 servers for 2 apps is a lot. Have you tried a more distributed scheme with 2 servers for the HTML, 2 for the database, and a dedicated SSL proxy? It's a bit of a pain to set up, but you may get better performance with a dedicated SSL machine than the "Renaissance server" tactic.
I run a few Django SSL-secured websites, and I noticed the default is to send insecure cookies for the session id (i.e. hijack-able cookies). I'm going to try to get on someone's case to make this information more widely available, because you have to turn on secure cookies with a "SESSION_COOKIE_SECURE = True" statement, which I never knew until I checked today. Doing this should secure any Django-powered site from this particular attack.
Untrue. Read my quote... it's from Bruce Schneier fyi. There are levels of sophistication in an attack. One of these is an electron tunneling microscope. Advanced attackers may have access to this attack vector. Data recovery companies probably won't, certainly not within the near future.
Using long encryption keys isn't the same as data deletion.
FALSE! It is exactly the same thing. In 10-20 years, maybe electron tunneling microscope data-recovery technology will be $20 like a FPGA is today. At that point, building a machine to attack once-written hard drives becomes possible for small organizations. Just like building a custom FPGA array to attack DES keys has been done by many people. You overwrite multiple times for the same reason you use keys much longer than necessary - to "future proof" things, in Schneier's own words.
Ext3 is ext2 + journaling. Journaling doesn't change inode layout or add metadata (at least, not at the inode), so on-disk they look relatively the same. You can, as a rule, just "lie" to a program and tell it a FS is ext2, it won't be able to tell the difference.
Precisely. In my case, I could brute-force keys with 1-28 "real" bits... presumably 29 would have taken twice as long, around 4 hours. I didn't have to heart to put my laptop's little fan through that.
Also, keep in mind that a Feistel-type cipher lends itself to variable key sizes, and Rijndael could probably be modified for lower keys sizes. The reason AES specifies Rijndael with a minimum 128 bit key is exactly the same reason you overwrite a disk multiple times. Technically 56 bits is enough, but 128 is only a constant slower, and several orders of magnitude harder to attack.
Given my general level of paranoia, I recommend overwriting zeros, and five times with a cryptographically secure pseudo-random sequence. Recent developments at the National Institute of Standards and Technology with electron-tunneling microscopes suggest even that might not be enough. Honestly, if your data is sufficiently valuable, assume that it is impossible to erase data complete off magnetic media. Bur or shred the media; it's cheaper to buy media new than to lose your secrets.
Because all data recovery companies have electron-tunneling microscopes on hand for recovery and aren't just running a Linux distro with a modified ext3fs to ignore "deleted" inodes.
The longest AES key I've cracked is 28 bits (in Python, no less!). Yet we still use a minimum of 128, more likely 256. It's not the guys running recover I'm worried about. It's the spooks with electron f'ing microscopes and a direct connection to AT&T.
I don't like that Eich seems to not give any credit to Adobe at all for their contribution, and on top of that tries to belittle the effort of Google, who are technically paying their sallaries at Mozilla Corp.
FTFA:
This reminds me: TraceMonkey is only a few months old, excluding the Tamarin Tracing Nanojit contributed by Adobe (thanks again, Ed and co.!), which we've built on and enhanced with x86-64 support and other fixes. We've developed TraceMonkey in the open the whole way. And we're as fast as V8 on SunSpider!
and
V8 is great work, very well-engineered, with room to speed up too. (And Chrome looks good to great -- the multi-process architecture is righteous, but you expected no less praise from an old Unix hacker like me.)
Yup, lots of credit-stealing and belittling going on there.
Meanwhile, I don't like that you can't even spell "salaries" correctly.
You see, I'm new here: I RTFA, point out inaccurate comments, and correct spelling. An unholy trinity I suppose.
You throw away the parent's point too quickly. His point was not that the helicopter wasn't learning (it is), it's the model used for learning. There are several learning models that could be used for this sort of thing, among them reinforcement and genetic learning. Reinforcement learning implies a "teacher" telling the algorithm how well it did, giving hints, etc. The parent would prefer (and I agree here) focus on a purely self-play algorithm. The helicopter "learns" by crashing. The longer it stays in the air, the better the algorithm flying it is rated. In terms of reinforcement, it would be better to have the helicopters copy other helicopters, rather than an expert pilot. In terms of autonomy, these helis are cool, but not full autonomous and self-organizing. They can't, for instance, learn new tricks without being taught. Still, this Stanford is lucky they get to play with this kind of tech.
You have an interesting point, however I have two bones to pick.
Intel would make no money if anybody could just copy Intel chips. Anybody can copy Intel chips. The chip design can be analyzed and reverse-engineered, it wouldn't even take much technology or time. However, the manufacturing process is quite expensive and R&D (i.e. newer, faster chips) plays a large role in profits. The Chinese certainly could just copy Intel chips, with no or few economic reprecussions, but they cannot do it better than Intel.
Where are the linux billionaires? Mark Shuttleworth seems to be doing quite well, as are the executives of Amazon, Google, IBM, and Sun (Sun isn't a Linux shop, but it is the largest commercial open-source contributor in the world). The employees of these corporations seem to be doing well themselves, even though their bosses are just giving away their services for free. Linus probably makes a decent living too, and even Stallman makes a good amount of money lecturing. The only people I can think of working in a computer industry not strongly supported by open-source software are at Microsoft and the various game companies. It's amazing how many people are actually making money at this.
This procedure sounds like it has the same problem as plain-old AI search - the lack of an obvious heuristic. The article says they use the number of pixels on an edge, but there's no obvious way of finding this - they've moved the computation up one step. The article is light on details so I'm sceptical. If they have a simple procedure for the fitness function, this is a great application.
My theory? When so much energy is put into such a small space, it hits a form where the energy resonates and becomes primarily matter without any energy left over for movement. (Sound familiar? Absolute Hot and Absolute Cold are the same thing?) Matter, acceleration, velocity, temperature, energy... it's all the same thing just in different forms. =)
So, if you continue adding energy to this system, it would eventually start converting all matter to pure energy? Theoritically the resonance effect you describe could result in some kind of resonance cascade. I think I know of a way to test this with a bit spinning pillar with a few LED's. I can just hook it up to a knife-switch to start up... brb.
Computer science. You could technically call it a branch of mathematics, but it's so different we decided to make it a science. And it requires proofs. Lots and lots of proofs.
Don't forget the built-in admin... I set our site up as a Django app, and have 2-3 professors able to add/modify content. It took about 2 weekends. And, it's in Python, a far easier language to just pick up and go with than Rails.
I can tell you that as an employee of the University of California system, you sign over all copyrights and patents to the UC Regents that are created using University resources. It's not very draconian because the "while using University resources" part ensures you can safely patent/copyright anything you want - just on your own time with your own computers. Plus most of the copyright stuff goes public domain or something very close. Definitely no non-compete agreements.
Slashdot Mirror
The Bloomberg/Google slipup a while back also caused large-scale losses, in that instance to United Airlines. Bloomberg actually stated that it does not verify the accuracy of news from other sources. Basically, it trusted Google to do the verification.
This is actually the way it should be. Using automated trading and real-time news to speculate on the stock market should, on average, lose you money. It gives negative inducement to speculation. Investments need to be chosen based on real data, and concrete value. Not based on what you think others will do.
If this is a legitimate case of attempted manpulation, the SEC can do its job. If not, it's a small loss that should have been factored into any risk calculations when the investors decided to trade like this.
(5) The term "warrantor" means any supplier or other person who gives or offers to give a written warranty or who is or may be obligated under an implied warranty.
Oh shit, looks like it covers everyone.
(c) Prohibition on conditions for written or implied warranty; waiver by Commission No warrantor of a consumer product may condition his written or implied warranty of such product on the consumer's using, in connection with such product, any article or service (other than article or service provided without charge under the terms of the warranty) which is identified by brand, trade, or corporate name; except that the prohibition of this subsection may be waived by the Commission if -
Oh double shit, looks like you forgot to actually read the act before opening your mouth.
so I don't see why artificially tying the iPhone to AT&T would be considered illegal under current legal definitions
Seriously? Are you serious? Because there's an f'ing law against artificially tying products to services. It's illegal under current legal definitions because there's a law against it. Jesus.
This strikes me as one of those quotes that people are going to laugh at 30 years from now, like the oft-repeated quotes on how someday computers will be 'only a few tons' and 'take up only one room'. At least, I hope so.
I think he means "one day" as in "one day soon, when I'll get a big fat bonus for having revolutionized space". Kinda like someone at IBM predicting mainframes would be cheap enough for almost any business to own (and they most definitely got to that point).
sometimes it just feels like this anti-Chinese sentiment is pot calling kettle black.
What if the pot and the kettle are both black, and we just hope to god screaming about it might clean things up.
What's your alternative? That we stop complaining, stfu, and slit our wrists?
Which means I don't buy the hype around Android. It's a fantastically wonderful toy, but Google's track record is that they do not have the discipline to enforce usability at the expense of their fun toys. And, to my great sorrow, that is Google's great weakness.
Wow, can we get a "-1 fanboi" mod. All thing aside, Google has a market cap of $140 billion. Apple's market cap is $118. Apple was started in 1976 (22 years), Google's been around for 10 years. Sure, the iPhone seems popular. "Everyone" has one, right?
Wrong. Everyone has an LG, a Samsung, a Nokia. Incredibly few people have iPhones. The market is wide open, and Apple's marketing can't change the fact that, with enough popularity, Android phones could overtake the singular, Apple-only iPhone almost overnight.
I should clarify things. I love functional programming, particularly agent based-modeling concepts (objects that are purely accessed via functional message passing). But it took me 4 years to learn this. I think people learning programming need to "cut their teeth" on simpler, less oriented programming languages. Like I said, it took me 2 hours of thinking for one Haskell function. The extreme typing of Haskell in particular is irksome for learning.
That being said, beginners need to learn with something that will show them what everything is based on... i.e. the computer engineering side of things. The Glasgow Haskell Compiler was bootstrapped in the same manner every compiler is bootstrapped - it's written in C until it can compile itself.
I absolutely think every C.S. major should learn Haskell, Scheme, and Python. Just not at first. You need to crawl before you walk, and C is crawling. You bootstrap yourself up with languages in the same manner as the languages themselves.
In high-school algebra, you learn that a function f(x) takes a single number as input, and returns another number. This idea of 'functions' translates perfectly to functional programming.
Except you can't say "print f(x)" in a functional language. Try explaining monads and side-effects to a freshman. C and Java can do functions just fine... they can just also do other stuff. Like OOP.
Functional programming also teaches kids who may have limited experience in other languages to think differently. If you are used to loops, you learn recursion. If you have never used loops, recursion makes sense as a way to simplify a complex problem.
You can't be "used to loops" if you've never programmed before. Also, C and Java can do recursion just fine.
This is all stuff for maybe the sophomore or junior level. Before you can learn Scheme, you need to understand why you can implement a simple interpreter in Scheme in under an hour. It took me 2 hours of planning to write a simple Haskell program for one class. It was awesome just thinking for 2 hours, typing, and having it work, but for a freshman/sophomore, having "print x" not work is, quite frankly, bullshit.
Lisp and Scheme are useless for learning Computer Science. There is one topic they can be used for - functional programming. This is not a useless topic, but it is not Computer Science. Data structures, compiler design, operating system design - all of these require vastly different languages than purely functional ones.
C and Java are extremely powerful, robust languages. With just them you can do OOP, functional programming (what do you think the Lisp compiler is written in...), complex data structures, essentially anything. Lisp, Scheme, Haskell, and Erlang are domain-specific languages for domain-specific tasks. They should absolutely be taught, but only in certain courses. Computer Science departments must teach concepts, and those require languages flexible enough to express different paradigms.
Finally, I apologize for actually using "paradigm" in a sentence. It's just the only word that fits.
There are three areas AI is actually advancing - robotic control (MIT's learning heli's, fuzzy controllers), computational finance (billions of dollars being managed by humans augmented with AI's), and game design. Of those, only game AI is accessible to the average researcher. It's the future.
Mozilla needs to have 2 things. A license notification - this software is free to use and available for redistribution under the GPL - and a warranty agreement - by using this software, you agree it is not covered by any warranty or guarantee, period. Trademark issues in the agreement are useless. Their trademark is already covered by trademark law, and only needs the "TM" symbol next to it for protection. I can't copy someone else's novel or software simply because I didn't "agree" to their copyright. It exists whether I agree to it or not. The only thing Mozilla needs protection from is guarantees of use and warranty.
I assume to protect against this vuln every page behind the login has to be 100% SSL secured so that you can keep sending the sessionid cookie? If so, that means I get to buy twice as many servers for my 2 little web apps (that already have 5 servers dedicated to them) to support all that SSL traffic?
I doubt it. Try turning on secure cookies and only having an SSL-enabled login page. Your webserver should be able to accept the secure cookies over SSL and insecure data over HTTP.
5 servers for 2 apps is a lot. Have you tried a more distributed scheme with 2 servers for the HTML, 2 for the database, and a dedicated SSL proxy? It's a bit of a pain to set up, but you may get better performance with a dedicated SSL machine than the "Renaissance server" tactic.
I run a few Django SSL-secured websites, and I noticed the default is to send insecure cookies for the session id (i.e. hijack-able cookies). I'm going to try to get on someone's case to make this information more widely available, because you have to turn on secure cookies with a "SESSION_COOKIE_SECURE = True" statement, which I never knew until I checked today. Doing this should secure any Django-powered site from this particular attack.
You are either able to read it, or you aren't.
Untrue. Read my quote... it's from Bruce Schneier fyi. There are levels of sophistication in an attack. One of these is an electron tunneling microscope. Advanced attackers may have access to this attack vector. Data recovery companies probably won't, certainly not within the near future.
Using long encryption keys isn't the same as data deletion.
FALSE! It is exactly the same thing. In 10-20 years, maybe electron tunneling microscope data-recovery technology will be $20 like a FPGA is today. At that point, building a machine to attack once-written hard drives becomes possible for small organizations. Just like building a custom FPGA array to attack DES keys has been done by many people. You overwrite multiple times for the same reason you use keys much longer than necessary - to "future proof" things, in Schneier's own words.
Ext3 is ext2 + journaling. Journaling doesn't change inode layout or add metadata (at least, not at the inode), so on-disk they look relatively the same. You can, as a rule, just "lie" to a program and tell it a FS is ext2, it won't be able to tell the difference.
However, you can pad out the start with zeroes.
Precisely. In my case, I could brute-force keys with 1-28 "real" bits... presumably 29 would have taken twice as long, around 4 hours. I didn't have to heart to put my laptop's little fan through that. Also, keep in mind that a Feistel-type cipher lends itself to variable key sizes, and Rijndael could probably be modified for lower keys sizes. The reason AES specifies Rijndael with a minimum 128 bit key is exactly the same reason you overwrite a disk multiple times. Technically 56 bits is enough, but 128 is only a constant slower, and several orders of magnitude harder to attack.
Given my general level of paranoia, I recommend overwriting zeros, and five times with a cryptographically secure pseudo-random sequence. Recent developments at the National Institute of Standards and Technology with electron-tunneling microscopes suggest even that might not be enough. Honestly, if your data is sufficiently valuable, assume that it is impossible to erase data complete off magnetic media. Bur or shred the media; it's cheaper to buy media new than to lose your secrets.
Because all data recovery companies have electron-tunneling microscopes on hand for recovery and aren't just running a Linux distro with a modified ext3fs to ignore "deleted" inodes. The longest AES key I've cracked is 28 bits (in Python, no less!). Yet we still use a minimum of 128, more likely 256. It's not the guys running recover I'm worried about. It's the spooks with electron f'ing microscopes and a direct connection to AT&T.
I don't like that Eich seems to not give any credit to Adobe at all for their contribution, and on top of that tries to belittle the effort of Google, who are technically paying their sallaries at Mozilla Corp.
FTFA:
This reminds me: TraceMonkey is only a few months old, excluding the Tamarin Tracing Nanojit contributed by Adobe (thanks again, Ed and co.!), which we've built on and enhanced with x86-64 support and other fixes. We've developed TraceMonkey in the open the whole way. And we're as fast as V8 on SunSpider!
and
V8 is great work, very well-engineered, with room to speed up too. (And Chrome looks good to great -- the multi-process architecture is righteous, but you expected no less praise from an old Unix hacker like me.)
Yup, lots of credit-stealing and belittling going on there. Meanwhile, I don't like that you can't even spell "salaries" correctly. You see, I'm new here: I RTFA, point out inaccurate comments, and correct spelling. An unholy trinity I suppose.
You throw away the parent's point too quickly. His point was not that the helicopter wasn't learning (it is), it's the model used for learning. There are several learning models that could be used for this sort of thing, among them reinforcement and genetic learning. Reinforcement learning implies a "teacher" telling the algorithm how well it did, giving hints, etc. The parent would prefer (and I agree here) focus on a purely self-play algorithm. The helicopter "learns" by crashing. The longer it stays in the air, the better the algorithm flying it is rated. In terms of reinforcement, it would be better to have the helicopters copy other helicopters, rather than an expert pilot. In terms of autonomy, these helis are cool, but not full autonomous and self-organizing. They can't, for instance, learn new tricks without being taught. Still, this Stanford is lucky they get to play with this kind of tech.
This procedure sounds like it has the same problem as plain-old AI search - the lack of an obvious heuristic. The article says they use the number of pixels on an edge, but there's no obvious way of finding this - they've moved the computation up one step. The article is light on details so I'm sceptical. If they have a simple procedure for the fitness function, this is a great application.
Computer science. You could technically call it a branch of mathematics, but it's so different we decided to make it a science. And it requires proofs. Lots and lots of proofs.
Don't forget the built-in admin... I set our site up as a Django app, and have 2-3 professors able to add/modify content. It took about 2 weekends. And, it's in Python, a far easier language to just pick up and go with than Rails.
I can tell you that as an employee of the University of California system, you sign over all copyrights and patents to the UC Regents that are created using University resources. It's not very draconian because the "while using University resources" part ensures you can safely patent/copyright anything you want - just on your own time with your own computers. Plus most of the copyright stuff goes public domain or something very close. Definitely no non-compete agreements.