Numerous studies have shown the benefits of mental exercise, for those of us who think.
3439 posts • joined 21 Dec 2007
keep the curly haired supercilious git well away from here!
Too much competition for our existing stable of supercilious gits?
Re: Cadence, Joe Walsh thinks?
Actually, just try to sing the "one fifty-five" version to the cadence of the original. The transition from "ONE" to "fif-" isn't easy, especially if you're singing loudly: and even sung clearly, it's a bit clunky.
I might go with "one twenty-five", particularly if you elide the second "t" (so "one twenny-five"). The prosody's considerably better than "fifty-five", at least to my hearing. But the coarticulated consonant "w" in "twenty" is still a bit of a stumble, compared to anything in "eighty". The same can (in my opinion) be said of initial "th" in "thirty" (generally a dental or aveolar fricative, I think) and initial "f" in "forty" or "fifty" (labiodental fricative).
And "seventy" has the wrong number of syllables, obviously. And "ninety" is worse than "eighty" in terms of making the song closer to accurate. That leaves "one sixty-five" as an alternative; but I find the double-consonant "x" just as bad as "ft" in "fifty".
So I suppose we should just leave the lyrics as they are.
Re: Over a third of apps have location permission anyhow
But since there are perfectly legitimate reasons for background location tracking (navigation, geologging, et al), you'll just raise a culture of "Click OK to get the hell out of my way."
Well, yes, of course. It has ever been thus.
However, there are few "perfectly legitimate reasons for background location tracking", and many users are perfectly capable of saying "oh, hell, no" when an app that doesn't satisfy any of them asks to do it.
Put mildly, the average person doesn't want to know all the gritty details.
That doesn't mean no one does.
Re: Over a third of apps have location permission anyhow
It's so common that only the most paranoid of users will hesitate to install an app that asks for it.
A big part of the problem is that the Android permission model is wrong. It shouldn't be "only install this app if you want to grant it all these privileges"; it should be "app is asking for these privileges - which ones do you want to grant?".
If the app authors want to write it so it refuses to run if it doesn't have all the goodies, fine; but then market forces can be brought to bear, and some apps might be written to run even if they don't have access to everything.
(Even better, of course, would be built-in support for spoofing sensor data, Internet connectivity, etc. There's rarely any reason for an app to know whether it's getting valid data.)
Re: Yes you could...
How do they account for that in their line signatures?
How about demonstrating you've read the paper before criticizing it?
based on some extremely selective data
Care to show us in what sense their experiments with the Nanjing Metro are "extremely selective"?
Their classifier is 89% accurate for routes that include four stations, and 92% for routes that include six stations. If you'd care to show us your experiments contradicting their results, I'm sure we'd be very interested.
Honestly, the amount of "I didn't do it, so it didn't happen" here is pathetic.
Re: Another day, another exploit
Another extreme food-porn picture - too close, too clinical, too slimy. It removes more than it shows.
Agreed. It's like a close-up of a nose. Maybe that nose is part of an attractive face, but the photo sure isn't conveying it.
Tho' I must admit food photography is generally lost on me anyway. Sometimes prose descriptions of food sound good, but photographs? Primary senses are not engaged. It's like listening to ballet on the radio.
Re: Sigh, here we go again.....
1) It's insecure! All you get are constant security problems!
This is true for Java browser plugins. I have Java disabled in my brrowser and my activities are not the least bit affected by it on the web. Over 90% of Java use is on the server side where security is straightforward if you know what you're doing.
I use Java myself (primarily for research, not work), and I sometimes work on Java products, and I think on the whole it's a decent language. But your statement here is simply not correct. Many of the serious Java security issues of the past several years - in particular, a number of those found by Adam Gowdiak - are in the JVM or core libraries.
They are just as relevant to back-end Java applications, and there are reasonable threat models under which they represent significant security issues. For example, they can be used by an unprivileged developer who can deploy code to the sandbox to elevate and subvert privileged applications.
Those flaws are mostly or entirely due to security-violating mechanisms added to the sandbox for "performance" reasons and inadequately protected against reflection and similar channels. The problem with Java security is the original model has been subverted in the name of features and performance, and Oracle (and to some extent Sun before them) did a poor job of understanding the ramifications of their stovepiping.
Claiming that Java's security problems are solely in browser contexts is dangerously wrong and does the language no favors.
Re: Solving problems which don't exist anymore
Subtle troll is too subtle.
There's still a fuck of a lot of FORTRAN and COBOL and others out there that almost certainly doesn't get picked up on.
Yup. Every time RedMonk or someone else publishes these studies, people point that out in the comments. But to be fair, RM do note some of the major limitations of their methodology, and caution against misinterpreting the results, in the introduction.
And, yes, there's still quite a lot of active Fortran1 and COBOL development. We sell a lot of COBOL development tools. But businesses don't host their back-office apps on Github, and there isn't much of a COBOL community on Stackoverflow.
1And probably some FORTRAN, but it's been a quarter-century since the language was renamed, and by now most people have likely caught up.
Re: Install screen
As dedicated Reg readers know, Java is in at least one toaster.
Finding a Java-enabled kettle is left as an exercise for the reader. Or, hell, just implement one yourself. (I could wire an old Java-equipped feature phone into an electric kettle in about an hour, I'd guess, and have it, I dunno, turn itself on if it hears someone walking around the kitchen? Hard to think of a useful application.)
Re: Don Box?
Box1 has been a major contributor to a number of successful technologies, such as SOAP. I can see why some people might hold that against him (I'm no fan of SOAP myself), but it's hardly surprising that Microsoft keep him around.
I saw him give a couple talks at Microsoft conferences back in the day, such as the Indigo (WCF) technical preview at PDC '05, and my impression is that he's quite a smart guy. And while, again, I can't say that WCF is exactly my vision of SOA2, there's some thoughtfulness in the design. Good separation among transports, protocols, and encodings. Good flexibility in configuration mechanisms.
I've been working on commercial distributed-computing subsystems since the mid-1980s, and WCF is not the worst technology I've seen in the area. Neither is SOAP, for that matter.
1"Fish and sea greens, plankton and protein from the sea!"
2Y'know, that thing we used to call "distributed computing". Or "remote procedure calls". Or "client/server architecture". Or "middleware". Or...
Quitters don't get to be president, Mr Paul.
Bush the Elder did, after leaving his second US Rep term early, left his UN ambassadorship after two years, his China position after a bit more than a year, his DCI job after a year. A year as chair of First International, a year as a professor, a couple years on the Council on Foreign Relations... Maybe he just had ADD.
Re: And they immediately take no notice.
Hung up at that point.
I always hit Mute, then 1 to be connected to an operator, then set the phone aside. Eventually they'll hang up, but not after wasting a bit of their time and money.
Re: It might well work
Common, how long have Ponzi schemes and 419 scams worked for?
Is the first phrase there a mondegreen1 for the interjection "Come on"? Serious question. I have no idea what else "Common" might mean in this context.
a glittering unicorn wearing the emperor's shiny new clothes
This, on the other hand, wins Best Mixed Metaphor of the Thread, by a mile.
(I once shot a unicorn in my imperial regalia. How it got in my imperial regalia I'll never know.)
1Or possibly an eggcorn; the distinction in this case is too subtle for me to decide.
We generally eat fresh bread, which doesn't need toasting - or turns into tasteless cardboard when toasted.
If your fresh bread becomes "tasteless" when toasting, you're doing something wrong. Either the bread, or the toasting.
But no matter. To each &c.
Re: Less freedom in return for lower costs
I don't like owning cars, and I don't like driving them.
But I'll take both of those over hiring self-driving cars any day.
I'll also note that the two cars my wife and I own are suited for different purposes, and neither could entirely be replaced by local hire-per-trip vehicles, autonomous or not.
But who knows? Here in the US, the proportion of young adults without driving licenses is down significantly. Much of the area of the US is too rural for hired AVs to be useful, but most of the population is (of course) concentrated in urban and exurban areas where they could be used.
Sidevoted to stick it to the Reg and its blatant endorsement of the up-down hegemony.
Re: the real problem is that people don't know how to drive any more
You drive with your eyes closed?
Only while sleeping.
Re: the real problem is that people don't know how to drive any more
The problem isn't the act of "texting", it's taking eyes off the road.
Numerous studies say otherwise. The problem is distraction, period. That's why hands-free phone operation is no less dangerous than holding the thing to your ear while driving.
It's conceivable that Deep Learning is the royal road to strong AI - though I tend to doubt it - but even if it is, it's going to be a long road.
People who don't pay attention to the field sometimes don't understand just how tremendously far we are from solving even basic problems; and marketing fluff like this does nothing to clarify the picture. Ng knows his field (DL), and presumably has a decent perspective on AI research in general, but he's being disingenuous. When he talks about a 99% "success rate" for speech recognition, he's referring to the 95% rate that's currently only achieved with a single speaker under reasonably good conditions - applications like Siri and Dragon Naturally Speaking.
Try that with, say, parlor discourse, with multiple speakers carrying on multiple conversations, people entering and leaving conversations, etc. You have to deal with conversation entailment; with sarcasm, jokes, in-group references; with all sorts of implicit antecedents and predicates; with a vast cultural context. It's hard for humans.
Even creating metrics for testing that sort of NLP system is difficult, because we get into the realm where human judges can't arrive at a consensus on the precise interpretations of discourse. (That's been shown by a variety of methodologically-sound studies - it's not just speculation. Human language use is stochastic and heuristic: we toss words at each other until we're satisfied that we've probably arrived at sufficiently-congruent meanings, or we give up.)
Of course, there are potential benefits. I eagerly await the day when a machine model can accurately distinguish between an adjectival noun phrase and a noun phrase in apposition - a task that seems to elude Reg writers and editors. (Those commas in the first paragraph of the story. They should not be there.)
And that's just the NLP domain, which is a small part of strong AI.
It's much too soon, in other words, for serious CS researchers to be talking about achieving strong AI. Set realistic goals and work toward those. Leave the strong-AI speculations to the philosophers.
Re: Can You Spell C R I M I N A L - E L E M E N T ?
Axiom: TECHNOLOGY IS INHERENTLY DEMOCRATIZING
Which is why technological progress has inevitably led us to the present state where power is shared equally by all.
Axiom: If it fits on a bumper sticker, it's been simplified past the point of meaning anything useful.
Ah, September. Will you never end?
Re: Another wrong place to look for AI
I love the comments on articles like this. They do such a great job of rehashing, in greatly simplified form, the AI debates of the 1960s and '70s.
As the Avett Brothers said, "Ain't it funny how most people (I'm no different), they love to talk on things they don't know about?"
Re: "you need data and you need compute power,"
I thought the whole thing about babies brains was that it was a shedload of computing power dedicated to processing data?
Yes. And they acquire data very quickly.
The OP should look at some of the extensive contemporary research into infant learning. A lot of good, methodologically sound work has been done in the past couple of decades - a huge improvement on much of went before, which was either anecdotal and invented nonsense or shallow, narrow compilations of statistics (which in turn fed the developmentalism we still haven't broken free from in the "West").
I've always (well sometimes)wondered how D&Ders calibrate all their numbers.
Clearly you did not
waste time enlighten yourself reading back issues of Dragon magazine, back in the day. Many were the debates over the mad rigors of calculating damage and other figures.
Unfortunately the OP left out much critical information. What was the cow's THAC0? Was it wearing the +1 Cowbell of Accuracy? Did the dwarf fail his Saving Throw against Alerting Livestock? Was he on a stool? (Because, y'know, it's hard to tip a cow from the bottom.)
Verizon is in the US, where metal theft is an equal-opportunity crime pursued by folks of every race and ethnicity.
My painter/plasterer wanted to paint my aluminum1 gutters2 with a faux-copper finish; he did his that way, using a paint that contains powdered copper and an acid wash to immediately give it a patina. I turned him down, since I really don't want to come home from vacation to find some idiot's ripped the gutters off my house thinking they really were (solid) copper.
Similarly, the metal roof installers around here still advertise copper panel as an option. Looks beautiful, but you just know someone will be trying to pry it off in the middle of the night.
When my brother bought his house, on the day between closing and moving in, someone smashed a basement window and cut out all the exposed copper pipes. Flooded the basement in the process, of course.
Had a lot of catalytic-converter thefts around these parts, too, until the legislature tightened reporting requirements for scrap-metal dealers and made it harder to sell the converters to them.
1"Aluminium", for those hailing from surplus-vowel districts.
2"Eavestroughs and downspouts", for those hailing from ... wherever those terms are more popular.
Terrible disclosure practice
Unfortunately, and surprisingly, the team did a terrible job disclosing this one.
There was no embargoed pre-announcement - they just published with no forewarning to affected vendors. There's still no CVE. They've announced two issues, but only given the first one a name, so expect tons of confusion. They've riled up the tech media and it's just a matter of time before the mainstream media pick it up and garble the story further.
Wildly irresponsible. And these are people who know better - INRIA, Microsoft Research, U Michigan, Matt freakin' Green.
Regeneration is really unnecessary under pretty much all reasonable threat models. If there's a threat you need to defend against by periodically creating new DH primes, you have bigger problems.
But, hey, go for it if it makes you happy. I'm just saying it's probably cargo-cult security.
Re: Is the bug about VPN's, SSL websites or bith ?.
It applies to SSL/TLS in general.
There are actually two related issues. One is an attack against the protocol (SSL or TLS) that allows downgrading a strong EDH suite to a weak "export" suite, if the latter is supported by the server. That's what the team is calling "Logjam".
The fix for that is to not support the export-grade EDH suite.
The second issue they're warning about is the fact that nearly everyone uses the same small set of DH primes (because generating new ones is relatively expensive and was believed to be unnecessary). They point out that much of the setup work for NFS factoring can be done when you know the prime, so an attacker with considerable resources can do the preliminary setup for the well-known primes and make it feasible to attack individual sessions.
The fix for that is to generate your own prime, or set of primes of various sizes you want to support. (You do this once, and use those primes for all future sessions. It won't be necessary to generate new ones unless your threat model includes ongoing, active attacks targeting you specifically by state-level attackers. And at that point they're probably just going to suborn or compel someone in your organization anyway.)
the most secure configuration possible that doesn't allow all this downgrading bollocks
That breaks interoperability with old clients. Some site owners are willing to accept that restriction of their market, but many are not.
Similarly, if hosting providers and the like go with a "more secure" configuration by default, they have to field more support issues when site owners complain that users are complaining that they can't connect (or "get weird warning messages", or whatever). And support is expensive, whereas leaving your customers vulnerable to security attacks that they don't understand is largely an externality that doesn't cost the providers anything.
Re: "...inventing products that people love, which is hard to put a price on"
The more money you charge the more your customers love you.
That's what we call Veblen goods.
It'd be difficult to support the argument that most Apple products serve as Veblen goods for most buyers. Those consumers appear to be willing to pay a premium for them - on whatever perceived grounds (quality, ease of use, fashion...) - but they're not generally valued primarily for their price as an indicator of the owner's wealth.
wait till you see the sequel
Wait 'til you see the gritty reboot directed by Christopher Nolan, where a sullen, conflicted, amoral Apple tangles with a deranged but charismatic and thoughtful Samsung.
Is this supposed to be a good thing?
Yes, heaven forbid people have a variety of experiences.
You say that like it's a bad thing.
Well, my original e-Ink Kindle, with the case that has the built-in reading light, is more convenient than multiple books / magazines and a clip-on reading light. So I admit there's one electronic device I'd miss if I couldn't use it on a plane. Flying is pretty miserable as it is.
That said, I went for many years using the physical-book-and-clip-on combination, and somehow I survived.
(A couple of times I used a laptop while flying, if I was in Business or First, or back in the days when
SteerageCoach wasn't always jammed to the gills. But I found it hard to be very productive in that environment. It seemed to be more useful to use it for research or entertainment.)
Re: to be clear
The "internal oversight" position is misnamed. It's not so much a matter of overseeing as one of overlooking.
Re: It should be dead anyhow
So you'd rather stay with a protocol that confuses server load balancers and thereby breaks transactions because it uses multiple independent TCP streams?
Yes. If your distributed transaction monitor can't handle that case, then get a better one, or don't extend the unit of work past a single request.
HTTP/2 does a fair bit wrong (as the aforementioned Kamp article1 notes), in its attempts to please too many masters and preempt Google, and not a lot right. There are incremental improvements for use cases that have little to do with HTTP's original purpose, so basically they're stovepiping the protocol rather than forcing people to use something more suitable for task.
I'm in no hurry to implement it, and I bet it'll be a long time before I hear much demand from my customers for it.
1I know PHK is rather the curmudgeon; he seems to be vying with Erik Meijer for the title of Grumpiest Computer Scientist, lately held by Dijkstra. But in my book PHK makes more sense, even when I don't entirely agree, and I'm a bit more impressed with his contributions than Meijer's. I mean, I love me some programming language design, but the world runs on NTP.
HTTP appearing at ref-editor.org
HTTP/2 appearing at rfc-editor.org.
And, no, I'm not going to use "Tips and corrections" until it's a web form rather than a mailto-scheme URL.
Someone checks to see if they can access cockpit control without permission through the airplanes (secure?) network while the plane is in flight with passengers onboard, they can, they tell you about it and you arrest them?
That's what the question actually is.
No, the question actually is "What did Roberts actually say and do?". I, for one, don't trust any of the reporting on this story. I certainly don't trust what the FBI are (quoted as) saying.
Re: I know this may not go over well.
I'm tired of theories being widely proclaimed as fact, only to be later shot down or significantly altered.
Which theory was "being widely proclaimed as fact", and by whom, in this case?
I haven't been paying the closest attention, but I must confess that no one's come knocking on my door to insist that quasars are the result of large amounts of matter falling into supermassive black holes and we shouldn't expect to see four of them hanging out together.
Indeed, when I do take a gander at what some astrophysicists are saying, they seem rather fond of couching their statements in the usual flurry of qualifications, error bounds, and the like. Not readin' a whole lotta dogmatism when I skim the occasional paper on arXiv or what have you.
So they may be more quasar out there that are not shining - as they are out of gas.
I'm no astrophysicist (nor do I play one on TV), but I think that would mean that, by definition, they're no longer quasars - just your common-or-garden supermassive black hole. It's the shining bit that makes one a quasar.
Re: They should've arrested the clown who invented the device
Isn't the e-meter based off the same technology as the polygraph? Galvanic response?
The polygraph measures multiple signals - that's the "poly" part.
The e-meter (the "cans") is a toy1 version of one aspect of the polygraph. Also, in the Scientology promotional films I've seen,2 it doesn't produce a graph, just an instantaneous reading with a meter. They've probably fancied it up by now, though.
1As opposed to the polygraph, which is a fairly sophisticated piece of nonsense technology.
2Dropped by the "church" a couple of times with friends back in my undergrad days, to take their whacky personality-profile test for later mockery. You also had to sit through the film, though it offers some decent MST3K moments. We gave it up when we discovered the Moonies do the same, but with free snacks.
some zombie networks have previously made use of Twitter profiles as a communication channel
Reviewing the reports of that incident, it appears they were using regular tweets, not Twitter profiles, as the channel.
There are plenty of legitimate applications that use Twitter as a channel. It's easy for programs to send and receive tweets, so Twitter is basically hosting a fairly reliable broadcast message service. Why build your own, if Twitter will give you one for free? And one that's easy for developers to monitor and inject messages into in the bargain?
Using Twitter isn't sneaky. It's an obvious choice of an appropriate technology for many applications. Not those that need high reliability or confidentiality or authentication, etc; but there are many that don't.
No, these are bots trying to "follow the price" of another bot that has a programming error as I understand it.
The initial high price that causes other bots to inflate their prices needn't be a bug. It could be one seller trying to inflate all the bot-controlled prices when that seller has another channel for advertising a real, much lower price.
If I had a used book store, and lacked ethics, I'd be looking at ways to surreptitiously inflate book prices on Amazon Marketplace and the like, to improve my store's competitiveness. And that's one obvious way to do it.
Re: Trouble is
Or more generally, all channels are channels. If you can send a signal, you can send information.
Research in this area basically boils down to a form of traffic analysis. It's essentially the same as, say, trying to identify machine-generated online reviews, or any other sort of channel abuse.
People have been demonstrating all sorts of deliberate and accidental covert channels in modern IT systems for decades, with things like EMF leakage, power analysis, IP over DNS, etc.
Re: Could they be using TheReg's comments
On a slightly more serious note: It's quite easy to use plausible(-ish) generated text as a covert channel. One method which should be familiar to anyone who's worked in the area is to adapt Shannon's technique for gauging the efficacy of a natural-language parser, which is basically to run it backward and see it produces natural-sounding text.
So, you take a natural-language model like a PCFG or a MEMM, "tap" it to expose the internal stochastic state,1 and stick it in your sender and receiver. There are plenty of open-source ones available.
To send data, you take the datastream and feed it through the model backward as the state probabilities, picking suitable words pseudorandomly. This produces a stream of text that fits the model, so if the model is decent, you get plausible generated text.
The receiver parses the resulting text and records the state as the model evaluates it, recovering the stream.
It's not clear from the article or blog post how BLACKCOFFEE was encoding the message on the TechNet forums, and the PDF link doesn't work, but since they were just encoding an IP address they probably weren't doing anything this sophisticated. But yeah, you can use techniques like this to get a pretty fat covert channel out of plain text - fatter than what you could do with regular steganography (like varying word choice, whitespace, typos, etc), and less obvious than simply blatting control data out.
1Note this turns your Hidden Markov Model into one that isn't hidden, which is mildly interesting from a theoretical point of view.
One of the odder features of the Mad Max universe is that despite the world being out of petrol, water and manners, the inhabitants still bother to put resources into customising vehicles for no good reason.
Are ... are you not familiar with people?
This would be near the top of my list for "most plausible features of the Mad Max films".
Re: Deuce coupe
"Get the door open?" If you can't jump through the window, you're not allowed in.
Re: Alas for myths...
Much better to use an ocean.
Have you ever tried to reserve an ocean for experiments? It's a sea of red tape.