Re: Any 3-eyed fish, six-legged deer or carniverous, sabre-toothed elk?
I think you may have spotted the flaw with this research.
Presumably it's based on a head count?
221 posts • joined 11 Mar 2008
I think you may have spotted the flaw with this research.
Presumably it's based on a head count?
Am I the only one to see a parallel with the VW scandal here?
VW had an agreement with US regulators that said it would test its cars and guarantee they met the emissions standards set by the US. Except they didn't meet them except on paper. Everyone apparently knew that what VW claimed was impossible, but the charade continued until someone called them out.
As it happens, the US also had an agreement with EU regulators that they'd ensure any data sent over to them was adequately protected, privacy-wise, to EU standards. Except it wasn't protected, except on paper. Everyone knew protecting it was impossible because of US law, but the charade continued until a certain Austrian called them out.
The only difference I can see is that victims of the safe harbour agreement stand f-all chance of getting any compensation.
Due to advances in cyber hacking, Swampy and his tree-hugging friends were now able to keep one step ahead of the planners.
If you're ever around town as schools are emptying of an afternoon and observe the typical mothers trailing their kids home, you might notice that on average they* tend to be a bit, err, mountainous.
A non-scientific observation, certainly, but I suspect that the advantage of being overweight or obese might extend to reproductive success too.
*The mothers that is, not the kids. I've yet to observe any largely obese group of school kids, despite what the campaigners tell us.
As the Bootnote observes, all cars have to have some code to handle the engine when it's being tested ... and this code has to handle abnormal inputs so has to be different to the "normal" driving code.
So next you need to write the code to be used during testing. You can make the engine do just about anything that physics allows, so do you write code that fails the emissions test, or do you write code that passes the test?
It's not that hard to see how you end up where VW is.
It certainly seems that VW has crossed a line here, but I'm struggling to see exactly where that line lies. "Cheating" on tests is endemic to all the businesses I can think of. Wherever there is regulation or testing people try to present their product in the best possible light.
That the MPG figures for cars don't scale to the real world is well known. Cars have been designed to perform well in fuel consumption tests for years. So a precedent in the car industry clearly exists. CPU manufacturers and computer hardware/software producers design products that run benchmarks well. So the precedent for using computer technology to influence testing already exists.
When a (pre arranged) school inspection takes place and inspectors observe exemplary teaching, do they really think that evey lesson taught in that school will always be that good? Of course not. They know that schools oppose random inspections for a reason. So it is well established that average performance may be worse than tested performance. When the government imposes performance targets on the NHS or the Police, does anyone think that meeting them won't have adverse effects elsewhere? I don't think so. Everyone knows that targets distort the behaviour of organsations. When the Queen visits and the council cleans the streets and paints all the lamp-posts that she'll see, do we seriously think that Her Maj. will believe that the whole world looks like this? Faking it extends to all levels in our society.
So it looks to me as if most of the things that VW did already have precedents and that very probably most other motor manufacturers are doing the same - on the grounds that "everyone does it" and that it's an accepted consequence of the testing procedure being somewhat limited. I really can't see any other explanation for why they'd risk this, because the chance of being found out eventually must approach 100%. Most likely, they thought it was an acceptable (if somewhat shady) practice that would be tolerated, or they'd be given a mild ticking-off. Given all the precedents, I can see how they might reach that conclusion.
In my view, the red line that was crossed was to have an explicit "cheat mode" implemented in software. It's established that the cars submitted for testing must be production models. Some minor tweaking may be permitted, but swapping the car for another model is definitely cheating. In effect, by having a code branch, that's what VW did because a car is nowadays defined by its software. But the extent to which the two code branches behave differently is a matter of judgement - as to what is and isn't acceptable - and that, in turn, depends on how you present it (e.g. in the media). What VW did seems to have been over-reach, but I can see how they might arrive at that point without feeling any more guilty than normal.
The real failure, however, is in the testing. Testers know that manufacturers game the system and that they need to design tests to defeat this. Not to have recognised that this can be done in software is ridiculous and hopefully that error will now be fixed. Perhaps additional clarity is also needed about what is (and isn't) cheating because clearly some flexibility exists, although this went too far.
If it does turn out that 90% of all the cars on the road today have exploited what is an obvious loophole, then we might be better off chalking it up to experience, accept that an opportunity to drive down emissions has been missed and try to do better in future. We obviously also need to address the balance between CO2 and NOx emissions because it seems you can reduce either but not both. See-sawing between limits on one or the other isn't making things any easier.
To manage online security we'll be using a port knocker.
Good plan... Keep the starboard one as a backup!
I, too, have noticed that some people can look at how a system is constructed and instantly see how it will function. They tend to be engineers and scientists. Software engineers are especially adept at spotting where the system design is broken and likely to go wrong. They also have a good nose for when a functioning system isn't working as intended and the steps likely to fix it. Years of bug-fixing probably accounts for this.
OTOH, there are also plenty of people who can't see the most obvious malfunction coming down the tracks, never mind the more subtle ones. They also see problems where none exist. The "law of unintended consequences" is a phrase invented for these people. Unfortunately, they tend to be economists and politicians.
Not enough people recognise that a law or an economic policy is a system design that needs to be scrutinised by people who understand systems.
Except, obviously, you don't keep vulns in a shed.
So sandbox (or sandboxload) is clearly the correct term here.
Maybe this'll all turn out good, but I'm not sure that's guaranteed. Companies that get interested in security frequently go down a well-trodden path where they keep adding defences against more and more threats, becoming a jack of all trades. And in the process they duplicate facilities that are already available from others (as add-ons in the case of Firefox), often in an inferior and incompatible way.
So I'm not optimistic that Firefox can out-ghostery Ghostery, or out-adblock AdBlock Plus, etc. But I am confident that they can make idiotic design decisions while attempting to do so and make it considerably harder for these exiting add-ons to continue.
Add-ons have the distinct advantage that you can easily swap between them. So when AdBlock Plus started selling its soul to certain "approved" advertisers, there was AdBlock Edge to move to. Now imagine what'll happen when (not if) Mozilla changes things the way you don't like. It'll be take it or leave it, like with all their random UI changes.
For my money, the correct approach is to work with the add-on suppliers to make their job easy by exposing the necessary internals, fixing the bugs that plague them and not continually changing features they depend on. And I include the Tor bunch as "suppliers" as I'm sure they could tell Mozilla a thing or three about the tracking risks baked into its browser.
Please, Firefox devs, concentrate on your core competence and give us a reliable, fast, stable and standards-compliant browser and recognise that you need others to help you with many of the extras - and that you need to make their life easier.
I assume the reason AV software is sensitive is because it can potentially detect malware planted by law enforcement. So obviously you wouldn't want any old crim getting his hands on it (rolls eyes), especially not one with a foreign-sounding name (smacks head).
Although this does pre-suppose that Sophos' AV software detects government-produced malware in the first place. Given that US and UK AV vendors don't seem to be targets for NSA/GCHQ hacking or reverse engineering, that's not so certain, of course.
Or it could just be that if the powers that be don't like you they don't want you to have any software at all. But surely even they can see the futility of that?
Indeed. He has plenty of form when it comes to over-hyping things in an alien-life-on-comets direction, not to say bending the evidence a bit to fit on occasion. Organic molecules on comets have been known for many years, but that doesn't equate to life. It's probably best not to jump to any conclusions about the latter without pretty firm evidence.
Religious leaders have always needed something big and scary so that the church could save you from it, especially so the Church of Rome that has so many people to control. These days, governments are using the tactic rather more effectively than churches, though - and with better memes, what with fire and brimstone being a bit old hat.
Unfortunately for the Pope, however, paedophiles are out (for obvious reasons) and terrorists are a bit risky considering how the Romans would have viewed Jesus of Nazereth. So climate change seems to fit the bill nicely.
It's a bit surprising it's taken Rome so long to catch on to the trend everyone's been following for years. But, then, they've only quite recently caught on to the Earth going around the Sun, so I guess you can't expect miracles.
Just thought I'd point out that to test AV software against a set of files (like dlls) you don't actually have to install those files. This sort of problem can be avoided by just plonking all the files somewhere in a big heap and scanning them.
Presumably someone told Cameron about a wave function and he though it sounded like a great photo opportunity.
Quantum mechanics or quantum engineering? I's so hard to decide. Maybe I could do both?
I think you might have just solved the problem of how to overturn the patent system. I'm sure any decent composer could set that legalese to a catchy tune.
Method and apparatus for producing rounded corners... doo dah, doo dah!
So if I read the article correctly, the existence of a quantum computer would serve as experimental refutation of this theory. These days it's good to find such a simple experimental test of a new theory in physics - and such a well funded one too!
Personally, I'd have to agree with Richard Feynman's original observation that, essentially, the universe has to be able to compute a lot faster than our classical computers do or it wouldn't be able to work fast enough itself. Quantum computing is just a way of harnessing the computing that goes on around us all the time - and it's staggeringly fast.
So did it punch a hole through the engine block (quite impressive) or did it just damage the "engine manifold"? I'm not quite sure what the latter is, but it sounds like it involves only a fraction of the metal mass of the former. If they meant the exhaust manifold, which would likely be quite accessible, then all you'll have is a rather noisy truck, not a dead one.
Looking at the picture and assuming the laser is fired horizontally, the hot spot looks too high to be targeting the main block. I'd think 30kW would also take quite a while to heat the mass of an engine to a destructive temperature, what with it being water cooled and stuff. My guess is that any disabling of the truck is most likely to result from burning the electrics. Quite effective, I guess, but not a patch on what even a small amount of high explosive would do.
These seem to come around regularly and rarely do they sound that convincing; this less than most, in fact.
It's obvious you can design just about anything by natural selection (c.f. the natural world) but you'd be a pretty dumb craftsman if you set out to do it that way and not use a modicum of intelligent design. For a start, you can make small sound holes, then play the violin, then make them bigger and see what changes. That's not random and I can't believe a decent craftsman wouldn't have done exactly that, many times over in fact.
Obviously, sound holes aren't the only important design factor, either, so certainly not the "secret" of Stradivari. In fact, if it were just down to dimensions, machines would be able to turn out top-quality violins by the thousand as they'd be able to accurately reproduce the dimensions of great old instruments.
And the sound holes don't just let the sound out. Among other effects, they allow the "table" (the approximate square of the top plate between the sound holes) to vibrate largely independently and affect the resonances of the whole instrument. Elongated sound holes obviously do that better.
You'd have to think the old craftsmen were really pretty stupid to have spent their whole lives breaking new ground in instrument-making and not realise just a little of this. To the extent that they were no better than a bunch of random monkeys? Pull the other one!
I think it's a basic assumption in climate models that water vapour concentrations are increasing. The thinking is that as temperature rises, so the atmosphere holds more water. It's a positive feedback effect.
But the increased water vapour also allows the atmosphere to transport heat from the earth's surface to the upper atmosphere more efficiently, where it's radiated into space.* That's a cooling effect and therefore a negative feedback.
Both these effects are quite strong. So the net effect depends a lot on getting your model for water vapour correct. That rarely seems to get discussed, but it's quite important and complicated, what with clouds and stuff being involved.
*The radiation absorbed by CO2 has never been able to reach space from ground level (the greenhouse effect is a dumbed down explanation for the masses). The atmosphere is optically thick at these wavelengths and always was. The heat is instead radiated from the top of the atmosphere and it gets up there primarily by convection.
If you're going to do:
rm -rf $somewhere/*
then using "set -u" beforehand might save you a lot of bother in the event that $somewhere didn't get defined or you mis-typed it.
I'm sure it'll all be very nice and shiny when it's all agreed and implemented. But the trouble is, having gone to all that effort, in 50 years time they'll still be using the effin thing. Much like how it still takes 7 working days for a cheque to clear.
You'd think that with a brain the size of a planet and a subject of such fundamental importance, he'd at least come up with an original thought - even a small one. Wouldn't you?
But instead he says something that's been said about a million times ever since the idea of a computer first arose. Maybe he's just discovered SF and it's got him all fired up to the extent he didn't bother checking if anyone else had ever pontificated on the subject.
Tell you what Stephen. Submit a paper with your thoughts on AI to your favourite scientific journal and let's see how impressed the referee is to hear that old saw again.
Over the years, a number of Scotchmen have informed me that the only thing the adjective "scotch" can be applied to is whisky. Obviously, as an Englishman, I consider that to be nonsense and object with eggs, mist, corner, butter, hop and many other examples of ancient English usage. But they are insistent.
So what's Carmen's take on this as a Scotchwoman? Do they call them Scotseggs in Scotland, or just eggs?
I'm not sure it's accurate to say this is the first layman's book on quantum biology. McFadden's earlier book "Quantum Evolution" surely counts (there may be others). That book was a rather fanciful and unscientific exposition, although interesting.
But what's all the fuss about quantum mechanics and biology? Self evidently QM influences biology. Without it atoms and molecules wouldn't be stable (the entire world wouldn't exist). The quantum de-localisation of electrons makes much of chemistry (hence biology) possible. Of course reaction pathways follow the routes that QM allows even when they're classically forbidden: QM was invented to explain the behaviour of atoms after all.
What's more contentious is whether the more "spooky" quantum effects can survive and be observed at a macroscopic scale. McFadden's first book was full of such claims, but little of it convinced me. As this subject advances, it seems to be leaving these wilder claims behind and focusing on more mundane aspects of QM that amount to - well, little more than normal chemistry to be honest. If the macroscopic consequences of QM in biology are so remarkable, then so, also are other simple facts, like the existence of solids and liquids, electrical conductivity and countless other phenomena we take for granted.
Penrose's conjecture certainly retains the essence of "spooky quantum action" and deserves more study than it's been getting, but apart from that, I say "meh" to quantum biology.
I guess this will just lead to the alternative of allowing your nudie pics to be posted on the internet by your lover. Then, when you get jilted, you claim you never gave permission.
Indeed. One of the most important experiments in physics, although it routinely gets overlooked when documentaries are looking for the big moments in science.
It also sounds suspiciously like the gear used to look for gravitational waves. In fact, from the description I can't see how you'd tell the difference if you did detect something. Presumably there'll be a subtle signature in the signal that's below the noise level of journalists.
There are lots of people who are scientists (but not climate scientists) who have plenty of relevant knowledge for assessing the work that climate scientists are doing. Many of them have extensive knowledge of data analysis, computer modelling, physics, chemistry, statistics and all manner of other subjects that are very relevant to climate study. Many also work in far stricter disciplines, where the scientific method and the burden of proof are adhered to far more closely than in climate science and where being a sceptic is seen as fulfilling a valuable scientific role.
Many people with these sorts of backgrounds look at what climate scientists are doing and feel they are letting science down, badly. They can see very little scientific rigour being applied and no scientific basis to the theories that predict future climate - principally because none has ever passed even the simplest of experimental tests. These details are important, because they are what distinguishes science from opinion.
So, to put it bluntly, there is every reason to think that the man-in-the-street's opinion will be just as accurate as that of the climate scientist, because neither is doing science.
No matter how "good" they are, why would I go there to buy something they don't stock? Small places inevitably don't have as much stock. When buying books, the range available is quite important. That's why Amazon is a better solution, quite apart from the price.
Standard suitcases already contain most of the required sensors for this sort of work. They contain plastic parts that fracture at a pre-determined impact to detect rough handling. They have bendable metal handles that detect excessive loads (just check to see whether the handle will still pull out when it arrives). They also have absorbent coverings to detect moisture and many will reveal contact with abrasive or sharp objects by ripping.
Of course, you can also install your own sensors internally; a cheap bottle of wine will reveal if the bag has been thrown around by imparting a red stain to your undergarments.
Technically, I think he has stopped. Unless he uses it again, of course. But you won't know that until he does, so it's too early to complain yet.
Actually, that they're orbiting at 300 times the speed of sound is about the least extraordinary thing about them. In astronomical terms, that's a boring, pedestrian speed.
This is an insulting first step towards failing to rebuild trust in our transatlantic relations.
Yes, definitely a bit vampire squidish, that.
"If they accede to demands without sending them to court, Google are pro censorship, and their previous freedom posturing is exposed as lies!
And if Google send things to the courts, then Google are arrogantly attempting to defy their obligations under EU law!"
But that's pretty much the dilemma we all face, including the law itself. Either we're in favour of censorship or we're in favour of violating privacy. Unless we all agree on exactly where the dividing line falls (and there's not much chance of that as it's a political judgement as much as anything) then there's no squaring this particular circle.
The usual solution in such cases is to enact some fairly vague and ambiguous laws so that only those people who care enough to spend a fortune going to court ever need a firm decision. The rest of us just have to lump it because we can't afford the money or effort to fight. In the case of data protection, you also set up a watchdog with no teeth to take the wind out of people's sails if they have the cheek to complain
Looks like we're fairly well down that path already.
I guess they were just miffed he didn't get any publications out of it.
One big difference between the US and UK is that we drive on the left in the UK. But I guess we should be OK there, so long as NASA don't get involved.
Small group of people on Twitter get annoyed about something trivial. What a great story that'll make.
Sounds like business as usual to me. Actually, maybe just a brief holiday before returning to normal.
Why all the fuss?
...when an automatic software update bricks them all at once?
Cut out the middle man...
You're right. Browsers are already too complex - a bit like operating systems became, in fact. I think it's time we stopped using "a browser" and had browser distributions like we have Linux distros. That way, projects could more easily set up new forks of (say) Firefox and just use the bits they like.
More importantly, they could also add in any extras they want and could enhance neglected areas (like security and privacy) without taking on the massive challenge of supporting an entire browser. At one time, Firefox's extension mechanism was a great strength, but many extensions now look like little more than sticking plaster and just provide an excuse for not tackling fundamental browser problems.
We need to develop an ecosystem where competition can help drive forward the individual component parts of a modern browser and take control out of the hands of the big players.
Or that you can use a ruler to measure any length so long as it's not 10cm.
I doubt they can do that. Amazon has probably already patented the idea: "Method and Apparatus for issuing daft patents...".
"Dont need link scanning, email scanning, network lock downs, child monitoring, arbitrary trusted app levels, convoluted firewall blah blah blah..."
You need to tell that to pretty well everyone who's writing stuff these days. No-one seems happy any more with software that does what it needs and nothing more. If another feature is possible, then it needs to be added... and on and on... until it collapses under its own bloat. AV, unfortunately, is not alone in this by a long way.
That's not to say it doesn't deserve to die, though.
...should cost more if you're wearing big glasses.
Especially if you've more than one OS installed. Breaks as soon as you look at it. Fortunately fixing it is usually pretty simple. Overall, not necessarily a good situation, though.
I guess it's just become over-bloated as these things always seem to do.
No, the real bug is having a software development system that allows someone with insufficient experience to add code to a system that needs to be secure - and then not having a sufficiently robust review process in place - and then installing that software in a critical situation on huge numbers of servers around the world.
This bug is the sort of mistake beginners make (I believe the culprit was still at uni). I'd be embarrassed if I put a bug like that into a one-off throw-away lash-up. But somehow it got into openSSL which everyone regarded as secure.
It's a bit like the debt-laundering that took place before the financial crash. Everyone thought the debt was solid, but simply because no-one bothered to look at the fundamentals. I think this incident has shown FOSS security to be based on similar principles.
In my view seeing a naked memcpy call at all in supposedly secure code is like walking into a restaurant kitchen and seeing a big pile of rotting carrion on the floor. The staff may know not to handle it before dipping their fingers in the gravy, but it's a clear danger that you don't want to have around. It may cost to clear it up, but that's what you have to do.
memcpy is a big red flashing warning light that says "make damn sure you've checked and sanitised every bit of data that goes in and out of here" (not only memcpy, of course, but quite a few other C functions). In fact. I'd suspect simply looking for all the memcpy et al. calls is a pretty good way of finding vulnerabilities. The best approach is to wrap them up pretty tightly. Even that's not 100% secure, but it does make a difference and in security code it's 100% worth doing.