* Posts by Orv

790 posts • joined 13 Aug 2007

Page:

Facial recognition software easily IDs white men, but error rates soar for black women

Orv
Silver badge

One of the tricky things about that is, because a lot of what we "see" is interpolated by our brains, we're kind of fooled into thinking our eyes are much more reliable sources of information than they actually are.

One interesting example is a friend of mine who has migraine headaches that come with blind spots in his vision. He said until a blind spot covers about a third of his central visual field, he can't see it directly; the brain fills in what it thinks should be there, and he ends up looking at objects and not seeing them, or seeing blank pages where there should be text. There's a threshold beyond which the brain can no longer patch things over, and then he sees the blind spot as a shimmery area.

As the joke goes, any engineer who built a camera as bad as the human eye would be fired...although I think we'd cut them a lot of slack if they'd built it out of jelly and meat.

2
0
Orv
Silver badge

Re: Is spreading

If the facial recognition is so much more poor with darker skins, then mainly white "persons of interest" will get flagged up by facial recog.

That depends on whether the failures are false positives or false negatives. It could be the software will decide all black people look suspiciously like its database of perps.

1
0
Orv
Silver badge

Re: Really

A lot of the problem there is you'd really have to be clear on what the intention of the data was. "People who use male pronouns," "people with an M on their driver's license", "people with a Y chromosome," "people with high testosterone levels," and "people with a penis" are sets that do not entirely overlap, but we often act like they do. As a result we tend to ask the wrong questions and get not very consistent results.

It's also worth noting that even given a set of only cisgendered people, humans do not guess gender 100% correctly. I've seen studies that showed faces with more contrast were considered more feminine, which suggests that our mental algorithms are skewed by our "training set," so to speak, having a lot of women wearing makeup in it.

3
0
Orv
Silver badge

+1 for referencing a show that should have gotten more attention than it did.

1
0
Orv
Silver badge

Re: So facial recog is not reliable for non-white skin

Blacks get subjected far more than whites to unjustified police contact (for example, "driving while black" really is a thing...

I remember being somewhat startled to find out that every black person I knew had a story about being pulled over and harassed by the cops for no reason other than being black and driving a car. And these were well-off professionals.

4
0
Orv
Silver badge

Surely it's absolutely not racist since the one thing it can't do is discriminate?

That's a bit like saying that there's no problem with racial minorities being shot by police, because guns can't see skin color.

Computer software can't help but reflect the biases present in the data sets it's trained with (AI), or validated against (manually coded algorithms.) One of the dangers here is that computers will become a way to codify bias in a socially acceptable, plausibly deniable way. "It's not me, it's the computer."

1
1

Hua-no-wei! NSA, FBI, CIA bosses put Chinese mobe makers on blast

Orv
Silver badge

Re: Well, duh

Sadly, my ZTE phone has held up *way* better than my Sony phone did. Build quality on the Sony phone was pretty bad, the screen started de-bonding from the casing within a year.

5
0
Orv
Silver badge

Is the problem that they're worried the Chinese government has backdoored those phones? Or are they worried that *they* won't be able to backdoor them? I imagine it's a lot harder for a US agency to secretly lean on a Chinese-based company.

On the whole I think I'd rather have the Chinese government spying on me than my own government.

8
1

From July, Chrome will name and shame insecure HTTP websites

Orv
Silver badge

Re: I need a HTTP page to force a redirect to my corporate wifi access

Does it even necessarily have to be a valid HTTP page? In my experience anything with a DNS entry is usually good enough for the sign-in hijack.

These days most OS's I use will automatically detect that hijacking is happening, and pop up a window with the sign-in page, anyway. I only rarely have to trigger them manually. We really need a better system for this, though.

0
0
Orv
Silver badge

Re: Fuck off Google

I'd argue that that's a problem with the design of the access point, though, not an argument for using plaintext communications.

0
0
Orv
Silver badge

Re: yet more encouragement ...

I'd argue that if you're running Certbot as root, you're definitely doing it wrong. There's nothing about it that needs root access. It needs write access to the certificate files and possibly your web directories (depending on your validation method), but that doesn't have to involve system root access.

3
0
Orv
Silver badge

Re: "In compliance"

True, but it's not just Google making this call. More and more web tech is TLS only. HTTP2 mostly is. (The spec supports unencrypted connections, but hardly anyone implements it.) Web workers are. The writing is on the wall, the HTTP specs are not going to support plaintext at the same level of functionality as TLS, going forward.

0
2
Orv
Silver badge

Re: Fuck off Google

I think the idea is more to prevent ISPs from doing ad injection, public access points from snooping your data, coin miner injection, etc. It's not all about protecting credit card numbers.

I haven't seen a public WiFi hotspot that required me to add a security certificate yet. That certainly sounds shady. I have been to ones that required me to try to access an HTTP site before I could get to their sign-on page. The sooner this kind of broken sign-on process goes away the better, and if wider use of HTTPS accelerates it, great.

4
0
Orv
Silver badge

Re: yet more encouragement ...

Agreed, if you can't even put in that level of effort, self-hosting may not be for you. I mean, even SSL aside, you do have to keep up with security fixes and such. It's not fire-and-forget.

5
4
Orv
Silver badge

Re: Dumb move

Chrome sends everything you type even local network hosts off to the chocolate factory.

Settings, Advanced, Privacy and Security.

Uncheck "Use a prediction service to help complete searches and URLs typed in the address bar."

2
0

Winter is coming for AI. Fortunately, non-sci-fi definitions are actually doing worthwhile stuff

Orv
Silver badge

The problem is you're unlikely to find a smoking gun in the algorithm itself. What you really care about is the training data.

But to be honest we don't really need the algorithm to determine if something is discriminatory. For example, the algorithm for credit scoring is proprietary, making it a black box, but its disproportionate burden on certain groups when they try to not just borrow money, but also rent housing and land a job, is well-known.

2
0
Orv
Silver badge

I feel like we sort of redefined AI downward until it matched what we already knew how to do, and then declared we'd conquered AI.

A lot of what's going on is statistical methods, like Bayesian classification. Calling it "intelligence" is a big stretch. Even calling it "learning" is a bit iffy.

5
0

Beware the looming Google Chrome HTTPS certificate apocalypse!

Orv
Silver badge

Re: Class Libel Suit anyone ?

That's why to many others I speak with, this Google initiative looks like a form of extortion.

Uh, except as far as I know Google doesn't sell SSL certificates. They don't stand to make a cent from this.

2
0

NASA finds satellite, realises it has lost the software and kit that talk to it

Orv
Silver badge

Re: It was also HARDWARE that no longer exists.

Yeah, that's another popular way to get rid of it -- make it someone else's problem. ;) What doesn't go to universities or other agencies usually gets auctioned off, which is where most of the stock for military and electronic surplus stores comes from.

People used to working in the private sector, where equipment depreciates until it's worthless on the books, really have no idea how much of a hassle public sector equipment disposal is. There are very few things that can legitimately just be thrown out, and documentation requirements are pretty thorough. It's all in the name of eliminating opportunities for fraud, but I sometimes wonder if it costs more money than it saves.

0
0
Orv
Silver badge

Re: Doesn't matter.

I think the RTC chip thing was speculation, but you're right that it would have been kind of unusual to use Windows (or even x86) for this kind of project back then.

0
0
Orv
Silver badge

Re: Future humans will only find

A future race evolved from crows will some day wonder who this "Aol" deity was that we memorialized on so many shiny, shiny objects.

7
0
Orv
Silver badge

Re: Those who do not understand Unix are condemned to reinvent it, poorly.

If you have the source code then recompiling it for your current Unix will not be hard.

Oh, boy. Part of my job used to be helping people reproduce results from old computational linguistics papers. These generally involved software someone had written 20 years ago on SunOS 4, used for their thesis, then forgotten. Getting them to run on anything modern took a lot of makefile and compiler flag tweaking, at a minimum. Both the standard library and the assumptions about processors have changed a LOT. It was pretty common to run into code that hard-coded the size of int, for example.

7
0
Orv
Silver badge

Re: It was also HARDWARE that no longer exists.

I think it also helps to understand how government-owned equipment is tracked and handled.

In a public agency, when you buy something, it goes on the books at the value you paid for it. Unlike in private industry, it does not depreciate. You have to account for that thing, at full value, until it's eventually auctioned off.

This makes retaining disused equipment a real pain in the butt, because someone's going to have to go physically find it and inventory it every time there's an audit -- otherwise you'll have headlines about how your agency "lost $1.2 million in equipment paid for by taxpayer dollars" even though that equipment was worth more like $1200 by that time. Or someone will come along and ask why you're renting all that space that no one's actually using (another big budget criticism of government agencies.)

If you keep archiving stuff, eventually your budget becomes dominated by that, and you can no longer do your agency's original mission. The best outcome is to donate it to a museum for archiving, but museums aren't always interested, especially if the equipment is bulky or is mostly just obsolete commodity hardware.

Stuff in storage becomes a real bureaucratic headache and the incentive is to dispose of it, which is usually a good thing. Space is limited, after all. Often ground station equipment is removed to make room for a new mission. Remember, this satellite was dead as a doornail last time they checked. It's not like they pulled the plug on Voyager or something.

That's not to say NASA couldn't do a better job with archiving important data from landmark programs -- I once met a guy who had the data tapes from Viking I in his basement, for crying out loud. But I don't think this particular mission is an example of that. You have to prioritize.

15
1
Orv
Silver badge

Re: When the Orange One is slashing anything

Pfft, Congress doesn't pass budgets anymore. They just kick the can down the road a few months at a time with continuing resolutions.

19
0

Data-by-audio whizzes Chirp palmed £100k to keep working with EDF

Orv
Silver badge

Re: How?

From context I think they mean intentionally-transmitted electromagnetic signals -- radio waves, in other words.

0
0

Unsanitary Firefox gets fix for critical HTML-handling hijack flaw

Orv
Silver badge

Re: "chrome"

The ironic thing was the early versions of Chrome had *less* chrome than contemporary browsers.

4
0

Twilight of the idols: The only philosophy HPE and IBM do these days is with an axe

Orv
Silver badge

Re: Its not Marx but women

Traditionally tech companies have gotten where they are by capitalizing on innovations created by women. (See also Rear Admiral Grace Hopper, Hedy Lamarr, the ENIAC programmers, Evelyn Berezin.)

7
2
Orv
Silver badge

Re: East India Company Marx

I'm not sure you can compare corporations from the East India Company era to the way corporations work now. Back then they required a royal charter, and were in many ways privately-operated arms of the government -- in return for which they got limited liability. Nowadays they're all essentially free agents, and the limited liability is just taken as read, not a reward for doing the government's bidding.

Adam Smith, interestingly, believed that corporations would not be as effective as private ownership because people would not be as careful with others' money as they were with their own. I think this article demonstrates this argument was correct, but also irrelevant.

6
0
Orv
Silver badge

Re: "What is IBM?"

We're a long way from the days of "nobody ever got fired for buying IBM."

7
0

Firefox to emit ‘occasional sponsored story’ in ads test

Orv
Silver badge

*gets out the popcorn*

1
0

Microsoft works weekends to kill Intel's shoddy Spectre patch

Orv
Silver badge

Re: The WinTel Cartel...

"Premature optimization is the root of all evil." -- Sir Tony Hoare

Calling the library's sort() function may not *always* be the best option, but it's usually the place to start. Among other things it's more likely to have odd corner cases covered than something written based on vague memories from a freshman C++ class. ;)

One of the things I've learned, in this era of optimizing compilers, is trying to be clever about things often makes the code slower instead of faster. This is true even in high-level languages like Javascript. For example, trying to find a clever way to catenate a bunch of strings often ends up slower than just looping with the catenate operator, because that case is optimized in most Javascript interpreters.

2
0
Orv
Silver badge

Re: The WinTel Cartel...

Spectre isn't even unique to Intel, is it? I thought any CPU that did branch prediction was vulnerable. (Which ironically means Intel's Itanic architecture wouldn't be...but ARM is...)

2
0

Meltdown/Spectre week three: World still knee-deep in something nasty

Orv
Silver badge

Because it may be simple in concept, but it's not *obvious*. Those are different things. It's not that speculative execution is flawed, exactly, it's that its implementation in real-world systems leaves room for a timing attack that leaks information.

This isn't a direct analogy, but imagine you were trying to figure out the precise route that a truck was taking across Manhattan. If you had knowledge of the street grid and the traffic light timings, you could eventually figure out its probable route by measuring the total time of its trip. This isn't because of a particular design feature of trucks, streets, or traffic lights. It only comes up with they're combined into a working system. Similarly, you would expect any truck to be vulnerable, because trucks all have certain things in common (they drive on streets, they have to stop at traffic lights, they're affected by traffic.)

3
0

Destroying the city to save the robocar

Orv
Silver badge

Re: why are people seeking to preserve the concept of the city at all?

it should be obvious that their introduction will require the ability to mix with manual control vehicles

And *that* will be interesting. Especially when people realize the automated vehicles can be gamed. e.g., "if you need to squeeze into a lane of traffic, just look for one of the new Teslas, they hit the brakes as soon as you swerve toward them."

1
0
Orv
Silver badge

Re: Obviously the solution is....

Not sure if it's legal? Ever consider RTFM? Seems unlikely a simple Google search wouldn't find a link to your road rules if you could be bothered.

It's hard to find anywhere it's clearly and unambiguously addressed. Also, there's the law, and then there's a traffic cop's understanding of the law, and it's the latter that matters. They often aren't the same thing when it comes to edge cases like this.

0
0
Orv
Silver badge

Re: Delivery Bots have to solve the Dalek problem

How do they get upstairs? Seriously how do they deliver to some apartment in the 10th floor of a block of flats? Don't many of the houses in San Francisco have a flight of steps up to the door? Not all entrances are at street level.

Maybe, if there's enough money involved, this will finally result in wheelchair access to those buildings?

4
0
Orv
Silver badge

Re: A strange idea

I think you're missing that there are some things that still can't be efficiently provided in places with low population densities. These include:

- Clean water

- Sewage treatment

- Fast internet

I've lived in rural areas before, and trust me, having a well and a septic field (which you have to have enough land to keep suitably apart) is a pain in the ass, and brings with it all kinds of limitations and complications. In the suburbs you can still bring these things to people, but the fewer customers per mile the more the cost goes up.

Even electrical power is less reliable in rural areas than in cities, and the only reason (at least in the US) that it's not massively more expensive is it's subsidized.

6
0
Orv
Silver badge

Re: Obviously the solution is....

hey don't watch their mirrors, don't signal clearly, don't block off the curb-side when turning right (on right-hand traffic) to prevent cyclists getting in their blind-spot, don't watch before opening a door, etc, etc.

I do all these things, although even after years of driving in cities with bike lanes I'm still not sure if it's legal for me to cross into the bike lane before making a right-hand turn. I do it to avoid hooking someone, but I fully expect to get a ticket some day. Expecting me to turn across a lane I can't legally enter just seems crazy.

3
0

Let's Encrypt plugs hole that let miscreants grab HTTPS web certs for strangers' domains

Orv
Silver badge

Re: Too much trust being put into certificates?

I'm not saying that MITM is routine and easy in the *current* system. I was responding to the idea that trusted third parties are unnecessary. Without them, MITM is indeed quite simple.

0
0
Orv
Silver badge

Re: Too much trust being put into certificates?

I think the problem is encryption without some form of proof of identity only creates an illusion of security; you don't know if the connection is to your intended website, or to a man in the middle who's posing as the legitimate site (and then possibly forwarding the traffic on to it.)

About the only thing that un-authenticated encryption does is slightly deter bulk data collection and storage. It does nothing for any kind of targeted interception.

2
1

Drone collisions with airliners may not be fatal, US study suggests

Orv
Silver badge

Re: What About...

Fortunately drones don't usually fly in flocks, unlike birds, so the odds of multiple strikes are probably low.

Not to say it couldn't cause an accident -- there are a disturbing number of accidents where an otherwise survivable engine failure turned deadly when the crew shut down the good engine instead -- but it's in principle recoverable.

0
0
Orv
Silver badge

Oh, aviation is especially fun. It's mostly in "dinosaur" units in the US -- speeds in knots, altitude in feet -- but older aircraft sometimes have airspeed indicators calibrated in *statute* miles per hour, and distances can be given in either. Vertical speeds are sometimes given in fpm, sometimes in knots -- although in that case the conversion is at least simple (1 knot = 100 fpm).

0
0
Orv
Silver badge

Re: How is this different than birdstrike?

Luckily, locomotives are not required to fly, so don't have the same sort of weight restrictions.

In fact locomotives are frequently built heavier than necessary, in order to improve traction. The coefficient of friction between steel wheels and steel rails isn't great, and traction ("adhesion," in rail parlance) is often much more of a limiting factor than horsepower. All they can really do to improve this is add wheels, which has its own limitations, or add weight. Some yard switchers are actually ballasted with concrete.

0
0
Orv
Silver badge

Re: How is this different than birdstrike?

All birds should be refused a licence to fly near aircraft...

At least until ATC has assigned them squawk codes.

3
0
Orv
Silver badge

Re: How is this different than birdstrike?

As I recall there was a major cockup at one test where the birds were still frozen.

I hate to be "that guy," but this is an urban myth.

4
0
Orv
Silver badge

Re: 250kts assumes

While the speed restriction under 10,000 feet is 250 knots, bird-strike testing on windshields is done at 350, so there is some margin for error here. Most drones top out around 40 mph anyway, in the same range as avian cruising speeds.

1
0

Ubuntu 17.10 pulled: Linux OS knackers laptop BIOSes, Intel kernel driver fingered

Orv
Silver badge

Another reason BIOS should only be stored in read-only ROM chips.

Most BIOSes go through multiple revisions over the life of the machine -- sometimes to fix bugs or security holes, but often also to enable using larger memory modules or newer processors. I don't really want to have to dig out a screwdriver and have them mail me a new chip every time I need an update. This would also cripple interesting projects like coreboot.

This is not a new issue, incidentally -- the "Kickstart" BIOS for the original Amiga 1000 was so half-baked, they put it on a floppy and had the machine load it on boot. Later machines got it burned into ROM, though.

4
0
Orv
Silver badge

Re: The Intel Driver bug is possibly a bit more present than Intel lets on.

In many cases the soldered-in ones in laptops aren't primary cells like the old CR2032, they're rechargeable batteries. Maybe I've been lucky, but they've always long outlasted the main battery, for me.

2
0
Orv
Silver badge

Re: Jumpers

"Unfortunately, the write protect switch on an SD card doesn't connect to the circuitry inside it. It's just something the card slot detects. So the slot has the option to override it."

Yup. In fact, I have custom firmware for my Canon digital camera that uses the SD card write protect "switch" as a toggle. Unlocked = normal firmware, Locked = custom firmware (which then overrides the lock to allow writing.)

2
0

Firefox 57's been quietly delaying tracking scripts

Orv
Silver badge

Re: So if it knows what the tracking stuff is

"and banning JS scripts willy nilly is tricky"

I think this is a lot of it. I use Privacy Badger, which isn't as aggressive as NoScript, but I still frequently run into pages that it completely breaks until I turn it off again. A feature that's built into the core browser, and on by default, can't really risk that much breakage.

0
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018