Posts by Michael Wojcik 12268 publicly visible posts • joined 21 Dec 2007
No doubt they'll get right on that, right after they stop forcing patches down people's throats, stop bundling unrelated patches together, start providing useful explanations of what patches update and why, stop smuggling spyware and forced updates in the patch stream, and finish snowplowing Hell.
Microsoft's update philosophy is "you'll take what we dish out, and we don't care whether you like it".
I don't know about you, but I haven't found a feature-phone with a qwerty keyboard. As long as my family prefers SMS to voice, a qwerty keyboard will be a compelling reason to go with a smartphone.
Once in a while I use other smartphone features, particularly GPS and an ebook viewer. I could live without those, though. (And, really, I could live without a qwerty keyboard, but it's a big convenience.)
But the USA is still the biggest democracy if you measure it by, um ... GDP. Yeah, GDP!
Assuming you don't believe China's "people's democratic dictatorship led by the working class" line. And I don't, because China's fake democracy is clearly qualitatively faker than our fake democracy.
For that matter, if you exclude China, we win by land area, too. (Canada is only bigger if you go by total surface area, according to Wikipedia, which is an unimpeachable source that is never incorrect in any detail.)
From the Linux mprotect(2) man page:
On Linux, it is always permissible to call mprotect() on any address in a process's address space (except for the kernel vsyscall area). In particular, it can be used to change existing code mappings to be writable.
Yes, there's pkey_mprotect(2). There's PaX. There's SELinux. But there are plenty of Linux systems out there where ordinary processes are not running with page-permission enforcement. And the same goes for some other POSIXy OSes. (Some online discussions suggest that MacOS enforces "maximum protections" for pages which prevent using mprotect to change existing rx pages to rwx; I haven't investigated.)
Breaking the CPRNG is one of the oldest tricks for modern computer-based cryptanalysis, of course. It's how the original Netscape SSL implementation was first publicly broken.
In that case, it was Netscape's weak seeding of the CPRNG which was attacked - a completely passive attack (i.e. the researchers were able to break the CPRNG by observing the target machine and deriving enough of the seeding entropy to reduce the seed space to something that could be brute-forced). With Reductor it's an active attack, compromising the CPRNG in memory.
Another infamous attack on the CPRNG was the Dual_EC_DRBG scandal, where the NSA tried to push a compromised CPRNG into the industry, assisted (perhaps inadvertently, perhaps deliberately) by RSADSI.
Firstly the best definition of intelligence, is the ability to focus on different things at the same time
First, "first" is already an adverb (as well as an adjective, a noun, a pronoun, and if you really want to be difficult a verb). There's no need to suffix it with -ly.
Second, in what way is "the ability to focus on different things at the same time" a definition of "intelligence" at all, much less the best one? There are myriad mechanical systems which incorporate feedback loops for multiple factors.
An average iq human can focus their concentration on about 3 or 4 things higher iq's 7 to 10
Rubbish. The IQ metric is largely useless; what it primarily measures is an ability to do well on IQ tests. (I say this as an accomplished test-taker myself.) And while a correlation has been demonstrated between working memory capacity (WMC) and what cognitive scientists call "g factor" (for "general intelligence factor"), it's only one component, it's not clear how much of that is an artifact of the methodologies for determining g factor, and it's not clear what g factor actually means in practice.
More generally, treating "intelligence" as a single attribute that can be meaningfully measured by a single scalar value has been shown time and time again to be reductive to the point of uselessness.
All that said, what any of this has to do with the remainder of your post is unclear, since you then appear to go on to claim that ML can "focus on millions of individual inputs", but is not intelligent. So you've just contradicted your own claim.
You can't predict it using logic because they people responsible for the decisions are not behaving logically.
A meaningless sophomorism. That's not how probability works. Aggregate outcomes do not necessarily have all the attributes of contributing factors. Indeed, usually they can't.
Also, it has yet to be demonstrated that human behavior isn't deterministic, regardless of whether it appears "logical" or "rational".
Wouldn't it be cheaper/easier to actually use a real one?
I haven't read the paper, but it might well have been methodologically unsound. For example, an application might exfiltrate more sensitive information iff an initial contact is successful.
Simulating blocking is easy, and can be done after collecting data, by filtering data for connections that Pi-hole blocks. Then you have both the original no-blocking dataset and a simulation of the putative dataset that would have been collected had blocking been in place. Since blocking was not the object of the study, collecting data without blocking is the correct approach.
By the same token, the GP post's complaint about "the academics" not configuring Pi-hole to block additional domains is irrelevant. That wasn't the point of the study.
The Equifax breach was worse than anything I can recall off the top of my head from Experian. Did you mean Equifax?
In any case, the damage caused by the Equifax breach was mostly to people who consume financial services individually or as couples - consumers getting credit for various personal purchases. They're not Equifax customers. Equifax customers are the providers of financial services.
"People" have very little say in whether their financial-services providers use Equifax. They can ask, but there may not be any viable alternatives (for example, using a local credit union is often better than using a national bank, even if all the local credit unions insist on using Equifax); or using an alternative may be expensive because they don't offer as good a rate.
Agreed, more or less.
User training is important - though often at least as much for those who should know better, such as developers and IT staff. I see still see lots of developers running everything, including browsers and email clients, with elevated permissions. (It doesn't help that IDEs often have to run with elevated permissions in order to install rebuilt components. IDEs are a security nightmare.)
But humans are very bad at constant vigilance. We need to configure end-user systems for security.
They're useful if you want to pretend you're doing something, to people who don't think about it too much.
The US Federal Government, acting through the Department of Transportation, appointed a Nominal Scapegoat as part of their ongoing We're Also Mad About the Election Meddling theatrical production. In an official statement Secretary of the Rich Mnuchin said "eh, throw that to the proles".
as useful as current windows errors messages by change all of them to say "something may have gone wrong"
Windows Update is particularly infuriating this way. 99% of Windows Update failure message are "Installation failed with unrecognized error code 0xvalue", where value is a standard Windows error code that's been documented since the days of NT4 and is trivially formatted using FormatMessage. I don't know if the behavior of WU is the result of appalling laziness or outright evil, but someone deserves a severe beating for it.
Some people, and I know this concept might be strange to many, have passengers instead of a dedicated vehicle per person.
I know this concept might be strange to many, but it's possible for passengers to pay attention to the other people in the vehicle, or to the world outside, rather than obsessively focusing on streamed media.
Some people - I know you won't believe me but if you do some research you will confirm it - WALK!
Some people who walk are similarly capable of paying attention to the world around them.
I suppose that for those addicted to streaming media that a pause while moving is a nightmare beyond endurance. But somehow many of us survived without unbroken connectivity to mass-market entertainment.
Nah, Frank is "a strict functional programming language designed from the ground up around a novel variant of
Plotkin and Pretnar’s effect handler abstraction".
You've probably already guessed this, but "in Frank, the equational theory is taken to be the free theory, in which there are no equations".
Yeah, the likelihood is slim but it COULD still happen. If it does, this language is hosed. My point stands.
It's much, much, much, much slimmer than, say, the likelihood of all life on earth being wiped out by a GRB. Your threat model is idiotic, and your point does not stand.
they merged a few million years short of a billion years ago
Since causality is also limited to the speed of light, for many purposes it's reasonable to use a timeframe relative to us, and say it's happening now. The absolute timeframe is mostly useful in cosmological questions like the one posed near the end of the article about why we find AGNs in relatively old galaxies.
Just like we could never have had IPv6 without IPv5.
It's just a frickin' name. We can have 27G right now if we want - just rebrand 4G.
Personally, my response to the whole kerfluffle will be to ignore 5G. I have no reason to use it anyway. Frankly, for 95% of the things I do with my phone, 3G works just fine; and the other 5% isn't even close to important.
And Reagan had held other political office, and we now know (thanks to analysis of his papers) that he was a policy wonk, who did extensive research and analysis of various issues in the years before cognitive decline caught up with him. I'm not a fan of Reagan's politics and policies, but it's simply inaccurate to characterize him as "just an actor".
Kerberos delegation is where for instance you log into a web front end and that web front end can use your Kerberos credentials to authenticate against remote services such as say a database
That's not "Kerberos delegation". That's the specific basic thing Kerberos does. The front end solicits authentication from the user and passes it to the TGS, and gets a TGT. Then it can use the TGT to get service tickets for whatever remote services it needs.
That's what Kerberos does. If you're referring to something else, you haven't done a good job of explaining it.
Only one option? We have quite a few customers using SLES, and some using Oracle's Linux distribution (I won't speculate why). Red Hat (now IBM) may be the biggest player in the commercially-supported Linux game, but they're not the only one.
For now, anyway. I assume that's part of King Lennart's world-domination plan.
compulsory civics classes in school, which our American chums enjoy
If only. I imagine there are school districts in the US where civics classes are compulsory, but I believe that's relatively rare.
If this report is accurate, only a quarter of 8th-grade students in the US meet the basic proficiency requirement in civics. That's approximately the same as the fraction of Americans overall who can name all three branches of government,1 so the general population isn't doing better than the students (nor vice versa).
As that report notes, increased focus on the basics and "teaching for the test" in schools, thanks to heavy-handed interference like NCLB, is forcing out civics and other "breadth" curricula.
1Animal, vegetable, and criminal.
Let us not forget the "initiate Windows shutdown because I have to leave to catch a flight, and Windows decides to start installing updates, and You Must Not Turn Off The Computer for the next half hour while it does that idiocy".
Thank the gods there's an option buried somewhere (Group Policy, maybe?) to disable the astoundingly stupid bit of code that changes the Shut Down menu option to "Install Updates and Shut Down".
IBM claims a quantum volume of 16 for one of their "20-qubit" machines. That's probably a more meaningful measure of GQC processing power than qubit counts. The advantage of QV is that it's a concrete problem that's sensitive to the sorts of problems that commonly crop up in QCs, so it measures how large a problem can feasibly be solved by an actual machine.
QV is 2 to the power of the length of the edge of the largest square random circuit the QC can model accurately (see link above for details). So the 53-qubit machine, assuming it works as well as the 20-qubit one, might show a QV of 32. Though I note the original QV paper suggests that it's only an appropriate measure up to about 50 qubits.
In any case, the QV of 16 for IBM's five "20 qubit" QCs implies that those are 20 usable qubits - that they can be used for problems of that size.
You can break RSA-64 by naive brute force, so I'm assuming that last bit was a joke.
Exactly. These machines are "available to the public", for some definition of "public", and have "practical" applications if your practice happens to be "let's see what we can do with toy problems using GQC, so we have a better idea of what we might be able to do with a large GQC". (Though, to be fair, even at 50 qubits you ought to be able to formulate problems that are intractable on classical computers; 250 is a respectably large number.)
But you're not going to use these machines to speed up your database searches with Grover's algorithm, or to crack 2048-bit RSA keys.
Unless you've taken a copy of every email, transmission or communication over many years abd then can decrypt that content at your leisure.
Now that the majority of encryption, by volume (i.e. HTTPS to the most prolific websites) is using PFS, you'd better have a lot of leisure time. Even with Shor's algorithm, breaking all those session keys would not be fast. Poly time is bad for cryptography, but it's naive to think that a large GQC will decrypt an enormous volume of stored traffic by magic.
a perfect and quick to setup quantum computer can crack quite a few types of encryption quickly
Not really - at least not the "quite a few types" bit. Basically it's RSA, DH, and DHE; and anything with a key that's too short. Those are commonly-used algorithms (well, maybe not the last, these days), but it's a short list.
IIRC there are though some types that take a similar time to unravel as on standard turing machines.
Entire families of algorithms, in fact. Lattice, multivariate, code-based, and supersingular-isogeny are the main ones.
So changing algorithm is possible (but currently not worth the overhead as there is no risk or need).
Actually, it's already underway. NIST and other standards bodies are running competitions for viable "post-quantum" algorithms. ("Viable" means they offer reasonable performance and key sizes, and have been sufficiently analyzed without their security claims being unduly undermined.) Google and others have created test TLS suites using some PQ algorithms and done some testing with them in the field. In fact, it looks like Google and Cloudflare are conducting experiments with PQ suites in TLS (specifically CECPQ2 and CECPQ2b Kx) now.
We will almost certainly have PQ crypto in widespread use (courtesy of public HTTPS with major volume players like Google participating) long before there are any large general quantum computers known to the public. My belief is that it will happen long before there are any large GQCs, public or secret, in existence. I won't be at all surprised if there are no large GQCs in my lifetime.
All the current algorithms are indeed (technical phrase coming here) completely buggered by a sufficiently large quantum computer.
Not true. All the asymmetric-cryptography algorithms (both for signing and for key agreement) in widespread use rely on problems in BQP - specifically, they can be solved in polynomial time using Shor's algorithm with a sufficiently large general quantum computer. But quantum-resistant asymmetric-crypto algorithms date back to the 1970s (McEliece, Merkle, etc).
In their original forms, the quantum-resistant algorithm families all offered too high performance penalties and/or key sizes versus RSA, discrete DH, and ECC DH. But this has been a very active area of research, and of course computing resources are somewhat more generous now than they were forty years ago. Google did a trial of some "post-quantum crypto" in real-world use a while back; the algorithms are good enough now to be used by sites that don't need the absolute best performance.
For symmetric cryptography, Grover's algorithm offers an exponential speedup in brute-forcing, but the exponent is only 1/2 so doubling the key length negates the advantage, even if operations in your QC were as fast as they were on your conventional computer. Which they wouldn't be.
And, frankly, it's not just a matter of "scaling up"; there are good reasons to doubt that large general QCs are even feasible. If they are, they'd be so wildly expensive and resource-hungry that even state actors wouldn't be able to use them for routine key-breaking.
I don't know why someone downvoted this. I don't know that I'd call the corpus of death-penalty-deterrence-analysis literature "very large", but it's of a decent size (the linked paper reviews some of it). And the paper you linked appears to be a reasonable contribution - I didn't bother checking any of their sources but they discuss methodologies and other issues at some length, and don't seem to be attempting to justify an a priori position.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
