Posts by T. F. M. Reader 1196 publicly visible posts • joined 19 Dec 2012
Prokofiev's opera Romeo and Juliet
Mmm... <pedantic>That's a ballet, actually...</pedantic> But that does not invalidate the argument at all.
My go-to example of opera and other types of music mixed together is Verdi's Anvil Chorus (Coro di zingari in the original) from the 2nd act of Il trovatore that has been reused almost in every genre imaginable. From big band jazz (Glenn Miller) to Marx Brothers to Muppets to, indeed, metal. Hell, there was at least one metal band called Anvil Chorus, an album of this name, etc.
[DIsclaimer: I am not an expert on metal history although I listened to some of it way back then. I just googled "anvil chorus metal" and references popped up.]
More than once I heard or read criticism of this particular creation of Verdi's on the grounds that it is rather low brow because it resembles something popular, hence "plebeian", too much. Little do the critics know where that "low brow" music really comes from...
Better yet, vendors should hire professional "adversarial testers" and not ship "solutions" till the "red team" is satisfied. A fairly standard practice with penetration testers today. Well, fairly standard in some circles... Some narrow circles...
First, the profession of adversarial testers needs to be created though. Any VCs 'round here? I have a startup to sell you...
You can get a 98% false positive rate in an experiment if the algo's false positive rate is tiny.
Suppose the face recognition AI has a 1% false positive rate. I.e., given a 100 innocent mugs it will wrongly recognize only one of them as a criminal. Now conduct a "trial" on a set of 9,800 people coming out of a particular tube station during a given day. There may be 2 real criminals in the bunch, but the AI will flag 98 innocents in addition to them. Out of 100 people identified as criminals in the trial 98% will be false positives.
This is sometimes calls the prosecutor's fallacy. Suppose they drag you into court for murder and prosecution says that you must be the murderer because your DNA matches a sample taken from the murder weapon, and the false positive rate of DNA matching is one in a million. However, if that is the only evidence against you then, if the set of potential murderers is 4,000,000 (say, the adult population of the large city where the murder occured) out of whom only one person is actually guilty, then 4 of the innocents will match the forensic sample by chance and you may simply be one of them. Were the CSI boffins to take DNA samples from everybody in the city then chances would be that they would find 5 matches - one true criminal and 4 innocents. Out of that sample the probability that you are the bad guy is only 20%. That's "reasonable doubt" (or whatever the proper term is in your jurisdiction) right there.
This is why forensics (DNA, fingerprints, etc.) should never be the only evidence on which the whole case hangs. They may provide supporting evidence (A, B , C, and the DNA also matches), but "science" is not enough to convict someone of murder on its own.
The subject is a serious question. Will you get a comparable outcome, say, with 120K images and 10 GPUs? With 12K images and 1 GPU?
On a less serious note, I can't get rid of the following line of thought easily: what is the fastest way to get "trained" to a level of an academic degree?
1. Pay up front to a "correspondence university" in Eastern Europe or South-East Asia or elsewhere.
2. They will declare you "trained" really, really fast, maybe even faster than you can brew a cuppa.
3. It will all be rather artificial, you won't get any real knowledge or skills, but answering questions like "is it a cat?" with 58% accuracy may still be a realistic outcome. Actually, 58% of your subsequent decisions in a managerial capacity may be correct, too.
And back to the serious mood again: it is easy to mock such a "record" given the demonstrated lack of test accuracy, but a negative result is just as important as a positive one, assuming it is novel. It may tell people, don't go there, and it may point someone in a direction of improvement.
Brian Dodge: COO of the Retail Industry Leaders Association, which has persistently argued that self-regulation is the best solution to data privacy.
Brian Dodge: CEO of the BSA, aka The Software Alliance, which was established and largely steered by Microsoft.
Is it the same Brian Dodge or two different Brian Dodges?
... how disclosure "would compromise law enforcement efforts in many, if not all, future wiretap investigations." The information already available is more than enough for any interested party, be it someone who is up to no good or someone who is simply concerned for his/her privacy, to decide whether or not Facebook Messenger or calls can be considered private.
Clearly, FB can decrypt the calls in principle, at least by changing some internal working of their software. Clearly, the government wanted them to, and they refused so far. While I would indeed be interested in the arguments provided for and against, and in the technical details of the possible decryption mechanism, this is in the realm of intellectual curiousity and, possibly, civil interest (what is the government up to?).
Operationally, however, those details do not change a thing. If such decryption is implemented some woefully uninformed bad guys will be caught and the well informed ones will not, regardless of what the details are.
Frankly, at this point I see only two reason to keep the details secret. One is to make it harder for less-than-competent lawyers to come up with arguments why evidence gathered via such wiretapping may be inadmissible in court. The other one may apply in case where the secret arguments demonstrate the decryption is very, very hard indeed: there may be this idea that scaring a few bad guys and, crucuially, a whole lot of law-abiding citizens off a reasonably secure channel of communication is a worthy goal. IANAL, but I seriously doubt either line of reasoning can lead to good laws, and IMHO anyone who adheres to such arguments in setting legal precedents is not fit to be a judge.
Too lazy to read the original paper: does it allude to the age old parable about blind men checking the texture of various parts of an elephant and coming up with different conclusions regarding what it looks like?
@steelpillow: "It will take an army of them several years to figure out the bleedin' obvious."
Don't misunderestimate them: it will take a few years's worth of research grants and VC money to write a few versions of image recognition software and then painstakingly analyze what it is doing wrong. Note that what the software prioritizes should be recognized a priori by the people who actually program the priorities in (like texture before shape - that is not the "AI" part of the whole business), but never mind... Then new versions of software, better at distinguishing cats from elephants, will be written, and new tests will be devised and new experiments will be run... Grant/VC money will be provided as long as it is regarded as "strategic", which comes and goes every 20 years or so.
Some 40 years from now the cat/elephant controversy will be licked and someone will ask whether AI image recognition can distinguish between a cat and a lioness... If we ever get there.
Cynical? Moi?
"...add the further thought that Yiddish is generally written in roman script (i.e. ascii) while Hebrew is not."
Another thought coming: same alphabet, actually, at least according to the most authoritative or sources.
Not just "early implementations"... NTP is a method to correct for small drift of the internal clock, not to set the correct time under all circumstances. If your clock is wrong by more than some maximal amount (which may be implementation-dependent, but usually equals 1000s) then NTP will not correct the clock.
This even if NTP were available at the time of the story whether or not it could be effective would depend on what exactly happened to the clock under the influence of the kitchen machinery in question.
Besides, changing NTP settings in the organization might or might not be possible/acceptable just to fix one single computer under a vendor support contract (surely you know what I am talking about).
@dfsmith: dumpe2fs -h /dev/md1 | grep Reserved
It's a safety measure. Linux always reserves 5% of the disk space to allow recovery if the disk is "completely full" (i.e., 95% full). If your disk were 100% full for any reason then chances are you wouldn't be able to delete files as those operations would need some temporary space...
IIRC the correct expression is "hoisted by their own petard".
<pedantry>
It would be correct if it were written today. It was "hoist with his own petard" originally.
</pedantry>
Not just for the sake of pointless grammatical pedantry though let us ponder how the original text may be unexpectedly relevant to the whole situation:
-----------------
They [politicians] bear the mandate; they must sweep my way [must serve us?]
And marshal me to knavery [their actions will lead me to mischief]. Let it work,
For ’tis the sport to have the enginer
Hoist with his own petard; and ’t shall go hard
But I will delve one yard below their mines [I'll use "unapproved" encryption they cannot break]
And blow them at the moon [and they will not succeed]. O, ’tis most sweet
When in one line two crafts directly meet [weakening everyone's encryption will not work against those who have their own agenda].
--------------
Do politicos re-read Shakespeare from time to time? It's fun...
The whole "blackmail" thing seems to me somehow related to a unionized environment with tribunals, etc. I have no union experience at all, so I can't judge how "cruel and unusual" it may seem.
In the union-free "at will" employment contracts I see (including my own) the normal stipulations include a "termination notice" followed by a "notice period" during which the employee is required to work as usual, including possibly transferring knowledge and/or training a replacement, while getting the salary and all the benefits. In addition, at the sole discretion of the employer, the employee may get everything he/she is owed for the "notice period" and be asked to never come to the office again. I don't think anyone sees this as "blackmail" or "discrimination" or "offense". In general, it is understood by everyone that an employee who has just been made redundant will have no motivation for working hard through the notice period, and this will not be good for staff who have kept their jobs, either.
I distinctly remember an earlier attempt to make the kernel comments business-appropriate, some 18-20 years ago maybe, but I can't be... eh... hugged... to look up a reference.
What the hug, I just grepped the kernel code. That earlier attempt was probably just a proposal.
@Voina i Mor: Pedantry alert - I suspect you are mixing mythologies. One ancient god associated with semen, water, and fertility is the Sumerian Enki. You don't need to be familiar with Sumerian myths if you share reading preferences with other commentards here: I am pretty certain Enki was featured in some book by Neal Stephenson. Could it be a subliminal inspiration for your post? ;-)
I can speculate how the connection with the Old Testament God may have come about. It seems that Enki had an alternative moniker of Elil, which sounds Hebrew enough. However, it's a red herring: the word El means "god", while Elil stands for "idol" (including physical artifacts), has pejorative connotations appropriate for pagan deities (no intent here to offend anyone!), and cannot possibly be used in connection to the One True Old Testament G-d whose name cannot be written in full.
Not mentioning G-d and not using any images are manifestations of the same idea that has no anatomical roots but signifies the utmost respect and adoration. So euphemisms are used throughout. The word typically represented as Yahweh is an abbreviation (think G-d - I used it intentionally here to make the connection), Adonai means "My Lord", Elohim is a generic word for G-d (and Adonai Eloheinu, used in prayers, stands for "Lord Our G-d"). These are not "three ancient gods of the Bible" but different ways to refer to the same supernatural entity.
By the way, grammatically the Elohim of the Bible can hardly have a penis - the word itself (as well as Adonai) is not masculine but plural. Grammatically, plural is sometimes used for amorphous, uncountable, omnipresent, all-permeating substances or notions. Water (maim) and life (chaim) are other examples, allowing me to close the circuit... ;-)
So is this Ted Kramer guy now in contempt of the US court that sealed the documents? I seriously doubt the fact that he had to comply with the UK laws is a valid defence. After all, he didn't have to take the docs on an overseas trip with him. If he needed to work on them he could have accessed them remotely.
Which begs the question: would the UK authorities apply the law that mandates disclosure of (VPN) credentials to him?
Tell me about it. We work with every kind of private, public, and hybrid "clouds" because our customers do. We have a rule: never schedule any demos related to Azure, not even internal ones or training, on Mondays.
It looks like MSFT roll out patches/features over weekend, and if they don't screw something up royally then you can count on them changing interfaces, controls, APIs, what not.
Hence the rule: schedule Azure demos for Wednesdays. Test on Monday, fix or work around whatever they broke over the weekend, test again on Tuesday.
@Glen 1: YAML is just a way of representing markup in a way that you don't have to worry about matching closing brackets/braces.
But you do have to worry about whitespace, right? That's progress all right.
[Aside: before anyone says editors support proper indentation so whitespace is easy - editors also highlight unmatched brackets/braces/parentheses.]
NB: this is not to knock YAML at all (see below). But relying on whitespace instead of visible grouping symbols is not a core advantage.
And now to the positive part. To this old-timer programs and data are one and the same, configuration is data and thus an integral part of the program, and just about any project will use a number of languages and tools, each used where it's best fit for the purpose. With this mindset I am perfectly willing to consider YAML and JSON and their ilk "programming languages" that are used for describing data in arguably better ways (for readability, serialization, portability, etc.) than what is available in "real" programming languages that are in turn much better suited for describing procedures and algorithms. It looks perfectly natural to me to describe data in JSON and algorithms in python. Or whatever.
YAML, JSON, python, C, bash, and F# are all tools of the trade, and if a SW engineer writes N lines of python and M>>N lines of YAML (feel free to count files rather than lines, or whatever measure you deem most appropriate) as a part of his project then he does more YAML than python, and that's perfectly fine with me.
A possibly enlightening example is Google's protobuf that is also a portable serializaton format, can easily be used for configuration, looks a bit similar to JSON (at a stretch), and is compiled into "real" data structures - classes with methods and everything else - in a multitude of programming languages that you can look at as (quite human-readable, albeit less so than the original protobuf) code in your favourite programming language. Once you look at how it works you may be more open to the idea that writing such stuff is programming.
Ever since hyper-threading was introduced it's been pointed out that it may be bad for performance for many (most?) workloads because the two hardware threads would be fighting each other for the (single) cache. The usual advice (and not from OpenBSD) was: switch it off unless you really know what you are doing and you've benchmarked your particular workload.
Now, if you want additional protection from the Spectre haunting your CPU, you will make you computer slower still.
Just switch hyper-threading off. Make all the SW patches useful only when it's on optional.
"Amazon is a billion-dollar company," [Representative Alexandria Ocasio-Cortez (D-14th district)] tweeted...
Our American friends could be more careful with whom they elect to various posts.
I understand Ms. Ocasio-Cortez is of Puerto-Rican descent, and in Puerto Rico they may use the "long scale" (10^9 = millardo or mil millones, 10^12 = billón) on occasion, but not, AFAIK, for economics or finance. However, she was born in the US, and her audience is American, and AMZN is a trillion-dollar company (well, it briefly was just a short while ago and is not far away now) on the American "short scale" (10^9 = billion, 10^12 = trillion).
So, either the newly elected Representative doesn't know how big AMZN really is or she is at risk of being confused by budget numbers. Either option would look worrisome to me if I were American.
So, not only were the comms not encrypted end-to-end, as is often claimed, but, if I understand correctly, there was no way to securely exchange encryption keys, e.g., at a personal meeting between Alice and Bob, to prevent MITM.
I have a distinct impression that the vaunted "end-to-end encryption" of WhatsApp, Telegram, etc., suffers from the same kind of flaw.
@AC: you may be able to get other laptops witout Windows pre-installed, but they are not common.
Seems common enough to me... My personal laptop is a high end Lenovo Thinkpad that came with FreeDOS. At work everybody who writes code gets Dells with Ubuntu (official option from Dell). I just got a Dell OptiPlex (desktop) that was listed as "without OS" but came with Ubuntu. I figured "without OS" meant "without OS to pay for".
This has been normal for many years now. I don't think I ever bought a computer with Windows preinstalled since about 1996, but I agree it was not common 20 years ago.
[I am weird. I wipe Ubuntu and install Red Hat or Fedora KDE spins - need to do weird tweaks in the BIOS setup to boot from DVD/USB (Dell don't make that easy), but otherwise no problem with EFI.]
@Chris King: I think along the lines of "Use common sense and don't be a dick towards other people", but these days Equality & Diversity seems to need a manual and a mandatory training course before it is taken seriously.
And you'd fail the training course for you've used the word "dick" which is both offensive and sexist. Where is your common sense?
@DCFusor: It's long been known in the speech recog biz that working for one person (or a few known ones) is a metric ton easier than "all ya'll out there".
But then, as a consumer, that's all I am interested in - recognize what one person (me) or a few (members of the household) are saying, after a bit of training. Give speech-to-text to me on a pocket-size device in flight mode (to ensure nothing I say goes to "the cloud"), and I may consider spending some pounds on the app if I find a compelling enough use case. I'd consider "no cloud" an essential requirement.
While one may argue that adding a small chip to a motherboard is feasible, that it will only need to inject some extra/modified code into the loaded kernel at boot, will need only a small amount of power at that point, will be passive/dormant the rest of the time, and the actual spying will be done by the injected code in main memory, etc., what I could not understand from the start is how the gathered information (that may be very damaging indeed) will be sent stealthily to the mothership. Even less so, how it will be done from a data centre server that isn't even supposed to ever make outbound connections to the rest of the world.
Outbound traffic is routinely monitored, and a server trying to reach a machine outside of the organization will be detected fairly quickly by a serious player such as AMZN or AAPL. AAPL say as much in their letter to Congress.
I didn't see any statements anywhere that said, e.g., that any of the affected servers were involved in serving external requests. Even if they did, it would, IMHO, take too many miracles to arrange for useful and undetectable "steganography" in the responses. Besides, a machine service external requests is not likely to have the information that would justify such a complex hack.
Supply chain malware is nothing new and has been seen in the wild and it is usually its activity - either lateral movement or "phoning home" or both - that gives the game away.
IMHO, this is the most glaring hole in the Bloomberg story.
@AC: "How on earth are they making that sort of money of the sh*t platform that linkedin has become?"
I can only assume that those "premium accounts" that HR droids use are fairly expensive, and that there are enough HR/marketing/sales/whatever users who pay for them.
Disclaimer: no LinkedIn account here, premium or regular, so I woudn't know how sh*t they are.
@JohnFen: These days neither developers nor QA have much say in the release process - it is all decided by Product Management / Sales / Other Management. Who often think in terms of "Will it install without major headaches in a PoC environment by our qualified personnel who know where not to trod? Yes? Good enough..." Subsequent headaches bypass Product/Sales, VP R&D has his anatomy covered in front of CEO/board because Product signed off on the release, and the engineers are left to deal with the fallout...
We seem to be of a reasonably similar age...
I was almost ready to be as outraged as the next commentard, but then I recalled that when I worked for a Big Blue multinational ~15 years ago there was already a company policy in place regarding this. I travelled with a company laptop with lots of sensitive material on an encrypted disk. The policy said, "If you are asked to unlock the computer on any border in the world comply without arguing or questioning - even in countries that are more than likely to be interested in our commercial secrets. Any conceivable commercial damage is preferable to the hassle of extricating an employee from a dispute with foreign authorities."
So, it looks like NZ is merely catching up, at worst, and in a mild manner, comparatively speaking. Out of curiousity, how do such laws work in jurisdictions where there is a right to withhold potentially self-incriminating information when questioned by authorities (not sure about NZ, hell, not sure about UK, either - IANAL)? Are such rights suspended on the borders?
@Aladdin Sane : After years of scientific progress, not once has the answer to any mystery been "magic".
But lots and lots of times the answers were indistinguishable from magic.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
