s/heal/heel

Second time this morning. Bad fingers, bad.

That view is no longer tenable

I've attentively followed every stray tidbit to cross my radar about the shadow sector since the publication of The Puzzle Palace, about the peripheral ghosts of which my algebra professor had direct experience.

The gold box agencies can do traffic analysis at scale. They can model metadata at scale. They can't break every damn cipher at scale—neither can they employ the rubber hose password-getter at large scale (the Soviets managed to cover about 10% of their population with blue welts over a thirty year period, but ultimately this did no favours to their economy).

The best approach to scaling crackers is to leak key bits in the purportedly pseudo-random number nonce stream. This is the hardest tampering to identify from the outside of a black box. Even when the black box is reverse engineered and one discovers that random is far from uniformly random (with no stray key-space correlates), some idiot applies Hanlon's razor: Never attribute to malice that which can be adequately explained by stupidity.

How about we agree to make a small exception for the industrial-scale tainting of purportedly random numbers, where discerning the difference between malice and stupidity achieves an elite level of algebraic epsilon? Oh, look, one digit in the source code for the random number generator has a wrong digit. Must have been a careless mistake—as if careless mistakes are a dime a dozen in the land where a poor man's nonce is a persistent agency's key-space collapsing back-channel.

The NSA does not randomly shoot holes in the protection of the American public. Worse than having no back door is having a back-door that somehow becomes shared with the wrong people. What they want is to inject a weakness that only they can exploit, even when their adversaries discover their handiwork.

Just off the top of my head, one way to achieve this is to require that exploiting the leak requires having the intercept history of the channel in hand since day one. The unfortunate flip side is that the specificity of these methods of single-party Achilles-heal exploitation becomes a smoking gun to the presence of a far-from-blind watch master. No ruse is totally perfect.

But you can always keep 90% of the population busy debating whether metadata has any value, such that any debate that makes any progress at all contains only those people who were already sophisticated cranks (recruitment/rubber-hose scale, to mention the carrot and stick). It all works out.

If scale matters, assigning a scant value to metadata can not be so much as trivially entertained by a thinking person. Pity we have so few.

s/basis rule/basic rule

That's a natural error, where my brain had the right word, and my speedy fingers went "close enough" as they often do when there's a hot, fresh, unfinished coffee on my desk they're trying to rush off and levitate.

Semantic interference often contributes. I think my brain went square dancing for a brief moment with the Peano postulates.

He huge amount of time he spent trying to get things done made much of his time at ORI 'the very worst job I have ever had'.

Have people stopped reading the last sentence of the typically summary altogether with the part of the brain that doesn't type?

On a not-so-tangential side note, it would be nice in the eagerly awaited Beta Redux to be able to click preview prior to furnishing the subject line, and actually get the preview to go along with the lecture. Just about every time this happens to me I want to paste "cat got your tongue" into the subject line until I've actually seen the damn preview I requested, at which point I'm far less than entirely motivated to go back and remove the shim.

It's like childhood. You ask a question. Someone corrects how you presented the question. The question itself never gets answered. If the question can't be properly understood, it needs to be addressed before diving off into an answer. If it's just a matter of persnicketty dress code, probably the answer needs to come first if you're raising a young scientist rather than a young bureauocrat.

However, one must make an exception to this basis rule in extreme cases of shifting the burden: when someone publishes something for thousands to read, and every damn reader has to read the final sentence three times because you've changed "The" into "He"—a hundred times worse than the natural error "he"—which is enough to turn us all into syntactic Cylons.

FFS whoever submitted that, get your mental back-light fixed.

It seems like every liberal idea is missing about 10 steps that they forgot to consider in their overly-simplified view of the earth.

Better to forget ten steps than crassly define them as unworthy of notice.

Tell that the the families of passengers on Flight MH370.

That's the best way to proceed. Ask the person who has recently suffered an extreme loss, who won't be paying for the decision with his own money. What could go wrong?

Humanity faces a five hundred million billon trillion dollar loss of income due to premature extinction of the species.

Please, also don't act like your the first person ever that this has happened to. It's been standard practice for at least the last 15 years I've been working IT in schools in the UK.

Your post is constructive right up to phrase "the last 15 years" which apparently justifies how little your network reveals to the surveilled about the actual extent of the surveillance, even to the point of having software installed that they know little to nothing about on their own equipment that could open back doors to the device when employed outside of the school network if by some extraordinary turn of events proves to be slightly less than 100% bullet proof in its coding, implementation, and deployment. Nothing ever goes wrong with WEP or SSL.

Would it damage the small little minds to know more about how this all became "bog standard" without so much as a public whimper? Probably. Does that mean your Slashdot post is filtered on your own school network? Probably.

In my world, forged SSL certificates should be clearly marked as such. There should even be a "forger identity" field and a "forger authority" field (containing the pertinent parental agreement UUID).

None of this would interfere whatsoever with your legal authority to protect your network or your success in achieving this protection. It would increase the awareness of the surveilled of what externalities they have actually taken on downstream of their agreement with you to allow you to do so.

The fact that you've been doing this for fifteen years already without any of this in place is a sad argument.

If this is the school's equipment so that the school absorbs it's own externalities of having badly-coded surveillance kits forcibly installed (I'm guessing the rock stars on that coding team were on the guaranteed forcible-installation side of the house) and the equipment is emblazoned with a giant warning "abandon privacy all ye who input here" there should still be a giant warning screen that comes up whenever a user tries to access a major financial institution (I'm told the government tracks the identities of these organizations) which warns the user "you are attempted to access a financial institution through a forged SSL root chain which is potentially a far leakier pipe than regular SSL, are you really sure you want to do this?"

So you're justified in doing what you do, but you're also so damn sneaky about doing it, that fires spring up in public opinion when the least of what goes on is exposed to public discussion.

No need to hammer the state of affairs in the daily consciousness so that these public fires don't flare up. Because fifteen years.

My bank has a security mechanism where they show a set of images unique to my account so that I can detect impostor sites that entice me to enter my credentials where they shouldn't go (the impostor site doesn't know the unique images associated with each banking account). There really should be a law against these security fingerprint images being conveyed through a forged-certificate SSL proxy no matter how legitimate the usage agreement. Once those images are scraped and laundered, one more safeguard we've be taught to trust is down the spiral tube.

If it's rational, necessary, and you're proud of it, do it out in the open as democracy conceptually demands, with plenty of loud warning signs where the externalities impose heightened risk.

Too many people suffer and die from too many diseases that we more or less understand, but can't effectively treat.

Yes, this is what classical Greek rhetoric describes as a regressive mirage: the more you learn, the worse it gets, no matter how diseases you cure along the way.

Here's the amazing thing. Understanding tends to outpace effective intervention. Any snooker player can tell you which ball on the table he'd really like to move next. It's rarely the ball he's presently shooting at. In Genomics, we're talking 30,000 balls on the snooker table, and the snooker table is gravity golf in a twenty dimensional space. Even with your trillion dollar Laplacian pool cue, you're struggling to pull off exactly the shot you want.

When I was young and we were on a long trip and the moon was hanging there on the horizon, I always wanted to go faster, so we could see the other side.

Then I got a little bit older. Perhaps a month older. And I thought to myself, "you know, there are reasons why this is probably not going to happen the way I want it to".

The person who posted this comment is apparently a paranoid psychopath and you are effectively praising him.

Apparently, paranoid psychopathic trolls are tightly knit.

But no problem. It'll be +500 in another hour, +50,000 by tomorrow afternoon, and then wrap back around to zero, at which point he loses his quarter and his game is over.

If everything appears to be working smoothly between family members,

FTFY.

Didn't you watch a single episode of The Dukes of Hazard growing up? The legitimate party is always the last to know, and by the time the penny drops they're one hell of a car ride away from interceding in the nick of time, bursting into the court room at the very moment the justice picks up the pen and says out loud to Boss Hogg and his henchmen in particular "these papers all seem to be in good order".

MediaWiki. Before I created my note-taking wiki, my ideas went off in all directions.

I'm also pretty heavy into R/C/C++/zsh/ZFS/git right now.

Directors and officers of a corporation have a fiduciary duty to the stockholders to run the company in their interest.

When you study real people in controlled settings, their actual interests turn out to be far murkier and less consistent than we like to imagine.

There's no perfect way for management to pin-point the precise interests of their collective (and fluctuating) stockholders.

Rather than becoming slaves to opinion-poll rounding errors, perhaps management is wise to buffer this obligation by living like decent human beings, following thousands of years of human precedent before we got all hot and bothered and legalled-up over brittle inducements.

For example, Boost is really sweet when you need to slam together a pile of code and have it working out of the gate with minimal fuss, but if performance is an issue, you cant use it.

Wow, that's just bizarre. I don't know where you get your misinformation, but it's an elite grade of batshit.

The whole point of Boost is that it maintains a certain amount of abstraction without boxing you into a performance corner. Were it not for those conflicting goals, the devilishness of its internal machinery could not be justified.

Template metaprogramming essentially involves expressions converting themselves to a symbolic representation that doesn't resolve itself into a concrete expression—by means of purely functional transformation at a quasi-syntactic level;—until some final result is demanded, at which point the highest performance code path can be selected based on the actual parameters (more specifically, often exploiting which parameters vary and which parameters are constant or nearly constant).

The problem with Boost is similar to what Knuth said about the problem with literate programming.

Literate programming demands a high proficiency with two different skills: formal reasoning and verbal expression. This shrinks the available pool of adherents and adopters. And worse, there's a terrible opportunity cost, because the people out there who have extremely high proficiency in both of these skills are in extremely high demand to take on central roles in large projects where they don't spend their hours bent over literate code.

The kind of environment where Boost can be best exploited for both its abstraction and its performance is going to be wonk-filled boiler-rooms at high frequency trading companies where the cash, the talent, the commitment, and the project duration mesh together. Importantly, the project specification in these environments is often in continuous, long-term evolution as your firm chases whatever edge it thinks it might have in a chaotic, rapidly-shifting market environment. The month you spend pouring over low-level optimization gets deployed for a whole week. The month you spend automated your Boost framework to achieve nearly the same performance becomes a permanent code asset (and a competitive asset whenever you find yourself needing once again to run that old play).

Boost is in that category where if you have to ask, you can't cut the mustard. The natural Boost programmers already know who they are. Few of these people toil in the public eye. That's not where this elite, double-barrel skillset tends to land.

The Wolfram language is impossible to assess based on this video. If your application depends on Wolfram "knowledge" how do you know it will continue to meet rigorous specifications the day after tomorrow?

Is there a public regression suite on the contained knowledge against which to assess whether your program is erected on firm or porous soil?

What guarantee does one have that it's cleverness or performance characteristics will stay consistent when it matters most?

I suspect the killer application for WooL is prototyping the semantic web. The semantic web has been dragging its feet. Google and Facebook don't wish to become disintermediated. They have one foot on both sides of this fence and their hands cupped over their testicles. Doesn't make for rapid progress.

The Achilles heel of search is that search returns results rather than models. Google is trying to split the difference by having search return interactions. It's an excellent paving stone on the road to a lucrative future purveying OOXML.

If ten minutes of coding within the Wolfram Language embarrasses Google search, we have a winner here of WuLing mammoth proportions.

I think the point is that 1000 words can succinctly be described by a single picture by simply including those words in the picture.

No, you're thinking of "a picture is worth ten million bits".