Half a billion dollars has been stolen. Where's the Tokyo Metropolitan Police Department? This is their job. It's embarassing that they haven't made any arrests.
Read the whole article. It's quite good.
It's not "youth" that's the problem. It's banality. "The best minds of my generation are thinking about how to make people click ads. That sucks." - Jeff Hammerbacher, Facebook. Most of the "app" companies are not "tech" companies. They're fad publishers. The technology for doing routine web apps and phone apps is pretty much standardized now.
The engineering that goes into phone hardware is just awe-inspiring. Electronic design today is brutal. You barely get to use any power, the budget for each function is tiny, the size has to be very small, you have to operate multiple radios without interference right next to each other, and there's a new product to get out every six months. Most of that engineering is not done in the US. That's a big concern. The US probably doesn't have the technology to build a cell phone any more.
It's not as bad as the first dot-com boom. This time, there's usually revenue. Income, even. Even Twitter claims to be profitable (although they're not, really. Look at the Generally Accepted Accounting Principles results, not the ones excluding "one-time expenses".)
What we've learned so far from Bitcoin:
- The distributed, eventually-consistent blockchain anchored by mining works and is quite robust against attack. Nobody has yet successfully attacked the basic Bitcoin system and stolen money. So the low level technology appears to be secure.
- Irrevocable, remote, anonymous transactions are the con man's dream. Especially when they're assocated with a whole community of suckers who think anonymous anarchy is a good idea. The scam level in the Bitcoin world is huge. Over half the exchanges have gone under, and that was before Mt. Gox. Bitcoin-oriented "stocks" and "Ponzis" have an even worse record.
- Personal computers are not secure enough to store money. "Bitcoin wallet stealers" are a major problem. Many "online wallet" services turned out to be scams. Storing Bitcoins safely while still being able to use them is quite hard.
- Volatility is far too high for Bitcoin to be a useful currency. Since last October, Bitcoin has gone from $100/BTC to $1100/BTC to $600/BTC. Daily variation often exceeds 10%. The companies that accept Bitcoin for real products have to reprice every few minutes. Bitcoin behaves like a pink sheet stock. Too many speculators, not enough real customers.
- There are scaling problems. Currently, every user has to have a complete copy of the entire transaction journal back to the first Bitcoin, and has to keep up with all the transactions as they happen. The confirmation process has a 7 transaction per second limit. Confirmations take about half an hour before they can be trusted; longer during busy periods.
- "Mining" is more centralized than expected. The original idea was that "mining" would be a spare-time activity of each user's computer. In practice, "mining" is done in large data centers with custom water-cooled ASIC chips. Two mining pools control more than half of Bitcoin's mining capacity, and they have the power to set fees and change the rules.
How do we know that the next update on linux is safe?
That's a very good question. Linus's position on the Intel random number generator not needing additional enthropy indicates he can no longer be trusted.
Yes, I can come up with a thousand free market answers. And yes, that pretty much answers your question.
Would you buy a vehicle from any company whatsoever if you knew that parts were difficult to acquire? A manufacturer can play a game with parts availability only if they don't plan to stay in business.
Maybe we should go back to renting our phones from ATT as well.
Sigh. My obvious password detector, published in 1984:
The algorithm used requires that the length of the password be within configurable length limits, and that the password not have triplet statistics similar to those associated with words in the English language. This is an inversion of a technique used to find spelling errors without a full dictionary. No word in the UNIX spelling dictionary will pass this algorithm.
Users should be advised to pick a password composed of random letters and numbers. Eight randomly chosen letters will pass the algorithm over 95% of the time. A word prefaced by a digit will not pass the algorithm, although a word with a digit in the middle usually will. Two words run together will often pass.
(The code linked is the original version in pre-ANSI C. Yes, kiddies, that's what C code once looked like.)
The article lists only one Wikipedia article, and it's for a silly game. The article isn't particularly bad, although it could be trimmed a bit. It looks more like fancruft than promotion. A better (worse) example is needed.
Microsoft bought SoftImage, as a part of the effort to displace high-end Unix workstations with PC's running NT. It was all over, but the shouting. Alias transformed Wavefront into Maya in roughly this timeframe, while MS starved out "dot release" life support on SoftImage...
I wrote Falling Bodies, the ragdoll physics plug-in for Softimage, back in 1996-1997, so I got to see this happen. Back then, Softimage was #1 in Hollywood. Microsoft bought them, and when I went up to Redmond, the Microsoft guys were talking about making Softimage mass-market software. But that never happened. It was too hard to use, and required more graphics hardware than most users had back then. (I had a $2000 Dynamic Graphics card in an NT workstation back then. Every low-end GPU today has far more power.)
So Microsoft sold Softimage to Avid. Avid made overpriced film and video editing systems, sold with semi-customer hardware and built into cool-looking furniture. Softimage had a good video editor in addition to the 3D line, and that's what Avid really wanted. They had no clue what to do with the 3D product. They did convert from Softimage to "Softimage XSI", which broke all existing plug-ins and didn't have a plug-in API that worked. That's when I dropped Softimage.
As video editing went mainstream and Avid's sales of overpriced furniture declined, Avid sold off the 3D product to Autodesk. Autodesk had sort of become the default acquirer of 3D animation products. Most of them came from small companies with tiny product lines. Maya came from the merger of Alias and Wavefront and the mess at SGI. Autodesk picked up Lightwave and some other stuff, and of course they already had lots of 3D engineering tools.
This worked out well at Autodesk. The architectural design programs were integrated with the good renderers from the animation world, and images of what new buildings were going to look like got really good. (Adding a radioisity renderer with very realistic lighting models allowed architects to get all the right light fixtures in the right places.) Autodesk's real business is tools for making real physical stuff (their internal slogan is "If God didn't design it, one of our customers did"), but there's a lot of crossover between 3D design of real-world stuff and 3D design of animated stuff.
Softimage has pretty much been a has-been product for years now. After 20 years, it's probably time to phase it out.
The main problem with Mt. Gox was not that the code was a mess. It was a lack of basic financial controls. Mt. Gox lacked a chief financial officer, a controller, inside auditors, outside auditors, a board of directors, an audit committee, and a compliance officer. Yet they were doing a billion dollars of transactions a year. It's not even clear that they have a general ledger listing all transactions. Lack of financial controls is usually considered an indicator of fraud. I've been making this point on bitcointalk for the last year. None of the "Bitcoin exchanges" have proper financial controls. None have an outside auditor and published audits. Yet they're handling far too much money to operate that way.
As for "The National Police Agency seems to lack the ability to analyze the bitcoin trading history of Mt. Gox", that seems to be correct. One would think that the Japanese National Police Agency would have a cyber-crime division, but they don't. In 2013, they were trying to beef up their capabilities in the computer area. This is embarassing for a developed country. Today, any sizable financial mess involves computers, and Tokyo is a major financial center. Untangling any business collapse requires computer forensics and forensic accountants.
The Tokyo police have a backup option - putting Mark Karpeles through one of their standard 23-day interrogation sessions. That's probably going to happen at some point.
Mt. Gox didn't have that high a transaction rate. They only did two or three money transactions a minute on average. They had a lot of traffic from people querying their site for market info, but that's all read-only traffic, and they had nginx and Amazon AWS to help with that.
Their use of PHP wasn't the real problem. From the leaked code, a big part of the problem seems to have been that the front-end system that talked to web users also handled the money. Banks have a separation between the front-end web system and the money system, with standard-format transaction items flowing between them. All those transaction items are logged, often by a third system that just does logging. This allows auditing. It's separation of function that's important, not the language. As far as anyone can tell, Mt. Gox had nobody on staff who understood this.
This all screams "inside job". If you're running a business that handles a lot of money and you lack financial controls, you're scared that someone will rip you off. Unless you're the one doing the ripping off.
This is why open source bug reporting systems need a "developer in denial" status. Here's the original bug report. If a developer tries to close a bug and the users don't agree, the bug should go into "developer in denial" status and that should count against the developer's stats. This particular bug was closed by Drew Bliss of Valve. 3 followers, 0 stars, 0 following. Should be flagged as "unsuitable for employment on security-related projects".
We're probably more than 15 years from strong AI. Having been in the field, I've been hearing "strong AI Real Soon Now" for 30 years. Robotic common sense reasoning still sucks, unstructured manipulation still sucks, and even Boston Dynamics' robots are klutzier than they should be for what's been spent on them.
On the other hand, robots and computers being able to do 50% of the remaining jobs in 15 years looks within reach. Being able to do it cost-effectively may be a problem, but useful robots are coming down to the price range of cars, at which point they easily compete with humans on price.
Once we start to have a lot of semi-dumb semi-autonomous robots in wide use, we may see "common sense" fractured into a lot of small, solveable problems. I used to say in the 1990s that a big part of life is simply moving around without falling down and not bumping into stuff, so solve that first. Robots have almost achieved that. Next, we need to solve basic unstructured manipulation. Special cases like towel-folding are still PhD-level problems. Most of the manipulation tasks in the DARPA Robotics Challenge were done by teleoperation.
On Facebook, sharing is spamming. That's how Facebook gets traffic driven to junk pages.
(Hint: if anyone sharespams commercial stuff at you, demote them from "close friend" to "friend".)
First question on the quiz: "When I share music with someone I feel a special connection with that person."
Are they thinking friendship, love, or co-defendant in a copyright infringement case?
"Software Defined Networking", as Stanford uses the term, means a centrally controlled virtual circuit switching system. Every time someone makes a "call" (a new IP/port IP/port tuple), the first packet is routed to Master Control, which decides if they get to make the call, logs the call, decides whether the call gets wiretapped or filtered, and chooses the priority given to the call. All the routers involved are then issued instructions from Master Control on how to route that call.
(Yeah, they don't use the term "call". But that's what it is, really.) Goodbye, "net neutrality". Goodbye, flat rate billing. Goodbye, distributed control. This puts everything you do on the Internet under central control and makes it billable.