Forgot your password?
typodupeerror

+ - Apple Yet to Push Patch for "Shellshock" Bug

Submitted by Anonymous Coward
An anonymous reader writes "Open source operating systems vulnerable to the Shellshock bug have already pushed two patches to fix the vulnerability, but Apple has yet to issue one for Mac OS X. Ars Technica speculates that licensing issues may be giving Apple pause: "[T]he current [bash] version is released under the GNU Public License version 3 (GPLv3). Apple has avoided bundling GPLv3-licensed software because of its stricter license terms....Apple executives may feel they have to have their own developers make modifications to the bash code.""

Comment: Re:I'll bite... (Score 1) 5

by sdeath (#48007395) Attached to: Free Software Foundation issues response to inquiry about Shellshock bug

OK, well, why the hell do they owe you an explanation of what they spend it on? I think the code they produce pretty much speaks for itself, don't you?

Dealing with infringements is expensive, too. They sued Cisco, as I recall. Others, too. Lawyers cost money.

I'm not particularly sanguine about the idea of importing the anal-retentive beancounter caste into libre project management, frankly.

+ - Free Software Foundation issues response to inquiry about Shellshock bug-> 5

Submitted by mctaylor
mctaylor (3856347) writes "The Free Software Foundation issued a rambling and evasive response to inquiries into the Shellshock bug reported here previously. In response to inquiries, the Free Software Foundation reasserts the superiority of free software over proprietary solutions, but notes:

Free software cannot guarantee your security, and in certain situations may appear less secure on specific vectors than some proprietary programs

, and concludes by stating:

the solution is to put energy and resources into auditing and improving free programs.

. But shouldn't the GNU project have been doing that already? If it is not, or can not, then perhaps we should be asking ourselves where our donations have been going. What are your thoughts? Is the FSF really spending our donations wisely?"
Link to Original Source

+ - New Patch for "Shellshock" Bug Issued Thursday

Submitted by Anonymous Coward
An anonymous reader writes "A new patch was released Thursday for the "Shellshock" bug in the GNU Bourne Again Shell (bash). The initial patch, issued on Wednesday by the GNU bash code maintainer Chet Ramey, was found to be incomplete by Tavis Ormandy, an information security engineer at Google. Ramey wrote a new patch Wednesday night and tested and packaged it Thursday. Various Linux distributions pushed out the patch very late Thursday night."

+ - Government employees and politicians gets special status from TSA->

Submitted by schwit1
schwit1 (797399) writes "Government employees and politicians get preferential treatment from the Transportation Security Administration simply for being government employees and politicians.

Meanwhile, everyone else is stuck in an “aviation security caste system” based on dozens of watchlists compiled by the TSA, FBI and other law enforcement agencies, along with a secret formula the TSA believes can sort passengers based on hypothetical analyses and conjecture.

That’s the conclusion drawn by Hugh Handeyside, a staff attorney for the ACLU, who reviewed a recent audit of the TSA, every traveler’s favorite government pseudo-police force.

The TSA doesn’t really have a handle on how many people end up boarding airplanes despite being on the so-called “no fly list.” The TSA uses literally dozens of different lists provided by federal law enforcement agencies to determine which travelers should be singled out for extra screening or should not be allowed to fly, no matter how much screening they receive.

But the keen legal minds at the ACLU caught another serious problem — keeping all those separate lists — and “blacklisting” some people while “whitelisting” others — is probably unconstitutional and is “stretching the concept of watchlisting to the breaking point.”

“Not only has the Transportation Security Administration expanded its use of blacklists for security screening to identify passengers who may be “unknown threats,” but it also has compiled vast whitelists of individuals — including members of Congress, federal judges, and millions of Department of Defense personnel — who are automatically eligible for expedited screening at airports,” Handeyside wrote. “These changes have made a broken watchlisting system even more arbitrary, unfair, and discriminatory.”"

Link to Original Source

Comment: Re:Scientific testing? (Score 1) 90

"Tracking the RNG" would help you win the game, but it doesn't tell you anything about how to play the game.

That would be my point.

This AI learns to play the game, it then wins the game using experience it gains in the same way a human does - feedback from the game score.

That is one possible interpretation, which is not supported by the statements so far. That is not to say that it is not the case, only that it is not currently supported by what I have seen so far; something along the lines of "We tested this against games with multiple RNGs with no perceptible change in AI performance" would support that interpretation. There are other interpretations. People are *assuming* that "wins" = "plays the game" - and the company that did it isn't relieving anybody of that perception (understandably). That's the point. Exploration of other explanations for success are warranted.

Consider that, for games which possess a weak RNG (i.e. predictable starting conditions and knowable changes in game play, i.e. most old console games), it is in theory possible to play *blind* - in other words, not actually paying attention to what's going on on the screen, but simply hitting buttons at precise enough intervals. If 'score' is taken as a proxy for 'how far you can get in the game' (ceteris paribus, someone with a higher score made it longer), then most known machine-learning methods will converge on that/those sequence(s) without any understanding of 'the game' per se. It may even be possible to do that for short gameplay sequences based on pattern matches to known game conditions. While that does get off into the semantic weeds of what 'playing the game' is, it is difficult to differentiate between an AI which has 'learned' to play the game in the sense that it understands abstract rules, interprets game state, and makes decisions about what to do based on that observed state, and a neural network which has converged on the correct list of keystrokes to pwn the computer given certain observed starting conditions. One of them is impressive; the other one isn't, quite so much.

Comment: Scientific testing? (Score 1) 90

I find myself wondering about the following question:

How did they differentiate "learning to play the game" from "learning how to track the game's RNG"?

Most video games have ridiculously simplistic PRNG generators embedded in them. An AI might get "sidetracked" and learn how to play the underlying RNG output of the game, rather than the game itself. That would yield really good results for most arcade games of this type, I imagine (weak RNG, limited input and timing options, etc.) I don't know if they checked for that possibility.

Easy way to check, though: Reach into the game and substitute a better RNG (cryptographically-strong/hardware/quantum) RNG for the one in the game. That would enable you to quickly determine the difference. If the AI's game performance suddenly goes to shit, it wasn't a real game-playing AI. If it doesn't, well, all hail Skynet, I guess.

Comment: "Hey, check this out!" (Score 5, Funny) 138

by sdeath (#43018481) Attached to: Terminator Sparrows?

"... We wrapped a robot in a dead sparrow and decided to see if we could fool the other sparrows into interacting with our creepy, ghoulish automaton! It's *science*!"

And of course, it was COMPLETELY UNEXPECTED that the grisly abomination stapled to a tree branch triggered aggressive reactions from the other sparrows. Because every living thing JUST LOVES to be confronted with a soulless golem wrapped in the dead flesh of another of its kind. And that never causes pants-shitting terror or anything.

I can see it now:

Sparrow 1: "OH MY GOD! IS THAT... *THING* ... WEARING FRANK'S FACE? IS IT?! FRANK??!?!"
Sparrow 2: "It's not him anymore. IT'S! ...NOT! ...HIM! IT'S A MACHINE! Help me destroy it! Be his egg-layer one last time!"
Sparrow 1: "*snf* OK... OK... oh God, Frank... God help me..."

Yup. Science.

Is there, like, a review board or anything? Maybe that could screen some horror flicks before writing checks for this kind of bullshit? "New rule: If your study is substantially similar to the plot of any one of this library of 100 horror movies, or if it has a plausible chance of producing similar outcomes, we're not going to fund it."

Comment: Re:Free trade not free property (Score 1) 441

by sdeath (#30816188) Attached to: US Blocking Costa Rican Sugar Trade To Force IP Laws

"This would be most dramatic if the intellectual property was produced in one nation under its laws then used without license by another nation to effectively eliminate the benefits of the intellectual property protects."

And what a tragedy *that* would be, huh?

"THINK OF THE CHILDREN!!!!!!"

Comment: Re:I for one... (Score 2, Interesting) 178

by sdeath (#29639233) Attached to: Learning About Real-World Economies Through Game Economies

Yeah, uh, you kind of miss the point here. Rothbard, "Fractional-Reserve Banking" and "Anatomy of the Bank Run", game over, you lose.

The problem with FRB: it constitutes fraud. While I maintain that this statement is prima-facie obvious, I have the feeling that it will escape some portion of the crowd, so we'll try a thought-experiment.

"Fractional reserve" banking says that for every, say, $1000 of demand deposits (ex. checking accounts), the bank need only keep some fraction available at any time, on the theory that not all $1000 will be demanded at once. Yes, that's sort-of true - statistically, most of the time, most people will be content to leave it in the bank, and only call it out as-needed. Most of these calls for money will, in turn, be deposited in another bank, thereby adding an extra level of "protection": inter-bank transfers can be "batched" and resolved on different time scales than the demand-deposit processing (e.g. accounts squared at end-of-day, end-of-week, whatever).

However, what the bank is saying when you deposit money in a demand-deposit account - "your money is available for withdrawal at any time of your choosing" - is, literally, not true. *Your* money has disappeared into someone else's pocket, in that it has been loaned out to some other party as soon as it hits the bank. This is not a "theoretical" untruth - it is a real untruth, in that at all times, the bank is illiquid, i.e. does not possess sufficient capital to redeem all its demand-deposit accounts on actual demand. This is what is referred to in any other instance as "constructive fraud". It is useful to compare this to the eponymous Ponzi scheme, where the fraud consists of there being no actual capital or investment to satisfy the promised payout schedule to current investors, requiring that new investors be found to service existing obligations.

This is not the worst feature of fractional-reserve banking, though. FRB is the gateway for the money multiplier and hence inflation; a bank with a reserve requirement of 5% (larger than the current reserve requirements, note; I believe they're hovering at less than 1%) can, with a deposit of $1000, immediately turn around and loan out $950 of that money. This functionally doubles the amount of money in the economy ($1000 of "fantasy" money, and $950 of "actual" money floating around). That $950 typically gets deposited in *another* fractional-reserve bank, almost invariably with the same reserve ratio (set by the central bank, and reinforced by consumer preferences; ceteris paribus, a higher reserve ratio implies lower interest rates on deposits, providing customers incentive to move their deposits to another bank), at which point the cycle starts again ($950 in "fantasy" money, of which $47.50 is kept on-hand, and the remaining $902.50 lent out). This multiplies that original $1000 of "real" money to something like $20,000 in terms of its real economic effect. SUPRISE INFLATIONSECKS LOL. Then, when you start printing up more money (cue the Fed) and tweaking reserve ratios (cue the Fed again), you wind up with - wait for it - more inflation. Inflation has well-known and universally-observed destructive effects, penalizing saving and encouraging increasing amounts of debt, since debt is paid off with future money that is worth less than the original loan. How's that working out for us so far?

(Side note: it is instructive to note the identity between fiat currency and counterfeit, with the only difference being the identity of the printer of money.)

Austrian economic theory consists of the "duh no-shit" observation that this has an effect on the economy - inflation makes money cheaper to obtain (hey, they print it for nothing!), thereby making marginal enterprises "profitable" under inflationary conditions. This produces the "boom". When those conditions cease - there is an lower bound on the worthlessness of fiat currency, beyond which it is not used except as kindling - all of those bad ideas *come home to roost*, with the accompanying cascade of economic destruction (bankruptcies, business failures, &c.) This is the "bust". The Austrian position is that a commodity that is relatively scarce and immune to counterfeit is a desired currency and is in fact *chosen* as currency when people are permitted to do so without interference. Gold fits this bill nicely. Silver does okay too. PGMs, likewise. When this system is manipulated, as it has been repeatedly in the past, the result is the boom-bust business cycle that people love so very much. The idea that it might perhaps be better to avoid the "scientific" management of human affairs - which efforts make liberal use of deceit and coercion, and which in the long run tend to produce a polity of slaves, or pyramids of human skulls, or both - is not in vogue, and has not been for some time.

Resist the temptation to believe in wise wizards who have your best interests at heart and who have things "under control". They don't.

Programmers do it bit by bit.

Working...