Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

How Lobby Groups Rejected the Canadian Government's Plan To Combat Patent Trolls

davecb The transcript doesn’t show a lot of push-ba (51 comments)

IMHO, These are far too rational for Mr Moore to get past cabinet, as they might be seen as desirable regulation. The politics of the day is to avoid regulating (ie, policing) industry.

They're directly applicable to copyright trolling, by the way, and quite a good idea. I'll suggest that.

--dave

yesterday
top

Dubai Police To Use Google Glass For Facial Recognition

davecb Re:Enforce (122 comments)

They're not supposed to learn things like that, it will affect their close rates

--dave
My local Chief of Police has fought for years to get his people to "keep the peace" instead of "show high case-closed numbers". He's started to succeed, and the crime rates are going down, but he's been rewarded by budget cuts and being phased out for being too expansive... Bummer!

about two weeks ago
top

Dubai Police To Use Google Glass For Facial Recognition

davecb Re:Enforce (122 comments)

The number of cmparisons for sample size N is (N * N-1). You've just tied up all the computers in the universe doing realtime FR of the general population (;-))

about two weeks ago
top

Dubai Police To Use Google Glass For Facial Recognition

davecb Re:Enforce (122 comments)

You need as many 9's after the decimal point as you have digits in (N * N-1). As N is unbounded and accuracy is bounded, you get screwed. It's fine for a 10-person company (90 comparisons, negligable false positives) It's out of the question for airports (10,000 * 9,999 comparisons)

As the ARPAnauts would say "it doesn't scale"

about two weeks ago
top

Dubai Police To Use Google Glass For Facial Recognition

davecb Re:Enforce (122 comments)

Detention without trial, on suspicion of looking like Dr. Evil (;-))

about two weeks ago
top

Dubai Police To Use Google Glass For Facial Recognition

davecb Re:Enforce (122 comments)

No, that other commentator been mislead by a company that sells facial recognition. Google knows the math, and prohibits that particular stupidity by contract.

about two weeks ago
top

Dubai Police To Use Google Glass For Facial Recognition

davecb Re:Enforce (122 comments)

It's TERRIBLE public policy for people to be pulled aside for mere physical resemblance to a third person. A person the cop's never seen, and only has a photo of, but they've been told by a computer that this is the person in the photograph.

And computers are never wrong

about two weeks ago
top

Dubai Police To Use Google Glass For Facial Recognition

davecb Re:False Positives (122 comments)

Even worse, they have a combinatorial explosion problem (mentioned in the "Enforce" thread above).

about two weeks ago
top

Dubai Police To Use Google Glass For Facial Recognition

davecb Re:Enforce (122 comments)

better technology doesn't help enough!

To oversimplify, if you have 1 error in a thousand, and you have 10,000 (crooks + innocent people), you do (10,000 * 9,999) comparisons and get 99,990,000 / 1,000 = 9,990 errors. In stats, it's a selection of every two persons out of 10,000.

It's really something like (select one of 100 crooks from 10,000 innocents), but it's still an insanely huge number of comparisons. Hoeever good your technology, adding more people will give you (N * N-1) more chances of getting an error.

Facial recognition vendors are very careful to NOT report their error rates in ways that expose this problem: it's the "elephant in the room" for that industry. And that includes Siemens, my former employer.

about two weeks ago
top

Dubai Police To Use Google Glass For Facial Recognition

davecb Re:Enforce (122 comments)

The German Federal security service tried this years ago in airports, and got a combinatorial explosion in false positives (AKA the "birthday paradox") that drowned out the real positives. Google knows the math, and is trying to save the inumerate from an expensive failure (;-))

about two weeks ago
top

Fortune.com: Blame Tech Diversity On Culture, Not Pipeline

davecb Re:Not biologically suited? How does that work? (342 comments)

When I was starting out, we had tons of women in what was a low-status industry, where programming was described as "teaching mechanical children". I think there's a broader discussion in Kraft's "Programmers and Managers" (Springer-Verlag).

about two weeks ago
top

Could Maroney Be Prosecuted For Her Own Hacked Pictures?

davecb Re:Rick Falkvinge on the subject... (274 comments)

And they are a moral hazard directed at police chiefs: they tempt the cheifs to push for convictions, which are measurable, instead of prevention, which isn't.

about three weeks ago
top

Could Maroney Be Prosecuted For Her Own Hacked Pictures?

davecb Rick Falkvinge on the subject... (274 comments)

ABSTRACT
This article argues that our current laws on the topic are counterproductive, because they protect child molesters instead of bringing them to justice, they criminalize a generation of normally-behaving teenagers which diverts valuable police resources from the criminals we should be going after, and they lead to censorship and electronic book burning as well as unacceptable collateral damage to innocent families. Child abuse as such is not condoned by anybody, and this article argues that current laws are counterproductive in preventing and prosecuting it.

In http://falkvinge.net/2012/09/0... The abstract is there because the title of the article will enrage the folks doing the prosecution...

about three weeks ago
top

Torvalds: No Opinion On Systemd

davecb "Do one thing well" and pipes aren't the same (385 comments)

"Do one thing well" is how Unix kernel functions are written, and it's just plain a good idea. Systemd probably follows the first principle internally, many programs do.

Creating production systems[1] out of single-purpose commands connected by pipelines is a different principle, and only works if you keep them pretty simple. It's not a prionciple, but it is how a lot of Unix scripts are written, NOT including the shell that glues the parts together, and not including all the more complex programs, like ed or mail. Systemd doesn't follow the second, because it's more like ed than a text transformation like spell.

A more useful question is whether systemd as a whole does one thing, and does it well. About that, one might usefully discuss whether the Unix principle applies.

--dave
[Pipelines were patterned after a subset of "production systems" in early AI, which applied transforms to "produce" new things. They're not the kind of production systems you put on a raised floor]

about a month ago
top

FBI Completes New Face Recognition System

davecb Re:It doesn't scale (129 comments)

You can have 99.999 accuracy, and if the number of comparisons is (N choose 2), then the probability is (N chose 2) * 0.00001, which will be (really huge number * 0.00001) which is (merely huge number).

I don't care how good or bad the implementation is, it has to have more 9's to the right of the decimal than I have zeroes to the left in the number of people, N. That's a known hard problem in computer science (;-))

--dave
[And yes, Siemens was getting crappy even then, but that isn't the problem that the FBI has to solve]

about a month ago
top

Logitech Aims To Control the Smart Home

davecb Re:Good luck (115 comments)

Fortunately my android already has apps for all the things I own which have "smarts". I plan to keep it that way by buying small apps from small developers.

about a month ago
top

FBI Completes New Face Recognition System

davecb It doesn't scale (129 comments)

We do this in Canada too, and it works where the number of people you're trying to recognize is small. The "birthday paradox"* says that if you're comparing 23 people, you have a 50% chance of a match. You have to multiply this by the error rate (usually much less than 2%) of a facial match program to get the false-positive rate, but it's still huge.

The German federal security service tried out Siemen's facial matcher years ago, found it had a low error rate... and was completely useless!

When you had hundreds of criminals to look for in thousands of airport passengers a day, it was directing insane numbers of people to the "capture the terrorist" queue (;-))

--dave
[*https://en.wikipedia.org/wiki/Birthday_problem]

about a month ago
top

Is It Time To Split Linux Distros In Two?

davecb Re:Headline that asks a question (282 comments)

A tale told by an idiot, full of sound and fury, signifying nothing.

about a month and a half ago
top

Ask Slashdot: What To Do About Repeated Internet Overbilling?

davecb Re:Force of Law (355 comments)

Engage a lawyer familiar with class actions *before* speaking to the police. You're an individual engaging in trial by battle with a huge company, and you need someone with the same degree of hitting power on your side before you start. They can advise on what's most effective in your jurisdiction. In Canada, the fraud squad is effective against enemies of moderate size. I don't see case law from them going after companies the size of a small country (;-))

about 2 months ago

Submissions

top

Poul-Henning Kamp asks "Please Put OpenSSL Out of Its Misery"

davecb davecb writes  |  about 6 months ago

davecb (6526) writes "At ACM Queue, he asks we not buy into the 299-odd remaining bugs after taking out Heartbleed Instead 'we need a well-designed API, as simple as possible to make it hard for people to use it incorrectly. And we need multiple independent quality implementations of that API, so that if one turns out to be crap, people can switch to a better one in a matter of hours.'"
Link to Original Source
top

Civil Liberties Association files class action for all Canadians, against spies

davecb davecb writes  |  about 6 months ago

davecb (6526) writes "The British Columbia CLA filed a class action on behalf of all Canadians, against our security services' collecting of metadata, because it allows for a profile to be created of the individuals involved. It's a tough class for a court to certify, but to qualify, the BCCLA needed a class that they knew contained people who were spied upon."
Link to Original Source
top

Android is almost impenetrable to malware: Google

davecb davecb writes  |  about 8 months ago

davecb (6526) writes "Google’s Android Security chief Adrian Ludwig reported data showing that less than an estimated 0.001% of app installations on Android are able to evade the system’s multi-layered defenses and cause harm to users, seemingly contradicting F-Secure's Android Accounted For 97% of All Mobile Malware In 2013. As you might expect, they're not talking about the same thing."
Link to Original Source
top

The UK's porn filter is blocking the latest League of Legends update

davecb davecb writes  |  about 9 months ago

davecb (6526) writes "Courtesy of Gamasutra, we see the UK's so-called "porn" filter is blocking game updates. As well, of course, as filtering such unimportant things as political and sexual-health sites"
Link to Original Source
top

Canada (quietly) offering sanctuary to data from the U.S.

davecb davecb writes  |  about 9 months ago

davecb (6526) writes "The Toronto Star's lead article today is Canada courting U.S. web giants in wake of NSA spy scandal, an effort to convince them their customer data is safer here. This follows related moves like cisco moving R&D to Toronto. Industry Canada will neither confirm nor deny that European and U.S. companies are negotiating to move confidential data away from the U.S. This critically depends on recent blocking legislation to get around cases like U.S. v. Bank of Nova Scotia, where U.S. courts "extradited" Canadian bank records to the U.S. Contrary to Canadian law, you understand ..."
Link to Original Source
top

Canada courts, patent office warns against trying to patent mathematics

davecb davecb writes  |  about a year and a half ago

davecb (6526) writes "The Canadian Intellectial Property Office (CIPO) warns patent examiners that ..."for example, what appears on its face to be a claim for an “art” or a “process” may, on a proper construction, be a claim for a mathematical formula and therefore not patentable subject matter.” (Courtesy of Paula Bremner at Slaw)"
Link to Original Source
top

Copyright trolls sue bloggers, defence lawyers

davecb davecb writes  |  about a year and a half ago

davecb writes "Prenda Law has commenced three defamation, libel and conspiracy suits against the same people: defence lawyers, defendants and all the blogger and commentators at "Die Troll Die" and "Fight Copyright Trolls". The suits, in different state courts, each attempt to identify anyone who has criticized Prenda, fine them $200,000 each for stating their opinions, and prohibit them from ever criticizing Prenda again."
Link to Original Source
top

Swedish Pirate Party Presses Charges Against Banks For WikiLeaks Blockade

davecb davecb writes  |  about 2 years ago

davecb writes "Rick Falkvinge reports today that the Swedish Pirate Party has laid charges against at least Visa, MasterCard, and PayPal before the Finansinspektionen , for refusing to pass on money owed to Wikileaks. The overseer of bank licenses notes (in translation) that "The law states, that if there aren’t legal grounds to deny a payment service, then it must be processed.”"
Link to Original Source
top

World Conference on International Telecommunications every bi tas bad as feared

davecb davecb writes  |  about 2 years ago

davecb writes "Internet Society President, Lynn St. Amour, writes

At the conclusion of today's plenary, the Internet Society is concerned about the direction that the ITRs are taking with regards to the Internet. The Internet Society came to this meeting in the hopes that revisions to the treaty would focus on competition, liberalization, free flow of information, and independent regulation — things that have clearly worked in the field of telecommunications. Instead, these concepts seem to have been largely struck from the treaty text. Additionally, and contrary to assurances that this treaty is not about the Internet, the conference appears to have adopted, by majority, a resolution on the Internet. Amendments were apparently made to the text but were not published prior to agreement. This is clearly a disappointing development and we hope that tomorrow brings an opportunity for reconsideration of this approach.

[ISOC is the quasi-parental body of the IETF, the Internet Engineering Task Force]"
top

Canadian Government introduces a new, different "unlawfull access" law

davecb davecb writes  |  more than 2 years ago

davecb writes "The Canadian Government may be shying away from the "lawful access" bill, but the same changes showed up in the new privacy act amendments. Someone with proper authority other than a warrant can ask and receive your confidential information from your ISP. The bill contains a lot more, and rather looks like a systematic attempt to lower privacy standards in the name of privacy, as described in the article Bill C-12: Safeguarding Canadians' Personal Information Act – Eroding Privacy in the Name of Privacy, at the Slaw legal blog."
Link to Original Source

Journals

top

Why branch prediction doesn't help

davecb davecb writes  |  more than 5 years ago

In the discussion about IBM putatively buying Sun, we were having a side-discussion about prefetches and branch prediction.

I had forgotten why my branch prediction performance experiments had failed ("confirmed the null hypothesis") and had to go back to my notes.

It turns out that mature production software tends to be full of small blocks of error-handling and debug/logging code, which is not often used. A Smarter Colleague[TM] and I set out to test the newly-available branch prediction logic, expecting to see a significant improvement. I manually set the branch prediction bits in a large production application, only to find no detectable improvement.

The test application was Samba, so we changed the driver script to only read a few files from a ram disk, to eliminate disk I/O overheads. Still no detectable advantage from predicting the branches correctly!

Then we tried just a single few functions, under a test framework that did no I/O at all. Still nothing.

Eventually we tracjked it down to the debug/log/else logic: the branches areound it were always taken, but the branch-arounds were long enough that the next instructions were in a different icache line, and the cache-line had to be fetched.

It turned out that we had reproduced in code what our HPC colleagues see in data: the cache doesn't help if you're constantly leaping to a different cache line!

--dave

top

Capacity planning in six paragraphs

davecb davecb writes  |  more than 5 years ago

An acquaintance asked about what to measure, and what tools to use, expecting to hear about vmstar, sar or the like.

However, the really interesting measurements are of the application's performance: response time and transactions per second.

Imagine you have a web site which responds in 1/10 second on average, is known to be running on a single cpu (queuing center, to be precise) and is averaging 6 transactions per second (TPS)

From that you know that the maximum performance will be 10 TPS, because ten 1/10ths fit into one second. You also know you're at 60% of the maximum, a nice safe number.

Now correlate this with your average CPU usage, network bandwidth and IO bandwidth, and you have a little estimator for what resources are needed to maintain good performance.

You also know that things will start getting bad at >8 TPS, so if you expect more business in future, you need to add more queuing centers (CPUs) with the appropriate amounts of network and disk I/O bandwidth.

You can also now use both the resource usage figures and tools that all the other folks have suggested, and watch out for growth in each of them. If the trend in their use looks like it will soon get above the number that corresponds to 8 TPS, above, then and only then do you need to start buying resources.

--dave c-b

top

davecb davecb writes  |  more than 9 years ago This is a commonly reinvented wheel, and the version Stefan (metze) Metzmacher suggested in samba-technical is the round one (;-))

A maximally useful log message contains a number of fixed items, usually in a fixed-format header of some sort, and text for the human reader to use to understand the implications of the problem.

From memory, the fixed information includes enough to allow for mechanical sorting by nastiness and occasionally mechanical processing:

- date/time
- origin, meaning machine- or domain-name
- source, in some detail,, including the executable name and process id as a minimum, if applicable, and optionally the file, function and line, it is good to make this one token, for ease of parsing and resilience when one line has "sendmail:parse.c:parse_it:332:1948" and another has only "mconnect:1293"
- pre-classification, meaning the application type, error type and severity. DFAs can switch on this, and should.

The old ARPA format was error type source and severity as three decimal digits, which you still see when smtp says "250 ok". The 2 was permanent success, the 5 meant "the app", in this case smtp, and 0 was the severity. I prefer ascii, not numbers (;-))
- then the text for the human, saying the meaning of the error, the same way you're supposed to write the **meaning** of code in comments, not just say what the code does.

Syslog does about half of this, metze's did most of it.

top

ARPA result codes

davecb davecb writes  |  more than 9 years ago Alas, many folks don't know the old ARPAnet tricks and have to reinvent them. Often inelegantly.

One very handy pair was the ARPA command and return-code standard.

A command was four letters or less at the beginning of a line (record, packet), often monocase, so it could be treated as a 4-byte integer and switched on.

For example, smtp starts ups with
helo localhost
250 froggy Hello localhost [127.0.0.1], pleased to meet you

The "HELO" is the command, and the next line the response.

the first character is an ascii digit, where
1 means "informational message", and is rare
2 means permanent success
3 means partial success, as in a series of steps.
4 means temporary failure, such as "no space", and
5 means permanent failure

The second digit is 5 for "this app" and 9 for "the OS"

The third digit is the severity, so
599 I must close down, my CPU is on fire
is a very sever and permanent error (:-))

The fourth character is an ascii blank if the reply is complete on this line, a "-" if it continues to additional lines. For example, smtp has a help command:
help
214-2.0.0 This is sendmail version 8.12.8+Sun
214-2.0.0 Topics:
214-2.0.0 HELO EHLO MAIL RCPT DATA
214-2.0.0 RSET NOOP QUIT HELP VRFY
214-2.0.0 EXPN VERB ETRN DSN
214-2.0.0 For more info use "HELP ".
214-2.0.0 To report bugs in the implementation contact Sun Microsystems
214-2.0.0 Technical Support.
214-2.0.0 For local information send email to Postmaster at your site.
214 2.0.0 End of HELP info

The three digits and the "-" for continuation allows one to write as simple or as complex a DFA as you like, by doing trivial masking on fixed-length strings.

Slashdot Login

Need an Account?

Forgot your password?