top Judge (Tech) Advice By Results
Economists and doctors have been using the WABR concept for many years now. They call it judging results by "intention to treat". So if 100 people are offered a training program or medicine, and only 90 complete the course of "treatment", the base for the percentage successes is 100, not 90. This is a pretty important idea when judging any experimental treatment on humans who can decline after enrolling. It wasn't so much a problem when the treatment was fertilizer on a field.
top Shutdown Illustrates How Fast US Gov't Can Update Its Websites
There is a great misunderstanding in all these comments. The question isn't "How long does it take to change 3 lines of code", of course that only takes a few minutes. The question is: "How long does permission to change 3 lines of code take to wend its way through the agency from the Secretary to the contractor?" That typically takes weeks or months, but in this case was done quickly because no one between the Secretary and the coder thought to interfere. That is very unusual. Another question (not answered) is how long does it take for a request from the coder to the Secretary? Typically that would be "forever", which is why most things never get done. It would help if someone below the secretary were authorized to make a decision, but typically that isn't the case.
top Somebody Stole 7 Milliseconds From the Federal Reserve
It would seem foolish to trade within milliseconds of 2pm without knowledge of the Fed decision, since the other party could be in DC and in legitimate possession of the information. So it is surprising that the criminal got a counterparty to accept the trade. This trick will probably only work once. There was a time when this sort of information was released after the close of markets.
top When Your Data Absolutely, Positively has to be Destroyed (Video)
No, the claim that intelligence agencies can read overwritten data is not true. See
http://www.nber.org/sys-admin/overwritten-data-gutmann.html about a year and a half ago
top NSF Audit Finds Numerous Cases of Alleged Plagiarism
It isn't really a scandal until the cases of plagiarism are confirmed. I once tested some plagiarism software on published academic economics, and it produced many false positives, many of which required some knowledge to interpret. Notice that a grant application may seem to be a somewhat "safer" place to plagiarize, since only a few people will see the application. However, those few might well include the borrowed from author - the granting agency will be sending the proposal for review to many researchers who have written on the topic before..
about a year and a half ago
top 'This Is Your Second and Final Notice' Robocallers Revealed
I don't know if it is still true, but in years past the Florida AG had a reputation for ignoring scams where the victim was out of state.
top Cloud-Powered Facial Recognition Is Terrifying
They say the false accept rate is
.001, or one in a thousand. That is, they can extract about 10 bits of information from a picture. From those 10 bits they claim to get the SSN? Or, they have the picture of a person, and need to identify them in a sample of a million people, they will get back 1000 possible matches.
The complaints about privacy seem greatly overblown. In essence they are saying that if you post a picture with your name, and then another picture without your name, someone with a million dollars of software might recognize the similarities. Of course they might without the computer too. This is just another in the long line of "security" scares which presume that items of public knowledge such as your appearance, name, DOB and SSN can be turned into a secret passwords after 40 years of being public knowledge. The security experts should be spending their time convincing banks not to pretend an SSN is a secret, rather than enabling them by agitating for legislation to make it so.
top Court Case To Test GNU GPL
According to the article, the defendent is not distributing code containing GPL code. Rather, they are distributing a program that reads from a DSL router and modifies the (perfectly legal) GPL code on the router, reinstalling the modified code. The defendent doesn't think this is a violation, since he does not distribute any GPL code to users, only the binary "diffs". The modified code is never "distributed", only installed on the individuals own router. Since the GPL limits distribution, but doesn't affect "internal" use, there is an argument that the GPL is not violated. However, there is a further section in the GPL that takes up just this point, which is quite orthogonal to any of the arguments posted here. Even if this section of the GPL was not enforced in Germany, it wouldn't be the end of the GPL, as this is an extremely inconvinient way to distribute software, and the liklihood that the "diffs" didn't include GPL code is very small.
top If You Think You Can Ignore IPv6, Think Again
IPv6 will be very slow in coming, and there will be no crisis. As ISPs run our of v4 address space, they will offer natted rfc1918 space by default, and charge a few dollars extra for public addresses. Only a few people prefer a public address if charged $5/month for it, and they won't miss anything either. While lots of public servers will be offered in both v4 and v6 space, nothing interesting will require v6. v6 will grow slowly based on its use in purely internal networks. The things lusers need will always be available in v4 and there aren't enough clued users to create a real shortage.
top DC Internet Voting Trial Attacked 2 Different Ways
Maybe sweeps are in November because that is when the elections are? Anyway the problem with electronic voting is not only that it is hard to do right, but also that it is impossible to show the average voter that it has been done right. With paper ballots and each party having a representative at the polling place and at the counting, voters are willing to believe the count is accurate. The offer to examine the source code is less convincing. Saying that the source code has been examined by someone paid for by the company that wrote the code is nothing at all.
top OLPC Gets $5.6M Grant To Develop Tablet With Marvell
The good news is that the Marvel chip won't support Windows.
The bad news is that the child with an OLPC while she may learn to do art on her computer, won't learn to do anything helpful in any labor market on earth. With a tablet, she won't even learn to touch type. I know that the project wants to prepare her for more self-actualizing career, such as poet, designer, president or CIO, very few will have that opportunity if they can't get an entry level job in the urban sector.
top Google Acquires ITA Software, Regulators May Balk
You can use the ITA engine at
http://matrix.itasoftware.com/cvg/dispatch and it is really quite good compared to most airline/agency websites. However, it won't actually sell you a ticket.
top AT&T Leaks Emails Addresses of 114,000 iPad Users
I have been amazed over the last few years that both the general public and security professionals think that email addresses and social security numbers can be made confidential, like passwords. Surely that is impossible to achieve. If spam is to be stopped, it will certainly be another way. If identity theft is to be stopped, it is certain to be another way.
top Diskless Booting For the Modern Age
I am not sure where the idea that PXE boot files are limited to 32KB comes from, but we are booting FreeBSD 8.0 with a 240KB boot file with PXE and tftp and have not had to do anything special. We also boot Linux (Fedora 11) with a 4MB initrd over tftp and that has not posed any difficulties either. Our FreeBSD experience is documented at
http://www.nber.org/sys-admin/FreeBSD-diskless.html - it works quite well for us. I looked at gPXE and it doesn't really solve any problems we have had. Actually, we have had only one problem - sometimes the OS boot code doesn't support the motherboard ethernet, and we have to add a different ethernet card for post-boot LAN access.
top Please Do Not Change Your Password
Yes, in fact there is no evidence that any password has ever been brute-forced, except in a demonstration. (Dictionary attack is not brute-force).
top Oracle/Sun Enforces Pay-For-Security-Updates Plan
Interestingly, we had support contracts for several SPARC machines until recently, but when the time
for renewal came around SUN didn't send any notice, and we let it go. I think of this as "passive/aggressive" behavior on their part and seems typical of our experience with the administrative side of SUN, although past adventures (such as wrong addresses on shipments) have been worse. .
top Google Patents Country-Specific Content Blocking
The patent makes no sense, because it includes no description of a mechanism for achieving the stated objective. You should be able to get a patent on a particular method of doing something, but since when can you patent all possible methods of doing something? Especially when there aren't any. We have been doing this at work for over a decade, using IP address information from whois servers. It isn't very accurate, but it works well enough for us.
top Why Anonymized Data Isn't
I have worked with anonymized government data extensively, and birthdate and zipcode are always considered personally identifiable information. Sometimes birth year is available, and sometimes state or (rarely) county is available, but I have never even heard of a dataset with both. Datasets with month and day of birth are never considered to be anonymized, and are not released. The author of the paper is much overwrought.
top The Homemade Hard Disk Destroyer
There is no need to physically destroy a drive to prevent data from being read. The claims of Gutmann that it was possible to read overwritten sectors were never sustained by his sources. I investigated this years ago and reported in
Can Intelligence Agencies Read Overwritten Data that he was very much overwrought. I see he has gone on to tilt at other windmills since he propagated that myth.
top Voting Machine Attacks Proven To Be Practical
OK, suppose the tamper-evident seal is found to be broken at the end of the election day. What happens then? Are those votes not counted? I wouldn't expect that result. That would open a door to an intruder going to a district favoring the opponent and merely tampering with the seal. I'd expect the votes to be counted in spite of the broken seal. Is there actual experience anywhere on this point?
feenberg has no journal entries.