1. 3

    Matt Blaze’s response (https://twitter.com/mattblaze/status/839910176916385794):

    “Interesting stat: they found ~6% of stockpiled vulnerabilities were independently rediscovered within a year. Q is what that tells us.”

    “Note that 6% seems small, but it’s basically a lower bound - no way to know about vuls found and kept secret by others.”

    “My sense is that this space is highly non-uniform, so over-interpreting the 6%/yr number is probably unwise. Need to find more factors.”

    “Not-very-bold prediction: the RAND study will be widely cited to make categorical statements that support opposite conclusions.”

    1. 3

      The FBI file makes depressing reading for critics of Gamergate. It is heavily redacted, so we don’t know why prosecutors did not pursue any of the cases.

      Yes, it is indeed depressing knowing that you can’t get the people you don’t like and who say things to you don’t appreciate to get sucked into the whirling maw of the American penal system. We should certainly fix that bug!

      Twitter, Google, and Microsoft all cooperated in the investigation, and subpoena warrants were served by a grand jury. This was taken seriously by the FBI, even if nothing ultimately came of it.

      Good to hear that the private sector surveillance apparatus is doing their part on the war on meanies.

      ~

      Can we…not…rehash Gamergate shit here? Like, that’s the very definition of nontechnical content that everybody has strong opinions about and which nobody will convince anybody else of anything about. Both sides are still claiming victory (because if you repeat a lie often enough on the internet, you become the winner), both sides engage in shitty harassment, both sides have questionable ideologies, etc.

      It’s a tire fire. Stop adding tires, and don’t start one here.

      EDIT: And flagged troll, by some coward. You do realize that every time you abuse the troll flag it loses its effectiveness right? Users who might otherwise be like “hm, maybe that post was over the line, lemme reconsider” eventually just go “meh well looks like somebody disagreed with me whatever”. If you overuse words, they lose meaning. Have you learned nothing in the last year?

      1. 24

        Dude. Don’t play that “both sides are just the same” equivocation bullshit here. The “oh the prison-industrial complex is so awful, anyone who tries to use it to stop people making endless death threats is clearly the bad guy” look isn’t a good one either. (I note in passing that the “appeal to consequences” is in the big list of argumentative fallacies on Wikipedia.)

        What happened to these particular women was wrong. Full stop. You can make all the arguments you like about other individuals (and I have seen testimony I personally believe that some pro-GG individuals were on the receiving end of some pretty nasty harassment) but none of that will change that basic fact. Either own it, or accept that you’ll get labelled as a troll & a bigot, because if you minimise what happened to these people then that’s what you are.

        1. 3

          I at no time have said that what happened to the victims on either side was anything but wrong.

          I’ve pointed out at some modest length that both sides have done things I find reprehensible (as well as some things I think are admirable), and that neither side should be taking up space on a forum for discussing the practice of technology.

          I’m sorry I’m not blindly advocating in support of your preferred…whatever it is you believe. Go punch some Nazis and feel better, I guess? ¯\_(ツ)_/¯

          1. 9

            Umm. The tags on this post are “culture” and “law”.

            Very clearly this article is at the intersection of “culture” and “law” with “technology”.

            Hit “Filters” at the top of the page, tick “culture” and “law” click and save….. and none of your space will be occupied, and your sock will remain un-angered by the passing debates on the subject.

            Admittedly that forum mechanism is a little crude in that I believe it would filter (“culture” || “law”), and not (“culture” && “law”).

            But anyway, “law” is one of those things that tends to tick along unnoticed until it makes you angry.

            1. -3

              The “literally full of ants” line in your bio now makes total sense.

              (And now I’m wondering whether that little ad hominem at the end there was a classic example of projection in action.)

          2. 15

            both sides have questionable ideologies, etc

            Are you saying social justice and feminism are a “questionable ideology”? Or referring to something else here?

            (I agree that the US prison-industrial complex is horrific and any justice obtained through it is tainted by that)

            1. 5

              The people who claim those movements as their own are definitely responsible for immense amounts of narrow-mindedness, bullying, prejudice, and indeed inability to see people who disagree with them on the smallest point as human. It’s the common disease of any -ism, and they’re no less prone to it than any other.

              1. 7

                Are you saying social justice and feminism are a “questionable ideology”?

                At the risk of being motte-and-bailey’d, I’m going to say that, yes, what many people in 2017 self-refer to as “social justice” and “feminism” are extremely questionable, and in fact are actually antithetical to their purported goals of fairness and equality.

                To preempt any comments to the effect of “Those are just the extremists; most feminist/social justice activists actually only believe <reasonable thing>”; you are incorrect. I am a student at a liberal university in a liberal town, so I interact with these people every day. I get to see them “in the bailey”, so to speak.

                1. 7

                  Threading the needle very finely here, so please don’t jump to conclusions: are you saying that supportings of honesty in games journalism (hah) and protection of established culture (hah hah) are “questionable ideologies”?

                  Of course not! However, one will invariably then point to the acts of harassment and vile speech used to silence others. And then somebody on the other side can point out the counterdoxxing, social media hate mobbing, organized blacklists (GGautoblocker, etc.) and cultural erasure being done too.

                  Unfortunately we can’t judge both sides by their best actors, and both sides' ideologies clearly support actors doing shitty things when it suits their cause despite having some reasonable or even positive ideas in other areas. We don’t get to cherrypick, and that’s why I call both questionable.

                  (And to answer your original query, since both tents of social justice and feminism are quite large, including calls to do things like eradicate the male sex, yes, I find them questionable. I similarly find most forms of chauvinism, capitalism, communism, socialism, and most other -isms suspect. Such is the lot of the skeptic.)

                  1. 10

                    We don’t get to cherrypick

                    […]

                    including calls to do things like eradicate the male sex

                    You don’t consider picking a piece of satire authored in 1967 cherry-picking?

                    “The Manifesto is widely regarded as satirical, but based on legitimate philosophical and social concerns” - https://en.wikipedia.org/wiki/SCUM_Manifesto

                    1. 8

                      You’re selectively quoting that source, because of course it’s helpful to distance the movement from the crazies. We can snipe sources and quotes back and forth, but dismissing that document as merely “satire” is revisionist history: at the very least, given the fact that the author shot Andy Warhol because she felt he had too much control over her, it’s unlikely. Satirists typically don’t shoot people.

                      You don’t consider picking a piece of satire authored in 1967 cherry-picking?

                      I’d be happy to link to a lot of the good stuff done by feminists and socjus folks, but people somehow never have trouble remembering that.

                      More generally, it’s marvelously convenient to say “oh no, that was all just satire/a lone actor/a fringe element” and then act offended when the other side does the same thing when questioned about their extremists.

                      That’s what I mean by not cherrypicking–you don’t get to pick the subset of the ideological practitioners that support things in an agreeable way. We condemn the folks who raised money to stop bullying and have valid concerns about losing a safe space because some of them also made bomb threats.

                      Why shouldn’t we have the same concern about the side that, while it supports good work on diversity and inclusiveness and social justice stuff also engages in the same shitty terrible behavior they complain about?

                      I’m not for either side. I support neither organized bullying, nor lying, nor mob justice. I don’t have to be a fascist buzzcut evil MRA goon to see that there is a lot of making fun of awkward nerds by belittling their choice of cultural touchstones. I don’t have to be a trans rainbow-haired SJW ally to see that there is a lot of truly vile harassment and just awful, awful stuff being written by people that should probably just shut up and go back to enjoying their vidya.

                2. 4

                  Yes, it is indeed depressing knowing that you can’t get the people you don’t like and who say things to you don’t appreciate to get sucked into the whirling maw of the American penal system. We should certainly fix that bug!

                  If you don’t like that it’s a crime to make death threats write to your congressmen. Until then it’s reasonable and yes correct to expect that a good and sane law like this be upheld. It might be a surprise to you but people get murdered every year, many of them after threats!

                  1. 4

                    Can we…not…rehash Gamergate shit here?

                    Uh… on this comment thread you were the first person to bring it up…

                    1. 4

                      Did you read the title of the story?

                      1. 3

                        The submission was GG stuff. My post was an appeal to avoid what will doubtless end as another tiresome dragon.

                        1. 2

                          Your post caused this, which is likely why you were marked troll.

                          1. 1

                            I’d amassed several troll downvotes before a single reply happened, as a matter of fact.

                    1. 1

                      Needs “practices” tag?

                      1. 2

                        Like Alan Turing and Dana Scott, Smullyan’s Ph.D advisor was Alonzo Church.

                        1. 4

                          Some useful comments on HN: https://news.ycombinator.com/item?id=13519421

                          1. 2

                            If you know some probability theory, I highly recommend “A Personal Viewpoint on Probabilistic Programming” as an intro to programming that makes probabilistic reasoning accessible and elegant.

                            1. 9

                              Ask Lobste.rs: Any videos you particularly liked? If so, why?

                              1. 6

                                I really liked “End-to-end encryption: Behind the scenes” – it was quite a well-coordinated performance. :-)

                                1. 3

                                  “Rusty Runtimes: Building Languages In Rust” by Aditya Siram.

                                  Aditya implements a klambda-to-Rust compiler in Rust! Very cool. Also exciting because klambda is what powers the Shen lisp language.

                                  1. 2

                                    Here’s one list of recommendations.

                                  1. 3

                                    The Art and Science of Cause and Effect by Judea Pearl. For practical purposes, it’s to jumpstart Papers We Love Philly again. For self-edification, I’m trying to understand the philosophical foundations for a theory of causal inference from the perspective of a computer scientist/statistician.

                                    1. 1

                                      Cool article but “ml” in lobste.rs means this ml: https://en.wikipedia.org/wiki/ML_(programming_language)

                                      Could also use the “hardware” tag since raspberry pis are used.

                                      1. 10

                                        I don’t normally post in these threads, so I’ll cover a few months instead.

                                        work: I spent 7 months at a PrettyBigCo that develops financial tools and it made me depressed. Sitting in a room with hundreds of people all day every day was making me physically ill constantly too which didn’t help things. I wasn’t able to attend the therapy sessions the NHS offered me (because they clashed with work lol) so I quit.

                                        I’m moving to Helsinki mid September to join Umbra 3D. They have more meaningful work and don’t have an open plan office so that should work out better. I am a little worried I didn’t take enough time off, and that the stress of 1) moving to another country 2) with like two hours of daylight will leave me feeling like crap again.

                                        !work: now I’m not encumbered by employment I can start fixing the issues in my open source projects that other people have noticed.

                                        I also spent some time getting my game engine to compile on Windows. I’ve been trying to keep all the obviously platform specific code separate from my game code, but of course there was all kinds of less obvious crap, like the lack of err.h, windows.h taking my keywords (NEAR, FAR, ERROR which I was using as a replacement for err), and ming giving me stupid errors (e.g. undefined reference to '__gxx_personality_seh0' - which was fixed by disabling exceptions or thread-safe statics or something…). I would like to get some kind of networking in next, because I think that will make it feel much more like an actual playable game.

                                        Finally, I’m in SF for the next three weeks. I’d love to get recommendations on what to do here!

                                        1. 3

                                          Hey, congrats on getting more meaningful work. I wish you the best.

                                          1. 2

                                            Graphics and 3D is fun! I’m glad you found something enjoyable to work on.

                                            PM me if you can talk more about it, or if they’re looking for remote contract work. :)

                                            1. 2

                                              Alcatraz is totally worth the hassle. Walk through GG Park to the ocean; it’s spectacular. Eat a burrito from Farolito at 24th & Mission. Check out the Marin headlands; the views from there are otherworldly. Head up to Twin Peaks – great way to see how small the city actually is. If you need to be down in the valley for any reason, be sure to drive 280, particularly in the morning.

                                              1. 1

                                                If you like tech meetups (on meetup.com), SF is fill of them. Probably has a bunch just on 3d and graphics!

                                                1. 1

                                                  Some of my favorite things in SF from my visit this year, aside from the wonderful views, were going to Giants baseball games, City Lights bookstore, and the beer bars (Toronado and Mikkeller).

                                                1. 2

                                                  Just completed a first working hack of training a Neural Network ATARI Pong agent with Policy Gradients from raw pixels with Tensorflow. Now, I’m trying to learn more Reinforcement Learning Theory, deciding between learning a little Elixir or Idris, and stressing out about how to keep Papers We Love Philly alive before the semester starts (any suggestions appreciated!).

                                                  1. 6

                                                    Uncool, I had work to do today, people.

                                                    1. 2

                                                      You knew the risks when you joined lobste.rs.

                                                      1. 1

                                                        Got it. Sorry for the mistake. I will propose adding an AI , Artificial Intelligence, or Machine learning to the community as such tags are not currently available.

                                                        1. 2

                                                          Thanks!

                                                        1. 12

                                                          Trying to organize the first Papers we Love - Philadelphia 2016 meeting among other things.

                                                          1. 2

                                                            I was excited and expected this to be for 2016, not 2015!

                                                            1. 2

                                                              updated title

                                                            1. 3

                                                              A response to the “scary” comment by one of the hackers in the hack details comment section:

                                                              “The reality for the vast majority of people is that there are substantially easier ways to get data off their computers. If your computer has an internet connection of any time, there are thousands more attacks which are easier to implement, faster, longer range and more reliable than this. This is only really useful when it comes to air-gapped computers, with no network connectivity at all. The idea came from this paper, so it has been possible & published for a while now: http://usenix.org/system/files/conference/usenixsecurity15/sec15-paper-guri-update.pdf

                                                              1. 3

                                                                Since you can reconstruct screen images from flicker patterns on the wall behind, determine keystrokes from the distinctive sound they make, infer encryption keys from accurate power measurements, measure internal state by the sounds emitted by a circuit, send and receive data using ultrasound—RF from internal circuitry seems like a fairly benign side channel.

                                                              1. 1

                                                                This reminds me of the book Head First Java. They sometimes also anthropomorphized Java objects and tried to make the reader feel guilty about “abandoning” the object to the “heartless” gc.

                                                                1. 9

                                                                  I strongly disagree with any department that is selling a “Computer Science education” acting like a vocational school and offering employment classes. I’m probably just out of touch, but that isn’t what it is about.

                                                                  1. 6

                                                                    I don’t think CS should turn into vocational education, but an elective seminar on “typical CS interviews” doesn’t bother me much, and still seems pretty far from turning the degree program into a coding-camp style thing. Elective seminars on a range of topics are already pretty common, e.g. I took one where we just prepared for and then competed in the ACM programming competition. You could even throw in some interdisciplinary critique if you wanted: teach students how to prepare for typical tech interview questions, but at the same time, use that as a springboard to critically discuss CS hiring processes.

                                                                    1. 5

                                                                      I mean, it’s nice to believe that everyone paying hundreds of thousands of dollars for an education is doing so for the goal of self-betterment, with no thought of it ever being financially break-even. I think perhaps there are academics who do believe this. I’m not sure what else to say. :)

                                                                      1. 3

                                                                        The nice thing about making decisions based on principle is that one does not have to concern themselves with what people are doing now. :)

                                                                        But, seriously, I don’t think that because the educational system in the US is already a vocational system means the best thing to do is go deeper.

                                                                        The biggest bullshit part is that the US is already a post-scarcity country, it just refuses to go with it. There is no need for highly educated people to go to school just to learn how to get a job except for that they have decided to do that.

                                                                        1. 2

                                                                          Those are fair points. I’m certainly in favor of dismantling the social structures that lead to people spending a great deal of money on higher education when it isn’t in line with their actual desires.

                                                                      2. 2

                                                                        Tell that to Stanford and MIT:

                                                                        “”“ Addendum on 2015-10-20: readers from the Internets have pointed out that several schools do indeed offer such elective courses (e.g., Stanford and MIT). ”“”

                                                                      1. 6

                                                                        Some notable takeaways: “There are ideas in SICP that people are acting as if they just discovered today. (That said, the early expressions of these ideas are not always the best, and so the past should be a source of inspiration, but we should be careful not to get stuck there.)”

                                                                        “If you didn’t have fun, we were doing it wrong.”