I saw a t-shirt one time. “I’m a bomb disposal technician,” it read. “If you see me running, try to keep up.”
The same sort of idea can be applied to net security: when all the net security people you know are freaking out, it’s probably an okay time to worry.
This afternoon, many of the net security people I know are freaking out. A very serious bug in OpenSSL — a cryptographic library that is used to secure a very, very large percentage of the Internet’s traffic — has just been discovered and publicly disclosed.
Even if you’ve never heard of OpenSSL, it’s probably a part of your life in one way or another — or, more likely, in many ways. The apps you use, the sites you visit; if they encrypt the data they send back and forth, there’s a good chance they use OpenSSL to do it. The Apache web server that powers something like 50% of the Internet’s web sites, for example, utilizes OpenSSL.
Through a bug that security researchers have dubbed “Heartbleed“, it seems that it’s possible to trick almost any system running any version of OpenSSL from the past 2 years into revealing chunks of data sitting in its system memory.
Why that’s bad: very, very sensitive data often sits in a server’s system memory, including the keys it uses to encrypt and decrypt communication (read: usernames, passwords, credit cards, etc.) This means an attacker could quite feasibly get a server to spit out its secret keys, allowing them to read to any communication that they intercept like it wasn’t encrypted it all. Armed with those keys, an attacker could also impersonate an otherwise secure site/server in a way that would fool many of your browser’s built-in security checks.
And if an attacker was just gobbling up mountains of encrypted data from a server in hopes of cracking it at some point? They may very well now have the keys to decrypt it, depending on how the server they’re attacking was configured (like whether or not it’s set up to utilize Perfect Forward Secrecy.)
by Greg Kumparak, TechCrunch | Read more: Image: uncredited
[ed. I'm not sold on the practical applications of this type of research, but I'm kind of glad somebody's doing it.]
One of most immediately striking features about Bernie Krause is his glasses. They’re big—not soda-bottle thick, but unusually large, and draw attention to his eyes. Which is ironic, as Krause’s life has been devoted to what he hears, but also appropriate, since it’s the weakness of his eyes that compelled Krause to engage with sound: first with music, and later the music of nature. Nearsighted and astigmatic, Krause has spent most of the last half-century recording biological symphonies to which most of us are deaf. (...)
At this particular moment in Earth’s history—the morning of what some scientists call the Anthropocene, an age in which human influence on natural processes is ubiquitous and immense—we have many tools to measure our ecological impacts: by eye, generally, focusing on particular species or guilds of interest, counting them in the field, peering by satellite at changes in land use, and translating our observations into the language of habitat type and biodiversity.
To Krause, these are measurements best made by listening to natural soundscapes. In a career of listening and recording, he’s amassed a veritable Library of Alexandria of nature’s sounds, and he emphasizes that they’re not merely recordings of individual creatures. The traditional approach of bioacoustics, focusing on single animals and species, is anathema. It’s “decontextualizing and fragmenting,” he says, like trying to extract a single violin from Beethoven’s Fifth Symphony. “Take an instrument out of the performance, and try to understand the whole performance, and you don’t get very much,” he says.
Inevitably Krause has captured the players—bearded seals with voices that echo geomagnetic storms, baboons booming in granite amphitheaters, a fox kit playing with a microphone—but they’re incidental to recording whole habitats and communities.
In his home studio, perched on an oak-covered hillside in Glen Ellen, Calif., Krause plays me some of his favorites: a Florida swamp, old-growth forest in Zimbabwe, intertidal mangroves in Costa Rica, and a Sierra Nevada mountain meadow. As the sounds pour from speakers mounted above his computer, spectrograms scroll across the screen, depicting visually the timing and frequency of every individual sound. They look like musical scores.
In each spectrogram, Krause points something out: No matter how sonically dense they become, sounds don’t tend to overlap. Each animal occupies a unique frequency bandwidth, fitting into available auditory space like pieces in an exquisitely precise puzzle. It’s a simple but striking phenomenon, and Krause was the first to notice it. He named it biophony, the sound of living organisms, and to him it wasn’t merely aesthetic. It signified a coevolution of species across deep biological time and in a particular place. As life becomes richer, the symphony’s players find a sonic niche to play without interference.
Opposites attract. That’s how the cliché goes, and people really believe they are attracted to those different from them: 86 percent say they want a partner who “complements them” rather than one who “resembles them.”
There’s only one problem with this idea: It’s false. I studied 1 million matches made by the online dating website eHarmony’s algorithm, which aims to pair people who will be attracted to one another and compatible over the long term; if the people agree, they can message each other to set up a meeting in real life. eHarmony’s data on its users contains 102 traits for each person — everything from how passionate and ambitious they claim to be to how much they say they drink, smoke and earn.
The data reveals a clear pattern: People are interested in people like themselves. Women on eHarmony favor men who are similar not just in obvious ways — age, attractiveness, education, income — but also in less apparent ones, such as creativity. Even when eHarmony includes a quirky data point — like how many pictures are included in a user’s profile — women are more likely to message men similar to themselves. In fact, of the 102 traits in the data set, there was not one for which women were more likely to contact men with opposite traits.1
Men were a little more open-minded. For 80 percent of traits, they were more willing to message those different from them. They still preferred mates who were similar in terms of height or attractiveness2, but they cared less about these traits — and they didn’t care much at all about other things women cared about, like similarity in education level or number of photos taken.3They cared less about whether their match shared their ethnicity.4
Women prefer similarity in subtler ways as well: A woman shows a small but highly statistically significant preference for a man who uses similar adjectives to describe himself, with “physically fit,” “intelligent,” “creative” and “funny” having the strongest effects. Men showed no such preference.
A team of scientists at the University of Edinburgh has rebuilt the thymus of an old mouse — the first regeneration of a living organ.
After treatment, the regenerated organ had a structure similar to that found in a young mouse.
The thymus is an organ in the body located next to the heart that produces important immune cells. The advance could pave the way for new therapies for people with damaged immune systems and genetic conditions that affect thymus development.
The function of the thymus was also restored and the mice began making more white blood cells called T cells, which are important for fighting off infection. However, it is not yet clear whether the immune system of the mice was improved.
The researchers targeted a protein produced by cells of the thymus called FOXN1, which helps to control how important genes are switched on. By increasing levels of FOXN1, the team instructed stem cell-like cells to rebuild the organ.
Washington State Liquor Board has received a total of 7,046 applications, with 2,206 for retail which they will limit to 334.
The cannabis will be priced at $3 per gram for producers, $6 for processors and a pre-tax $12 per gram for retailers. “The board anticipates tax revenue of up to $2 billion during the first five years as a result of a 25% tax on each level. That’s right, ultimately this cannabis will have been taxed 75% by the time it reaches the customer.”
[ed. I know... you're just as excited as I am, it's The Masters! The one tournament each year when the drama is nearly guaranteed on a hushed and breathless Sunday afternoon at Augusta National Golf Club. The dogwoods and azaleas are in full bloom, commercials are kept to a minimum (4 minutes an hour), and the course is fast and tricky. Can't wait.]
We can always be certain of a few things about the Masters Tournament, which starts Thursday at the Augusta National Golf Club: The azaleas will be in bloom. The course will be pristine. The post-tournament sit-down in Butler Cabin will be awkward. But who will win? Let’s see which factors, if any, correlate with success under the Georgia pines.
Full disclosure: Attempting to forecast the outcome of any single golf tournament is, in many ways, a fool’s errand. The PGA Tour’s leading winner in each season since 19801 has averaged 4.6 victories in 21 events, a rate of just under 22 percent. Even Tiger Woods, who may be the greatest golfer of all time, has won only 26 percent of the tournaments he’s entered. The field regularly beats the best golfers in the world, and this is especially true in the tiny sample of a four-round tournament.
Complicating matters, the Masters (one of the more prestigious of the four majors) has seen plenty of fluke winners in recent years, at least based on their perceived status the year before they won the tournament. Going back to 2003, the earliest year for which the PGA Tour website has end-of-year Official World Golf Ranking data, only U.S. Open winners have a lower end-of-year OWGR point average2 than Masters champions in the season before their major victory.3
But despite the inherent uncertainty of golf and especially the Masters, some numbers emerge as predictors of success at Augusta. Specifically, long hitters appear to have an advantage — and pure ball-strikers less so — than would be expected from their performance across all tournaments.
To isolate those predictive factors, I borrowed a technique I first used for last year’s NCAA Giant Killers project at ESPN.com. The idea is to start with a base rating for each player that loosely represents his talent level relative to others’ in the field. Then I look for discrepancies between what that measurement predicted and what happened, and try to determine whether those gaps are related to a particular attribute of a player’s game.
by Neil Paine, 538 | Read more: Image: Getty Images
Lots of American companies have private jets, and the government gives them a pretty good reason to buy one: They can pay for themselves in just a few years.
The reason is that the American government pretends a jet only lasts five years, when in reality you can use it for decades. The government is pretending that other long-lived corporate investments—train cars, broadcast antennae, oil rigs and satellite tracking equipment—will also become useless far sooner than they will, five or seven years into a much longer working life. This willful blindness is an attempt to fool businesses into buying more expensive stuff, thus goosing the economy, but there’s not a lot of evidence that it actually works.
“As a result, businesses holding these assets are able to recoup the entire cost of acquiring the asset long before it’s ceased to produce value,” Dean Sonderegger, an executive at Bloomberg BNA who builds software that allows companies to track these write-offs. “Take private jets, for example, which have an IRS-specified useful life of five years, allowing firms to write off 70% of their cost within the first three years.”
The term of art here is depreciation, and it serves a useful purpose. You shouldn’t have to pay taxes on your necessary business expenses, but it doesn’t make sense to let companies deduct the entire cost of something they buy in the first year if it will last for years. So companies are allowed to deduct a percentage of the equipment’s cost over time, as its value depreciates. But when these rates were set in the 1986 tax reform, they were, for some reason—probably last-minute political horse-trading—often based on lifespans much shorter than the real ones.
Today, businesses can also add in bonus depreciation—who doesn’t love a bonus?—that was first instituted as stimulus after the recession in 2000, renewed and subsequently increased in the years that followed; it currently speeds up depreciation by 50%.
Misunderstandings, stereotypes and hypergeneralizations are common when referencing the ins and outs of Hawaii in print, film and television. In the recent "Top Chef" finale on Maui, host Padma Lakshmi said that spam "is lovingly referred to by the locals as 'Hawaiian steak.’" Though it’s no joke that locals have a great fondness for the congealed pork cube and I’ll admit that "Hawaiian steak" does have a nice soundbitish ring to it, spam is known as nothing else but spam in the islands and is mostly served with fried eggs and rice, or wrapped in nori for musubi, like a sushi present.
Hawaii is an ocean apart from the continental U.S., in the margins of the coastal media outposts and the peripheries of social-justice Twitter monitors. The voice of Hawaii and its people (locals!) is often muted. But maybe the Hollywood-media complex doesn’t think it needs to be accountable in its accuracy of Hawaii because, for the most part, it depicts the islands as a mellow, chill, pina-colada-slurping, spam-barbecuing paradise where everyone wants to vacation forever, right?
Not exactly. Hawaii's had a big year. Four shows have aired in the last season that are 100 percent set in the islands—"Hawaii Five-O," four seasons and running; and "Hawaii Life," "Wild Hawaii" and "American Jungle"—with a fifth show currently being shot, tentatively titled "The Ark." And not all are glowing or accurate. (...)
Before the flawed and filthy rich, or the flawed and bumpkin-like, became TV’s bread and butter, there was the idyllic and the cookie-cutter. Hawaii was both the symbol of serene beauty and American-suburban escape. It was a safe exoticism, our country’s pit-stop paradise, saved for sitcom vacation episodes or tiki murder mysteries, packed with luaus, shirtless dudes saying "brah" and flirtatious hula dancers. In film, it provided the backdrop for a long history of easy-breezy surf movies—from "Blue Hawaii" and "Gidget Goes Hawaiian" in the 60s to "Blue Crush" and "Soul Surfer" in the aughts—because Hawaii is the place where you Hang 10, pray to the Big Kahuna and avoid the kooks. Hawaii didn’t become a national television staple until the original "Hawaii Five-O’"s 12-year run, paving the way for everyone’s favorite ’80s hunk, "Magnum P.I.," both of which were kind of hokey and not necessarily ethnically accurate but harmless nonetheless, and then there was my fave in high school, "Byrds of Paradise," starring a teenage Jennifer Love Hewitt as a Hawaii transplant, Timothy Busfield as her dad and a lot of young, local eye candy in between (fun fact: a friend of a friend took J.Love to prom). Then the reality shows arrived: "The Real World Hawaii," a.k.a. the one with Ruthie, which, like all the other seasons, no one expected to be real; MTV’s "Maui Girls," as vapid and phony as "The Hills"; and, of course, the original local-trash reality show, A&E’s "Dog the Bounty Hunter." "Dog" may be the least flattering to local life, but in some ways it was the most accurate of the bunch, as meth is no joke in islands; not every nook and cranny comes up desirable. But mostly, I give whatever sensationalism Dog provided a pass because any right-minded viewer could see that the most ludicrous things about the series were the non-natives—the overly tan, navel-bearing bounty hunter and his wife with the ginormous breasts. Compared to "American Jungle," "'Bounty Hunter' wasn’t that much better," Aila said. "But at least, conceptually, it employed someone who was bounty hunter mechanically correct."
I can think of only one mainstream film that has done a fair-enough job in portraying the complications of race, culture and how people live in Hawaii while capturing the islands’ natural beauty—2011’s The Descendants. Beneath a universal story of loss, there were the quiet politics between native Hawaiians, locals, local haoles who’ve lived there for generations but still don’t feel totally local, and the people who move there but never quite get the culture. Based on generation, time-and-place appropriateness and socio-economics, pidgin was spoken accordingly. Locals were cast as extras. Set designers added touches like Hawaiian sea-turtle quilts and shoyu bottles on restaurant tables. The whole thing was done quite thoughtfully because the director, Alexander Payne, worked closely with Kaui Hart Hemmings, the island-born writer of the book he adapted, to ensure accuracy in the details.
If you're a regular reader, you'll know that I believe two things about computers: first, that they are the most significant functional element of most modern artifacts, from cars to houses to hearing aids; and second, that we have dramatically failed to come to grips with this fact. We keep talking about whether 3D printers should be "allowed" to print guns, or whether computers should be "allowed" to make infringing copies, or whether your iPhone should be "allowed" to run software that Apple hasn't approved and put in its App Store.
Practically speaking, though, these all amount to the same question: how do we keep computers from executing certain instructions, even if the people who own those computers want to execute them? And the practical answer is, we can't.
Oh, you can make a device that goes a long way to preventing its owner from doing something bad. I have a blender with a great interlock that has thus far prevented me from absentmindedly slicing off my fingers or spraying the kitchen with a one-molecule-thick layer of milkshake. This interlock is the kind of thing that I'm very unlikely to accidentally disable, but if I decided to deliberately sabotage my blender so that it could run with the lid off, it would take me about ten minutes' work and the kind of tools we have in the kitchen junk-drawer.
This blender is a robot. It has an internal heating element that lets you use it as a slow-cooker, and there's a programmable timer for it. It's a computer in a fancy case that includes a whirling, razor-sharp blade. It's not much of a stretch to imagine the computer that controls it receiving instructions by network. Once you design a device to be controlled by a computer, you get the networked part virtually for free, in that the cheapest and most flexible commodity computers we have are designed to interface with networks and the cheapest, most powerful operating systems we have come with networking built in. For the most part, computer-controlled devices are born networked, and disabling their network capability requires a deliberate act.
My kitchen robot has the potential to do lots of harm, from hacking off my fingers to starting fires to running up massive power-bills while I'm away to creating a godawful mess. I am confident that we can do a lot to prevent this stuff: to prevent my robot from harming me through my own sloppiness, to prevent my robot from making mistakes that end up hurting me, and to prevent other people from taking over my robot and using it to hurt me.
The distinction here is between a robot that is designed to do what its owner wants – including asking "are you sure?" when its owner asks it to do something potentially stupid – and a robot that is designed to thwart its owner's wishes. The former is hard, important work and the latter is a fool's errand and dangerous to boot. (....)
Is there such a thing as a robot? An excellent paper by Ryan Calo proposes that there is such a thing as a robot, and that, moreover, many of the thorniest, most interesting legal problems on our horizon will involve them.
As interesting as the paper was, I am unconvinced. A robot is basically a computer that causes some physical change in the world. We can and do regulate machines, from cars to drills to implanted defibrillators. But the thing that distinguishes a power-drill from a robot-drill is that the robot-drill has a driver: a computer that operates it. Regulating that computer in the way that we regulate other machines – by mandating the characteristics of their manufacture – will be no more effective at preventing undesirable robotic outcomes than the copyright mandates of the past 20 years have been effective at preventing copyright infringement (that is, not at all).
But that isn't to say that robots are unregulatable – merely that the locus of the regulation needs to be somewhere other than in controlling the instructions you are allowed to give a computer. For example, we might mandate that manufacturers subject code to a certain suite of rigorous public reviews, or that the code be able to respond correctly in a set of circumstances (in the case of a self-driving car, this would basically be a driving test for robots). Insurers might require certain practices in product design as a condition of cover. Courts might find liability for certain programming practices and not for others. Consumer groups like Which? and Consumer Union might publish advice about things that purchasers should look for when buying devices. Professional certification bodies, such as national colleges of engineering, might enshrine principles of ethical software practice into their codes of conduct, and strike off members found to be unethical according to these principles.
by Cory Doctorow, The Guardian | Read more: Image: Blutgruppe/ Blutgruppe/Corbis
NZABAMWITA: “I damaged and looted her property. I spent nine and a half years in jail. I had been educated to know good from evil before being released. And when I came home, I thought it would be good to approach the person to whom I did evil deeds and ask for her forgiveness. I told her that I would stand by her, with all the means at my disposal. My own father was involved in killing her children. When I learned that my parent had behaved wickedly, for that I profoundly begged her pardon, too.”
KAMPUNDU: “My husband was hiding, and men hunted him down and killed him on a Tuesday. The following Tuesday, they came back and killed my two sons. I was hoping that my daughters would be saved, but then they took them to my husband’s village and killed them and threw them in the latrine. I was not able to remove them from that hole. I knelt down and prayed for them, along with my younger brother, and covered the latrine with dirt. The reason I granted pardon is because I realized that I would never get back the beloved ones I had lost. I could not live a lonely life — I wondered, if I was ill, who was going to stay by my bedside, and if I was in trouble and cried for help, who was going to rescue me? I preferred to grant pardon.”
Last month, the photographer Pieter Hugo went to southern Rwanda, two decades after nearly a million people were killed during the country’s genocide, and captured a series of unlikely, almost unthinkable tableaus. In one, a woman rests her hand on the shoulder of the man who killed her father and brothers. In another, a woman poses with a casually reclining man who looted her property and whose father helped murder her husband and children. In many of these photos, there is little evident warmth between the pairs, and yet there they are, together. In each, the perpetrator is a Hutu who was granted pardon by the Tutsi survivor of his crime. (...)
At the photo shoots, Hugo said, the relationships between the victims and the perpetrators varied widely. Some pairs showed up and sat easily together, chatting about village gossip. Others arrived willing to be photographed but unable to go much further. “There’s clearly different degrees of forgiveness,” Hugo said. “In the photographs, the distance or closeness you see is pretty accurate.”
In interviews conducted by AMI and Creative Court for the project, the subjects spoke of the pardoning process as an important step toward improving their lives. “These people can’t go anywhere else — they have to make peace,” Hugo explained. “Forgiveness is not born out of some airy-fairy sense of benevolence. It’s more out of a survival instinct.” Yet the practical necessity of reconciliation does not detract from the emotional strength required of these Rwandans to forge it — or to be photographed, for that matter, side by side.
[ed. I've thought for a long time that something like this would be useful, if for no other reason than to share information about crime in our neighborhoods (and, wondered why the police didn't take the initiative to create neighborhood web sites themselves). This is more elaborate].
Having her bike yanked from the utility closet of her San Francisco apartment building reminded Sarah Leary why she had spent the last three years building an online social network for neighbors.
"I put out a message saying, ‘Here’s what my bike looks like,’” says Leary, co-creator of Nextdoor, “and I had three or four people chime in with just, like, ‘I’m so sorry that that happened.’” (She added that those few posted words alone “made her feel known and loved and supported.”) Other neighbors were more practical. One insisted that she file a report so that the police might add it to the stats used to track local bicycle thievery.
Oh right, Leary, a Massachusetts native and tech world veteran who now lives in the Lower Pacific Heights neighborhood, recalls thinking. I’m supposed to do something about this for my neighborhood in real life, not just gripe about it online.
The site co-founded by Leary is a simple enough idea. We’ve become acclimated to using Facebook to connect with friends and family. LinkedIn for work. Twitter for our interests. Yet in 2014 there is no go-to online social network for the people we live among. "And that," Leary says while sitting in Nextdoor’s suite of offices, "is kind of crazy."
The Nextdoor team, Leary says, draws some of its inspiration from Harvard political scientist Robert Putnam, who concluded in his 2000 book Bowling Alone that "social networks in a neighborhood" make crime go down and test scores go up. Even more fundamentally, our neighbors would be the first to dig us out from the rubble after an earthquake. But today, we don’t know them that well. Nearly a third of Americans can’t pick out a single person in their neighborhood by name. For all the talk about technology driving us ever further into our personal bubbles — Putnam used “social networks” in the pre-Facebook sense — Nextdoor’s gamble is that the Internet can, in fact, be the missing bridge between us and the people with whom we share a spot on the map. (...)
The ultimate goal is to make information shared on Nextdoor so valuable that people don’t want to miss it — a bet on the notion that far more people care about, say, what happens at community meetings than attendance numbers suggest. It’s a vision of Nextdoor less as a social network than as a social utility.
The same sort of idea can be applied to net security: when all the net security people you know are freaking out, it’s probably an okay time to worry.
