2012 03 26

From TheCommandLineWiki
Jump to: navigation, search

Contents

News Cast for 2012-03-26

(00:00:17.765) Intro

(00:03:19.336) Security alerts

(00:03:37.031) The security of multi-word passphrases

  • https://www.schneier.com/blog/archives/2012/03/the_security_of_5.html
  • Bruce Schneier linked to a study of multiple word passphrases
    • That made the rounds a couple of weeks ago with tons of comments and questions
  • He linked to both the research and a more accessible blog post on Light Blue Touchpaper
    • That pretty clearly explains the counter intuition that has so many people confused
  • While pass phrases have the potential to be far more secure
    • What the research looked at was the limited data that could be found
      • That demonstrates how such phrases are actually used
  • This is comparable to some of the statistical work on passwords that has been done over the years
  • Theoretical strength can be computed for both passwords and phrases
    • Expressed in terms of bits of entropy
  • The higher the entropy, the more guesses a brute force attack has to make
    • Thus increasing the cost of attacks against any give password or phrase
  • Not surprisingly, as with the more common single word choices
    • The researchers found in practice that the actual choices of multiple words
      • Simply didn't yield that much more security
  • Too often what users selected were predictable, word pairs that occur not in a dictionary per se
    • But that the results of analysis of massive quantities of text, like Google n-grams
      • Yield the same sort of advantages for passphrases that dictionary attacks do for single words
  • The takeaway for me is that the important bit of security advice is not necessarily length
    • So much as it is ensuring that the words or phrases used
      • Are sufficiently random so as to erase any advantages from the sorts of cribs
      • That can be derived to aid attackers from dictionaries
        • And other easily accessible textual metadata
  • The xkcd comic mentioned in the post is a good example
    • One that couples pure random word choice
      • With a clever trick to aid memory without eroding a phrase's strength

(00:05:57.178) Data breaches increasingly caused by hacks, malicious attacks

  • http://arstechnica.com/business/news/2012/03/data-breaches-increasingly-caused-by-hacks-malicious-attacks.ars
  • Sean Gallagher at Ars Technica shared an interesting study from Ponemom Institute
    • Sponsored by Symantec
  • It followed 49 organizations over the course of 2011
  • The focus of the study was the cost of breaches
    • Finding that in general they declined over the course of the year
  • Broken out by the cause of a breach, though, the cost for malicious hacks rose
    • Compared to software faults or negligence
  • The results also pointed to in increase in active attacks rather than passive causes
  • I find those two a bit hard to reconcile, unless the drop in cost for non-attack breaches
    • Dropped so much it offset the admittedly modest 6 percent increase in those from attacks
  • Beyond what Gallagher summarizes, there are a few other highlights in the study itself
  • In particular are called is that having a C-level executive responsible for breaches
    • Tended to correlate with lowered costs in handling
  • The researchers also broke out the different parts of cost per incidence
  • In particulr the cost to detect then escalate handling of breach went down
    • But the cost of notifying those affected went up
  • That last is a bit suspicious to me, as it echoes rhetoric from companies objecting
    • To regulations that would mandate customer notification, citing prohibitive cost
  • Overall, though, I'd limit credibility in the study as it was based on self reported surveys
  • To be more reproducible and perhaps objective, there should be a study that uses
    • Some more concrete data, like logs from deployed security systems
  • Additionally, the trends identified seem to be cyclic, that within the last six years or so
    • The aspects examine, largely costs, fell out along a similar distribution
  • I would also like to see a cost to consumer analysis rather than cost to company
    • As individuals have less recourse, such as insurance and accounting tricks
      • To soften the blow of some lost bit of personal identification or financial data

(00:09:13.298) News

(00:09:27.258) Artificial intelligence project builds video games from scratch

  • http://arstechnica.com/gaming/news/2012/03/artificial-intelligence-angelina-builds-videogams-from-scratch.ars
  • Megan Geuss Ars Technica wrote about a project at Imperial College in the UK
    • By PhD student Michael Cook who is studying evolutionary computing
  • Very quickly, since the article only provides a cursory explanation of evolutionary programming
    • This is a form of computer based optimization that mimics natural evolution
  • A programmer provides one or more fitness functions
  • The program than iteratively generates code and evaluates it against these functions
  • The more successful bits are kept, the ones that fail are discarded
  • The approach relies on the brute horse power of computers to iterate and evaluate simple rules
  • Surprisingly, with the right fitness functions, surprisingly good results can emerge
  • There are additional techniques also cribbed from nature that improve the capabilities
    • Such as introducing forms of random variation, or mutation
    • And also simulating sexual reproduction where fit programs swap pieces
      • With other fit programs in the same generation
      • To see if re-combining subsets of successful traits improves fitness
  • Geuss does make clear that creating programs in this fashion doesn't represent any kind of reasoning
    • Like fuzzy logic or what IBM's well known Watson executes to take on Jeopardy champions
  • Cook's application highlights where evolutionary programming perhaps can outperform other approaches
  • ANGELINA, which stands for A Novel Game-Evolving Labrat I've Named ANGELINA,
    • Uses simulated evolution to produce novel and ideally fun to play video games
  • The application of randomization and even constrained and optimized forms isn't new in games
  • Many video games over the years have included the capability to produce random maps, levels
    • And to inject random challenges, monsters and other discrete elements
  • What makes ANGELINA different is that it produces entire games, albeit rather simple ones
  • Geuss has an excellent description in the article of how Cook decomposed games
    • Into three independently evolvable components, or species
  • Some of these, like the map layouts and placement of enemy sprites
    • Borrow from that long lineage of random generation but add an evaluation of playability or fun
  • The fact that the rules also are permuted is the most interesting to me
    • That doing so could possibly lead to some counter intuitive and genuinely new games
  • Manual game design relies on a well established body of knowledge
  • It seems like very so often, a creator stumbles upon some truly new element
    • Or remixes the known bits in a surprising way that yields a really novel experience
  • Leveraging randomization, optimization and model of what makes a game fun to play
    • Unleashes a program like ANGELINA to try combinations that may never have occurred
      • To a human designer
  • Better yet, I like the idea that it could provide a prod, a spur away from me-too games
    • Ones that simply feed into the desire to capitalize on a proven game
      • By just offering more of the same
  • The games created by ANGELINA are simple, equivalent to early arcade games and platformers
    • Like the very first versions of the long running Mario franchise
  • Cook has hopes that game makers will consider making use of his work
  • It isn't hard to imagine how something like this could offer an unpredictable string
    • Of unique and engaging games for lower powered mobile devices
      • Where casual gaming is becoming ever more popular
  • I can also imagine how this work could be built upon
    • How other game aspects could be abstracted away into evolvable species
      • Realizing that ultimate potential that I think resides here for real surprise
      • Even if, as the article notes, humans may still need to be creative and involved
        • To add visual and other multimedia skins and set dressing

(00:14:36.460) Even a toddler is smarter than the smartest AI

  • http://io9.com/5893015/even-a-toddler-is-smarter-than-the-smartest-ai
  • Alasdair Wilkins on io9 described some other work in the field
    • Of fundamental approaches to human reasoning
  • The work being done by Tom Griffiths and colleagues
    • At UC Berkeley's Computational Cognitive Science Lab
      • Takes its inspiration from natural systems just like the last story about ANGELINA
  • Instead of starting with an immense macro-system that can be simulated way faster
    • Than its counterpart out in the world
      • Wilkins opens the article with a fun description of their point of departure
  • A relatively unexamined model of building general reasoning almost from scratch
    • Is how human children grapple with and make sense of the world from birth on
  • Wilkins does a good job pinpointing the differences between the way a mature adult reasons
    • Versus the sort of challenges an infant faces just in sorting out
      • Vast quantities of new experiences with little to no prior experience
  • Griffiths and team are looking to assemble statistical models that work like
    • The sorts of techniques that infants use to discover causal relationships
      • Notice patterns, and test hypothesis
  • To me, though Wilkins doesn't put it this way, this sounds like reverse engineering
    • The basic wiring with which children come equipped
      • As a result of generations on generations of evolution
  • The article explains that the real world benefits will be in more flexible computer interactions
  • Think of voice response systems better able to deal with unusual interactions
    • Or other forms of automation that can adapt to the conditions of a person using them
  • Wilkins has a little phone imagining the best attributes of children imbued in programs
    • Like a sense of wonder and the pursuit of creative play and imagination
  • As fun as those ideas are, speaking as a parent, I think Griffiths and team
    • Are better off doing what it definitely sounds like is a probabilistic approach
      • Rather than emulating any form of emotional intelligence
  • To be fair, there are researchers who have also been looking into emotive computing
    • More to trigger empathic responses and find models of interaction that are less tasking
  • What is being done here isn't new as a rough concept, in terms of trying to go back
    • To a sort of first principles approach to practical reasoning
  • The difference compared to say artificial neural networks
    • Is that they are targeting intermediate features of child like reasoning
  • Rather than simulating completely blank neurons and trying to evoke
    • Emergent, self organizing wiring of those into useful cognitive systems
      • They are focusing on existing capabilities in humans at birth
      • As function developmental biology and evolution
  • Doing so may limit their approach, in that it may be permanent stuck at a child's level
    • But this may be good enough for the sort of applications they are targeting
  • Conversely, they or subsequent researchers may layer in other techniques
    • That produce a hybrid model of reasoning that nets some useful general machine reasoning
  • The other thought I had was how these open ended and conjectural models
    • May benefit from the vast speed up at play in the last story
  • We've already seen how the application of non-cognitive focused, simple statistical models
    • To the currently almost faddish trend of big data has yield some impressive insights
  • Imagine how even a marginal step towards human level reasoning
    • Couple with the ability to take in orders of magnitude more information and experience
      • Once again may yield something truly unexpected

(00:18:58.826) Matt Haughey on the joys of Internet "lifestyle business" vs the grind of fast startups

  • http://boingboing.net/2012/03/19/matt-haughey-on-the-joys-of-in.html
  • Cory at Boing Boing shared a talk given by Matt Haughey (how-ee) at Webstock in New Zealan
  • Haughey started his career during the origina dot-com boom, is behind Metafilter
    • And as he was coming up with the ideas in the talk, is about to turn forty
  • Not surprisingly I was immediately interested as we are clearly of an age
  • In the intro, Haughey provides a bit of context, about the kind of milestone
    • That the age of 40 represents in US as well as other cultures
  • The first thing that occurred to me as he continued to talk about peers
    • Going through a similar sort of re-adjustment as they approach forty as well
      • Was how compressed all the changes in their lives are
  • I suspect that I am unusual, that I have been defensive of my work-life balance
    • From a much earlier age, even in my late twenties
  • Haughey lays some fault at the feet of Steve Jobs who is both inspiring, clearly
    • But demanding of himself and those around him, encouraging an unbalanced life
  • He draws a clear line from that attitude towards work into the pervasive valley culture
  • This definitely matches my experience, the last industry conference I went to
    • Where the attitude of twenty year old kids was they'd work at a rising start up
      • Long enough to secure a fortune then either start their own gangbusters endeavor
        • Or get out of technology all together
  • In contrast, Haughey offers the minimalist view he's come to in response
    • Of building the minimally viable application with some value
  • He suggests that the attention of obviously lucrative success
    • May introduce a distortion that hides smaller, still interesting and worthwhile ideas
  • There is a term, used as a pejorative, from venture capitalists
    • That these small efforts are "lifestyle businesses"
  • As dismissive as the money people are, Haughey identifies a modest but solid growth trend
  • He credits a long term view as key to these under appreciated ideas and implementations
  • A good bulk of the talk unpacks the differences between the massive internet hits
    • And those models that are perhaps more sustainable, more sane when it comes to heath and sanity
  • The comparison to indie bands is a good one, both in terms of the additional work
    • But also how much a company can retain of its own value
  • Early on I was introduced to the idea of dilution, the height of concern
    • Being one of the last startups for whom I worked
      • That arguably took at least some of these lessons to heart
      • Avoiding outside investment for as long as possible to retain autonomy
  • There is a good deal of simple but perhaps again unappreciated practical advice
    • For how to pursue a more slow burn, long term business
  • Even things, like backup, that we may take for granted
    • Have to be approached differently, in terms of getting as close to 100% reliably as possible
  • Permanence and resilience are clearly qualities more important than flashy notions like marketing
  • I thought at first the talk would cover the personal level
    • But other than the introductory material on turning forty
      • Most of it focuses on how choosing to go slow affects decisions
  • Don't get me wrong, I think the advice, more the mindset he is advocating, is valuable
  • The one startup I worked for that got closest to this was the sanest
    • Except for when they forgot the mantra of slowness and started changing business models
  • The talk is about forty minutes and if you are still in the private sector
    • Is definitely worth the time, even if Haughey is a bit of low energy speaker
  • Working in the non-profit sector now, I think the ideas and advice around long term sustainability
    • Are applicable as well, given that the amounts of money are smaller
      • And the cadence for seeking grants and developing corporate donations
      • Seems to be very different from the breakneck pace of today's startups

(00:25:05.606) Pirate LOSS? An alternative ...

  • I wrote briefly on the web site about The Pirate Bay's announcement
    • That they would be experimenting with serving magnet links from drones
  • The reaction to this has been mixed, with some finding it more credible as I did
    • Based on the state of technologies and tools available to enthusiasts
  • Others have been critical or even suggesting it was merely a joke, a bit of hyperbole
  • I even saw news, and linked to it in this week's follow ups
    • That another group has already launched file sharing drones fitting the description
  • http://www.antipope.org/charlie/blog-static/2012/03/pirate-airships-an-alternative.html
  • Charlie Stross has a nice recap of the original announcement on his blog
    • And clearly falls into the more skeptical camp
  • Being a fairly rigorous thinker given the kind of science fiction he writes
    • He provides one of the more compelling cases against the feasibility of these drones
  • Mostly he identifies failure mode after failure mode that would make them subject to seizure
  • For instance, to be truly autonomous and to perform active station keeping
    • They would outstrip the power that a light enough solar array could produce
      • Meaning they'd either need to periodical refuel or would need to be tethered
  • Rather than dismissing the whole notion, though, Charlie suggests an alternative
  • Like a lot of creative thinkers, he takes inspiration from nature
  • Well, in this case, it is a natural critter adapted to live where human populations are most dense
  • Charlie suggest that a Raspberry Pi powered ratbot might be a more feasible alternative
  • First you avoid the complications that arise from flight
    • Though I think he underestimates the remaining challenges for a terrestrial robot
      • To navigate a change and complex urban landscape
  • On the benefit site, though, he poses that such bots be deployed with in similar quantities
    • To its natural counterpart that in some locales mean one would be within 3 meters of any person
  • He even indulges in a bit more wild speculation on alternative power sources
    • Such as microbial fuel cells which have been researched with modest success
  • In city environs, he explains, this need not mean that the network provider ratbots
    • Be actual carnivores preying on other vermin
  • Rather he thinks that dumpsters, especially near where city dwelling file sharers may congregate anyway
    • Could provide plenty of material to power such systems and keep this army of automated pest going
  • If you take out the mobile robotic element, it isn't too far fetched, either
    • As all you are really talking about is an urban mesh network
  • Many such already exist, often assembled by groups of volunteers
  • One of the challenges to deploying such networks is mapping out neighborhoods for optimal coverage
  • Making the actively participating nodes mobile, even if only modestly so
    • Could be coupled with some simple routines for finding power
    • And optimizing signal strength to nearest neighbors
  • I suspect Charlies is at least half joking with his suggestion, too
    • But as another commentator defending the drone idea contended
      • A lot of hacker projects start out merely as jokes, as wild bits of rhetoric
  • As computing power continues to get smaller and cheaper, as the Raspberry Pi demonstrates
    • More seemingly silly ideas will become low cost enough to try
      • Regardless of whether they actually have much chance on paper of being successful
  • The cost of making an attempt would literally be less than proving it can't be done

(00:30:03.224) Following Up

(00:30:20.935) Open 3DP is open again

  • http://www.shapeways.com/blog/archives/1253-Open-3DP-is-Open-Again.html
  • The blog at Shapeways, the 3D print on demand service, had the good news
    • That the academic project, Open 3DP at UW is once again able to share its work
  • I have mostly blogged about this project as opposed to discussing on the podcast
  • I had the great pleasure of meeting Mark Ganter, one of the people involved, last year
  • He is more of an artist than a techie but also exhibited
    • What I'd characterize as a string activist streak
  • We talked mostly about the remaining patent-based constraints on homebrew 3D printing
    • In particular around powder bed printers
  • Open 3DP has been pioneering a lot of materials and technique here, despite those barriers
    • Including demonstrating the ability to print in wood, concrete, glass and tea
  • Since October of last year, UW had required that any potential collaborators
    • Enter into a cumbersome and non-open contracting arrangement
  • Now, apparently due to the patience of Mark and his colleagues
    • And to the credit of UW, that policy has been reverted
      • Allowing the project to share their work under CC licenses again

(00:31:46.364) Judge chooses Pi Day to reject lawsuit over attempt to copyright Pi as a song

  • http://www.techdirt.com/articles/20120316/14275618144/judge-chooses-pi-day-to-reject-lawsuit-over-attempt-to-copyright-pi-as-song.shtml
  • Mike Masnick at Techdirt had the good news that the case from one musician
    • Who used Pi as an inspiration for a composition against another
      • Who released a video of his efforts on Pi Day last year
      • Has successfully been dismissed
  • Appropriately enough, the dismissal also came on Pi Day
  • Mike has tons of details if you are unfamiliar with the original story
  • He also includes a copy of the ruling and teases out some of the important bits
  • Overall it is a good win for preserving the idea-expression dichotomy
    • A legal notion in copyright law that is supposed to protect original expressions
      • Even if the idea on which they are based is not original
  • The judge also weighed in on the standard of substantial similarity
    • Another concept that is supposed to protect works on the assumption
      • That usually they tend to diverge, unlike inventions which often are independently re-created
  • All in all this is one case that has gone the way most such cases should
  • It is a counterpoint to the trend of rulings on such claims
    • To be read as broadly as possible, usually in the favor of some established artist
      • And at the expense of a potential competitor and innovator
  • Honestly, I genuinely wish such a ruling wasn't so newsworthy
    • But the fact that it is calls attention to how distorted copyright has become

(00:33:37.246) Outro

Personal tools