I used to be somewhat interested by stats on passwords, etc. from breach data dumps.
haveibeenpwned is a helpful and legit site, though I think it should have used email confirmation instead of requiring only an email address.
I also respect Troy along with many other security researchers. Even those that are up to no good in the security world in some ways have contributed good things; after all, the rest of us are stronger and more vigilant now than we used to be because of their work.
However, this anonymized data will almost certainly be used by black hats more than white hats, and I don't see how this release is good for the majority of those that were affected by these breaches.
Which in and of itself is silly. The raw dumps are already available to everyone, blackhats included. Personally I'm tempted to make a site that just lists it by domain and stuff. I found several people at my company with Ashley Madison accounts using a quick grep.
Casually looking up your peers is exactly what you should be doing in my opinion. But I'm not a good person and I'd rather see details like that plastered everywhere. Be an idiot, get what you deserve.
I have a 2004 Gmail account which people like to use as a fake email address when signing up to things. So my address is in the Ashley Madison leak. This is not something I'm comfortable with people knowing without context, so even if it was a policy of "play stupid games, win stupid prizes" I'd get harmed.
I'm with you that haveibeenpwned should require email confirmation before listing the breaches an email address was in. As it is, it has become an easy to use dictionary of places to find personal data for any given email address. Yes it doesn't list the breaches that Troy has deemed "sensitive", but if you're trying to commit identity theft or fraud using personal data, it doesn't really matter if these search results don't include websites that deal with porn/adultery/children.
Doubtless there are black market tools that provide such a service but expose far more data, but haveibeenpwned lowers the barrier to entry significantly by being far more available to the public.
* Your kids may grow up to act like you, so act in a way that you want your children to emulate.
* Talk to them in a way and have expecations of them that are developmentally appropriate. Use your wisdom and conscience to determine how to do this.
* Expect your children to have certain responsibilties and behave in a certain way, to start working for the familiy or for others when they become old enough (possibly to make their own money), volunteer to help others, and respect their parents, family, others, and themselves.
Beyond that, it just depends on the situation.
I've seen some bad parenting, though. It usually involves anger, psychosis, manipulation, spoiling, irrationally defending their child, drug use, etc. If you or your child is the common thread in problems, it's probable that you or your child are at fault. If you can't handle things, get outside help. And if your kid is exhibiting bad or dangerous behavior to themselves or others, get help.
However, when it comes to speed, working with primitive types has gotta be faster if supported natively, so anything else anytime soon will play second fiddle.
> Businesses complaining about greedy Americans being overly litigious may want to look in a mirror.
Sure, but it goes both ways.
On one hand, companies are overly litigious for reasons described in the post. I've been frustrated at least once that I couldn't be part of a class action suit because there wasn't a recall for a design flaw costing me thousands; I knew however that a class action suit probably would've resulting in a small check at most.
On the other hand, there are law firms that advertise on television to get people to claim malpractice, etc. and "get money." And there are patent trolls that are purely exploiting.
I think it's fair to say there is a lot that could be done for reform.
> "This 4/6 MAC issue was well documented in BCP128 back in 2007. The control-word drafts mentioned that there would be dragons related to 4 and 6 back in 2004."
This reminds me a little of what Mr. Prosser said to Arthur Dent in the Hitchhiker's Guide to the Galaxy about the demolition notice for Arthur's house: "It was on display at the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying beware of the leopard."
You can't make the assumption that engineers will be able to keep all of this in their heads. The IEEE is not going to review every document and put together a compendium of bear traps awaiting them in the future, and they aren't going to review every historic document before every decision, either.
If the few that knew what would happen made an incorrect assumption of prior knowledge, then they dropped the ball in reminding those that needed to know.
Since nobody remembered, they should have just been informed of the mistake and a possible solution or assistance provided.
It's ok to try tackling a big problem, as long as you know when pause for a while and come back to it later.
What if Ramanujan had been told by Hardy to stay home and stop working on big things that he hadn't had sufficient experience in? While there will ever only be one Ramanujan, he wouldn't have developed into what he did had he restricted himself. He made a lot of mistakes, and that didn't kill his career nor did it stop him from producing many great works.
Similarly, Bezos obsessed about a simple online bookstore website. Jobs obsessed over details for a small number of devices. Torvalds obsessed over an operating system he wrote. DHH obsessed over a web application framework open source project for his company. If you obsess over something, it has a much better chance for success.
If you believe in it, and you see a path to it, don't give up.
Ramanujan produced a constant stream of results and wasn't at all obsessed with one big problem to solve.
Terrance Tao is talking about the "hide in the attic for 10 years working on one problem" attitude. And this he warns against.
As for business development, I'm pretty sure Jobs/Bezos etc actually produced something in fairly short order, ie. the MVP came out quickly. This approach of release early, release often seems to be exactly what Tao would endorse.
Yes, Ramanujan just floated around dealing with whatever number theories inspired him, sometimes in a nearly mystical way so he's not a good example.
Andrew Wiles is a better example, since he hit in plain sight working on Fermat's Last Theorem.
"He dedicated all of his research time to this problem for over six years in near-total secrecy, covering up his efforts by releasing prior work in small segments as separate papers and confiding only in his wife."
Exactly. He proves the author's very well. Wiles was tenured, had published in the field already, and made sure that he could continue publishing while working on the Big Problem.
Tenured at Princeton, had already solved some fairly big problems in the field, and it helped that FLT had recently been "reduced" to proving a conjecture about elliptic curves which were already very much in Wiles's wheelhouse.
Not to take away from his achievement, but I think it is not stressed enough how much the proof depends on work from previous decades that a priori had nothing to do with Fermat.
Note that with Andrew Wiles all the secrecy and seclusion almost exploded on his face. When he first came public with the Fermat proof someone found a flaw in it within 2 months.
It took another 2 years (he was ready to give up by then) to finally come up with a "fix" for the flaw that had been found.
So in the end he was only successful after exposing it to the public for scrutiny and breaking down the problem into something smaller.
Sure but if Wiles hadn't been secret, he'd be making progress reports all along and plausibly the person who made the fix would be the one who credited with the proof.
It's kind of shame that the quest for credit works this way, secrecy has all sorts of costs but in this instance it clearly had benefits too.
Context is important here I think. This is part of a series of posts containing career advice for mathematicians at various stages ([1]), and not life advice in general. So I don't believe Tao was addressing cases like Torvalds etc.
This post appears in the "Graduate level" section. At this point many open problems become accessible, while at the same time many grad students (emerging from being a big fish in a little pond) are looking to make a name for themselves. So a common trap is for people at this point to obsess over famous problems, to the exclusion of tackling less exciting but more tractable problems, and Tao is warning against this.
I completely agree. Digging deep in the weeds and pulling yourself out over an over again is how most impactful problems get solved. It's time consuming and the truest test of patience. It's very fulfilling to live this way, even if it seems like world is moving at a much faster pace
Or one of the numerous chemistry sets available- preferably something with a lot of chemicals that are unsafe. I personally almost killed myself mixing things when I was an adolescent.
If kids aren't interested in chemistry, it's that the teacher/cirriculum/resources available to the students is just piss poor... and unfortunately that is the norm. It's so easy to keep kids engaged if you continue doing experiments that astound.
> Explosions and threats of explosions bring many kids (middle/high school/freshmen) into it.
That was exactly why I was a chemistry nerd in high school and almost made a career out of it. Veered off in a different direction ultimately, but I still have what are to me fond memories (not so fond for everyone else around me subjected to "side effects" from the "experiments").
Still not clear how I avoided getting thrown in prison for all the crazy stuff. I'd be terrified if my kids attempted the same things.
I've loved and used Emacs for ~20 years, but if Emacs were to become slow, then if I were to have a replacement editor that could do the following (w/no X or window manager) without additional config in Linux, I'd use it instead:
arrow keys to move
add and delete text anywhere
paste from terminal buffer
ctrl-s -> search (and continue to find next match)
ctrl-v -> down
ctrl-esc -> up
ctrl-k -> kill line
ctrl-x ctrl-s -> save
ctrl-x ctrl-c -> quit
ctrl-a -> goto beginning of line
ctrl-e -> goto end of line
I don't even use selection anymore, because I can just use the terminal window copy/paste.
CTRL-S: Save
CTRL-Q: Quit
CTRL-F: Find string in file (ESC to exit search, arrows to navigate)
It's available in a lot of well-used distros: https://pkgs.org/search/kilo but doesn't look like it's in Arch, etc.
Kilua looks cool also as it has more similar keybindings to Emacs[2]:
Ctrl-x Ctrl-o Open a new file in the current buffer.
Ctrl-x Ctrl-s Save the current file.
Ctrl-x Ctrl-c Quit.
Ctrl-x c Create a new buffer
Ctrl-x n Move to the next buffer.
Ctrl-x p Move to the previous buffer.
Ctrl-x b Select buffer from a list
M-x Evaluate lua at the prompt.
Ctrl-r: Regular expression search.
but the goal would be to have that available in a package manager in a default install, so that after logging into any server where I'm a sudoer, I could:
Personally, I don't plan to discuss politics any more or less than when this topic was posted, so I guess I'm not part of the experiment.