Monday, November 21, 2016
Another Slashdot memory: Ah, the brick-and-mortar analogies...
So, I remembered another funny Slashdot exchange (again, no link).
Story: Some online retailer got in trouble for filtering their "customer reviews" so that only the positive remarks (about listed products) stayed and everything else was deleted.
A: "Wow, that's pretty scummy. They don't have the right to just clip out negative reviews."
B: "Don't they? I mean, it's their site; they have the right to set whatever editorial standards they want."
C: "Sure, but there's still an issue of consumer fraud and deception. For a brick-and-mortar analogy, imagine that Barnes and Noble started hosing 'book discussion nights' at their stores and promoted it as such. But you quickly notice that whenever someone says something negative about a book sold by B&N -- and only those books -- that person gets a tap on the shoulder from security, pulled aside, and asked to leave.
"In that case, it would indeed be correct to say they can expel whoever they want, but it's still fundamentally fraudulent to represent that event as being for 'book discussion' rather than 'book promotion'."
In other news, I finally found one of the ones that I thought I couldn't! The Armadillo rocket failure mentioned in this post was actually this conversation. The actual (but truncated) exchange went like this (note the links to original comments):
A: "And to think, they want us all to ride in these things commercially...."
B: "John and his team have an excellent track record thus far, and have continued to make safety a main issue. I'm sure that this experience will teach them even more, helping to make the next flight even safer."
C: "You mean even safer than a huge orange fireball?
"I don't know, that's a pretty high bar."
Saturday, February 27, 2016
Some of my geeky tech jokes -- with explanations!
I know the line: explaining a joke is like dissecting a frog; you understand it better, but it dies. Still, not everyone will get these, and I figure I might as well have a place where you at least get a chance. So here are some of my own creations, explained.
Girl, you make me feel like a fraudulent prover in a stochastic interactive zero-knowledge proof protocol ... because I really wish I had access to your random private bits!
Explanation: In a stochastic zero-knowledge proof protocol, there is a prover and a verifier, where the former wants to convince the latter of something. But for proof to work, the verifier must give the prover unpredictable challenges. Think of it like a quiz in school -- it's not much of a quiz if you know the exact questions that will be on it.
The information to predict the challenges is known as the verifier's private random bits Those with a legit proof don't need this, but a fraudulent prover does. Thus, a fraudulent prover in a stochastic interactive zero-knolwedge proof protocol wants access to the verifier's "random private bits".
A historian, a geologist, and a cryptographer are searching for buried treasure. The historian brings expertise on practices used by treasure hiders, the geologist brings expertise on ideal digging places, and the cryptographer brings expertise on hidden messages.
Shortly after they start working together, the cryptographer announces, "I've found it!!"
The others are delighted: 'Where is it?'
The cryptographer says, "It's underground."
'Okay, but where underground?'
"It's somewhere underground!"
'But where specifically?'
"I don't know, but I know it's underground!"
'Slow down there. If all you know is that it's underground, then in what sense did you "find" anything? We're scarcely better off than when we started!'
"Give me a break! I just gave you an efficiently-computable distinguishing attack that separates the location of the treasure from the output of a random oracle. What more could you want?"
Explanation: In cryptography, an encryption scheme is considered broken if an attacker can find some pattern to the encrypted message -- i.e. they can identify telltale signs that it wasn't generated by a perfect random number generator, a "random oracle". Such a flaw would be called a "distinguishing attack". So in the cryptography world, they don't care if the attack actually allows you to decrypt the message; they stop as soon as they find non-randomness to the encrypted data. Applied to a treasure hunt, this means they would give up as soon as they conclude that the treasure location is non-random, which the cryptographer here things s/he's done simply by concluding that it's "underground".
So, 16-year-old Johnnie walked into an Amazon Web Services-run bar...
"Welcome," said the bartender. "What are you drinking?"
Johnnie replied, 'What've you got?'
"Well, we have a selection of wines and the beers you see right here on tap. But if you prefer, we also have club soda and some juices."
Johnnie thought, Wait a second. Why is he telling me about the wines and beers? Does he even realize ... ?
'Okay, I'll take the Guinness.'
"Bottle or draft?"
'Draft.'
"Alright, and how will you be paying?"
Johnnie only had large bills from his summer job and gave the bartender a C-note.
"Sorry, but I gotta check to make sure this is real." The bartender took out a pen and marked it, then counted out the change. Johnnie reached for the beer.
"Hold on a second! Make sure to use a coaster!" The bartender slipped one under the glass. "Okay, now enjoy!"
Johnnie lifted up the glass to drink. Before he was able to sip, the bartender swatted it out of his hand.
"WHAT ARE YOU THINKING!?! Don't you know 16-year-olds can't drink!"
Explanation: On the AWS site, they will gladly let you click on the "Launch server" button and go through numerous screens and last-minute checks to configure it, and only at the very last stage does it say, "oops, turns out you don't have permission to do that" -- so it's like a bartender that takes you through a entire transaction, even verifying irrelevant things (like whether the money is real), while knowing the whole time he can't sell to you.
How is a Mongo replica set like an Iowa voter?
In primary elections, they only vote for candidates they think are electable!
Explanation: Databases can have "replica sets" where there are multiple servers that try to have the same data; secondary servers depend on an agreed-upon "primary" to be the "real" source of data. Often times, the primary server goes down, so they have to decide on a new primary, known as a "primary election". But there are some restrictions on who they will vote for -- if they e.g. have reason to believe that a server can't be seen by other members, and in those cases it will regard that server as unelectable. So you can get funny messages about "server42 won't vote for server45 in primary election because it doesn't think it's electable".
Girl, you make me feel like a fraudulent prover in a stochastic interactive zero-knowledge proof protocol ... because I really wish I had access to your random private bits!
Explanation: In a stochastic zero-knowledge proof protocol, there is a prover and a verifier, where the former wants to convince the latter of something. But for proof to work, the verifier must give the prover unpredictable challenges. Think of it like a quiz in school -- it's not much of a quiz if you know the exact questions that will be on it.
The information to predict the challenges is known as the verifier's private random bits Those with a legit proof don't need this, but a fraudulent prover does. Thus, a fraudulent prover in a stochastic interactive zero-knolwedge proof protocol wants access to the verifier's "random private bits".
A historian, a geologist, and a cryptographer are searching for buried treasure. The historian brings expertise on practices used by treasure hiders, the geologist brings expertise on ideal digging places, and the cryptographer brings expertise on hidden messages.
Shortly after they start working together, the cryptographer announces, "I've found it!!"
The others are delighted: 'Where is it?'
The cryptographer says, "It's underground."
'Okay, but where underground?'
"It's somewhere underground!"
'But where specifically?'
"I don't know, but I know it's underground!"
'Slow down there. If all you know is that it's underground, then in what sense did you "find" anything? We're scarcely better off than when we started!'
"Give me a break! I just gave you an efficiently-computable distinguishing attack that separates the location of the treasure from the output of a random oracle. What more could you want?"
Explanation: In cryptography, an encryption scheme is considered broken if an attacker can find some pattern to the encrypted message -- i.e. they can identify telltale signs that it wasn't generated by a perfect random number generator, a "random oracle". Such a flaw would be called a "distinguishing attack". So in the cryptography world, they don't care if the attack actually allows you to decrypt the message; they stop as soon as they find non-randomness to the encrypted data. Applied to a treasure hunt, this means they would give up as soon as they conclude that the treasure location is non-random, which the cryptographer here things s/he's done simply by concluding that it's "underground".
So, 16-year-old Johnnie walked into an Amazon Web Services-run bar...
"Welcome," said the bartender. "What are you drinking?"
Johnnie replied, 'What've you got?'
"Well, we have a selection of wines and the beers you see right here on tap. But if you prefer, we also have club soda and some juices."
Johnnie thought, Wait a second. Why is he telling me about the wines and beers? Does he even realize ... ?
'Okay, I'll take the Guinness.'
"Bottle or draft?"
'Draft.'
"Alright, and how will you be paying?"
Johnnie only had large bills from his summer job and gave the bartender a C-note.
"Sorry, but I gotta check to make sure this is real." The bartender took out a pen and marked it, then counted out the change. Johnnie reached for the beer.
"Hold on a second! Make sure to use a coaster!" The bartender slipped one under the glass. "Okay, now enjoy!"
Johnnie lifted up the glass to drink. Before he was able to sip, the bartender swatted it out of his hand.
"WHAT ARE YOU THINKING!?! Don't you know 16-year-olds can't drink!"
Explanation: On the AWS site, they will gladly let you click on the "Launch server" button and go through numerous screens and last-minute checks to configure it, and only at the very last stage does it say, "oops, turns out you don't have permission to do that" -- so it's like a bartender that takes you through a entire transaction, even verifying irrelevant things (like whether the money is real), while knowing the whole time he can't sell to you.
How is a Mongo replica set like an Iowa voter?
In primary elections, they only vote for candidates they think are electable!
Explanation: Databases can have "replica sets" where there are multiple servers that try to have the same data; secondary servers depend on an agreed-upon "primary" to be the "real" source of data. Often times, the primary server goes down, so they have to decide on a new primary, known as a "primary election". But there are some restrictions on who they will vote for -- if they e.g. have reason to believe that a server can't be seen by other members, and in those cases it will regard that server as unelectable. So you can get funny messages about "server42 won't vote for server45 in primary election because it doesn't think it's electable".
Labels:
cryptography,
humor,
information theory,
user interface design
Saturday, February 20, 2016
More funny and insightful Slashdot posts I remember
If you liked the last post on this here are some more you might like. This time, I think they're more insightful than funny, but often times, insight is funny!
Also, I thought I'd point out the value of forums: in all of these exchanges, it seems to take three people to get the "aha" moment, not just one or two.
Topic: some new superstrong carbon nanotube material is discovered.
A: So it seems like they're planning to use this stuff for armor. But what about weapons? It seems that anything strong enough to make good armor would also have value as a weapon.
B: That doesn't follow at all! They're completely different use-cases. For example, leather is known to make good armor, but you never see a leather sword!
C: Sure you do -- it's called a "whip" and we dig them up all the time!
Topic: Some dating site is blocked from emailing University of Texas students (at their school email) because of too much spam.
A: Well, their defense is that they're complying with the CAN-SPAM Act, in that they have an unsubscribe link, use their real name, etc., so UT can't just block them wholesale.
B: What? That doesn't matter; that's just the *minimum* requirement for sending such emails. Obviously, any domain owner can impose whatever extra restrictions they want!
C: Yeah, it's like saying, "I have a valid driver's license. I am the legal owner of this vehicle. I have paid the appropriate taxes and registered it. I hold the required liability insurance, and the vehicle is in good working order. I have complied with all applicable traffic laws and operated it in a safe manner. Therefore, I have the right to park on your lawn."
I actually use C's last example when explaining to people the difference between authentication (proving who you are) and authorization (what that identity is allowed to do).
Also, I thought I'd point out the value of forums: in all of these exchanges, it seems to take three people to get the "aha" moment, not just one or two.
Topic: some new superstrong carbon nanotube material is discovered.
A: So it seems like they're planning to use this stuff for armor. But what about weapons? It seems that anything strong enough to make good armor would also have value as a weapon.
B: That doesn't follow at all! They're completely different use-cases. For example, leather is known to make good armor, but you never see a leather sword!
C: Sure you do -- it's called a "whip" and we dig them up all the time!
Topic: Some dating site is blocked from emailing University of Texas students (at their school email) because of too much spam.
A: Well, their defense is that they're complying with the CAN-SPAM Act, in that they have an unsubscribe link, use their real name, etc., so UT can't just block them wholesale.
B: What? That doesn't matter; that's just the *minimum* requirement for sending such emails. Obviously, any domain owner can impose whatever extra restrictions they want!
C: Yeah, it's like saying, "I have a valid driver's license. I am the legal owner of this vehicle. I have paid the appropriate taxes and registered it. I hold the required liability insurance, and the vehicle is in good working order. I have complied with all applicable traffic laws and operated it in a safe manner. Therefore, I have the right to park on your lawn."
I actually use C's last example when explaining to people the difference between authentication (proving who you are) and authorization (what that identity is allowed to do).
If the minimum wage prohibitions are so easily circumvented ...
The recent Talia Jane story just made me realize we have a possible inconsistently in policy. To get you up to speed, Jane took a low-wage job in the San Francisco Bay Area, hoping to work her way up to her passion of being a social media manager for a major company. But because of rental prices, she paid 85% of per post-tax pay just for rent (!), complained about her employer paying so little, and then was fired.
But as for the inconsistency:
Illegal: paying someone below $X/hour.
Legal: paying someone ($X + $Y)/hour (Y positive) to work in a place where their discretionary income would place them in extreme poverty (e.g. 85% of post-tax on rent).
And yes, that's just an (arguably trivial) corollary of "minimum wage (and tax brackets for that matter) is not automatically cost-of-living-adjusted". But if the goal is to stop people from being taken advantage of with low job offers that hold them in poverty, that seems like a pretty big loophole.
And it's not just that -- let's say someone moves farther out to be able to afford to live there. Then they're traveling an extra N hours just to make each shift which should rightly count against their effective hourly wage.
So, food for thought: what are we really trying to optimize for here? What would the law have to look like to not just avoid these loopholes, but "carve reality at the joints" such that it's fundamentally impossible to scalably circumvent such a law?
If you keep raising the minimum wage for a locality, and people keep commuting greater distances to get that income, what have you accomplished?
But as for the inconsistency:
Illegal: paying someone below $X/hour.
Legal: paying someone ($X + $Y)/hour (Y positive) to work in a place where their discretionary income would place them in extreme poverty (e.g. 85% of post-tax on rent).
And yes, that's just an (arguably trivial) corollary of "minimum wage (and tax brackets for that matter) is not automatically cost-of-living-adjusted". But if the goal is to stop people from being taken advantage of with low job offers that hold them in poverty, that seems like a pretty big loophole.
And it's not just that -- let's say someone moves farther out to be able to afford to live there. Then they're traveling an extra N hours just to make each shift which should rightly count against their effective hourly wage.
So, food for thought: what are we really trying to optimize for here? What would the law have to look like to not just avoid these loopholes, but "carve reality at the joints" such that it's fundamentally impossible to scalably circumvent such a law?
If you keep raising the minimum wage for a locality, and people keep commuting greater distances to get that income, what have you accomplished?
Thursday, January 7, 2016
Funny Slashdot exchanges, before they're lost to time
In the time that I was a regular reader of Slashdot, I saw a few exchanges that stayed in my mind. I later went back to find them, but was never able to. So that they're not lost to time, I figured I'd post all the ones I remember. What follows is from memory, and prettied up a bit. (Not trying to plagiarize, if you can find the original post for any of these, let me know.)
Enjoy.
[Story: Armadillo Aerospace has a failed rocket launch.]
A: Well, I think we can close the books on Carmack's little project.
B: Come on, now. Private space travel is still in its infancy. There are growing pains. Not everything works the first time. But what's important, is that we're learning from these events. Armadillo is learning. They'll adapt. And the next voyage will be better and safer!
C: You mean, even safer than a big orange fireball?
A: [long rant] So that's the problem with this ban on incandescent light bulbs.
B: Whoa whoa whoa, slow down. There is no "ban" on incandescent light bulbs. It's just that the government passed new efficiency standards, and incandescents don't meet them.
C: Oh, that's clever! I should try that some time: "See, I'm not breaking up with you! I'm just raising my standards to the point where you no longer qualify."
[Story: a pedophile was caught because he took pictures of his acts and tried to blur out the victims' faces, but police analysts were able to unblur them.]
A: Hah! What an amateur! Everyone knows you have to do a true Gaussian blur to destroy the information content of the picture!
B: Yeah, or entropize it by blacking out the whole face.
C: Right. Or, you know, you could just ... not molest children.
(IIRC, C was heavily voted down and criticized for assuming guilt.)
[Story: police used "big data" analytics techniques and discovered that most robberies occur on paydays near check-cashing places, which allowed them to ramp up arrests.]
A: I don't know, this seems kind of big-brothery...
B: Not at all! This is the kind of police work we should applaud! Working only off publicly available, non-private data, they found real, actionable correlations. It wasn't just some bigoted cop working off his gut: "Oh, this must be where the thugs go ..." No, they based it on real data. What's more, it let them avoid the trap of guessing the wrong paydays, which can actually vary! Some people get paid weekly, some biweekly, some of the 1st and 15th. For example, I get paid on the 7th and 21st.
C: So, uh ... where do you cash your checks, by chance?
Enjoy.
[Story: Armadillo Aerospace has a failed rocket launch.]
A: Well, I think we can close the books on Carmack's little project.
B: Come on, now. Private space travel is still in its infancy. There are growing pains. Not everything works the first time. But what's important, is that we're learning from these events. Armadillo is learning. They'll adapt. And the next voyage will be better and safer!
C: You mean, even safer than a big orange fireball?
A: [long rant] So that's the problem with this ban on incandescent light bulbs.
B: Whoa whoa whoa, slow down. There is no "ban" on incandescent light bulbs. It's just that the government passed new efficiency standards, and incandescents don't meet them.
C: Oh, that's clever! I should try that some time: "See, I'm not breaking up with you! I'm just raising my standards to the point where you no longer qualify."
[Story: a pedophile was caught because he took pictures of his acts and tried to blur out the victims' faces, but police analysts were able to unblur them.]
A: Hah! What an amateur! Everyone knows you have to do a true Gaussian blur to destroy the information content of the picture!
B: Yeah, or entropize it by blacking out the whole face.
C: Right. Or, you know, you could just ... not molest children.
(IIRC, C was heavily voted down and criticized for assuming guilt.)
[Story: police used "big data" analytics techniques and discovered that most robberies occur on paydays near check-cashing places, which allowed them to ramp up arrests.]
A: I don't know, this seems kind of big-brothery...
B: Not at all! This is the kind of police work we should applaud! Working only off publicly available, non-private data, they found real, actionable correlations. It wasn't just some bigoted cop working off his gut: "Oh, this must be where the thugs go ..." No, they based it on real data. What's more, it let them avoid the trap of guessing the wrong paydays, which can actually vary! Some people get paid weekly, some biweekly, some of the 1st and 15th. For example, I get paid on the 7th and 21st.
C: So, uh ... where do you cash your checks, by chance?
Subscribe to:
Posts (Atom)