I'm sceptical as to how scientific this study can be, when as you say "beauty is in the eye of the beholder". A measure of beauty changes over time and from culture to culture. I'm sure, if you selected a different data set of beautiful people you could prove the exact opposite.
I like the idea, however some of the things I want to do aren't on wikihow. So I would like a way to add them without assigning them to an existing wikihow list. Can you add a feature to create a custom list?
Wouldn't it have been far nobler to approach the banks affected by the exploit with these findings rather than publishing schematics for the exploit into the public domain?
Based on their response it wouldn't be effective - they would just try to cover it up.
Plus it's likely it's already being used secretly by those with nefarious purposes, publishing just means the average person knowns about it - it's not likely to change how many actually use it.
No it doesn't? I'm not taking the side of the banks here, just trying to understand why the author took the approach he did. It's a shame that at times the HN community is one of single-mindedness where opposite views are met with immediate down-votes.
"Third, Omar’s thesis does not contain any new information on the No-PIN vulnerability. That was discovered by Steven Murdoch, Saar Drimer and me in 2009, disclosed responsibly to the industry, and published in February this year. It is not expected that an MPhil thesis contain novel scientific work."
Well I think you hit the nail on the head, that the disclosure isn't responsible. I'm all for bringing the flaws in chip-and-pin to the public attention, however I find it distasteful that a leading university publishing the schematics of a device that can be used to commit fraud, receives so much applause for this community.
I get the impression that this has captured the public mood of "sticking it to the bankers", when really Cambridge have gone about this one the wrong way.
My reading of the whole incident is that the exploit was disclosed (responsibly) to the banks 1 year ago and the banks have done nothing to fix the problem. Since then the professor (along with others) published a paper detailing the exploit. Finally the MPhil student cited the previously published paper in his thesis (it would be a crappy thesis to not reference current similar work)
At no point do I get the indication that the MPhil student was acting in a way that was 'irresponsible' - I don't know how you have come to that conclusion.
"Responsible disclosure" is a term with a specific meaning in the field of security, using the term is not equivalent to agreeing with it's implied meaning.
In fact, many would argue that responsible disclosure is anything but, since it has the tendancy tp maximize the amount of time the public is at risk.
All of this is ignoring the fact that this paper wasnt even disclosure at al...
Wouldn't have worked, in the same way that emailing Facebook and others, instead of releasing Firesheep wouldn't have worked (since they haven't fixed it even after Firesheep has been released, it's unlikely they would have paid much attention to a letter or email).
given the letter says that this is a known vulnerability
It seems the author needs to brush up on Bayes' theorem, i.e. before giving a percentage confidence in a given theory, you need to consider the likely hood of the theory not occurring.
#1 Analysts explain it away by saying, for example,
"The market was hoping for even better news than the
good news they got." A simpler explanation is that the
market is being manipulated.
This a false assumption, as I would say it is more likely that the analysts got it wrong. If analysts could predict the stock market with near 100% accuracy, then it wouldn't be a high risk investment option would it?
#2 The lack of bombshells in the Wikileak materials
looks mighty suspicious to me
It is also wrong to assume that because no remarkable secrets have been exposed, that any have been leaked in the first place. This is a statement of pure fantasy based on no logic or facts.
What does the HN community think of having a public ideas website? Sort of like ASK HN: Rate my startup. Users can post their ideas from inception and receive creative input, reassurance that someone would buy that, or no-way don't waste your time building that.
I've seen a few sites like that over the years but they die fairly quickly. This is not to say it's a waste of time, but to point out some basic problems such a site needs to overcome.
One problem is that a general forum is not attractive to specialists (who might have to invest time just to explain why something would be useful in the first place), with the result that suggestions trend towards a blend of trivial and naive. Another is the nagging sense that the more well-specified an idea is, the more likely it is to be be exploited for private gain, and since one can't patent or copyright an idea per se, and building a prototype plus filing an application for a patent is quite expensive, there's not much economic incentive to develop ideas to that point, even if the goal is to make the patent public domain (so as not to allow private monopolies).
Actually, this is precisely what patents are for. You don't need to implement an invention in order to obtain a patent, you just need to describe it in sufficient detail "as to enable any person skilled in the art to which it pertains, or with which it is most nearly connected, to make and use [the invention]" [1]
This is true, though the patent office can require a model (s.114 via the same link), so in practice you'd probably want that on hand. I was just trying to distinguish between the 'cool' basic idea that's not patentable and the expensive detailed recipe that is.
