Addition/subtraction are also much simpler/cheaper than they would be in an entirely logarithmic model. If floats were just 2^x with some 64 bit fixed point x, it's not clear to me how to do addition efficiently.
The "200 basis point spread" comes from the difference between the very low or non-existent interest paid on the cash in brokerage accounts and the rates the brokerage can earn by lending that money out basically risk-free. If you keep 10% of your assets in cash, a 200 bp interest spread becomes effectively a 20 bp management fee on your assets.
The problem being solved essentially is: you have two binary strings, and you want to offset one of them so that they match up the best. For each offset, you're taking a dot product of one sequence with the offset version of the other. This is the same as computing the convolution of the two sequences together (https://en.wikipedia.org/wiki/Convolution). Computing this naively would be O(n^2) (doing linear work for each possible offset).
One property of the Fourier transform is that convolution in the time domain corresponds to element-wise multiplication in the frequency domain (https://en.wikipedia.org/wiki/Convolution_theorem), so you can compute the convolution efficiently by taking the FFT of both series, doing element-wise multiplication, and then taking the inverse FFT of the result.
In general, xz beats zstd in compression ratio, as xz is very committed to providing the strongest compression, at the expense of speed, while zstd provides a range of compression ratio vs speed tradeoffs [0]. At the lower levels, zstd isn't approaching xz's compression level, but it's doing it much much faster. Additionally, zstd generally massively outperforms xz in decompression speed
$ time xz linux-4.14-rc6.tar
real 4m26.009s
user 4m24.828s
sys 0m0.724s
$ wc -c linux-4.14-rc6.tar.xz
103705148 linux-4.14-rc6.tar.xz
$ time zstd --ultra -20 linux-4.14-rc6.tar
linux-4.14-rc6.tar : 12.81% (824350720 => 105564246 bytes, linux-4.14-rc6.tar.zst)
real 4m34.129s
user 4m33.484s
sys 0m0.432s
$ time cat linux-4.14-rc6.tar.xz | xz -d > out1
real 0m9.677s
user 0m6.608s
sys 0m0.704s
$ time cat linux-4.14-rc6.tar.zst | zstd -d > out2
real 0m1.702s
user 0m1.220s
sys 0m0.520s
Well sure, but from an asymptotic approach both unsorted and sorted are "linear", so asymptotics don't necessarily provide enough information to answer GP's question.
Even more fun. He said he applied for a visa, to use on his Russian passports. Canadian citizens are ineligible to get visas, as they are not needed. So just by him getting a visa indicates the Canadian government views him as not Canadian.
Had the same thing with my kids. Born to me (Canadian). So instant citizenship. But to travel I've got to get their Canadian passports, which requires other docs, including the passport from their other country of citizenship. I asked if I already had that other passport, could she apply for a visa? Nope, she's a Canadian citizen, even if there is no documentation other than a birth certificate with a (naturally born) Canadian parent on it. They had quite a look of enjoyment as they explained I'd have to do double the work for zero benefit.
So do the children of "actual" Canadians who betrayed their true country and turned to work for foreign, non-Canadian governments have their citizenship annulled? The children of the Canadian counterparts to Ames and Hansson? (I'm sure there have been some)
Or have about those Canadians who work legitimately for foreign embassies? Canada clearly has those [1]. I assume their kids don't have their citizenship retracted.
My guess that this is meant as some sort of punitive action against the parents, but it seems wrong to punish the children. Even assuming the kids knew, as the article pointed out, what's a 16-year old who finds out his parents are foreign spies supposed to do? Call the FBI? I can see children in a totalitarian country reacting that way out of fear or an excess of patriotism, but have we really reached that point here in the West?
Children of Canadian citizens acquire citizenship by blood. The "employees of foreign governments" clause only applies if the parents are neither citizens nor permanent residents.
I'm not sure about the US but in Canada it's certainly not true that everyone has data plans (in fact as far as I can tell unless you have a company sponsored phone, data plans are in the minority), and SMS remains a cheap communication method that is more or less guaranteed to work.
I live in Canada, and I don't know anyone who lives here that doesn't have a data plan of some kind, although I'm sure they definitely do exist and there are definitely people without a ton of data.
Really? I don't know many university students that don't have the latest smartphone(or at least a fairly recent one) which usually implies they have a data plan of some kind since most of them don't have $800+ to pay outright.
But to be fair at my university there are also a lot of students that drive brand new or fairly new cars too and I've parked beside too many Porsches the student parking lot.
Unless, as the article points out, the attacker has your private SSL key (perhaps leaked via Heartbleed).
Without cert pinning here's also the problem of the attacker convincing some browser-trusted CA to issue an SSL cert for addons.mozilla.org, then MITMing you with that.
(And with 600+ trusted roots, many of which are owned by various governments, against state level attackers an ssl connection's claim of authenticity has to be considered very close to worthless...)
(In retrospect, it's such an obvious thing for them to do - I don't know why I didn't assume it was likely enough to be implemented and check before I posted that...)
Its possible to MITM an HTTPS connection, trick you into thinking it is secure by providing a green lock favicon, and intercepting or sniffing everything you do over that connection. And it will work on nearly every website in existance.
More people should be aware of SSL Strip and how to protect yourself against it.
I perform HTTPS interception on all out-bound traffic on my network and I don't recall making an exception for AMO, and I have a number of add-ons installed. Though, it wouldn't be the first time I've forgotten about something like that.
So with the system of mirrors that is in place with distributing some open source software (e.g. debian, ubuntu, etc.) this is less true. A local mirror could selectively serve bad packages (and serve the correct packages to the verification bots).
Debian has a pretty nice mirroring system. Not only are all packages signed, but the Release file (which includes checksums of package lists) is also signed, preventing a mirror from omitting packages. For repositories which receive security updates (say, wheezy-updates), the index is valid for only few days in the future, which helps to prevent mirrors from withholding security updates [1].
If a mirror isn't updated, the user is eventually warned during updates:
It mostly negates the need for https mirrors for authenticity, although many still offer it. To my knowledge, most projects with mirror networks operate similar to this.
Actually, there's no requirement that .deb packages are signed. The system still provides a strong guarantee, because the releases file contains a list of checksums for each package, so it's impossible to tamper with the package, even though it's unsigned. However, if you manually download the package, all bets are off.
This looks cool really cool! I like the site, however it can be hard to read the text with the flashy background. Perhaps have the flashy background scroll up with the first "panel"?
On the crypto side of things, are there any plans to create native clients? While I don't doubt that you guys are trustworthy, it would be nice if I didn't have to trust that the javascript I was being served didn't change between visits.
All in all it looks good, albeit with some trust issues...
Still playing around with the site, I'll set aside some time to dig into readability issues (I was noticing the same effect at certain parts of the video).
