And the next step after this epiphany is that you still have to remember to take the phone with you places, not to leave it behind, and worry about it getting dropped in the toilet by a toddler. Not caring this tool still has a lot of benefits.
Do you happen to have a link to the proposal I can see and share with a class? I'm teaching a few lectures about some "weird" stuff this semester, and this would be a great example.
Then computer security. Unlike the internet or jet engines, these have not panned out as foundational research (except perhaps for some of HIV)
In what word is computer security not a foundational topic? There's lots of reasons to critique the way NSF/NIH/DOD/etc allocate funding, but this is definitely not one of them.
These exercises are writing mathematical proofs that basic machine learning algorithms behave correctly. They are "pen and paper" not because you are manually solving a large equation that a machine would normally solve, but because we don't have automated theorem provers capable of proving interesting machine learning theorems. I would expect a typical 1st year grad student to be using a resource like this.
If you don't understand the purpose of proofs, then this resource is not aimed at you.
I believe you are incorrect. According to wikipedia:
> The Lindy effect is a theorized phenomenon by which the future life expectancy of some non-perishable things, like a technology or an idea, is proportional to their current age.
This implies that things that have been around for a short period of time do in fact have a short expected lifespan. You're correct that "A implies B does not mean B implies A as well", but that assumption is not needed.
My work brings me into regular contact with DPRK IT professionals, for example by [teaching open source sotware](https://izbicki.me/blog/teaching-open-source-in-north-korea....) or [teaching proper web design](https://izbicki.me/blog/fixing-north-korea-kcna-webpage.html). I make a lot of effort to respect sanctions, but documents like this are incredibly unhelpful. I've read through the document, and it seems completely devoid of actionable, DPRK-specific information that can help IT professionals avoid sanctions violations. For example, the document encourages websites to monitor for the following activity as "indications of DPRK IT workers who may be using their platforms":
• Multiple logins into one account from various IP addresses in a relatively short period of time,
especially if the IP addresses are associated with different countries;
• Developers are logging into multiple accounts on the same platform from one IP address;
• Developers are logged into their accounts continuously for one or more days at a time;
• Router port or other technical configurations associated with use of remote desktop sharing
software, such as port 3389 in the router used to access the account, particularly if usage of
remote desktop sharing software is not standard company practice;
• Developer accounts use a fraudulent client account to increase developer account ratings, but
both the client and developer accounts use the same PayPal account to transfer/withdraw
money (paying themselves with their own money);
• Frequent use of document templates for things such as bidding documents and project
communication methods, especially the same templates being used across different developer
accounts;
• Multiple developer accounts receiving high ratings from one client account in a short period,
with similar or identical documentation used to establish the developer accounts and/or the
client account;
• Extensive bidding on projects, and a low number of accepted project bids compared to the
number of projects bids on by a developer; and
• Frequent transfers of money through payment platforms, especially to PRC-based bank
accounts, and sometimes routed through one or more companies to disguise the ultimate
destination of the funds.
This list is so generic that I'm not sure what the point of it is. I think it would make sense to ban some of these practices from a general security perspective. But these practices would give way too many false positives if you were trying to use them to identify DPRK developers.
I'm honestly really confused about who the target audience is for publications like this. It can't be actual IT professionals due to the lack of actionable information. Is it journalists? Do we publish these things just to remind them that we don't like the DPRK?
The simplest first thing that U.S. companies should do is implement E-Verify and require that all subcontractors do the same. This publication does not even mention E-Verify.
That would only help you if they claim to be US-based in the first place. They do mention background checks, there are some companies offering those internationally.
I tried to help a family member set up E-Verify for her small manufacturing company in 2019, and the government would not approve her business for E-Verify, even though they had been established for 50 years and had almost 200 employees on the payroll.
They ran just about everything in-house (including payroll) and because they didn't use a PEO, the government didn't want to deal with them, and they had to get someone in Congress to intervene on their behalf before getting the approval.
I have implemented it for two businesses, a software consultancy with 32 employees at the time and a tugboat company with 50 employees at the time. It was tedious, but we had no real obstacles.
Why would an employer get to see my social security card? Not just the number, which is a "fuck the law" thing by this point, but the actual card? Might as well ask the dimensions of my intestines.
[Flashback May 19 23:19: someone did once check out my organs that way! A brain scan I only found out about because I was asked to participate in a class action suit against Aetna for not paying! Thanks for not paying, Aetna! You know I didn't sign on to that suit against you, that's why I didn't! Otherwise it would have been like picking up money off the street, which I have done, and it was easy, but I didn't see it that way because of the immorality of suing you! They were committing malpractice to harm me, spying on me with a brain scan! I sincerely thank you for not covering that claim, only thing that limited my time in the torture ward. I would be in there to this day if you paid and kept paying those fraudulent claims.]
Federal agencies regularly and deliberately issue vague guidance. It's designed to scare the maximum number of people from doing anything for fear that whatever they're doing will be construed as illegal. It would be less effective if they actually articulated in a specific actionable manner. Arbitrary and capricious is the name of the game.
It does not take much to run afoul of sanctions on a country that has total embargo status. Even normally legal counsel advice may be prohibited to US persons to provide ( sorry for odd syntax ). In other words, OP does not have to deal with anything beyond normal IT work and still could be restricted on what information he can provide.
Not to search too far, although that is a more exotic example, recently crypto guy got smacked for providing crypto speech ( classified as technical advice ) to DPRK(1).
Do you have an example where the defendant didn't specifically and purposefully provide guidance on how to use tech to circumvent sanctions? It's not like he was generically talking about crypto.
You may as well argue that the government should be subsidizing new Marvel movies
The US government actually does subsidize Marvel movies pretty heavily by giving them free/extremely cheap access to military equipment and personnel. Peace movements pretty heavily criticize these movies for this reason. See for example: https://www.cbr.com/captain-marvel-mcu-military-relationship...
That seems quite a bit different, it's a marketing/PR move that probably doesn't actually cost the government very much. Not sure I'm for that kind of thing, but it's pretty radically different from a single city spending a hundreds of millions on a stadium that they'll see little benefit from.
Marketing is a good framing here. It prompts questions like: How strong is the relationship between Fenway Park and the way that the city of Boston markets itself as a place to continue to live/work/play and pay tax revenue?
Fenway Park is actually a bit of an outlier. Wrigley Field also counts. Both of these stadiums are in dense urban neighborhoods and not surrounded exclusively by acres of surface parking lots.
Publicly financing a stadium in that setting might actually be a net positive (plenty of other factors) because all of the spectators are walking through the neighborhood with all the shops, restaurants and bars just to get to the stadium.
Baseball teams play 81 games per year in their stadium. American football teams play 8. That is also a huge difference. There are many stadiums that host both hockey and basketball and thus have 60-70 games per year - plus concerts and other events on top of that. Utilization matters! I don't know if they do anything in winter at Fenway Park, but at Wrigley Field there is a neighborhood ice rink in the winter time. The skate rental/lockers/bathrooms, warming station, concessions, and even Zamboni storage are all inside the stadium. Here's some rambling video showing what "hanging out at the stadium" looks like even when no sport is happening:
https://youtu.be/-pgnR7FqkDo
Ooohh I think you’re on to something with utilization. From what I can tell in London, Arsenal stadium also has pretty high utilization. High utilization means that the “market” of people seeking food & urban amenities is higher.
If cities were getting huge economic benefits from their subsidies to pro sports teams, I probably wouldn't be complaining. It's the fact that they get little to no benefit from enormous investments that make the subsidies here dumb.
Seems like the crux of the argument here is in who gets to decide what's a smart municipal investment. I agree with you that sports is a dumb investment.
Thats not a subsidy, it's advertising. The best way to make a highly
incompetent and ineffective organization (like the military) look good
is by imagining it is good.
The studies on cities spending big on stadiums have been clear that the economic benefits are marginal at best, while the spending is big.
I dunno how big the benefits for the military are here, but they're probably not spending very much on letting movie makers borrow uniforms or use shots of F-35's in the background or whatever.
Isn't the whole purpose of this style of writing to define terms like "top level control group" and "CAP_SYS_ADMIN" for those people who don't already understand what they mean?
Developers in the UK are used to UTC being the same as the UK's winter timezone, and so it's a bit confusing that time 0 is not midnight but 1AM on 1 Jan 1970, due to the short-lived British Standard Time.
Well, that's just the payback for making NULL interchangeable with 0. Where map data is concerned, there's always a bunch of random objects reported to be floating in the Gulf of Guinea. (Specifically, at [0,0])
This is a common thing in embedded where 1ms ticks mean overflows every few weeks. Makes me wonder if a more resilient system would have such frequent overflows to force people to come to grips with them.
That's the big problem with leap seconds IME. Every time one happens we find that the fixes for the bugs that happened last time have been undone during the intervening period.
You can find a reasonably extensive set of passages from the pre-400AD famous Christians about how the genesis story is supposed to be interpreted allegorically and not literally on wikipedia: https://en.wikipedia.org/wiki/Allegorical_interpretations_of...
Of course, they would not consider the allegory an "error" in the same way that modern fundamentalists would.
It is not a fringe belief/conspiracy theory that biblical literalism is a relatively new Christian tradition, but rather well accepted fact among religious historians.
