The should be taught what it means for a DNA test to be 99% accurate or at least it shouldn't be out of order for a lawyer to explain that as is currently the case.
I don't quite understand the point concerning executable downloads and comparing hashes. Yes, comparing a hash found on a file downloaded from mozilla.com and a hash also on mozilla.com is stupid. However comparing a hash on mozilla.com and a download/torrent from an untrusted source seems to be valid and useful. The only attack vector in that case is at mozilla.com and not the download source.
I recall a story about an infected version of qemu (might have happened to other software) for Windows. Basically they hacked the site, replaced the binaries with infected ones AND updated the hashes.
I also recall one or two stories where the binaries were infected but the hashes not updated - this was obviously caught pretty quickly and fixed.
However, I remember a time when Firefox served downloads directly from their mirrors. This case could be good for comparing hashes - but now it looks like they use Amazon's cloudfront.
But yes - for the average guy generating a hash for your releases (where your release and hash comes from the same server) doesn't provide any real benefit.
Running it through VirusTotal is neat, as it'll tell you when it has first seen a file. If the file is old enough and the hash has been seen for a long time then it makes it less likely to be a fake. (Unless you think e.g. Mozilla has been compromised for a long time.)
> I don't quite understand the point concerning executable downloads and comparing hashes.
Downloading a file from Server A and checking the hash delivered by Server A is security theater. In this case, only a digital signature (with a pre-established public key that you already trust) can really stop the server from being compromised (or malicious).
Downloading a file/torrent from Server B and verifying the hash delivered by Server A is a different situation entirely, and that boils down to a trust decision. Do you trust Server A to not be compromised? Do you trust them to not be malicious or in cahoots with Server B? If not, at the very least it's probably a larger attack service than the previous scenario. (Trusting the public key for the digital signature is also a trust decision. Only the details are different.)
Basically: If you're going to do anything at all, verifying hashes from the same source is a waste of CPU and human effort.
They didn't understand why the article says that comparing hashes is "a completely ludicrous waste of time." In some cases, it's not (as you both mentioned).
As some have said above, things get awkward with gray areas. Would reddit be prevented from banning the many unethical but legal subreddits? I will bite that bullet, but many will not.
Turbulence seems to be very weird. This article talks about the birth and death rate of puffs. In a modified version of the Navier-Stokes equation Terrence Tao was able to construct logic gates and use those to create a self replicating eddy.
AIXItl though has the problem of self destruction. It is still modeled as an agent an so it would eventually destroy itself during its dovetailing. The agent model of AI is a bit too dualistic to be correct.
First two points are great, but why then we see this:
"Given the ratings I have, there is a 95% chance that the "real" fraction of positive ratings is at least what?"
What normal person thinks in terms of confidence intervals?
The obvious answer is people want the product with the highest "real" rating. That is the rating the product would get if it had arbitrary many ratings.
To get this you just find the mean of your posterior probability distribution. For just positive and negative reviews thats basically (positive+a)/(total+b) where a and b depend on your prior.
His proposal would mean that a product with zero reviews would be rated below a product with 1 positive review. This may deal with spam and vote manipulation since things with less information are penalized more but that is a separate issue.
What a crappy ruling. Yes the answer they got was right, but they never bothered to rule that sexual orientation is a (partial) suspect class. Now we have to wait for another ruling to get that resolved. Stupid lazy evaluation of courts.
