265 stories
·
1 follower

Quantum computing: Common perovskite superfluoresces at high temperatures

1 Comment
A commonly studied perovskite can superfluoresce at temperatures that are practical to achieve and at timescales long enough to make it potentially useful in quantum computing applications.
Read the whole story
GaryBIshop
3 days ago
reply
Go Pack!
Share this story
Delete

Base Rate

3 Comments and 9 Shares
Sure, you can talk about per-capita adjustment, but if you want to solve the problem, it's obvious that this is the group you need to focus on.
Read the whole story
GaryBIshop
10 days ago
reply
Share this story
Delete
3 public comments
jlvanderzwan
10 days ago
reply
As a lefty I approve
oliverzip
7 days ago
But it's the same!
jlvanderzwan
6 days ago
Shhh, let me have this statistics abuse in my favor for once
JayM
10 days ago
reply
Hahahaha.
Atlanta, GA
alt_text_bot
10 days ago
reply
Sure, you can talk about per-capita adjustment, but if you want to solve the problem, it's obvious that this is the group you need to focus on.

Roller Skating, Wile E. Coyote-Style

1 Comment

They say you learn something new every day, and they’re usually right about that. Today’s tidbit is that just anybody (including [Ian Charnas]) can exchange money for jet engines, no questions asked. Scary, huh? So once [Ian] secured the cutest little engine, he took a poll regarding possible uses for it. Jetpack rollerskating won, that’s obvious enough. So let’s get into those details.

[Ian] procured this particular jet engine from an outfit called CRX Turbines. It tops out at 98,000 RPM and 30 kg (66 lbs.) of thrust. Essentially, he is pulsing the engine’s ECU with PWM from an Adafruit RadioFruit and controlling it with a pair of stripped drills that are just being used for their convenient grips and switches. One is wired as a dead man’s switch, and the other controls the throttle signal.

In order to run the thing and test the thrust a bit before strapping it on his back, [Ian] went about this the smart way and welded together a sliding stand. And he didn’t use just any old Jansport backpack, he welded together a frame and roll cage for the engine and attached it to a full-body harness. There’s also a heat shield to keep his backside from catching fire.

At first he tested the jet pack with shoes instead of skates to make sure it was going to behave as he predicted. Then it was time to bust out the roller skates. [Ian] achieved a top speed of 17 MPH before losing his balance, but he knew it could go faster, so he invited some roller derby skaters to try it out. One of them went over 30 MPH! Be sure to check it out in the build and demo video after the break.

If you’re at all familiar with [Ian]’s videos, you know that he usually raffles off the build and gives the money to charity. Well, not this time! That wouldn’t be prudent. Instead, he’s going to choose the best suggestion for what to attach it to, build it, and raffle that off. Hopefully, he stays away from airports with that thing on his back.

Read the whole story
GaryBIshop
11 days ago
reply
Wow. Great build.
Share this story
Delete

Keep Your Identity Small (2009)

1 Comment
Keep Your Identity Small

February 2009

I finally realized today why politics and religion yield such uniquely useless discussions.

As a rule, any mention of religion on an online forum degenerates into a religious argument. Why? Why does this happen with religion and not with Javascript or baking or other topics people talk about on forums?

What's different about religion is that people don't feel they need to have any particular expertise to have opinions about it. All they need is strongly held beliefs, and anyone can have those. No thread about Javascript will grow as fast as one about religion, because people feel they have to be over some threshold of expertise to post comments about that. But on religion everyone's an expert.

Then it struck me: this is the problem with politics too. Politics, like religion, is a topic where there's no threshold of expertise for expressing an opinion. All you need is strong convictions.

Do religion and politics have something in common that explains this similarity? One possible explanation is that they deal with questions that have no definite answers, so there's no back pressure on people's opinions. Since no one can be proven wrong, every opinion is equally valid, and sensing this, everyone lets fly with theirs.

But this isn't true. There are certainly some political questions that have definite answers, like how much a new government policy will cost. But the more precise political questions suffer the same fate as the vaguer ones.

I think what religion and politics have in common is that they become part of people's identity, and people can never have a fruitful argument about something that's part of their identity. By definition they're partisan.

Which topics engage people's identity depends on the people, not the topic. For example, a discussion about a battle that included citizens of one or more of the countries involved would probably degenerate into a political argument. But a discussion today about a battle that took place in the Bronze Age probably wouldn't. No one would know what side to be on. So it's not politics that's the source of the trouble, but identity. When people say a discussion has degenerated into a religious war, what they really mean is that it has started to be driven mostly by people's identities. [1]

Because the point at which this happens depends on the people rather than the topic, it's a mistake to conclude that because a question tends to provoke religious wars, it must have no answer. For example, the question of the relative merits of programming languages often degenerates into a religious war, because so many programmers identify as X programmers or Y programmers. This sometimes leads people to conclude the question must be unanswerable—that all languages are equally good. Obviously that's false: anything else people make can be well or badly designed; why should this be uniquely impossible for programming languages? And indeed, you can have a fruitful discussion about the relative merits of programming languages, so long as you exclude people who respond from identity.

More generally, you can have a fruitful discussion about a topic only if it doesn't engage the identities of any of the participants. What makes politics and religion such minefields is that they engage so many people's identities. But you could in principle have a useful conversation about them with some people. And there are other topics that might seem harmless, like the relative merits of Ford and Chevy pickup trucks, that you couldn't safely talk about with others.

The most intriguing thing about this theory, if it's right, is that it explains not merely which kinds of discussions to avoid, but how to have better ideas. If people can't think clearly about anything that has become part of their identity, then all other things being equal, the best plan is to let as few things into your identity as possible. [2]

Most people reading this will already be fairly tolerant. But there is a step beyond thinking of yourself as x but tolerating y: not even to consider yourself an x. The more labels you have for yourself, the dumber they make you.

Notes

[1] When that happens, it tends to happen fast, like a core going critical. The threshold for participating goes down to zero, which brings in more people. And they tend to say incendiary things, which draw more and angrier counterarguments.

[2] There may be some things it's a net win to include in your identity. For example, being a scientist. But arguably that is more of a placeholder than an actual label—like putting NMI on a form that asks for your middle initial—because it doesn't commit you to believing anything in particular. A scientist isn't committed to believing in natural selection in the same way a bibilical literalist is committed to rejecting it. All he's committed to is following the evidence wherever it leads.

Considering yourself a scientist is equivalent to putting a sign in a cupboard saying "this cupboard must be kept empty." Yes, strictly speaking, you're putting something in the cupboard, but not in the ordinary sense.

Thanks to Sam Altman, Trevor Blackwell, Paul Buchheit, and Robert Morris for reading drafts of this.

Adblock test (Why?)

Read the whole story
GaryBIshop
18 days ago
reply
The longest email discussion ever at Sun way back in the day was about the color of LEDs on the motherboard!
Share this story
Delete

Using Fake Reviews to Find Dangerous Extensions

1 Comment

Fake, positive reviews have infiltrated nearly every corner of life online these days, confusing consumers while offering an unwelcome advantage to fraudsters and sub-par products everywhere. Happily, identifying and tracking these fake reviewer accounts is often the easiest way to spot scams. Here’s the story of how bogus reviews on a counterfeit Microsoft Authenticator browser extension exposed dozens of other extensions that siphoned personal and financial data.

alt

Comments on the fake Microsoft Authenticator browser extension show the reviews for these applications are either positive or very negative — basically calling it out as a scam. Image: chrome-stats.com.

After hearing from a reader about a phony Microsoft Authenticator extension that appeared on the Google Chrome Store, KrebsOnSecurity began looking at the profile of the account that created it. There were a total of five reviews on the extension before it was removed: Three Google users gave it one star, warning people to stay far away from it; but two of the reviewers awarded it between three and four stars.

“It’s great!,” the Google account Theresa Duncan enthused, improbably. “I’ve only had very occasional issues with it.”

“Very convenient and handing,” assessed Anna Jones, incomprehensibly.

Google’s Chrome Store said the email address tied to the account that published the knockoff Microsoft extension also was responsible for one called “iArtbook Digital Painting.” Before it was removed from the Chrome Store, iArtbook had garnered just 22 users and three reviews. As with the knockoff Microsoft extension, all three reviews were positive, and all were authored by accounts with first and last names, like Megan Vance, Olivia Knox, and Alison Graham.

Google’s Chrome Store doesn’t make it easy to search by reviewer. For that I turned to Hao Nguyen, the developer behind chrome-stats.com, which indexes and makes searchable a broad array of attributes about extensions available from Google.

Looking at the Google accounts that left positive reviews on both the now-defunct Microsoft Authenticator and iArtbook extensions, KrebsOnSecurity noticed that each left positive reviews on a handful of other extensions that have since been removed.

alt

Reviews on the iArtbook extension were all from apparently fake Google accounts that each reviewed two other extensions, one of which was published by the same developer. This same pattern was observed across 45 now-defunct extensions.

Like an ever-expanding venn diagram, a review of the extensions commented on by each new fake reviewer found led to the discovery of even more phony reviewers and extensions. In total, roughly 24 hours worth of digging through chrome-stats.com unearthed more than 100 positive reviews on a network of patently fraudulent extensions.

Those reviews in turn lead to the relatively straightforward identification of:

-39 reviewers who were happy with extensions that spoofed major brands and requested financial data
-45 malicious extensions that collectively had close to 100,000 downloads
-25 developer accounts tied to multiple banned applications

The extensions spoofed a range of consumer brands, including Adobe, Amazon, Facebook, HBO, Microsoft, Roku and Verizon. Scouring the manifests for each of these other extensions in turn revealed that many of the same developers were tied to multiple apps being promoted by the same phony Google accounts.

Some of the fake extensions have only a handful of downloads, but most have hundreds or thousands. A fake Microsoft Teams extension attracted 16,200 downloads in the roughly two months it was available from the Google store. A counterfeit version of CapCut, a professional video editing software suite, claimed nearly 24,000 downloads over a similar time period.

alt

More than 16,000 people downloaded a fake Microsoft Teams browser extension over the roughly two months it was available for download from the Google Chrome store.

Unlike malicious browser extensions that can turn your PC into a botnet or harvest your cookies, none of the extensions examined here request any special permissions from users. Once installed, however, they invariably prompt the user to provide personal and financial data — all the while pretending to be associated with major brand names.

In some cases, the fake reviewers and phony extension developers used in this scheme share names, such as the case with “brook ice,” the Google account that positively reviewed the malicious Adobe and Microsoft Teams extensions. The email address brookice100@gmail.com was used to register the developer account responsible for producing two of the phony extensions examined in this review (PhotoMath and Dollify).

alt

Some of the data that informed this report. The full spreadsheet is available as a link at the end of the story.

As we can see from the spreadsheet snippet above, many of the Google accounts that penned positive reviews on patently bogus extensions left comments on multiple apps on the same day.

Additionally, Google’s account recovery tools indicate many different developer email addresses tied to extensions reviewed here share the same recovery email — suggesting a relatively few number of anonymous users are controlling the entire scheme. When the spreadsheet data shown above is sorted by email address of the extension developer, the grouping of the reviews by date becomes even clearer.

KrebsOnSecurity shared these findings with Google and will update this story in the event they respond. Either way, Google somehow already detected all of these extensions as fraudulent and removed them from its store.

However, there may be a future post here about how long that bad extension identification and removal process has taken over time. Overall, most of these extensions were available for two to three months before being taken down.

As for the “so what?” here? I performed this research mainly because I could, and I thought it was interesting enough to share. Also, I got fascinated with the idea that finding fake applications might be as simple as identifying and following the likely fake reviewers. I’m positive there is more to this network of fraudulent extensions than is documented here.

As this story illustrates, it pays to be judicious about installing extensions. Leaving aside these extensions which are outright fraudulent, so many legitimate extensions get abandoned or sold each year to shady marketers that it’s wise to only trust extensions that are actively maintained (and perhaps have a critical mass of users that would make noise if anything untoward happened with the software).

According to chrome-stats.com, the majority of extensions — more than 100,000 of them — are effectively abandoned by their authors, or haven’t been updated in more than two years. In other words, there a great many developers who are likely to be open to someone else buying up their creation along with their user base.

The data that informed this report is searchable in this Google spreadsheet.

Adblock test (Why?)

Read the whole story
GaryBIshop
26 days ago
reply
Clever analysis.
Share this story
Delete

What’s your API’s “Time To 200”?

1 Comment

M’colleague Charles has introduced me to the most spectacular phrase – “Time To 200”. That’s a measurement of the length of time it takes a new user to go from signing up to your API to getting their first HTTP 200 response.

Think about the last time you started using a new API…

  • Fill in a tediously long registration form
  • Set up billing in case you go over the free trial limits
  • Wait for a confirmation email
  • Unsubscribe from all the marketing emails
  • Find the quickstart documentation
  • Realise it is outdated and consider raising an issue on the GitHub issues graveyard
  • Generate an API key and configure all its scopes
  • Install a 3rd party NPM library and a gigabyte of required packages
  • Work out how to authenticate the request – hard given the tutorial uses V1.3.4 and you’re on V1.3.4.0.1b
  • Send the first request, and realise that you had to manually add your IP address to the allow-list
  • Try again, but realise you need to sign the request with a unique timestamp
  • Receive an HTTP 429 error for sending too many requests
  • Have a pint
  • Try again, get an HTTP 200! Success! You’re a real developer now!

The above is only a minor exaggeration. Every time I sign up to play with a new API, I’m grimly aware of my own mortality. Every minute I waste doing battle with your incomplete documentation and dreadful attitude to new users, is a minute I could spend doing something more fun instead.

Please, I beg of you, optimise your Time To 200!

Adblock test (Why?)

Read the whole story
GaryBIshop
33 days ago
reply
So true!
Share this story
Delete
Next Page of Stories