clearf's comments

How _lucky_ that github itself was the subject of the attack in npm.

Unless I'm missing something, this attack could have gone unnoticed for a long time (it would be hard for someone to connect a random breach in their infrastructure to an oauth intrusion affecting two of their service providers).

An interesting side note about this story is the homogeneity and lack of relevant background among Theranos's board of directors. All the outside directors were white, prestigious (former generals, senators, cabinet secretaries, etc) and relatively old. Research shows that homogenous groups are less likely to challenge each other.

My coauthor and I wrote about this in our book Meltdown (Published by Penguin Press in in March). We drew on Carreyrou's excellent reporting and some pretty interesting research about how team diversity affects decision making.

I'm not sure that accuracy/HP are the right things to tweak. I've always wanted to be "surprised," in an unscripted way, by AI enemies in FPS and RTS games.

It's an interesting point, but I'm wondering how to unpack it.

"If Twitter was open... a dozen people innovating on it..."

Though not 100% independent of their funding model (loss-aversion bias might lead us to conclude that big companies take less risk), presumably Twitter has at least a dozen people trying to innovate on it?

They may not be doing what [parts of] the community wants, but that's not quite the same thing as not innovating.

> Someone could probably also create a video with a payload to hot patch libstagefright.

This is brilliant. Assuming that it doesn't cause further problems.

Independent of the question if "everyone" is owned is the interesting (and scary) possibility that specific people have been (or will be) targeted.

The comments here remind me a little of Pierre Bayard's delightful(ly) postmodern monograph, _How to Talk about Books You Haven't Read_ [0].

It's an entertaining read.

[0] http://www.amazon.com/Talk-About-Books-Havent-Read-ebook/dp/...

One thought is that we could reframe the question (as e.g., Sweden has done) and work to increasing gender equality.

If the starting point is recognizing that people have kids and it takes time to care for them, and both parents have that right and obligation.

From there, one could devise policies that encourage BOTH men and women to take parental leave and invest in high-quality childcare for when that parental leave is over.

I believe it's a licensing arrangement. Those locations often buy and license Starbucks coffee (though often not their baked goods), but are not run by Starbucks. e.g., Barnes and Nobel, Safeway.

The rebuttal: http://www.theguardian.com/science/across-the-universe/2015/...

It's a pretty interesting sequence of events that turned on configuration errors and humans overriding automated pauses (what the Order calls circuit breakers) without really understanding what was going on.

Make sure they're well separated! c.f. http://www.wsj.com/articles/SB100014240527487033765045754919...

What a great question. I do think that, generally speaking, confidence that the markets are stable is good for an economy, and these sorts of events undermine that confidence.

It's important not to understate the cost of failure in these markets. A firm might go bankrupt and have to lay off real people if caught on the wrong side of such an event.

I also think that there is a direct connection between events like the Flash Crash and things like Nasdaq's mishandling of the Facebook IPO, which, again, had real costs in terms of time and money. Both emerge, I would argue, from a similar flavor of complexity.

I'm struggling for an analogy to show that it matters. Maybe it's a little like Target's website going down. It's not Quality, in a Zen and the Art of Motorcycle Maintenance way, even if it's only down for a short time, and the consequences were "only lost orders." Compelling?

I have heard Gregg Berman speak, though I hadn't read this speech until skimming it just now. I do think that there is, generally speaking, a heartfelt desire to develop the tools and data needed to gain insights that Berman is talking about.

I think there are two challenges to unpack. One, though I wasn't insinuating it, I could have been. I do believe that regulators are more lawyers than physicists. Berman is the exception rather than the rule.

Two, Berman, in particular, makes a fundamental error that I think is very easy to make. There's a difference between "complex" in the sense that something has a lot of parts, and interactively complex in the sense that parts of a system are fundamentally unknowable and it can experience wild and unexpected dynamics. I think Berman doesn't distinguish between those two types of systems (repeated analogies to cell phones give some indication of his thinking), and more generally, regulators don't understand the aggregate cost of complexity.

In my view, things like Midas are orthogonal to some deeper issues facing the markets. Regulators have created a quasi-competitive market that breeds this sort of interactive complexity. Then, when something goes wrong, they rely on punishment and enforcement actions [1] to target individual firms that have made "mistakes." This not only does not address root causes, it creates a culture of silence around technology risk issues within firms and across the industry. I've written more about this here: http://harvardkennedyschoolreview.com/preventing-crashes-les...

[1] See, e.g., http://www.sec.gov/litigation/admin/2013/34-70694.pdf and http://www.sec.gov/litigation/admin/2013/34-69655.pdf

One of the authors here. I think that's a pretty good summary. And, yes, I agree that there are ways to introduce damping into many such systems and some has been added since the Crash, as another comment points out.

I think it would be great if the SEC believed that that was their mandate. Unfortunately, I think that is predicated on much more sophisticated and nuanced understand of the dynamics of the markets than regulators typically have.

The claim in the recent CFTC's Complaint that alleged market manipulator Navinder Sarao directly contributed to the crash is only one example of this. If one guy can cause a Flash Crash, there is a bigger problem with the structure of the markets.

If you could modify the driver, you may not need to rely on the subtlety of the emissions patterns...

Do you have a reference to this? I've heard this argument before, but haven't been able to find any hard stats.

Are you sure you're the mark (i.e., their target audience)?

Full disclosure: this is my article, but my hope is that it's interesting to the community here, and I'm really interested in people's feedback on what we got right and what we missed.

I assumed it was an SSH tunnel, and wondered if game stop had ISOs on a server and burn-on-demand business.