stipes | 15 years ago | on: Ask HN: Free weights, do you use them?
There's a good wiki on Starting Strength at http://startingstrength.wikia.com/
stipes's comments
stipes | 16 years ago | on: Doing “Big Science” In Academia
I was surprised by the lack of mention for PlanetLab and Emulab.
stipes | 16 years ago | on: EFF's HTTPS Everywhere Firefox plugin
TLS/SSL can cache the session in order to actually improve performance and scalability. Otherwise you'd have to redo the exchange each time you made a request.
My guess is that the level of caching you'd want TLS/SSL to do is dependent on what kind of content you're serving, the usage patterns of visitors, etc. As an example, Facebook has relatively long user sessions, and would benefit greatly from caching and just refreshing the session keys. Something like Google search, where a user session may only last a few seconds and a couple requests... maybe not so useful. I'm not familiar (off the top of my head) with any in-depth studies on this.
stipes | 16 years ago | on: EFF's HTTPS Everywhere Firefox plugin
I read this back as a private preprint. Definitely well designed (a good fit for USENIX, where it will be published). They had to overcome some significant technical hurdles in order to get it to be properly backwards compatible (issues with TCP header size, NAT boxes, etc.).
My biggest interest is in the much lower computational overhead for the server, which, I can hope, will mean it will get used much more often than TLS/SSL (thus the idea of it being "ubiquitous").
There's growing interest in the idea of "opportunistic encryption", where the results are transparent and beneficial, but not always guaranteed. (I'm working on this in a different area currently.)
stipes | 16 years ago | on: Win a soccer game by more than five points and you lose
My initial reaction to the title was that winning a professional level soccer game by more than five points does cause a loss of sorts: the physiological taxation that such effort causes could easily decrease the chances of winning games in the near future. Taking this physical side effect of over-effort into account in finding the optimal strategy would be interesting.
stipes | 16 years ago | on: The predictions of a 17th-century scientist
> ''The practicable and certain way of finding Longitudes'' - satellite navigation.
We figured that out (for varying definitions of "practicable and certain") as early as the invention of the watch.
stipes | 16 years ago | on: Building a distributed social network? You’re doing it wrong.
Of note is that most of what are called "distributed social networks" are actually federated social networks.
stipes | 16 years ago | on: Boy or Girl paradox
The government would still know (if they were logging traffic) that you accessed the page. In this case, as it is publicly accessible, the encryption is fairly meaningless.
stipes | 16 years ago | on: Wikileaks Was Launched With Documents Intercepted From Tor
After some brief digging, it appears there has been some published research on location diversity in path selection in Tor since I last worked on that problem. https://docs.google.com/viewer?url=http://www.cs.rpi.edu/~ed... has some good results, if anyone is interested.
stipes | 16 years ago | on: Wikileaks Was Launched With Documents Intercepted From Tor
Yes, Tor is for anonymity, not privacy. But that just means you still need to be operating over a secure channel---be that SSL or sending the documents encrypted, etc.
The fact that they operated compromised nodes does NOT diminish from Tor's anonymity. Most anonymity systems assume about 1/5 of the nodes will be compromised (which is reasonable barring a very large global adversary).
In general, timing attacks are the biggest issue in low-latency anonymity systems: if you can track packets going into Tor and coming out of Tor, you can link the sender to the destination. But, if the traffic was encrypted, that still doesn't get you the documents themselves.
Edit: More specifically to the grandparent---even with a compromised exit node, that doesn't reveal the source (that's the point of onion routing). The case of China is a hard one, due to the level of state control. There are ways to request exit nodes in the Tor network (I have no idea how well documented this is), so for them, selecting an exit outside China for accessing international sites would probably be best (this would remove/greatly reduce the risk of Chinese gov't timing attacks).
There has been some work on strategically choosing entrance/exit nodes to reduce the risk of these kinds of timing attacks, but I don't know of anything that has been published or implemented yet (I haven't worked on that particular aspect in a while). Basically, some of the methods would have automatically chosen exit nodes outside of China (to prevent exit->destination traffic from travelling through the same autonomous systems as source->entrance traffic).
stipes | 16 years ago | on: YouPorn to offer HTML5 video tag support
Now you can have porn on your iPads. Is Jobs going to introduce web filtering now?
stipes | 16 years ago | on: Go To University, Not For CS
I'll throw in my voice that a "regular" University can still have a good CS program. I am at a large state university. My theoretical courses have been, by and large, quite good.
Our introductory course is based on SICP and Scheme (with a little Python at the end). Our second course is roughly about OO, taught with Java (but without letting us use most of the libraries at all).
The design of our program is that you choose an emphasis (I'm in network security; there's also networks, graphics, AI, etc., and yes, software engineering). All emphases have theoretical elements, at least to some degree.
I have also had great experiences doing research with professors, who are very open to undergraduates.
page 2