〰 Tidal, Archiloque's feed reader

Refactoring is defined as a “disciplined technique for restructuring an existing body of code, altering its internal structure without changing its external behavior” by Martin Fowler.

But its everyday usage takes a very different meaning. We use the word refactor to everything from the original meaning, to a complete side-by-side rewrite of a barely-functional system. How can you use the same word to refer to something that does not change external behavior, with building an entirely new replacement system?

More than once, I’ve elicited sighs for my efforts to clarify the language we use. But when you have people that use wildly different vocabularies- artists, programmers, project managers- this is of paramount importance. So the fact that we say ‘refactor’ to meaning any type of rewriting of code or functionality irks me.

So recently I’ve begun a dictionary in my head for the type of tasks we do.

Refactor: The original and ‘precise’ meaning of restructuring a module without altering external behavior, up to a rewrite of parts of a larger system, that may change internal behavior of the system (including the external behavior of large internal components). While I’d love to keep only the more limited original meaning, when we’re dealing with large legacy codebases that often have zero tests, the original meaning doesn’t apply often enough.

Renovate: Rewriting a system so that its external behavior changes considerably but it still fulfills the same purpose (obviously). I name it as such because it is like renovating a building- the exterior and interior may greatly change, but what goes on inside may stay the same. Similar to ‘Rewrite’ but generally applies to a smaller (module/system) scale. An example would be, if you have a library for dealing with source control, and you no longer like the API. So you greatly change how the module works, and it still fulfills its fundamental purpose of dealing with source control.

Recycle: Writing a replacement system side-by-side with the old system, using components from the old system (by either referencing or copy/pasting), with the goal that once the new system is working, the old system will be shut down. The goal is a replacement that is easier to use but fulfills similar requirements. An example would be replacing legacy procedures for data transformations, that may have a lot of imperative code and poor reuse. You would replace the system with something better written, often taking chunks of logic from the old system, or writing tests that verify it produces the same results, then hook up calling code to use the new system, then delete the old one entirely.

Rewrite/Rebuild: When a system is to be written from the ground up, using the original implementation as an example or in a prototype role only, resulting in a system that fulfills the business requirements of the original system but does not necessarily preserve anything else about it. Similar to ‘Renovating’ but generally applies to a larger (application) scale. An example would be, if you have a website/game feature that you want to replace, you’d build the new one to fulfill the same business requirement (we need a website/some feature), but the features may be completely different.

So that’s my personal language right now. My hope is that it will expand to my team and then out from there. I don’t know if I’ll refine it much more- too granular and it would become unwieldy. Do you have suggestions or a language of your own?

A few days after I received my PlayStation Vita review unit in the mail, I got a set of six plastic cards with boxy black and white patterns on them. The free "augmented reality" games that rely on those cards were made available for download on the PlayStation Network today, and while the games definitely take place on a backdrop of reality, I'm not really sure how much the real world is being "augmented" through the Vita.

Read the comments on this post

The makers of the most widely used mobile app stores have agreed to comply with a California law requiring mobile apps that collect personal information to have a privacy policy. California Attorney General Kamala Harris announced the agreement today with Apple and Google, which run the two most popular mobile app stores, as well as Amazon, HP, Microsoft, and Research In Motion.

"These platforms have agreed to privacy principles designed to bring the industry in line with a California law requiring mobile apps that collect personal information to have a privacy policy," Harris's office said in a press release. "The majority of mobile apps sold today do not contain a privacy policy."

The agreement doesn't place restrictions on what types of data app makers may collect. But app makers must describe "how personal data is collected, used and shared," and make their privacy policies easily found by users. App store listings will contain either the text of the privacy policy or a link to the policy.

There have been several controversies over mobile app privacy, and one of the most recent centered on the social network Path accessing and uploading iPhone users' contact databases without permission. Harris noted that a Wall Street Journal report last year found "that 45 of the top 101 apps did not provide privacy policies either inside the application or on the application developer’s website," despite the fact that most of the mobile apps were transmitting a phone's unique device ID or location "to other companies without users' awareness or consent." Some apps were also transmitting the user's age, gender, and other personal details.

Read the comments on this post

Photo: U.S. Air Force

The “signature wounds” of the wars in Iraq and Afghanistan — post-traumatic stress disorder and traumatic brain injury — are both rooted in traumatic events. Until recently, though, military docs mostly treated them as two different health problems: one physical, the other psychological. That approach might be poised to change, thanks to a new study, which shows that injuries to a specific part of the brain “primed” it for PTSD’s psychological ailments.

Post-traumatic stress disorder is widely known as the psychological condition that’s followed soldiers home from Iraq and Afghanistan. The connection between war and PTSD is simple enough: Soldiers undergo a traumatic experience, if not several, overseas. Those traumas stay with them, and seem to have a profound impact on their stress hormones and brain chemistry. The result? Symptoms like nightmares, paranoia and angry outbursts.

In comparison, traumatic brain injuries (TBIs) seem extremely different. These injuries are caused by a physical trauma — an IED attack, for example — that actually rattles the brain inside the skull. Subsequent brain damage can cause everything from vomiting and headaches to long-term loss of sensation and speech impediments.

Scientists have known for a while that TBIs and PTSD are connected. One 2008 study concluded that 44 percent of personnel with a TBI also suffered from PTSD, compared to 9 percent of those without physical injury. Of course, the link seems obvious: It follows that driving a Humvee that’s suddenly blown to pieces will rattle the skull and also trigger psychological distress.

But researchers now suspect that the link goes even further: They’ve concluded that the physical blow from a TBI changes a key part of the brain, making a soldier more at risk of developing PTSD in the future.

Scientists at the University of California at Los Angeles, led by Dr. Maxine Reger, this week published a study that uses rats to examine the relationship between TBI and PTSD.

They first divided the animal subjects into two groups. The researchers used physical force to cause TBIs among the rats in one group. Those in the other group were left unscathed.

Then the team waited two days before exposing the rats to fearful experiences. The point of waiting was to separate the physical trauma (the TBI) from the psychological. Researchers wanted to know whether, days later and during an entirely different experience, a TBI would have any impact on PTSD risk.

Lo and behold, rats in the TBI group did react differently to fearful stimulus. In fact, they exhibited “inappropriately strong fear,” according to Dr. Michael Fanselow, one of the researchers involved in the study. Rats with healthy noggins, however, exhibited more appropriate reactions.

“It was as if the injury primed the brain for learning to be afraid,” he said in a statement.

At the core of the finding is one brain region, called the amygdala. Scientists already know that this tiny bundle of neurons is extremely vulnerable to damage during a brain-rattling event that causes a TBI. The amygdala is also one of the most important brain areas where PTSD is concerned, because it regulates fear response.

After their experiments, the team analyzed brain tissue from the amygdala of several rats. Among rats afflicted with a TBI, the amygdala had significantly more receptors for neurotransmitters that are involved in the learning process. In other words, a TBI somehow causes these receptors to multiply, meaning that there are more of them available to be activated by neurotransmitters. So when a person is exposed to a scary event, their amygdala is, oddly enough, more capable of learning fear.

In a human context, the study’s findings (roughly) suggest the following: If two soldiers are exposed to the same psychologically scarring event, the soldier who suffered a TBI last month would be more likely to develop PTSD than his colleague.

Of course, it’s not that simple. Scientists already know that all sorts of other factors, from genetics to childhood environment, affect a soldier’s risk of developing PTSD. And even if TBIs are a risk factor, they aren’t the only one — not everyone who gets PTSD, whether soldier or civilian, also suffered a traumatic brain injury sometime in the past. Likewise, not all TBI sufferers eventually end up with PTSD.

That said, the study could break new ground in the Pentagon’s efforts to treat, diagnose and prevent PTSD and TBI. Thus far, the military hasn’t had much luck unraveling either one. Figuring out how and where the two illnesses are tangled together might be a good place to start.

Almost comically shameless.

Must-read letter from Layton Duncan, founder of the software shop Polar Bear Farm in Christchurch New Zealand, on the one-year anniversary of the earthquake:

Our city has been destroyed. It’s hard to find a natural disaster anywhere which has a larger effect on a country than this earthquake is having here. In relative terms, the effect on New Zealand is equivalent to around 8 Hurricane Katrinas, or around 3 2011 Sendai earthquake and tsunamis. Christchurch needs serious help to recover from this once in 10,000 year event. […]

On Wednesday 22nd of February 2012, all our apps will be reduced in price. 100% of the proceeds of all sales for the day will go into seeding the formation of a charitable trust with the explicit purpose of kickstarting the creation of a built environment for a safe, vibrant, sustainable downtown Christchurch people can inhabit again.

Great apps, great prices, great cause.

Encore une fois, on me passe un texte où un esprit, "libre" et délié et innovant, balance l'idée géniale : rejoignons le Groupe des Plans Nucléaires à l'OTAN. Ce qui n'est d'une erreur, me semble-t-il. Et puisque c'est une idée "innovante", discutons-la : pas de thèse valable sans une bonne antithèse.

source

L'idée de réintégrer le GPN de l'Otan est régulièrement agitée par les "brillants" esprits généralistes qui ne connaissent pas grand chose à l'Otan. Chaque année, un brillant plein d'avenir jette l'idée dans tel rapport plus ou moins confidentiel. Mais je subodore que ce doit être également écrit dans des copies de l'école de guerre et autres lieux où on dit aux gars : vous devez terminer par des propositions. Et comme les gars ne connaissent pas grand chose, ils s'attachent aux organigrammes, voient qu'on n'a pas rejoint le GPN, et hop!, passez muscade, v'là que jte l'propose, le vorace y sera content, ça au moins c'est original et brillant.

De même, on voit pas mal d'universitaires qui ne connaissent l'Alliance que de l'extérieur et qui se précipitent sur un organigramme et croient qu'en modifiant une position dans le dit organigramme, tout va changer, y compris politiquement : quiconque a pratiqué n'importe laquelle grande organisation sait que les organigrammes sont beaux, mais que ce ne sont pas eux qui font marcher un système (voir billet ici). Et bizarrement, c'est la même chose dans cette grande machine politique et "intergouvernementale" qu'est l'OTAN. Ou, dans ce cas précis, l'Alliance puisque, faut-il le préciser, le GPN appartient au dispositif de l'alliance (le côté politique) et non au dispositif militaire, l'organisation proprement dite.

Ainsi donc, et à moins qu'il y ait eu un brusque changement de position validé à la fois par le quai d'Orsay, l'EMA et l'EMP, mais qui alors n'a pas été rendu public et s'inscrirait en total porte-à-faux avec la doctrine et la constante pratique française, réaffirmée notamment à Strasbourg Kehl et à Lisbonne, cette proposition n'est pas valide aujourd’hui pour cinq raisons.

source

En effet, une telle proposition, c'est :

1/ ne rien connaître à l'Otan (et donc ne pas savoir que le GPN ne sert pas à grand chose). En effet, il fut créé en 1966 après notre départ tout d'abord pour qu'il y ait un lieu "politique" où discuter à 15 (sans donc les Français) ; et qu'ensuite il s'inscrivait dans une grande dispute transatlantique portant sur le couplage nucléaire, précisément sur la question de la riposte graduée, et qu'il s'agissait pour les Américains de montrer aux alliés qu'ils avaient leur mot à dire en matière nucléaire, contrairement à ce que racontaient ces idiots de Français et que bien sûr, bien sûr, avant d'engager leurs bombes nucléaires en Europe, ils consulteraient les alliés. Les choses ont, le sait-on, un peu changé depuis 1966 : un tout petit peu ... ! Et si l'Alliance demeure une alliance "nucléaire", c'est d'abord grâce aux armes américaines, les fameuses B 61 qui constituent, pour le coup, un enjeu réel de Chicago. Et d'ailleurs la source d'une certaine dissension américano-allemande.

• Accessoirement, il est fort utile qu'il y ait un cercle où nous ne sommes pas : lors de la crise irakienne, en 2003, pour contourner l'opposition franco-allemande, l'Alliance s'était réunie au Comité des Plans de Défense (auquel nous ne participions pas, alors) pour réussir à adopter une position commune, ce qui était une façon diplomatique et agréée par tout le monde pour contourner le problème... Bref, l'exception française, même marginale, c'est encore un attribut de puissance.

2/ c'est ne rien connaître non plus à la réalité allemande : allez dire à un Allemand de partager le nucléaire, essayez seulement ! cela fait vingt ans qu'on leur propose, qu'ils refusent, et au dernier sommet de Lisbonne, M. Westerwelle en a fait un objet de dissension franco-allemand, provoquant une crise diplomatique qui a raidi les Français comme des puces bretonnes en manque de chouchen et obligé Mme Merkel de venir calmer les choses. Ne pas en douter, ils risquent de remettre le couvert à Chicago, car pour eux, grâce à la sainte DAMB, plus besoin de cette arme horrible et sale et pas morale. Et ce serait le moment de rejoindre le GPN et de partager notre arme avec les autres Européens ? avec les Allemands ??

3/ c'est ne rien comprendre à ce que veulent les Américains, qui seront trop contents de nous retirer ce qu'ils considèrent comme une prolifération indue des années 60 et qui y verrons une belle revanche posthume sur De Gaulle. Habile !

4/ c'est ne pas avoir compris la logique profonde du traité FR-UK qui est d'abord nucléaire, ne l'oublions pas.

5/ c'est enfin ne pas avoir le premier centime d'ancien franc de sens politique et ne pas comprendre que le nucléaire, ça ne se partage pas et que c'est absolument essentiel à la géopolitique de la France : l'arme grâce à laquelle on ne revivra pas juin 1940 et la saignée de 14-18. Mais là, il ne s'agit pas de notre place dans l'alliance, il s'agit de la place du nucléaire dans notre stratégie nationale.

Bref, le nucléaire, avant d'être un dogme, est quelque chose qu'il faut "penser". Et si on pensait un peu, avant de faire des propositions farcies sur le nucléaire ?

O. Kempf

ABC News’s exclusive behind-the-scenes look at Foxconn’s Apple product factories. I thought it was both fair and fascinating. Absolutely worth watching.

We're proud to announce that Gaug.es for Android is now available in the Android Market! The app provides a quick overview of your traffic, top content, top referrers, and the live AirTraffic for each of your gauges.

All versions of Android from Froyo (Android 2.2) to Ice Cream Sandwich (Android 4.0) are supported.

We've started small but with the same love and attention that you've gotten from the rest of the Gaug.es family of apps. You'll get a quick look dashboard with all of your gauges, list views of your daily traffic, most viewed content, top web referrers and be able to watch visitors from all over the globe hit your websites as it happens with AirTraffic.

If you have a Gaug.es account, head on over to the Android Market and install the app - it's completely free. If you haven't tried Gaug.es yet, sign up for a free 7-day trial and see if Gaug.es is right for you!

The app is free in more than one sense of the word, as it's also open-source under the Apache 2.0 license and you can grab the source here.

Gaug.es for Android is built on top of the awesome Gaug.es API as well as several great projects for Android development that are also available on GitHub:

• JakeWharton/ActionBarSherlock for a consistent, great looking header across all Android platforms.
• JakeWharton/Android-ViewPagerIndicator for being able to swipe between content, traffic, and referrer pages.
• JakeWharton/NineOldAndroids for the AirTraffic view animations.
• jayway/android-maven-plugin for building the app and running the integration and unit tests.

Apple has given developers yet another few months to implement application sandboxing for OS X apps, a security feature brought over from iOS: the deadline is now June 1, 2012. While the intent of sandboxing is to prevent hacked apps from taking over a user's system, however, the sandbox design inherently limits functionality that users and developers have come to expect on the desktop. Apple's changes and delays to sandboxing requirements have also created a situation where the sandboxing goalpost keeps moving while developers continue to push Apple to improve its design.

Read the comments on this post

The nation's fourth-largest cellular firm has asked the Federal Communications Commission to block a spectrum acquisition by its largest competitor. T-Mobile argues that allowing Verizon to purchase more spectrum would make it too difficult for smaller wireless firms to build next-generation networks of their own.

The spectrum under dispute was acquired in an auction by a coalition of cable companies led by Comcast and Time Warner in 2006. But the cable firms have apparently decided they don't want to be in the wireless business after all. In December, Verizon Wireless announced plans to buy the spectrum, which is in the AWS band, for $3.6 billion.

Read the comments on this post

Marine Corps Commandant Gen. James Amos gets an iPad demo. Photo: USMC

The Pentagon is, for all intents and purposes, Apple-free zone. Its desktop computers have long run on Windows, and now its tablets and smartphones are all Android. But there’s a chance that might be about to change. The Air Force’s Air Mobility Command is considering a monster purchase of iPads — one that might give Apple an inroads into a military market that’s eluded it so far.

A recent solicitation from Air Mobility Command has the Air Force’s cargo and transport division seeking “a maximum of 18,000 iPad 2s” to serve as “Electronic Flight Bags” — essentially, tools to launch apps that digitize the flyboys’ weighty manuals. Even that purchase isn’t a slam dunk for Cupertino, since the solicitation called for iPads or “equal” devices. (Cue the indignation from Cult of Mac-types.) But if the Air Force even buys half that many iPads, it would still represent the largest tablet or smartphone purchase the military’s made thus far.

And it also could represent something of a reversal of Apple’s military fortunes. Last week, the Air Force’s Special Operations Command cancelled an order of over 2,000 iPads, apparently prompted by security concerns about Russian software on the devices for reading PDFs of flight charts that double as encryption agents. As if to twist the knife, a spokeswoman told NextGov that the command “continues” to evaluate “the procurement aspect of providing tablets to the field.” In other words, they love tablets — just not Apple’s tablet.

That’s a familiar story for Apple. While the military is just getting started playing around with smart devices, it’s balked at shelling out for Cupertino’s mobile products.

In 2010, the military’s Special Operations Command wanted a suite of apps to get militarily relevant data out to their dismounted, networked commandos, including a “multi-touch whiteboarding aka John Madden tool.” They went with Android phones to host it. The next year, when the app-mad Army started playing around with its first smartphone linked to its new data network, Android powered it.

Later in 2011, the Army bought a bunch of commercial smartphones — as in, officers went to Best Buy and purchased 60 phones — to test out how they worked with the new data network. It also debuted a new quasi-smartphone to replace an old, funky plan to make soldiers wear computers. Yet again, in both cases, Droid did.

The preference was rarely made explicit, and behind the scenes, Army officials whispered to reporters that they didn’t want to make it seem like they were dissing Apple. And Apple had a few mobile military successes, like when Marine aviators bought 32 iPads last fall to help program close air support.

But the word’s gotten around to the defense industry. At military gear showcases like the Association of the United States Army conference, developers who come up with everything from insta-translators to mapping tools run the software they want to sell the Army with Android as their operating system.

So why not Apple? As the iPad cancellation indicated, there are concerns about data security — but in fairness, the Army hasn’t yet certified Android (or Windows Mobile, for that matter) as secure, either. The answer you hear most often is cost. Apple products are more expensive, which is why most government desktops run Windows and bureaucrats thumb their way through BlackBerries. Now that the military is facing a future of tighter budgets, iPads and iPhones might be too expensive.

But the Air Mobility Command is bucking that trend. Buying 18,000 iPads will make it the most always-on part of the military by a longshot. And since the Army wants to start out using smartphones for pretty much the same function — running apps that digitize its training and field manuals — it’s possible the Air Force purchase might spur a second look at iOS from the ground-pounders.

Still, the military isn’t ready to issue camo-colored coverings to iPads just yet. An Air Mobility Command spokeswoman said the 18,000 order may not just buy iPads — Motorola’s Xoom, Samsung’s Galaxy Tab, and even Barnes & Noble’s Nook e-reader might be included in the Air Force purchase. And all those tablets have a certain competing operating system in common.

Photo: Flickr/MC4 Army

Since September, scientists have been scratching their head over results that appear to show neutrinos travelling between Switzerland and Italy faster than light would. As far as anyone could tell, the team behind the results had done everything they could to eliminate errors, and had even released some preliminary data that had strengthened their results. But the results remained difficult to square with everything else we know about how the Universe operates.

But now, ScienceInsider is reporting that there was a good reason the measurements and reality weren't lining up: a loose cable was causing one of the atomic clocks used to time the neutrinos' flight to produce spurious results. If the report is confirmed, then it provides a simple explanation for the fascinating-yet-difficult-to-accept results.

Read the comments on this post

I know what you’re thinking — you’re thinking this headline from The Loop’s Peter Cohen is an over-the-top bit of anti-Dell sensationalism. But it’s actually an accurate description of this promotional video from Dell.

CentOS has updated cvs (C6: command execution via hostile proxy server), libxml2 (C6: denial of service), and libpng (C6: code execution).

Debian has updated libmodplug (six code-execution vulnerabilities).

Fedora has updated java-1.6.0-openjdk (F15: nine CVE numbers), firefox (F15: code execution), xulrunner (F15: code execution) and thunderbird (F15: code execution).

Mandriva has updated libxml2 (denial of service) and libpng (code execution).

Oracle has updated libxml2 (EL6: denial of service) and cvs (EL6: command execution).

Red Hat has updated libxml2 (RHEL5-6: denial of service), httpd (RHEL5: multiple vulnerabilities) java-1.6.0-openjdk (RHEL5: nine CVE numbers), and cvs (RHEL5-6: code execution via hostile proxy server).

Ubuntu has updated cvs (command execution via hostile proxy server).

The prospects for quick European approval of the Anti-Counterfeiting Trade Agreement dimmed Wednesday as the European Commission, the EU's executive branch, announced plans to seek an opinion from the European Court of Justice about ACTA's constitutionality.

In a statement, Viviane Reding, the EU Commissioner for Justice, Fundamental Rights, and Citizenship, reiterated her commitment to "a freely accessible Internet" and "freedom of expression and freedom of information via the Internet." She said the EC has decided to ask the ECJ for an opinion to "clarify that the ACTA agreement and its implementation must be fully compatible with freedom of expression and freedom of the Internet."

"I believe that putting ACTA before the European Court of Justice is a needed step," she wrote in a Wednesday press release explaining the move. "This debate must be based upon facts and not upon the misinformation or rumor that has dominated social media sites and blogs in recent weeks."

"Intellectual property is Europe's main raw material, but the problem is that we currently struggle to protect it outside the European Union," Reding wrote. "This hurts our companies, destroys jobs and harms our economies. This is where ACTA will change something for all of us - as it will help protect jobs that are currently lost because counterfeited and pirated goods worth 200 billion Euros are floating around on the world markets."

The European Commission has traditionally been a strong supporter of the ACTA agreement. The executive body adopted the treaty in December, and it is due to be considered by the European Parliament later this year. Presumably, the commission hopes that a favorable ruling from the high court will ease the agreement's passage by rebutting critics' charges that ACTA threatens Internet freedom.

But the decision to seek a judicial opinion could also further delay consideration of the treaty, giving opponents more time to organize against it.

ACTA opponents have been particularly effective in Poland, where the government suspended ratification of the treaty earlier this month. As our sister site Wired has reported, online activists persuaded Polish Prime Minister Donald Tusk to participate in a 7-hour online conversation about ACTA on Twitter, Facebook, and even IRC. Last week, Tusk repudiated his earlier support for ACTA and called on other European nations to reject the treaty as well.

Read the comments on this post

Extradition of Accused Masterminds Moves Forward

Millions of computers infected with the stealthy and tenacious DNSChanger Trojan may be spared a planned disconnection from the Internet early next month if a New York court approves a new request by the U.S. government. Meanwhile, six men accused of managing and profiting from the huge collection of hacked PCs are expected to soon be extradited from their native Estonia to face charges in the United States.

DNSChanger modifies settings on a host PC that tell the computer how to find Web sites on the Internet, hijacking victims’ search results and preventing them from visiting security sites that might help detect and scrub the infections. The Internet servers that were used to control infected PCs were located in the United States, and in coordination with the arrest of the Estonian men in November, a New York district court ordered a private U.S. company to assume control over those servers. The government argued that the arrangement would give ISPs and companies time to identify and scrub infected PCs, systems that would otherwise be disconnected from the Internet if the control servers were shut down. The court agreed, and ordered that the surrogate control servers remain in operation until March 8.

But earlier this month, security firm Internet Identity revealed that the cleanup process was taking a lot longer than expected: The company said more than 3 million systems worldwide — 500,000 in the United States — remain infected with the Trojan, and that at least one instance of the Trojan was still running on computers at 50 percent of Fortune 500 firms and half of all U.S. government agencies. That means that if the current deadline holds, millions of PCs are likely to be cut off from the Web on March 8.

In a Feb. 17 filing with the U.S. District Court for the Southern District of New York, officials with the U.S. Justice Department, the U.S. Attorney for the Southern District of New York, and NASA asked the court to extend the March 8 deadline by more than four months to give ISPs, private companies and the government more time to clean up the mess. The government requested that the surrogate servers be allowed to stay in operation until July 9, 2012. The court has yet to rule on the request, a copy of which is available here (PDF).

Not everyone thinks extending the deadline is the best way to resolve the situation. In fact, security-minded folks seem dead-set against the idea. KrebOnSecurity conducted an unscientific poll earlier this month, asking readers whether they thought the government should give affected users more time to clean up infections from the malware, which can be unusually difficult to remove. Nearly 1,400 readers responded that forcing people to meet the current deadline was the best approach. The overwhelming opinion (~9:1) was against extending the March 8 deadline.

KrebsOnSecurity readers voted almost 9-1 against the idea of extending the Mar. 8 deadline.

In related news, the six Estonian men arrested and accused of building and profiting from the DNSChanger botnet are expected to be extradited to face computer intrusion and conspiracy charges in the United States.  According to the Baltic Business News, an Estonian court ruled last week that the country can extradite four of the six (two were already cleared for extradition). The story notes that the final decision on the extradition will be made by the Estonian government after the court’s ruling has entered into force, but sources close to the investigation say the extraditions are all but assured.

Image courtesy Eesti Päevaleht.

Among those facing certain extradition is the alleged ringleader of the group, Vladimir Tsastsin, who for many years ran a domain registration firm called EstDomains that was heavily favored by cybercriminals. In 2008, ICANN, the nonprofit organization that oversees the domain registration industry, revoked EstDomains’s contract to sell new domain names, citing Tsastsin’s prior criminal convictions for forgery, money laundering and credit card fraud.

Tsastsin and the five others are alleged to have made at least $14 million selling hijacked search traffic from infected PCs to advertisers, and by swapping ads displayed on popular sites with their own ads. The government says Tsastsin laundered the ill-gotten gains by purchasing dozens of cars and real estate properties, including a number of empty lots. The infographic above, published by Eesti Päevaleht — Estonia’s largest daily news outlet — shows some of the properties Tsastsin (bottom right) and his compatriots were alleged to have purchased with the funds earned from the DNSChanger Trojan activities.

A copy of the indictments returned against Tsastsin and others is available here (PDF).

Nokia is gearing up for some big smartphone announcements at Mobile World Congress next week, and not all are related to Windows Phone. In addition to a few Windows Phone handsets, the company is also teasing a camera-centric Symbian phone with one of the largest camera sensors on a mobile phone yet.

First, the Symbian outlier: the Nokia 803 will have a large imaging sensor that will be Nokia's big step up to 1080p video, according to PocketNow. With a 4-inch AMOLED screen, the phone will be an all-touchscreen successor to the Nokia N8, a phone revered for its photo prowess. Nokia's teaser commercial offers little information, but has some 1080p shots of winter scenes.

Read the comments on this post

Trying to pass unconstitutional restrictions on a burgeoning artistic medium is not cheap. Just ask the state of California, which will end up paying $1.8 million in attorney's fees in its failed effort to restrict violent game sales to children with a law that was overturned by the Supreme Court last year.

It was widely reported last month that the state would be paying $950,000 to cover legal costs for the Entertainment Merchants Association and Entertainment Software Association, which argued against the law. But that number didn't take into account nearly $300,000 the state had paid to industry defenders during earlier court battles, and $500,000 it spent on its own side of the legal battle, as The Sacramento Bee recently reported.

But there are no regrets from the sponsor of the bill. "When you fight the good fight for a cause you know is right and just, and it's about protecting kids, you don't ever regret that," Republican bill sponsor Leland Yee told The Bee. "I think we felt the issue was so important that it warranted the costs associated with it," former California deputy attorney general Jim Humes added.

And while the legal costs are a drop in the bucket compared to the state's massive annual budget of over $92 billion, some say legislators should have known that the law would end up being a waste of time and money. "I think it's fair to say the industry warned the state that they were just getting themselves into a big legal mess and they would end up having to pay attorney fees—and that's exactly what happened," game industry attorney Paul M. Smith told The Bee.

The good news is that states seem unlikely to waste taxpayer money on this specific issue in the future. The 7-2 Supreme Court ruling that overturned the California law was very clear in granting games full First Amendment protections, setting a precedent that other states seem unlikely to challenge directly. But that doesn't mean they won't try to find other ways to limit the impact of games they deem objectionable, as proven by an Oklahoma representative's recent efforts to add a surtax on games rated T and up.

Read the comments on this post

Last week, several documents that purportedly came from the Heartland Institute appeared on the Web, laying out the organization's financial efforts to undercut the mainstream understanding of climate science. Although the Heartland admitted that most of the materials were genuine, it claims they had been obtained via deception, and that one of the documents (the most inflammatory) was a fake. Now, a prominent environmental researcher has admitted that he impersonated a Heartland board member in order to obtain the documents, but claims they are all genuine.

Peter Gleick is the founder and current president of the Pacific Institute, where he specializes in research on the water cycle. His research can be provocative—some of it suggested that the US has already passed peak water—but has been considered important enough to get him elected to the National Academies of Science.

Read the comments on this post

Apple's massive North Carolina data center is apparently only the beginning when it comes to handling the deluge of content traffic flowing through Apple's servers. The company has now confirmed that it has plans to build another large data center in Prineville, Oregon, continuing the green efforts that it initiated with its east coast facility.

The news came via Oregon news station KTVZ, which was following up on rumors from December about the project as Apple spokesperson Kristin Huguet confirmed that Apple had indeed purchased the land for the data center. Huguet declined to offer any further details about Apple's plans, but KTVZ says the property's price tag was $5.6 million and the deed was signed by county commissioners on February 15. The location for the new 160-acre data center is said to be a "stone's throw" away from another large facility owned by Facebook.

Before Apple publicly acknowledged its North Carolina facility, rumors spread for years about what the company was planning to do with it. As it turned out, the NC data center ended up powering iCloud—which launched in October with iOS 5—and Apple began talking about its plans build a 171-panel solar farm to help run it. Apple's Oregon data center is expected to boast similar green efforts, but no details have been offered. Apple just laid out this week some of the other green initiatives it's taking in North Carolina, so it's likely we'll see some of those same elements carried over to the facility in the Beaver State.

Read the comments on this post

These days, it seems, its not enough for a digital device to just play games. To keep up with the smartphones and tablet computers of the world, any game system needs to at least nod in the direction of cloud-based and social networking "apps" that are all the rage with the kiddies. Sony's PlayStation Vita has now done exactly that, launching free downloadable Netflix, Twitter and Flickr apps in conjunction with the system's official debut today (though pre-orderers have had the system for a week now).

Read the comments on this post

Microsoft today filed a competition law complaint against Motorola Mobility with the European Commission, claiming that the company—and, by extension, its soon-to-be-owner Google—is charging outrageously high licensing fees for patents essential to complying with industry standards.

In a blog post titled "Google, Please Don't Kill Video on the Web," Microsoft general counsel Dave Heiner said Motorola "is attempting to block sales of Windows PCs, our Xbox game console and other products" by charging unusually high fees for patents related to the H.264 video standard. On a $1,000 laptop, Motorola wants a royalty of $22.50, Microsoft claims. Microsoft said its complaint, which is not a publicly available document, is filed against both Motorola and Google.

Read the comments on this post

E – Espace aérien : des aéronefs sans pilote à bord dans l’espace aérien civil ? Beaucoup de questions techniques et réglementaires demeurent alors que de rares pays autorisent leur emploi (comme à la frontière américano-mexicaine) et que tous travaillent sur cette question (cf l’expérimentation récente de l’Italie).

F – France : Nous n’avons pas de drone mais nous avons des idées ! En employant des drones lors de la Guerre du Golfe (vous le saviez ?), les armées française étaient dans le bon wagon. Aujourd’hui avec quelques SDTI, quatre Harfang et des drones micro-tactiques, elles sont en queue de train… Quant aux débats sur leur armement ou non, vaste sujet.

G – Guerre : les drones conduisent-ils à une évolution ou révolution de l’art de la guerre ? Évolution bien sûr ! Malgré les titres médiatiques aguicheurs. Le visage de la guerre change, les outils et les pratiques ne sont plus celles d’hier, mais la nature profonde n’évolue pas : le duel des volontés demeure.

H – Histoire : les premiers drones pourraient être des ballons autrichiens sans pilote lâchant des bombes au-dessus de Venise en 1849. Ensuite, de nombreux projets virent le jour, en particulier pour les cibles aériennes commandées à distance (cf. l’utilisation toujours d’actualité dans des centres de tir par le 17è régiment d’Artillerie en France).

I – Industrie : Dassault Aviation, EADS, Rafael, Elbit,, IAI, Sagem, Schiebel, General Atomics, Northrop Grumman, etc. Les enjeux économiques (94 milliards de $ d’ici 2020 ? dont 36 rien que pour les USA ?) sont énormes pour les majeures du secteur, des challengers émergeant aussi doucement pour exacerber la concurrence.

J – Journalisme : illustration d’une utilisation civile possible, les drones pourraient être de plus en plus employés par les journalistes, citant le cas d’une manifestation filmée à Varsovie. L’article oublie de préciser que plutôt que d’être un amateur lambda, l’utilisateur du drone était plutôt un manifestant l’utilisant pour filmer les policiers anti-émeute…

M – Morale : il aurait été possible de mettre « éthique ». Quelles sont les questions éthiques et morales (reliées à des questions de légalité) causées par cette administration de la mort à distance ? Les débats sur les assassinats ciblés sont ainsi un versant important sur l’introduction de principes de proportionnalité, de « la fin justifie (ou non) les moyens », etc.

N – Navalisation : milieu complexe à maîtriser, les drones investissent petit à petit le milieu maritime. C’est le cas du Camcopter S-100 de l’autrichien Schiebel testé sur le patrouilleur Adroit de DCNS ou un MQ-8 Fire Scout perdu par l’US Navy durant des opérations au-dessus de la Libye en juin 2011.

O – Opérateurs : si il n’y a pas de pilote à bord, l’humain reste dans la boucle de l’utilisation des drones. De la gestion des compétences, de la formation, du stress enduré par des opérateurs qui administrent parfois la mort à distance avant de rentrer chez eux le soir ou autres, les questions sont nombreuses pour ces presque nouveaux militaires.

P – Présence permanente : si l’endurance est l’un des facteurs techniques de ces outils, quand est-il de ce facteur pour les populations visées ou subissant l’emploi de ces drones. C’est le cas de celles des zones tribales pakistanaises qui vivent avec cette menace permanente au-dessus de la tête, un tir pouvant arrivé à tout moment.

Q – Quantité ? La quantité est-elle une qualité en soit ?

R – Renseignement : les données fournies par les drones (vidéos, signaux radios, etc.) viennent s’ajouter à l’énorme quantité d’informations (en particulier électroniques) déjà collectée et à traiter par les services de renseignement (en particulier américains). La sur information tue t’elle l’information ?

S – Stratégie ?

T – Terrorisme ?

U – ?

V – ?

W – Waziristan : région montagneuse du Nord-est du Pakistan, le Waziristan est réputé pour être la zone abritant les état-major de mouvements affiliés ou portant le label Al-Qaida. Les frappes de drones se multiplient comme le montre The Bureau of Investigative Journalism dans son suivi minutieux de ces questions, la dernière remontant au 16 février.

Y – Yémen : après l’Afghanistan, le Pakistan ou la Somalie, le Yemen est un des principaux théâtres d’utilisation de drones pour surveiller ou frapper la mouvance AQAP (Al-Qaeda in the Arabian Peninsula). L’imam Anwar al-Awlaki en est mort le 30 septembre, faisant perdre à AQ un rédacteur en chef de qualité pour sa revue Inspire.

Z – Zéro mort : slogan « marketing » qui voit le jour durant la Guerre du Golfe de 1991 et l’emploi intensif de frappes dites de précision. L’emploi des drones est censé répondre à cette volonté (et ce besoin) de préserver les vies humaines (euphémisme qui nie l’in-niable, la mort possible…), en particulier dans son propre camp en automatisant certaines taches dangereuses.

Et maintenant, à vos claviers !

NB : « drone » est pris dans cet article dans son acceptation étroite d’aéronef sans pilote humain à bord, mais l’acceptation plus large de « mobiles robotisés » peut (et devrait) évidemment être incluse dans le débat.

In some cases the most destructive action one can perform on the creative psyche is to give it absolute freedom. The blank page, blue sky, and empty word document are among the most terrifying monsters in the creative world.

1. Apply artificial Constraint
2. Design within Constraint
3. Remove Contraint
4. Analyze

That sums up a little bit of advice I’m going impart as to how I defeat these monsters. I’ve used this model in various ways and below I’ll give some examples of this simple piece of advice.

One Button

The modern gamepad (or keyboard/mouse) provides a massive subset of control options. Too many in most cases. As a programmer I often just find myself going “bind” crazy because its easy to bind to a key. This leads to terrible interfaces; original Blender UI anyone ;)

As a designer I often force myself to only have one button and one stick on a gamepad, or maybe just mouse interaction. I force myself to use less buttons than I think I need. Then I will often find ways to contextualize or simplify a mechanic or control. Leading to a more elegant control solution.

This also means I can often later in a project arbitrarily say something like, “Okay we will map that Global button to Shoulder button, they aren’t used anywhere”. Which is great when in crunch or a great feature occurs late in development.

Box It

Often when doodling an idea I will just draw a box on the page. Then draw only inside that box. This only really works for visual designs but I find it works really well to focus once I have a set boundary.

Coin Toss

Have two options?

Do a blind coin toss, and then before revealing the coin if you find yourself wishing for heads or tails you know your answer.

Three Point System

When constructing a narrative it’s easy to lose sight of the overall structure or lose detail. One trick I use is what I call the Bullet Point System. The system that forces groups of three means your always forced to find that third thing but also that you often self prune. Some of my best ideas come while reaching for that third point to fit. I also find that often something sounds great but then I can’t flesh it out to three points so I discard it.

Rules

• Write 3 lines
• No line can go onto the next line
• Always write 3 lines
• You can expand a point with exactly 3 sub lines

Story of Lost Boy

• Boy Gets Lost
  • Follows Butterfly
  • Goes into Cave
  • Can’t See Butterfly
• Boy Wanders
• Boy Finds Way Home
  • Mother Asks where he has been
  • Boy Gives Silly Answer
    • Don’t Retell Story
    • Child’s Vision
    • Doubt the Experience
  • Butterfly Lands on Boy

Pick It

Alternatively called the F it system this is for when often I’m uncertain or given too many options. If there are 6 different ways we can go and we can’t be sure which to go well then just throw hands in the air, F-it, and pick one.

Most importantly I document the choice!

I will force myself to finish the design or complete going down the path, no regrets. Then if possible when we have more time I go back to that fork in the road and re-examine the choice. Though to be frank it’s rare that you find yourself going back and re-evaulting.

Conclusion

Keep It Simple Stupid! This is all very basic advice that I was hesitant to post but then I recall watching a 30 minute cooking show on cooking Potatoes and thought well sometimes simple advice is very useful. ;)

Fascinating.

Carlos Bueno wrote:

Before I talk about my own troubles, let me tell you about another book, "Computer Game Bot Turing Test". It's one of over 100,000 "books" "written" by a Markov chain running over random Wikipedia articles, bundled up and sold online for a ridiculous price. The publisher, Betascript, is notorious for this kind of thing.

It gets better. There are whole species of other bots that infest the Amazon Marketplace, pretending to have used copies of books, fighting epic price wars no one ever sees. So with "Turing Test" we have a delightful futuristic absurdity: a computer program, pretending to be human, hawking a book about computers pretending to be human, while other computer programs pretend to have used copies of it. A book that was never actually written, much less printed and read.

The internet has everything.

Last year I published my children's book about computer science, Lauren Ipsum. I set a price of $14.95 for the paperback edition and sales have been pretty good. Then last week I noticed a marketplace bot offering to sell it for $55.63. "Silly bots", I thought to myself.

Then another piled on, and then an overseas dropshipper, and then another bot. Pretty soon they were offering my book below the retail price.

The punchline is that Amazon itself is a bot. Noticing all of this activity, it decided to put the book on sale! 28% off. I can't wait to find out what that does to my margin.

My reaction to this algorithmic whipsawing has settled down to a kind of helpless bemusement. The plot of my book is about how understanding computers is the first step to taking control of your life in the 21st century. Now I don't know what to believe.

It's possible that the optimal price of Lauren Ipsum is, in fact, ten dollars and seventy-six cents and I should just relax and trust the tattooed hipster who wrote Amazon's pricing algorithm. After all, I have no choice.

But I can't help but think about that old gambler's proverb: "If you can't spot the sucker, it's you."

Previously, previously, previously.

Photo: gynti_46/Flickr

On the surface, the drug war across the border boils down to a conflict between Mexico’s military and rival groups of cartels. This is true, but it leaves out Mexico’s other conflict — one fought against civilians through kidnapping, extortion and assassination. Little wonder that those who can afford it are now fueling a boom in professional bodyguards and guns-for-hire, many of them based in the United States.

And the boom is not just limited to jobs in Mexico — it’s happening on both sides of the border. It involves private security firms employed by both Mexican and U.S. citizens traveling from one country to the other, to border regions, or fueled by Mexican citizens relocating to the U.S. to escape the violence. The jobs given to the bodyguards involve protecting their clients against violent cartel threats and abductions, and helping negotiate kidnapping cases.

There are also serious risks. Some companies won’t work in Mexico proper because of the danger, while others do so — quietly.

R. Kent Morrison, president of Texas security firm BlackStone Group, hates the term bodyguard. For the heavily-built ex-Navy commando and Gulf War veteran, the term suggests a “big hulking gorilla with dark sunglasses and the trench coat.” Tucked away in a small office building in the wooded suburbs of west Austin, BlackStone is among a number of companies near the border competing in the more exclusive field of “executive protection,” security industry lingo for a more elite (and expensive) brand of hired muscle.

“Historically in the U.S., security has been the stereotypical, polyester-clad, eight-dollar-an-hour security guard, and that more than anything is just a way to reduce liability insurance costs,” Morrison says. “What we do is focus on providing security to usually high-net-worth individuals who actually have a need for security and aren’t provided that by some government entity.”

But when discussing Mexico, Morrison is cautious. He says BlackStone is seeing growth from Mexican nationals, mostly business executives traveling north, but only gives a rough estimate and doesn’t give out the names of individual customers. “I’ll tell you in the last five years the requests that we’ve had for those types of services from individuals and businessmen traveling from south of the border has probably doubled,” he said.

He says having a security detail in Mexico is now a literal “status symbol” for the country’s elite. And as that elite relocates to states like Texas because of violence or travels to do business, “they want to duplicate the services that they’ve grown accustomed to down south.”

This caution to discuss specifics reflects the shadowy and hazardous nature of Mexico’s private security business. Clayton International, an “executive protection” and counter-kidnapping subsidiary of longtime Iraq mercenary group Triple Canopy, and reported to work extensively in Mexico, said it would not answer questions from Danger Room due the “sensitivity of the subject.” Philip Klein, president of Houston-area Klein Investigations and Consulting, said his company said his company has seen a 120 percent increase over the past two years, from 55 “sorties” to Mexico in 2009 to 121 last year. Klein expects the “unrest to continue down there, unless the government can get control,” and therefore more business for his company. But Klein is reluctant to discuss details.

One reason for the reluctance, according to a Triple Canopy employee speaking on background to Danger Room, is sheer risk. “The thing about working in Mexico is despite what movies or T.V. or popular perception might be is that nobody down there is armed on an executive protection detail. The Mexicans will not allow it — period,” the employee said. And not only that, if the cartels do attempt an assassination, they will “kill the protective detail too just to make sure all the loose ends are tied up.”

Mexico does indeed prohibit foreign nationals from carrying weapons. Instead, companies have subcontracted out the gun-slinging to Mexican freelancers and local firms. Rather than an armed U.S. mercenary team, a typical security detail includes two unarmed “detail leaders” from the U.S. in charge of four armed Mexican guards, hired from local firms or police officers moonlighting for extra pay. The U.S. agents call the shots and pick the travel routes, while the Mexican guards provide the muscle and firepower.

But the reliance U.S. mercs have on their armed Mexican subcontractors comes with another set of risks: the subcontractors can be easily out-bidded. Morrison said that “on a Tuesday, this group may be a completely solid group and Thursday they’ve been corrupted by the cartels.”

But whether the demand in border states like Texas is being fueled by actual threats of kidnapping or just the fear it could happen, however, is hard to ascertain. But Mexican citizens are facing a different level of risk. In a nod to the reality of the sometimes blurry distinctions between legitimate business in Mexico and organized crime, Morrison added that clients have told him: “‘A competitor made a play for my company and I have to come in and make sure they don’t strengthen that play by snatching my kid.’”

Click the Resume button on the Status Display or the CONTINUE button on the printer panel.

The question in the title How Far Can You Go? applies to both the undermining of traditional religious belief by radical theology and the undermining of literary convention by the device of "breaking frame"...

Welcome to french pain on Facebook. Join now to write reviews and connect with french pain. Help your friends discover great places to visit by recommending french pain.

The Apache Software Foundation has announced the availability of Apache 2.4, a major update of the popular open source HTTP server. The arrival of the new version, which is the first major release of Apache in six years, coincides with the software's 17th anniversary.

The Apache project emerged in 1995 around a fork of a Web server that was originally developed at the National Center for Supercomputing Applications (NCSA). Apache became the Web's number one HTTP server is currently used by 400 million websites around the world, powering roughly 60 percent of all active domains.

The new version of Apache introduces a number of new features and technical improvements that will help it retain its standing. The developers say that version 2.4 is significantly more efficient than its predecessor, offering better performance and lower resource consumption.

"This release delivers a host of evolutionary enhancements throughout the server that our users, administrators, and developers will welcome," Apache server vice president Eric Covener wrote in a statement. "We've added many new modules in this release, as well as broadened the capability and flexibility of existing features".

One improvement that is particularly worth noting is that the multiprocessing module system (MPM) has been improved so that the desired module can be selected at runtime. Various MPMs implement different behaviors for how the HTTP server spreads its workload across threads and processes.

Previously, the desired module had to be selected during the configuration step of the build process. In version 2.4, it's now possible to select multiple MPMs during configuration and specify the one that should be used at runtime. This will offer more flexibility in Apache deployments.

Although Apache is highly popular and deeply entrenched, it is facing some fresh competition from nginx, an open source Web server that has seen dramatic growth in adoption over the past year. The latest statistics show that nginx has become the second most popular server, surpassing Microsoft's IIS.

Adopters generally cite superior performance as the reason why they replace Apache with nginx. According to some benchmarks (PDF) demonstrated by Apache Software Foundation president Jim Jagielski, Apache 2.4 offers competitive performance.

For more details about the release, you can refer to the official launch announcement. An overview of the new features can be found in the Apache 2.4 documentation.

Read the comments on this post

Ads by Project Wonderful! Your ad could be here, right now.

Oh my gosh you guys, QC reader Glenn Case and his friend Rachael made a COMPLETELY ADORABLE version of the wake-up song from yesterday's comic! You can listen to it here, or here if that first link goes down). I am pleased beyond description. I am also working on a rather...different interpretation of the song, which I may post tomorrow if I finish it in time.

In other news, this auction is completely ridiculous.

Scott Henry scoured the Web for a good deal on buying tax preparation software. His search ended at Blvdsoftware.com, which advertised a great price and an instant download. But when it came time to install the software, Henry began to have misgivings about the purchase, and reached out KrebsOnSecurity for a gut-check on whether trusting the software with his tax information was a wise move.

Five days after Henry purchased the product, blvdsoftware.com vanished from the Internet.

Several red flags should have stopped him from making the purchase. Blvdsoftware.com claimed it had been in business since 2005, but a check of the site’s WHOIS registration records showed it was created in late October 2011. The site said that Blvdsoftware was a company in Beverly Hills, Calif., but the California Secretary of State had no record of the firm, and Google Maps knew nothing of the business at its stated address.

Henry said that in years past, he’d always bought a CD version of the software. But this year, he opted for digital download.

“I was going to download from Amazon — they sell a download-only version — and then I saw the cheaper site and went with them,” he said in an email. He installed the program, but said he didn’t enter any of his sensitive data. For one thing, he never received a license key from Blvdsoftware, and the program he installed didn’t request one. Now he’s wondering if the program was — at the very least pirated — and at worst — bundled with software designed to surreptitiously snoop on his computer.

The errant buy was doubly insulting because Henry bought the software using a prepaid debit card, and now finds himself unable to dispute the charge.

Buying software from random sites or companies you know nothing about and haven’t researched is a bad idea all around. But fail to do due diligence on a bargain site that sells tax return software and you could be handing your identity and computer over to cyber thieves.

If you’re in the market for tax software downloads, save yourself the worry and hassle, and stick to known and trusted outlets online. Search for any of the titles listed at the cached version of Blvdsoftware’s site and you will probably discover that after the first page of results the vendors start to look pretty sketchy. Also, avoid using debit cards for online purchases.

If your income is $57,000 or less, you can file your taxes online for free using IRS’ Free File software, available at no charge here. And remember that the IRS does not initiate contact with taxpayers via email. If, however, you do receive a snail mail notice from the IRS about more than one tax return being filed in your name, or that you were paid by an employer you don’t know, someone may be trying to fraudulently file a tax return on your behalf. See this page from the Federal Trade Commission for more information on tax related identity theft.

We’ve finally reached the point in this series that I’ve been waiting for. In this post I am going to share the most crucial piece of floating-point math knowledge that I have. Here it is:

[Floating-point] math is hard.

You just won’t believe how vastly, hugely, mind-bogglingly hard it is. I mean, you may think it’s difficult to calculate when trains from Chicago and Los Angeles will collide, but that’s just peanuts to floating-point math.

Seriously. Each time I think that I’ve wrapped my head around the subtleties and implications of floating-point math I find that I’m wrong and that there is some extra confounding factor that I had failed to consider. So, the lesson to remember is that floating-point math is always more complex than you think it is. Keep that in mind through the rest of the post where we talk about the promised topic of comparing floats, and understand that this post gives some suggestions on techniques, but no silver bullets.

Previously on this channel…

This is the fifth chapter in what is currently a four chapter series. The previous posts include:

• 1: Tricks With the Floating-Point Format – an overview of the float format
• 2: Stupid Float Tricks – incrementing the integer representation
• 3: Don’t Store That in a Float – a cautionary tale about time
• 3b: They sure look equal… – special bonus post (not on altdevblogaday), ranting about Visual Studio’s float failings
• 4: Comparing Floating Point Numbers, 2012 Edition (return *this;)

Comparing for equality

Floating point math is not exact. Simple values like 0.1 cannot be precisely represented using binary floating point numbers, and the limited precision of floating point numbers means that slight changes in the order of operations or the precision of intermediates can change the result. That means that comparing two floats to see if they are equal is usually not what you want. GCC even has a warning for this: “warning: comparing floating point with == or != is unsafe”.

Here’s one example of the inexactness that can creep in:

    float f = 0.1f;
    float sum;
    sum = 0;
 
    for (int i = 0; i < 10; ++i)
        sum += f;
    float product = f * 10;
    printf("sum = %1.15f, mul = %1.15f, mul2 = %1.15f\n",
            sum, product, f * 10);

This code shows two ancient and mystical techniques for calculating ‘one’. I call these techniques “iterative-adding” and “multiplying”. And, just to show how messy this stuff is I do the multiplication twice. That’s three separate calculations of the same thing. Naturally we get three different results, and only one of them is the unity we were seeking:

sum = 1.000000119209290, mul = 1.000000000000000, mul2 = 1.000000014901161

Disclaimer: the results you get will depend on your compiler and your compiler settings, which actually helps make the point.

So what happened, and which one is correct?

What do you mean ‘correct’?

Before we can continue I need to make clear the difference between 0.1, float(0.1), and double(0.1). In C/C++ 0.1 and double(0.1) are the same thing, but when I say “0.1” in text I mean the exact base-10 number, whereas float(0.1) and double(0.1) are rounded versions of 0.1. And, to be clear, float(0.1) and double(0.1) don’t have the same value, because float(0.1) has fewer binary digits, and therefore has more error. Here are the values for 0.1, float(0.1), and double(0.1):

With that settled, let’s look at the results of the code above:

1. sum = 1.000000119209290: this calculation starts with a rounded value and then adds it ten times with potential rounding at each add, so there is lots of room for error to creep in. The final result is not 1.0, and it is not 10 * float(0.1). However it is the next representable float above 1.0, so it is very close.
2. mul = 1.000000000000000: this calculation starts with a rounded value and then multiplies by ten, so there are fewer opportunities for error to creep in. It turns out that the conversion from 0.1 to float(0.1) rounds up, but the multiplication by ten happens to, in this case, round down, and sometimes two rounds make a right. So we get the right answer for the wrong reasons. Or maybe it’s the wrong answer, since it isn’t actually ten times float(0.1)
3. mul2 = 1.000000014901161: this calculation starts with a rounded value and then does a double-precision multiply by ten, thus avoiding any subsequent rounding error. So we get a different right answer – the exact value of 10 * float(0.1) (which can be stored in a double but not in a float).

So, answer one is incorrect, but it is as close to 1.0 as a float can get without being there. Answer two is arguably correct, but so is answer three.

Now what?

Now we have a couple of different answers (I’m going to ignore the double precision answer), so what do we do? What if we are looking for results that are equal to one, but we also want to count any that are plausibly equal to one – results that are “close enough”.

Epsilon comparisons

If comparing floats for equality is a bad idea then how about checking whether their difference is within some error bounds or epsilon value, like this:

bool isEqual = fabs(f1 – f2) <= epsilon;

With this calculation we can express the concept of two floats being close enough that we want to consider them to be equal. But what value should we use for epsilon?

Given our experimentation above we might be tempted to use the error in our sum, which was about 1.19e7f. In fact, there’s even a define in float.h with that exact value, and it’s called FLT_EPSILON.

Clearly that’s it. The header file gods have spoken and FLT_EPSILON is the one true epsilon!

Except that that is rubbish. For numbers between 1.0 and 2.0 FLT_EPSILON represents the difference between adjacent floats. For numbers smaller than 1.0 an epsilon of FLT_EPSILON quickly becomes too large, and with small enough numbers FLT_EPSILON may be bigger than the numbers you are comparing!

For numbers larger than 2.0 the gap between floats grows larger and if you compare floats using FLT_EPSILON then you are just doing a more-expensive and less-obvious equality check. For numbers above 16777216 the appropriate epsilon to use for floats is actually greater than one, and a comparison using FLT_EPSILON just makes you look foolish. We don’t want that.

Relative epsilon comparisons

The idea of a relative epsilon comparison is to find the difference between the two numbers, and see how big it is compared  to their magnitudes. In order to get consistent results you should always compare the difference to the larger of the two numbers. In English:

To compare f1 and f2 calculate diff = fabs(f1-f2). If diff is smaller than n% of max(abs(f1),abs(f2)) then f1 and f2 can be considered equal.

In code:

bool AlmostEqualRelative(float A, float B, float maxRelDiff)
{
    // Calculate the difference.
    float diff = fabs(A - B);
    A = fabs(A);
    B = fabs(B);
    // Find the largest
    float largest = (B > A) ? B : A;
 
    if (diff <= largest * maxRelDiff)
        return true;
    return false;
}

This function is not bad. It works. Mostly. I’ll talk about the limitations later, but first I want to get to the point of this article – the technique that I first suggested many years ago.

When doing a relative comparison of floats it works pretty well to set maxRelDiff to FLT_EPSILON, or some small multiple of FLT_EPSILON. Anything smaller than that and it risks being equivalent to no epsilon. You can certainly make it larger, if greater error is expected, but don’t go crazy. However selecting the correct value for maxRelativeError is a bit tweaky and non-obvious and the lack of a direct relationship to the floating point format being used makes me sad.

ULP, he said nervously

We already know that adjacent floats have integer representations that are adjacent. This means that if we subtract the integer representations of two numbers then the difference tells us how far apart the numbers are in float space. That brings us to:

Dawson’s obvious-in-hindsight theorem:

If the integer representations of two same-sign floats are subtracted then the absolute value of the result is equal to one plus the number of representable floats between them.

In other words, if you subtract the integer representations and get one, then the two floats are as close as they can be without being equal. If you get two then they are still really close, with just one float between them. The difference between the integer representations tells us how many Units in the Last Place the numbers differ by. This is usually shortened to ULP, as in “these two floats differ by two ULPs.”

So let’s try that concept:

/* See
http://randomascii.wordpress.com/2012/01/11/tricks-with-the-floating-point-format/
for the potential portability problems with the union and bit-fields below.
*/
union Float_t
{
    Float_t(float f1 = 0.0f) : f(f1) {}
	// Portable sign-extraction
	bool Sign() const { return (i >> 31) != 0; }
 
    int32_t i;
    float f;
    struct
    {   // Bitfields for exploration. Do not use in production code.
        uint32_t mantissa : 23;
        uint32_t exponent : 8;
        uint32_t sign : 1;
    } parts;
};
 
bool AlmostEqualUlps(float A, float B, int maxUlpsDiff)
{
    Float_t uA(A);
    Float_t uB(B);
 
    // Different signs means they do not match.
    if (uA.Sign() != uB.Sign())
    {
        // Check for equality to make sure +0==-0
        if (A == B)
            return true;
        return false;
    }
 
    // Find the difference in ULPs.
    int ulpsDiff = abs(uA.i - uB.i);
    if (ulpsDiff <= maxUlpsDiff)
        return true;
 
    return false;
}

This is tricky and perhaps profound.

The check for different signs is necessary for several reasons. Subtracting the signed-magnitude representation of floats using twos-complement math isn’t particularly meaningful, and the subtraction would produce a 33-bit result and overflow. Even if we deal with these technical issues it turns out that an ULPs based comparison of floats with different signs doesn’t even make sense.

After the special cases are dealt with we simply subtract the integer representations, get the absolute value, and now we know how different the numbers are. The ‘ulpsDiff’ value gives us the number of floats between the two numbers (plus one) which is a wonderfully intuitive way of dealing with floating-point error.

One ULPs difference good (adjacent floats).

One million ULPs difference bad (kinda different).

Comparing numbers with ULPs is really just a way of doing relative comparisons. It has different characteristics at the extremes, but in the range of normal numbers it is quite well behaved. The concept is sufficiently ‘normal’ that boost has a function for calculating the difference in ULPs between two numbers.

A one ULP difference is the smallest possible difference between two numbers. One ULP between two floats is far larger than one ULP between two doubles, but the nomenclature remains terse and convenient. I like it.

ULP versus FLT_EPSILON

It turns out checking for adjacent floats using the ULPs based comparison is quite similar to using AlmostEqualRelative with epsilon set to FLT_EPSILON. For numbers that are slightly above a power of two the results are generally the same. For numbers that are slightly below a power of two the FLT_EPSILON technique is twice as lenient. In other words, if we compare 4.0 to 4.0 plus two ULPs then a one ULPs comparison and a FLT_EPSILON relative comparison will both say they are equal. However if you compare 4.0 to 4.0 minus two ULPs then a one ULPs comparison will say they are not equal (of course) but a FLT_EPSILON relative comparison will say that they are equal.

This makes sense. Adding two ULPs to 4.0 changes its magnitude twice as much as subtracting two ULPs, because of the exponent change. Neither technique is better or worse because of this, but they are different.

If my explanation doesn’t make sense then perhaps my programmer art will:

ULP based comparisons also have different performance characteristics. ULP based comparisons are more likely to be efficient on architectures such as SSE which encourage the reinterpreting of floats as integers. However ULPs based comparisons can cause horrible stalls on other architectures, due to the cost of moving float values to integer registers.

Normally a difference of one ULP means that the two numbers being compared have similar magnitudes – the larger one is usually no larger than 1.000000119 times larger than the smaller. But not always. Some notable exceptions are:

• FLT_MAX to infinity – one ULP, infinite ratio
• zero to the smallest denormal – one ULP, infinite ratio
• smallest denormal to the next smallest denormal – one ULP, two-to-one ratio
• NaNs – two NaNs could have very similar or even identical representations, but they are not supposed to compare as equal
• Positive and negative zero – two billion ULPs difference, but they should compare as equal
• One ULP above a power of two is twice as big a delta as one ULP below

That’s a lot of notable exceptions. For many purposes you can ignore NaNs (you should be enabling illegal operation exceptions so that you find out when you generate them) and infinities (ditto for overflow exceptions) so that leaves denormals and zeros as the biggest possible problems. In other words, numbers at or near zero.

Infernal zero

It turns out that the entire idea of relative epsilons breaks down near zero. The reason is fairly straightforward. If you are expecting a result of zero then you are probably getting it by subtracting two numbers. In order to hit exactly zero the numbers you are subtracting need to be identical. If the numbers differ by one ULP then you will get an answer that is small compared to the numbers you are subtracting, but enormous compared to zero.

Consider the sample code at the very beginning. If we add float(0.1) ten times then we get a number that is obviously close to 1.0, and either of our relative comparisons will tell us that. However if we subtract 1.0 from the result then we get an answer of FLT_EPSILON, where we were hoping for zero. If we do a relative comparison between zero and FLT_EPSILON, or pretty much any number really, then the comparison will fail. In fact, FLT_EPSILON is 872,415,232 ULPs away from zero, despite being a number that most people would consider to be pretty small.

For another example, consider this calculation:

float someFloat = 67329.2348f; // arbitrarily chosen
// exactly one ULP away from 'someFloat'
float nextFloat = NearbyFloat(someFloat, 1);
// Returns true, numbers one ULP apart.
bool equal = AlmostEqualUlps( someFloat, nextFloat, 1);

Our test shows that someFloat and nextFloat are very close – they are neighbors. All is good. But consider what happens if we subtract them:

float diff = nextFloat - someFloat; // .0078125000
Float_t fDiff_t(diff);
// returns false, diff is 1,006,632,960 ULPs away from zero
bool equal = AlmostEqualUlps( diff, 0.0f, 1 );

While someFloat and nextFloat are very close, and their difference is small by many standards, ‘diff’ is a vast distance away from zero, and will dramatically and emphatically fail any ULPs or relative based test that compares it to zero.

There is no easy answer to this problem.

The most generic answer to this quandary is to use a mixture of absolute and relative epsilons. If the two numbers being compared are extremely close – whatever that means – then treat them as equal, regardless of their relative values. This technique is necessary any time you are expecting an answer of zero due to subtraction. The value of the absolute epsilon should be based on the magnitude of the numbers being subtracted – it should be something like maxInput * FLT_EPSILON. Unfortunately this means that it is dependent on the algorithm and the inputs. Charming.

The ULPs based technique also breaks down near zero for the technical reasons discussed just below the definition of AlmostEqualUlps.

Doing a floating-point absolute epsilon check first, and then treating all other different-signed numbers as being non-equal is the simpler and safer thing to do. Here is some possible code for doing this, both for relative epsilon and for ULPs based comparison, with an absolute epsilon ‘safety net’ to handle the near-zero case:

bool AlmostEqualUlpsAndAbs(float A, float B,
            float maxDiff, int maxUlpsDiff)
{
    // Check if the numbers are really close -- needed
    // when comparing numbers near zero.
    float absDiff = fabs(A - B);
    if (absDiff <= maxDiff)
        return true;
 
    Float_t uA(A);
    Float_t uB(B);
 
    // Different signs means they do not match.
    if (uA.Sign() != uB.Sign())
        return false;
 
    // Find the difference in ULPs.
    int ulpsDiff = abs(uA.i - uB.i);
    if (ulpsDiff <= maxUlpsDiff)
        return true;
 
    return false;
}
 
bool AlmostEqualRelativeAndAbs(float A, float B,
            float maxDiff, float maxRelDiff)
{
    // Check if the numbers are really close -- needed
    // when comparing numbers near zero.
    float diff = fabs(A - B);
    if (diff < maxDiff)
        return true;
 
    A = fabs(A);
    B = fabs(B);
    float largest = (B > A) ? B : A;
 
    if (diff <= largest * maxRelDiff)
        return true;
    return false;
}

Catastrophic cancellation, hiding in plain sight

If we calculate f1 – f2 and then compare the result to zero then we know that we are dealing with catastrophic cancellation, and that we will only get zero if f1 and f2 are equal. However, sometimes the subtraction is not so obvious.

Consider this code:

sin(pi);

It’s straightforward enough. Trigonometry teaches us that the result should be zero. But that is not the answer you will get. For double-precision and float-precision values of pi the answers I get are:

sin(double(pi)) = +0.00000000000000012246467991473532
sin(float(pi))     = -0.000000087422776

If you do an ULPs or relative epsilon comparison to the correct value of zero then this looks pretty bad. It’s a long way from zero. So what’s going on? Is the calculation of sin() really that inaccurate?

Nope. The calculation of sin() is pretty close to perfect. The problem lies elsewhere. But to understand what’s going on we have to invoke… calculus!

But first we have to acknowledge that we aren’t asking the sin function to calculate sin(pi). Instead we are asking it to calculate sin(double(pi)) or sin(float(pi)). What with pi being a transcendental and irrational and all it should be no surprise that pi cannot be exactly represented in a float, or even in a double.

Therefore, what we are really calculating is sin(pi-theta), where theta is a small number representing the difference between ‘pi’ and float(pi) or double(pi).

Calculus teaches us that, for sufficiently small values of theta, sin(pi-theta) == theta. Therefore, if our sin function is sufficiently accurate we would expect sin(double(pi)) to be roughly equal to pi-double(pi). In other words, sin(double(pi)) actually calculates the error in double(pi)! This is best shown for sin(float(pi)) because then we can easily add float(pi) to sin(float(pi)) using double precision. Insert table here:

If you haven’t memorized pi to 15+ digits then this may be lost on you, but the salient point is that float(pi) + sin(float(pi)) is a more accurate value of pi than float(pi). Or, alternately, sin(float(pi)) tells you nothing more than the error in float(pi).

Woah. Dude.

Again: sin(float(pi)) equals the error in float(pi).

I’m such a geek that I think that is the coolest thing I’ve discovered in quite a while.

Think about this. Because this is profound. Here are the results of comparing sin(‘pi’) to the error in the value of ‘pi’ passed in:

sin(double(pi)) = +0.0000000000000001224646799147353207
pi-double(pi)   = +0.0000000000000001224646799147353177
sin(float(pi))  = -0.000000087422776
pi-float(pi)    = -0.000000087422780

Wow. Our predictions were correct. sin(double(pi)) is accurate to sixteen to seventeen digits as a measure of the error in double(pi), and sin(float(pi)) is accurate to six to seven digits. The main reason the sin(float(pi)) results are less accurate is because operator overloading translates this to (float)sin(float(pi)).

I think it is perversely wonderful that we can use double-precision math to precisely measure the error in a double precision constant. If VC++ would print the value of double(pi) to more digits then we could use this and some hand adding to calculate pi to over 30 digits of accuracy!

You can see this trick in action with a calculator. Just put it in radians mode, try these calculations, and note how the input plus the result add up to pi. Nerdiest bar trick ever:

pi =3.1415926535…

sin(3.14)
   =0.001592652
sin(3.1415)
   =0.000092654
sin(3.141502050)
   =0.000090603

The point is, that sin(float(pi)) is actually calculating pi-float(pi), which means that it is classic catastrophic cancellation. We should expect an absolute error (from zero) of up to about 3.14*FLT_EPSILON/2, and in fact we get a bit less than that.

Know what you’re doing

There is no silver bullet. You have to choose wisely.

• If you are comparing against zero, then relative epsilons and ULPs based comparisons are usually meaningless. You’ll need to use an absolute epsilon, whose value might be some small multiple of FLT_EPSILON and the inputs to your calculation. Maybe.
• If you are comparing against a non-zero number then relative epsilons or ULPs based comparisons are probably what you want. You’ll probably want some small multiple of FLT_EPSILON for your relative epsilon, or some small number of ULPs. An absolute epsilon could be used if you knew exactly what number you were comparing against.
• If you are comparing two arbitrary numbers that could be zero or non-zero then you need the kitchen sink. Good luck and God speed.

Above all you need to understand what you are calculating, how stable the algorithms are, and what you should do if the error is larger than expected. Floating-point math can be stunningly accurate but you also need to understand what it is that you are actually calculating. If you want to learn more about algorithm stability you should read up on condition numbers and consider getting Michael L Overton’s excellent book Numerical Computing with IEEE Floating Point Arithmetic.

The true value of a float

In order to get the results shown above I used the same infinite precision math library I created for Fractal eXtreme to check all the math and to print numbers to high precision. I also wrote some simple code to print the true values of floats and doubles. Next time I’ll share the techniques and code used for this extended precision printing – unlocking one more piece of the floating-point puzzle, and explaining why, depending on how you define it, floats have a decimal precision of anywhere from one to over a hundred digits.

Christopher Meinck, EverythingiCafe:

In previous years, baseball fans who subscribed to MLB At Bat were charged an additional fee to use MLB At Bat for iPad and yet another charge for the iPhone app. This year, we’ve just confirmed that MLB At Bat 12 will be free with your subscription, which remains at $119.99 for existing subscribers. New subscriptions will be priced at $124.99. This enables you to receive 150 Spring Training games and all 2430 regular season games (some games are subject to blackout), with no added cost for either the iPhone or iPad apps.

I like this change. Previously they had separate free and paid apps, plus the subscription fee for watching live ballgames. This is much simpler: apps are free, subscriptions cost $125. Easy. (If you like baseball, trust me, it’s money well-spent.)

(Via 9to5 Mac.)

Dustin Curtis:

After basically admitting defeat in the consumer PC market and promising to focus on enterprise IT and “mobile services” last year, Dell has found itself in the midst of a confusing transition. It is caught between two markets that are dramatically changing. Consumer PCs are dying. Enterprise IT problems are being solved increasingly by “cloud-based” solutions using generic or custom-built equipment. The future viability of Dell’s hardware products, which already have razor-thin margins, does not look great.

Put another way, Dell has no strengths in any market that’s growing. They’re a relic.

As a side note, I found this quote from Michael Dell interesting. The Journal asked him what had most surprised him since returning as Dell CEO four years ago. He replied:

I’d say [the] rapid rise of the tablet. I didn’t completely see that coming. Tablets aren’t really new, in the sense that the tablet PC idea’s been around for a while. Obviously, more recent products have been much more successful.

“More recent products”. I’ve started to notice a trend where Apple competitors can’t bring themselves to mention the iPad by name. There are no other successful tablets. It’s just one: the iPad.

Dan Frakes:

With Messages beta, my colleagues don’t see me as being online. Fewer work interruptions, I suppose.

I had the same problem. I could see my AIM buddies, but none of my AIM buddies could see me. (Listeners of The Talk Show live broadcast last week could hear me discover this problem.) I think the problem only affects AIM users with a @mac.com AIM ID. When you upgrade from iChat to Messages, Messages assumes you want to use @me.com as your AIM ID. Apple itself treats example@me.com and example@mac.com as synonymous, but AIM does not. So what Messages is doing is logging you in as example@me.com, but you need to be logged in as example@mac.com for your buddies to see you.

Solution: Delete your AIM account in Messages’s preferences, then recreate it. In addition to restoring your visibility to your buddies, it also restores your ability to transfer files.

I seldom use draft messages on the iPhone because it’s so cumbersome to get back to them. This tip might change that. (Via Dan Frakes.)

AUCKLAND, New Zealand—File-sharing magnate Kim Dotcom was granted bail Wednesday morning New Zealand time, after the judge hearing his application ruled that the Megaupload founder has no access to funds to help him flee the country.

As part of the bail conditions, Dotcom must reside at his leased Coatesville, Auckland mansion. He cannot travel more than 80 kilometers, or 50 miles, from the Coatesville residence on which no helicopters are allowed. Earlier bail applications by Dotcom failed as he was thought to have access to helicopters and chartered private jet planes with which he could flee New Zealand.

Read the comments on this post

Newly announced project from Canonical to create Android phones which you can dock and get a full Ubuntu desktop. Perhaps the first realization of Philip Greenspun’s “Mobile Phone as Home Computer” idea from 2005? This is sort of the opposite of cloud computing. Cloud computing is “access your stuff from any device”; this is “take your stuff with you”. I don’t think this is the way to go, but it’s an interesting idea.

Jamie Keene at The Verge has a hands-on with a prototype.

More on App Store scam apps, from Trevor Gilbert at PandoDaily. Apple needs a zero tolerance policy on this crap. (Via Shawn King.)

Speaking of Phill Ryu and Impending, they collaborated with Realmac Software on a new to-do list app for the iPhone. I don’t like everything about it (I don’t think apps other than games and video players should hide the status bar, for one thing), but my complaints are niggles. In the large, it’s a damn clever app, with a very thoughtful interaction design focused on letting you do a few simple things very easily.

My cardinal rule of to-do list apps is that priority should be implicit by task order. Drag more important/urgent items up, drag less import/urgent items down. Clear gets this right. Apple’s Reminders app gets this completely wrong.

Presumably it is also behind a door marked "BEWARE OF THE LEOPARD".

The Roof Terrace at One Kearny shows why we're lucky that San Francisco requires downtown developers to provide space in their projects that is accessible to the public at large. [...]

But the only exterior hint that the terrace exists is a see-through sign etched into the glass at knee level by the front door. Once inside, a guard requires you to sign in before going farther.

Previously, previously.

At one point this week, two of the top ten paid iPhone apps were outright scams. Phill Ryu has a good set of suggestions for Apple should address this. Being able to get a refund within a short window after first installing the app, for example.

Click below (subscribers only) for the full story.