A good friend deep in the security community once told me, off hand, that EC2 was "owned." I didn't take this too seriously until another good friend, who has been working at Amazon for the past several years, told me that engineers at Amazon were generally forbidden from using AWS due to security concerns.
That much said, I still decided to use EC2/RDS/S3 to host the infrastructure of my latest startup. It is just too convenient to walk away from. Once it matters, I can move the critical stuff to dedicated servers.
EDIT: To clarify, I'm not suggesting that Amazon knows AWS is "owned" and offers it to others anyway. I'm only noting that, for certain critical services, they themselves do not appear willing to take the risk.
I've worked with Amazon Web Services security people in the past, and while they're not perfect (nobody is) I have always had the impression that they take security seriously. AWS has many very large customers, including the US government and companies handling HIPAA-restricted data; based on the assumption that Amazon employees don't want to be thrown in jail for 10 years, I think it's safe to say that if EC2 is is "0wned" as you claim, it's certainly not well known within Amazon.
I agree -- but fraudulently violating HIPAA (e.g., if you advertised "this is a safe place to put your HIPAA data" while knowing that it wasn't safe) is probably a rather different matter.
Colin was implying that negligent management of EC2 could leave Amazon employees criminally liable. Obviously anybody who "owned up" EC2 is already a criminal.
"...told me that engineers at Amazon were generally forbidden from using AWS due to security concerns."
The opposite is the case: there has been a huge push for some time to move (significant) parts of Amazon retail to AWS. It's extremely complex and service quality is paramount, so it takes a while to make it all happen.
My friend from Amazon works in the supply-chain side of things, and he said he really wants to use it, but everything has to be encrypted and some stuff is off limits.
I take it you work on the retail side of things? I'd be interested to hear any more details that you can share.
That certain services can't yet be moved to AWS is not an an indicator AWS is compromised. Several services, for example the payments infrastructure, are subject to regulations that make it challenging to implement _at all_, much less in a shared environment like AWS. Again, this is not an argument that AWS is compromised, and teams at Amazon are absolutely using AWS.
"A good friend deep in the security community once told me, off hand, that EC2 was "owned." I didn't take this too seriously until another good friend, who has been working at Amazon for the past several years, told me that engineers at Amazon were generally forbidden from using AWS due to security concerns."
"EDIT: To clarify, I'm not suggesting that Amazon knows AWS is "owned" and offers it to others anyway. I'm only noting that, for certain critical services, they themselves do not appear willing to take the risk."
I may not be the smartest guy, but it seems to me that's exactly what you are saying.
I'm not sure where the confusion lies, but I'm guessing you see "security concerns" as equivalent to "knowledge of ownership"?
It seems to me those are entirely different things, as one can be concerned about potential threat without knowing if it is real or not. But I do not work in the security community myself and may be using language sloppily.
I would be much obliged if you could show me where the crux of the confusion lies.
To paraphrase what you said: "I didn't take [statement A] seriously until [statement B]."
statement A = EC2 was owned
statement B = engineers at Amazon forbidden from using AWS
Perhaps English isn't your first language, but the way you've phrased it, you're relying on statement B as evidence/proof of statement A, directly implying a connection between the two. It's difficult to read it any other way.
Rewording your original comment: "It was only when that I heard that engineers at Amazon were forbidden from using AWS that I took seriously the comment that EC2 was owned."
Thanks for the reply. There is a connection, of course, but it is not that Amazon knows. Statement B is evidence in the sense that it suggests Amazon does not believe security is sufficiently iron-clad around EC2, which would allow for statement A to be possible in the first place.
I honestly did not expect my comment to create such angst. I recognize that the wording was a bit confusing, but it seems the main thing people are upset about is that I am spreading FUD. Of course that would be quite inappropriate if it was completely unfounded, but I have stated exactly where my concerns came from, so it seems perfectly legit to me.
Your reply is very reasonable and polite, but I am disappointed at the bulk of knee-jerk reactions to this post, as well as their passive aggressive/ad-hominen nature.
Perhaps I am just in a poor mood, but I believe I will be moving on from HN. It was one of the few excuses left for me to procrastinate, so at least I should be more productive. ;)
EDIT: This, by the way, is an excellent article, though somewhat dated, on some of the security shortcomings of EC2. Note it does not address the "nightmare scenario" that Xen (the virtual machine software) is itself vulnerable.
While this is disconcerting, I wouldn't make any business decisions based on such a claim. The idea that EC2 is "owned" without Amazon knowing about it is closing in on absurdity. I've worked directly with Amazon as an outside vendor and they are very security concious, to the point of near paranoia.
While I agree it is hard to believe, it would be even more surprising if Amazon did know about it. The fact that they do not use AWS internally suggests that---at least with their level of paranoia---they seem to suspect AWS themselves.
I'm not sure how you can say that so matter-of-factly. My security friend was talking about something that Amazon does not (and presumably very few people do) know. Meanwhile my friend at Amazon was just stating the fact that he was not supposed to use AWS, or only with extreme caution. Of course that may differ from department to department, if that's what you mean.
Your resume is very impressive, and I see that you obviously know a lot about security at Amazon, yet this by itself does not discount my points. Those are:
1) AWS could be compromised, as my first friend claimed, without Amazon knowing about it.
2) My second friend is not allowed to use AWS for security reasons.
The truth of the first point is indeterminable, I think we may agree. Meanwhile, the second point may indeed be due to my friend being misinformed, if for example, you are aware of a Amazon-wide policy that says engineers can use AWS willy-nilly, so long as they abide by general security regulations that are used elsewhere.
On the offchance you're not trolling: the reason you're getting downvoted has nothing to do with resumes, it's because you are throwing out unfounded hearsay FUD. Come back with some actual evidence for debate, otherwise you're no different than any one of a million irc script kiddies. Anyone with knowledge of such an exploit would either A) keep it secret or B) tell Amazon about it. Casually dropping it in conversation screams wannabe.
Resume - and the direct personal experience in the right department of the company you're smearing that resume includes - trumps unsourced (and frankly, hard to believe) hearsay.
I'm not sure there is any proof Rackspace Cloud is any more secure than EC2. AWS offers a Virtual Private Data Center service (VPC) which is highly secure. Rackspace Cloud has nothing like that. AWS also offers firewall management functionality which Rackspace Cloud does not. Amazon.com is run out of the same data centers as AWS.
Hmm, yes, that must have been the one he was reacting to. But he seems to be claiming it's a pattern. So let me modify that question: Are there any stories currently on HN that this is the anatomy of, that weren't themselves the inspiration for the post?
The title and tone do suggest he is making a general criticism of hacker news. Still, it says "A Hacker News Story", not "Any Hacker News Story" so the anatomy could be specific, but the main point more general.
It appears he is accusing us of groupthink.
I'm not sure how much merit that claim has---certainly he has presented no "actual research" himself, but it is an interesting criticism nonetheless.
Thanks.. I am working on a few graphs of the various trends and various email/portfolio screenshots to help users better illustrate the service. I'm still pondering how best to setp the Free option.
Launch. If it gets traction and it looks like court is the only other option, make a settlement with him. Don't worry what is "fair" or about the work you've already sunk in. Just make sure it's worth it for you, get him out of the way whatever it takes, and move on.
Good advice. Beyond that, I recommend surrounding yourself with critical, intelligent, trustworthy people. I bounce all my ideas off a core group of friends, and generally don't bother with anything until they all give the green light. Besides that, it's just ROI/risk evaluation. Unless you're already a millionaire, it is best to focus on lowest possible investment for the highest likely return. Later it may be worth taking bigger risks.
Having met Dave, I can say he's one of those people you immediately trust. The guy is set financially, and is only is the investment game for the fun of it.
And yeah, his style is bizarre, but that's just the way he likes it.
Anyway, if he says this is all much ado about nothing, he's almost certainly telling the truth.
Couldn't this be an expectation issue? Washing their hands signaled to the subjects that they were in a more "proper" social environment. To fit in, they may have judged the social issues more harshly.
A resume should play to your strengths, and not get too personal. If your grades were bad then, leave them off, but show how awesome you are anyway. If they ask at an interview, just be completely upfront about it. Say they were good in grad school, but bad in undergrad because you were sick.
we need to model everything that happens to the brain before it becomes a brain
Perhaps the disconnect here is that Kurzweil, operating from an information theory perspective, is neglecting the possibility that the biological environment in which a brain grows effectively adds a ton of "data" to the system. That is, it's not as if brains can spring fully formed from the genome itself, and a few basic rules--it requires a very complex environment. So we're probably talking far, far more than 50MB of "data" here.
Perhaps the disconnect here is that Kurzweil, operating from an information theory perspective, is neglecting the possibility that the biological environment in which a brain grows effectively adds a ton of "data" to the system
Please realize, despite the fact that pretty much everyone on HN is repeating this argument (the "data gets added to the system" argument), it is an extraordinary claim, and should require correspondingly extraordinary evidence if we're to consider it.
I'm going to justify this in excruciating detail, because the claim has now come up so many times.
But first, let's nail down the context, because if we can't agree on that then we really shouldn't even be discussing the topic (and I suspect the whole problem here is that Myers thinks they're arguing about something other than what Kurzweil is actually claiming) - we're discussing the amount of information that we would need to construct an effective intelligent algorithm. Not one particular algorithm, but any effective intelligent algorithm.
Here goes, a pseudo-mathematical breakdown of why this "data gets added" argument is so hideously wrong:
There's an entire infinite universe of "possible intelligence algorithms" (for the moment, we won't define this too precisely, but we'll hand wave and say that this universe consists of all algorithms that take the right inputs and provide the right outputs, whatever those are), most of which are utterly useless, and are certainly not intelligent. Let's call this universe U0.
Step one: let's cut U0 down to a finite practical size, eliminating ridiculous algorithms that we could never expect to implement. We can do this in a million ways, it doesn't really matter; for now, let's just say that we're cutting it down to algorithms that have possible physical realizations using the resources on our planet. That's still a huge number of algorithms. Call this U1.
Step two: Let's now trim U0 in a different way, picking out only the algorithms that we consider actually intelligent, however you want to define "intelligent". Name this (still infinite) set Z.
Step three: Take the intersection of Z (intelligent algorithms) with U1 (practical algorithms), call this set P. P is all the practical algorithms that qualify as "intelligent".
Now let Prob(I) = (size of P / size of U1), the probability that a randomly selected practical algorithm will be intelligent. This is an extremely small probability, but it's finite and non-zero (human intelligence suffices to prove that it's non-zero).
Step four: Now we slice up U1 in a different way, and create a set D_N: the set of all algorithms that can be specified by growing a human from a string of DNA of length N (and that ultimately run within the space constraints).
Step five: Set P(D_N) = intersection of D_N and P, all intelligent algorithms satisfying the space constraints that can be grown from a DNA string of length N.
Ok, that's a lot of sets, but it's okay, we don't need most of them. One last calculation:
Prob(D_N) = (size of P(D_N) / size of D_N), the probability that a randomly selected practical DNA-created algorithm will be intelligent.
No more set-fu, I promise. We've boiled it down to two probabilities, Prob(I), and Prob(D_N). These probabilities are proxies for the information content needed to pick an intelligent algorithm out of the corresponding sets of algorithms.
The "information gets added" claim has a very simple mathematical expression:
Prob(D_N) > Prob(I) when N = the length of human DNA
i.e. a randomly selected DNA-created algorithm with DNA length N has a greater probability of qualifying as intelligent than a randomly selected algorithm in general. And not just a little bit greater - you're saying that the fact that it's implemented via DNA makes the probability much higher, corresponding to the data difference you're claiming with the statement 'far, far more than 50MB of "data" here'.
Perhaps now you see the trouble: in order for me to consider the "data gets added" argument plausible, I need to hear an argument that suggests that a random construction based on DNA is far more likely to lead to an intelligent algorithm than a random construction in general.
Myers has not offered an argument in this direction. Neither has anyone else. Until someone does, the odds are overwhelmingly in Kurzweil's favor; statistically speaking, Myers is flat out wrong.
So I put the question to everyone: what's so special about the DNA construction process that makes it so much more likely to create intelligence than any other construction process we might conceive of?
I think there's an argument that DNA is more likely to lead to life (not intelligence) than an arbitrary coding scheme; that is, that with DNA it's easier to create life than you'd expect for a vanilla encoding scheme.
This assumes that during the billions of years on earth before DNA, lots of different chemicals came together, but if any self-replicating one came together, it would grow and still be around. Exceptions are if it wasn't very good at it and died out, or that DNA-based life attacked it or grew faster, crowding it and starving it (or bad luck wiped it out - but it could arise again.)
The fact that DNA did survive shows that DNA is indeed specially suited to encoding life. One might even try to estimate how specialized it is, by estimating how improbably it is, based on how long it took for a planet of experiments to arrive at it.
The details of how it's special could be in terms of protein folding, eg. that you can specify some really cool and useful folds, crucial for life, in surprisingly short DNA sequences. It's as if the search space of encoding schemes was scoured for schemes that in effect included a handy collection of library functions.
But this lovely (I think) argument doesn't apply to intelligence at all; nor even to mammals, or indeed animals - just for basic life. Once life existed, all the extra features were just hacked on.
But first, let's nail down the context, because if we can't agree on that then we really shouldn't even be discussing the topic (and I suspect the whole problem here is that Myers thinks they're arguing about something other than what Kurzweil is actually claiming) - we're discussing the amount of information that we would need to construct an effective intelligent algorithm.
If that's the question, then sure, I agree with you. In fact, I imagine something intelligent code be encoded with much less data.
My point was about the information content required for the human brain itself, and that seems to be what Kurzweil is talking about, at least:
The amount of information in the genome (after lossless compression, which is feasible because of the massive redundancy in the genome) is about 50 million bytes (down from 800 million bytes in the uncompressed genome). It is true that the information in the genome goes through a complex route to create a brain, but the information in the genome constrains the amount of information in the brain prior to the brain’s interaction with its environment.
You're absolutely right - looking at that quote (and looking through the original one that Myers responded to), he's overstated what we can conclude based on DNA length by a good amount (though Myers argument doesn't disprove the upper bound, by any means; it merely points out that Kurzweil's "proof" doesn't hold). The problematic phrase, which makes this argument pretty ambiguous, is "simulate the brain" - neither party has really pinned down what they mean by that, so it's hard to know what would qualify. In retrospect, I think I cut Kurzweil a little too much slack when deciding what he meant, esp. in light of his other writings on the topic...
It's a shame, because his argument is fully defensible if it's stated correctly and applied to the general problem of AI instead of to Kurzweil's pet theory that full brain simulation is the One True Way.
The amount of computation, and program expressibility involved in folding a protein is far far far more than you would expect from just counting the DNA that made that protein.
Yes, "fold proteins" is a member of a distinguished class of algorithms that DNA is exceptionally well suited to handle.
Similarly, "simulate shallow wave dynamics" is in the class of algorithms that a water tank is pretty near optimal for, and the "find local minima" problem is handled with remarkable ease by gravity and a rolling ball; we'd be hard pressed to write computer programs that solve any of these problems using fewer bits than we can get by with by using the real world to solve them instead.
But most algorithms are not made that easy by any of these computational substrates; in fact, vanishingly few of them are, and an algorithm is only likely to be "easy" relative to vanishingly few systems.
What would let us assume that "Do intelligence" is a member of the subset of problems that are made easy by the detailed workings of biology? Because the a priori probability that it falls into that class is just about zero...
From "counting the DNA", you would expect that the family of hundred-amino-acid-long peptides, which are encoded in strings of 300 bases, would have 4³⁰⁰ = 2⁶⁰⁰ possible three-dimensional conformations, or rather probability distributions over conformations, since many peptides have multiple stable conformations.
However, those 2⁶⁰⁰ sequences of bases are immediately reduced to 20¹⁰⁰ ≈ 2⁴³² possible sequences of amino acids (ignoring the start and stop codons, which are presumed to lie just before and just after the 300-base sequence in question).
Are you suggesting that these 2⁴³² different peptides somehow express many more than the 2⁶⁰⁰ different three-dimensional structures, or rather, probability distributions over them? Because that seems like a highly implausible claim, on the face of it.
Or are you going to answer, "Fucking arithmetic. How does it work?"
A good friend deep in the security community once told me, off hand, that EC2 was "owned." I didn't take this too seriously until another good friend, who has been working at Amazon for the past several years, told me that engineers at Amazon were generally forbidden from using AWS due to security concerns.
That much said, I still decided to use EC2/RDS/S3 to host the infrastructure of my latest startup. It is just too convenient to walk away from. Once it matters, I can move the critical stuff to dedicated servers.
EDIT: To clarify, I'm not suggesting that Amazon knows AWS is "owned" and offers it to others anyway. I'm only noting that, for certain critical services, they themselves do not appear willing to take the risk.