Some rumors that the admin of the servers was not arrested, but took the site down, to reconsider security and relocate servers, before starting up again.
That's why BTC-e does not show a giant FBI logo with a notice.
1. If you have to ask this question, you are quite far from being able to do it any time soon (and that's assuming you can find the vulnerabilities!),
2. You will predominantly sell your vulnerabilities, preferably weaponized as complete exploits, to firms that specialize in "vulnerability research" and "exploitation development" with close ties to government agencies.
It's much easier to find a firm that can act as a broker between you and the government agency than it is to knock on the right doors to sell it on your own, with no background or prior contact.
Fairly giving them a time investment of 30 minutes (reading CV, tailoring technical interview, answering questions) would mean 200 hours of productivity loss. There is no way to defend this to a company, especially when hiring more than 1 a year.
If no coding challenge then it all comes down to the CV. You'll miss out on promising humble candidates who lack the CV buzzword bingo, and get burned on mediocre candidates whose parents paid for them to go through a top university. That's not fair to the talent either.
Of course if someone completes the coding challenge, you give them the time investment they deserve (8-16 hours spread over multiple employees). You save this time by declining those that do very poorly on the challenge, or refuse to do it out right.
You may not have an idea how awkward and depressing a technical phone interview is with a candidate that is not suited to the role. And delegating this to HR/Recruiters is a surefire way to increase noise and crash the hopes of people who pass the screen, but fail badly on future interviews.
They were dumping it at 50% market price for ETH a few days ago. Don't know if they dumped it all or still sitting on a bit for when the market recovers.
I think it should be tested in court. Many ICOs are the textbook depictions of Ponzi schemes. When there is stealing, possibly self-stealing, involved the word "fraud" comes to mind.
- Since Cryptocurrency is international, the US SEC does not have jurisdiction everywhere in the world. When there is millions on the line, you could just move to another country and try a scheme, or direct a foreign lackey to do it.
- "The Federal Reserve simply does not have authority to supervise or regulate bitcoin in any way. To the best of my knowledge, there is no intersection at all in any way between Bitcoin and banks that the Federal Reserve has the ability to supervise and regulate."
- To count for an exchange you have to issue shares. Not everybody does this.
- Is cryptocurrency a token or a security?
- How to distinguish between nouveau riche BTC millionaires trying out their luck with an ICO and a criminal organization using it to launder money?
- Who is the single legal entity to target when the ICOs are distributed, and no single entity issues coins?
- What to do with those that profit from future illegal activity, as a 3rd party? Right now there is a lot of obvious market manipulation going on. Whales banding together to influence and set prices. Pumping up interest with bots and 5-cent army trolls. Selling stolen coins for 50% of market value. Sharing upcoming announcements with a small group of investors, devs, and supporters, allowing them to speculate on insider knowledge. How do they prove I must have known about the stolen coins, when the news hasn't even broken yet and I already put out a buy order of 50% of the price in case of a flash crash?
I'm talking about people buying the coins from the hacker on an exchange.
I think in my jurisdiction we have a law against pawning stolen goods: If the price is too good to be true (100$ macbook), and you still buy it, you can get your goods confiscated. But how does this translate to cryptocurrency and its volatile pricing (a 50% drop or increase in price is not extremely rare)? Is it illegal to set a buy order for 50% of the price? Especially if you set this before the hack, just hoping to cash in on a flash crash, I can't see which law you break.
About stealing coins, of course this (should) be against the law. But then again, data is not a good. For many jurisdictions, data isn't anything at all. You can not own data in the legal sense, because it only applies to tangible goods.
As to "stealing" coins by manipulating a smart contract, its a grey area. Of course in the real world, contracts can be breached in spirit, not only by the letter. But with smart contracts, you only have the letter of the contract: The code is law.
Looking at the coins as just "data" is ignoring a lot of what they are. Your bank account is just "data", but if I hacked into it and took the 1s and 0s making up your balance, well, there's no question that's a crime. Replace bank account with stock broker account and the same would apply. I don't see why it wouldn't be the same for cryptocurrency.
I fail to see how smart contracts is a grey area; if you're abusing a fault in the code, that's very clearly fraudulent behavior.
In short, there's a lot of "This is new! Things are different! The existing laws don't apply!" regarding some of these things, but I'm just not convinced. It may be harder to enforce or to prosecute, but that doesn't mean that it doesn't fall into existing laws.
> but if I hacked into it and took the 1s and 0s making up your balance, well, there's no question that's a crime.
It's a crime of computer / network intrusion. Not a crime of property law (you can't own a record in a database as property, and therefor I can not steal your property).
> if you're abusing a fault in the code, that's very clearly fraudulent behavior.
Another way to put this is that you are using the contract in a manner how it was defined by the author. Compare with a misconfigured web server showing open directories of files, or a robots.txt with a typo in it (ignore: /adminn). What is a fault and what is a feature? Who decides this? Solely the author of the contract? The parties involved (who splits the ties)? A majority of 3rd party volunteers? If everything is decentralized and open to anyone, whose computer network are you intruding/disturbing?
> doesn't mean that it doesn't fall into existing laws
If law was a software product, we are definitely a few pull requests behind its intended use. Look at how long it took to update authorship/copyright laws with the evolution of the internet, and how ugly things are when wrestled into the old framework of: I create it, I forever own it.
"It's a crime of computer / network intrusion. Not a crime of property law (you can't own a record in a database as property, and therefor I can not steal your property)."
This is quite wrong; it's still considered a crime of stealing from the bank. The law does not care if you used a computer to do it instead of using dynamite to break into the safe, nor should it.
"Another way to put this is that you are using the contract in a manner how it was defined by the author."
No. If you are using an undisclosed exploit, then that is not true in the least. If you are using something that is not equally known to both parties, and equally disclosed, then it is fraud. No amount of, "you should have known better" or "you should have done your research" will help you. Take the recent case of the hack involving Etherium. It exploited something in the "smart contracts" which very few people knew existed, and, judging by the actions of the team in charge, clearly was not meant to be there. But beyond that, if the contract were to be disputed in court, one thing that would become very clear is that no rational person would be expected to believe that was the intention of both signing parties. And thus, it would be decided that the contract was fraudulent.
"If everything is decentralized and open to anyone, whose computer network are you intruding/disturbing?"
So if I forget to lock my door, then my house should be free game for everyone?
> This is quite wrong; it's still considered a crime of stealing from the bank.
The law cares. Like I said, in many jurisdictions this was only recently amended with special clauses -- clarifying the distinction between physical and virtual goods. In some jurisdictions theft requires fraudulently taking a physical tangible good: virtual goods can not be stolen (but you can still be charged with computer intrusion). Remember also the debate about downloading a cam movie vs. stealing property of movie studios.
> If you are using something that is not equally known to both parties, and equally disclosed, then it is fraud.
But the contract is out there for both parties and their lawyers to have a look at it, before agreeing to it. If Google indexes my /admin directory because I made a typo error in our crawling contract (robots.txt), who is ultimately to blame? Judging by my actions and panic, the directory was clearly meant to be excluded. If we end up with the "smell test" in court for smart crypto contracts, we should just go back to "dumb" paper contracts and signatures.
> So if I forget to lock my door, then my house should be free game for everyone?
Non-sequitur. If you publish an article on Wikipedia then it is free game for everyone to visit it, edit it, and you can not retro-actively say: you are not supposed to be here.
(As for the lay-man description: I thought boosting performed better out-of-the-box on dense data than on sparse data, because most feature sub-selections for bagging are on zero'd features)
Only a few HN submissions each year are so complete that it is nearly impossible to gather comments to start a discussion. Well done!
I wonder how close we are to running these "excessive" ensembles in a production environment.
Like how we went from using decision trees to random forests, it seems to me only a natural progression to move from random forests, to a random forest of random forests.
Some Kaggle competitors use over a 1000 RF estimators in their ensemble, but this is not yet possible/pragmatic to put in production for most use cases. But an ensemble of 10 complex base estimators is already within reach for applications that demand the highest accuracy.
About the Netflix prize, the engineers said:
> This is a truly impressive compilation and culmination of years of work, blending hundreds of predictive models to finally cross the finish line. We evaluated some of the new methods offline but the additional accuracy gains that we measured did not seem to justify the engineering effort needed to bring them into a production environment.
So it also depends on the additional gains, if going the route of complex ensembles makes any business sense. But the next 20 years can make a lot of difference.
Anyone have experience putting complex ensemble models in production?
Another progress I find really interesting is the https://arxiv.org/abs/1701.06538 "Outrageously Large Neural Networks: The Sparsely-Gated Mixture-of-Experts Layer". It seems possible to learn how to selectively prune a giant ensemble, to select a handful of experts that do well on particular samples. This makes it computationally feasible to get predictions from a giant ensemble. In the paper they solely use neural nets, but I guess there is no reason to not try this with other models, like SVM's or gradient boosted decision trees.
That's why BTC-e does not show a giant FBI logo with a notice.