十二届全国人大四次会议新闻中心于3月10日15时在梅地亚中心多功能厅举行记者会，邀请教育部部长袁贵仁就“教育改革和发展”的相关问题回答中外记者的提问。

华尔街日报记者：部长，想问一下，你去年说西方价值观的教材不适合课堂，希望你可以解释一下，西方价值观具体是指什么？因为马克思主义本身好像是西方的一个概念吧？另外，想请教你，教育部对这些有西方价值观的教材如何处理？

袁贵仁：谢谢你提出这个问题。你知道，马克思不是中国人，我们把马克思主义作为指导思想，体现了中国共产党的开放精神。我们党把科学的理论和中国的实际相结合，确定为我们的指导思想，一旦确定了，就坚定不移。

我们说的马克思主义，是和中国国情相结合的不断创新的马克思主义，这是我们坚定不移的。我们所说的价值观，就是马克思主义倡导的，和中国传统文化有机结合的价值观，我想这是你刚才这个问题表面上的意思。实际上你是想知道，中国政府或者教育部门是如何推进学生的思想品德、思想政治教育的，或者换句话说，你说的是我们通常讲的学校的德育问题。

我可以这样说，中国有着重视德育包括你刚才说的价值观这样的优良传统，“教书育人，育人为本，德智体美，以德为先”，这是中国学校和教师教育活动的宗旨和根本。我们始终把德育放在首位，如何加强德育，就是包括你刚才讲的思想政治、思想道德教育，主要是三个方面：

在内容上，我们强调坚持、坚定理想信念，加强核心价值观教育，加强优秀传统文化教育，加强中国革命传统教育，这是我们一贯的方针，使我们的学生成为中国特色社会主义的合格建设者和可靠接班人，这是我们的办学宗旨和方向。

在方法上，我们强调融入和贯通。融入就是把我们的指导思想、原则、宗旨融入到各类课程之中，贯通就是要把它贯通到大中小幼教育教学活动之中，我们还特别强调实践、体验，要着力抓好志愿者服务、抓好劳动教育，使他们从理论和实践的结合上来接受我们的价值观，来接受我们的优秀传统文化和革命传统文化。

在功能上，我们特别强调思想政治教育、思想品德教育，要强调学校教育、家庭教育、社会教育共同推进，因此我们认为，家风、校风、政风、行风，包括中国共产党作为执政党的党风，对青少年学生的影响至关重要。我们认为，教师的为人师表、家长的以身作则、国家公务人员和社会名人包括我们在座的各位记者也是名人，因为你们出面的场合机会比较多，许多人都认识你们，我们这些人的榜样示范十分紧要。因此我们强调，在中国的教育中，要高度重视不断改进我们的德育工作。

最后我想表达的是，中国的青少年一代是有理想、有担当、有抱负的一代，是可以也应当大有作为的一代，他们会为中国的繁荣富强、为构建世界命运共同体作出自己应有的贡献。谢谢。

© 无可奉告 for 中国数字时代, 2016. | Permalink |
Post tags: 共产党, 洗脑，教育，价值观, 西方价值观
订靠谱新闻 获穿墙捷径 请发电邮(最好用gmail)至：sub@chinadigitaltimes.net

这些超精美的小猫刺绣衬衫出自11区奈良一位拥有5个孩子的妈妈Hiroko Kubota之手。各种举止神态的猫咪们爬上了衬衫的口袋，就像口袋里装着一只小猫，为原本单调的白色衬衫增添了更加灵动的元素~~

Hiroko在一次访问中说，她平时就很喜欢做一些手工活，儿子对买来的衣服的不满让她萌生了自己动手做的想法，于是Hiroko开始在衬衣上绣各种各样的猫咪。

从猫的毛色到瞳孔中散发的光辉都需要付出极大的耐心一针一针的刺绣。令她没有想到的是，她的这些刺绣照片在网上引起了强烈反响。在把这些作品的图片放到网上之后价值200——300美元的衬衫几乎瞬间就销售一空。

 现在她的个人作品集已经出版，里面收录了大量猫咪衬衫的图片，喜欢她作品的亲们这下可以大饱眼福了。

（via）

This is the final post in this series. If you want to track it through the entire editing process, you can follow along and contribute on GitHub. You can read the first post, and find the other posts under “related posts” in full article view.

Choosing the Best Option

There is no way to fully cover all the myriad factors in picking a specific encryption option in a (relatively) short paper like this, so we compiled a visual decision tree to at least get you into the right bucket.

Here are a few notes on the decision tree.

• This isn’t exhaustive but should get you looking at the right set of technologies.
• In all cases you will want secure external key management.
• In general, for discreet data you want to encrypt as high in the stack as possible. When you don’t need as much separation of duties, encrypting lower may be easier and more cost effective.
• For both database and cloud encryption, in a few cases we recommend you encrypt in the application instead.
• When we list multiple options the order of preference is top to bottom.
• As you use this tree keep the Three Laws in mind, since they help guide the security value of your decision.

Once you understand how encryption systems work, the different layers where you can encrypt, and how they combine to improve security (or not), it’s usually relatively easy to pick the right approach.

The hard part is to then architect and implement the encryption technology and integrate it into your data center, application, or cloud service. That’s where our other encryption research can be valuable, and the following reports should help:

• Understanding and Selecting a Key Management Solution
• Pragmatic Key Management for Data Encryption
• Understanding and Selecting a Database Encryption or Tokenization Solution
• Defending Cloud Data with Infrastructure Encryption
• Understanding and Selecting a Tokenization Solution
• Understanding and Selecting Data Masking Solutions

摄影师布拉德威尔逊捕捉到不同种类猫头鹰的近距离肖像。每只鸟都用纯黑色的背景反衬猫头鹰灿烂鲜艳的色彩。让我们惊叹于这些照片是这样的与众不同。小小的羽毛，短喙，看着摄像机的明亮的眼神与热切的目光。

拍摄这些照片的过程可不是那么简单的，威尔逊每天和一只猫头鹰耗上好几个小时，可是他们仍然无动于衷，要他们老老实实对这照相机，即使是一瞬间他们也是不肯的…“让动物像人一样看镜头是很难得”威尔逊说道。

威尔逊的想法是让拍出的猫头鹰显得庄严而高贵，但是有的翅膀受伤或是很依赖人。于是威尔逊让人类隐藏于相机框架之外，是这些猫头鹰独自一只拍出的照片显得庄严而强大。

（via）

New York City officials anonymized license plate data by hashing the individual plate numbers with MD5. (I know, they shouldn't have used MD5, but ignore that for a moment.) Because they didn't attach long random strings to the plate numbers -- i.e., salt -- it was trivially easy to hash all valid license plate numbers and deanonymize all the data.

Of course, this technique is not news.

ArsTechnica article. Hacker News thread.

LIFX is a smart light bulb that can be controlled with your smart phone via your home's Wi-Fi network. Turns out that anyone within range can obtain the Wi-Fi password from the light bulb. It's a problem with the communications protocol.

I am regularly asked what is the most surprising thing about the Snowden NSA documents. It's this: the NSA is not made of magic. Its tools are no different from what we have in our world, it's just better-funded. X-KEYSCORE is Bro plus memory. FOXACID is Metasploit with a budget. QUANTUM is AirPwn with a seriously privileged position on the backbone. The NSA breaks crypto not with super-secret cryptanalysis, but by using standard hacking tricks such as exploiting weak implementations and default keys. Its TAO implants are straightforward enhancements of attack tools developed by researchers, academics, and hackers; here's a computer the size of a grain of rice, if you want to make your own such tools. The NSA's collection and analysis tools are basically what you'd expect if you thought about it for a while.

That, fundamentally, is surprising. If you gave a super-secret Internet exploitation organization $10 billion annually, you'd expect some magic. And my guess is that there is some, around the edges, that has not become public yet. But that we haven't seen any yet is cause for optimism.

Update (Jan. 23): Daniel Lidar, one of the authors of the “Defining and detecting…” paper, was kind enough to email me his reactions to this post.  While he thought the post was generally a “very nice summary” of their paper, he pointed out one important oversight in my discussion.  Ironically, this oversight arose from my desire to bend over backwards to be generous to D-Wave!  Specifically, I claimed that there were maybe ~10% of randomly-chosen 512-qubit problem instances on which the D-Wave Two slightly outperformed the simulated annealing solver (compared to ~75% where simulated annealing outperformed the D-Wave Two), while also listing several reasons (such as the minimum annealing time, and the lack of any characterization of the “good” instances) why that “speedup” is likely to be entirely an artifact.  I obtained the ~10% and ~75% figures by eyeballing Figure 7 in the paper, and looking at which quantiles were just above and just below the 10⁰ line when N=512.

However, I neglected to mention that even the slight “speedup” on ~10% of instances, only appears when one looks at the “quantiles of ratio”: in other words, when one plots the probability distribution of [Simulated annealing time / D-Wave time] over all instances, and then looks at (say) the ~10% of the distribution that’s best for the D-Wave machine.  The slight speedup disappears when one looks at the “ratio of quantiles”: that is, when one (say) divides the amount of time that simulated annealing needs to solve its best 10% of instances, by the amount of time that the D-Wave machine needs to solve its best 10%.  And Rønnow et al. give arguments in their paper that ratio of quantiles is probably the more relevant performance comparison than quantiles of ratio.  (Incidentally, the slight speedup on a few instances also only appears for certain values of the parameter r, which controls how many possible settings there are for each coupling.  Apparently it appears for r=1, but disappears for r=3 and r=7—thereby heightening one’s suspicion that we’re dealing with an artifact of the minimum annealing time or something like that, rather than a genuine speedup.)

There’s one other important point in the paper that I didn’t mention: namely, all the ratios of simulated annealing time to D-Wave time are normalized by 512/N, where N is the number of spins in the instance being tested.  In this way, one eliminates the advantages of the D-Wave machine that come purely from its parallelism (which has nothing whatsoever to do with “quantumness,” and which could easily skew things in D-Wave’s favor if not controlled for), while still not penalizing the D-Wave machine in absolute terms.

A few days ago, a group of nine authors (Troels Rønnow, Zhihui Wang, Joshua Job, Sergio Boixo, Sergei Isakov, David Wecker, John Martinis, Daniel Lidar, and Matthias Troyer) released their long-awaited arXiv preprint Defining and detecting quantum speedup, which contains the most thorough performance analysis of the D-Wave devices to date, and which seems to me to set a new standard of care for any future analyses along these lines.  Notable aspects of the paper: it uses data from the 512-qubit machine (a previous comparison had been dismissed by D-Wave’s supporters because it studied the 128-qubit model only); it concentrates explicitly from the beginning on comparisons of scaling behavior between the D-Wave devices and comparable classical algorithms, rather than getting “sidetracked” by other issues; and it includes authors from both USC and Google’s Quantum AI Lab, two places that have made large investments in D-Wave’s machines and have every reason to want to see them succeed.

Let me quote the abstract in full:

The development of small-scale digital and analog quantum devices raises the question of how to fairly assess and compare the computational power of classical and quantum devices, and of how to detect quantum speedup. Here we show how to define and measure quantum speedup in various scenarios, and how to avoid pitfalls that might mask or fake quantum speedup. We illustrate our discussion with data from a randomized benchmark test on a D-Wave Two device with up to 503 qubits. Comparing the performance of the device on random spin glass instances with limited precision to simulated classical and quantum annealers, we find no evidence of quantum speedup when the entire data set is considered, and obtain inconclusive results when comparing subsets of instances on an instance-by-instance basis. Our results for one particular benchmark do not rule out the possibility of speedup for other classes of problems and illustrate that quantum speedup is elusive and can depend on the question posed.

Since the paper is exceedingly well-written, and since I have maybe an hour before I’m called back to baby duty, my inclination is simply to ask people to RTFP rather than writing yet another long blog post.  But maybe there are four points worth calling attention to:

1. The paper finds, empirically, that the time needed to solve random size-N instances of the quadratic binary optimization (QUBO) problem on D-Wave’s Chimera constraint graph seems to scale like exp(c√N) for some constant c—and that this is true regardless of whether one attacks the problem using the D-Wave Two, quantum Monte Carlo (i.e., a classical algorithm that tries to mimic the native physics of the machine), or an optimized classical simulated annealing code.  Notably, exp(c√N) is just what one would have predicted from theoretical arguments based on treewidth; and the constant c doesn’t appear to be better for the D-Wave Two than for simulated annealing.
2. The last sentence of the abstract (“Our results … do not rule out the possibility of speedup for other classes of problems”) is, of course, the reed on which D-Wave’s supporters will now have to hang their hopes.  But note that it’s unclear what experimental results could ever “rule out the possibility of speedup for other classes of problems.”  (No matter how many wrong predictions a psychic has made, the possibility remains that she’d be flawless at predicting the results of Croatian ping-pong tournaments…)  Furthermore, like with previous experiments, the instances tested all involved finding ground states for random coupling configurations of the D-Wave machine’s own architecture.  In other words, this was a set of instances where one might have thought, a priori, that the D-Wave machine would have an immense home-field advantage.  Thus, one really needs to look more closely, to see whether there’s any positive evidence for an asymptotic speedup by the D-Wave machine.
3. Here, for D-Wave supporters, the biggest crumb the paper throws is that, if one considers only the ~10% of instances on which the D-Wave machine does best, then the machine does do slightly better on those instances than simulated annealing does.  (Conversely, simulated annealing does better than the D-Wave machine on the ~75% of instances on which it does best.)  Unfortunately, no one seems to know how to characterize the instances on which the D-Wave machine will do best: one just has to try it and see what happens!  And of course, it’s extremely rare that two heuristic algorithms will succeed or fail on exactly the same set of instances: it’s much more likely that their performances will be correlated, but imperfectly.  So it’s unclear, at least to me, whether this finding represents anything other than the “noise” that would inevitably occur even if one classical algorithm were pitted against another one.
4. As the paper points out, there’s also a systematic effect that biases results in the D-Wave Two’s favor, if one isn’t careful.  Namely, the D-Wave Two has a minimum annealing time of 20 microseconds, which is often greater than the optimum annealing time, particularly for small instance sizes.  The effect of that is artificially to increase the D-Wave Two’s running time for small instances, and thereby make its scaling behavior look better than it really is.  The authors say they don’t know whether even the D-Wave Two’s apparent advantage for its “top 10% of instances” will persist after this effect is fully accounted for.

Those seeking something less technical might want to check out an excellent recent article in Inc. by Will Bourne, entitled “D-Wave’s dream machine” (“D-Wave thinks it has built the first commercial quantum computer.  Mother Nature has other ideas”).  Wisely, Bourne chose not to mention me at all in this piece.  Instead, he gradually builds a skeptical case almost entirely on quotes from people like Seth Lloyd and Daniel Lidar, who one might have thought would be more open to D-Wave’s claims.  Bourne’s piece illustrates that it is possible for the mainstream press to get the D-Wave story pretty much right, and that you don’t even need a physics background to do so: all you need is a willingness to commit journalism.

Oh.  I’d be remiss not to mention that, in the few days between the appearance of this paper and my having a chance to write this post, two other preprints of likely interest to the Shtetl-Optimized commentariat showed up on quant-ph.  The first, by a large list of authors mostly from D-Wave, is called Entanglement in a quantum annealing processor.  This paper presents evidence for a point that many skeptics (including me) had been willing to grant for some time: namely, that the states generated by the D-Wave machines contain some nonzero amount of entanglement.  (Note that, because of a technical property called “stoquasticity,” such entanglement is entirely compatible with the machines continuing to be efficiently simulable on a classical computer using Quantum Monte Carlo.)  While it doesn’t address the performance question at all, this paper seems like a perfectly fine piece of science.

From the opposite side of the (eigen)spectrum comes the latest preprint by QC skeptic Michel Dyakonov, entitled Prospects for quantum computing: Extremely doubtful.  Ironically, Dyakonov and D-Wave seem to agree completely about the irrelevance of fault-tolerance and other insights from quantum computing theory.  It’s just that D-Wave thinks QC can work even without the theoretical insights, whereas Dyakonov thinks that QC can’t work even with the insights.  Unless I missed it, there’s no new scientific content in Dyakonov’s article.  It’s basically a summary of some simple facts about QC and quantum fault-tolerance, accompanied by sneering asides about how complicated and implausible it all sounds, and how detached from reality the theorists are.

And as for the obvious comparisons to previous “complicated and implausible” technologies, like (say) classical computing, or heavier-than-air flight, or controlled nuclear fission?  Dyakonov says that such comparisons are invalid, because they ignore the many technologies proposed in previous eras that didn’t work.  What’s striking is how little he seems to care about why the previous technologies failed: was it because they violated clearly-articulated laws of physics?  Or because there turned out to be better ways to do the same things?  Or because the technologies were simply too hard, too expensive, or too far ahead of their time?  Supposing QC to be impossible, which of those is the reason for the impossibility?  Since we’re not asking about something “arbitrary” here (like teaching a donkey to read), but rather about the computational power of Nature itself, isn’t it of immense scientific interest to know the reason for QC’s impossibility?  How does Dyakonov propose to learn the reason, assuming he concedes that he doesn’t already know it?

(As I’ve said many times, I’d support even the experiments that D-Wave was doing, if D-Wave and its supporters would only call them for what they were: experiments.  Forays into the unknown.  Attempts to find out what happens when a particular speculative approach is thrown at NP-hard optimization problems.  It’s only when people obfuscate the results of those experiments, in order to claim something as “commercially useful” that quite obviously isn’t yet, that they leave the realm of science, and indeed walk straight into the eager jaws of skeptics like Dyakonov.)

Anyway, since we seem to have circled back to D-Wave, I’d like to end this post by announcing my second retirement as Chief D-Wave Skeptic.  The first time I retired, it was because I mistakenly thought that D-Wave had fundamentally changed, and would put science ahead of PR from that point forward.  (The truth seems to be that there were, and are, individuals at D-Wave committed to science, but others who remain PR-focused.)  This time, I’m retiring for a different reason: because scientists like the authors of the “Defining and detecting” preprint, and journalists like Will Bourne, are doing my job better than I ever did it.  If the D-Wave debate were the American Civil War, then my role would be that of the frothy-mouthed abolitionist pamphleteer: someone who repeats over and over points that are fundamentally true, but in a strident manner that serves only to alienate fence-sitters and allies.  As I played my ineffective broken record, the Wave Power simply moved from one triumph to another, expanding its reach to Google, NASA, Lockheed Martin, and beyond.  I must have looked like a lonely loon on the wrong side of history.

But today the situation is different.  Today Honest Abe and his generals (Honest Matthias and his coauthors?) are meeting the Wave Power on the battlefield of careful performance comparisons against Quantum Monte Carlo and simulated annealing.  And while the battles might continue all the way to 2000 qubits or beyond, the results so far are not looking great for the Wave Power.  The intractability of NP-complete problems—that which we useless, ivory-tower theorists had prophesied years ago, to much derision and laughter—would seem to be rearing its head.  So, now that the bombs are bursting and the spins decohering in midair, what is there for a gun-shy pampleteer like myself to do but sit back and watch it all play out?

Well, and maybe blog about it occasionally.  But not as “Chief Skeptic,” just as another interested observer.

本文作者：Ent

玛尔特·戈蒂耶（Marthe Gautier）

2014年1月31日，第七届人类医学遗传学大会一项原定的议程——颁奖表彰88岁高龄的玛尔特·戈蒂耶（Marthe Gautier）在发现21-三体综合征中做出的贡献——在外来的压力下被迫取消。这压力来自于意想不到的方向：热罗姆·勒热讷基金会（Jérôme Lejeune Foundation）,一个旨在防止21-三体综合征和其他出生缺陷的基因会，且影响力不小。

一场科研剽窃引发的故事

因为在所谓“正史”里，发现唐氏综合征的病因的是热罗姆·勒热讷本人，但事实上，全部的实验都是玛尔特·戈蒂耶做的。科学史家公认戈蒂耶才是最大的贡献者，而勒热讷不过是窃取了她的成果。

男科学家“窃取”女科学家的成果，这在科学史上并不是第一次。沃森和克里克偷用了罗莎琳·富兰克林的数据，发现了DNA双螺旋；约塞琳·柏奈尔观测发现了脉冲星，但最后获得诺奖的是她的导师修维什。到目前为止，前者遮遮掩掩地道过了歉，后者早已双方握手言和，像热罗姆·勒热讷基金会这样公然撕破脸皮直接阻挠对方领奖的，好像还是第一次，而且此时热罗姆·勒热讷本人已经作古了……

为什么这次事件会闹得这么大？因为它涉及堕胎，这是现代社会里，医学和宗教冲突最激烈的领域。而这个故事，要从戈蒂耶和勒热讷在巴黎初次见面说起。

戈蒂耶、勒热讷和21-三体综合征

1862年，英国医生约翰·兰顿·唐注意到在那些”天生白痴“的婴儿里，有些孩子具有共同的特征：面宽、眼睛小而上挑。到20世纪初，人们已经意识到，这是一种相对常见的先天病，发病率约为千分之一左右。那时在很多国家，患儿通常会被专门机构收留，但几乎没有什么像样的治疗。大部分患者很早就会夭折，没几个人能活到20岁，完全谈不上生活质量。

1956年，一位名叫玛尔特·戈蒂耶的年轻女医生在哈佛经历了1年的儿科进修后，回到巴黎。她得到了一所当地医院的临床职位。医院儿科主任雷蒙·图尔潘对唐氏综合征很感兴趣，很多年前他就猜想这可能与染色体异常有关，但是没时间深入研究。有一天图尔潘发牢骚说没人理睬他的猜想，戈蒂耶想起了自己在哈佛受过相关训练，便自告奋勇接下了这项研究。

医院拨给她一间废弃实验室，里面有一台冰箱、一台离心机和一台质量很差的显微镜。没有经费。她自掏腰包买玻璃器皿，自己养了一只公鸡作为血清来源，而如果需要人血样本，就用自己的。

到了1957年底，正常细胞的一切实验都已经步上正轨，细胞里的46条染色体清晰可见。（这在当时是了不起的成就，要知道仅仅2年前大家还以为人细胞里的染色体是48条。）她从图尔潘那里要来了病人的组织样本，对比之下非常明确：病人有47条染色体，其中21号多了一条。但是她的显微镜太差，无法拍照，而要想发表论文，拍照是必须的。

这期间图尔潘本人从来没有来过她的实验室，但是图尔潘门下的一个学生则时常来访，他叫热罗姆·勒热讷。有一天戈蒂耶谈到了她无法拍照的麻烦，勒热讷提出说可以拿她的玻片去别的实验室帮她拍照。此后戈蒂耶就再也没有见过那些玻片，直到2个月后，在蒙特利尔的国际遗传学大会上，勒热讷向全世界宣布他发现了唐氏综合征的病因，使用的照片正是这些玻片。在提交的论文里，勒热讷是第一作者，图尔潘是通讯作者，而毫不知情的高蒂被安在了不起眼的中间位置，按照论文的描述，她的贡献主要是“从美国带回了一种新的组织培养方法”。

戈蒂耶在打击之下决定告别科研，重返临床和教学岗位。而勒热讷却名声鹊起，不光是因为他发现了唐氏综合征的病因是21号染色体多了一条，而且还找到了一种原则上的预防方式：婴儿没出生的时候你不知道他的相貌和智力，但可以取样获得他/她的染色体，如果在怀孕早期能进行基因诊断，发现21号染色体出了问题，那么堕胎再怀，不就能避免悲剧了吗？

但勒热讷是一个天主教徒，而天主教是反对堕胎的。

勒热讷的反堕胎运动

今天，反堕胎运动更常见的名字是“支持生命”（pro-life）（对应的，允许堕胎的一派叫“支持选择”

pro-choice）。勒热讷本人则把堕胎叫做“染色体种族主义”。他认为，就算是唐氏综合征的患儿，自怀孕那一刻也有生存权，医学只能提升他/她的生存质量，就算提升不了也不能用堕胎“解决”问题。

但是堕胎不是一个简单的伦理问题，而是掺杂了无数政治和宗教因素，情况错综复杂。根据美国堕胎联盟的统计，自1977年以来，美国和加拿大的堕胎诊所至少有8名工作人员被谋杀，遭遇41次炸弹袭击、173次纵火、91次炸弹或纵火未遂、619次炸弹威胁、665次炭疽杆菌威胁、1264次蓄意破坏、1630次非法入侵、100次丁酸臭弹攻击。如此复杂的现实局势，纸面上的讨论显然不能满足要求，大家需要偶像、需要榜样、需要英雄来为己方代言。

而热罗姆·勒热讷，世界著名科学家，虔诚天主教徒，和教宗约翰保罗二世过从甚密，“发现”了一种极重要的先天病的病因并致力于它的治疗，而且反对堕胎。这样一个人物来当英雄，真是再合适不过了。

1994年，勒热讷因肺癌去世，为了纪念他而成立了杰荷·勒仁基金会。这个基金会有三重任务：研究，关怀，号召。前两者都很不错，但第三部分用了很大的精力反对堕胎。勒仁在世时虽然贬低了戈蒂耶的重要性，但至少没有否认她起了作用。可是这个基金会既然以勒热讷为精神领袖，那就容不得这样的“诋毁”。基金会网页上的勒热讷个人简介里，把一切成果都归给勒热讷，对戈蒂耶只字未提。页尾的“了解更多”链接指向了一个名为“勒热讷教授之友协会”的组织，该组织的目的是争取天主教会为勒热讷追赠宣福礼，而宣福礼需要至少一个认证过的神迹，距离封圣只有一步之遥。该基金把勒热讷看做近乎圣人，当然不能容忍国际会议颁奖给真正的发现人了。

因此，就出现了开场的闹剧：一个名义上致力于救助21-三体综合征患儿的组织，威逼一个学术界的国际会议取消对该病病因发现人的授奖。但在这个年代，这样的行为只能是适得其反。

在颁奖取消之后3天，2月3日法国网站sciences.blogs.liberation.fr报道了这一事件，2月5日一位法国学生将这个报道转给了他的Coursera课程“有用的遗传学”，引起了授课老师Rosie Redfield的注意。在Redfield的宣传下，科学史的结论终于开始走入科学界和更广大的舆论，戈蒂耶也有了自己的英文维基页面。对于一位88岁的老人，正义来得太晚了一些，但是终归是来了。

参考资料

Gautier, Marthe; Harper, Peter S. (2009). "Fiftieth anniversary of trisomy 21: returning to a discovery". Human Genetics 126 (2): 317–324. doi:10.1007/s00439-009-0690-1

Can information physics extract proofs from reality?

IEEE source

Rolf Landauer was a physicist and computer engineer who spent most of his career at IBM north of New York City, becoming an IBM Fellow in 1969. According to his longtime colleague Charles Bennett, Landauer “did more than anyone else to establish the physics of information processing as a serious subject for scientific inquiry.” One was was his discovery and formulation of a principle connecting non-reversible computation steps and thermodynamic entropy, which according to Wikipedia’s article is widely accepted as a physical law.

Today Ken and I want to talk about the possible role of physical laws in generating proofs of complexity assertions, even itself.

Recently we have heard of interest connecting , plus the related topic of one-way functions, to Landauer’s principle itself. According to Bennett again, Landauer’s principle states:

[A]ny logically irreversible manipulation of information, such as the erasure of a bit or the merging of two computation paths, must be accompanied by a corresponding entropy increase in non-information bearing degrees of freedom of the information processing apparatus or its environment.

Bennett has defended this assertion against various objections. Last year a team from the École Normale Supérieure de Lyon, the University of Augsburg, and the University of Kaiserslautern gave empirical support by measuring the tiny amount of energy released as heat when an individual bit is erased. See their article in Nature. Real computers today are said to operate within three orders of magnitude of the energy-efficiency limit which Landauer’s bound imposes. So we can envision a new kind of impossible physical machine: one that can erase bits more coolly. The question is whether any complexity assertion has a side—true or false—that would enable a violation of this bound, thus ‘proving’ the other side.

Physics and Math

The philosopher in us recoils dogmatically at the notion of such a “physical proof.” Complexity theory is part of mathematics, and mathematical theorems are not supposed to be contingent. This is a fancy philosophical term for propositions that are “true in some possible worlds and false in others.” In particular, the truth of a mathematical proposition is not supposed to depend on any empirical fact about our particular world.

Of course physical observations can sometimes aid in discovering proofs. They can help one guess which side—true or false—to try to prove. What we mean is something stronger: whether appeals to physical observations or laws can constitute a proof by themselves—or part of a proof, or some kind of certificate of a proof.

Our openness begins by coupling something Landauer himself was noted for saying,

Information is inevitably physical.

—with the following translation of what John Wheeler meant by “it from bit”:

Physics is ultimately informational.

Information is what we “do”—with theorems and proofs—and mathematical theorems underlie the most fundamental physical models. If information and physics are as tightly bound as they say, we ought to expect some “flow” in the other direction. The question remains, how?

We will not try here to evaluate particular papers we have seen or heard about, such as this or this by Alexandre de Castro of Brazil, or this on energy complexity by Feng Pan, Heng-liang Zhang, and Jie Qi of China. This paper by Yuriy Zayko of Russia reaches the opposite conclusion about from Landauer’s work, so they can’t all be right, while this by Armando Matos also treats Landauer’s principle and factoring. We invite comments from better-versed readers. Rather, we wish to examine the larger issue: can physics be used to prove mathematical theorems? Indeed.

Physical Proofs?

Imagine that someone shows the following: If , then some physical principle is violated. Most likely this would be in the form of a Gedankenexperiment, but nevertheless it would be quite interesting. Yet I am at a loss to say what it would mean. Indeed the question is: “Is this a proof or not?”

Let’s call an argument that shows that If some mathematical statement is true, then some physical principle is incorrect a Physics Proof—say a PP for short. And let’s call a usual math proof a MP. Can we prove something about the relationship between PP’s and MP’s? Can we, for example, prove statements in math via PP’s? Even statements that we already know are correct? Can there exist a PP that shows that set theory is consistent? Does this violate the famous Incompleteness Theorem of Kurt Gödel?

We have discussed this in an earlier post, in which we also referenced papers by Scott Aaronson and Bennett himself. All this has left us still quite interested in the possibility that PP could exist, and we will try to give some new illustrations of the possibilities.

A Trivial Example

Let’s look at a PP that shows that multiplication of natural numbers is commutative. Suppose that and are such numbers greater than zero. Consider the a box by of unit squares:

Then its area is clearly . Now rotate the box:

The area is invariant under rotation—this is the physical principle that we are using. But now the area is . So we conclude that

Wow, what a surprise—if we were doing standup comedy we would not expect much more than tomatoes from this. But an interesting post with this example by Peter Cameron goes on to show that the formal proofs in Peano arithmetic and set theory also have their downsides. Our understanding is this method is used in some grade schools as a way to help students understand multiplication.

Relationship to Relativity

We have previously told the history of the “no-cloning” theorem in quantum mechanics. A paper purporting to demonstrate faster-than-light (FTL) communication was found to rely on the assumption that an arbitrary pure binary quantum state can be duplicated by a quantum process. If one takes FTL communication to be a violation of physical law, this could be said to constitute a proof of the negation of the assumption. To be sure, a proof was soon found by several people using elementary linear algebra. Hence the no-cloning theorem itself is just a piece of mathematics. The question is whether it could have been said to be “already proved” by physics before the simple proof was found.

In quantum communication theory, it seems to be legitimate to argue a theorem based on its negation implying FTL communication. We keep intending to post in greater detail about a paper by Ulvi Yurtsever which we read as showing that if one could gain a nontrivial probabilistic prediction advantage against an unbiased quantum random source, then local causality would be violated—in particular, FTL communication would be possible. There are other potential examples on Philip Gibbs’ FTL page, currently maintained by physicist John Baez at UC Riverside.

The Information Ratchet

Ken has thought about this recently upon reading some reviews of the book Life’s Ratchet by Peter Hoffman of Wayne State University. According to a review in Nature:

[The book] engagingly tells the story of how science has begun to realize the potential for matter to spontaneously construct complex processes, such as those inherent to living systems.

Our question is,

Can we possibly judge the differential impact on the speed of this ratchet between the truth and the falsity of , or of more-concrete algorithmic assertions?

If so, that is if we can quantify the impact, then by observing the speed of generative life processes in the lab, coupled with mapping out the early history of life on Earth, we might ascertain the (un)availability of certain concretely feasible approximative or exact algorithms empirically, in advance of possibly proving it.

Relationship To Time Travel

For an even more speculative notion, perhaps an unfair one, suppose that we want to factor a large number. Assume it would take years on a laptop. Here is what we could do: We create a computer that can run for a thousand years. This would no doubt require some clever engineering: the machine probably would need to do self-repair and also use a renewable source of power. While it would be a difficult piece of engineering, it does not seem to violate any physical principles. Start it running on the factoring problem. Then jump into your time machine, go into the future, get the answer, and return. This means we could do a huge computation in seconds. Does this mean that we can “prove”:

If time-travel is possible, then many concrete “hard” factoring instances are easy?

I am very confused. I hope you are too, even before looking up literature on “closed timelike curves” and algorithms such as in section 8 of Scott’s survey. Note, taking the contrapositive yields that if you believe certain concrete instances of factoring are yea-hard in reality, then you’re saying time travel is impossible.

Open Problems

What do you think? If someone found a PP of would that prove they are not equal? Would this win the Clay Prize? What would it really mean?

We note that Landauer’s principle did inspire theorems about reversible computation by Bennett and others; this and other stories are told in a lovely memoir by Bennett with Alan Fowler written in 2009 for the National Academy of Sciences. The ETOPIM Association awards an annual medal in Landauer’s honor.

Google recently announced that it would start including individual users' names and photos in some ads. This means that if you rate some product positively, your friends may see ads for that product with your name and photo attached—without your knowledge or consent. Meanwhile, Facebook is eliminating a feature that allowed people to retain some portions of their anonymity on its website.

These changes come on the heels of Google's move to explore replacing tracking cookies with something that users have even less control over. Microsoft is doing something similar by developing its own tracking technology.

More generally, lots of companies are evading the "Do Not Track" rules, meant to give users a say in whether companies track them. Turns out the whole "Do Not Track" legislation has been a sham.

It shouldn't come as a surprise that big technology companies are tracking us on the Internet even more aggressively than before.

If these features don't sound particularly beneficial to you, it's because you're not the customer of any of these companies. You're the product, and you're being improved for their actual customers: their advertisers.

This is nothing new. For years, these sites and others have systematically improved their "product" by reducing user privacy. This excellent infographic, for example, illustrates how Facebook has done so over the years.

The "Do Not Track" law serves as a sterling example of how bad things are. When it was proposed, it was supposed to give users the right to demand that Internet companies not track them. Internet companies fought hard against the law, and when it was passed, they fought to ensure that it didn't have any benefit to users. Right now, complying is entirely voluntary, meaning that no Internet company has to follow the law. If a company does, because it wants the PR benefit of seeming to take user privacy seriously, it can still track its users.

Really: if you tell a "Do Not Track"-enabled company that you don't want to be tracked, it will stop showing you personalized ads. But your activity will be tracked -- and your personal information collected, sold and used -- just like everyone else's. It's best to think of it as a "track me in secret" law.

Of course, people don't think of it that way. Most people aren't fully aware of how much of their data is collected by these sites. And, as the "Do Not Track" story illustrates, Internet companies are doing their best to keep it that way.

The result is a world where our most intimate personal details are collected and stored. I used to say that Google has a more intimate picture of what I'm thinking of than my wife does. But that's not far enough: Google has a more intimate picture than I do. The company knows exactly what I am thinking about, how much I am thinking about it, and when I stop thinking about it: all from my Google searches. And it remembers all of that forever.

As the Edward Snowden revelations continue to expose the full extent of the National Security Agency's eavesdropping on the Internet, it has become increasingly obvious how much of that has been enabled by the corporate world's existing eavesdropping on the Internet.

The public/private surveillance partnership is fraying, but it's largely alive and well. The NSA didn't build its eavesdropping system from scratch; it got itself a copy of what the corporate world was already collecting.

There are a lot of reasons why Internet surveillance is so prevalent and pervasive.

One, users like free things, and don't realize how much value they're giving away to get it. We know that "free" is a special price that confuses peoples' thinking.

Google's 2013 third quarter profits were nearly $3 billion; that profit is the difference between how much our privacy is worth and the cost of the services we receive in exchange for it.

Two, Internet companies deliberately make privacy not salient. When you log onto Facebook, you don't think about how much personal information you're revealing to the company; you're chatting with your friends. When you wake up in the morning, you don't think about how you're going to allow a bunch of companies to track you throughout the day; you just put your cell phone in your pocket.

And three, the Internet's winner-takes-all market means that privacy-preserving alternatives have trouble getting off the ground. How many of you know that there is a Google alternative called DuckDuckGo that doesn't track you? Or that you can use cut-out sites to anonymize your Google queries? I have opted out of Facebook, and I know it affects my social life.

There are two types of changes that need to happen in order to fix this. First, there's the market change. We need to become actual customers of these sites so we can use purchasing power to force them to take our privacy seriously. But that's not enough. Because of the market failures surrounding privacy, a second change is needed. We need government regulations that protect our privacy by limiting what these sites can do with our data.

Surveillance is the business model of the Internet -- Al Gore recently called it a "stalker economy.: All major websites run on advertising, and the more personal and targeted that advertising is, the more revenue the site gets for it. As long as we users remain the product, there is minimal incentive for these companies to provide any real privacy.

This essay previously appeared on CNN.com.

In Spring Semester, I'm running a reading group -- which seems to be a formal variant of a study group -- at Harvard Law School on "Security, Power, and the Internet. I would like a good mix of people, so non law students and non Harvard students are both welcome to sign up.

There's a story that Edward Snowden successfully socially engineered other NSA employees into giving him their passwords.

I like this idea of giving each individual login attempt a risk score, based on the characteristics of the attempt:

The risk score estimates the risk associated with a log-in attempt based on a user's typical log-in and usage profile, taking into account their device and geographic location, the system they're trying to access, the time of day they typically log in, their device's IP address, and even their typing speed. An employee logging into a CRM system using the same laptop, at roughly the same time of day, from the same location and IP address will have a low risk score. By contrast, an attempt to access a finance system from a tablet at night in Bali could potentially yield an elevated risk score.

Risk thresholds for individual systems are established based on the sensitivity of the information they store and the impact if the system were breached. Systems housing confidential financial data, for example, will have a low risk threshold.

If the risk score for a user's access attempt exceeds the system's risk threshold, authentication controls are automatically elevated, and the user may be required to provide a higher level of authentication, such as a PIN or token. If the risk score is too high, it may be rejected outright.

This is interesting reading, but I'm left wanting more. What are the lessons here? How can we do this better next time? Clearly we won't be able to anticipate bombings; even Israel can't do that. We have to get better at responding.

Several years after 9/11, I conducted training with a military bomb unit charged with guarding Washington, DC. Our final exam was a nightmare scenario -- a homemade nuke at the Super Bowl. Our job was to defuse it while the fans were still in the stands, there being no way to quickly and safely clear out 80,000 people. That scenario made two fundamental assumptions that are no longer valid: that there would be one large device and that we would find it before it detonated.

Boston showed that there's another threat, one that looks a lot different. "We used to train for one box in a doorway. We went into a slower and less aggressive mode, meticulous, surgical. Now we're transitioning to a high-speed attack, more maneuverable gear, no bomb suit until the situation has stabilized," Gutzmer says. "We're not looking for one bomber who places a device and leaves. We're looking for an active bomber with multiple bombs, and we need to attack fast."

A post-Boston final exam will soon look a lot different. Instead of a nuke at the Super Bowl, how about this: Six small bombs have already detonated, and now your job is to find seven more -- among thousands of bags -- while the bomber hides among a crowd of the fleeing, responding, wounded, and dead. Meanwhile the entire city overwhelms your backup with false alarms. Welcome to the new era of bomb work.

Last year, NIST selected Keccak as the winner of the SHA-3 hash function competition. Yes, I would have rather my own Skein had won, but it was a good choice.

But last August, John Kelsey announced some changes to Keccak in a talk (slides 44-48 are relevant). Basically, the security levels were reduced and some internal changes to the algorithm were made, all in the name of software performance.

Normally, this wouldn't be a big deal. But in light of the Snowden documents that reveal that the NSA has attempted to intentionally weaken cryptographic standards, this is a huge deal. There is too much mistrust in the air. NIST risks publishing an algorithm that no one will trust and no one (except those forced) will use.

At this point, they simply have to standardize on Keccak as submitted and as selected.

CDT has a great post about this.

Also this Slashdot thread.

Okay, no sex, but a discussion about quantum computers.

Steven Soderbergh directed the famous movie: Sex, Lies, and Videotape. This 1989 movie won the Palme d’Or at the 1989 Cannes Film Festival, and is now in the United States Library of Congress’ National Film Registry for being “culturally, historically, or aesthetically significant.”

Today I want to explore claims about quantum computation.

With all due apologies to Soderbergh his title seems perfect for our discussion. There may be no sex, but there is plenty of sizzle surrounding quantum computation. We just finished a thorough and wonderful debate here on the feasibility of quantum computers–see this for part of the debate. It was ably moderated by Ken, and the two advocates were Gil Kalai, against, and Aram Harrow, for.

While there are still many interesting issues to add to the debate, our discussion is not about whether quantum computers are feasible or not. We will stipulate that they can and will be built, eventually in some future time. The issue is about the present:

What has been proved about them so far?

And sadly we will discuss: what is believed to be proved but has no proof.

Claims

There are many claims in the literature on quantum computers that I would like to address here. Some are right, some are wrong, and some are at best misleading. Let’s start.

Quantum Computers have been proved to be more powerful than classical. Wrong.

This has been repeated many times and is often claimed in the literature. But there is no mathematical proof that a quantum computer that runs in polynomial quantum time cannot be simulated in polynomial classic time. None. Let me repeat that. There is no such proof. It is an open problem whether

If this is true, then quantum polynomial time equals polynomial time. Okay, most do not believe that this is true, but we are talking about what is proved. Nor is there any speedup theorem about improving the exponent in a general -time algorithm when you have qubits vis-à-vis bits. Thus from a mathematical view point it is clear that there is no proof that quantum is better than classical. None. Zero.

Quantum Computers can harness exponential parallelism, trying every possible solution at once. At best half-true.

Quantum computers can create superpositions of -many basis vectors, each representing a string in that can be a trial solution. However, the best-known quantum algorithm for finding a single solution still has exponential running time, order-of , and this is tight in black-box models (see below). The allowed linear algebra operations restrict the way this parallelism can be exploited. Scott Aaronson in particular has expended much effort debunking claims that quantum computers are imminently effective at solving certain NP-hard problems.

Quantum Computers can factor integers faster than classical ones are known to. Right.

But misleading, especially when the “are known to” part is sloughed off. There is no proof that factoring cannot be done classically in polynomial time. None. The best factoring algorithms are indeed super-polynomial, but there is no mathematical proof that they are optimal. So tomorrow, or next week, or secretly already?, there could be a classical polynomial time factoring algorithm. Peter Sarnak, for example, is on the record as believing this. I am too. But beliefs aside, there certainly could be such an algorithm.

Quantum Computers have been proved to be more powerful than classical in the black box model. Right. But this is at best misleading; at worst There are proofs that quantum machines can out-perform classical in this model. But the model is unfair. The classic machine gets only oracle access to some black box function say . Its job is to find some so that has some property. As with oracle results in complexity theory, it is often easy to show that this requires a huge exponential search.

What about the quantum machines? They can zip along and solve the problem in polynomial time. So this proves they are more powerful—right? No. The difficulty is that the quantum machine needs to have the function encoded as part of its quantum circuit. So the quantum computation gets the circuit representation of the black box, or the box is not black. The box is a white box—we can see the wires and gates that implement it.

This seems unfair, and is at best misleading. The fair comparison is to allow the classic machine the same ability to see the circuit representation of the box. The trouble now is the proof disappears. Without the black box restriction there is no mathematical proof that a classic machine cannot unravel what the box does and cheat in some way. So this is at best misleading. We also tried to see what happens if we open the box for the classical algorithm, here and here.

Quantum Computers cannot be efficiently simulated by classical, even for fifty qubits.Wrong.

I heard this the other day, and also it is stated on the web. For instance, Neil Gershenfeld was quoted by Julian Brown in his 2002 book Minds, Machines, and the Multiverse: The Quest for the quantum computer as saying,

“Round about fifty qubits is where you begin to beat classical computers. What that means is that with custom hardware tuned for computation with spectroscopy, you could just begin to graze the point where classical computers run out.”

Yes this was over a decade ago, but petabyte-scale computing was on the horizon then. Note that the interest in this question is quite reasonable, even though fifty qubits are way too few to implement any interesting quantum algorithm, certainly with the overhead of current fault-tolerant coding. The thought goes that fifty qubits may, however, be sufficient to do something interesting. Perhaps they can solve some physical question about a real system? A very interesting question. Let’s turn to discuss this question and scale in more detail.

The Fifty Bit Problem

The challenge is to figure out how we can simulate on a classical computer a quantum computation that uses at most fifty qubits. This is not nearly enough qubits to do anything interesting for cryptography, but makes for a nice question. The obvious ways to simulate such a quantum computation is not impossible for a classical machine, but is still not a simple computation. Thus the challenge: can we do this classically? Can we do a fifty quantum qubit problem on a laptop? Or on a server? Or in the cloud?

The obvious solution is to write down the initial vector of size and start applying the quantum gates to the vector. This immediately hits a problem, since such a vector is really large. But it is not that large. The size is “just” a petabyte—or actually 1/8 of a petabyte. The MapReduce cloud framework has already been used to carry out some basic algorithms on petabytes of data.

Quantum operations are notionally sparse, each affecting only a small constant number of qubits, generally up to three. Under the standard encoding, each qubit splits the long vector into a measurement set for a value and a set for the value, each of size . However, under different encoding schemes the operations could be local. In particular, many important quantum states, before and after some common quantum circuit operations, are succinct. There is scope for doing simulations analogous to what happens with homomorphic encryption, whereby operators might work directly on the succinct functional representations.

It strikes us that simulating a fifty-qubit algorithm classically is a concrete large-data kind of problem, one that may be interesting for its own sake. This stands apart from recent work on general “de-quantization” of circuits and algorithms, for which Maarten van den Nest’s ArXiV page is a good place to start.

Open Problems

What is really going on with the information structures that are acted on by quantum computers? That they are -long bit-vectors in any sense we have come to doubt. Is there a better general way to represent them?

Even with the -vector representation, for qubits, can we make classical simulations concretely efficient?