> My understanding is that there are not very strong theoretical underpinnings to most of the machine learning techniques in use today.
I wonder how come this is the case from looking at ArXiv, it seems there are plenty of low-hanging fruit relating to the Foundations of Machine Learning.
Unfortunately I know nothing about Cryptography(Theoretical or Practical) but what benefits does QUIC bring to the table, also will it be subject to some form of formal verification ?
> Even so, we need to instil fear into people in the West. We need to limit who they're legally allowed to sell the vulns to. Allied states: Yes. Defence interested parties: Yes. Some cybergang: Fuck no. We need to deny travel visas to the direct family members of other individuals in unaligned states that sell 0days to the worst actors.
So would that go to researchers who work on more theoretical areas(with a real world implications) things such as Static Analysis or Formal verification ?
> I think you've misunderstood what's happening here. Zerodium, the company mentioned in this article, is an exploit broker. They buy vulnerabilities from researchers, then sell them on to government intelligence agencies. The entire purpose of their business is to undermine the security of the tools we use.
It's not only Zerodium there are a lot of government contractors who buy/fund attack research especially in things like Theoretical Cryptography, Machine Learning, Computer Vision, Formal Verification.
> They incentivise researchers to publish vulnerabilities rather than selling them to spies. They're a necessary evil to keep zero-day vulnerabilities out of the hands of oppressive regimes. It's not nice, but that's just the world we live in.
I think it's quite interesting that we don't see Bug bounties for things like Theoretical Cryptography like Quantum-safe encryption, Formal Verification, and the like. But hasn't there been cases where Bug bounties have been subverted for evil or are just broken entirely.
> The Linux Foundation's Core Infrastructure Initiative has created a secure financial foundation for critical open source projects.
For critical open source projects hasn't there been an increase in Formal Verification and more Theoretical approaches to security ?
> Was there any instance of this? Are there disincentives against this? (I guess the entity offering the bounty could say, only software released before this day is available. Though malicious contributors can very certainly guess that there will be other future bug bounties too.)
I believe sometime ago there was new surrounding backdoored crypto also on the low-level side of things there was a secret rootkit in Street Fighter that allowed for an EOP
> This makes me sad. People working on open source projects get nothing. Sometimes they get some money. Sometimes they get some fame. People who don't build anything, but find a hole, they are heroes, they get prizes, they are worshiped.
I've been looking at open source communities especially in the Vulnerability research space it seems there's been a lot of favoritism towards attack oriented research from the community.
For those wanting to undergraduate research basically in REU in QIT what's your advice for them?,what do they need to take on such an endeavor?,what are researchers looking for in prospective students?, and finally would a researcher take on a student who hasn't had much in terms of coursework but has been teaching themselves ?
> One big problem with the conclusion is that intuitions from low dimensional spaces often don’t carry over to high dimensional spaces. e.g. common example is how the volume of the unit hypersphere intersected with hypercube ratio goes to zero. One funny thing I saw once was something like “the real curse of dimensionality is how different optimization in high dimensional spaces is compared to low dimensional spaces”.
How so usually in Pure Mathematics(Analytic area's) everything done in R^{1} R^{2} is usually generalized to R^{N} and much of the intuition carriers over. So how does it fail here in the context of Machine Learning ?
I wonder how come this is the case from looking at ArXiv, it seems there are plenty of low-hanging fruit relating to the Foundations of Machine Learning.