So creative, Martin! Is this inspired by those 'futuristic' human machine interfaces in movies, such as 'Minority Report'? Was this inspired at all by small devices, like Apple Watch?
I think It was mainly inspired by prezi and impress.js. I did several presentations using prezi. But that was after I decided to build something that uses circles as the main shape in the layout. I don’t know precisely why my initial fixation with circular shapes :). Maybe the fact that I perceive that many UI libraries and frameworks tend to use square layouts. I totally agree with that because I think is the most efficient way to organize a big amount of content and it is very flexible as well. Having that in mind I thought that maybe there were enough room for another point of view. Even if this idea doesn’t fit for all cases and uses, it would fit on other scenarios.
Finally the zooming navigation was a way for me to resolve the idea of using a 100% circular layout.
caveats: no external images, no custom fonts, no other iframes ( but this can be a positive as it removes ads ). Try it on google search result page, github, bloomberg, etc. It produces a 'text only' image of the page -- only inline images included. pages with lots of external stylesheets take a while ( 10 - 15 seconds ). some sites ( youtube, flickr ) just give a mostly blank page.
caveats: no external images, no custom fonts, no other iframes ( but this can be a positive as it removes ads ). Try it on google search result page, github, bloomberg, etc. It produces a 'text only' image of the page. big pages take a while ( 10 - 15 seconds ). some sites ( youtube, flickr ) just give a mostly blank page.
No offence, but with a megabyte of text per speaker I feel I could do better with word n-gram Markov models (even bigrams), and random path choice.
I think deep learning is great and all ( and I'm meaning to learn it ) but shouldn't it be able to do far better than Markov models, or other simple things?
Image captioning? Incredible. Deep Mind winning video games? Incredible. Style transfer? Incredible. With one exception ( I saw on HN ages ago, sorry I have no link -- it basically generates novel text using deep learning, across all sorts of genres, such as "academic paper", "math paper", "novel", "film script" and I found the results remarkable and interesting ) I question if many text applications are doing better than Markov.
I think the issue is there is something fundamental and sophisticated about human language which our current deep learning models, with all their omniscient benevolence ( or whatever ), are missing. There's something deep about the structure of language that we are not modelling yet in deep learning as far as I've seen. When we do .... boom ... computers that learn from the internet and amaze us all. Then we'll have something to shine, smile about or fear.
Sorry for the digression and what may be inapplicable comparisons. I can get impassioned about this topic.
>> I think the issue is there is something fundamental and sophisticated about human language which our current deep learning models, with all their omniscient benevolence ( or whatever ), are missing. There's something deep about the structure of language that we are not modelling yet in deep learning as far as I've seen.
I think the secret sauce that's missing from deep learning -as well as any other kind of statistical language model- is a representation of the context outside language itself.
What I mean is, when we humans [1] communicate using language, the language we generate (and recognise) does not carry all of the information that we want to convey. A lot of the meaning in our utterances ...is not in our utterances.
We haven't really found any way to represent this (dare I say) deep context yet. In genearl, in NLP, even the word "context" means the context of a token, in other words the tokens around it. Even mighty word vectors work that way.
The problem is of course that its very hard to even find data to train on, if you want to model that context with some machine learning algorithm. How do you represent everything that a person might know about the world, when they speak or write something?
But- without that deep context, any utterance is just random noise, even if it's structurally correct. So we're left with a bunch of techniques that are damn good at modelling structure, but with meaning, we fail.
___________
[1] We are all humans here, right? Just in case- I love AI! Go robots!
I also agree that it's hard to see the benefit of using deep learning (which
implies gigantic amounts of data and processing power, therefore costs) over
traditional models like n- or skip-grams and markov chains. At best, you'll be
paying a big overhead, in working hours and expertise no less, for just a modest
improvement in, say, perplexity.
And since the use is in generating natural language, the really important
evaluation is extrinsic (how well received your prodcut is by your user base,
how well it integrates with what you have already etc). In that sense, it's even
harder to see the benefit of deep learning over simpler, faster, cheaper models.
Is your user base really going to notice an improvement of 10% over whatever
intrinsic score you get from deep learning?
Anycase, I made a couple of short experiments with the application. Here's the
results:
Science fiction (random phrases):
I was flattered and free, my bracket series of precaution beyond the sound of the constant chart
I haven't had some resport to see the environment as well as the best of the importance.
I don't want to watch up the Godders of the Barbara, what he had anything like that, or the
I was still resting her forehead beside the first time.
I don't understand, but I don't get the oldest reason when I was sure that I could see how to make
What would he know.
I had been deported for the blots.
"What's my own?" "Not being a scene.
I was all right, of course.
I was a drift of human transportation.
Medical text (one big sentence):
For patients with severe and family history of blood transfusion alone that can
be classified as many identifiable and atrial fibrillation in the clinical
significance of a still compared to pregnancy and most often become an increased
risk of diabetes mellitus asymptomatic (AR) and IgG4 in 2008 observational
studies of cardiovascular resistance that is not associated with an option for
the regimen to lower that make in the number of decisions to experience the
receptor which prevention for all doses of circumcision in the following:
Alternative dietary control and gait and severe health care of pain associated
with a number of infections in which there is an adverse event of the patient
and recovery and limited decision to worrien the rate of diabetes mellitus and
care for the arm is discussed in detail elsewhere.
More science fiction (interactive, with my own input in brackets):
[The adarf moved with grace through the] flush of the north and all the captain
who said, "I'll stay something functional more than [any gosh-darned Wilick
miner! I mean, F-those people! What do you think,] I do not think why you can see
that temporarily doesn't matter this morning?" "I know about [your affair with
Mina, btw. Did you think I wouldn't notice? Pass the] old part of them that and
they may see but there are the feelings of the speed of your [anger and the
shortness of your fuse], receiver in the door.
Again, I don't see the great difference with traditional models- in terms of coherence and grammaticality, it's hard to see the benefits of more expensive techniques. Sorry guys.
TL;DR - treat this as you would home-made beer from someone you don't know. You'd probably hold it at arms length, have a smell, and maybe try the taste...but you wouldn't start selling it in your hip bar without knowing anything about it!
Anyway, hope others interested in crypto can enjoy this. I am not a crypto-expert, just a moderately-talented-at-crypto-hobbyist, or somethin. Code: https://github.com/dosyago-coder-0/dosycrypt
And the usual caveats for in-browser encryption apply. Namely that the trust model is no different from temporarily handing the encryption keys to the server.
In the latter case you trust the server to discard the keys after them being used. In the former case you trust the server to not transiently serving you javascript that exfiltrates the keys. In both cases this trust has not just to be extended once (which would make things auditable) but during every single transaction.
> Namely that the trust model is no different from temporarily handing the encryption keys to the server.
True in this case, but not necessarily true. IPFS[0] allows you to ensure that the content you're receiving is correct (if you run a local gateway, which you should), because the URL is basically a content hash.
Therefore if you know the code is secure in the first place, you can always visit the same URL and know that you're getting "safe" code that doesn't exfiltrate the keys or plaintext. This then presents the same trust model as running code locally, except you don't need to install anything: you just visit the correct URL, and the code is running, with all the same trust as it would have if you downloaded it and kept it safe from modification.
Things get a little better if you use the new Web Crypto APIs. They can act kind of like a virtual hardware security module from a web page's point of view: with the web crypto API, you can create and use an encryption key (symmetric or asymmetric) whose key material can never be exposed to javascript. The browser keeps the key material completely private from the web page, but lets the web page use the key for certain crypto operations.
This means that if a website uses this and generates a key through the Web Crypto API on the first access, the user only needs to trust the site on the first access (to serve javascript that actually uses the Web Crypto API) in order to trust that the key material stays safe. (However, if the website admin turns evil and wants one of the user's files to be decrypted, they could serve javascript to the user that silently makes them decrypt the file for the admin, so the problem isn't completely solved.)
This is far from true. Client-side crypto at least gives you the ability to inspect outgoing network traffic. This should help to keep site operators honest.
The site operator can of course nefariously and randomly serve JS that exfiltrates keys, but users at least have the _ability_ to audit every single transaction.
The Web is terrible for secure crypto, the best you can do is session secrets. However, they're working on a new standard that will finally allow you to store private keys securely. Until then, write your own native apps with webviews and browser extensions with local js that can be audited.
That I assuming that every type network request is covered by available monitoring tools and that they are user-friendly.
What if web browsers allow you to trigger DNS lookups without HTTP requests? That could already be used to exfiltrate data.
> What if web browsers allow you to trigger DNS lookups without HTTP requests?
Just include hidden links in the page, most browsers have some sort of pre-fetch optimization that does exactly that. I think they make HTTP connections on hover even.
I'm planning on making a library to make it easy to make a web app trust-on-first-use. The main blocker is https://github.com/w3c/ServiceWorker/issues/1208 (which would fix the non-critical but less-than-ideal issue described under "Service Worker lifecycle" in the blog post).
Trying to achieve the trust you are is very interesting.
I put up a simple, installable, progressive offline app of this crypto here: https://semocracy.com/
This app doesn't yet contain the mediations you talk about of checking the sw code against a 3rd-party reference and warning when an update doesn't match the reference.
Even considering the limitation you discuss when the new worker terminates async requests of the old worker, checking a public log is useful -- do you have any code or boilerplate I could plug in to achieve that?
Also, would the following be useful? The worker stores the 3rd party log / reference at intervals in local storage, and then when updatefound occurs, it doesn't need to make a network request, it can check (not perfectly) if the new sw code matches the stored reference. Sometimes there will be false negatives because the reference updated before the sw checked, but I think there would be no false positives. As long as the new worker can't get to localstorage before the old one checks, could be okay.
> do you have any code or boilerplate I could plug in to achieve that?
My implementation is at [0]. It basically fetches a list of files and hashes from GitHub, based on the commit in the X-GitHub-Commit response header (but you could just fetch master instead). You'd have to replace that github url at the top with [1], and update the two functions near the top. (If you're gonna fetch from master, also make the caching in getGitHubResponse less aggressive.)
Also take a look at main.js and main.css in that commit, it contains code to notify the user.
> it can check (not perfectly) if the new sw code matches the stored reference
The problem is that currently, there is no way to get the new service worker code without a request. Even if the sw.js file is in cache, there is still a race condition between the cache responding and the new sw terminating the old one, and more often than not, the new sw wins. That's why I was talking in [2] about an alternative solution of adding a property somewhere that gives you the new sw code.
What you can also do, and which I'm doing, is to fetch the sw.js file in the updatefound event of the page, and not of the old service worker. However, it's not strictly guaranteed that there is a (visible) page, for example, a third-origin website could embed yours in an iframe, triggering an update. [3]
