The article talks about composing these shapes using variable coefficients to fit the resulting emotional arcs. I'm not convinced this isn't just Fourier decomposition on arbitrary continuous functions.
Maybe there's insight there regardless? Hard to say. But the title could easily be "continuous functions are approximated by Fourier series with six terms" in my opinion.
Yes and their 6 components are actually more like three components if you allow the sign of the amplitude to go negative.
Interestingly, there doesn't seem to be much variation in phase, so it's akin to a real amplitude (though the highest-frequency component does look a bit like it may be time-reversed rather than simply inverted)
In math, the obvious things aren't always true and the true things are often not obvious.
Trivially, the identity f(x) = x satisfies the guarantee as well. What amounts to insightful observation is the definition and classification of these functions. In exploring their existence in various forms, we can begin to understand what properties these functions share.
So the interesting part is not that this class of function _exists_, because of course it does! Your intuition has led you to three possible candidates. But if we limit ourselves to only the functions that satisfy the condition _wave-in implies wave-out_ what do they look like as a whole? What do these guarantees buy us if we _know_ the result will be a wave? For example, f(g(x)) is also guaranteed to be _wave-in-wave-out_. Again, maybe obvious, but it's a building block we can use once we've proved it true.
Let me try. Let’s say you have some operator F = crazyweirdblackbox. Like, it exponentiates and does a bunch more complicated things. You can apply this operator to some input function and transform it into some output function. The programming analogy would be some piece of code that works on a lambda and spits out another lambda. The finite-dimensional linear algebra equivalent is a matrix. You would ideally want F to be invertible (or undoable) for all inputs. Just in case.
If g(x) is an eigenfunction of F, then h(x) = F(g(x)) is actually just a rescaled of g(x): h(x) = ag(x), for some constant a. No matter how complicated and hard-to-compute F is, it boils down to just one number a, when acting on some special function g(x).
So what? This only applies to special g(x), and not any choice for g. Let’s say that I have some special function y(x) that isn’t necessarily g(x). But I have a whole bunch of eigenfunctions of F called g_k(x). If I knew that F was linear (kind of a prerequisite for computing eigenfunctions anyway), then I can decompose some output function y(x) into a weighted sum of g_k: y(x) = sum([w_k g_k(x) for k in range(infinity)]).
Some abuse of Python list comprehension there.
So instead of evaluating F, which might be very hard computationally or numerically, we can instead do a for-loop over potentially easier functions g_k. And store some weights w_k that essentially describe how F transformed an input function into y. Easy-peasy.
And maybe I don’t want to evaluate the entire sum. So I could choose to evaluate only the “important” terms in the sum to approximate y(x).
The entirety of signal processing, much of quantum mechanics, much of electromagnetism, and many other partial differential equations can fit into this framework. And we use PDEs to describe F when we really have no idea how to even to write it down. But we can still compute eigenfunctions and therefore make progress in evaluating F since we know the effect of F on certain special functions.
It's been 15 years since I was in my EE degree, and I learned all this stuff to the point of intuition. Since then I've been a C-monkey at megacorp and not doing any real math beyond simple geometry.
It appears so [1]. It's surprising how far behind most non-tech industries are when it comes to legacy software (not sure I'd call Apache "legacy", but still). I'd also be interested to see the stats for IT/developer positions in tech vs. non-tech fields. My intuition suggests that there are a lot more Apache sysadmins than you'd think.
Root certificate updates are a massive security issue. Blaming Let's Encrypt is blaming one of the canaries for the coal mine disaster. 33% of Android devices don't and can't get up to date root certificates is an impressive security crisis that grows worse by the year (look at the other root expirations and the crazy workarounds that for instance Netflix has been doing to still work on older Android devices). Shouldn't the blame squarely be on Google, the Android OEMs, and the phone carriers for allowing this disaster to happen in the first place?
I realize that is a tough message to get out to users and site owners are going to be in the cross-fire, but it seems better to try to work for solidarity in pointing fingers at the right direction and the right direction certainly isn't Let's Encrypt.
Yes the issue is really severe of most deployed Android devices not getting security updates, either at all, or the devices are used well beyond the update period.
But this is not up to Let's Encrypt to solve. They market themselves to build products for the mass market instead of small niches of the market, say, everyone who buys a new phone every year. But then they also have to treat their product like a mass market product, and if Android users still use older versions of the OS, then Let's Encrypt should adopt for that.
This problem isn't unique to Let's Encrypt. Let's Encrypt is not the only entity with certificates signed by DST Root X3. And as these devices get older, more root certificates will expire. What happens when all of them expire?
What is unique about Let's Encrypt, is they may have a harder time getting cross-signed by a CA that will still have a valid root cert on these devices for a significant amount of time, because, as has been pointed out in other comments, Let's Encrypt is disrupting the CA industry.
They will be happy to accept that blame, as long as you fork over your $ for a new device. Planned obsolescence can have many components, this is just one of them.
When you control the client, it's simple, you can do pretty much anything: embed your own HTTP stack, TLS stack, your QUIC stack, or simply your PKI, or subset of the webPKI.
If you're running Android 5.0, you also haven't benefited from updates that remove CAs that have since been shown to be untrustworthy. I think that's far worse than being unable to visit sites that use LetsEncrypt certificates.
It was really short-sighted of Google to make the system cert bundle something that can't be updated without a full OS update. There should be an OTA mechanism that allows it to be updated through the Play Store or through some other means that isn't reliant upon lazy device manufacturers.
33% of devices, but per the article, only 1-5% of traffic on sites using LetsEncrypt. I don't see any site owners moving to a different CA when this affects less than 5% of their visitors, who are likely the poorest fraction of their userbase , i.e. probably not many paying users.
on androids older than 5, the browser is the old android browser instead of chrome. how many sites out there still test compatability with that?
even without having to click through security warnings, the web is horribly broken on old android devices. the overlap of sites using letsencrypt and sites that care about people using android <5 has got to be vanishingly small. this isn't going to cause a move away from letsencrypt.
I found at least Buypass offering a gratis ACME product "Buypass Go SSL". They have roots which are deployed at least since Android 4.1, which covers way more Android devices (according to the Android Studio statistics, >99%):
> Also the post says that Firefox doesn't work on Androids older than 5.0 which according to the dashboard are still 5.9% of devices.
For those older devices, the only option is to install the new root certificate.
Microsoft Edge still gets updates on Android 4.4 KitKat
I may be wrong, but the effort to switch to your own root store is more doing it securely, than the difficulty of switching from system frameworks to your own SSL/HTTP transport layers. So to put another way, straight forward to do mediocre job, not as trivial to do a good or great job.
Root store and TLS/HTTP library are separate concerns. You can use the system root store with your own libraries, or you can use your own root store with the system libraries.
On an Android 4.4 device, you should probably skip the system root store and the system libraries, and if you're already doing it for those phones, you might as well do it for all the phones.
> Root store and TLS/HTTP library are separate concerns.
In the context of this thread (aka older Android devices), they aren’t truly separate concerns. You really need to do both. My point is that doing both is relatively straightforward, but doing the root store part is fairly easy to do it in a mediocre way and be brittle / insecure.
I don’t think they have a choice. Reading between the lines, the CA who cross-signed their previous root doesn’t really want to continue doing so (or asked for a lot more money) because LE usage reached levels that are just too risky. I don’t blame them: a single bad actor found doing something particularly nefarious with a LE certificate might lose them the trust their business is literally built upon. I don’t see any other CA queueing up to help what is typically their commercial nemesis. And as they say, at some point they would have to do it anyway, might as well rip the plaster off.
Unfortunately, on my Moto G5 Plus (which is not an high-end device), I've found that Firefox on Android is slower than Chrome (specifically the Bromite fork). I think that Firefox may not be a good solution for low-spec or older phones running older Android versions.
Firefox is not a workaround for non-web mobile apps. Lots of them will stop working unless they do cert pinning / have their own CA bundle or simply stop using LE..
Maybe there's insight there regardless? Hard to say. But the title could easily be "continuous functions are approximated by Fourier series with six terms" in my opinion.