Re: It's only a small step from here ....
Ah, good old terry. I miss him.
410 posts • joined 2 Jul 2008
Ah, good old terry. I miss him.
With a clear text protocol it's then trivial to alter the digest in flight.
To make this work, you need to establish a cryptographic chain of trust to ensure that the server you think is sending you data actually is.
Establishing that trust is the key, and is what ssl certs are used for. You delegate trust to a central authority that acts as a mediator. That they are also used to establish a fully encrypted transport is a separate thing to my mind.
All the financial and operational costs will still be there. The minimal runtime overhead of always on encryption on't be, but it's really small.
It's a fair point, however all employment and service contracts for banks have very wide ranging copyright assignment clauses. These are to the point that if you work on something, say some open source, out of working hours then the employer owns it, not the employee.
Algorithms of this type are highly sought after, and are a valuable thing.
He deserved to be punished for this, it was theft.
I'm sure it was some dude called chad...
Methinks Dan doth protest too much.
The benefits of containers are really twofold, one is efficiency for ops, the others is standardisation for development.
For ops, containers really can be seen as just the next step in virtualisation. They give lower isolation guarantees than VMs, which in turn give lower guarantees than bare metal. Containers give much of the same benefits as VMs too, potentially denser deployment of software.
This density can be seen in the lower overhead they have as compared to VMs
Memory overhead of just booting a VM on vsphere (ie, before the OS is loaded)
Comparison of VMs and containers (PDF)
Overall, containers have a lower penalty on CPU usage, and a much lower overhead on memory usage, as the guest OS and hypervisor penalties are removed. This comes at the cost of using linux as the host and overall lower isolation. It's a trade off. For the linux as host point, it has a larger surface area to attack as compared to VM hypervisors.
For development, the container acts as a standardised deployment artifact, that is much, much, much (really) smaller than a VM image. It'll effectively be the application binaries, with supporting scripts. The lower levels are stored as seperate portions and downloaded separately.
They are a good tool, and not a replacement for VMs. Instead, it let's use be a bit more nuanced in the way things are done. They certainly will replace VMs in many situations, but by no means all, and probably not the majority, in my opinion.
This is correct. Ministers happen to be mostly picked from the commons, but this is not a necessity.
The office of MP and HM minister are separate.
I read that as
"HBase is a non-relational, distributed database for Hadoop"
"Hadoop is written on blueprint of Google’s MapReduce"
Which is correct, no?
It's not a replacement for HTTP per se. It's a transport that sits underneath HTTP. So HTTP 1.1 traffic will still flow, but over a SPDY link rather than vanilla TCP.
In this way, it can understand the HTTP traffic flowing over it and enhance it. For example, getting the multi connnections over a single TCP socket, which HTTP totally messed up with the aborted pipelining feature (all browsers switch that off, because it's broken).
No, the one does not follow the other.
Hacking tools are built by clever devs, yes. They are sometimes picked up by script kiddies, sure. Where the vulnerability information they are based on comes from is an open question.
There are established market places for information like this, which wouldn't be the case if it all came from public disclosure reports. It seems likely that a goodly proportion of the data publicly disclosed is actually being rediscovered by legitimate researchers, and is in use already as an attack vector.
Publicly disclosing ASAP in those cases is essential.
Part of the problem is that it's very often unclear when those cases are, hence some in the industry leaning towards general disclosure (as Google and Linus promote), and others leaning towards selective disclosure.
If we're to occupy the high moral ground in relation to terrorism we've first of all got to get there.
Last I heard they hadn't moved amazon.com onto AWS.
It was more of a re-use of skills, tech and systems to build a new product area rather than somewhere to put amazon.com onto
Might not be the case now
This is a complete fallacy. Embassies are NOT part of their sponsoring country.
The treaty of Vienna is the root of most agreements regarding embassies. It talks about access to the embassy by the forces of the host being by agreement of the ambassador. Not territorial exchange, no claims.
This is international treaties, that our government has signed up to.
I don't want politicians who can use html, I want politicians who ask awkward questions like "why are we locking all these people up for drug possession when all the evidence is that it doesn't work, and exactly why do we need a nuclear deterrent when if it ever gets used it will because the country has ceased to exist?"
You had me until there. Drugs policy isn't quite comparable to a nuclear deterrent. I'd generally agree with you on drugs policy, the evidence isn't there, more research required. We've got a penal system built around rehabilitation, not vengeance, so the policies that puts people into it should be in tune with that.
Nuclear deterrent isn't the same thing. It's stated aim was to prevent another world war, by making war between the great powers too terrible to contemplate. In that, it seems to have succeeded... There was never a war between the first and second worlds (to use the old terms), only small scale proxy conflicts that gave enough of a gap that the main blocks could back out without risking their own destruction.
So, 50 years worth of evidence says that a nuclear deterrent does what it says on the tin.
I'm not sure that scientists are really the right people, as a group, to be in charge of policy. Technocracy seems as poor a choice as anything else. One group, believing they know better. Politics is not science, no matter how much we want it to be. Not defending the current state of affairs, however politics is often making fixed decisions in the absence of good enough information. Science is not, it's the pursuit of that information.
I think that we should go back to the old greek system. Politics as a punishment. Lots are cast, and the losers are the ones that have to serve for a year, and they should be regularly punished for mistakes. Make the job horrible, so that no one wants it. Anyone who wants power is fundamentally untrustworthy.
In Stalybridge, Tameside.
They're blaming storm damage.
they still do a reasonably good line in awesome ideas. http://www8.hp.com/hpnext/posts/discover-day-two-future-now-machine-hp
Execution, still waiting :-(
If HP drop, there'll be very, very few companies still doing basic materials research beyond the 'make it smaller' that the fabs can do themselves.
Never had a blackberry before, but I'm going to get one of these.
I'm with Tim on this one, debasing a word to try to manipulate people doesn't help a cause.
Reduction inequality is a laudable goal in an of itself when you're attempting to gain a more equal society for the expected social good that brings; why not discuss that up front?
In 2009 (from memory, might have been '08), poverty in the UK dropped for the first time in a while. The reason? Not because incomes went up, in fact they went down. No, the financial crisis meant that the median income dropped, thus meaning that many people on 13kish a year went from being in poverty, to being out of poverty. No change in financial conditions, food actually became more expensive in the period, yet they were now part of the celebration that poverty was being reduced. I found this quite distasteful.
There is a stated goal of ending child poverty in the UK, according to the relative median income measure. The most straight forward way to do this is to take a significant proportion of those earning above that median and sack them. This will have the desired effect, however it will also tank the economy.
By using a relative, percentage based measure, you will find that it is statistically virtually impossible to eliminate child poverty in a functioning economy.
This is one cost of debasing words, you lose the ability to have rational discussions using them, because the concepts they used to describe are being rewritten by anyone who wants to, in any way they see fit.
New network protocols required to be adopted. Unless you tunnel it over http, it's not going to be easy these days :-(
I think they're maybe missing a trick. The old "should you use many or much".
1 huge is many of not very much as all the processors are a few generations behind, but there's loads and loads of them in not very much space. For some types of app, this could be epic. We're building lots of microservice based apps, this fits perfectly. If you run on an app on a software VM (eg, the V8/ Node VM , Java JVM etc), whether you are on Intel or ARM makes no difference to the code itself, the VM handles all that.
Personally, I want to see what The Machine would be able to do, if it ever comes out, this feels like something of a halfway house to that piece of HP magic.
Transcoding and rendering are unrelated.
This allows people using Maya, blender(?) etc to gain extra compute/ storage power to generate new video. Transcoding that into an mpeg suitable for iPad afterwards, for example, is what you'd go to AWS' elastic transcoder service for.
The BBC were waiting for the police to arrive at his house, therefore they weren't just aware that there was an investigation in progress, but the date and time of the raid. That information was given to them, by the police, by their own admission.
The reason they gave was they the BBC said "we'll wait to publish if you tell us when the raid is", which they agreed to.
This is wrong, the BBC shouldn't be proposing deals like this, but the police should certainly not accept them.
What is now happening is that they are effectively investigating him completely in public, while he's not in the country. So, they haven't given him notification or questioned him yet, it might come to nothing.
To my mind, that seems somewhat prejudicial. By all means say "wait for the evidence", but this is trial by mob.
In these cases, there are broadly two totally conflicting and opposed points of view; one side says "we need to publicise the name so that others have the courage to come forward", like with Saville and the others over the past few months. On the other side, these allegations will never leave him now, he will forever be branded 'pervert', no matter the result of the investigation or any subsequent court case
A complex ethical question like this deserves a thoughtful answer, not the blunt destructive tool that is trial by media and collusion by the police with journalists.
It doesn't use LXC anymore, it uses it's own library called libcontainer instead, as of version 1.
Both base onto the kernel primitive containerisation stuff like cgroups that Google originally contributed in.
if an object is truly that big, then if you were to break it up and the earth were to be hit by the resulting buckshot, we'd be burned to a crisp by the firestorms that would sweep the globe as the debris entered the atmosphere and heats it up hundreds of degrees due to the thousands of compression waves all at once. So it wouldn't really help....
android is linux.
It actually appears that they are adding debian compatible libraries to an android distribution.
There, I've bitten.
Which begs the question.... why didn't they go with the F1? That thing worked.
Raises the question.
Begging the question is a rhetorical device where you try to ask (/ verbally coerce) your listeners to assume that your point of view (a potential answer to the 'question'), is a given and can be assumed; when in fact, it cannot.
I'd still quite like my jetpack, but this is really cool.
That's strange, I know no one that cooks bacon in oil.
I've heard of it, but never come across it outside of the papers.
However, cooking bacon in a pan just used to cook a good steak in adds a while extra layer of flavour to the bacon sarnie.
Time to break out the bacon now.
Would the reg fancy doing a comparison of openstack, cloudstack, eucalyptus, the many faces of vmware... ?
If so, I'd love to read it. Openstack seems to take the headlines, but everything I've read so far says that cloudstack is an easier install, eucalyptus is the most mature of the open(ish) source ones and vsphere et al is simply better. I want to be corrected, but the hype is a PITA.
These things can all be automated away. It really is possible to do deployments this often, including full regression testing.
As already noted, if you have hundreds of components, which I'm sure they do, these deploy schedules aren't particularly heavy.
Internally, Amazon and AWS use web services heavily. In this instance that means that there are hard contracts for using services, each service expects to be abused, and you can have multiple versions of an API in use at any once time.
This gives a huge tolerance in the system for change.
They have also obviously invested very heavily in serious amounts of automation. They certainly will be able to throw up environments simulating full data centres for regression testing.
David Dawson: "Being treated equally does not mean being treated the same."
Uhuh. What precisely does that mean? Please explain. I need to know. Really, I do.
What do the NSA and gender feminist ideologues have in common? The same mindwarping semantic word games.
This is the first time I've ever been called a feminist. I think I might have a good cry ;-)
If you look, I'm not actually spouting feminist ideology, the opposite in fact, and I did explain, you just didn't care to read it.
I don't want a world where all women are treated the same as I am, as there aren't any 6'6" ginger northern english women software developers.
I think of myself as an individualist. Everyone should be equal under the law, but that doesn't mean they are treated the same way, as they aren't all the same.
David, are you comparing being a women to being handicapped and wheelchair bound? Absolutely disgusting, I expect some level of sexism when I'm on the internet but this just goes way over the line.
HAHAHAHAHAHAHA ... HAHAHA ...
( ... got tired of laughing ... )
I make a comment saying that someone should be valued as an individual, and you turn it into this. To answer "is being born a (wo)man (your choice) like being born into a wheel chair". Yes, it is, to an extent.
You get weird stereotypes applied to you all the time, forced into patterns of behaviour you don't want, denied certain opportunities for no reason than an accident of birth. Sure, that actually fits the point I'm making.
Deal with people. Some people need different things, that's the world. Trying to stick everyone into a generic box marked 'human' and thinking that's equality is delusion.
BTW, are you saying someone born into a chair is less valuable than a woman? (don't answer, that was hyperbole)
I expect some delusion when I'm on the internet, but this is AMAZING. ;-)
ObnoxiousGit, have a good cry about it, it helps to vent your frustrations. (is that the pussy angle covered ok?)
I'll bite, but your hyperbole is just as silly as the first gents. Where is your reasoning, or properly marshalled arguments?
To take a different example to illustrate the point. Say, a person born in a wheelchair. We will install ramps, adjust heights of desks, remove lips around doors to give them free and easy access. Obviously more effort is being spent on this person, they are patently not being treated the same as someone blessed with being able bodied.
However, they are being treated equally. Given equal access to a working environment and something approaching the same opportunities in that environment.
So, treating someone the same is very different to treating someone equally. The first is based on encouraging similar behaviour, the second on valuing the individual. I know which I prefer in my staff.
Take another example, someone going through a major life crisis (death in family, divorce, whatever), you really wouldn't deal robustly with them in many a situation, you would (or I would), show some compassion. Someone else though, not undergoing those stresses, they don't get that extra tolerance.
They are not being treated the same, but are being treated equally according to what I consider reasonable.
Am I proud? Yup, extremely, thanks for asking.
(seriously though, get out of whatever work environment you are in where any of what you wrote exists, or is ok, it's not normal...)
Being treated equally does not mean being treated the same.
Your examples are lazy stereotypes and hyperbole, try again.
Smells like a way to search and hire good coders. They already have the source code to the raspberry pi part, after all. Why not simply release that too?
If they were to discover devs the traditional way, they'd pay at least twice that to the recruiter and still not be sure. This way, there's less risk and they get to find people they'd never have come across.
Digo bienvenida a nuestra jefes supremas bovinas...
Unfortunately, eugenics, brought to the fore by the origin of species, was used, repeatedly, as a reason for conquest, and to justify genocide.
People can be horrible, no matter their belief system.
And seriously, what kind of inept company did they use if they left all their logging in the release build? I mean, some logging stays in sure, but nothing on the sensitive data. After this I don't think I'd ever use the app no matter how many 'security updates' they release.
Thats not the problem, logging shouldn't matter one bit.
The problem here is that the communication between client and server is not correctly secured and authorised. The server should enforce security in all cases. The client can do so too, but their issue is server side.
Check out source maps. They let you debug code that is running in JS in the original language.
Google seemed to be deeply enamoured with Java and the JVM up until a couple of years ago when Oracle kicked off over android. Since then they've thrown all their development into alternate languages and runtimes, Dart, Go etc.
A shame, if they'd improved GWT at the rate they've been improving Dart, it could've been great by now.
No, it really isn't crap. You make the mistake of conflating polyglot with integration, and integration with middleware, and if you take it further, thence to the fable ESB, which is the evil everyone should really fear.
I'm talking doing some processing in one language, then other processing in a different language. how you shift data between them is certainly a problem, but it is a solved problem.
If yoou have one runtime environment that permits many languages, the problem is solved. If you want to use a language that isn't in that same environment then you require some form of integration. Depending on your needs there are many different forms they can take, middleware is only one of them, and not a particularly nice one at that.
In a JVM system I could write my DB integration in Groovy, data transformation in Clojure and threading code in Scala, with each language helping me perform that task, and no integration code required.
So, is this crap? Or were you being a little... rapid in your judgements?
Sounds like I saved myself a ton of hassle by never going down the J2EE + EJB road. I was spoiled rotten by 25 years in the cozy, insulated and isolated AS/400 world, which had all the built-in services that J2EE promised, so I never got excited by it. Today, Tomcat + JSP works for me on the backend, JS on the front. But who knows, maybe node.js tomorrow?
If you want the threading model from node (reactor is it's name), try Vert.x. Again, JVM, can use JS if you want, or build it in Groovy or Java.
JSP is ok-ish, but there's much improved view tech now. Thymeleaf comes to mind as a particularly good one, the offline support is good
Then try Clojure and it's Ring library. It's really, really nice.
JSON->Clojure data transform -> MongoDB all in a half dozen lines of lisp awesomeness.
It's Lisp! on the JVM, what's not to like.... ;-)
If all that fails, then JS on the server has a place I think, it really depends on your application needs.
It's not yet a language that is particularly coherent or set up for large scale development in the way that it works. I have great hopes for the next version of ecma script, it looks good and fixes these problems.
The world should be polyglot, many languages doing what is best for them to do.
I like the idea of asm.js. It's kind of similar to GWT before it, but more standardised at a lower level with the possibility to optimise.
Some interesting comments on the tinternets about supporting GWT on top of asm.js, something about having to implement a full GC subsystem in asm.js compatible JS. :-)
32gb ram to service 500 concurrent users in java?
Either this is made up, or someone has done a truly awful job...
This is why you should always carry Noise canceling headphones.
When the noisy person starts up, you pop a fresh battery in, press the button on the top, wait for the red light to come on indicating that the unit is ready, then ram the whole shebang down their gullet until the noise stops.
You hostess has thoughtfully provided a little plastic package of "cheese" to keep their jaw open if they start biting your fingers, or just get another passenger to help - you'd be surprised how public spirited your fellow passengers can be.
I may be showing my age but I have to ask, isn't he a fad?
I hope so.
Without knowing the implementation they've used, asymmetric/ public key transfers are designed specifically to prevent man in the middle attacks over insecure networks.
It allows the creation of trust over a public network, and it does work, both theoretically and practically.
It has been subverted in a few ways :-
* Brute force decrypt the messages. Frankly highly unlikely, the good algorithms have an average decrypt time in the millions of years using todays hardware.
* Inject a flaw into the original crypto algorithm.
* Impersonate the remote by taking control of the trust key chain.
The last two are what the NSA does. If you are generating your own keys, then that leaves only the second, as there is no trust chain.
Yes, I think that is the issue really. Their process for accepting submissions appears to be fully automated, which is the mistake here.
While the implementation is obviously going quite wrong, the core idea is really quite sound.
The way that the current benefits system is constructed is a poverty trap. Once you are in, its really difficult to get out.
The reason is that you received many different benefits at once, housing, job seekers, income support etc. When you earn a pound more than the threshold, a pound is removed from each of your benefits. So earning a pound leaves you several pounds worse off. You have to get a large increase in income at once to get beyond the hump, essentially replacing all the benefit payments in one go, or you end up worse off for working harder. So, a poverty trap.
The core idea with this is to have a single benefit calculation that tapers properly, so earning that pound is actually worth it.
If it could work just like that, it will be better. If.