Re: get over it!
Crikey, you Americans and your constitution and bill of rights. The NSA is the "Department of Breaking The Law When We Think We Need To", and you are surprised that they break more laws than the ones you wanted them to break?
2881 posts • joined 21 Jul 2009
Crikey, you Americans and your constitution and bill of rights. The NSA is the "Department of Breaking The Law When We Think We Need To", and you are surprised that they break more laws than the ones you wanted them to break?
What is ironic is that de Raadt does exactly the same thing with OpenSSH, which is his project. He has explicitly said that any security bugs in OpenSSH, he will not report it to the FreeBSD project, because someone once made him cry.
Act like a kid, get treated like a kid.
"The voice service probably only accounts for a few pence or a quid at most"
In which case I'd rather have the few pence.
My ISP provides FTTP and also provides my home phone line, if I want one. If I take the phone line, it costs me £10 a month extra. If I don't take the phone line, it costs me £12.50 a month extra.
Except when the client or management say that it HAS to be patched up and out the door for the trade show or that there's no more money left and we have to go with what we've got (plus a little unpaid overtime).
Yes, every two weeks we re-evaluate everything we are doing to determine whether it is still worth doing more work to that for the business (not us). We tell the business how long it takes to deliver quality, so if we haven't got enough time to deliver quality, either we've been slow or we're bad at estimating.
Given we are only estimating tasks that take less than 2 weeks, you really can't be that far out. And if the feature you're working on was scored for "2 days work" (thats not how we score things), and it takes 10 and is still not done, then you either didn't get enough details from the project owner (hence his fault - the job of the project owner is to give well specified tasks to the team), or the task is overly complex and should be re-evaluated anyway.
Before you move to a scheme like this, you have to have buy-in from all the key stakeholders , so that when that trade show rolls around, you can easily say "No. This was not agreed on. If you want us to work on things, you have to present it through the project owner who will prioritize your requests alongside everyone elses.".
I've happily said this to C-level execs, they agreed this working model. This shifts the discussion about whether you do something away from your team; it's then a business decision, and they can horse-trade all they like in order to change what you do *next* sprint - no-one can change what you do *this* sprint.
CI != "automatically push to live"
CI is having processes in place such that you can be confident that you can always push to live without breaking things.
We do things on a 2 week sprint cycle, which means every task, change request or feature we do must be fully complete, tested and deployable by the end of those nine days (or it gets re-scored for the next sprint).
Once the sprint is complete, on the tenth day we demo the completed tasks to the commercial team, the maintenance team and then release to live.
During the sprint, the maintenance team will make as many maintenance releases they need, all also underpinned by CI - or they might kick things back to us if we broke them in the previous release.
Rich, what you don't realise is that most code in the world isn't just crap, its real crap. Code that no-one ever has to show to anyone is the crappest code of all.
The point of OSS is that you, yes YOU, can look at the code and determine if it is crap or not. GnuTLS has long been known to be crap.
1) Feds have taken control of the botnet's C&C servers
2) The botnet is currently idle, as no instructions are being sent from C&C servers
3) It will only take approximately two weeks for the botnet owner to setup new C&C servers and 're-capture' the botnet.
4) Now the feds just have control of former C&C servers.
So you have 2 weeks of your computer not being abused to disinfect it, before it will once again become part of an active botnet.
Industrial robots aren't cheap either, but Foxconn's finding them cheaper than minimum-wage assembly line workers.
That would be the "Replacing 100s of cheap skinjob with an expensive machine is good business" clause then...
Some things have been exaggerated all over - automated cars won't replace pizza delivery guys because pizza delivery guys are cheap and automated cars are not.
Replacing 100s of cheap skinjob with an expensive machine is good business, replacing one cheap skinjob with one expensive machine is not.
In theory, and in practice, the tube could be fully automated - the DLR already is. The reason it is not is not technical, it is political.
No, I didn't think these would require a jury. I also don't have such a jaded and hopelessly cynical view as you on our courts, which are independent and whose judgements are accountable, and can be appealed to higher courts with multiple judges.
When Russia or China do something like this, it is the State determining what content is available. This is individuals being given the ability to correct incorrect information held about them in a database by a company, and is in fact a right we in the real free world have had for a long time.
The only really interesting thing about it is that Google had to be forced to recognise firstly that it does in fact operate in the EU, and maintains databases of personal information. There is no new right, there is Google crying because it has to follow the law.
You're not a little confused, you're a lot confused.
Peter Sutcliffe cannot have his past forgotten because it is still relevant. He can apply to Google to have his past forgotten, Google can say "Fuck off and get a court order", and the court will simply say "Fuck off".
The recent court judgement says that when the court does order Google to remove invalid or out of date data from their database, Google must do so. Google's argument seems to be "bwaah! don't wanna!"
To clarify, the information is in Google's database, which is the link between the keywords searched for, and the resources found for those keywords. This judgement is that where a court has ruled that the resources contain invalid or our of date data that contravenes someone's right to privacy, then Google must not link certain keywords to certain resources.
The purpose of the court is to judge the relative merits of the individual's right to privacy and Google's rights, and Google do not have to do anything until a court has ordered them to. Google is upset because they don't want to do anything with courts at all.
Their solution is to they hire a raft of PR guys to spin this story as much as possible to confuse people in to thinking that this means people like Peter Sutcliffe can be erased from the internet. This form and the 12,000 "requests" that it has received are solely designed to give Google's PR people a story that they can spin to newspapers and confuse people further.
So far, they have had to remove one link to one article, containing out-dated financial information, when you search for one guys name, so that the guy can stop having it included in his credit score. That is it.
Poor google, how will they cope.
Pfft, this isn't the 90s, the Linux users are the trendy hipsters.
As for music streaming.... surely the geeks employed by Appfelsaft could have aye Tunes do this...hang on. Doesn't this exist already?
They've not bought it for the headphones, they've bought it for the streaming service.
They haven't bought the streaming service for its technology nor customers (although the latter helps). What they've mainly bought it for is to get access to contract terms that the music labels would give to Beats, Rhapsody and Spotify, but would not give to Apple.
Hey, I agree with you in principle, you should have said "name two succesful CE items from MS".
The sales track record of Windows ARM tablets is poor
Ah cool, I would never have figured out that was the gag the author was aiming for without your helpful assistance here. Could you explain the chicken-crossing-road joke again though, I still don't get it - something to do with the fact he is not on the other side at the moment!
"Overheating GPUs can lead to premature failure as I found out, even as little as 10% over spec long term can make that GPU last say three years instead of four before it shows problems."
Nothing like a bit ok anecdotal evidence on a sample of 1 to prove your point.
He's only provided anecdotal evidence, but you are being a massive dick for not understanding that not only is he 100% absolutely right, but that that it is a well known fact that as you place higher voltages through an IC or use it at higher temperatures, the shorter a working life that IC will have.
However, a GPU will be sold to work at a certain spec for a certain period of time. It might be rated for 3 years warranty. Using it at 100% utilisation for 3 years should not mean it would stop working after 3 years, but it might mean that it stops working after 4 years instead of after 9 years with modest usage.
The charts on this page should make you understand: http://www.anandtech.com/show/2468/6
For more detailed info, this article was published in Spectrum:
But we all know data mining is far more effective at both targeting the bad guys and ignoring the salacious but irrelevant data that human interaction might detour towards.
We do? When did we find that out?
I thought we had established that mass data collection has stopped no attacks in the past 13 years, and that human intelligence and target surveillance has stopped many.
I expect them to do it with targeted monitoring and human intelligence, not with data mining.
SHUT UP AND TAKE MY MONEY
No, they are growing a special kind of lettuce that people hospitalized on special diets can eat. Presumably, the place the hospitals used to get that kind of lettuce charged more than 3 times normal price.
Apparently if they used a different herb in the same hydroponic grow rooms, they would pay for themselves quite quickly.
Damn well hope my password wasn't encrypted, and was actually hashed.
It would have been more useful if they had said whether the passwords were salted or not. If my salted hashed password has been released, I'm totally "meh" about it, where as if my unsalted encrypted password has been released then I'm much more angry.
I was born with a hack that allows me to call people within 100m...
Trains aren't that shit to be honest. I spent 5 years commuting by train, for 4 hours a day. Occasionally something really unexpected happens, and you get stranded for 2-5 hours in the middle of nowhere - that happened to me just once.
Infrequently, the first branch service would not show up, because the train didn't end up in the right place the night before or overrunning engineering works. Branch services definitely aren't as reliable as main line services, but if your main line train is delayed, they'll often delay the departure of the branch line to compensate.
The only thing bad about the trains are the cost and the overcrowding. The former is only necessary due to the latter. Everyone tries to get on trains that arrive between 8 and 9 am, with later trains basically deserted.
I suspect that it is all rigged so that commuters all travel at the expensive time - there is no significant benefit to taking a later train if you travel most days, the season ticket is the same price. This then constrains the off-peak price, because if they lowered it too much, commuters would travel later and buy individual day tickets (which would, incidentally, solve those overcrowding issues on the trains and tube and lead to a more even flow of passengers throughout the day, but hey, less money, so lets nix that one).
Here's my list of desired features from the train companies:
1) Flexible season tickets - I want to buy a season ticket of 30, 60 or 90 non-consecutive days, especially as I am expected to work from home two days out of every five.
2) Flexible walk up pricing on non-peak trains - if the train is empty, it shouldn't cost you more than £1 to ride it.
3) When I give you £6000 for a years season ticket, and in return you give me a machine processable token to get through entry gates, then the token should be durable and resilient. A paper card with a magnetic strip that lasts 2 months tops (1 month if its also a tube travelcard) is not sufficient.
3a) Stop making me carry my photocard, embed it in the ticket
I get it perfectly well - the law says that when you accidentally give access to information to someone not authorized, you're not publishing the data, and when the unauthorized person access that data it is unauthorized access to a computer.
The law is a fucking ass. Putting something online is publishing, allowing someone access to data is authorizing them to access it. The law says that these things are not publishing nor authorization, and so the law is - obviously - wrong.
It does not matter that you did it accidentally - don't have bad processes.
It does not matter that the "someone" is an unidentified anonymous internet user - that is who you authorized to access it.
Businesses and courts don't like this because it made their lives difficult, so instead they made the law difficult. Much better to redefine what "published" and "authorized" mean in newspeak than to properly secure your data.
Anyway, the whole point of this was not about the vagaries of URL manipulation - TFA suggests you can infer information from your competitors, and indeed you very often can.
Just be wary when you realise you can extract a great deal of information from them and think about the legal implications before you fire up a script to capture all that lovely information - it might be illegal to retrieve the information they have "published" and "authorized" you to access, for the reasons listed above.
When you take data that is not available and make it available to people, it is called publishing.
If you accidentally publish and distribute 10,000 incorrect leaflets, it does not stop being publishing because it was a mistake.
Your competitors' websites can be a valuable hunting ground.
Yes and no. Say your competitor has accidentally leaked 0.1% of their records on their homepage, and you notice that by clever manipulation of the URL you can make it also reveal the other 99.9% (0.1% at a time), should you then go on to extract their entire database?
Common sense says that they have published this data, the law commonly comes down on those who extract databases in this way - just ask weev.
It's easy to get physical access when you're the guy paying the bill each month.
I am shocked and appalled....
...at the standard of grammer in this article!
Good job you don't mind the spelling mistakes.
ckm5: Show us on the doll where the cabbie touched you
There are reasons why regulation of cabbies exist - it is not just a cabal to limit supply - and it is unclear that the business model of Uber et al go far enough to obviate the need for said regulation.
But no worries, as you said, its not Uber's fault, we just need to re-align our thinking to accept low/no background checks on our taxi drivers, and having 10 mobile phones on the dash is de rigueur these days and not at all distracting to the driver.
This isn't virtualisation, it's emulation. The linked PDF does explain:
While virtual machines (VMs) are useful for desktop and
server computers to run apps intended for one platform on
a different platform [36, 44], using them for smartphones
and tablets is problematic for at least two reasons.
To address these problems, we created Cider, an OS com-
This is how FreeBSD's linux emulation works, the linux binary is linked to it's linux libraries, and a special rtld that maps any linux syscall (which would be handled by the linux kernel) to an equivalent BSD syscall.
For cider they have to do a bunch more work to make API stubs for iOS user-space libraries, but the premise is identical.
like Intel dynamically recompiling ARM code on x86 Android
Not at all like that, because this isn't recompiling or translating opcodes or anything like that, it is simply a shim around syscalls - the same original instructions run, not different instructions inferred from the original instructions.
Peter Dinklage is an awesome actor, check out these flicks:
The Station Agent
Death at a Funeral (2007 UK version, not US remake, although he is in both)
Eight Megs And Constantly Swapping
(another vim fan :)
The 'age' of the characters is irrelevant, the book is set in a fantasy world where there are dragons and magic and shit, there is no reason why their years == our years.
Timing is weird in Westeros - a good definition of a year is the time passing between seasons until you return again to the same season, and it has been "summer" for (at least) the past "15 years", so how a Westeros Year is defined is unknown.
Arya is 9 at the start of the books, Jon Snow 15. Do either Maisie Williams (17) or Kit Harrington (27) look 9 or 15? By the end of book 5 (maybe equates to season 5/6), they should be 11 and 17.
My conclusion is that Westeros years are longer than Earth years.
Well, one of the few complaints about GRRM is that it takes him an inordinate amount of time to write any one of his books. He apparently finds it hard to keep track of all the different stories going on, and is constantly editing and rewriting and moving bits around - I think I read somewhere that a typical writing day for him is 30 minutes new stuff and 8 hours editing.
Normally I'm quite happy to let artists do their artistic thing, but two things worry me about GRRM:
1) He's getting on a bit, and he's not exactly svelte. He takes, on average, 6 years for a book and he's got at least 2 left to write.
2) He's signed away the story of ASOIAF to the GoT crew, including the basics of the next two books. If GoT get to the end of book 5 (as a source; they've stopped following the books except in spirit) before book 6 is released, then spoilers will be in GoT and not ASOIAF.
Criminal copyright infringement is already criminal. There is such a thing as non-criminal copyright infringement, which, unsurprisingly, is not criminal.
It would be more efficient if they used a larger block size.
Actually, I've found the opposite. With my gigabit connection, my downloads go at 80+MB/s - thats megabytes, not bits - and as such, its very difficult to be constantly using my connection. 99% of the time these days, my connection is completely idle.
I would say that yes, possibly I download a little bit more than before - not much though, the majority of my downloads are automated, and haven't changed in quality nor quantity.
The main difference is that before my connection would have been utilised 20% of the time downloading things, now it is less than 1% of the time.
Really bad analogy with lots of holes: if you upgrade from a car that can drive to the shops and back in an hour to a car that can drive around the world in an hour then you might drive a little bit more than before, but you're not going to spend your time doing laps of the equator for the lulz.
You might however start going for coffee in Rome and the beach in Maui (think I've jumped the shark in this analogy now).
BT's best FTTP offering is 300Mbit down, 20 Mbit up for £60/month. 20Mbit is better than 1Mbit, but its a farce - there is no technological reason to not offer higher upload speed, BT just don't want you using more upload.
My ISP, Hyperoptic, only does FTTP (you have to be in a building they cover, usually new build), and they only offer synchronous connections - 20Mbit (£12), 100Mbit (£25) and gigabit (£50), all synchronous. It's even framed as ethernet where it comes in to my property, BT's FTTP still does PPPoE.
There is no right to be forgotten, there is the right to privacy (of the individual) and the contrasting right of free speech (of google). This judgement solely means that in circumstances where the two rights are in conflict, the court has the power to decide which right must be upheld, in that specific circumstance.
Google will not need an army of anything, since before anything will be forced to be removed by them, a court has first agreed.
However, for those using exclusively the likes of Hotmail, gMail, etc, encrypting in transit makes life that bit harder for spooks - they can't just dragnet them on the wire
If the email was encrypted in the users client, they still can't read it off the wire, so I'm not sure what your point is.
If they use a web-based client, their "client" is the web server servicing their requests, and all communication with that is SSL already (or should be). The "client" receives data over SSL, immediately encrypts it with the target users public keys, and stores a version encrypted with the senders public key (for sent mail).
Handling the decryption on the client side would require a piffly JS cryptography standard.
STARTTLS is popular with service providers because it gives point-to-point security whilst still allowing the service provider to do whatever they like with your cleartext - the poacher is telling the gamekeeper how to fix his fences.
We spend billions on making sure Joe Sixer can watch DRM'd HQ cat videos in his browser without the chance of Joe being so evil as recording it, but we cant spend 1% of that to properly fix email security...
Good article, however:
If you have a pair of virtual servers on a particular host and they need to communicate with each other, they do so via the hypervisor's on-board virtual switch: the traffic doesn't ever even hit the LAN switch underneath. By cutting out a number of layers
that's a bad example, as it isn't cutting out the layers, they hypervisor's virtual switch operates at level 4 (transport), and since the nodes are actually on the same machine, there is never a need to drop to level 3 (network). This is just ISO-OSI as it was originally envisioned - can you do what you need to do at this layer? "Yes - go do it" or "No - call a lower layer".
House of Dix, surely.
Please, the UK is hardly a repressed populace held together at gun point and forced to toe the line - mainly things don't change because mainly people don't give a fuck.
Conversely, it doesn't really matter how much you or I care, since that is irrelevant to the overall proportions. I can be miffed a little about it, or I can be raging about it, but the attitudes of society in general wouldn't change.
no-one who ever fought for their freedom (and won) were apathetic.
Definitely true, but it doesn't cover when 1% of the country really really really want to stop the 1% running the show, manage to do so, and become the new 1%. People don't just fight for freedom, they fight for control when they have none. The first control they want is "freedom", but "power" comes soon after.