1314 posts • joined 7 May 2012
But it is him. He just can't bring himself to prove it.
Re: I laugh yellowly!
Since when does prior art stop anyone getting a patent approved?
/Mutters to himself as he walks towards his shed, sliding the bolt to unlock the door.
You are confusing VPN with region shifting. Netflix know who I am. They require me to authenticate. They have my credit card number and would be able to determine its country of issue. They have my mobile phone number and could validate with 2FA. I am not asking them to let me watch the US library.
So do you think that Temkin is being altruistic here? Or is he complaining about how some not for profit is costing him another 5c per subscriber that he would prefer on his bottom line...
Can these organisations be more efficiently run? Probably, I'm yet to see any organisation without some form of waste, but your wallet doesn't care whether the money in it came from an extra sale or a reduced overhead. Their VPN block is both an overhead to maintain and a real customer pain point as paying customers hey caught up in the collateral. If you want a bigger bottom line, stop making your customers choose between privacy and your product.
Pot meet kettle
How much are Netflix wasting in VPN blocking? I'm not even referring to region shifting here. They can at least blame rights holders on that one. Why can't I, an Aussie, with a service paid for on an Australian credit card stream the Australian Netflix library whilst connected to an Australian VPN gateway.
I get the choice of my browsing being slurped by every man and his local library debt recovery department secured by a bunch of muppets who couldn't organise a pissup in a brewery, or watching Netflix, or saying stuff this, it is to hard to buy content safely and otherwise acquire it.
agreed, Musk definitely one of the Bond
Re: Missing the point...?
> aimed at trying to stop criminals from anonymously accessing their services
If that is the yardstick that we should measure this by then it is a terrible idea on 2 accounts.
1. It is ineffective. It doesn't stop access from desktop environments, and let's be honest, cyber crooks are hardly going to bother fiddling around on phone swipes unless it makes their job easier. It also cannot detect whether the traffic has been transparently routed through tor between the phone and the net, so fails it's goal even if that was a good approach in the first place. Even VPNs would easily defeat the ability to track the true location of the client.
2. There does exist a simple to implement and much more effective approach in the server detecting and refusing to deal with communications arriving from tor exit nodes. This could then display a simple message in the app to say. Sorry, you can't use this service via tor. Please disable it and try again. Oh, and that works on desktops and transparent tor routing too. It also works with public VPNs (hey, we are concerned with being able to identify the actual client ip right?)
Just tried kmacs suggestion but got
Screw this. Going to stackoverflow to get a proper answer.
That query isn't very helpful
Re: Shame, he was still young
Or automatically applied to any post with exactly 55 votes.
The algorithm you describe is for the house of representatives vote, but the Senate works differently because there are multiple "winners".
The way it works is that a quota is established by determining the number of voters divided by the number of positions+1. In say NSW, there are just shy of 5 million voters and there are 12 senators in this election. Therefore the quota in NSW is going to be (5M/13) + 1 ~384616
In the first pass, everyone's first preference is counted.
For those people/parties that exceed that magic number, they get a seat (or 2 or 3 or whatever until the remaining are below that magic number). Say a party got 500,000 votes. They would pick up a seat, and 115,384 votes would be transferred at a weighting of 115,384/500000 = ~23% to the second pick of all of those 500,000 people.
That action itself may even allow another person/party to reach quota and give them a seat. Once all the "transfers" are done, the candidate with the lowest count is eliminated ("excluded"), and their votes are transferred to the next preference of the voter.
If this causes someone else to reach quota, the transfer happens again (recursively if that causes another to reach quota too).
If no-one else can reach quota, the next lowest is eliminated and their votes head down to the next preference.
And round the circle we go again.
At the end of this process, all positions will be filled.
The process is complicated, but does hopefully provide a representative result. The big complaint (apart from a sore head trying to take all that in) is that those preference flows for the majority of people who vote "above the line" are opaque as a result of the horse trading that goes on between the parties.
The basic reason for this process though is that similar leaning parties would otherwise end up splitting the vote.
open source now
There's is no excuse for proprietary closed source vote counting systems.
In 2013, about 1000 votes in Western Australia were lost. Due to the preference flows, it got a choke point about a zillion candidates down where a handful of preferences of voters of certain micro parties multiplied out to a radically different results. After computer modeling of likely patterns, they determined that those lost votes really could have changed the senate make up. So millions were wasted again asking that state to vote again.
The AEC really needs to step in here and support efforts to build a citizen reviewable, auditible, block chained vote counting system. Transparency is the key to free and fair elections.
Oh, and Antony Green is a bloody genius.
Re: Who's behind it?
Reported elsewhere and a bit of googling later, ALP use this mob Seems to be some union involvement but at least on the surface seems like it's arms length.
In terms of parakeelia though
"Its directors include federal Liberal director Tony Nutt and the party's federal president, Richard Alston."
"Last financial year, Parakeelia transferred $500,000 to the federal Liberal division, making it the party's second-biggest single source of funds"
So it's quacking and walking like a duck, but by all means draw your own conclusions.
Re: Just sit still, this won't hurt a bit.
Ah. I see. Visiting LinkedIn is the new way that you can opt in* to GWX. Got it.
* Come on, it's no worse than their current definition of opting in.
Re: Silver Bullet
My password used to be password, but I changed it to dadada.
Re: Automatic Updates.
Wait shouldn't there be a duck between the turkey and the chicken?
Oh don't mind that. It's just a temp folder for gwx
if they really want fibre to become invisible...
Perhaps they could have a quick chat to the good folk at nbn. They seem to have found a way to make lots of promised fibre disappear.
For those who missed the joke
mongo didn't eat anything
Now I'm not a fan of the NoSQL fad, but Mongo worked exactly how all NoSQL databases work by design. They trade off transaction isolation for performance. Or put another way, why do you think that these things can be faster than a traditional rdbms? It's defined by the very overheads it can disregard. It is a terrific compromise for certain types of problem but people really need to stop using it for problems requiring ACID.
As for "write your software with the above race condition in mind", that's kind of backwards advice. If you write your own locking or serialisation, I will promise you here and now that it won't be as efficient as the rdbms that you are trying to avoid in the first place.
> Total traffic on the internet this year is going to surpass the one zettabyte mark
And that's just GWX doing its thing on all those folk who thought that they had hidden the update.
Why does an Android keyboard need to see your camera and log files – and why does it phone home to China?
Re: Almost every app I consider for installation
Android 6 permissions model works differently. You don't grant any permissions* until the app tries to use that feature (basically the same as iOS). You can also retrospectively revoke permissions even on legacy apps (which may cause them to crash, but my personal experience is that most of my apps survived the denial of things that are not functionally related to the app's purpose)
* admittedly that's Google's version of any, meaning it can still do network etc.
> Bet you a pint they just added another da?
Nope, changed all the a's to @.
Re: Making a hash of things
> If anyone manages to break into or steal the database, all they have is hashes, from which it will be very hard to reverse engineer the password itself.
Before throwing stones here, a consumer grade GPU can compute 18 billion (yes with a B) sha1 hashes per second. Most English dictionaries have between 80 and 500 thousand words for some perspective. Or the hash of every possible 5 character password within a second. Very hard should always be understood in context of available number crunching capabilities.
But yes, there is a good chance that the passwords were not hashed enough times with sufficient salt.
It is also a really dumb password and was reused at multiple sites.
Re: Do you have any tea?
> Just because all beer is made from hops, water, yeast and barley does not mean all beers are the same!!!
Certain American versions seem to contain exceptional quantities of the second. Other Aussie brands mix them so terribly that they have to export them cause they're is no way WE'D actually drink that crap.
Re: 9 1/2 shoes
> I guess centimetres and the like vary from country to country??
Would that be African or European centimetres?
Re: Oracle asking for "non proportionate share of revenue"
The fact that it "used something that is basically Java" needs to be broken down a bit because that indeed contributed to the success. The important part of the "basically Java" from a skill transfer perspective is that the API is the same. For example, if you are looking at the String class, a newcomer won't care whether the substring method is the same or different internally, just that the method name, overloads, parameter names and types are the same. It's this API that would have fair use defence, so by that argument, the popularity is based on something that'd qualify for fair use.
Google play is a red herring. You don't have to pay Google anything to sell an android app unless you want them to host it in play. You can alternatively side load it or push it via other android stores by the likes of Amazon, Samsung. It is a hosting, supposed vetting, indexing and processing fee, not a licence fee.
I see this as a bit of a pox on both their houses. Oracle has every right to assert ownership of the *implementation* of the methods that they write and choose to licence it however they wish. I agree with the author on that point; that it equally protects copyleft code. But they cannot copyright the API itself, that is, Google can use the interfaces, structures, data classes, method signatures necessary to deliver the functionality specified by the API but must write their own implementation of those or licence it appropriately.
Oracle are being a bit tricky by omission. If they were being honest about it they would asset Google's right to the interface "code" and reiterate that their complaint is about the implementation code only. But I suspect that would drop the lines of code violation quite handsomely if they don't count those. If I was in oracle's line of business with some other global 3 letter megacorp that could claim ownership on a rather significant API and would therefore be making that distinction at every opportunity.
Google are being tricky here by pretending that some of the items weren't copied. Notwithstanding that for trivial methods, the same code can quite easily be independently written and that with the advent of refactoring tools that just renaming variables to make it look different might only take a few seconds, it certainly looks suspicious to me.
Oracle are also asking for what seems to me to be a non proportionate share of revenue here. I work with two pieces of business software weighing in at give or take 3 million+ and 500 thousand+ LOC, and that is nowhere near the complexity of a modern operating system. It's got me thinking about the status of snippets provided on stack overflow too. I can well imagine a number of methods that are heavily inspired by answers in similar forums. 11 thousand, whilst significant, is likely to include many fair use elements and even o methods that Oracle may find that someone else invented.
Certainly not the quantity of emails that could be called a database. Do their systems not have safeguards to bounce if too many addresses are in the To or Cc fields?
questions before I buy one
For how long will Samsung provide security patches for it?
How long will Samsung guarantee to keep any services alive that are required for it to function?
The next version of gwx will be renamed to taskkill.exe. It will have some optional switches though, like /F(orce) and /IM(mediately).
Re: @Michael Habel - What an absolute
> Except maybe systemd
I see your systemd and raise you a svchost!
Re: What's the point?
> At a discount I would have thought
Good idea. It might be hard to work out just how big a discount is needed though. Too little and they won't sell. Too much and they won't make as much as they could have. I have an idea. Perhaps they could just offer to sell it to whomever offers the highest amount?
Yes. By all means require/hold that number. Just stop tricking yourself into believing that knowledge of it somehow authenticates the holder of that information.
It's kind of like your date of birth. It's a data point about someone but it is unchangeable and hardly secret.
Additionally, licence numbers are almost certainly vulnerable to enumeration attacks. Something amiss with a licence number should be a red flag to investigate a bit deeper. No more. No less.
It feels really weird to be standing up for the RTA or whatever they call themselves these days, but it seems to me that fingers are pointed towards the wrong people.
There are two numbers, a licence number and a card number. The card number changes each time that a new card is issued, so can be in effect "cancelled". Why are credit agencies etc using the licence number if they are a target for identity thrives? There are many reasons why someone needs to share that ID. Just try signing up for any service, setting up any account, superannuation fund, insurance, loan, school enrolment for your kids or whatever without having to provide it to be photocopied.
* Yes I'm aware how Ponce is pronounced
the craziest thing about it is
If not for the rampant, er telemetry, and gwx, it's actually quite nice. I would even be recommending it save for the frankly frightening way they are behaving here.
It reminds me of a dog chasing a car. What does it actually think it will achieve by upgrading my media centre PC to a version that doesn't support media centre?
If the upgrade had three buttons
Not sure, ask me later; and
No, don't ask again
We would be praising them.
> Unknown to Michaud, at the time he's accused of viewing the material, the server was already under the control of the Feds.
Shirley that sentence is getting pretty close to libel. I'm making no assumptions about whether he is guilty or innocent here, but one would expect the whole point of the defence argument was that he never accessed that site. If that is true (presumption of innocence and all that) then it would make no more sense than pointing out that Chirgwin did not know at the time that Michaud is accused of viewing...
The point here is that "we have secret evidence that proves his guilt, trust us" doesn't cut it. Perhaps with the opportunity to review and contest the evidence, an innocent man could be spared from unjust punishment, or perhaps it proves guilt beyond reasonable doubt.
Actually, I think they are using Grass, Leaves, Or Nutrition for Donkeys; or GLONASS for short.
Re: The trouble with goats....
There you go folks. Straight from the
horse's donkey's mouth
Re: Predicting Problems
> If it needs to work in case of power loss it should be driven by a bunch of cylinders with compressed air
Yeah, it's not a PV array. The tower already contains thousands of L of superheated stream because, you know, it's kinda how the whole contraption actually works. Pretty sure they can figure out a way of converting some of that energy.
A spring loaded (or even gravity dropped) shutter could cut the power entirely within seconds for relatively little cost. Both could be passively activated.
Re: Predicting Problems
Surely a far simpler solution would be to lower the shutters over the mirrors. I should patent the idea. Except it is probably what they actually did. I know, on a mobile device ....
> I'd almost forgotten just how amazingly fast a rocket can actually go
Particularly those that have just seen an Australian spider.
If they can already figure out the part of the problem that I thought was intractable (freedom fighter or terrorist), surely they can do better than to just shut down access? Why not just replace all the download links with GWX.exe? That'll stop people searching for it.
a couple of misleading statements in the article
Firstly, a MitM scenario is what we call "the norm". It is highly unlikely that you have a direct connection from your computer to the server. There are most likely a dozen networks that get traversed. It is not some afterthought that the guys behind HTTPS didn't consider
Being a MitM allows you to 1. Observe and 2. Manipulate any bytes traversing that link. For HTTP, that means that pages can be manipulated and any credentials can be easily obtained. Some popular IT news websites even fail to use HTTPS in their comments if you can imagine that. Equally, mixed HTTPS via a HTTP page is not safe.(eg).
But HTTPS is different. The design of HTTPS is that your browser demands the site prove that it owns a certificate by signing a random challenge issued by the client. The server gives it's public key which can be used to decrypt the response and reveal the original challenge, the certificate is signed by a trusted authority, which hopefully means some diligence was done that the issuer. Without getting a hold of the private key of a CA, or otherwise convincing them that your certificate should be signed, you will either have an invalid signature or a CA that your browser has never heard of. In both cases, your browser will make it known to you that it isn't satisfied.
The theory works, setting aside whether the CAs are trustworthy. The problems are in the implementations. The Apple GOTO fail bug was basically a failure to validate the signature on the certificate. POODLE works by interfering with the negotiations about what algorithms the client and server have in common, and basically tricking them into communicating using a very weak key. That is easily mitigated by either the client or server having a somewhat recent security patch applied.
Sslstrip works by tricking the client into using plain old HTTP while it works as a proxy, talking using HTTPS to the website (HTTPS validates the website identity, not the client identity, and you just gave your credentials to a proxy which is now emulating you.) It's not magical. It is also not going to get past hsts so I seriously doubt a modern browser is going to leak Gmail over HTTP.
Re: Functions returning multiple values.
It's not a mountain different to current techniques like int.TryParse() returning both the success and the value if it was successful or dictionary.TryGetValue returning both whether the object exists in the dictionary and the object itself when it does.
On more than one occasion I have created a class that inherits tuple and named item 1 and 2 via getter methods and named constructor parameters. It works nicely but can be very verbose.
Re: Programming Peter Principle
> Obviously, YMMV but LINQ, the TPL, async/await, yield return (etc.) all make the older alternatives look awkward.)
Perhaps, but it can also hide a bunch of inefficient loops (thinking linq).
I saw the following line a month back
Var myshashset = new hashset<int>();
// Put some numbers in it
if (myhashset.Any(a => a == 5))
Put a million numbers into your hashset if you want to know why that is such a bad idea.
Another one I saw was two consecutive aggregate functions, which I had to point out to the author that they were iterating their whole dataset twice.
The others though are brilliant.
choose your poison
Secondary impacts do cause a lot of injury but the rolling up and over motion also means that the pedestrian isn't absorbing as much of the momentum, lessening the injury. Affixing them will result in much more momentum.