Slashdot Mirror


User: dgatwood

dgatwood's activity in the archive.

Stories
0
Comments
14,277
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 14,277

  1. Re:Presumably A Hydrogen Fuel Cell on Volvo Promises 'Death-Proof' Cars By 2020 (extremetech.com) · · Score: 1

    I suspect that a hydrogen-based death-free car can also become a killer with the simple addition of a drill through the fuel tank.

  2. Re: Challenge accepted. on Volvo Promises 'Death-Proof' Cars By 2020 (extremetech.com) · · Score: 1

    Wouldn't cost more than a dollar or two to include a CO detector and engine shutoff.

    With a modern car, the catalytic converter results in almost no CO emissions. So these days, it isn't the CO that kills you, but rather lack of oxygen after the CO and other exhaust components bond with all the free O2.

  3. Re:Women are the majority of gun owners on TSA: Gun Discoveries In Baggage Up 20% In 2015 Over 2014 (networkworld.com) · · Score: 1

    "The vast majority of passengers just tell law enforcement, ‘I forgot.’"

    So, not worse. Just as can be expected, a non-issue.

    It's kind of baffling, IMO. We have to assume that these weren't found in what most people would call "luggage". After all, most sane people don't keep firearms in their carry-on luggage, because you would never be allowed to travel anywhere with a firearm packed that way—not in a plane, not on a train, not in a car, not in a jar, not on a bus, not with a fuss, not with a bear, not anywhere.

    So the only plausible assumption is that these are almost all in handbags that people carry around on a daily basis, which likely means these were mostly women (because few men carry anything approaching a handbag). That's way outside what most people think of as the main target demographic for concealed carry, which makes this, at a minimum, fascinating.

  4. Re:Not for sale in the state of California. on California Bill Would Require Phone Crypto Backdoors · · Score: 2

    It would. Unfortunately, I have little faith in Apple having the cojones to make that move, and unfortunately, they're the only ones who could. Google might try, but I don't think they have the ability to stop all the other Android manufacturers from selling weakened phones in California, so anything they could do would have minimal impact.

  5. Re:Wrong goal. on Can Author Obfuscation Trump Forensic Linguistics? (webis.de) · · Score: 2

    Alternatively, delete all the definite and indefinite articles. Then they'll blame your one Russian coworker.

  6. Re:Wrong goal. on Can Author Obfuscation Trump Forensic Linguistics? (webis.de) · · Score: 2

    You touched a key point there, without actually saying it, which is that the ability of forensic linguistics to recognize a person is inversely proportional to the number of people who could have written the content.

    For example, let's say that you're a native Russian speaker, and that your English grammar has certain linguistic quirks that are typical of Russian speakers writing English, e.g. missing all the definite and indefinite articles ("We read book, da?"). If exactly one Russian has access to some piece of information that is contained in the piece of writing, you're screwed. If there are a hundred Russians with access, those particular linguistic quirks no longer provide much help at identifying the author.

    One possible takeaway is that the best way to leak something is to anonymously post evidence somewhere without comment, then separately anonymously report that you noticed it, and bring it to someone's attention. This potentially vastly broadens the pool of people with access to the information, and thus makes your linguistic quirks less meaningful. However, this requires a significant time delay between the two posts. Otherwise, one would still strongly suspect that the original poster made the "discovery". But if you can stand to wait a year or two, you're golden.

  7. Probably not terror at all. on High-Tech Attack Alert For 2016 Super Bowl (thestack.com) · · Score: 3, Interesting

    I'd be willing to bet that all of those fiber cuts were caused by would-be copper thieves who didn't know how to tell the difference between the two. Copper wire theft is happening fairly frequently in the Bay Area, thanks in no small part to growing poverty rates.

    Ask yourself which is more likely—a few people trying to make a quick buck or a vast underground conspiracy of terrorists trying to find the optimal places to sever fiber lines to maximally disrupt communications and delay emergency response so that they can attack the Super Bowl in some way... and doing it by randomly cutting the lines to see what happens, rather than by stealing maps of where all the fiber goes....

    I mean yes, there's a chance it is terrorism-related. There's also a chance that someone stole Adolf Hitler's DNA and cloned him in a secret laboratory so that he could bring about the end of the world, and that these fiber cuts were caused by his clone army of mutant mice with laser beam eyes. I'd bet on the latter before the former....

  8. Re:When every mirror has everything on Tension Escalates Between Netflix and Its TV Foes (nytimes.com) · · Score: 1

    Ah. I understand the confusion. I think you're talking about specific servers within the node, as opposed to the node as a whole. Yes, specific servers may or may not have specific pieces of content, but the node as a whole ought to have all of the most popular content (statistically) on at least one, and maybe multiple servers within it.

    And to the extent that those servers have independent URLs (as opposed to being figments of a load balancer's imagination), knowing the host name might narrow it down to one of a few thousand titles. I doubt you can do much better than that, though, because presumably the bit rates are comparable across all content (at least within a given quality class). And it seems likely that popular and unpopular content would each be evenly distributed across nodes for load balancing reasons, so you can't really say that cdn31-chicago-companyname.akamai.net is the one that contains the popular TV shows. So I can't imagine that knowing the hostname would tell you anything of value, really. Am I missing something?

  9. Re:When every mirror has everything on Tension Escalates Between Netflix and Its TV Foes (nytimes.com) · · Score: 1

    You don't know that all nodes have the most popular content. You're guessing.

    Of course you know that. The whole point of using a CDN is to maximize the amount of content that gets delivered without having to go upstream to the main servers. You're guaranteed, therefore, that anything above a certain popularity threshold is going to be cached by the CDN. If the most popular content is missing from one of the CDN nodes, then that node is fundamentally broken.

  10. Re: Meanwhile... on Tension Escalates Between Netflix and Its TV Foes (nytimes.com) · · Score: 3, Insightful

    Netflix didn't "start as mail order" and then "switch to online". ... It was ALWAYS online. It was always DVD only.

    The term "mail order", at least in post-1921 usage, refers to the means of product delivery, not the way that the product is ordered. We still call it "mail order", whether the ordering happens by mail, phone, or the Internet. The vast majority of mail order businesses do not take orders by mail.

    So yes, the GP was completely accurate when it described Netflix as being a mail order company originally, then switching to online (streaming) delivery.

  11. Re:How would that work? on The President Wants Every Student To Learn CS. How Would That Work? (npr.org) · · Score: 1

    I'm right on the border on all of those INTJ things, in every category. You don't have to be a major introvert, nor any other personality type. That's pure myth. The IQ above 110, I could believe, but that's approximately 25% of the population, which means there are about 75 million people in the U.S. with the mental aptitude to me programmers, and only 1.1 million jobs in the field.

    In reality, I think that's an overestimate, though, because programming involves both math and... well, for lack of a better word, art. It requires both a strong left and right brain. This puts you down in the low single-digit percentages of the population, which is still an order of magnitude more than actually go into the field, but is more believable.

    On the other hand, a lot of the way our brains are wired comes from our life experiences. The more you use various parts of your brain, the better they become at doing various tasks. Compare how easy it is for kids to become bilingual with the relative difficulty for people who get to high school without ever taking a second language, for example. It seems equally likely that a lot more people would have the mental faculties to write software if they began doing things that exercise both sides of their brain at a young age.

    Note, however, that this need not be programming. Logic is helpful, sure, but music and art also have a big impact on programming ability, and music in particular. It isn't a coincidence that there's a strong correlation between computer programmers and musicians. It makes heavy use of both sides of your brain in ways that basically train your brain to analyze and extend complex structures. It has concepts like loops, rules for how music is constructed, patterns for what sounds good and bad, etc. In effect it is the world's simplest programming language, and it is one that you can begin learning at a young age. In my opinion, if you want to increase the number of future computer programmers in the absolute cheapest, simplest way, bring back music in K-12 schools. Start kids singing and playing the piano when they're still young.

  12. Re:How would that work? on The President Wants Every Student To Learn CS. How Would That Work? (npr.org) · · Score: 1

    When I was in high school they offered C, then it was visual basic, then java, now javascript, what will it be by the time your science based testing works?

    You're lucky. When I was in high school, they mandated "computer literacy", where they taught us how to use MS Word, do basic stuff in a DOS-based spreadsheet, and taught us how to touch type. I still remember the coach telling the class "you'll never get up to 20 words per minute with two fingers". Just for fun, I decided to see what I could do with two fingers; it involved basically memorizing the content to be typed, but it was well over 60. I wrote a movie script during the spare time I had while everybody else was doing their assignments. I also had fun modifying a bunch of GW BASIC games to behave in unusual ways.

    I'd be happy if high school just required everyone to take a formal logic class, covering everything from boolean logic to logical fallacies. That's in many ways a precursor to programming skills, and it would be a heck of a lot more useful in most people's lives than experience at writing trivial bits of code (particularly in the soon-to-be-dead programming language of the month) would be.

    Unfortunately, no politician would vote for this, because they would know that it would eventually cost their party its electability (regardless of which party). But I digress.

  13. Re:Comp Sci requires good Math skills on The President Wants Every Student To Learn CS. How Would That Work? (npr.org) · · Score: 1

    We had some basic logic in high school—inverse, converse, contrapositive, and all that stuff. I feel like it was part of precalculus, but I could be remembering wrong. Either way, it was definitely in there somewhere. It wasn't nearly as thoroughly covered as it was when I took a class in grad school about logic, of course, but it covered the basics.

  14. Re:How would that work? on The President Wants Every Student To Learn CS. How Would That Work? (npr.org) · · Score: 1

    Except that programming isn't inherently difficult. It is inherently tedious and rigorous. There's a difference. There's nothing hard about coming up with a series of instructions. Most human beings are capable of doing so.

    Unfortunately, as I'm wont to say, the best thing about making it easier to write software is that more people will write software, and at the same time, the problem with making it easier to write software is that more people will write software. You see, there are a few characteristics that IMO are consistently present in good programmers, but are not necessarily present in the general population to a similar degree:

    • Curiosity. Programmers must always wonder why something does what it does, because that leads to understanding how to do things in ways that will work.
    • Self-starters. Programmers must be willing to figure things out without being taught. That's not to say that formal education isn't useful, but there won't always be books about whatever you're trying to do. You have to be willing to try things, see how they behave, adapt what you're doing based on what you learned, and keep doing this. Otherwise, you're eventually going to get stuck, and you won't get unstuck.
    • Willingness to throw it away and start over. This is the hardest one. Sometimes, something doesn't work, and you have to go back to the drawing board. A good programmer sees this as a bump in the road, rather than as a personal failing.

    These characteristics are almost always present in people who at least started learning programming on their own. Introducing everyone to programming is likely to just result in a lot of people who are capable of writing code, but not very well, because most of them will lack those characteristics. As a result, you'll get programmers who:

    • require a ridiculously detailed spec, and implement something to the spec even if the result is nonfunctional.
    • constantly ask for help implementing the simplest things because they're afraid to make a mistake.
    • won't look for ways to improve it beyond the spec, because they aren't driven by the same level of curiosity.
    • back themselves into a corner, and keep trying to fix it by tweaking corner cases instead of recognizing that the whole design is wrong.
    • run into a wall and never get past it, because there's no Stack Overflow post telling them how to do some particular task.

    I'm sure you know some programmers like that already. The last thing we need is for them to be the majority.

    There are, of course, many other important characteristics (the traditional list including hubris, laziness, and I forget what else... and am too lazy to look it up at the moment), but the ones on the list above are, IMO, more important than any of those. Either way, I'm getting tired of this post, so....

  15. Re:What else is searched for on Anti-Terrorism Hypothetical: Bulk Scanning of Hosted Files? (justsecurity.org) · · Score: 1

    I would hope that they report a hash plus the file size, to reduce the risk of false positives.

  16. Re:Citation is a form of professional respect on Use Code From Stack Overflow? You Must Provide Attribution (stackexchange.com) · · Score: 2

    Citing the original source of snippets in the source code is fine, and is actually pretty useful, because when somebody goes and reads the source later, it helps explain why somebody did something. It also gives the creator credit in front of people who would actually appreciate and understand why their snippet is cool.

    Citing the original source of snippets in a closed-source app is more problematic, because it tells the end user absolutely nothing other than that a tiny snippet of code exists somewhere in the application, and it is unlikely that the user perceives any benefit from that snippet, making the attribution largely a meaningless gesture. And the snippets are usually too short to enjoy copyright protection anyway, making citations legally unnecessary. But those attributions do make it (at least slightly) easier for someone to copy the functionality of those closed-source apps; if that were desirable, the original author would have published the source code to begin with, so from that perspective, resisting any unnecessary attribution makes a lot of sense.

  17. Re:I've always done that on Use Code From Stack Overflow? You Must Provide Attribution (stackexchange.com) · · Score: 2

    This is about informing the customers, as per the MIT terms ... But on the upside, perhaps this discourages c&p coding.

    Actually, unless I'm misreading, the plan is to be MIT with the attribution requirement removed, unless the poster explicitly asks for attribution. IMO, this makes sense for short code snippets, because they're arguably too short to enjoy copyright protection anyway (there's often exactly one way to do it), and this eliminates ambiguity on the subject. For longer code, if you want to request attribution, posters will be allowed to do so.

  18. Re:Apple is New to Reacting to Security Threats on Apple's Gatekeeper Still Broken (csoonline.com) · · Score: 1

    The biggest issue right now as far as most people are concerned is javascript that hijacks a browser and tricks people into thinking their computer is completely locked up and that they need to call some tech support number to get it fixed. I recently had a relation call me about this because they didn't want to pay the $400 to get it fixed, which is what the website says they need to do.

    Agreed. I've gotten similar calls. And the problem is so simple that I can't believe Apple hasn't fixed it already (unless they have, and I just haven't noticed yet):

    • Stop disabling the window close buttons while a JavaScript pop-up is visible (and when clicked, kill all active JavaScript and pop-ups associated with that window).
    • Add a scroll view into JavaScript pop-up alerts so that it will be impossible for a malicious website to put so much text in an alert that the "Supress additional pop-ups from this window" bits end up below the bottom of your screen.
  19. Re:Lack of interest based security on Apple's Gatekeeper Still Broken (csoonline.com) · · Score: 3, Insightful

    In any mode, you can run an unsigned or non-Apple-signed installer or app by control-clicking on it and choosing "Open".

  20. It's not just about a moment of graphical corruption, that's an annoyance. But a process being able to access the RAM leftovers from a previous process is begging for memory based attacks. Even though it's on the GPU, it's a vulnerability. What's to say that GPU wasn't just displaying banking info? The OS should not assume the application is friendly and blanking the VRAM. That security is on the OS.

    In principle, I agree with you. In practice, though, this sort of bug is really easy to make when designing something as complex as a VM system, and is a really easy way to leak data. It is the sort of thing that a browsing mode designed to keep all browsing data temporary really ought to behave defensively, explicitly taking steps to prevent such leakage, regardless of what the OS does or does not do to prevent it. For that matter, older GPUs don't even support memory virtualization, so browsers can't count on the OS even being able to prevent arbitrary apps from screen scraping; the best they can do is minimize the attack window by not keeping data in VRAM any longer than necessary.

    Also, what I saw described was not necessarily indicative of improper access, I don't think. The original story (assuming I looked at the right original story) was about somebody's previously viewed porn showing up atop some video game. The fact that the process eventually gained the rights to write to a page (thus filling the buffer) does not necessarily mean that the process already has the rights to read from that page (thus gaining access to whatever was already in the buffer). If it is a virtual framebuffer or similar, there's a possibility that the OS was in the middle of the wipe when the window manager began some compositing operation, but that the original process (into which the memory was halfway through being mapped) didn't have access to those pages yet.

  21. Copy on write does not work that way. It copies the originally mapped page, which is a single pre-zeroed physical page that is kept around specifically for that purpose. That copy operation completes (thus wiping the victim physical page) before the OS returns control to the process.

  22. Re:Oh yeah! on Seagate Adopts Helium For a 10TB HDD (computerworld.com) · · Score: 1

    No, no, that means the leak was properly prevented. You'd know it leaked if the information was actually available outside the company. :-)

  23. Re:Careful on Seagate Adopts Helium For a 10TB HDD (computerworld.com) · · Score: 1

    Well, I guess you could try spinning it up and yanking the power repeatedly until the emergency parking shears off the heads on the park ramp. Then repeatedly seek the drive to the outermost track and hope that the remains of the head manage to puncture the outside of the enclosure. Full disclosure: you'll probably have to seek the drive by manually applying voltage to the stepper motor, because the drive probably won't even show up on the SATA bus if it can't read track 0.

    Worth a try, anyway. :-D

  24. Re:Simple explanation on Nvidia Blames Apple For Bug That Exposes Browsing In Chrome's Incognito (venturebeat.com) · · Score: 5, Insightful

    Not really. An application will typically allocate and release memory all the time, being forced to clear it every time is massive overkill and a performance problem. The driver exposes the GPU memory, the OS allocates it to applications just like with RAM. It's the only one that knows when memory switches application context and must be cleared. So there's really only one sane solution.

    The usual solution is basically:

    • Whenever you add a new page into an application's address space, you map a zero-filled page as copy-on-write. If the page never gets touched, it is zero-filled, and you take the performance hit only when it ceases to be all zeroes.
    • Small allocations are allocated using a pool allocator backed by those pages.

    This works well as long as the CPU is in charge, ensuring that any dirty data must have originated in some other part of the app (by reusing a pool region). Where it starts to get hairy is when you have a GPU that has access to all of RAM and uses a separate page table with separate COW flags, etc.

    I'm not certain what went wrong in this particular case. However, I do remember a really annoying change in about 10.6 or 10.7 where Apple stopped using a vertical blanking interrupt to control various aspects of the GPU's operation and maybe some other parts of the OS. This improved battery life, IIRC, but the result is that you'll often see the GPU draw a frame of video before the previous contents of VRAM have gotten wiped. I would not be at all surprised if that was what happened here.

    As for whose responsibility it is to clear the memory, my gut says that if Chrome wants to guarantee that its video buffers are cleared, Chrome is responsible for doing it. Otherwise, it should assume that VRAM is a shared resource, and anything it puts in VRAM can potentially be accessed by any other app at any time for any reason. With that said, I'm open to other opinions on the matter.

  25. Like have an outdoor light on your house when it rains?

    Not all bulbs are created equal. You'll notice that flood bulbs (whether halogen or otherwise) that are designed for outdoor use have a much thicker glass envelope than indoor floor bulbs, precisely so that they don't explode when they change temperature suddenly and unevenly, such as when they get hit by droplets of cold water outdoors.