You can think of the database load at Wikipedia as only being generated by editors. And they have a VERY high ratio of non-editor traffic to actual editor traffic (even counting all the goddamn spam edits). Casually browsing Wikipedia shows you a stream of pages from cache, it is very unlikely that any of your requests actually even touch the database. If "good enough" distributed database systems are all we need then hell, seal up the Mysql code base and call it a day. But Wikipedia (or whatever great, world-changing project comes after it) can't survive for long on stale technology.
The majority of the internet would disagree with you. I'm not a big DB person but I do use MySQL on my hosted website. I'd happily go to Postgresql if my provider offered it though.
So many people (99%-ish?) use MySQL as a multi-user sqlite, to organize a few thousand rows for personal sites. And that's great, Mysql is well understood and lived long enough as a fully open source project to be a good choice. But people who use databases for *serious* work (not to devalue anyone's blog, but serious here means many tables of 1M+ rows) there is a vacuum in the open source space since the innovation that used to happen at MySQL is now kept private.
Seriously, didn't anyone see this coming? "Swipe" the card and bam -- the purchase is done. How can that be considered secure? No signature, no PIN, no CVV, nothing; just pass it, and it's done. How the fuck was this even considered for adoption? Now, what everybody with half a brain imagined is happening.
Sure they all saw it coming. And "smart chip" credit cards that would hold biometric authentication have been teased for a decade. Problem is, security doesn't *sell*. Not when you can just tell the merchant that fraudulent use is their problem, and then give them no viable way to increase security aside from asking tellers to ask for ID (and we know how well that works).
I suffer from this, and I'm thinking maybe I'm just going to load up Tetris on a two-display mirrored setup, make something out of cardboard so that each eye can only see one of the displays, then use paper to cover relevant part of each screen. Might work.
Interesting idea. You could get a bit of polarizing sheeting (from a science supply store or similar) and rig up some glasses that have perpendicular polarization. Then, if the screens happen to be polarized the same way just rotate one 90 degrees and rotate the image via the PC (not sure if software mirroring will still be an option). I am brainstorming ways to do this as well, it would be great if a 3d monitor could be rigged to show two desktops to each eye, then its just a matter of coming up with an app that plays the same game in slightly different ways on each desktop.
Archery isn't very dependent upon both eyes as far as I can tell. Fencing probably, but not archery.
Your depth perception is only useful at somewhat close distances as far as I'm aware, say 30 feet or less, and I think even that is pushing it. I could be wrong on that number, but that's just the way parallax works - your eyes would have to be further apart to be more effective at judging depth at longer distances.
Depth perception is one thing that two eyes accomplish, the other thing is generally increasing fidelity (since details that each eye picks up are combined) which can be very beneficial for precise activities at long distances. For example, I have amblyopia and have no problem driving (assessing distance/speed of something 5 feet wide/tall is easy even at 100' away) but i will be damned if I can play tennis/pingpong with any efficiency, even after practicing a fair amount.
Seeing as this was only a university study (and not a company project), I'm afraid that they'll publish a few papers, get their citations then move on to other things with only a prototype developed and no plans to sell it (sorry but I'm not a do-it-yourselfer and probably wouldn't want to try putting one together by myself even if the plans/source code were freely available).
So, maybe, could an Oculus Rift developer come up with this or an equivalent program? Even if the rights to Tetris are unavailable, I'm sure a similar game could be devised that would provide the same functionality (less the annoying soundtrack!;)
Or does the Oculus Rift API only take in a high level 3D scene description and independently render the two, slightly dissimilar viewpoints? I assume not but, if so, perhaps they could be prevailed upon to add some new APIs.
It would be nice to be able to see in 3D. I might actually be able to play some ball sports (ping pong, tennis, football) with some proficiency.
From the description in the study, all you really need is a way to send two different video signals to your eyes. Oculus Rift sounds cool but it is for VR/immersive type gaming which is beyond what is even needed. The technique for the tetris "Game" they describe could be done with nothing more than a 3d capable display and set of active/passive glasses (something they sell at every electronics store) and all you would need is a game designed to send completely different information to each eye, instead of slightly different information (the kind used to simulate 3d vision in games/movies.) Unless there is something more special about it, it would seem that current consumer hardware is poised to execute this perfectly.
Alas, since the software would have a specific medical purpose, it would need to be cleared by the FDA, available by prescription only, and sold at a ridiculous markup. And yes, I have amblyopia and it frustrates the hell out of me.
The idea is sound, but the reality is that you need some training to understand what you are looking for. I imagine the FBI looked at many of the same incorrect images and were able to discard them because they had some idea what to look for.
They also had access to much more security cam footage (better information) than anyone on the interwebs did. A security camera watching the same spot for hours on end is a lot more objective than a stream of photos taken opportunistically by the crowd.
Wisdom of crowds is about the same as the wisdom of committees.In fact, America is a Representative Democracy precisely in order to (intended to at least) avoid mob justice--aka direct democracy.
In other words... *this* is why we can't have nice things! I have nothing against reddit really, but it always felt too much like a groupthink factory for my taste (and that is saying something considering i still put up with slashdot). Anyway, more information is not the same thing as better information!
The CPU the used has two 10/100/1000 ports built in. Consider that the BCM4716 running at 480mhz shifts over 100mbs acting as the firewall at my house. 100bt does not cut it these days.
Not a troll, seriously, but do you really push 100mbit through the firewall, at your house? It might have 100mbit ports on either side but how often do you (or can you even) draw down 100mbit from the public side?
Why not complain that it has no 802.11n wifi OR bluetooth... I mean it's like they want you to just sit in a corner by YOURSELF all day with the damn thing.
The question is: how big is the effect. Even a small effect will cause significant distortions in battery metering, but if the effect is large enough, it will cause the batteries not to last any where near as many cycles as originally believed. This could really suck for electric car owners. Any '07 Roadster owners out there care to share how well the batteries are holding up?
-=Geoskd
According to what I could read of TFA without paying $32, the memory effect is actually seen just during discharge, as a function of distorting the voltage vs w/hr capacity. The overall w/hr capacity of the battery is not reduced, but the ability to exactly determine SOC is diminished at mid voltage levels.
I am not a chemist, so input from someone with more insight on the exact study would be appreciated.
This sounds good but indeed if someone knows about this system, you can easily brute-force it
Only for extremely unusual values of "easily": First you would have to leave your mom's basement and go get the suffix list. They could do this two ways:
1. Steal it from my pocket by assaulting me (I am a 6'2", 185lb ex-Marine with a concealed carry permit). 2. Steal it from my safe. This would involve breaking into my sensor protected house, getting past an extremely vicious chihuahua, getting past me (I work from home, and have an assault rifle), and breaking into the safe which is bolted to a concrete floor.
After that you would still need to crack the prefix. And then what would you have? You could read my email, and probably die from boredom. You could listen to my music (mostly oldies). You could login to my financial accounts, and transfer money from one account to another, but you would not be able to transfer anything out (that is disabled).
It would be much easier, safer, and probably more lucrative, to just buy a gun and rob a gas station.
Is the chance of you losing your keychain in a public area really that close to 0? And no "I have never lost a set yet in my life" is not the answer...
This sounds good but indeed if someone knows about this system, you can easily brute-force it, since you THEN only have a six-character password. So key is to keep your mouth shut about it. This includes giving other people advice. And yes, an attacker would also set up dictionary rules to try Postfix and "mid-fix" (correct horse7xU32w battery staple)
They have to know about the system, PLUS have access to the list of site-specific suffixes. Until they have access to the list, they are stuck doing a brute force of the full length, or perhaps (since the example suggests english words are used as a suffix) a brute force of the first 6 chars (7*10^11 rounds), plus a brute of dictionary combos for 1-4 words (at 250,000 words in the english language this is 3.9*10^21 rounds just for the 4 word combo) makes the total number of rounds north of 3 * 10^33. This is a decent bar to set, as far as brute forcing is concerned.
with a 100 year history you can imagine this is a large selection of material.
What year are you from, and can I borrow your time machine? I promise not to screw with history too much.
He meant that Nintendo has a 100 year history, which as a company it does (actually 124 years, it was founded in 1889). Certainly not 100 years worth of internet content, but 100+ years worth of historical information, any amount of which could have been committed to the 'tubes.
Am I missing something, or has the exchange rate really gotten that bad for the dollar?
According to this converter it is 39.6 million - but the same ballpark
a "Billion" in the US isnt the same as a "billion" in the EU. Most euro countries use the term "Billion" to mean a million million, which is the US "Trillion".
Not that it makes it right, since a Million is the same in the US and EU. They should have said "38 thousand million euros" or "38 milliard euros".
Perhaps Zuckerberg could explain what the indienous population of the US is not capable of knowing that immigrants know. If this is the "key to a future knowledge-based economy", what is it I cannot know as a US citizen that you need, Mr Zuckerberg?
One AC is calling it a myth. The other AC has said they were actually on board such a flight. Can someone actually comment on this with some weight?
Are you implying that the other posters did so from a weightless environment? I don't know how many people aboard the ISS troll slashdot, but i suppose the other option would be they are onboard a (boeing?) flight that is in freefall...
Just so there is no confusion, I have weight and mass, as I am in a stationary position on/near the surface of Earth.
So the person setting it up is lulled into thinking that the default "4nk^&nW3)(&" is secure and doesn't need to be reset (despite any attacker being just one web search away from learning the "better" default)? Using a default of '1234' is a great way of reminding even minimally competent people that the password needs to be changed from default *right now.* Unfortunately, there are enough people out there not even minimally competent about security that this continues to be a problem.
To that end, the best option (but scarcely used on hardware interfaces) is to force someone to login as the admin before the device is functional, and during that login to force them to set a new password (with certain password rules prohibiting foolishly simple passwords). Do this, and the problem almost goes away, but the new problem of constant password recovery questions flooding tech support will commence. Most companies, sadly, choose the less secure/less pesky route of just letting it run with the default perpetually.
How many of these are clever honeypots deployed by whitehats? Probably not a significant proportion, but certainly some are.
And two: if there really are so many unprotected, highly critical, easily discovered devices why is e-havoc not common place? Could the threat from internet connectivity be overstated? Surely if a service doesnt need to be on the internet at large, it shouldn't be. These kinds of reports presume that every system is vulnerable (and that's an appropriate assumption if you are in the security business) but is it the reality? Past performance would suggest otherwise. How often do traffic lights go haywire?
converting plant matter into electricity or hydrogen wouldn't be efficient : photosynthesis converts 3-6% of solar energy and converting this chemical energy into hydrogen and theninto electricity won't improve on this; while a decent solar panel reaches at least 10% (more like 14-19%), into electricity.
How many solar sells make themselves from seeds? Or act as a battery while they collect the energy, and simply wait ready to be used? If you had 1/10th of a square mile with which to make the most energy possible, sure you would want solar cells. But if you had 100 square miles, photosynthesis would be far more economical.
Ahhh, your elite training has pinpointed the difference between your degree, and that of the author of TFA. Indeed, a masters in a discipline that pretty much keeps the entire developed world running is marketable.
Every time someone uploads a PDF to behind scribd's stupid registration-required-to-download-so-I-can-see-it-in-something-bigger-than-a-porthole wall, His Noodliness kills a kitten.
Seriously, people. There are plenty of places you can upload ANY file to, where only YOU will have to register (and some, even, where you don't!) With Firefox now able to parse PDFs in-browser, there is little excuse for scribd to exist.
Let's all take this breakin as a great reason to let them head off into the sunset.
Wish I could mod you to 1,000. Scribd is the biggest solution looking for a problem i have seen in a long time. Have a PDF to share? Put it on a fucking web server, and let the browser download it (even the terrible adobe reader plugin managed to get search to work, but of course scribd can't figure it out). It's not there to protect copyrighted material, it's there to try to create a userbase where one shouldn't have to exist.
I set up a junk scribd username/password a while ago to see some content. If a hacker got hold of it, they are going to get what they deserve if they use it to log in. Scribd is a pitiful premise, executed even more pitifully; have all the fun you want, hackers!
Slashdot Mirror
You can think of the database load at Wikipedia as only being generated by editors. And they have a VERY high ratio of non-editor traffic to actual editor traffic (even counting all the goddamn spam edits). Casually browsing Wikipedia shows you a stream of pages from cache, it is very unlikely that any of your requests actually even touch the database. If "good enough" distributed database systems are all we need then hell, seal up the Mysql code base and call it a day. But Wikipedia (or whatever great, world-changing project comes after it) can't survive for long on stale technology.
The majority of the internet would disagree with you. I'm not a big DB person but I do use MySQL on my hosted website. I'd happily go to Postgresql if my provider offered it though.
So many people (99%-ish?) use MySQL as a multi-user sqlite, to organize a few thousand rows for personal sites. And that's great, Mysql is well understood and lived long enough as a fully open source project to be a good choice. But people who use databases for *serious* work (not to devalue anyone's blog, but serious here means many tables of 1M+ rows) there is a vacuum in the open source space since the innovation that used to happen at MySQL is now kept private.
Seriously, didn't anyone see this coming? "Swipe" the card and bam -- the purchase is done. How can that be considered secure? No signature, no PIN, no CVV, nothing; just pass it, and it's done. How the fuck was this even considered for adoption? Now, what everybody with half a brain imagined is happening.
Sure they all saw it coming. And "smart chip" credit cards that would hold biometric authentication have been teased for a decade. Problem is, security doesn't *sell*. Not when you can just tell the merchant that fraudulent use is their problem, and then give them no viable way to increase security aside from asking tellers to ask for ID (and we know how well that works).
I suffer from this, and I'm thinking maybe I'm just going to load up Tetris on a two-display mirrored setup, make something out of cardboard so that each eye can only see one of the displays, then use paper to cover relevant part of each screen. Might work.
Interesting idea. You could get a bit of polarizing sheeting (from a science supply store or similar) and rig up some glasses that have perpendicular polarization. Then, if the screens happen to be polarized the same way just rotate one 90 degrees and rotate the image via the PC (not sure if software mirroring will still be an option). I am brainstorming ways to do this as well, it would be great if a 3d monitor could be rigged to show two desktops to each eye, then its just a matter of coming up with an app that plays the same game in slightly different ways on each desktop.
Archery isn't very dependent upon both eyes as far as I can tell. Fencing probably, but not archery.
Your depth perception is only useful at somewhat close distances as far as I'm aware, say 30 feet or less, and I think even that is pushing it. I could be wrong on that number, but that's just the way parallax works - your eyes would have to be further apart to be more effective at judging depth at longer distances.
Depth perception is one thing that two eyes accomplish, the other thing is generally increasing fidelity (since details that each eye picks up are combined) which can be very beneficial for precise activities at long distances. For example, I have amblyopia and have no problem driving (assessing distance/speed of something 5 feet wide/tall is easy even at 100' away) but i will be damned if I can play tennis/pingpong with any efficiency, even after practicing a fair amount.
Seeing as this was only a university study (and not a company project), I'm afraid that they'll publish a few papers, get their citations then move on to other things with only a prototype developed and no plans to sell it (sorry but I'm not a do-it-yourselfer and probably wouldn't want to try putting one together by myself even if the plans/source code were freely available).
So, maybe, could an Oculus Rift developer come up with this or an equivalent program? Even if the rights to Tetris are unavailable, I'm sure a similar game could be devised that would provide the same functionality (less the annoying soundtrack! ;)
Or does the Oculus Rift API only take in a high level 3D scene description and independently render the two, slightly dissimilar viewpoints? I assume not but, if so, perhaps they could be prevailed upon to add some new APIs.
It would be nice to be able to see in 3D. I might actually be able to play some ball sports (ping pong, tennis, football) with some proficiency.
From the description in the study, all you really need is a way to send two different video signals to your eyes. Oculus Rift sounds cool but it is for VR/immersive type gaming which is beyond what is even needed. The technique for the tetris "Game" they describe could be done with nothing more than a 3d capable display and set of active/passive glasses (something they sell at every electronics store) and all you would need is a game designed to send completely different information to each eye, instead of slightly different information (the kind used to simulate 3d vision in games/movies.) Unless there is something more special about it, it would seem that current consumer hardware is poised to execute this perfectly.
Alas, since the software would have a specific medical purpose, it would need to be cleared by the FDA, available by prescription only, and sold at a ridiculous markup. And yes, I have amblyopia and it frustrates the hell out of me.
Where do you think the water for beer comes from? :-P
From... a process that involves boiling, that will almost certainly kill off the viruses?
The idea is sound, but the reality is that you need some training to understand what you are looking for. I imagine the FBI looked at many of the same incorrect images and were able to discard them because they had some idea what to look for.
They also had access to much more security cam footage (better information) than anyone on the interwebs did. A security camera watching the same spot for hours on end is a lot more objective than a stream of photos taken opportunistically by the crowd.
Wisdom of crowds is about the same as the wisdom of committees.In fact, America is a Representative Democracy precisely in order to (intended to at least) avoid mob justice--aka direct democracy.
In other words... *this* is why we can't have nice things! I have nothing against reddit really, but it always felt too much like a groupthink factory for my taste (and that is saying something considering i still put up with slashdot). Anyway, more information is not the same thing as better information!
The CPU the used has two 10/100/1000 ports built in. Consider that the BCM4716 running at 480mhz shifts over 100mbs acting as the firewall at my house. 100bt does not cut it these days.
Not a troll, seriously, but do you really push 100mbit through the firewall, at your house? It might have 100mbit ports on either side but how often do you (or can you even) draw down 100mbit from the public side?
Still no SATA and no GigaE.
Why not complain that it has no 802.11n wifi OR bluetooth... I mean it's like they want you to just sit in a corner by YOURSELF all day with the damn thing.
The question is: how big is the effect. Even a small effect will cause significant distortions in battery metering, but if the effect is large enough, it will cause the batteries not to last any where near as many cycles as originally believed. This could really suck for electric car owners. Any '07 Roadster owners out there care to share how well the batteries are holding up?
-=Geoskd
According to what I could read of TFA without paying $32, the memory effect is actually seen just during discharge, as a function of distorting the voltage vs w/hr capacity. The overall w/hr capacity of the battery is not reduced, but the ability to exactly determine SOC is diminished at mid voltage levels.
I am not a chemist, so input from someone with more insight on the exact study would be appreciated.
This sounds good but indeed if someone knows about this system, you can easily brute-force it
Only for extremely unusual values of "easily": First you would have to leave your mom's basement and go get the suffix list. They could do this two ways:
1. Steal it from my pocket by assaulting me (I am a 6'2", 185lb ex-Marine with a concealed carry permit).
2. Steal it from my safe. This would involve breaking into my sensor protected house, getting past an extremely vicious chihuahua, getting past me (I work from home, and have an assault rifle), and breaking into the safe which is bolted to a concrete floor.
After that you would still need to crack the prefix. And then what would you have? You could read my email, and probably die from boredom. You could listen to my music (mostly oldies). You could login to my financial accounts, and transfer money from one account to another, but you would not be able to transfer anything out (that is disabled).
It would be much easier, safer, and probably more lucrative, to just buy a gun and rob a gas station.
Is the chance of you losing your keychain in a public area really that close to 0? And no "I have never lost a set yet in my life" is not the answer...
This sounds good but indeed if someone knows about this system, you can easily brute-force it, since you THEN only have a six-character password. So key is to keep your mouth shut about it. This includes giving other people advice. And yes, an attacker would also set up dictionary rules to try Postfix and "mid-fix" (correct horse7xU32w battery staple)
They have to know about the system, PLUS have access to the list of site-specific suffixes. Until they have access to the list, they are stuck doing a brute force of the full length, or perhaps (since the example suggests english words are used as a suffix) a brute force of the first 6 chars (7*10^11 rounds), plus a brute of dictionary combos for 1-4 words (at 250,000 words in the english language this is 3.9*10^21 rounds just for the 4 word combo) makes the total number of rounds north of 3 * 10^33. This is a decent bar to set, as far as brute forcing is concerned.
with a 100 year history you can imagine this is a large selection of material.
What year are you from, and can I borrow your time machine? I promise not to screw with history too much.
He meant that Nintendo has a 100 year history, which as a company it does (actually 124 years, it was founded in 1889). Certainly not 100 years worth of internet content, but 100+ years worth of historical information, any amount of which could have been committed to the 'tubes.
($51.8 billion, 38 million euros)
Am I missing something, or has the exchange rate really gotten that bad for the dollar?
According to this converter it is 39.6 million - but the same ballpark
a "Billion" in the US isnt the same as a "billion" in the EU. Most euro countries use the term "Billion" to mean a million million, which is the US "Trillion".
Not that it makes it right, since a Million is the same in the US and EU. They should have said "38 thousand million euros" or "38 milliard euros".
Perhaps Zuckerberg could explain what the indienous population of the US is not capable of knowing that immigrants know. If this is the "key to a future knowledge-based economy", what is it I cannot know as a US citizen that you need, Mr Zuckerberg?
If I told you, I would have to hire you.
Sincerely,
Mark Z
One AC is calling it a myth. The other AC has said they were actually on board such a flight. Can someone actually comment on this with some weight?
Are you implying that the other posters did so from a weightless environment? I don't know how many people aboard the ISS troll slashdot, but i suppose the other option would be they are onboard a (boeing?) flight that is in freefall...
Just so there is no confusion, I have weight and mass, as I am in a stationary position on/near the surface of Earth.
So the person setting it up is lulled into thinking that the default "4nk^&nW3)(&" is secure and doesn't need to be reset (despite any attacker being just one web search away from learning the "better" default)? Using a default of '1234' is a great way of reminding even minimally competent people that the password needs to be changed from default *right now.* Unfortunately, there are enough people out there not even minimally competent about security that this continues to be a problem.
To that end, the best option (but scarcely used on hardware interfaces) is to force someone to login as the admin before the device is functional, and during that login to force them to set a new password (with certain password rules prohibiting foolishly simple passwords). Do this, and the problem almost goes away, but the new problem of constant password recovery questions flooding tech support will commence. Most companies, sadly, choose the less secure/less pesky route of just letting it run with the default perpetually.
How many of these are clever honeypots deployed by whitehats? Probably not a significant proportion, but certainly some are.
And two: if there really are so many unprotected, highly critical, easily discovered devices why is e-havoc not common place? Could the threat from internet connectivity be overstated? Surely if a service doesnt need to be on the internet at large, it shouldn't be. These kinds of reports presume that every system is vulnerable (and that's an appropriate assumption if you are in the security business) but is it the reality? Past performance would suggest otherwise. How often do traffic lights go haywire?
I mean, how hard is it to ship new devices with something tougher than admin and 1234?
We tried using "12345" as the default but that turned out to be a bad idea, too.
converting plant matter into electricity or hydrogen wouldn't be efficient : photosynthesis converts 3-6% of solar energy and converting this chemical energy into hydrogen and theninto electricity won't improve on this; while a decent solar panel reaches at least 10% (more like 14-19%), into electricity.
How many solar sells make themselves from seeds? Or act as a battery while they collect the energy, and simply wait ready to be used? If you had 1/10th of a square mile with which to make the most energy possible, sure you would want solar cells. But if you had 100 square miles, photosynthesis would be far more economical.
my masters of science in computer science
Ahhh, your elite training has pinpointed the difference between your degree, and that of the author of TFA. Indeed, a masters in a discipline that pretty much keeps the entire developed world running is marketable.
Every time someone uploads a PDF to behind scribd's stupid registration-required-to-download-so-I-can-see-it-in-something-bigger-than-a-porthole wall, His Noodliness kills a kitten.
Seriously, people. There are plenty of places you can upload ANY file to, where only YOU will have to register (and some, even, where you don't!) With Firefox now able to parse PDFs in-browser, there is little excuse for scribd to exist.
Let's all take this breakin as a great reason to let them head off into the sunset.
Wish I could mod you to 1,000. Scribd is the biggest solution looking for a problem i have seen in a long time. Have a PDF to share? Put it on a fucking web server, and let the browser download it (even the terrible adobe reader plugin managed to get search to work, but of course scribd can't figure it out). It's not there to protect copyrighted material, it's there to try to create a userbase where one shouldn't have to exist.
I set up a junk scribd username/password a while ago to see some content. If a hacker got hold of it, they are going to get what they deserve if they use it to log in. Scribd is a pitiful premise, executed even more pitifully; have all the fun you want, hackers!
If you built a simple, 3D game app, and it took off like Angry Birds, how long until patent lawsuits started?
Two years, apparently (see Lodsys v. Rovio)
or was that rhetorical?