Spends a bunch of time slurping everything it can from your LinkedIn account, then counts how many words from their sacred list show up in your resume, and that you should include more of them (which are pretty tightly focussed on the hell-dimension of lower-level burnout-inducing IT, I might add).
That's the sum total of useful stuff..... until you page-next and see the $7.99 for a "deeper analysis".
ESR is making an early invalid assumption - that "fast transparent garbage collection will happen".
Sorry, no. The smartest people in the CS world - possibly the smartest in the world, period (specifically those at MIT AI Lab, Xerox PARC, BBN, TJ Watson, and Stanford) worked the GC problem for literally 20 years, throwing hardware at it, software, tagged architectures, secondary processors, all that.
They never cracked it. GCing at realtime speed is just a tough problem. Unless ESR can show me code that can GC in faster than O(n) time AND not have to freeze the allocator process for O(n) time, he's just pitiably wrong.
(and no, I don't count flip and sweep GC as workable in this, as it means that a buffer that DMA hardware is writing to will move without warning. Nor is "generational" GCing, all that does is to stave off the inevitable full-out GC for a few minutes to hours, which is fine for a hacker sitting at a terminal but no good at all for a self-driving car or SaaS server).
Now, I could be wrong; if he *has* a realtime garbage collection algorithm then he deserves the Turing award.
Bricking insecure devices has a nice upshot - the cost of a returned device isn't just the profit - because all of the handling and coping has to be done (so far) by a human, the actual _cost_ to the distributor or manufacturer of a failed device is often the loss of profit on the whole minimum order quantity to the distributor - the whole crate.
That's why if you get a DOA item from Amazon, they often don't even want it back, they send you another on your word of honor- not because they're so nice, but because (absent evidence of fraud) IT'S CHEAPER TO JUST SEND ANOTHER RATHER THAN RECEIVING THE ORIGINAL DOA UNIT BACK AND DISPOSING OF IT UNTESTED. It's not free, just cheaper.
But just because it's cheaper, doesn't make it nonzero. Every bricked device replaced under warranty costs $$ and every device that fails, in warranty or out, costs reputation. How much would you pay for an iPhone if the battery stopped holding charge after between three days and six months of use?
Bottom line: it's damn expensive to adequately secure an already-damn-expensive IoT light bulb. And as BrickerBot expands (and no doubt improves, just as the original chemotherapy drugs were improved) the cost to make a secure IoT device is going to skyrocket.
Which may effectively doom IoT for consumers. Industrial IoT is a different game with different rules and the most important is that airgapping is feasible.
There are two reasons to NOT change the software - or at least the view seen by the users:
1) Training - learning an application represents a significant investment in time and mental energy. Making a significant change in the interface (or worse, the actual workflow) means relearning the app, sometimes from worse-than-scratch because you already know what's wrong! So, if you have to relearn, you can relearn another app that doesn't have the feature and workflow churn.
2) Reliability - adding code adds bugs. Code that once worked fine now doesn't. This again forces users to consider if it's time to learn another application and workflow simply to get away from the bugs.
They ALREADY ask you to allow inspection of electronics. If you refuse to give them the password, expect to not get your phone, laptop, or tablet back till you either give them the password or they image the whole thing for NSA's "enhanced decryption".
Submerging plants in drinking water reservoirs is doubleplusbad. Not because of the carbon emissions, but because the rotting plants will give the water a bad taste for fifty years or so.
When the state of Massachusetts built the Quabbin reservoir in the 1930's, they did their level best to take out all of the wood and plants that would rot; clearcutting the forests, relocating, demolishing and carting, or burning farm buildings in place. Only the stone foundations remained. They even removed the railroad ties of rail lines. The result was a reservoir that is still the major reservoir of Boston to this day.
Unless there's money involved, I don't bother with a strong password.
Why? Because even if my password protocol and tradecraft are bulletproof, most sites aren't. Sites get compromised so often that even a good password will fall in a year or two. Or your password _manager_ gets compromised.
So... why bother? Start with "Password#1!" (which almost all sites will accept as "strong" and when (not if, when) that compromises, move to "Password#2". And so forth.
Okay.... don't use the word "password". Use "Starbucks#1". Or "Galactica#!".
Other than a very few sites worthy of _trying_ to protect (your bank and maybe your primary email) one password shared across all sites is more than adequate because compromise is inevitable. Make the cost of compromise as close to nil as possible; that's the optimal behavior. I mean, who cares if your brownie recipe gets trashed?
And never, ever store a password that can be turned into money on anything more connected than a post-it note in your wallet next to your Benjamins.
The unfortunate truth is that once someone experiences the speed and cleanliness of adblocking, they simply won't go back. Not ever.
And, as explained in a previous post, the second thing they do is show their friends. And their relatives. And their social contacts.
And so it expands, like neutrons in a nuclear warhead; the chain-reaction gain is greater than 1 and the constraint of business models ("we don't take your word for the claim that the ad was shown") will either have to break down, or the whole business is "game over".
My advice to webvertizers: update your resume and find another line of work.
I am the prime author of CRM114 (the spam filter) and IT DEFINITELY GOT CHECKED BY SMART PEOPLE. There were at least a dozen people who would dependably read the code, and they'd find the pickiest things (luckily, not anything serious; thank you Valgrind!)
So, it's absolutely, demonstrably, provably (read the mail archive!) the case that at least SOME mail-oriented open source gets the all-orifices examination, and that examination is effective.
Whether or not security software gets the same thing, I can't say for sure, but I'd be surprised that it didn't. The recent set of security vulnerabilities only shows that old code didn't get the same care as newer code.
As quoted above, science is a shoulders-of-giants scheme, and I'm glad to see that the most-cited papers are not about the results of science, but rather good techniques for _doing_ science - well-considered, well-tested shoulders to stand on.
The solution is to make the license explicit and separate from the employment agreement.
This avoids situations where the IP license does (or does not!) expire when you leave the company.
Is it a paid-up-once license, valid forever, or renewable on a yearly (or even monthly) basis?
Does the license include the right to relicense (i.e. can the company sell a license to produce stuff based on your IP to third parties to manufacture and sell)
Does the license follow the company, if the company is bought out by $MEGACORP?
Yes, we had lawyers on it. Yes, everyone agreed that this was the way to go.
Most people don't have a private, lockable office.
Most people don't even have an office that has a door.
They have a cubicle, and one without a lockable file drawer... (as though typical office furniture locks weren't jokes to anybody with two paper clips and the MIT Lock Picking Guide)
Some people don't even have a cubicle. Look at an "Open Architecture Office"... they have one two floors down. I'm not sure if I would pick that or pick McDonalds as better or worse.
That's the problem. You need to keep the security token (be it a yellow stickie-note or an RSA key) on your person, all the time.
And it still doesn't stop a good phish, or the next Heartbleed.
Strong passwords are useless - well, they're useful only against a brute-force attack and that's not the big threat anymore. A 64-character password is worth nothing against a phishing attack, and is worse than nothing if you have to write it down.
Maybe the cure is to have the incoming mail server destroy all clickable links (or point them at an internal "you will need to navigate to that URL manually" warning page, and simply delete anything executable.
I bought a Velleman K8200 ($750) essentially on "impulse", as I have access to a StrataSys 3D printer at work and so it might seem "redundant".
Guess what? I LOVE IT! Sure, there is no reason why I couldn't make this or that by hand-carving it out of a solid block of acrylic, or wait till Monday morning to run the parts on the StrataSys at work, but now I can drop into OpenSCAD (or my wife can drop into Blender), design the thing, hit "print", and then cook dinner while the machine does the drudge work. A few minutes of hand clean-up later (mostly reaming holes if we want snug fits) and the part is done- or more likely, we decide we want to change it. Some parts go through three or four iterations before we decide it's perfect. That's the seductive part of 3D printing - the cost of a prototype approaches zero.
I'm probably $1200 into this by now (filament goes typically for $40 a kilogram, and some of the stuff like the extrudable rubber and the water-clear, FDA-approved PET is almost twice that), but darn it, this is fun!
Sure, you can spend a lot of bucks on the toolchain but you absolutely don't have to spend anything at all. (Solidworks $8000? Got it at work. Don't need it; OpenSCAD and Blender and FreeCAD are adequate for me, and free for the download).
Yeah, my wife has dreams of making gee-gaws and knick-nacks to sell at her conventions, but I'm happy to spin out replacement ladders for my son's toy fire engine and custom rail crossings for his railroad, and "companion cubes" and little unicorns for my daughters.... as well as the occasional screen door handle, refrigerator shelf holder, cellphone mount, consumer electronics case / case replacement, etc.
Note- there's no "driver issue" - with rare exception, all cheap 3D printers all talk G-code via RS-232 or USB-TTY at 250,000 baud (yeah, nonstandard baud rate because most 3D printers are based on Arduino cores, and that's one baud rate that has essentially zero error due to CPU clock speed). The printer control "front panel" is a big Python script (several options are there; Repetier-host and Pronterface both are nice); the slicer that turns STL models into G-code is open-source (I use Slic3r at home and Cura at work).
It's a big, big win. Really. I can sit down with one of my kids and make something they want and have the printer spit it out while we read a book or watch a show. Maybe every home doesn't need one, but I'd rate it right next to "belt sander" in the home arsenal.
IIRC, the issue was that the US Navy fleet ballistic subs _always_ had the authority to launch on their own. The Air Force didn't like the idea that the navy was "trusted" but they weren't, so the PAL code was set to 00000000 and never changed (just like how the "war plan 1" and "war plan 2" control on a Minuteman control desk was never used).
And it's not just two guys turning keys. It's much more secure, really. Each silo has two guys who have to turn keys. But that doesn't launch the missile. It sends a message to all missile silos in the wing - and also ALL OTHER command silos in the wing that someone wants to launch a missile. If nobody else _also_ does a keyturn, the missile does not launch. After that message goes out, there is a time window where another silo MUST also do a keyturn to allow the missile to launch, and a _longer_ time window where _any_ silo in the wing can issue a "stand down" order (and other silos include silos that are off-duty, have no missiles under direct control (e.g. the usually-unused control silo three floors underground under the base commander's office), or are "air silos", like a control silo located in an aloft KC-135, with HF radio links rather than copper wiring).
Now, there is a thing called "sole survivor" where there's a rather long timer (90 minutes, IIRC) where a silo can launch on only one keyturn, but that requires that all other silos be silent for that entire timer period (but that also allows one silo to take over and control the entire missile wing).
Forgive me if I got any of this wrong, it's been 30 years since I read the manual.
But PAL wasn't to stop Broken Arrow scenarios. It's to satisfy Congress. The real protection against Broken Arrows was twenty thousand airmen all keeping their wits about them. I salute them.
If it means I get jolted awake by my phone SHRIEKING at the top of it's volume setting every third day sometime between midnight and 3 AM when I have to go to work the next morning, then YES, my sleep is more important.
Waking up five million people from a sound sleep once a week or so just isn't feasible; it's crying wolf and people will simply turn their phones off (which defeats the whole purpose of it). And it's not something you can set to low volume; at least on a Verizon Droid 3, even if it's set on vibrate, an alert blares at maximum alarm volume and with a particularly annoying shriek and you CANNOT set it to a lower volume; there is only "SHRIEK" and "ignore".
The same thing happened in the Boston area within a week of the alert system going live; we got two alerts in 48 hours, one at about 11 PM and the other at 2 AM; the whole Boston area got jolted awake by their phones shreiking at full volume.
Next day, everyone and their brother was scrambling to figure out how to TURN OFF THE $($(#( alerts.
Net result is that we've lost a possibly-useful resource. What should have happened is that there should be an "I'm mobile" test in the chain; Amber alerts should shriek at you only if you're actively moving right then.
A used Wii ($99 at your local GameStop) loaded up with NetFlix and Hulu will do everything you need.
My three-year-olds can use it, and they can't even read.
It's also a heck of a lot cheaper than any of the other solutions, too, and it's totally zero-maintenance. And if/when they break it, it's a tiny cost to just get a new one.
I hear a lot of words coming out of Card's mouth (or his keyboard; little the difference).... and strange among this is that none of them contain a simple _apology_.
An apology says:
1) I was wrong
2) I am sorry for what I did
3) I will try not to do it again.
And ALL THREE of these parts are missing. He wants forgiveness, but he's not willing to admit that maybe he was wrong, sorry for what he did, or that he won't do it again!
Therefore, I will boycott Ender's Game, and encourage others to do so as well. When it becomes available in a format that does not put money into Card's (or his compatriots) pockets, such as Netflix, then perhaps I'll see it.
Or perhaps not. I don't know yet, and I don't care.
(disclosure: I've been a student and I've been faculty. I write from the position of both)
Most of the STEM topics, even at the freshman level, are taught by people who *are* willing to consider that they've "got it wrong" - that their understanding of the subject is in fact incorrect or insufficient, and if someone - anyone - comes to them with a good reason to think otherwise, it's a learning opportunity for everyone. Sure, you need to show a good test case, but there's nothing like getting a full professor into the lab with you and an oscilloscope to really *learn*.
Most of the "humanities" topics are taught by people who fall to the "proof by authority" model; that because someone Respected says it's so, then it's so and any other viewpoint is simply incorrect. This point of view is especially rife in the Classics; given the finite set of source material (what remained after Alexandria burned), one can only mull so much, then it's all just rote learning. (I'll give a shout-out to sociologists here, because a lot of them at least try to do good science.)
What I still don't understand: how someone can get a four-year degree yet be unable to solve a simple system of linear equations (say, three unknowns)... and then consider themselves to be "well-rounded". Even two unknowns... and occasionally to my chagrin - ONE unknown. As in "didn't pass algebra". W. T. F. ??? Or not know the difference between mean, median, and mode? Or why light beams are a quarter as bright from only twice as far away... or how salt dissolves differently from sugar.
No wonder there's a glut of worthless college degrees on the market; rote learning without ability to reason is sufficient only to earn the title of "well educated slave", not "contributor to society".
We don't need more well-educated slaves. We need contributors.
Kennedy had it right: "We choose to go to the Moon. We choose to go to the Moon, not because it is easy, BUT BECAUSE IT IS HARD."
Sometimes you have to push the envelope. And sometimes, that means good people have put their life on the line. Humans in general don't get really serious about things unless they have skin in the game. You have to get them interested. Call it STEM motivation. But one Apollo launch is worth a million laptops in some third-grade classroom.
Forget STEM. Let's think about JUST ONE question on Mars... one we cannot possibly answer inside Earth's atmosphere; only long-term exploration of the Martian surface will suffice: Is there life on Mars? The possible answers are "No", "Yes, a long time ago.", and "OH MY GOD IT'S EIGHT FEET TALL WITH SIX EYES AND IT WANTS TO SPEAK TO YOU SIR!"
Say it's "no" - there's no life on Mars, and never was. That tells us something important - Life is precious, life is delicate. Very important message.
Or there _was_ life on Mars: what kind of DNA did it have, if any? Again, very important message: either DNA can fly thru space ("panspermia"- and we are _NOT_ alone) or it evolved separately- and we are still NOT alone - but there's another way for life to happen!).... or... if the physics are such that it couldn't have happened naturally, then (1) we are not alone, and (2) Mom is out there somewhere...
Or there _is_ life on Mars: Same messages above, plus a whole new and mostly untarnished ecosystem to understand. We have only 1.1 ecosystems here (I count the undersea "black smokers" as 0.1 ecosystem). Add another, and maybe we can make some understanding headway.
What will we need to invent? I don't know! Neither do you. Neither did Kennedy. And it wasn't velcro, Tang, and funny ballpoint pens that were important. It was things like radar, and heat-resistant materials (look up Carnot efficiency to understand why that's important), and lightweight sensors, and lightweight, fast electronics, and computational fluid dynamics, and finite element methods, and precision navigation, and...
We went into 1960 as a species that, if you couldn't solve it with fifty guys with pencils, papers, and slide rules, we couldn't solve it. (that shot of a roomful of guys in white shirts with slide rules calculating like crazy in "Apollo 13" was real, dudes.)
We came out of Apollo as a species that, if the problem was important enough, we had the means, the methods, and (most importantly, the confidence) to throw as much computation as had ever been done in the whole history of the world, every second, at the problem.
Oh- and that computer you're reading this on? Doesn't matter what brand, what OS... Wouldn't have happened if it wasn't for deciding that we needed to solve those FEMs and CFDs needed for space flight.
Those solar panels? Every gram you put into space costs you about $500. You're damn right we're gonna go full-bore on making good solar panels, simply because it's cheaper to spend a hundred million bucks on the research than to loft one more overweight comsat.
That pretty weather report with satellite images? Never would have happened if the First Seven hadn't all been shutterbugs, taking photos of weather systems like they were all out for the Pulitzer Prize. Same with the GPS in your phone, or your satellite TV.
It's not what we know we will find. It's what we don't know that is the value.
The Adafruit IOIO gives you a bunch of analog and digital IO's, runs on a battery, talks via Bluetooth, and comes with an Android dev kit so you don't have to figure out the bit-banging interface.
The only downside is that it is limited to Bluetooth's bandwidth and latency, which may or may not be compatible with your other project requirements.
Slashdot Mirror
Spends a bunch of time slurping everything it can from your LinkedIn account, then counts how many words from their sacred list show up in your resume, and that you should include more of them (which are pretty tightly focussed on the hell-dimension of lower-level burnout-inducing IT, I might add).
That's the sum total of useful stuff. .... until you page-next and see the $7.99 for a "deeper analysis".
WASTE. OF. TIME.
ESR is making an early invalid assumption - that "fast transparent garbage collection will happen".
Sorry, no. The smartest people in the CS world - possibly the
smartest in the world, period (specifically those at MIT AI Lab,
Xerox PARC, BBN, TJ Watson, and Stanford) worked the GC problem
for literally 20 years, throwing hardware at it, software, tagged
architectures, secondary processors, all that.
They never cracked it. GCing at realtime speed is just a tough problem.
Unless ESR can show me code that can GC in faster than O(n) time
AND not have to freeze the allocator process for O(n) time, he's just
pitiably wrong.
(and no, I don't count flip and sweep GC as workable in this, as it
means that a buffer that DMA hardware is writing to will move without
warning. Nor is "generational" GCing, all that does is to stave off the
inevitable full-out GC for a few minutes to hours, which is fine for a
hacker sitting at a terminal but no good at all for a self-driving car or
SaaS server).
Now, I could be wrong; if he *has* a realtime garbage collection algorithm
then he deserves the Turing award.
But I'm betting "not".
Bricking insecure devices has a nice upshot - the cost of a returned device isn't just the profit - because all of the handling and
coping has to be done (so far) by a human, the actual _cost_ to the distributor or manufacturer of a failed device is often the
loss of profit on the whole minimum order quantity to the distributor - the whole crate.
That's why if you get a DOA item from Amazon, they often don't even want it back, they send you another on your word of
honor- not because they're so nice, but because (absent evidence of fraud) IT'S CHEAPER TO JUST SEND ANOTHER
RATHER THAN RECEIVING THE ORIGINAL DOA UNIT BACK AND DISPOSING OF IT UNTESTED. It's not free, just cheaper.
But just because it's cheaper, doesn't make it nonzero. Every bricked device replaced under warranty costs $$ and every
device that fails, in warranty or out, costs reputation. How much would you pay for an iPhone if the battery stopped
holding charge after between three days and six months of use?
Bottom line: it's damn expensive to adequately secure an already-damn-expensive IoT light bulb. And as BrickerBot
expands (and no doubt improves, just as the original chemotherapy drugs were improved) the cost to make a secure
IoT device is going to skyrocket.
Which may effectively doom IoT for consumers. Industrial IoT is a different game with different rules and the most
important is that airgapping is feasible.
There are two reasons to NOT change the software - or at least the view seen by the users:
1) Training - learning an application represents a significant investment in time and mental energy. Making a significant change in the interface (or worse, the actual workflow) means relearning the app, sometimes from worse-than-scratch because you already know what's wrong! So, if you have to relearn, you can relearn another app that doesn't have the feature and workflow churn.
2) Reliability - adding code adds bugs. Code that once worked fine now doesn't. This again forces users to consider if it's time to learn another application and workflow simply to get away from the bugs.
Using 2FA authentication won't work to stop them.
They ALREADY ask you to allow inspection of electronics. If you refuse to give them the password, expect to not get your phone, laptop, or tablet back till you either give them the password or they image the whole thing for NSA's "enhanced decryption".
Which leaves us with the interesting question of LastPass's business model.
1) Advertising? Knowing every site you visit - AND YOUR PASSWORD?
2) "We have a benefactor". Yeah. Except that maybe that benefactor is the NSA. Or is it the GRU? Or is it the MSS (China's NSA)?
No matter how I slice it, I can't figure out an angle that isn't kinda creepy.
Submerging plants in drinking water reservoirs is doubleplusbad. Not because of the carbon emissions, but because the rotting plants will give the water a bad taste for fifty years or so.
When the state of Massachusetts built the Quabbin reservoir in the 1930's, they did their level best to take out all of the wood and plants that would rot; clearcutting the forests, relocating, demolishing and carting, or burning farm buildings in place. Only the stone foundations remained. They even removed the railroad ties of rail lines. The result was a reservoir that is still the major reservoir of Boston to this day.
Yet another reason why adblockers and scriptblockers are essential.
Not just because ads chew up your pay-by-the-byte bandwidth, but because they are actively serving up malware.
Sorry, all you ad-supported sites... find another business model. Your current methods are dying a very painful death.
Unless there's money involved, I don't bother with a strong password.
Why? Because even if my password protocol and tradecraft are bulletproof, most sites aren't. Sites get
compromised so often that even a good password will fall in a year or two. Or your password _manager_ gets
compromised.
So... why bother? Start with "Password#1!" (which almost all sites will accept as "strong" and
when (not if, when) that compromises, move to "Password#2". And so forth.
Okay.... don't use the word "password". Use "Starbucks#1". Or "Galactica#!".
Other than a very few sites worthy of _trying_ to protect (your bank and maybe your primary email) one password
shared across all sites is more than adequate because compromise is inevitable. Make the cost of
compromise as close to nil as possible; that's the optimal behavior. I mean, who cares if your brownie
recipe gets trashed?
And never, ever store a password that can be turned into money on anything more connected than a
post-it note in your wallet next to your Benjamins.
The unfortunate truth is that once someone experiences the speed and cleanliness of adblocking, they simply won't go back. Not ever.
And, as explained in a previous post, the second thing they do is show their friends. And their relatives. And their social contacts.
And so it expands, like neutrons in a nuclear warhead; the chain-reaction gain is greater than 1 and the constraint of business models
("we don't take your word for the claim that the ad was shown") will either have to break down, or the whole business is "game over".
My advice to webvertizers: update your resume and find another line of work.
We weren't celebrating the killing of 350,000 Japanese.
We were celebrating the not-having-to-kill 70,000,000 Japanese.
Remember what had happened just five months earlier, in March of 1945?
A little test invasion on an island called Iwo Jima. Iwo Jima was defended by 20,000+ Japanese.
Of that 20,000+, only 216 survived.
On that scale, killing _only_ 350,000 people starts looking like the best deal in town.
I am the prime author of CRM114 (the spam filter) and IT DEFINITELY GOT CHECKED BY SMART PEOPLE. There were at least a dozen people who would dependably read the code, and they'd find the pickiest things (luckily, not anything serious; thank you Valgrind!)
So, it's absolutely, demonstrably, provably (read the mail archive!) the case that at least SOME mail-oriented open source gets the all-orifices examination, and that examination is effective.
Whether or not security software gets the same thing, I can't say for sure, but I'd be surprised that it didn't. The recent set of security vulnerabilities only shows that old code didn't get the same care as newer code.
As quoted above, science is a shoulders-of-giants scheme, and I'm glad to see that the most-cited papers are not about the results of science, but rather good techniques for _doing_ science - well-considered, well-tested shoulders to stand on.
I've been in EXACTLY that situation.
The solution is to make the license explicit and separate from the employment agreement.
This avoids situations where the IP license does (or does not!) expire when you leave the company.
Is it a paid-up-once license, valid forever, or renewable on a yearly (or even monthly) basis?
Does the license include the right to relicense (i.e. can the company sell a license to produce stuff based on your IP to third parties to manufacture and sell)
Does the license follow the company, if the company is bought out by $MEGACORP?
Yes, we had lawyers on it. Yes, everyone agreed that this was the way to go.
Most people don't have a private, lockable office.
Most people don't even have an office that has a door.
They have a cubicle, and one without a lockable file drawer... (as though typical office furniture locks weren't jokes to anybody with two paper clips and the MIT Lock Picking Guide)
Some people don't even have a cubicle. Look at an "Open Architecture Office"... they have one two floors down. I'm not sure if I would pick that or pick McDonalds as better or worse.
That's the problem. You need to keep the security token (be it a yellow stickie-note or an RSA key) on your person, all the time.
And it still doesn't stop a good phish, or the next Heartbleed.
- Dr. Crash
Strong passwords are useless - well, they're useful only against a brute-force attack and that's not the big threat anymore. A 64-character password is worth nothing against a phishing attack, and is worse than nothing if you have to write it down.
Maybe the cure is to have the incoming mail server destroy all clickable links (or point them at an internal "you will need to navigate to that URL manually" warning page, and simply delete anything executable.
I bought a Velleman K8200 ($750) essentially on "impulse", as
I have access to a StrataSys 3D printer at work and so it might
seem "redundant".
Guess what? I LOVE IT! Sure, there is no reason why I couldn't
make this or that by hand-carving it out of a solid block of acrylic,
or wait till Monday morning to run the parts on the StrataSys at work,
but now I can drop into OpenSCAD (or my wife can drop into Blender),
design the thing, hit "print", and then cook dinner while the machine
does the drudge work. A few minutes of hand clean-up later (mostly
reaming holes if we want snug fits) and the part is done- or more
likely, we decide we want to change it. Some parts go through
three or four iterations before we decide it's perfect. That's the
seductive part of 3D printing - the cost of a prototype approaches
zero.
I'm probably $1200 into this by now (filament goes typically for
$40 a kilogram, and some of the stuff like the extrudable rubber
and the water-clear, FDA-approved PET is almost twice that), but
darn it, this is fun!
Sure, you can spend a lot of bucks on the toolchain but you
absolutely don't have to spend anything at all. (Solidworks $8000?
Got it at work. Don't need it; OpenSCAD and Blender and FreeCAD
are adequate for me, and free for the download).
Yeah, my wife has dreams of making gee-gaws and knick-nacks to
sell at her conventions, but I'm happy to spin out replacement ladders
for my son's toy fire engine and custom rail crossings for his railroad, and
"companion cubes" and little unicorns for my daughters.... as well
as the occasional screen door handle, refrigerator shelf holder,
cellphone mount, consumer electronics case / case replacement,
etc.
Note- there's no "driver issue" - with rare exception, all cheap
3D printers all talk G-code via RS-232 or USB-TTY at 250,000
baud (yeah, nonstandard baud rate because most 3D printers are
based on Arduino cores, and that's one baud rate that has essentially
zero error due to CPU clock speed). The printer control "front panel"
is a big Python script (several options are there; Repetier-host and
Pronterface both are nice); the slicer that turns STL models into
G-code is open-source (I use Slic3r at home and Cura at work).
It's a big, big win. Really. I can sit down with one of my kids and
make something they want and have the printer spit it out while
we read a book or watch a show. Maybe every home doesn't
need one, but I'd rate it right next to "belt sander" in the home arsenal.
IIRC, the issue was that the US Navy fleet ballistic subs _always_ had the authority to launch on their own. The Air Force didn't like the idea that the navy was "trusted" but they weren't, so the PAL code was set to 00000000 and never changed (just like how the "war plan 1" and "war plan 2" control on a Minuteman control desk was never used).
And it's not just two guys turning keys. It's much more secure, really. Each silo has two guys who have to turn keys. But that doesn't launch the missile. It sends a message to all missile silos in the wing - and also ALL OTHER command silos in the wing that someone wants to launch a missile. If nobody else _also_ does a keyturn, the missile does not launch. After that message goes out, there is a time window where another silo MUST also do a keyturn to allow the missile to launch, and a _longer_ time window where _any_ silo in the wing can issue a "stand down" order (and other silos include silos that are off-duty, have no missiles under direct control (e.g. the usually-unused control silo three floors underground under the base commander's office), or are "air silos", like a control silo located in an aloft KC-135, with HF radio links rather than copper wiring).
Now, there is a thing called "sole survivor" where there's a rather long timer (90 minutes, IIRC) where a silo can launch on only one keyturn, but that requires that all other silos be silent for that entire timer period (but that also allows one silo to take over and control the entire missile wing).
Forgive me if I got any of this wrong, it's been 30 years since I read the manual.
But PAL wasn't to stop Broken Arrow scenarios. It's to satisfy Congress. The real protection against Broken Arrows was twenty thousand airmen all keeping their wits about them. I salute them.
If it means I get jolted awake by my phone SHRIEKING at the top of it's volume setting every third day sometime between midnight and 3 AM when I have to go to work the next morning, then YES, my sleep is more important.
Waking up five million people from a sound sleep once a week or so just isn't feasible; it's crying wolf and people will simply turn their phones off (which defeats the whole purpose of it). And it's not something you can set to low volume; at least on a Verizon Droid 3, even if it's set on vibrate, an alert blares at maximum alarm volume and with a particularly annoying shriek and you CANNOT set it to a lower volume; there is only "SHRIEK" and "ignore".
The same thing happened in the Boston area within a week of the alert system going live; we got two alerts in 48 hours, one at about 11 PM and the other at 2 AM; the whole Boston area got jolted awake by their phones shreiking at full volume.
Next day, everyone and their brother was scrambling to figure out how to TURN OFF THE $($(#( alerts.
Net result is that we've lost a possibly-useful resource. What should have happened is that there should be an "I'm mobile" test in the chain; Amber alerts should shriek at you only if you're actively moving right then.
A used Wii ($99 at your local GameStop) loaded up with NetFlix and Hulu will do everything you need.
My three-year-olds can use it, and they can't even read.
It's also a heck of a lot cheaper than any of the other solutions, too, and it's totally zero-maintenance. And if/when they break it, it's a tiny cost
to just get a new one.
I hear a lot of words coming out of Card's mouth (or his keyboard;
little the difference).... and strange among this is that none of them
contain a simple _apology_.
An apology says:
1) I was wrong
2) I am sorry for what I did
3) I will try not to do it again.
And ALL THREE of these parts are missing. He wants forgiveness,
but he's not willing to admit that maybe he was wrong, sorry for what
he did, or that he won't do it again!
Therefore, I will boycott Ender's Game, and encourage others to
do so as well. When it becomes available in a format that does
not put money into Card's (or his compatriots) pockets, such
as Netflix, then perhaps I'll see it.
Or perhaps not. I don't know yet, and I don't care.
(disclosure: I've been a student and I've been faculty. I write from the position of both)
Most of the STEM topics, even at the freshman level, are taught by people who *are* willing to consider that they've "got it wrong" - that their understanding of the subject is in fact incorrect or insufficient, and if someone - anyone - comes to them with a good reason to think otherwise, it's a learning opportunity for everyone. Sure, you need to show a good test case, but there's nothing like getting a full professor into the lab with you and an oscilloscope to really *learn*.
Most of the "humanities" topics are taught by people who fall to the "proof by authority" model; that because someone Respected says it's so, then it's so and any other viewpoint is simply incorrect. This point of view is especially rife in the Classics; given the finite set of source material (what remained after Alexandria burned), one can only mull so much, then it's all just rote learning. (I'll give a shout-out to sociologists here, because a lot of them at least try to do good science.)
What I still don't understand: how someone can get a four-year degree yet be unable to solve a simple system of linear equations (say, three unknowns)... and then consider themselves to be "well-rounded". Even two unknowns... and occasionally to my chagrin - ONE unknown. As in "didn't pass algebra". W. T. F. ??? Or not know the difference between mean, median, and mode? Or why light beams are a quarter as bright from only twice as far away... or how salt dissolves differently from sugar.
No wonder there's a glut of worthless college degrees on the market; rote learning without ability to reason is sufficient only to earn the title of "well educated slave", not "contributor to society".
We don't need more well-educated slaves. We need contributors.
Kennedy had it right: "We choose to go to the Moon. We choose to go to the Moon, not because it is easy, BUT BECAUSE IT IS HARD."
Sometimes you have to push the envelope. And sometimes, that means good people have put their life on the line. Humans in general don't get really serious about things unless they have skin in the game. You have to get them interested. Call it STEM motivation. But one Apollo launch is worth a million laptops in some third-grade classroom.
Forget STEM. Let's think about JUST ONE question on Mars... one we cannot possibly answer inside Earth's atmosphere; only long-term exploration of the Martian surface will suffice: Is there life on Mars? The possible answers are "No", "Yes, a long time ago.", and "OH MY GOD IT'S EIGHT FEET TALL WITH SIX EYES AND IT WANTS TO SPEAK TO YOU SIR!"
Say it's "no" - there's no life on Mars, and never was. That tells us something important - Life is precious, life is delicate. Very important
message.
Or there _was_ life on Mars: what kind of DNA did it have, if any? ... or... if the physics are such that it couldn't have happened naturally, then (1) we are not alone, and (2) Mom is out there somewhere...
Again, very important message: either DNA can fly thru space ("panspermia"- and we are _NOT_ alone) or it evolved separately-
and we are still NOT alone - but there's another way for life to happen!).
Or there _is_ life on Mars: Same messages above, plus a whole new and mostly untarnished ecosystem to understand. We have only 1.1 ecosystems here (I count the undersea "black smokers" as 0.1 ecosystem). Add another, and maybe we can make some understanding headway.
What will we need to invent? I don't know! Neither do you. Neither did Kennedy. And it wasn't velcro, Tang, and funny ballpoint pens that were important. It was things like radar, and heat-resistant materials (look up Carnot efficiency to understand why that's important), and lightweight sensors, and lightweight, fast electronics, and computational fluid dynamics, and finite element methods, and precision navigation, and ...
We went into 1960 as a species that, if you couldn't solve it with fifty guys with pencils, papers, and slide rules, we couldn't solve it. (that shot of a roomful of guys in white shirts with slide rules calculating like crazy in "Apollo 13" was real, dudes.)
We came out of Apollo as a species that, if the problem was important enough, we had the means, the methods, and (most importantly, the confidence) to throw as much computation as had ever been done in the whole history of the world, every second, at the problem.
Oh- and that computer you're reading this on? Doesn't matter what brand, what OS... Wouldn't have happened if it wasn't for deciding that we needed to solve those FEMs and CFDs needed for space flight.
Those solar panels? Every gram you put into space costs you about $500. You're damn right we're gonna go full-bore on making good solar panels, simply because it's cheaper to spend a hundred million bucks on the research than to loft one more overweight comsat.
That pretty weather report with satellite images? Never would have happened if the First Seven hadn't all been shutterbugs, taking photos of weather systems like they were all out for the Pulitzer Prize. Same with the GPS in your phone, or your satellite TV.
It's not what we know we will find. It's what we don't know that is the value.
The Adafruit IOIO gives you a bunch of analog and digital IO's, runs on
a battery, talks via Bluetooth, and comes with an Android dev kit
so you don't have to figure out the bit-banging interface.
The only downside is that it is limited to Bluetooth's bandwidth
and latency, which may or may not be compatible with your
other project requirements.