Note this is a biased sample*. They are the 6 current or former engineers that I associate with, they are very confident and assertive. They all agreed with Demore. They have experienced minimal sexism from other engineers. 3 of them don't mind working as the only woman at a location. They all thought women on average had different job preferences than man. They also thought job security was more important to women than men and that if they were not so good at what they did and guarenteed to always have jobs they might not have been in their current careers.
*Sample - 5 CS and 1 mechanical engineer. 1 is now in finance and 2 are software managers.
Foxconn is not at arms length from Essential. They didn't only get 0.25% of the company. The 3 million dollars will go straight back to them for manufacturing parts of the phone. If someone completely unrelated to Essential paid 3 million and they didn't get anything else other than the stock then you could say the company was worth 1.2 billion.
Imagine if someone advocated for killing people without trail, of people who might at some point in the future pose a threat to a member of his tribe. Further suppose they actually did kill some of these people along with a number of other people. Then after killing these other people they disparaged some of these people by saying they were male, between 13 and 60, so they deserved it. Should we block this person and people like them from the internet? Should GoDaddy expel any sites that regularly reprint what this person says?
Seriously fuck you Help Net Security. I really don't care about the security of most sites enough to have to memorize a unique password for them and most sites actually do understand this. Further if it is a site that I do care about the security I want to be able a secure password that I can remember. TR0b@dor is hard as hell for me to remember and will likely be in the first million passwords a cracking program will try. Second for an online attack you need enough entropy to stop an attacker who is rate limited. So 2^30 is likely strong enough (that's 3 common English words). If someone gets your salted hashed password file you are going to need 2^60 bits of entropy. 6 English words. Making be choose a password that is anywhere between those two lengths is either a waste of my time or insufficient security.
There are a lot of questionable posts on it but the volume of pictures of varying quality buries any pictures that a woman might not want seen. If your picture is up there, unless someone tells your friends exactly where to look, no one will find it, and if they do tell exactly where to look then they could have just as easily sent the picture.
It is fun, it's intimate and the girls were beautiful. I also delete the pictures when I'm not dating them anymore. They gave me permission to take the pictures and to look at them. They are private pictures between a boyfriend and girlfriend. It is implied that they won't be shared and that I won't look at them after we break up.
Also most of the pictures are taken with my camera in my house or around my property. If they leak out it is pretty obvious that either I leaked them (or maybe the girlfriend), so I would be taking a huge risk in being sued if I do keep them and I lost them.
I do think it would help if the police did go after men who post pictures like this with malicious intent. I also think society should really grow up and stop treating sex and sexual acts like they are dirty and immoral. Hint, almost everyone is naked twice a day, most people masturbate and most people enjoy having sex for reasons other than having babies.
Electric cars are just more convenient. Once their range is close enough to gas no one will want to buy a new fossil fuel car. A few years after that gas stations will start disappearing. Once the stations and infrastructure start to die out the end of gasoline cars will be fairly quick. The one area where the internal combustion engine has a huge advantage is winter driving. Heating a car with an electric battery kills your distance and there aren't many good solutions. Insulation only gets you so far because you also have to dry the air in the car out or else the moisture will condense on the windows (try driving a car on a -20C morning with 3 kids in the back)
I've been a programmer for 25 years, my ex-wife is one of the best programmers I know, and I would also say I have worked with very few weak female programmers. The reason the number of women in CS in North America is low and the reason the numbers never recovered after the dot com bust is job stability. Women are just as good as men at CS, they are just as good or better at staying with jobs they don't enjoy. However, they do not enjoy job instability. This is why small startups are skewed even more male than large companies, this is why only women who are truly good stay in CS (because they don't fear ever being unemployed), and it is also why women who are good at STEM will gravitate to doctors, lawyers and other engineering fields that have more stable employment.
All the people who studied CS 20 or more years ago. Think about all the women in your classes and in your first jobs. How many are still writing code? Did they leave because of sexism? My ex experienced mind numbing stupidity towards women's needs but very little sexism from engineers - secretaries and HR is another story.
I disagree with almost everything in your post but you have so far stated the most articulate defense of Google's actions. I guess that's is the difference between Slashdot and Google (and most other comment sections).
The Microsoft bug reports are important to Microsoft. They do actually analyze them to try and find bugs or in their products or in code from common/popular vendors. The NSA is undermining this trust. This is similar to the way the USA undermined doctors in Pakistan by using doctors in their search for Bin Laden. Maybe if the USA had to compensate every single person who gets Polio 10 million dollars they might not think their plan was such a great idea. Same for the NSA, they should be trying to help close exploits but at this point their collateral damage has been far greater than anything they have prevented.
If a willing buyer who has no other ties to a company pays 1B for 50% of a company at that instant the company is worth 2B. However if a group of investors own 100% of the outstanding stock of a company, and then issue 1% more shares which they then buy for 20M the company market capitalization would be 2B. However no ownership changed hands in that transaction. All that happened was 20M was put into the company. The investors where not true buyers. There are a lot of other funny things that go into pre IPO valuations. So unless the company is publicly traded or you see a true new investor who isn't getting something else along with their stock purchase, many of these valuations are invalid.
The 51% attack is mostly theoretical. Yes, it could be done but it would destroy the value of what you are stealing so what would be the point? Plus, there would be blow back. It would tarnish the value of BTC. There will be an equilibrium between the price of BCC and BTC in value and in hashing ability. The two will closely follow each other with the Hashing power lagging slightly. The only value in Bit coins is their ability to facilitate transactions. If the new Bit cash is better it will likely gain in value.
Bitcoin was mostly safe from a quantum computer since you only revealed you public key at the time you created an input to a transaction. Before that, all people saw was the hash of your public key. Now however when you spend a pre-fork bitcoin on one side of the branch you reveal your public key, someone with a quantum computer could then figure out your private key and spend the bitcoin in the other side of the fork. I would therefore recommend that everyone cycle their current bitcoin in both forks sometime in the next 5 years, just to be paranoid.
If you had bitcoins before the fork you will have them in both branches. If you acquire them in one branch you will not have them in the other. Now one branch will have the ability to do 8 times as many transactions as the other and lower transaction fees. We now have 3 types of coins. Ones from before the fork and ones on each fork. The ones after the fork will have different values/exchange rates. The ones still unspent from before the fork will likely have a value that is the sum of the two. Now if one fork gains more traction than the other that fork will become more valuable. My bet is on bitcoin cash because it is more useful for me. I don't speculate on bitcoin, I don't use it as a store of wealth and I don't use it to measure the value of anything. I use it strictly for transactions, to exchange value with others. The old system was limited to a rather pathetically slow rate.
The article is clearly misleading and hurts women. If I'm a VC I look at two things in a company. Is the company a good investment and will others think it is a good investment. If the company is above very good, is going to take 10 years to turn a profit but I think others will perceive it as nearly worthless then I won't invest in it because I have no way to get my money out and I also fear that I might end up being the only one bank rolling the company, tying up my money for a decade.
Does stupidity count as a defense for hate crimes?
Kálmán Dabóczi was the manager of BKK. You are correct though that he might not have personal been apart of this. It could have just been employees of BKK and this never filtered up to him.
I control the client. It does what ever I want. The Server should have no expectation of my behavior, it just expects a string of 0s and 1s. The server is asking how many tickets I want and how much I should pay for them. This kid pointed out that the server is trusting the client to tell it what the correct price is. The client is being dishonest if it lies about the price but this isn't like changing the price stickers, here the server is actually asking the client for the price and this 18 year old pointed it out. He bought a ticket that he never intended to use to demo the bug. True, his demo might have caused an error in the backend accounting that could have brought down the entire BKK system. That is generally why you ask permission before hacking something, but this seems so trivial that I would give the kid a break and I would expect him to get a thanks.
This company has no clue how eCommerce works. They actually are double handy capped in that they don't even know what they don't know so they likely had a false sense of thinking they actually did understand things. If you use the website as intended you can't change the price. I have no doubt that Kálmán Dabóczi believed this kid was hacking their system and I also think it is likely that everyone he asked also though the same thing.
Kálmán Dabóczi, BKK, the police and the judge who issued the warrant all owe this kid a big apology. However, not everyone can understand everything and it is reasonable to expect that sometimes you will get unlucky and get a company and a few members of the police who have almost zero understanding of a subject and make a stupid mistake. The police didn't kick in his door, shoot his dogs or throw stun grenades in a crib. Hopefully they were professional about the entire thing. Kálmán Dabóczi has likely learned a very hard lesson so let him apologize and get to work. He now has a pile of free penetration results to deal with and possible the job of selecting a new supplier for the website.
There are a number of things wrong in the comments so let's clarify them. There are three types of certificates: Extended Validation, Organization Validation and Domain Validation. The green lock only appears for sites with Extended Validation. Extended validation requires the site owner to prove they are a real company, really do own the name in the domain name, i.e. they are not spoofing something, that the DNS record is correct and that they control the domain. These are usually $250 - $500. Organization Validation has some checks and requires proof of control of the domain. It doesn't give you a green lock. Domain Validation only requires that you control the domain to get the cert. It doesn't give you a green lock. It is valuable in that, it prevents man-in-the-middle attacks and ensures that your communication is encrypted, however you have no assurances as to who is behind the domain. Domain Validation certs are usually free. Let's Encrypt only issues Domain Validation Certificates
There is a list of requirements for CAs to obey for granting certs and they are stringently audited and then the auditors are audited. (and one auditor has failed). The EV audits are extremely thorough. Further any EV certificates that are issued now have to be added to a certificate transparency log https://en.wikipedia.org/wiki/..., so all EV certs that have been issued are publicly viewable and now auditable by everyone. (the log is a merkle tree so inclusion in the tree is easy to find and undetected changes are impossible).
Conclusion: If you are going to a website that you expect to be secure for banking or from a reputable company and the lock isn't green then you are likely visiting a spoofed or compromised page. If you are visiting Joe from down the streets cat pic site a DV cert is good enough.
People who actually examined passwords finally prevailed. I want you to chose a good password with lots of entropy. The password rules that you learned before actually made you less safe. correcthorsebatterystaple is a very good password but it is long and hard to correctly type if I can't see it.
If I can't see the password I will keep it short.
If I have to change it I will regularly I will make it something easy to remember and use a suffix that is likely a number that is incremented
If I have to have a capital it will be the first character
If I have to have a special symbol it will be the last or second last digit
If I have to have lots of passwords for different systems, I will use the same one on all of them
My last company, a very well know security company, 3/4 of passwords were a common 6 letter English word, first letter capitalized, then a number, then !@ or #. The number increased every 3 months.
What anyone says in the hours after an accident should never be considered accurate or even news. (It shouldn't be allowed in a court of law without a warning either). People are stressed, they are frightened, they might even be defensive. Someone who wouldn't normally lie might tell something that is blatantly false. I'm not going think less of this person but I will definitely lose respect for any paper that prints it or a website that links to it on their front page. I feel almost dirty clicking on a link from BeauHD - click bate shit.
Many companies in Canada have you sign agreements like this on your first day of work. Almost nothing you sign like this at work is enforceable since your boss has told you to sign it. For it to be valid you had to agree to it and sign it before starting. This does create a problem in promoting someone into a position where they do end up with company trade secrets.
There is a risk of dying in a car accident driving to the doctors office to vaccinate your kid. So in that respect they aren't safe. Is there a chance your kid will have a fever or a sore arm yes. Do I think the doctors at least in Canada have down played the risk of kids having fevers or other adverse side effects based on my very biased sample size of 5 kids, hell yes. And I suspect this is one reason the medical community might not be trusted. Do I think a day of my kids having a fever is worth it to prevent them from just having even chicken pox? Definitely.
The Queens representative in our western most province just made a decision on who should be able to form the government there. There was also the case a few years back where our minister of defense admitted to a war crime* in the in the house of commons and the prime minister asked the Governor General to prorogued parliament so that the senate inquiry into his actions would die (er so we could watch the winter Olympics, I think was the prime ministers excuse). I think the Governor General got that one wrong but at least we have a mechanism to solve parliamentary issues that only takes a single day. Having the government paralyzed for weeks waiting for a decision is worse.
*Canadian soldiers had handed over prisoners of war to American and Afghan forces without getting guarantees that they would not be miss treated. It' not just that they were subsequently mistreated it's the fact that we didn't take reasonable steps to ensure they were not that is a crime.
Slashdot Mirror
Note this is a biased sample*. They are the 6 current or former engineers that I associate with, they are very confident and assertive. They all agreed with Demore. They have experienced minimal sexism from other engineers. 3 of them don't mind working as the only woman at a location. They all thought women on average had different job preferences than man. They also thought job security was more important to women than men and that if they were not so good at what they did and guarenteed to always have jobs they might not have been in their current careers.
*Sample - 5 CS and 1 mechanical engineer. 1 is now in finance and 2 are software managers.
Foxconn is not at arms length from Essential. They didn't only get 0.25% of the company. The 3 million dollars will go straight back to them for manufacturing parts of the phone. If someone completely unrelated to Essential paid 3 million and they didn't get anything else other than the stock then you could say the company was worth 1.2 billion.
Imagine if someone advocated for killing people without trail, of people who might at some point in the future pose a threat to a member of his tribe. Further suppose they actually did kill some of these people along with a number of other people. Then after killing these other people they disparaged some of these people by saying they were male, between 13 and 60, so they deserved it. Should we block this person and people like them from the internet? Should GoDaddy expel any sites that regularly reprint what this person says?
Seriously fuck you Help Net Security. I really don't care about the security of most sites enough to have to memorize a unique password for them and most sites actually do understand this. Further if it is a site that I do care about the security I want to be able a secure password that I can remember. TR0b@dor is hard as hell for me to remember and will likely be in the first million passwords a cracking program will try. Second for an online attack you need enough entropy to stop an attacker who is rate limited. So 2^30 is likely strong enough (that's 3 common English words). If someone gets your salted hashed password file you are going to need 2^60 bits of entropy. 6 English words. Making be choose a password that is anywhere between those two lengths is either a waste of my time or insufficient security.
There are a lot of questionable posts on it but the volume of pictures of varying quality buries any pictures that a woman might not want seen. If your picture is up there, unless someone tells your friends exactly where to look, no one will find it, and if they do tell exactly where to look then they could have just as easily sent the picture.
It is fun, it's intimate and the girls were beautiful. I also delete the pictures when I'm not dating them anymore. They gave me permission to take the pictures and to look at them. They are private pictures between a boyfriend and girlfriend. It is implied that they won't be shared and that I won't look at them after we break up. Also most of the pictures are taken with my camera in my house or around my property. If they leak out it is pretty obvious that either I leaked them (or maybe the girlfriend), so I would be taking a huge risk in being sued if I do keep them and I lost them.
I do think it would help if the police did go after men who post pictures like this with malicious intent. I also think society should really grow up and stop treating sex and sexual acts like they are dirty and immoral. Hint, almost everyone is naked twice a day, most people masturbate and most people enjoy having sex for reasons other than having babies.
Electric cars are just more convenient. Once their range is close enough to gas no one will want to buy a new fossil fuel car. A few years after that gas stations will start disappearing. Once the stations and infrastructure start to die out the end of gasoline cars will be fairly quick. The one area where the internal combustion engine has a huge advantage is winter driving. Heating a car with an electric battery kills your distance and there aren't many good solutions. Insulation only gets you so far because you also have to dry the air in the car out or else the moisture will condense on the windows (try driving a car on a -20C morning with 3 kids in the back)
I've been a programmer for 25 years, my ex-wife is one of the best programmers I know, and I would also say I have worked with very few weak female programmers. The reason the number of women in CS in North America is low and the reason the numbers never recovered after the dot com bust is job stability. Women are just as good as men at CS, they are just as good or better at staying with jobs they don't enjoy. However, they do not enjoy job instability. This is why small startups are skewed even more male than large companies, this is why only women who are truly good stay in CS (because they don't fear ever being unemployed), and it is also why women who are good at STEM will gravitate to doctors, lawyers and other engineering fields that have more stable employment.
All the people who studied CS 20 or more years ago. Think about all the women in your classes and in your first jobs. How many are still writing code? Did they leave because of sexism? My ex experienced mind numbing stupidity towards women's needs but very little sexism from engineers - secretaries and HR is another story.
I disagree with almost everything in your post but you have so far stated the most articulate defense of Google's actions. I guess that's is the difference between Slashdot and Google (and most other comment sections).
The Microsoft bug reports are important to Microsoft. They do actually analyze them to try and find bugs or in their products or in code from common/popular vendors. The NSA is undermining this trust. This is similar to the way the USA undermined doctors in Pakistan by using doctors in their search for Bin Laden. Maybe if the USA had to compensate every single person who gets Polio 10 million dollars they might not think their plan was such a great idea. Same for the NSA, they should be trying to help close exploits but at this point their collateral damage has been far greater than anything they have prevented.
If a willing buyer who has no other ties to a company pays 1B for 50% of a company at that instant the company is worth 2B. However if a group of investors own 100% of the outstanding stock of a company, and then issue 1% more shares which they then buy for 20M the company market capitalization would be 2B. However no ownership changed hands in that transaction. All that happened was 20M was put into the company. The investors where not true buyers. There are a lot of other funny things that go into pre IPO valuations. So unless the company is publicly traded or you see a true new investor who isn't getting something else along with their stock purchase, many of these valuations are invalid.
These cars both use regenerative breaking. I'll never need to go 0-60 in 5.6s but I might need to go 60 to 0 that fast.
The 51% attack is mostly theoretical. Yes, it could be done but it would destroy the value of what you are stealing so what would be the point? Plus, there would be blow back. It would tarnish the value of BTC. There will be an equilibrium between the price of BCC and BTC in value and in hashing ability. The two will closely follow each other with the Hashing power lagging slightly. The only value in Bit coins is their ability to facilitate transactions. If the new Bit cash is better it will likely gain in value.
Bitcoin was mostly safe from a quantum computer since you only revealed you public key at the time you created an input to a transaction. Before that, all people saw was the hash of your public key. Now however when you spend a pre-fork bitcoin on one side of the branch you reveal your public key, someone with a quantum computer could then figure out your private key and spend the bitcoin in the other side of the fork. I would therefore recommend that everyone cycle their current bitcoin in both forks sometime in the next 5 years, just to be paranoid.
If you had bitcoins before the fork you will have them in both branches. If you acquire them in one branch you will not have them in the other. Now one branch will have the ability to do 8 times as many transactions as the other and lower transaction fees. We now have 3 types of coins. Ones from before the fork and ones on each fork. The ones after the fork will have different values/exchange rates. The ones still unspent from before the fork will likely have a value that is the sum of the two. Now if one fork gains more traction than the other that fork will become more valuable. My bet is on bitcoin cash because it is more useful for me. I don't speculate on bitcoin, I don't use it as a store of wealth and I don't use it to measure the value of anything. I use it strictly for transactions, to exchange value with others. The old system was limited to a rather pathetically slow rate.
The article is clearly misleading and hurts women. If I'm a VC I look at two things in a company. Is the company a good investment and will others think it is a good investment. If the company is above very good, is going to take 10 years to turn a profit but I think others will perceive it as nearly worthless then I won't invest in it because I have no way to get my money out and I also fear that I might end up being the only one bank rolling the company, tying up my money for a decade.
Does stupidity count as a defense for hate crimes?
Kálmán Dabóczi was the manager of BKK. You are correct though that he might not have personal been apart of this. It could have just been employees of BKK and this never filtered up to him.
I control the client. It does what ever I want. The Server should have no expectation of my behavior, it just expects a string of 0s and 1s. The server is asking how many tickets I want and how much I should pay for them. This kid pointed out that the server is trusting the client to tell it what the correct price is. The client is being dishonest if it lies about the price but this isn't like changing the price stickers, here the server is actually asking the client for the price and this 18 year old pointed it out. He bought a ticket that he never intended to use to demo the bug. True, his demo might have caused an error in the backend accounting that could have brought down the entire BKK system. That is generally why you ask permission before hacking something, but this seems so trivial that I would give the kid a break and I would expect him to get a thanks.
This company has no clue how eCommerce works. They actually are double handy capped in that they don't even know what they don't know so they likely had a false sense of thinking they actually did understand things. If you use the website as intended you can't change the price. I have no doubt that Kálmán Dabóczi believed this kid was hacking their system and I also think it is likely that everyone he asked also though the same thing.
Kálmán Dabóczi, BKK, the police and the judge who issued the warrant all owe this kid a big apology. However, not everyone can understand everything and it is reasonable to expect that sometimes you will get unlucky and get a company and a few members of the police who have almost zero understanding of a subject and make a stupid mistake. The police didn't kick in his door, shoot his dogs or throw stun grenades in a crib. Hopefully they were professional about the entire thing. Kálmán Dabóczi has likely learned a very hard lesson so let him apologize and get to work. He now has a pile of free penetration results to deal with and possible the job of selecting a new supplier for the website.
There are a number of things wrong in the comments so let's clarify them. There are three types of certificates: Extended Validation, Organization Validation and Domain Validation. The green lock only appears for sites with Extended Validation. Extended validation requires the site owner to prove they are a real company, really do own the name in the domain name, i.e. they are not spoofing something, that the DNS record is correct and that they control the domain. These are usually $250 - $500. Organization Validation has some checks and requires proof of control of the domain. It doesn't give you a green lock. Domain Validation only requires that you control the domain to get the cert. It doesn't give you a green lock. It is valuable in that, it prevents man-in-the-middle attacks and ensures that your communication is encrypted, however you have no assurances as to who is behind the domain. Domain Validation certs are usually free. Let's Encrypt only issues Domain Validation Certificates
There is a list of requirements for CAs to obey for granting certs and they are stringently audited and then the auditors are audited. (and one auditor has failed). The EV audits are extremely thorough. Further any EV certificates that are issued now have to be added to a certificate transparency log https://en.wikipedia.org/wiki/..., so all EV certs that have been issued are publicly viewable and now auditable by everyone. (the log is a merkle tree so inclusion in the tree is easy to find and undetected changes are impossible).
Conclusion: If you are going to a website that you expect to be secure for banking or from a reputable company and the lock isn't green then you are likely visiting a spoofed or compromised page. If you are visiting Joe from down the streets cat pic site a DV cert is good enough.
People who actually examined passwords finally prevailed. I want you to chose a good password with lots of entropy. The password rules that you learned before actually made you less safe. correcthorsebatterystaple is a very good password but it is long and hard to correctly type if I can't see it.
If I can't see the password I will keep it short.
If I have to change it I will regularly I will make it something easy to remember and use a suffix that is likely a number that is incremented
If I have to have a capital it will be the first character
If I have to have a special symbol it will be the last or second last digit
If I have to have lots of passwords for different systems, I will use the same one on all of them
My last company, a very well know security company, 3/4 of passwords were a common 6 letter English word, first letter capitalized, then a number, then !@ or #. The number increased every 3 months.
What anyone says in the hours after an accident should never be considered accurate or even news. (It shouldn't be allowed in a court of law without a warning either). People are stressed, they are frightened, they might even be defensive. Someone who wouldn't normally lie might tell something that is blatantly false. I'm not going think less of this person but I will definitely lose respect for any paper that prints it or a website that links to it on their front page. I feel almost dirty clicking on a link from BeauHD - click bate shit.
Many companies in Canada have you sign agreements like this on your first day of work. Almost nothing you sign like this at work is enforceable since your boss has told you to sign it. For it to be valid you had to agree to it and sign it before starting. This does create a problem in promoting someone into a position where they do end up with company trade secrets.
There is a risk of dying in a car accident driving to the doctors office to vaccinate your kid. So in that respect they aren't safe. Is there a chance your kid will have a fever or a sore arm yes. Do I think the doctors at least in Canada have down played the risk of kids having fevers or other adverse side effects based on my very biased sample size of 5 kids, hell yes. And I suspect this is one reason the medical community might not be trusted. Do I think a day of my kids having a fever is worth it to prevent them from just having even chicken pox? Definitely.
The Queens representative in our western most province just made a decision on who should be able to form the government there. There was also the case a few years back where our minister of defense admitted to a war crime* in the in the house of commons and the prime minister asked the Governor General to prorogued parliament so that the senate inquiry into his actions would die (er so we could watch the winter Olympics, I think was the prime ministers excuse). I think the Governor General got that one wrong but at least we have a mechanism to solve parliamentary issues that only takes a single day. Having the government paralyzed for weeks waiting for a decision is worse.
*Canadian soldiers had handed over prisoners of war to American and Afghan forces without getting guarantees that they would not be miss treated. It' not just that they were subsequently mistreated it's the fact that we didn't take reasonable steps to ensure they were not that is a crime.