Am I being 'irrational'? Only if you cannot be written as the ratio of two integers.
Re:Okay, I know I'm going to feel like an idiot, b
on
Defeating Captcha
·
· Score: 1
I don't get the Belgium/Belgian users reference. Did they do something wrong to not be considered humans? Are they dumber than average? Is "Belgium" just a funny word? I don't get it. Somebody (preferably one who knows the answer) please enlighten me.
I thought the answer was obvious: they share a border with the Dutch.
Can these monstrosities be generated algorithmically?
The quoted regular expression in the GP was generated algorithmically. It was originally a word list from the Lingua::EN::Words2Nums module (Check out the source if you want to see the list.) To generate the regex, the list was passed through the Regex::PreSuf module, which creates fast-running regular expressions out of word lists.
Agreed, it would be a difficult case. The case of negligence would have to be based around a few facts:
The state allowed research access to a large amount of personal and sensitive information to an external entity (albeit under a confidentiality agreement.)
The said external entity, according to the SecurityFocus article, had "not been in compliance with the security rules the state sets out for research access to sensitive data."
The state had no ability to verify that this required security compliance does actually exist, as can be inferred by the fact that the state is now reviewing how to be able to verify this security compliance as a result of this break-in.
Since the state apparently has no ability to verify the security compliance of the researchers to which it is giving access, how is it in any way able to adequately insure protection against identify theft for this personal data it is sharing?
Regardless, I am not a litigous person by nature and don't see myself initiating any sort of legal action based on this. However, it's still a pain in the ass to have to go ask the three credit unions to place fraud alerts on my wife's SSN. Ultimately, I am simply dismayed that the state of California sees fit to pass my wife and mother-in-law's personal and sensitive information around without the proper checks and due discretion.
And here we are on October 20th hearing about it. I wonder if the people that were included in that database (that should have been kept on a completely secluded network IMHO) were contacted September 28th or if they had to wait until three bureaucratic agencies had done their own investigations...
Both my wife and my mother-in-law are most likely contained in that database (my wife as a former IHSS caregiver, my mother-in-law as a current IHSS care-receiver), and this is the first I've heard of this break-in. To be honest, I feel betrayed the state of California's apparent lackadaisical approach to guarding these social security numbers. Why would these numbers be shared with a university for research purposes anyways? It really doesn't make sense anyways, and I don't recall my wife signing any type of release to allow this personal information being used for research purposes. I guess it's time to go safeguard against identity theft (not to mention contemplate the potential success of a class action lawsuit against the state of California on grounds of negligence.)
After reading through the paper, I have to say that the attacks contained therein are simply not that impressive. In it, the author describes the following attacks:
An race attack that is only valid if the user slowly logs in over an unencrypted non-line-buffered telnet session using the SecureID. I have never seen an implementation of SecureID used like this, and we can be assured AOL's implementation will not be susceptible (as they will undoubtedly be having the token typed into a local window, not transfered over a network character-by-character)
A attacked on a clustered implementation where the attacker shuts down several lines of communication as part of the attack. This is probably the closest thing to a dangerous attack; however, the author even describes a way that the servers could be programmed as to avoid this situation. At the time of the article, this has not been implemented in the server, but apparently, the article was written in 1997 (or thereabouts)
A software bug in an older version of the software. Shameful, yes, but apparently fixed about 8 years ago.
A theoretical attack of which the author claims "It is not known whether all of the semantics are absolutely correct in this example but it is quite probable that some variation of the attack is possible."
Of course, I'm not claiming that the security of a SecureID implementation is unassailable, or that SecureID is a panacea for security problems. I just don't believe an old article that describes some irrelevant not-quite-attacks is sufficient to cast doubt on the extra security provided by SecureID, and that attacks on SecureID are actually much more difficult than you seem to be claiming.
Is it the "pissing Calvin" stickers that seem to adorn every pickup truck in the U.S.A.? That is a violation as far as I understand, and as far as the creator of C&H is concerned, but he doesn't give a rats ass aparently.
Actually, Bill Watterson (creator of Calvin and Hobbes) threatened to sue the company that made those stickers, and the company has since changed the stickers to a different image which is apparently not considered derivative. Watterson is known to be very protective of his copyrights; he won't even license the images for merchandising. Some information here.
Re:Article Text (Slashdotted Server)
on
Optimizing distcc
·
· Score: 1
Lord of Ironhand, thanks for the polite bit of info about this possibly being viewed as karma whoring.
I appreciate it much more than those simply accusing me of karma whoring.
Re:Article Text (Slashdotted Server)
on
Optimizing distcc
·
· Score: 1
Because I was logged in, and didn't even think about hitting the 'Post Anonymously' button. I don't care about Karma, as alien a notion that may be. Hence why I don't care if this gets modded Redundant, Informative, or Troll. I was simply trying to enable people to have an on-topic conversion when the original source of information was unavailable.
Apparently I should know better since I have a low userid, but to be honest, I don't post much, and I didn't know better, so I apologize.
Re:Article Text (Slashdotted Server)
on
Optimizing distcc
·
· Score: 0, Offtopic
I think the other guy beat mine by a few seconds. My post should be modded down redundant accordingly. I'd rather only see one copy anyways.
Article Text (Slashdotted Server)
on
Optimizing distcc
·
· Score: -1, Redundant
distcc optimizations - March 30th 2004 and how to compile kdelibs from scratch in six minutes
If you don't already know about distcc I recommend that you check it out. Distcc is a tool that sits between make and gcc sending compile jobs to other computers when free, thus distributing compiles and dramatically decreasing build times. Best of all it is very easy to set up.
This, of course, leads to the fantastic idea that anyone can create their own little cluster or farm (as it is often referred to) out of their extra old computers that they have sitting about.
Before getting started: In conjunction with distcc there is another tool called ccache, which is a caching pre-processor to C/C++ compilers, that I wont be discussing here. For all of the tests it was turned off to properly determine distcc's performance, but developers should also know about this tool and using it in conjunction for the best results and shortest compile times. There is a link to the homepage at the end of this article.
Farm Groundwork and Setup As is the normal circle of life for computers in a corporate environment, I was recently lucky enough to go through a whole stack of computers before they were recycled. From the initial lot of forty or so computers I ended up with twelve desktop computers that ranged from 500MHz to 866MHz. The main limit for my choosing dealt with the fact that I only had room in my cube for fifteen computers. With that in mind I chose the computers with the best CPU's. Much of the ram was evened out so that almost all of the final twelve have 256MB. Fast computers with bad components had the bad parts swapped out for good components from the slower machines. Each computer was setup to boot from the CD-ROM and not output errors when booting if there wasn't a keyboard/mouse/monitor. They were also set to turn on when connected to power.
Having enough network administration experience to know better, I labeled all of the computers, the power cord and network cord that was attached to them. I even found different colored cable for the different areas of my cube. The first label specified the CPU speed and ram size so later when I was given faster computers, finding the slowest machine would be easy. The second label on each machine was the name of the machine, which was one of the many female characters from Shakespears plays. On the server side a dhcp server was set up to match each computer with their name and IP for easy diagnosis of problems down the line.
For the operating system I used distccKNOPPIX. distccKNOPPIX is a very small Linux distribution that is 40MB in size and resides on a CD. It does little more then boot, gets the machine on line and then starts off the distcc demon. Because it didn't use the hard disk at all, preparation of the computers required little more than testing to make sure that they all booted off the CD and could get an IP.
Initially, all twelve computers (plus the build master) were plugged into a hub and switch that I had borrowed from a friend. The build master is a 2.7Ghz Linux box with two network cards. The first network card pointed to the Internet and the second card pointed to the build network. This was done to reduce the network latency as much as possible by removing other network traffic. More on this later though.
A note on power and noise, the computers all have on-board components. Any unnecessary pci cards that were found in the machines were removed. Because nothing is installed on the hard disks they were set to spin down shortly after the machines are turned on. (I debated just unplugging the hard disk, but wanted to leave the option for installation open for later.) After booting up and after the first compile when gcc is read off the CD the CD-ROM also spins down. With no extra components, no spinning CD-ROM or hard disk drives the noise and heat level in my cube really didn't change any that I could notice (there were of course jokes galore by everyone about saunas and jet planes when I was setting up
Rather, it was a roundabout way of lamenting the continuing fall in the numbers of students deciding to pursue careers in the sciences.
The point is, of course, that were more money invested in introducing people to science properly, without all the bells and whistles that Brian Greene felt were necessary to make his PBS series palatable to the public, perhaps we wouldn't have to endure things like the cancelling of the SSC during the mid 90s.
One significant thing a book like this can do is generate interest in the pursuit of scientific careers. For instance, my wife, after devouring a couple of these 'popularisations', one of which being The Elegant Universe by Mr. Greene, is now pursuing a degree in physics, primarily due to increased interest these books instilled in her.
These books function well as what they are: an overview of the subjects within. After reading them, one can choose whether to be satisfied with that, or to further pursue the subject with more advanced physics texts. For myself, and perhaps I am biased by the close anecdotal evidence, is seems to be that books like this encourage the pursuit of careers in the sciences.
Pete (who has for the last two months been maintaining/debugging/adding features to a 1998-era MSVC6 project, written by a guy who really had no idea about C++. Sigh.)
Did anyone else other than me who was doing MSVC6 projects in 1998 suddenly get real worried that this guy was stuck working on your old code?
Just in case: Sorry, Pete. I can only claim extreme ignorance and inexperience, and offer you all my sympathy.
But 'pale blue dot' images? It's just a dot. It might just as well be Venus for all the emotional impact I get from it.
Somehow, that aspect of the images is what hit me emotionally. This is the first time I've actually realized what has been accomplished here: there is something (a robot, in this case) on that pale red dot I kept staring up at last autumn that is looking back at us and seeing us as a pale blue dot.
Images from the Moon are pretty, I'll grant you that. But it's still our moon; to me, it doesn't feel like anything more than hop, skip, and a jump away. This is another planet. This is an entirely different world, with its own orbit and autonomy.
We think so grandly of our history and our oceans and our continents and our clouds. But from our nearest neighboring planet, we're just another dot in the sky. So no, there's probably not much cultural impact here, since our culture is centered completely on our planet. This is a different world, and the emotional impact of seeing us from that world, at least to me, is plentiful.
According to Georgy, taxing the rich will magically make the economy boom, and therefore end the budget deficit.
Now, taxing the upper brackets may be an important step to ending the budget woes, but that is apparently her entire economic plan.
I'm glad she thought this one out.
Re:Here goes Katz again
on
AOL Nation
·
· Score: 1
This is what Katz does...Just consider anything he writes as an editorial. If you want straight-up news, don't read his stuff. I happen to find his stuff interesting to read.
I'm a former CMU student, and even when I was there, this kind of thing was happening (CMU seems to fall in line when the RIAA barks). However, this is the first time I've seen such a large number of users disconnected at once, as this is the first time they've done a real inspection.
First, to clear up misconceptions -- As I see it, the files that were found were being kept on the students' own computers, and simply shared over the CMU intranet with Microsoft file sharing (Or samba or whatever). In the past, CMU would occasionally just measure bandwith to each computer, and if they see one computer that is getting hit a lot, they'll investigate, and if that person has MP3's/Warez/ in public (i.e. non-passworded) folders, CMU would ask the student to remove that stuff from public folders, and perhaps cut off their access if they felt like it. (On a side note, someone mentioned that computer accounts were cut off if any type of hacking was noticed from someone's computer - this is true, even if the hacker was simply using the computer as a bounce point to hack someone else's computer. If this happened to you, you could simply go to network services and tell them that your computer was hacked - they would reinstate your network access as soon as you secured your computer a bit)
The thing that disturbs me here is that someone else mentioned that when CMU was doing this surprise inspection, they would guess passwords on passworded folders, and if they were able to guess it, and the folder had copyrighted material in it, then the network access would be cut. To me, this seems like a major invasion of privacy. I would go so far as to say that random guessing of passwords on a folder that is passworded could be considered a form of a password hacking attempt. Everything I remember from people's reports of discussions with network services at CMU and Dean Fowler seemed to lead to the fact that if a folder was passworded, than it was considered private. Just because it has an easy-to-guess password doesn't mean it's public - it just means the person who set it wanted to make it easy to remember.
One thing I find amusing about this is that one of the students at CMU used to have an search engine that indexed the massive CMU intranet, which enabled students to search for files they wanted (One result of this is that it made searching for MP3s easy to do). This student was forced to remove this functionality from his website (run on his computer), for the reason (among others) that the spider that did the searching could be considered an invasion of privacy - EVEN THOUGH it didn't even try to guess passwords, as network services supposedly did when doing their surprise inspection. Keep in mind - this reason was debated by the student who wrote the intranet spider, and I'm not sure what came of it.
One other thing I find funny (quote from article)
On October 18, Carnegie Mellon randomly checked the public portions of 250 students' computer accounts, mainly "to find out whether we had a problem on our campus," Mr. Fowler said.
Network services had to know there were MP3s shared in directories like this - most of the students knew. They aren't that naive - they have just chosen to ignore this until the RIAA barked louder.
Slashdot Mirror
This is pretty ridiculous. Products have existed for years to take care of this sort of thing, such as http://www.appligent.com/products/product_families /redaction.php.
How does this keep happening?
Am I being 'irrational'?
Only if you cannot be written as the ratio of two integers.
I don't get the Belgium/Belgian users reference. Did they do something wrong to not be considered humans? Are they dumber than average? Is "Belgium" just a funny word? I don't get it. Somebody (preferably one who knows the answer) please enlighten me.
I thought the answer was obvious: they share a border with the Dutch.
Can these monstrosities be generated algorithmically?
The quoted regular expression in the GP was generated algorithmically. It was originally a word list from the Lingua::EN::Words2Nums module (Check out the source if you want to see the list.) To generate the regex, the list was passed through the Regex::PreSuf module, which creates fast-running regular expressions out of word lists.
In case the forums site goes down, I found a mirror here....
Since the state apparently has no ability to verify the security compliance of the researchers to which it is giving access, how is it in any way able to adequately insure protection against identify theft for this personal data it is sharing?
Regardless, I am not a litigous person by nature and don't see myself initiating any sort of legal action based on this. However, it's still a pain in the ass to have to go ask the three credit unions to place fraud alerts on my wife's SSN. Ultimately, I am simply dismayed that the state of California sees fit to pass my wife and mother-in-law's personal and sensitive information around without the proper checks and due discretion.
Both my wife and my mother-in-law are most likely contained in that database (my wife as a former IHSS caregiver, my mother-in-law as a current IHSS care-receiver), and this is the first I've heard of this break-in. To be honest, I feel betrayed the state of California's apparent lackadaisical approach to guarding these social security numbers. Why would these numbers be shared with a university for research purposes anyways? It really doesn't make sense anyways, and I don't recall my wife signing any type of release to allow this personal information being used for research purposes. I guess it's time to go safeguard against identity theft (not to mention contemplate the potential success of a class action lawsuit against the state of California on grounds of negligence.)
absolutely correct in this example but it is quite probable that some variation of the
attack is possible."
Of course, I'm not claiming that the security of a SecureID implementation is unassailable, or that SecureID is a panacea for security problems. I just don't believe an old article that describes some irrelevant not-quite-attacks is sufficient to cast doubt on the extra security provided by SecureID, and that attacks on SecureID are actually much more difficult than you seem to be claiming.
Sure you can, it's just that some of the land is a little soggy.
Is it the "pissing Calvin" stickers that seem to adorn every pickup truck in the U.S.A.? That is a violation as far as I understand, and as far as the creator of C&H is concerned, but he doesn't give a rats ass aparently.
Actually, Bill Watterson (creator of Calvin and Hobbes) threatened to sue the company that made those stickers, and the company has since changed the stickers to a different image which is apparently not considered derivative. Watterson is known to be very protective of his copyrights; he won't even license the images for merchandising. Some information here.
While "important" is a matter of opinion, it's probably RFC 768, User Datagram Protocol.
(because they don't know what the word gender means)
You mean definition (3a) here?
Lord of Ironhand, thanks for the polite bit of info about this possibly being viewed as karma whoring.
I appreciate it much more than those simply accusing me of karma whoring.
Because I was logged in, and didn't even think about hitting the 'Post Anonymously' button. I don't care about Karma, as alien a notion that may be. Hence why I don't care if this gets modded Redundant, Informative, or Troll. I was simply trying to enable people to have an on-topic conversion when the original source of information was unavailable.
Apparently I should know better since I have a low userid, but to be honest, I don't post much, and I didn't know better, so I apologize.
I think the other guy beat mine by a few seconds. My post should be modded down redundant accordingly. I'd rather only see one copy anyways.
distcc optimizations - March 30th 2004
and how to compile kdelibs from scratch in six minutes
If you don't already know about distcc I recommend that you check it out. Distcc is a tool that sits between make and gcc sending compile jobs to other computers when free, thus distributing compiles and dramatically decreasing build times. Best of all it is very easy to set up.
This, of course, leads to the fantastic idea that anyone can create their own little cluster or farm (as it is often referred to) out of their extra old computers that they have sitting about.
Before getting started: In conjunction with distcc there is another tool called ccache, which is a caching pre-processor to C/C++ compilers, that I wont be discussing here. For all of the tests it was turned off to properly determine distcc's performance, but developers should also know about this tool and using it in conjunction for the best results and shortest compile times. There is a link to the homepage at the end of this article.
Farm Groundwork and Setup
As is the normal circle of life for computers in a corporate environment, I was recently lucky enough to go through a whole stack of computers before they were recycled. From the initial lot of forty or so computers I ended up with twelve desktop computers that ranged from 500MHz to 866MHz. The main limit for my choosing dealt with the fact that I only had room in my cube for fifteen computers. With that in mind I chose the computers with the best CPU's. Much of the ram was evened out so that almost all of the final twelve have 256MB. Fast computers with bad components had the bad parts swapped out for good components from the slower machines. Each computer was setup to boot from the CD-ROM and not output errors when booting if there wasn't a keyboard/mouse/monitor. They were also set to turn on when connected to power.
Having enough network administration experience to know better, I labeled all of the computers, the power cord and network cord that was attached to them. I even found different colored cable for the different areas of my cube. The first label specified the CPU speed and ram size so later when I was given faster computers, finding the slowest machine would be easy. The second label on each machine was the name of the machine, which was one of the many female characters from Shakespears plays. On the server side a dhcp server was set up to match each computer with their name and IP for easy diagnosis of problems down the line.
For the operating system I used distccKNOPPIX. distccKNOPPIX is a very small Linux distribution that is 40MB in size and resides on a CD. It does little more then boot, gets the machine on line and then starts off the distcc demon. Because it didn't use the hard disk at all, preparation of the computers required little more than testing to make sure that they all booted off the CD and could get an IP.
Initially, all twelve computers (plus the build master) were plugged into a hub and switch that I had borrowed from a friend. The build master is a 2.7Ghz Linux box with two network cards. The first network card pointed to the Internet and the second card pointed to the build network. This was done to reduce the network latency as much as possible by removing other network traffic. More on this later though.
A note on power and noise, the computers all have on-board components. Any unnecessary pci cards that were found in the machines were removed. Because nothing is installed on the hard disks they were set to spin down shortly after the machines are turned on. (I debated just unplugging the hard disk, but wanted to leave the option for installation open for later.) After booting up and after the first compile when gcc is read off the CD the CD-ROM also spins down. With no extra components, no spinning CD-ROM or hard disk drives the noise and heat level in my cube really didn't change any that I could notice (there were of course jokes galore by everyone about saunas and jet planes when I was setting up
Rather, it was a roundabout way of lamenting the continuing fall in the numbers of students deciding to pursue careers in the sciences.
The point is, of course, that were more money invested in introducing people to science properly, without all the bells and whistles that Brian Greene felt were necessary to make his PBS series palatable to the public, perhaps we wouldn't have to endure things like the cancelling of the SSC during the mid 90s.
One significant thing a book like this can do is generate interest in the pursuit of scientific careers. For instance, my wife, after devouring a couple of these 'popularisations', one of which being The Elegant Universe by Mr. Greene, is now pursuing a degree in physics, primarily due to increased interest these books instilled in her.
These books function well as what they are: an overview of the subjects within. After reading them, one can choose whether to be satisfied with that, or to further pursue the subject with more advanced physics texts. For myself, and perhaps I am biased by the close anecdotal evidence, is seems to be that books like this encourage the pursuit of careers in the sciences.
Pete (who has for the last two months been maintaining/debugging/adding features to a 1998-era MSVC6 project, written by a guy who really had no idea about C++. Sigh.)
Did anyone else other than me who was doing MSVC6 projects in 1998 suddenly get real worried that this guy was stuck working on your old code?
Just in case: Sorry, Pete. I can only claim extreme ignorance and inexperience, and offer you all my sympathy.
But from our nearest neighboring planet, we're just another dot in the sky.
Make that second nearest neighboring planet. I knew something looked wrong with that statement. =)
But 'pale blue dot' images? It's just a dot. It might just as well be Venus for all the emotional impact I get from it.
Somehow, that aspect of the images is what hit me emotionally. This is the first time I've actually realized what has been accomplished here: there is something (a robot, in this case) on that pale red dot I kept staring up at last autumn that is looking back at us and seeing us as a pale blue dot.
Images from the Moon are pretty, I'll grant you that. But it's still our moon; to me, it doesn't feel like anything more than hop, skip, and a jump away. This is another planet. This is an entirely different world, with its own orbit and autonomy.
We think so grandly of our history and our oceans and our continents and our clouds. But from our nearest neighboring planet, we're just another dot in the sky. So no, there's probably not much cultural impact here, since our culture is centered completely on our planet. This is a different world, and the emotional impact of seeing us from that world, at least to me, is plentiful.
In 15 years (or less) people will have this much data on their Palm Pilot.
And somehow, my wife will still be able to fill it up with MP3's.
Autozone also reported "flat" sales this morning, which probably has more to do with their stock decline than this lawsuit.
While a lawsuit may affect the stock price, discouraging sales reports will always affect the stock price.
Paraphrase: The deficit is bad. Tax the rich.
According to Georgy, taxing the rich will magically make the economy boom, and therefore end the budget deficit.
Now, taxing the upper brackets may be an important step to ending the budget woes, but that is apparently her entire economic plan.
I'm glad she thought this one out.
This is what Katz does...Just consider anything he writes as an editorial. If you want straight-up news, don't read his stuff. I happen to find his stuff interesting to read.
Just a suggestions,
-Fedallah
First, to clear up misconceptions -- As I see it, the files that were found were being kept on the students' own computers, and simply shared over the CMU intranet with Microsoft file sharing (Or samba or whatever). In the past, CMU would occasionally just measure bandwith to each computer, and if they see one computer that is getting hit a lot, they'll investigate, and if that person has MP3's/Warez/ in public (i.e. non-passworded) folders, CMU would ask the student to remove that stuff from public folders, and perhaps cut off their access if they felt like it. (On a side note, someone mentioned that computer accounts were cut off if any type of hacking was noticed from someone's computer - this is true, even if the hacker was simply using the computer as a bounce point to hack someone else's computer. If this happened to you, you could simply go to network services and tell them that your computer was hacked - they would reinstate your network access as soon as you secured your computer a bit)
The thing that disturbs me here is that someone else mentioned that when CMU was doing this surprise inspection, they would guess passwords on passworded folders, and if they were able to guess it, and the folder had copyrighted material in it, then the network access would be cut. To me, this seems like a major invasion of privacy. I would go so far as to say that random guessing of passwords on a folder that is passworded could be considered a form of a password hacking attempt. Everything I remember from people's reports of discussions with network services at CMU and Dean Fowler seemed to lead to the fact that if a folder was passworded, than it was considered private. Just because it has an easy-to-guess password doesn't mean it's public - it just means the person who set it wanted to make it easy to remember.
One thing I find amusing about this is that one of the students at CMU used to have an search engine that indexed the massive CMU intranet, which enabled students to search for files they wanted (One result of this is that it made searching for MP3s easy to do). This student was forced to remove this functionality from his website (run on his computer), for the reason (among others) that the spider that did the searching could be considered an invasion of privacy - EVEN THOUGH it didn't even try to guess passwords, as network services supposedly did when doing their surprise inspection. Keep in mind - this reason was debated by the student who wrote the intranet spider, and I'm not sure what came of it.
One other thing I find funny (quote from article)Network services had to know there were MP3s shared in directories like this - most of the students knew. They aren't that naive - they have just chosen to ignore this until the RIAA barked louder.