Ah my requirements are that links be bookmarkable (especially across the same users login session. but occasionally between co-workers). As they are business systems that are in constant use and clicking on a link, finding out your session has expired, re-authenticating and then having the link not work, is not good for productivity.
So with this in place you did not provide anything actual flaw in the problem domain in this area, so this is good news to me.
But multiple users of the same system can not obtain secret business information (such as DB Primary Key ID) that might leak data such as how many records you have.
The other stuff you touched on it generally dealt with once enabled by my choice of website application framework, that still means you have to actively test is is enabled and doing its thing in production.
Bollox, the developers of X11 are over 30years older now. I think you are confusing the current maintainers of the two most popular X11 implementations with the actual developers who came up with the original ideas. The extensions over the past 15 year rise of Linux popularity have had to restrict themselves to the design choices made over 30 years so. It is plenty overdue a revamp, silicon has changed to much in that time.
Use both. Initialize a symmetric cipher server side for your webapp (so keys are hot/high performance). Then for each thing you need to encode XOR the raw database PK ID first then pass it through the cipher. This way database ID 1 for every thing you do does not end up with the same ciphered result.
For extra points many symmetric ciphers use larger block sizes than the 64bit you actually need for your database PK ID, so pad left and right bits with random garbage.
For more points use part of the unused bits (of the cipher block size) also as a form of checksum/CRC, that can be used to detect corruption/brute forcing. No real web request should get this wrong (unless you have bugs, but you can mark the client as being suspect).
But who brute forces larger than 128bits over the Internet.
Better codecs are not required, most people consider standard TV good enough, DVD great and Blueray overkill. Many places are getting home Internet upgrades from 24MBit to 100MBit. Portable and general storage mediums are cheaper and more dense per Gb.
We only have to wait another 10 or so years for the MPEG patents to expire (yeah right, I'm sure the standards will be in perpetual patent, as they phase in some new minor changes, when the 30 year old codec is great for use today). So in the grand scheme of things of paying for these "much needed" expensive codecs, forget it. I don't need them today when the alternatives are good enough, the population of the world will get them all for free in a few short years anyway as the patents "should" be expiring. If they don't expire then it is time to go to war on that basis and rewrite the laws (this will happen).
Presumably someone intercepting has more than one route to the victim AS. one to perform the intercept and another to pass on the traffic with to it ends up delivered to the victims AS. so they shunt the traffic inside some MPLS tunnel across their own network (via their inspection device/system).
Now if you are talking about asymmetric routing issues that is a different matter. Since the victim AS won't automatically send the other half of the data stream via your hijacking networking (unless of course you can perform a reciprocal intercept at the other side as well, if it is possible at one sure, then surely it maybe possible at the other).
You are not an English speaker yourself. Well as an English speaker...
Adding "potentially" to the sentence can often be used by technical/engineering people to better describe a scenario of risk. Since other non-technical/non-engineering people look to the statement to fully understand the situation, so it needs to be described as either being a matter of fact, or a matter of professional opinion, or a matter open to debate.
So to describe something as "potentially" is attempting weight the risk, without claiming it as a matter of fact.
I agree with the other poster, potentially harmful != dangerous. On the basis that for me potentially harmful is unlikely to be dangerous (as in less than 50% risk), and "dangerous" is more likely to result in danger (greater than 50% of risk). Again we (the engineers/technical people) are weighting our response via the use of language in this way.
As an OpenSSL contributor I agree the project is a mess.
The project needs 100% code coverage unit testing. It needs to move to using git as the main SCM repo. I don't agree with even the source formatting on the basis that it doesn't make it easier to audit the code base, it is an uncommon code formatting choice. The project needs a gerrit code review system to streamline the limited committer man-hours when integrating new code. One problem in getting patches into the project is you need to find a committer that agrees with it and has time. Git allows easier unlimited forking and code review allows by anyone and facilities multiple people to run their own tree, so may the best maintainer win popularity. All new code should include a unit test to accept it. The network / kernel interactions need also unit testing (something I already did in the part to prove an API interaction deficiency in the OpenSSL API design).
Your comment makes sense, you have to anchor the moment to something not in the same axis as the target system pleasure/pain.
Plus is the article makes sense you want to keep that happiness around a little longer to help push a few more items into long-term-storage, not sidetrack the brain into dealing with pain from peppers.
The "muscle" maybe called ego. It is usually this that tries to hold onto the nonsense it thinks is important.
Without the ego there is only the present and the only thing to do in the present is process all feelings without attachment (it is the ego trying to do that 'attaching'). The relaxing you are taking about is the non-attachment.
You run your program 3 times on 3 different hardware setups, get 2 complete results and compare results, which are the same ? The other computation did not complete.
My understanding is the difficulty increases as the limited block range pool gets exhausted, kind of like a quadratic, it just so happens over time that the number of folks mining and the mining performance has also increased.
The fee's get paid to parties involved in signing a transaction. The longer the transaction history of the block the more computationally expensive it is to assist signing. Multiple nodes need to sign a transaction before a systemic consensus is reached that the bitcoin did change possession (i.e. proof of spending) and also ensure double spending is difficult. So over time no one will sign transactions for free, since they become computationally expensive.
The original block finder simply got to spend that block first, he needed other nodes to sign this spending and he may have needed to pay fees to those signing nodes as well as the bulk to the receiving node.
There is no situation that all fees for the infinite lifetime of the block get paid to the original finder. (This is my interpretation of your comment).
My knowledge of bitcoin is very limited and it has been a while since I first looked up on what it is. Please feel free to correct me.
These figures are not completely accurate picture. Most streaming content comes off a load cache boxes on the large ISPs own network. All ISP peer in at least one of their national peering centres to exchange traffic with other national ISPs to reduce the transit requirements. Most internet traffic never leaves the country, UK people use UK google, UK ebay, UK ecommerce sites.
So for example Netflix, BBC, BT TV and things like Windows Updates and Game downloads all come from local cache boxes that are either located inside the ISP network (at a cost to the CDN) or are within the national peering exchange centre and do not stream down transit links.
Sure the cost of 10Gbps links at a national peering centre are expensive but no where near that of you are quoting for transit from a tier-1.
> If you drink something acidic, the total acidity level of your stomach will be more than if you drink water.
Total volume would increase, the PH would increase towards 7 (go from 1.35 to maybe 2.123) making the overall acidity lower.
So the term would be more correct to say the acidity level is lower (just like taking alkaline stomach salts to ease indigestion).
The exact amount of change depends largely on the relative volumes involved, the dynamics of how they mix, but that is largely irrelevant for drink as everything ingested is usually with a high water content already.
> Since it supresses appetite, you tend to eat more.
Huh.... appetite is the brain response to going hungry and getting a desire to eat via hormonal / chemical changes within the body.
Suppressing this response means to loose the desire to eat, which is not necessarily the same thing as feeling full, but more like eating becomes a chore, as the satiation (pleasure) response is dulled.
So your comment makes no sense, when your appetite is suppressed you eat less. What happens with sugar is the high glucose levels triggers short term higher energy and to associated stimulant effect from that, and the lack of real hunger satiation response allows the users to gorge too much sugar, whilst at the same time not providing any wholesome nutritional value (lack of variety of micro nutrients - from candy)
There is an old wives tale of giving the children of the family a small amount of candy, before 1950s in time before the main meal of the day. In order to suppress the child's appetite and thus not require as much of the scarce/expensive wholesome food. The largest plate of food is given to the bread winner of the household.
So to me it all depends on who, how and when the sugar is given. A few sweets and hour before a main meal reduces the amount eaten, a soda drink given immediately before or during dinner increases it.
I agree also with the fiber meaning fuller sooner with smaller portions. But that is also true of complex carbohyrates and complex protein (i.e. not whey hydroyslate, but regular beef), actually anything with a higher calorific requirement to metabolize. It costs calories to break down certain foods, water soluble glucose requires less (as do fats) and things like fibre get in the way of the process so its slower and less efficient thus using more energy.
> 3) Copyright abandonment requires a formal, explicit statement
Because it is necessary for someone to have asserted their "Copyright" in the first place, to then provide a license to abandon those Copyrights.
If no one asserts Copyright what stops an evil entity from claiming they hold Copyright (when they do not) and then announce they did not grant public domain status to this work. It needs the real Copyright holder to assert their claim on the work first.
It is not risky at all. They should have made her an offer for the price the H1B was hired for.
Maybe a simple change in the law is required, make the company officially document as a matter of public record minimum quorum of Americans that were offered the post, including their CVs, how they found the position and comments in those Americans own words relating to the application process. This allows an amercian who thinks there was foul play in the process to make public comment based on facts. This is then has to be put up on a public single notice board for other job hunting Americans see and apply.
Make this an additional paperwork cost to being able to apply for a H1B visa. That is completely public and open to scrutiny by any American. This is the problem with a behind closed doors concessions made by the American people to some American corporations (yes corporations need to understand it is a privilege not a right). There should be more transparent oversight.
What is this, you mean complying with GPL licenses when you produce a derivative work ? This is a legal obligation not a choice.
> open source is indeed to save you money so that you don't reinvent the wheel
The GPL way is that when you choose this path (to leverage other peoples open source work), then you provide the same openess that you consumed to all those downstream who you redistribute all or part of your changes.
Note the use of the word redistribute, this is key to the additional requirements the GPL consumer has imposed on them, if you keep your modifications private.
The grey areas here are around what counts as redistribution and what counts as a derivative work. Some stances on these areas are that redistribution is any copy created of software and supplied (so includes firmware, downloadable parts of a website, but does not includes server side parts of a website or code executed as a some kind of trade secret process). The derivative works includes any substantial part of the software that can not be removed without disrupting function, or substituted for an alternative implementation. Keeping the GPL parts as a DSO/DLL can assist this his process, providing you can demonstrate it is substitutable.
It Ghostery just targetted as abusers of 1x1 img pixel and tracking cookies ? As RequestPolicy seems to be a generic solution from any information not coming from the target website you are visiting.
Slashdot Mirror
Ah my requirements are that links be bookmarkable (especially across the same users login session. but occasionally between co-workers). As they are business systems that are in constant use and clicking on a link, finding out your session has expired, re-authenticating and then having the link not work, is not good for productivity.
So with this in place you did not provide anything actual flaw in the problem domain in this area, so this is good news to me.
But multiple users of the same system can not obtain secret business information (such as DB Primary Key ID) that might leak data such as how many records you have.
The other stuff you touched on it generally dealt with once enabled by my choice of website application framework, that still means you have to actively test is is enabled and doing its thing in production.
Bollox, the developers of X11 are over 30years older now. I think you are confusing the current maintainers of the two most popular X11 implementations with the actual developers who came up with the original ideas. The extensions over the past 15 year rise of Linux popularity have had to restrict themselves to the design choices made over 30 years so. It is plenty overdue a revamp, silicon has changed to much in that time.
Re: XOR and real cipher
Use both. Initialize a symmetric cipher server side for your webapp (so keys are hot/high performance). Then for each thing you need to encode XOR the raw database PK ID first then pass it through the cipher. This way database ID 1 for every thing you do does not end up with the same ciphered result.
For extra points many symmetric ciphers use larger block sizes than the 64bit you actually need for your database PK ID, so pad left and right bits with random garbage.
For more points use part of the unused bits (of the cipher block size) also as a form of checksum/CRC, that can be used to detect corruption/brute forcing. No real web request should get this wrong (unless you have bugs, but you can mark the client as being suspect).
But who brute forces larger than 128bits over the Internet.
because the people at the top like and want to be the top of the american lifestyle, not the off shore one.
Better codecs are not required, most people consider standard TV good enough, DVD great and Blueray overkill. Many places are getting home Internet upgrades from 24MBit to 100MBit. Portable and general storage mediums are cheaper and more dense per Gb.
We only have to wait another 10 or so years for the MPEG patents to expire (yeah right, I'm sure the standards will be in perpetual patent, as they phase in some new minor changes, when the 30 year old codec is great for use today). So in the grand scheme of things of paying for these "much needed" expensive codecs, forget it. I don't need them today when the alternatives are good enough, the population of the world will get them all for free in a few short years anyway as the patents "should" be expiring. If they don't expire then it is time to go to war on that basis and rewrite the laws (this will happen).
Presumably someone intercepting has more than one route to the victim AS. one to perform the intercept and another to pass on the traffic with to it ends up delivered to the victims AS. so they shunt the traffic inside some MPLS tunnel across their own network (via their inspection device/system).
Now if you are talking about asymmetric routing issues that is a different matter. Since the victim AS won't automatically send the other half of the data stream via your hijacking networking (unless of course you can perform a reciprocal intercept at the other side as well, if it is possible at one sure, then surely it maybe possible at the other).
You are not an English speaker yourself. Well as an English speaker...
Adding "potentially" to the sentence can often be used by technical/engineering people to better describe a scenario of risk. Since other non-technical/non-engineering people look to the statement to fully understand the situation, so it needs to be described as either being a matter of fact, or a matter of professional opinion, or a matter open to debate.
So to describe something as "potentially" is attempting weight the risk, without claiming it as a matter of fact.
I agree with the other poster, potentially harmful != dangerous. On the basis that for me potentially harmful is unlikely to be dangerous (as in less than 50% risk), and "dangerous" is more likely to result in danger (greater than 50% of risk). Again we (the engineers/technical people) are weighting our response via the use of language in this way.
Agree and understand. But you can create as many private keys as you like, you do not have to maintain a single identity.
Other users sending money can send fragments of the total value to different identities.
No no no, it is up to the other flying object to identify itself and clear a friend-or-foe test, otherwise the default resolution is to open fire.
As an OpenSSL contributor I agree the project is a mess.
The project needs 100% code coverage unit testing.
It needs to move to using git as the main SCM repo.
I don't agree with even the source formatting on the basis that it doesn't make it easier to audit the code base, it is an uncommon code formatting choice.
The project needs a gerrit code review system to streamline the limited committer man-hours when integrating new code. One problem in getting patches into the project is you need to find a committer that agrees with it and has time. Git allows easier unlimited forking and code review allows by anyone and facilities multiple people to run their own tree, so may the best maintainer win popularity.
All new code should include a unit test to accept it.
The network / kernel interactions need also unit testing (something I already did in the part to prove an API interaction deficiency in the OpenSSL API design).
Why IE8 ? Win7 Pro is the new XP, so surely IE10 will be the new target ?
Your comment makes sense, you have to anchor the moment to something not in the same axis as the target system pleasure/pain.
Plus is the article makes sense you want to keep that happiness around a little longer to help push a few more items into long-term-storage, not sidetrack the brain into dealing with pain from peppers.
The "muscle" maybe called ego. It is usually this that tries to hold onto the nonsense it thinks is important.
Without the ego there is only the present and the only thing to do in the present is process all feelings without attachment (it is the ego trying to do that 'attaching'). The relaxing you are taking about is the non-attachment.
You run your program 3 times on 3 different hardware setups, get 2 complete results and compare results, which are the same ? The other computation did not complete.
Are you sure you have this right ?
My understanding is the difficulty increases as the limited block range pool gets exhausted, kind of like a quadratic, it just so happens over time that the number of folks mining and the mining performance has also increased.
The fee's get paid to parties involved in signing a transaction. The longer the transaction history of the block the more computationally expensive it is to assist signing. Multiple nodes need to sign a transaction before a systemic consensus is reached that the bitcoin did change possession (i.e. proof of spending) and also ensure double spending is difficult. So over time no one will sign transactions for free, since they become computationally expensive.
The original block finder simply got to spend that block first, he needed other nodes to sign this spending and he may have needed to pay fees to those signing nodes as well as the bulk to the receiving node.
There is no situation that all fees for the infinite lifetime of the block get paid to the original finder. (This is my interpretation of your comment).
My knowledge of bitcoin is very limited and it has been a while since I first looked up on what it is. Please feel free to correct me.
"these days" ? What era was the date it did not have this ? You mean the PHP ecosystem has opened its eyes to finally using some good methodology.
> At the end of the exam, the examiner said this to my uncle: "Well, you passed, but I question your integrity."
"That is your job, suck it up!"
These figures are not completely accurate picture. Most streaming content comes off a load cache boxes on the large ISPs own network. All ISP peer in at least one of their national peering centres to exchange traffic with other national ISPs to reduce the transit requirements. Most internet traffic never leaves the country, UK people use UK google, UK ebay, UK ecommerce sites.
So for example Netflix, BBC, BT TV and things like Windows Updates and Game downloads all come from local cache boxes that are either located inside the ISP network (at a cost to the CDN) or are within the national peering exchange centre and do not stream down transit links.
Sure the cost of 10Gbps links at a national peering centre are expensive but no where near that of you are quoting for transit from a tier-1.
> If you drink something acidic, the total acidity level of your stomach will be more than if you drink water.
Total volume would increase, the PH would increase towards 7 (go from 1.35 to maybe 2.123) making the overall acidity lower.
So the term would be more correct to say the acidity level is lower (just like taking alkaline stomach salts to ease indigestion).
The exact amount of change depends largely on the relative volumes involved, the dynamics of how they mix, but that is largely irrelevant for drink as everything ingested is usually with a high water content already.
> Since it supresses appetite, you tend to eat more.
Huh.... appetite is the brain response to going hungry and getting a desire to eat via hormonal / chemical changes within the body.
Suppressing this response means to loose the desire to eat, which is not necessarily the same thing as feeling full, but more like eating becomes a chore, as the satiation (pleasure) response is dulled.
So your comment makes no sense, when your appetite is suppressed you eat less. What happens with sugar is the high glucose levels triggers short term higher energy and to associated stimulant effect from that, and the lack of real hunger satiation response allows the users to gorge too much sugar, whilst at the same time not providing any wholesome nutritional value (lack of variety of micro nutrients - from candy)
There is an old wives tale of giving the children of the family a small amount of candy, before 1950s in time before the main meal of the day. In order to suppress the child's appetite and thus not require as much of the scarce/expensive wholesome food. The largest plate of food is given to the bread winner of the household.
So to me it all depends on who, how and when the sugar is given. A few sweets and hour before a main meal reduces the amount eaten, a soda drink given immediately before or during dinner increases it.
I agree also with the fiber meaning fuller sooner with smaller portions. But that is also true of complex carbohyrates and complex protein (i.e. not whey hydroyslate, but regular beef), actually anything with a higher calorific requirement to metabolize. It costs calories to break down certain foods, water soluble glucose requires less (as do fats) and things like fibre get in the way of the process so its slower and less efficient thus using more energy.
> 3) Copyright abandonment requires a formal, explicit statement
Because it is necessary for someone to have asserted their "Copyright" in the first place, to then provide a license to abandon those Copyrights.
If no one asserts Copyright what stops an evil entity from claiming they hold Copyright (when they do not) and then announce they did not grant public domain status to this work. It needs the real Copyright holder to assert their claim on the work first.
It is not risky at all. They should have made her an offer for the price the H1B was hired for.
Maybe a simple change in the law is required, make the company officially document as a matter of public record minimum quorum of Americans that were offered the post, including their CVs, how they found the position and comments in those Americans own words relating to the application process. This allows an amercian who thinks there was foul play in the process to make public comment based on facts. This is then has to be put up on a public single notice board for other job hunting Americans see and apply.
Make this an additional paperwork cost to being able to apply for a H1B visa. That is completely public and open to scrutiny by any American. This is the problem with a behind closed doors concessions made by the American people to some American corporations (yes corporations need to understand it is a privilege not a right). There should be more transparent oversight.
> GPL principles
What is this, you mean complying with GPL licenses when you produce a derivative work ? This is a legal obligation not a choice.
> open source is indeed to save you money so that you don't reinvent the wheel
The GPL way is that when you choose this path (to leverage other peoples open source work), then you provide the same openess that you consumed to all those downstream who you redistribute all or part of your changes.
Note the use of the word redistribute, this is key to the additional requirements the GPL consumer has imposed on them, if you keep your modifications private.
The grey areas here are around what counts as redistribution and what counts as a derivative work. Some stances on these areas are that redistribution is any copy created of software and supplied (so includes firmware, downloadable parts of a website, but does not includes server side parts of a website or code executed as a some kind of trade secret process). The derivative works includes any substantial part of the software that can not be removed without disrupting function, or substituted for an alternative implementation. Keeping the GPL parts as a DSO/DLL can assist this his process, providing you can demonstrate it is substitutable.
What can Ghostery do that RequestPolicy can not ?
https://www.requestpolicy.com/
It Ghostery just targetted as abusers of 1x1 img pixel and tracking cookies ? As RequestPolicy seems to be a generic solution from any information not coming from the target website you are visiting.
Hmm maybe true today, but at your next business contract renewal your terms will be different.