Slashdot Mirror


User: raymorris

raymorris's activity in the archive.

Stories
0
Comments
10,114
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,114

  1. The Tax Office would like to have a word with you on Should College Tuition Vary By Major, Based On the College's Costs For the Major? (qz.com) · · Score: 1

    If you're working in Sweden and aren't paying for the universities, the Tax Office would like to have a word with you.

  2. You mean "forced to pay, whether you attend or not on Should College Tuition Vary By Major, Based On the College's Costs For the Major? (qz.com) · · Score: 1

    Professors don't work for free. Heat and air conditioning aren't free. Network admins and admissions staff don't work for free. There are three options:

    A) Enslave professors, network admins, etc, to reduce costs.
    B) Those who get the education pay for what they get.
    C) Force everyone to pay for it, whether they go to school or not.

    Currently we have a mix of (b) and (c) - people who go to school pay (back) some of the cost. People who can't amd don't go to school for whatever reason are forced to pay some of the cost also.

    You are advocating (c), force everyone to pay for college, whether or not they attend. Those who actually benefit from getting a college education pay no more than the single dad with two young kids who can't go to university, because he's busy working and taking care of his kids. There is no "free". There's only "if you want it, buy it" and "I'm self-entitled and lazy, make raymorris get a *third* job and pay for my school."

  3. Obama did the same, the article says on USDA Scrambles To Ease Concerns After Researchers Were Ordered To Stop Publishing Publicly Funded Science (popsci.com) · · Score: 0, Troll

    Let me read the article to you:
    --
    A copy of the interim procedures memo, dated Jan. 23 and seen by Reuters, shows many of the steps reflect either the same or similar measures taken by the previous administration. Reuters also saw a memo, dated Jan. 22, 2009, that was sent to agency officials by former Agriculture Secretary Tom Vilsack.
    __

    You libs have GOT to quit being so damn gullible about clickbait headlines - it makes you appear stupid, though you probably aren't actually stupid.

  4. Turtles on Wine 2.0 Released (softpedia.com) · · Score: 4, Funny

    They run Cygwin under Wine for their Apple ][e emulator, to run Logo. Once you're in Logo, it's turtles all the way down.

  5. Android OS permissions / security, faster loading on Google Starts Live Testing Instant Apps on Android (zdnet.com) · · Score: 1

    Yeah, with a couple of major differences. The Android operating system is of course built with a robust system of permissions, a security model, baked in. That's different from the Java sandbox running as a program on Windows.

    Secondly, Android is of course designed for Java(ish) and the virtual machine is already running - no waiting for Java to load.

  6. That's no different than the app store on Google Starts Live Testing Instant Apps on Android (zdnet.com) · · Score: 1

    > But I'm an evil dirty hacker and allowed my app to download and execute code from a webserver, outside of Google influence.

    How is that different from an installed app-store app doing the same thing?

  7. Somewhat different, no permission to access system on Google Starts Live Testing Instant Apps on Android (zdnet.com) · · Score: 3, Informative

    It does seem to be a similar concept, but the implementation differences are significant.

    ActiveX "applets" are/were full Windows programs, which could do anything any other application could do. I wrote one which manipulated hardware buffers in the video card.

    Android Instant Apps don't have access to storage, to other applications, etc. Like Javascript, they are much more restricted than ActiveX was.

  8. and this court was right to decline to make law on Court Denies US Government Appeal in Microsoft's Overseas Email Case (pcworld.com) · · Score: 1

    This court was right, I think, to write that although there are problems either way, it's not the job of the court to rewrite the law - that's up to Congress to fix it.

    One possibility is that Congress won't allow warrants on foreign *servers*, but will allow some form on subpoenas on US *companies* who possess evidence about people in the US.

    One reasonable argument (maybe right, maybe wrong) is that if a US company has some evidence about a US person, related to a US case, they can, after a court hearing, be subject to a US subpoena. Where the US company chose to physically store the bits isn't all that relevant, some would say. Anyway, the court is correct, I think, in saying the Congress needs to work out the law on this - the court doesn't need to rewrite the law.

  9. > What makes US workers such special snowflakes?

    They're special little snowflakes because teacher told them they are.

    Next question?

  10. Because the challenge isn't doing it in 30 years on Five Google Lunar XPrize Teams Confirm They're Set For the Moon (cnet.com) · · Score: 1

    The prize is for "landing on the moon this year", not "eventually landing on the moon, maybe 60 years from now.

    If they partner with a rocket company who can't deliver, and aren't able to make alternate arrangements, that sucks but sometimes disappointments happen. The challenge is to do it quickly.

    That reminds me of someone in a competition to visit the most states in six months. One of losers whined "but I visited California more times than the winner did." Well perhaps you did, but the challenge was to visit the most states, not visit one state many times.

  11. Not if Industrial Light & Magic gets there fir on Five Google Lunar XPrize Teams Confirm They're Set For the Moon (cnet.com) · · Score: 2

    Wouldn't it funny if Industrial Light & Magic won the prize. (ILM is the special effects division of Lucasfilm, best known for Star Wars).

  12. Don't disagree, where did I say "forced by govt"? on Cervical Cancer Just Got Much Deadlier -- Because Scientists Fixed a Math Error (arstechnica.com) · · Score: 1

    I don't disagree with your general conclusion when it comes to spending that politicians force on us. I don't think my post said anything about government spending, though.

    Howard Hughes Medical Institute has $18 billion dollars, the Kellogg Foundation has $8 billion. Both spend on health / medical programs. I personally decide how to donate my money.

  13. > why is it that ... that no one can ever fucking fail or be called an idiot these days!

    Okay, you're an idiot. Your comment will be dutifully submitted to failblog.

  14. Both numbers are correct, I would say. Older more on Cervical Cancer Just Got Much Deadlier -- Because Scientists Fixed a Math Error (arstechnica.com) · · Score: 4, Interesting

    It seems to me both are true and useful. I would even go so far as to say the original number is more useful.

    1 in X women die from cervical cancer. (old number)

    Of women who did not have a hysterectomy (prior to cancer), 1 in Y die from cervical cancer. (new number)

    Both are true. How might mortality rates be used? One important use is comparisons for policy making decisions:
    10 in X women die from heart disease, 1 in X die from cervical cancer. Therefore, we should invest more prevention efforts toward heart disease.

    Or:

    X% of women die from alcoholism, Y% from cervical cancer. Therefore, we should spend the most money researching cures for ______ ?

    For these policy, questions, we want to know how many people are affected. Period. It's not a useful comparison to say "of people who drink, X die from alcoholism, while of people who have a uterus, Y die from cervical cancer". Those numbers don't give us any useful comparison with which to make decisions. The useful numbers for decision making are "how many people could be helped by addressing this issue?"

  15. The video is only 2 minutes, you didn't watch it? on Two-Thirds of Americans Give Priority To Developing Alternative Energy Over Fossil Fuels (pewresearch.org) · · Score: 1

    I guess you didn't watch the video you linked to? Maybe you just figured that since he's a jackass (true), whatever position you think is wrong, that must be what he said?

    Here's what he said in the video you linked to:

    "We'll get the bureaucracy out of the way of innovation so that we can pursue all forms of energy. This includes *renewable* energies and the technologies of the future. it *does* include nuclear and wind and solar, but not to the exclusion of other forms of energy."
    (Emphasis his]

  16. uhm, no on Western Union Pays $586M Fine Over Wire Fraud Charges (reuters.com) · · Score: 1

    > Isn't that the fucking FBI's job? To investigate all that shit, with their high-powered forensics and iPhone cracking, etc?

    Yes, job of the FBI (and really more state police) is to investigate and get evidence regarding people who committed crimes. That was done, and the people who committed criminal acts, for which there sufficient evidence, are facing criminal charges.

    You've said that "senior executives" have committed crimes, and even specified what sentence they should receive. Is there any evidence that they committed any crime? I don't suppose you happen to even know so much as the names of the people you've already convicted? Your logic seems to be "if someone is at executive, they must have committed some crimes, and those crimes deserve a sentence of 20 years". Fortunately, our justice system doesn't work that way.

    > isn't the point of being an officer of a corporation, accepting general liability for misbehavior?

    Uhm, no ... Da fuck? No, the job of an officer of a corporation is not in fact to go to jail whenever any employee commits a crime. Not sure where you got that idea. Maybe because that *is* a significant part of the whole point of creating a corporation in the first place - you can fine the corporation, or sue the corporation, without having to identify which individual employees did what, who knew what, when, etc. If misdeeds were done in order to enhance corporate profits, you punish or recover from the corporation itself. That makes it much easier to sue or punish, when you can sue or punish the business rather than trying to prove that vice president Smith said this on this particular day, etc.

  17. If Foxconn execs have a clue on Foxconn Considers $7 Billion Screen Factory In US, Which Could Create Up To 50,000 Jobs (arstechnica.com) · · Score: 3, Insightful

    If Foxconn executives have a clue on how to run a business, they have considered total costs and risks. Six months ago, there was a big question mark: there was a 70% chance that it was about to become more difficult and expensive to operate in the US, because the "fuck corporations, tax and regulate them to death!" party was likely to take control of the legislative and regulatory machinery. That would mean they could expect costs and time frames to increase. There was a 30% chance that the more business-friendly party would take power, with a president focused on making it easier to produce things in the US. Unless the Foxconn executives are idiots, six ago they were saying "let's wait until at least November to make a definite decision".

    A few years ago, Obama's own radio ads had him promising to "go after corporations". Hillary promised to "put a lot of companies out of business". Foxconn can hear those promises.

    The election of Trump and Republican control of Congress, along with Trump's actions since the election show companies, including Foxconn, that the US wants jobs here, and we're not going try to "put a lot of people out of business". That has to influence their decision, if they are competent executives. Given Foxconn's success, it appears that Foxconn executives are in fact competent, they do have a clue - so they pay attention to the political and regulatory trends before committing $7 billion.

  18. Which executive knew about which fraudulent transa on Western Union Pays $586M Fine Over Wire Fraud Charges (reuters.com) · · Score: 1

    Which executive knew about which charge being fraudulent? If you can prove that a specific person committed a specific crime at a specific time, you can charge them.

    Otherwise, it's not too different from "some people on Reddit probably did $BAD_THING, so lock up all of the people on Reddit".

  19. Okay so maybe walk me through it on Geek Avenges Stolen Laptop By Remotely Accessing Thief's Facebook Account (hothardware.com) · · Score: 1

    Okay so maybe walk me through it. So you find out from my browser history that I visited Kongregate, a gaming site. Now what?

    1) Kongregate
    2) ?
    3) ?
    4) Damage!

    I'm very curious how this is going to be of any real importance, be worth more than a nickle to protect.

  20. Oh, you're assuming browser history includes passw on Geek Avenges Stolen Laptop By Remotely Accessing Thief's Facebook Account (hothardware.com) · · Score: 1

    If I'm understanding you right, your point can be summarized as "password reuse." Is that correct? You're talking about the PASSWORD someone might use on a gaming site or whatever, right?

    In that case, yes I agree passwords are important, in general, due to password reuse. The post that started this discussion about gaming sites said "browser history would reveal your favorite gaming site". My followup said "the identity of your favorite gaming site."

    The identity of Trump's favorite gaming site*, from his browser history, is worth roughly nothing. His PASSWORDS he uses while playing would be worth quite a bit.

    * In case anyone finds it interesting, Trump's favorite places to play his favorite game, where he's one of the all-time point leaders are ...
    [Drum roll] ...
    Atlantic City and New York City.

    In the game he likes to play, he buys Boardwalk and Virginia Ave and builds a hotel, but he doesn't build three houses first. His hotel on Virginia Ave is called Trump Taj Mahal.

  21. Poll compared software vs hardware full-disk on Geek Avenges Stolen Laptop By Remotely Accessing Thief's Facebook Account (hothardware.com) · · Score: 1

    I see the study (analysis of a poll) is titled "The TCO of Software vs. Hardware-based Full Disk Encryption". Shockingly, the poll determined that the products sold by it's sponsors are percieved to have an advantage over the competing approach, defined as full-disk encryption in software. I don't think that touches the issue discussed here. I think the conclusion of that study is "if you're going to do full-disk encryption, our customers think you should do it the expensive way".

    Well frankly, I hack their customers 40 hours a week. If their customer encrypts the hardware bits as they suggest, making it completely unencrypted once I have any access to the running system, that makes my job that much easier. In other words, hardware full-disk encryption essentially means "only encrypt it when it's turned off". Does that *really* sound like a good idea? Because that's what hardware full-disk is, once it's booted and running, anyone who gets any access to the system has access to *all* of the data. There are no encrypted files I can't read, on a hw full-disk system, because files aren't encrypted.

  22. True. Challenging assumptions, bending rules on Army Bug Bounty Researcher Compromises US Defense Department's Internal Network (threatpost.com) · · Score: 1

    I think there is some truth to that. I wouldn't do well in the Army. My natural tendency is to challenge assumptions and manipulate, if not break, the rules. This personality has served me well in my infosec career.

    My tendency to always think about what I can get away with fits infosec well, but probably not DoD. It has also meant that I have to be very careful about ethical and moral behavior. Since I'm always thinking about how I *could* steal something or how I *could* spy on someone, it would be easy to start actually stealing and spying of I'm not on guard.

  23. The dam is valuable, the parking lot crack not muc on Geek Avenges Stolen Laptop By Remotely Accessing Thief's Facebook Account (hothardware.com) · · Score: 2

    > Your thought process is akin to saying it makes no sense to spend $5k to patch a 2" crack in a dam because the crack is only 2".

    No, the dam is extremely high value, therefore you pay attention to it. When the Banqiao hydroelectric dam failed, it killed hundreds of thousands of people. So the dam is at the top of your "most protected" list. What I'm saying is this:
    There's a 2 inch crack in the dam, and a 2 inch crack in the parking lot. What's your first step? Your second step?

    Obviously your first step is "fix the crack in the *dam*". The correct second step is less obvious - look for more cracks in the dam. You shouldn't worry about the 2" parking lot crack until you've double checked everything about the dam. Again, see Banqiao.

  24. Doesn't hurt, besides performance and trust on Geek Avenges Stolen Laptop By Remotely Accessing Thief's Facebook Account (hothardware.com) · · Score: 1

    You certainly can do both. There will be a performance hit, small or large depending on cipher mode. You should double-test your backups in case either layer of encryption fails. I would recommend using a fast mode for the full-disk, keeping in mind it won't be NSA secure. So thinking about privacy, you'd pretend the full-disk isn't there - it's just a backup just in case.

  25. One of us is misunderstanding the other on Geek Avenges Stolen Laptop By Remotely Accessing Thief's Facebook Account (hothardware.com) · · Score: 2

    FYI I've been a fulltime security professional for 20 years. My advice is based on what I actually do when your bank hires me to test their security, how I can actually hack your accounts.

    > No, the problem is, you try to seperate, what seems important and confidential to you. And there is the mistake.
    > Because it requires you to think about what's confidential all the time. ...

    > reading some private e-mails won't hurt now, because if they are left in the cache in your firefox profile

    I never said "encrypt one file at a time". I said encrypt YOUR files separate from your (soon to be ex-) wife's files. That includes /home/allo/.cache/mozilla/firefox/

    Obviously you might *also* separately encrypt your most important files, such as a password manager datastore, a second time. But no you don't have to think about what to encrypt, all of your personal files are encrypted, including your browser cache.

    > Why would you encrypt /home and not /? Is there any reason preventing / encryption? No. ...
    > So you install your system, make a checkmark at "full encryption"

    That SEEMS like a good idea, if your understanding of encryption is checking a box. As one of the guys who implements what happens when you check that box, I think maybe we should remove that checkbox so it doesn't mislead you. It LOOKS like it makes your system secure, right? Unfortunately, it mostly just makes your system slower. I can still see your ECB penguin. :)

    There are both practical and technical problems with full-disk as opposed to per-user. The biggest practical problem is easily summarized as:
    Do you want your files to be accessible to your soon to be ex- wife?
    Generally, no, users should not have access to another user's files. When your visiting step-brother asks to borrow your laptop, he should not be handed an unencrypted copy of all of your personal and business files.

    There is also a fundamental technical problem with full-disk encryption such that full-disk can either either be weak, or ridiculously slow, in most cases. It has to do with what are called "cipher modes". ECB is reasonably fast, but provides little security. CBC is secure, but modifying one sector requires updating every sector on the disk which follows it (meaning it takes a few minutes to save 1KB). Other modes are in between the two. We think that we *might* have that problem beat with a new approach, but I don't trust it yet.

    > If you need to decide what ends up in your backup, you may forget something important. If you backup everything, you will have everything and cannot forget something important. The same applies for encryption.

    That's absolutely true for backup, definitely. The only backup systems I recommend backup the whole damn machine. The system I designed makes *bootable* backups, that can be booted in-place as virtual machines. For encrypting and otherwise securing confidential data, there's a fundamental conflict between availability vs confidentiality and integrity. You may want to make your mp3 files openly available on your network, so you can play them with any device in the building. You might even store them in the cloud, easily accessible over the internet. You should NOT make your most confidential data readily accessible to every device on your network, including your IP camera and other cheap IoT devices with a thousand vulnerabilities each. If you're serious about security, you DO need to think about which items should be easily accessible to everyone in the company/house and which should be locked down tight.

    I'll give you an extreme example of identifying the most confidential data and a very common example of failing to do so. The Coca-Cola company has perhaps a million documents that shouldn't be published on their web site, documents for employees only. Only their 146,000 employees have access to those documents, because they have s