Slashdot Mirror


User: raymorris

raymorris's activity in the archive.

Stories
0
Comments
10,114
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,114

  1. Even in a medium company that's three groups on How Russia Recruited Elite Hackers For Its Cyberwar (nypost.com) · · Score: 1

    > You will have the programmers to write/modify tools and find new zero-day cracks then you will have the people who use those tools and try to get into systems using defined and developed methods.

    Even in the small to medium sized security company where I work, that's at least three, really four different groups. I write the tools. S sometimes the tools I write find basically the same vulnerabilities in new applications (such as yet another SQLi in yet another web application) , but real zero-days is a different skillset. Even amongst the zero-day crew, finding them is a different skillset than fully exploiting them. I can *find* a buffer overrun when an input causes the program to crash. Having it execute my choice of payload rather than just crash is a whole other level.

  2. A few, sure. Overall tendencies, likelihood on How Russia Recruited Elite Hackers For Its Cyberwar (nypost.com) · · Score: 2

    In my experience, a few young people can work at low level, assembler etc, and truly grok it but it's much more common for older people to have learned it. On the other hand, the youngest programmers are more likely to know how to use the framework of month, which is also a good thing to know.

    Multiply the percentage of people in each age group who grok assembly by the percentage that have elite skills that normally come from many years of experience.

      In 20 years of continually learning, I've already done it wrong 5,000 different ways. It's hard to screw up that much in just a few years, and learn the same lessons. Actually there's also a lot of benefit, to me, of cross-pollinating a lot of stuff I've done over the years; hacks I did with DirectX 8 and 9 give me ideas that I use today. It's tough for a college kid to say "hey maybe something like the hack I figured out in 1994 can be applied here."

  3. They post ads, more since Snowden on How Russia Recruited Elite Hackers For Its Cyberwar (nypost.com) · · Score: 2

    > I have no reason not to believe that the NSA and other government agencies recruit top talent in important fields from college,

    I know they post employment ads just like any other organization who hires people. I would expect they recruit like other organizations - though possibly not as effectively as many companies. I'm in the security field and have been called about jobs for a lot of companies, only one of which sounded like potentially a front company.

    One thing different about their ads is when you click to go to their online application site, it you're instructed to not tell anyone that you've applied - just in case they want to hire you for a clandestine, or more likely semi-clandestine role (typically not spy thriller stuff, just a fairly typical office job but you keep it on the down low).

    I understand the intelligence services have had trouble recruiting since the Snowden revelations, which makes sense. Ten or fifteen years ago I probably would have considered a job hacking for the "good guys". Now, we know the good guys are bad guys.

  4. Interesting, but entry-level programmers, not elit on How Russia Recruited Elite Hackers For Its Cyberwar (nypost.com) · · Score: 4, Insightful

    That's mildly interesting. As is normally the case, the article points out that the headline is bullshit. College students? That's where you find entry-level programmers, not "elite hackers". Nothing wrong with that, of course, you can train an entry-level programmer to damage computing systems just as readily as you can train them to build secure systems.

    There are a few elite hackers, people who really understand the low-leveling functioning of the system, who write the payloads in assembler. Those elite ones, who write assembler, tend to be older more often than they are college kids. College kids tend to *use* the tools written by the older, more experienced and "elite" hackers.

  5. This! Don't change my text without permission! on Has the Internet Killed Curly Quotes? (theatlantic.com) · · Score: 4, Insightful

    I don't give a darn about curly quotes - use them if you want, but it pisses me off when certain Windows and Mac software silently CHANGES my normal quotes to some curly bullshit. For technical stuff, SQL, command lines, or programming code, they are in no way interchangeable amd silently changing them can cause data to be messed up or even deleted. That's not okay.

  6. Perhaps I should have mentioned, it sounds like you've been keeping track of the DNC-related hacking stuff better than I have. I'm a career network security person, but I got tired of anything remotely related to politics once it became clear who the nominees would be.

    > IIRC, unless I've got names confused, you're actually an independent too, which I respect, even if I might disagree on specifics.

    That's a fair characterization - I try not to be a cheerleader for either party, and enjoy objectively testing my beliefs about political policy issues whenever possible. Sometimes I change my mind when I find evidence that a policy works better or worse than I expected. That said, in *general*, comparing smart conservatives vs smart liberals, I find that smart conservatives like Paul Ryan more often propose policies that are work better, based on what I know. Also, I find the Democrat party's condescending racism, which runs very deep, incredibly offensive. I worry about sending my daughter to public school, where liberals will constantly remind her "we have to give you some extra points on this test because you're black, so you can't actually learn the material like white kids can." That's such a horrible thing to do to people, it means I'll probably never be able to vote for a Democrat, unless their entire outlook on race and identity politics fundamentally changes.

  7. They do match closely, wouldn't matter if not on Toshiba Is 'Burning Cash At An Alarming Rate' (reuters.com) · · Score: 1

    You quoted it, did you not read it? "Our eyes sense brightness according to a power law. What looks 'about half as bright' to our eyes ... the sun's power is reduced by over 99%".

    The point is that although it appears, to your eye, to maybe half as much energy, or maybe 70% less, it's actually 99% less. So yes, lux, the intensity of light visible to the eye (not ultraviolet or infrared) is the right unit of measure.

    > I am sure you're not meaning to say that solar panels have the exact absorption characteristics as human eyes do.

    Not that it matters to the point, but in fact they are pretty darn close. It wouldn't matter, though, so long as the wavelength wasn't so far different that it was unaffected by clouds.

  8. I don't have any actual reply, but I just wanted to let you know I read your post.

  9. When you get a phishing email you think govt? on FBI and Homeland Security Detail Russian Hacking Campaign In New Report (theguardian.com) · · Score: 2

    > But of course you believe that these unsophisticated, low level attacks are a sign of a nation state

    Pretty sure I just said the exact fucking opposite. I said I've seen no evidence that the Russian government was responsible, and my guess is that most likely it was a non-government group who is friendly with some politicians.

    > It tips them off to the fact that you're in their network.

    Really? When you receive a phishing email saying "click here to reset your Gmail password", your first thought is "OMG the Russians are in my network!"? Really? What the hell does "tips them off to the fact that you're in their network" even mean in this case - he gave them his GMAIL password.

    > corrupt DNC ... campaign money to Hillary, spending twice as much as Trump, ... all Democrats ... The party would scatter if they didn't have a Russian boogeyman

    Oh I see, you're an uber fan rooting against the other team. You're not interested in paying any attention whatsoever to what's going on, you're just cheerleading. Carry on, then.

  10. Because phishing & spear phishing work (& on FBI and Homeland Security Detail Russian Hacking Campaign In New Report (theguardian.com) · · Score: 1

    > Please tell me again why Russia has fallen back to kiddie level phishing scams?

    Because it works. We know that Podesta got phished, phishing worked on him EVEN THOUGH HE DOUBLED CHECKED WITH HELPDESK. Someone might have been trying Tempest too, but phishing actually worked. I work for a security company, we're all security professionals. Corporate security regularly sends out test "phishing" emails to employees and lets them know if they fell for it - we fall for it all too often.

    I would expect Russian intelligence to use techniques that work, and phishing worked. Tempest is fun to talk about, it's clever and technically interesting, but phishing actually got his emails.

    That said, I haven't seen any evidence that the Russian government was responsible for this phishing, or that they were *not* responsible. Of course I haven't looked that hard.

    If I had to guess, my guess would be that it was done be hackers who are Russian, and who are friendly with some of the Russian politicians. I would also guess that they tried a lot of approaches, including sending reasonably well-written phish emails to a lot of people in Washington. Due to an unfortunate typo by Charles Delavan saying the email was "legitimate" instead of "illegitimate", they got into Podesta's email. They didn't NEED Podesta's email, there are a dozen other targets they'd have preferred (such as HRC), but by chance Podesta is the one who fell for it. As I said, that's my guess based on 20 years in the field seeing how this stuff normally works, I don't know for sure about this instance.

  11. Lol. About five years ago, I learned "when someone tells you they are crazy, stupid, or dishonest BELIEVE THEM!" Captain Dork told me "You can't school me." I believe him.

  12. That's yet another problem with wind that I didn't on Toshiba Is 'Burning Cash At An Alarming Rate' (reuters.com) · · Score: 1

    > You're confused; you seem to think that wind turbines are designed to bear and generate from the maximum force winds that they experience. They don't. At high wind speeds they're feathered and/or braked. ... At very high speeds (for example, over 55mph) they outright shut off and don't generate anything,

    I'm well aware that they also don't work at high wind speeds, that's yet another problem with wind turbines that I didn't want get into; my post was already long enough.

    Completely off-topic, I notice that you made good use of the semicolon there. People don't use that enough. :)

  13. Molten salt for six hours, but not with solar pane on Toshiba Is 'Burning Cash At An Alarming Rate' (reuters.com) · · Score: 2

    > Why not use molten salt for power storage?

    It IS used. Solana, a major solar plant, uses molten salt. It provides up to six hours of storage (though some energy is lost during that time) and helps the plant to generate about 38 percent of its rated capacity each year. As I said, the storage we have today (and will likely have in the next 50 years) is great for using afternoon power to cook dinner in the evening, a few hours later. That's really important. It could double the amount of solar we can use, up to 2% pf our energy from the current 1%.

    Note that molten salt is used by concentrating solar power plants, NOT systems using solar-electric panels. Molten salt is for when you can create very high temperatures very efficiently. Wave power doesn't fit that description either, of course.

    As mentioned, molten salt allows a plant to provide *some* of an area's *electricity* needs for a few hours. We need to provide *all* of California's *energy* needs for several days. Sometimes it's cloudy for a week. A cloudy day is about 1,000 lux, a sunny day 115,000 lux. In other words, on cloudy days your concentrated solar power plant isn't producing any significant power. Yet people will continue to drive when it's cloudy for a week, so if you want to replace diesel trucks with electric, solar isn't going to do the job - a few hours of molten salt doesn't nearly get you there.

  14. Peak 15% of Denmark's energy from wind, 48% coal on Toshiba Is 'Burning Cash At An Alarming Rate' (reuters.com) · · Score: 3, Informative

    > But for a place like Denmark, wind power alone can sometimes supply more electricity than the country's *entire* demand

    Denmark imports trash to burn in order to heat houses. At it's peak, on a day with perfect winds, their renewables can provide the ELECTRICITY for a few hours, while they are burning coal and trash for heat, diesel and gasoline for transportation. Normally, wind provides about 5% of their energy, due to a nasty problem called the cube law (more on that later).

    Even if you ignore the trash burning heating plants and focus only on electricy, coal power provides 48.0% of Denmark's *electricity*.

    Wind is really awesome in some ways, seriously. It's great when the wind is great, but the cube law is a motherfucker. The power of wind is proportional the velocity CUBED. Suppose a windmill is designed to work in winds up to 40 MPH wind. 40^3 is 64,000, so the structure is absorbing 64,000 units of power without damage. When the wind is 10 MPH, the power is 1,000; 99% less. In a structure designed for 64,000 power, 1% of the energy will be lost in big beefy bearings, etc. At 10 MPH, 1% is most of the power available - a 10 MPH wind barely overcomes friction and there's no substantial power generated. The cube law is a bitch, but it's fundamental physics.

    That's not to say wind power shouldn't be used! It's great when the wind is right and you can throttle down the natural gas power plants.

  15. Two of those are great certain parts of California on Toshiba Is 'Burning Cash At An Alarming Rate' (reuters.com) · · Score: 1

    * Wave
    * Geothermal
    * Solar on the moon

    Two of those are great in certain parts of California and a few other places in the world. As to solar on the moon - Gru, is that you? California should use geothermal because they have the right geology for it in certain places, and they do use it. It's an excellent way to provide 0.02% of our energy needs.

    If you want to switch to clean *energy*, replacing all of the gasoline, diesel, heating oil, etc, with electricity generated in various ways, we need about 4-8 times as much electricity as we have now - and we have a lot. That's a major point that's important to understand, and some people intentionally conflate energy vs electricity in order to mislead their readers.

    The traditionally "green" sources of energy can make a large contribution - possibly as much as 20%. For the *bulk* of our energy needs (replacing gas, diesel, etc), there are basically two options - natural gas is cleaner than coal and gasoline, and some leading environmentalists are now (finally) promoting the fact that nuclear is by far the cleanest base load option. There have been two significant accidents in history which combined released less radiation than a month of burning coal. The elder statesmen of the environmental movement are starting to admit that they manufactured a political problem around nuclear waste by deliberately conflating long-halflife waste (which releaes energy extremely slowly, thereby releasing negligible amounts for a long time) with short-halflife waste like iodine-131, which decays quickly, releasing dangerous levels of radiation for severall weeks. They also intentionally conflated alpha, beta and gamma radiation. Most of the strong radiation is alpha particles, which are blocked by tissue paper, an inch of air, or skin. Alpha emitters, which much nuclear waste is, are perfectly safe as long as you don't eat them (safer than bleach). Many alpha emitters also emit some beta. It takes several meters of air (or a thousand of an inch of steel) to stop beta radiation. I carry a radioactive beta emitter on my belt, not too far from my crotch, as do most police officers. My pants shield me from most of the radiation. Again, like with household cleaning products, it's not a good idea to eat it.

  16. She had it for three or four ars before I broke it on Unannounced ASUS C302CA-DHM4 Chromebook Hits Newegg, and It Looks Great (betanews.com) · · Score: 1

    She had it for three or four years before I accidentally broke it, and she was always happy with it. We printed stuff out about two or three times per year, meaning the inkjet nozzles were likely to be dried up, so even from my big desktop I print via the Fedex Office (Kinko's) on the corner. As I said, it wouldn't quite fit *my* needs, and it may not fit *your* needs, but it works very well for very many people.

  17. Freeadvice.com is worth what you paid for it on Seattle Man Accused of Using Social Media To Set Up Fake Porn Agency (nbcnews.com) · · Score: 1

    Believe what you want, if you choose to be intentionally ignorant that's your perogative. Here's a decent article written by someone with a clue, a lawyer, citing relevant cases and statues:

    http://p2lawyers.com/blog/2016...

    If you care to name any state I'll be glad to take 30 seconds to link the relevant state statutes for you and you can read the actual law for yourself.

  18. Helps, but New York won't run LA's cars and trucks on Toshiba Is 'Burning Cash At An Alarming Rate' (reuters.com) · · Score: 2

    You can transmit power from LA to San Francisco, and that does help. Keep in mind the idea, for many people at least, is to switch to clean *energy*. Meaning getting rid of gasoline, diesel, heating oil, the tons of coal used in industrial furnaces, etc. You don't need to generate the same electricity as all of today's power plants, you need at least four to eight times as much electricity, if you want to get rid of diesel etc. It's an enormous amount of power.

    Our eyes sense brightness according to a power law. What looks "about half as bright" to our eyes is actually about 15% as bright, in terms of luminous power. A sunny day is about 120,000lux, a cloudy day about 1,000lux. Meaning when it's cloudy, the sun's power is reduced by over 99%. When the western half of the US is covered in clouds (and much of it was covered just last week), there's no way you're going to have enough solar power to provide our energy needs. We can't reasonably provide even our current *electricity* needs, and currently electricity is a small portion of our *power*.

    > It's also likely that storage technologies will improve enough

    People sure are trying, because storing even a few hours worth of power, to use afternon power to cook dinner, is very valuable. Yet, to store two days of power using pumped storage we'd have to flood 2/3rds of the United States. Barring a revolution in physics akin to nuclear power or something else as revolutionary as quantum physics, we're bot going to be able to store enough power to run California for a few days. It may happen 150 years from now, but no time soon.

  19. Nuclear complements wind & solar very well on Toshiba Is 'Burning Cash At An Alarming Rate' (reuters.com) · · Score: 1, Funny

    > everyone bets on renewable now

    A shitload of competition is not a good thing for a company. Much smarter, most of the time, is to set yourself so that no matter who wins the race for whatever is hot, you win your own parallel race. Think of Levi Strauss selling rugged pants during the gold rush, and people getting rich selling shovels and picks, or brokering gold, buying it from the miners and selling it. They win no matter which miner strikes gold.

    Solar electricity is really great, except at night time and when the whole area is covered by clouds (check out the national weather radar - weather systems cover half the country for days). Solar electric can produce a lot more during the summer than during the winter, too. Wind power is really cool too. The power of wind is proportional to the CUBE of the velocity. In other words:
    1 MPH wind: 1kw (actually zero due to friction)
    10 MPH: 1000kw
    20 mph 8000kw
    30 mph 27000kw

    So that 27000kw wind installation will only produce 1000kw quite often. That's less than 4% of it's advertised capacity, and sometimes it'll produce no power at all.

    So what do you do when you have lots of cheap energy sometimes, and no energy at all other times, but your customers want a reliable electric service? The optimum setup has three parts. The wind and solar provide cheap, clean energy whenever conditions are right. Natural gas generators throttle up when the sun goes down, it's cloudy, or not very windy. Underneath that, you have a steady minimum load, and nuclear is a perfect fit for that. It's extremely reliable and steady, it can be quite cheap depending on the costs of red tape in that country. It's actually the cleanest reliable power available, despite the two accidents in history. (Other reliable power sources release radiation *on purpose*, during normal daily operation).

    So when everybody else is doing wind and solar, they'll all need nuclear or another source when the forecast calls for a cloudy week. It's a good bet on that score.

    Unfortunately for them, they bought a nuclear power company run by liars, who cooked the books. And Fukushima happened. Obviously that scared people, regulators and auditors got busy doing their job, then politicians did their thing with pandering to fear, adding duplicative regulations and such, and all of this was expensive for the power companies.

  20. Correction: Lupe was 18 until she was 21 or 22 on Seattle Man Accused of Using Social Media To Set Up Fake Porn Agency (nbcnews.com) · · Score: 1

    I mispoke. Lupe was 21 or 22 when she stopped being "barely 18". I was thinking of a different model.

  21. Maybe I shouldn't spoil the illusion on Seattle Man Accused of Using Social Media To Set Up Fake Porn Agency (nbcnews.com) · · Score: 1

    I probably shouldn't spoil the illusion for you, but have you ever noticed how many of those "day after my 18th birthday" ladies look about 24 years old, despite the pigtails? One very popular "barely 18" model, Little Lupe, was 26 when she changed her stage name to Lupe Fuentes and started dressing appropriately for her age (and got a boob job).
     

  22. Minor may disaffirm most contracts on Seattle Man Accused of Using Social Media To Set Up Fake Porn Agency (nbcnews.com) · · Score: 2

    A minor may *disaffirm*, or void, most contracts. The contract is therefore not binding on the minor. They absolutely CAN agree to a contract, then either honor the contract or disaffirm it.

    They can't generally disaffirm a contract for necessities, such as food, shelter, and clothing. This is so that people can rent an apartment or even bring food to a teenager in a restaurant without demanding full payment upfront.

    In New York and California, a minor may have a contract validated by the district court and will thereafter be bound by it. The court checks to see that the contract is reasonably fair, and the minor gives up their right to later disaffirm. This is primarily for young entertainers, who may have multi-million dollar contracts.

    > Agreeing to participate in sexual photography and/or video requires a contract between photographer and model.

    The contract, called a "model release", is normally signed on the day of the shoot. At the same time, the photographer makes a copy of the model's ID as required by 18 USC 2257.

  23. CNN photo: He literally wagged his finger at them on US Announces Response To Russian Election Hacking [Update] (reuters.com) · · Score: 1

    Here's today's CNN front page photo for their story about Obama's response :

    http://i2.cdn.cnn.com/cnnnext/...

    He's LITERALLY finger wagging.

  24. Try reading at least the headline on Amazon Patents Floating Airship Warehouse For Its Delivery Drones (techcrunch.com) · · Score: 1

    Traditionally at Slashdot, we don't read the article.
    We do, however, read the headline, which generally gives a grossly exaggerated and politically skewed summary of the topic.

  25. Disinvited 7 people. Strong sanctions indeed! on US Announces Response To Russian Election Hacking [Update] (reuters.com) · · Score: 1

    The sanctions basically consisted of banning seven people from coming to America to do business. I guess that IS considered strong sanctions for Obama, since he invites everyone else here, regardless of what the law says on the matter.