Slashdot Mirror


User: raymorris

raymorris's activity in the archive.

Stories
0
Comments
10,114
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,114

  1. Proves Iran has capability to hurt the US with cyb on Destructive Hacks Strike Saudi Arabia, Posing Challenge to Trump (bloomberg.com) · · Score: 1

    We've known for years that Iran's leadership is all about "death to America". The attack on Saudi Arabia shows that they CAN perform significant cyber* attacks. They can do damage though cyber, and they want to attack the USA. Means and motive. We've damn sure given them the opportunity - our IT security is crap.

    Additionally, with Iran (and China) actively using these as offensive weapons, the odds are very good that other countries will rush to improve and enlarge each of their cyberwarfare capabilities. In other words, it's yet another neon sign warning that cyber is truly becoming a military branch now, an important means of warfare. For Naval warfare, for example, the US Navy is far superior to any other naval force; for cyber warfare, we're not nearly so dominant. The president-elect (and commander-in-chief) had better address this.

    * Yes, "cyber" is an anachronism, EXCEPT when it comes to cybersecurity / cyberwarfare. So before you post "who calls it 'cyber' anymore?", the US military and defense and security sectors call it cyber. That's the term that's used.

  2. A few hundred, or a few million? on Facebook Developing AI To Flag Offensive Live Videos (reuters.com) · · Score: 2

    Every day people post on Facebook:
    250 million photos
    400 million status updates
    around 40 million videos (guesttimate)

    Suppose in an hour of work, in addition to bathroom breaks, meetings, etc, an employee can review:
    50 photos
    80 status updates
    8 videos

    Facebook would need about 750,000 employees reviewing those things. Then of course another team doing reviewing comments. (Obviously it also depends on how much holiday and sick time they get, and how much time they spend on various HR-mandated training.)

  3. Put it to a good use. on Mozilla Puts New Money To Use Fighting For 'Internet Health' (cnet.com) · · Score: 1

    If you speak English, I hope you put that skill to some good use.

  4. The researchers were tripping on FDA Approves Large Clinical Trial For Ecstasy As Relief For PTSD Patients (arstechnica.com) · · Score: 1

    TFS says:
    --
    is backed by the Multidisciplinary Association for Psychedelic Studies (MAPS), a nonprofit created in 1985 to advocate for the medical benefits and use of psychedelic drugs, such as MDMA and marijuana.
    --

    Group formed to advocate for the use of psychedelic drugs, because they like using psychedelic drugs, claims that using psychedelic drugs is good.

  5. I can exploit at least three different application on Muni System Hacker Hit Others By Scanning For Year-Old Java Vulnerability (arstechnica.com) · · Score: 1

    The issue is that an application

    The tool I worked on yesterday can exploit at least three different applications, so no, it's the library. (I do this for a living.) The library was caught by the trap that Java set.

  6. Oh no! Are Austin and the Clinton library safe? on San Francisco's 58-Story Millennium Tower Seen Sinking From Space (sfgate.com) · · Score: 1

    > denying, you dumbshits, until all of SF topples into the bay.

    Oh that's scary! But what would really, really worry me would be if Austin was at risk, or the Clinton Presidential Library and Adult Book Store.

    You guys have got to work on your fear mongering. The "dumbshits" you're screaming at aren't THAT worried about San Hippy Francisco. I suppose if San Francisco headed underwater some of the residents and their assless leather pants might come HERE, so that's a BIT worrying.

  7. That was informative, thanks on Great Barrier Reef Has Worst Coral Die-Off Ever, Report Finds (usatoday.com) · · Score: 1

    Thanks for the info.

  8. Not just WebLogic, also JBoss, Websphere, 1300 oth on Muni System Hacker Hit Others By Scanning For Year-Old Java Vulnerability (arstechnica.com) · · Score: 4, Informative

    The vulnerability isn't in Weblogic. It's actually a pair of screwups, one in Java itself and one in a very common library, used in thousands of applications.

    As you may know, in Java most everything is an object. A string is an object, which has methods (executable functions). Also, Java is network-centric. So a lot of Java code, both library code and application code, sends objects over the network. When you submit your name to a Java application, some part of it is probably receiving the string object with your name, "Joe" or whatever. Because the string "Joe" is an object in Java, it can include executable methods. Whenever Java reads and deserializes an object from the network, Java AUTOMATICALLY calls the readObject() method of that object.

    So to summarize, when your Java app wants to read data submitted in a form, Java automatically runs code that the user may have included in their submission. This sounds a bit dangerous, doesn't it?

    Because it's dangerous, Java code that reads data over the network has to be very, very careful. The commons library didn't get this quite right, so all applications using the commons library ended up with a remote code execution vulnerability.

    I can't put all, or even most, of the blame on the commons library, though, because Java itself set up a dangerous situation.

    Going one level broader, the concept that you don't keep data and executable code separate is dangerous. That's precisely what strict object-oriented approaches require, though. If you can't accept data without accepting code attached to that data, that is dangerous, and that's exactly what OOP (in the strict sense) requires. Java has this issue mostly because it's "overly" object-oriented, because simple data like a string comes with executable code attached.

  9. Assuming the judge can read at 5th grade level on It Will Soon Be Illegal To Punish Customers Who Criticize Businesses Online (arstechnica.com) · · Score: 1

    In the case of federal legislation, the only "legality" for a court to review is whether Congress has the Constitutional authority to make the law. The Constitution explicitly grants Congress the power to regulate interstate commerce. There's no Constitutional question here, nothing for the court to decide.

  10. Programming frameworks != systems architecture on Ask Slashdot: Has Your Team Ever Succumbed To Hype Driven Development? (daftcode.pl) · · Score: 1

    Sometimes the larger system is already built, and all that remains is to add small modules which conform to the well-defined, well-documented, and enforced rules of the system. In that case, you have a number of small projects, and most any methodology will manage.

    If you're designing a new system - well then the SYSTEM should be DESIGNED. The architecture of the overall system shouldn't be the accidental result of however different people shoehorned different things in during different sprints. Programming frameworks, as the term is normally used, are not at all the same thing as systems architecture. To be frank, this sentence:

    > There's already a pretty good architecture in the form of one of several appropriate frameworks

    Makes about as much sense as this sentence:
    You don't need a map; there's already a pretty good route in the form of several appropriate vehicles.

    Sometimes a framework can be useful, but it's no more an architecture than a car is a route.

  11. Love the 10th, but right in the title of the bill on It Will Soon Be Illegal To Punish Customers Who Criticize Businesses Online (arstechnica.com) · · Score: 1

    The 10th amendment is sure the first thing to look at with any federal legislation, I'm with you there. Well actually you look at Article I, Section 8, which lists what the federal government is allowed to do.

    In this case, the title of the bill is:

    To prohibit the use of certain clauses in form contracts that restrict the ability of a consumer to communicate regarding the goods or services offered in INTERSTATE COMMERCE that were the subject of the contract, and for other purposes.

    Article I, Section 8 does of course grant the Congress power to regulate interstate commerce. The funny thing is, though Congress wrote "interstate commerce" in the *title* of the bill, they seem to have forgotten to put it anywhere else in the bill. We could assume any competent court would apply this only in interstate commerce cases - not only does the title of the bill state the intent of Congress, but as you mentioned they have no standing to regulate INTRAstate commerce.

  12. There's one reason you can't on It Will Soon Be Illegal To Punish Customers Who Criticize Businesses Online (arstechnica.com) · · Score: 3, Insightful

    > If I am a business and I want to put a non-disparagement clause or review gag order into my contracts, I don't see why I can't.

    There is one reason you can't - it's illegal, under this law.
    The Constitution vests the power to make law in the Congress. The courts don't have any right or power to strike down laws based on "I don't like it".

    First, you'd have to make a case that you have a CONSTITUTIONAL RIGHT to have and enforce such a clause. Is that in the 43rd amendment, because I don't see it. Secondly, you'd have to show that your (non-existent) Constitutional right to punish customers outweighs the legitimate interests of this law (freedom of speech doesn't mean you can yell "FIRE!" in a crowded theatern)

  13. So Bernie Madoff is your hero? on Samsung Electronics Considers Split as Investor Pressure Builds (reuters.com) · · Score: 0

    That's a strange way to order the priorities, IMHO, and contrary to law. You're saying Bernie Madoff did a GOOD thing?

    Looking at the last two items, you think corporate officers entrusted with your (retirement) money should use it for THEMSELVES?!?!

    Example:
    You find out I'm good at buying at buying and selling used cars, finding good prices, then fixing them and cleaning them up to sell better.

    You say "I'll let you use $10,000 of my savings, can you buy me a car and fix it up, then sell it so I end up with more money for retirement? I'll pay you $700 for your time."

    I agree to do that for you, using your money, and accept your offer to pay me $700 "salary" for doing it.

    That means you're the investor, I'm the executive.

    According to your list, I should sell your car for less than it's worth (customers come first), then pocket some of your money (executives come before the investors who hired them). "Fuck investors", and you're the investor, so fuck you and your retirement savings.

    The law is that when you, the investor, hand your savings to me, the executive, I'm required to put your interests above my own - it's YOUR savings I'm managing to earn the salary you are paying me. It's your company, you're paying me to manage it for YOU, not for my own selfish ends.

  14. So can customers of contractors (Uber), and employ on Uber Drivers Demand Higher Pay in Nationwide Protest (cnet.com) · · Score: 1

    Contractors decide who much they are willing to work for, and people paying contractors decide how much they are willing to pay.

    I recently placed an ad on Craigslist looking for a HVAC tech to install an air conditioner for me. I got several calls giving different estimates these were contractors telling me their rates. One said $1200, another said $450, two said $600.

    I quickly determined I could get the job done well for $600, so I set my offered rate at $600. The contractors set their (asking) price, I set my (offer) price. The contractor can accept my offered rate, decline, or negotiate.

    Uber is offering different rates in different areas at different times. Contract drivers can decide where they are willing to drive, when, for what rate.

    Employees also decide what rate they'll accept - when recruiters call me they normally ask me about my salary requirements. What makes contractors different from employees is they decide what hours they work, what tools they use, which helpers they want to hire, etc. The AC guy showed up yesterday at the time HE said he'd be here, with his father-in-law to help him. He left for the day when he needed to. As his customer, rather than his employer, I didn't decide who his helper would be, or what hours he would be here (though I agreed to open the door at the time he offered to arrive.)

  15. *could* eat more vs *need* more on Microbiome Changes Drive the Dieting Yo-Yo Effect, Study Finds (smh.com.au) · · Score: 0

    > I don't know if it's my biome, my genome, my upbringing, or what. I always feel like I could eat more.

    I think right there you've identified one difference (apart from bacteria etc). I always *could* eat more too, but I wasn't raised to eat as much as I possibly can. For me, feeling stuffed is unusual and uncomfortable. For me, normal and comfortable is *some* food in my belly. I *could* drive faster, I *could* talk louder, I *could* eat more. I'd categorize my hunger/fullness in three ranges:

    Hungry - stomach starts to hurt, feeling the effects of low blood sugar.
    Normal - There's some food in my belly. 90% of the time. I'm not noticing my stomach or blood sugar.
    Full - yuck, I ate too much. I feel kinda bloated and can't move around as well. I do this maybe once per year.

    I'm sure there are several different things that affect weight, but I think that's one of them, and it's probably how different people are raised. I don't talk as loud as I can, I talk at a reasonable, comfortable level, and I was raised to eat the same way. Did your parents tell you to eat everything on your plate? I grew up leaving food on my plate, eating just until I no longer felt that I needed to eat more. I always *could* eat more, but had no reason to stuff myself.

  16. As long as the case is a molecule thick on Scientists Turn Nuclear Waste Into Diamond Batteries (newatlas.com) · · Score: 1

    Technically, the battery wouldn't be radioactive, because it would have some sort of case. Even wrapping it in tissue paper (or as the summary says, air) will stop the radiation in common nuclear waste, known as beta radiation.

    To hurt yourself with these batteries (or most nuclear waste), you'll need to crush them into a fine powder and snort them up your nose like cocaine.

    The scarier radiation is gamma - air doesn't stop gamma. Gamma radiation comes from living things.

  17. Crush the diamond and the SNORT it on Scientists Turn Nuclear Waste Into Diamond Batteries (newatlas.com) · · Score: 2

    As the summary mentioned, the radiation from most waste can't penetrate even air, or tissue paper. So to have a problem you'll need to crush it, then snort it up your nose like cocaine.

  18. Simple question on the science on Great Barrier Reef Has Worst Coral Die-Off Ever, Report Finds (usatoday.com) · · Score: 0

    Perhaps you or another reader can address this question. It is my understanding that natural cycles cause ocean temperatures to vary by a few degrees from year to year. While I'm not familiar with that region specifically, El Nino / La Nina goes about three degrees above or below the average (a swing of about 6 degrees, roughly).

    It's also my understanding that the difference between now and 200 years ago (which could be related to global warming) is less than one degree.

    Am I mistaken? If not, it seems to me this article is ignoring the much larger natural variations in order to blame the die off on the much smaller increase which might be global-warming related.

  19. WATCH what he does with the spreadsheet. A hybrid on Ask Slashdot: Has Your Team Ever Succumbed To Hype Driven Development? (daftcode.pl) · · Score: 1

    In your other post you said:

    > What almost everyone gets wrong about agile is confusing the agile methodology with specific implementations of agile project management. Scrum, Kanban

    I'll admit I'm doing this a bit, specifically thinking of SCRUM, as the main example of the most popular Agile methodology.

    > Try asking a salesman using spreadsheets and Outlook what he wants out of a new CRM implementation and see how far that goes. If you think that is sufficient to get good requirements

    If rather than asking, you do as I suggest and WATCH what he actually does, taking notes and asking questions, then you know exactly what his *requirements* are, what the system must do in order to allow him to do his job. While watching, I like to listen for not only him but people in nearby cubes/offices making exasperated grunts or cussing under their breath, and ask them what most frustrates them as they work. Those are probably likely requirements for a better system!

    > Showing users working demos

    In my experience (20 years), that's useful, but very much not sufficient. They a) focus on how pretty the interface is, not on the needed functionality, and therefore b) assume that all needed functionality will be there, implemented how they need it.

    A great hybrid of the two approaches might be to WATCH the user (rather than show the user) using a mockup / demo. Say "show me how you'd do your morning routine using this mockup instead of your old tool". You might tend to get a lot of "okay how do I find foo?", where foo is something critical to them, that was never mentioned is requirements discussions.

  20. Only until I was told the secret on Ask Slashdot: Has Your Team Ever Succumbed To Hype Driven Development? (daftcode.pl) · · Score: 1

    > I wager that on every single waterfall project you have worked on, there have been numerous change requests after the project was supposed to be "done." If it was a big project, I wager there were many change requests. In other words, the original requirements turned out to be fiction

    That was true until someone told me the secret to finding out what the REAL requirements are. Once someone told me the secret, I learned the requirements ahead of time and took notes of what they were.

    If you want to know what the actual requirements are, there's one way to find out (and maybe ONLY one way). Sit down with the user and watch them work. Ask questions as needed to understand their workflow while they actually do it, and take notes. Ask the actual user, not their manager's manager, about what they need to do their actual daily tasks - while you watch them actually do it.

    > only that the details can't be fully known up front.

    If you're putting the details into your foundational core, if the design of the system as a whole is based on on the detail of some task, you're doing it wrong. Yes details change. It's best to do the details last, as much as possible, because even if you did know them, they'd change. And you know what? The finest level of detail that exists is executable code. Agile does code (detail) first, with the big picture (the design) as an accidental artificact seen only in retrospect. If you really recognize that details, things will change, wtf would you do the details, the code, FIRST?

    The opposite idea is that because details change, you design an overall system, and architecture, then sketch the major modules within the system and when the plans for the major modules are validated, THEN you do the details, the executable code, LAST, after multiple rounds of validation. That way you not only have a better chance of getting the details right the first time, but as details change modules can be changed - the overall system, the architecture, isn't dependent on the details of any particular function. When some function needs to change, you just swap it out, plugging in the new version.

    On the other hand, with the Agile concept of releasing executables within a few weeks, and releasing the bare minimum viable product, you start with code for important functions, then spend three years piling stuff on top of the *functional* code, rather than building the *system* first and plugging functuonal modules into the (designed) system. When the functions of your early Agile code needs to be changed, you're fucked because you've piled years of work on top of the feature.

  21. It might be agile, but it's not Agile on Ask Slashdot: Has Your Team Ever Succumbed To Hype Driven Development? (daftcode.pl) · · Score: 3, Insightful

    > There's nothing preventing you from running an agile project with a robust and complete design.

    A large project with a complete design, an actual plan, may be agile (the adjective), but it's very much not Agile (the development methodology). A core tenet of Agile is that design, planning ahead to the end of a project, is impossible. In fairness, it probably IS impossible, for the people who believe that.

    If they haven't been taught one particular trick, they probably never will be able to know the requirements before they write the code - trial and error really is the only option, if nobody ever told you the method to find out the real requirements.

    If you want to know what the actual requirements are, there's one way to find out (and maybe ONLY one way). Sit down with the user and watch them work. Ask questions as needed to understand their workflow while they actually do it, and take notes. Ask the actual user, not their manager's manager, what they need to do their actual daily tasks. That way, (and probably only that way), your User Stories aren't fictional stories imagined by some manager, they are real descriptions of real users doing real work. Requirements flow directly from there.

  22. Agile is good for some teams & projects, horri on Ask Slashdot: Has Your Team Ever Succumbed To Hype Driven Development? (daftcode.pl) · · Score: 5, Interesting

    For some projects and some teams, Agile is the best they can be expected to do. For other types of projects and other types of teams, it's a really horrible idea.

    Central to Agile is the proposition that the company is unable or unwilling to figure out what the requirements are before they develop the system. As Yogi Beara said, "if you don't know where you're going, you not get there." On small projects it might not hurt too much to figure it out as you go along, to backtrack and throw away code that has to be replaced. On large projects, and systems that need to integrate with other systems, you REALLY do need to figure out the requirements ahead of time and plan the architecture.

    If your team consists solely of programmers of medium competence, Agile may be the best choice. If you have even one excellent systems architect, you're far better off letting therm do their job, planning the system out first. If your team includes junior programmers (or veterans who haven't expanded their skill set over the years), Agile can leave them floundering, going one direction for a few weeks, then another direction for a few weeks, then completely backtracking for a few weeks.

    In summary, Agile is sometimes the best choice for your team, and when it is, you've done a poor job of hiring.

  23. Harrahs $220 million, Trump $13 million on Will Trump Protect America's IT Workers From H-1B Visa Abuses? (cio.com.au) · · Score: 1

    > Are you a majority shareholder of Autozone? Do you run Autozone?

    Trump didn't put up the majority of the money for any of the casinos either. For Trump Plaza, Harrah's paid all of the construction costs, $220 million, and operated the casino. Trump had put up something like $13 million to buy the land. Trump did get half the profits, but all he could lose was the $13 million.

    For most of his properties, banks put up the money. Just like I only lose my $500 investment if Autozone goes under, Trump only stood to lose his investment, in most cases. A couple of times he personally guaranteed a small percentage of the loans, but that was the exception rather than the rule.

    He was 50% owner of the Empire State Building and guess how much he exposure he and his companies had? $0. He didn't put in one cent, had nothing to lose. The owner GAVE him a 50% interest so that he would use his expertise in New York real estate to make it profitable.

  24. Owning stock in a bankrupt company != bankrupt per on Will Trump Protect America's IT Workers From H-1B Visa Abuses? (cio.com.au) · · Score: 1

    Would you care to be a bit more specific? I don't know of any time that Trump was anywhere near broke, and I've followed his career for 25 years.

    I own a thousand dollars of stock in Google, a few hundred of Autozone, and about 20 other companies. If Autozone goes bankrupt, I'm out the few hundred I invested.

    Trump has a couple billion in total, a few million in this hotel, a few million in a casino over here, a million in a golf course, hundreds of investments. When one of the companies goes bankrupt, he's out a couple million -and still has 2,000 million left.

  25. You buy what you value on Scientists Believe There's Finally A Cure For The Common Cold (dailymail.co.uk) · · Score: 2

    Given that you can save lives at $4,000 each, you shouldn't spend your money at $10 million each. Saving a life isn't worth $10 million, because you can do more with that $10 million. The VALUE (market value, in fact) is less than $10 million.

    > price and value are not the same, that you can't measure a thing's value by its price?

    Quite the opposite. What you buy, at what price, is an objective measure of what you REALLY value. He COULD donate half his salary to save several lives. Instead, he probably choose to have a nicer car (or cars) than he needs, dinners out, etc. He made the choice, so clearly he VALUES the fancy car more than he values a stranger's life - he had to choose between the two, and he chose the car.