Slashdot Mirror


User: raymorris

raymorris's activity in the archive.

Stories
0
Comments
10,114
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,114

  1. Beyond that, fragile overall on Ransomware Compromises San Francisco's Mass Transit System (cbslocal.com) · · Score: 4, Interesting

    Even beyond that, systems that can be so completely broken are typically fragile systems, systems that break in ordinary use. As an example, here's a standard SQL injection, which was present all through a system I worked on recently:

    SET lastname='$FORM_LASTNAME'

    Sure that can be leveraged by an attacker, but what happens when the user's last name is O'Reilly? O'Reilly can't sign up for the service.

    That example is typical. Code that's easily hacked is fragile, poor quality code in general, in most cases. Fixing security isn't JUST fixing security. Code that can't be broken is code that doesn't break.

  2. They count the number of messages for & agains on Will Trump Protect America's IT Workers From H-1B Visa Abuses? (cio.com.au) · · Score: 1

    Generally politicians don't pay much attention to the content of individual messages, but they do count the number of messages from constituents on each side of an issue. If they receive 1,000 messages urging them to support a bill and 10,000 in opposition, they notice that.

    Obviously they also notice if the 12 Wall Street banks who finance 30% of their campaign costs want them to take one side or the other.

    Of course, Trump isn't a standard politician. Who knows what he'll do. For example, he's not dependent on large donors like 99% of politicians are. With billions in his own bank account, he's free to tell any potential donor to suck it.

  3. Some exact dollar costs to save lives on Scientists Believe There's Finally A Cure For The Common Cold (dailymail.co.uk) · · Score: 2

    Right now, today, you have a choice of whether to spend your money installing fire sprinklers in your home. It'll cost about $6,000. There' a 1/50,000 chance it'll save your life. As you decide whether or not to spend that $6,000 to protect your life, you are putting a dollar value on your own life.

      Installing fire sprinklers in 100,000 homes will cost $600 million and save about 6 lives. ($10 million per life). Should we do that?

    Does your answer change when you find out that by instead spending that $600 million educating kids and encouraging healthy habits we'd save about 25,000 times as many lives, from heart disease and similar killers? ($4,000 per life).

    We can save lives for $10 million each, or spend that money saving more lives, at only $4K each). Why should we not spend the money on the $10 million/life idea? Because it's not worth it. It's not worth spending $10 million to save one life when you can instead spend that $10 million on saving 2,500 lives. Saving one life isn't worth $10 million.

    Here are some costs to save lives in various ways.

    http://www.payitforward.founda...

  4. Money buys safety systems, medicine - LIFE on Scientists Believe There's Finally A Cure For The Common Cold (dailymail.co.uk) · · Score: 2

    > Different things have different units of measure; some of us understand that money is a wholly inappropriate metric for the value of human life.

    Money is how you buy longer life. Want safer highways? Gotta spend money. Better doctors? Want to see the doctor more often? That'll cost money. Want to test every piece of meat for contamination before it's sold? You're going to need to spend a lot of money.

    You could go about your day very safe. In traffic, you could have a professional driver drive ahead of you and another behind you, to protect you from accidents. You could have two body guards in the car with you. That's how we protect the president. It costs a lot of money. You COULD choose to hire a body guard to protect your life rather than spending any money going out to eat, or buying a cool phone, or paying for any entertainment. You've decided protecting your life with a bodyguard isn't worth the money - you'd rather buy Olive Garden and a Nexus phone.

  5. Stackoverflow, how do do everything completely wro on O'Reilly Discounts Every eBook By 50% (oreilly.com) · · Score: 1

    The person who originally wrote the code I work on used Stack Overflow often. Occasionally it makes for some good laughs as we completely rewrite everything he did. Mostly, his code copied from SO causes much cussing.

    Stack Overflow can sometimes be useful for comparing different approaches to one very specific problem, if you can look at each answer and understand what's good and bad about each. To learn a new way of doing things, a new language, or different technology, a book by an expert, structured to explain starting from basic principles, is a far better approach. For something new to you, browsing SO may be worse than not knowing anything - you most often end up with something syntactically correct but logically completely wrong.

    I just spent $80 on oreilly (regular price $200). That $80 pays for itself if it eventually saves me 45 minutes of trying things and debugging.

  6. Can never be promoted, great idea on O'Reilly Discounts Every eBook By 50% (oreilly.com) · · Score: 1

    Great idea, you can never be promoted and will get a bad reference. Genius.

  7. Folding seats since 1914 on Consumer Reports: Tesla's Model X Is 'Fast and Flawed' (marketwatch.com) · · Score: 2

    In a hatchback, you put hinges on the rear seats so they fold forward. Folding seats were innovative 1914, over a hundred years ago, and they aren't any different just whether the engine is a flat 4, a V8, or electric. Tesla literally could have used the exact same seats from any 1970s station wagon.

    They're a hundred years behind in basic utility features and "innovation" isn't an excuse.

  8. Are you working short-term contracts? on Slashdot Asks: Will Farming Be Fully Automated in the Future? (bbc.com) · · Score: 1

    It appears you're a software person. What kind of software person does NOT get paid time off? The only thing I can't think of is if you're working short contracts and forgetting to include time off between contracts in your pricing.

    On the other hand, your sig suggests that you might LIKE Agile, so maybe you're a really BAD programmer. ;)

  9. Humans normally do both, noisy environments on Google's DeepMind Made an AI Watch Close To 5000 Videos So That It Surpasses Humans in Lip-Reading (thetechportal.com) · · Score: 1

    People normally watch the person who is talking because we actually use both sight and sound to understand what the other person is saying. The sound is more important, for most people, but we augment the sound by lip reading a little bit.

    In an environment with many people talking such as a bar or a party, our ears may hear six different people talking. Since we can focus on eyes on just one person, it helps us pick out their words from the other noise. To start with, you can see when they start and stop talking, meaning you can ignore any words you hear when their lips aren't moving; those words would be part of the conversation between other people near you n

  10. Average work week reduced from 60 hours to 33 on Slashdot Asks: Will Farming Be Fully Automated in the Future? (bbc.com) · · Score: 2

    As I write this, I'm on a week of paid vacation. Next month, I'll take another week off.

    In 1900, the US average hours worked per week was about 60. 12 hour work days were common. (See "Hours of Work in U.S. History". Economic History Association.)
    Today, the average hours worked is 33. ("United States Average Weekly Hours". Bsu.edu .)

    So we now work about HALF as much as our grandparents. Our homes are over twice as large, on average. Twice as much stuff, half as much working.

  11. > The only way to log into the admin account there is via wired ethernet cable connection.

    Wireless can't reach the admin interface? Cool.

    > my US Robotics 54K modem lights going hard red and the led on my HD started flashing fast. I reached over and turned the modem off

    I wish more of my clients would disconnect the network when they notice a problem. That's exactly the right move. Shutting down destroys evidence, while rebooting can give give attacker a more covert channel.

  12. Foothold in network, access to router admin, MITM on Nearly 40% of Americans Would Give Up Sex For Better Online Security, Survey Finds (huffingtonpost.com) · · Score: 1

    To a bad guy, your DVR isn't a DVR, it's a presence in your private network. Your router typically blocks almost all traffic from the internet, but ALLOWS all traffic from within your network. Once they are are in any device on the internal network, they are allowed to reach any other device on your internal network. You may have noticed also that Windows default security settings are different for the local network vs the internet.

    Perhaps most importantly, from your DVR they can access 192.168.1.1, the admin interface of your router! From there they can grant themselves remote access to every other device, and even MITM *all* of your traffic. That's the big one.

    Also, you may have noticed several stories on Slashdot lately about large-scale attacks coming from compromised cameras, DVRs, etc. Your DVR will become part of the botnet attacking others, which may well result in your IP being blocked, so you can no longer access many sites on the internet.

  13. Length is most important, and sites can be related on Nearly 40% of Americans Would Give Up Sex For Better Online Security, Survey Finds (huffingtonpost.com) · · Score: 1

    > Enable two-factor authentication on any site that supports it. Even just this alone is a HUGE improvement. Plus, sites like Facebook have login attempt notifications.

    Those are good things. 2FA is a bit of a hassle, so not worth it to log in to Slashdot, but certainly makes sense for a bank.

    > Complex as fuck shit to remember. Upper, lower, number, specials

    For 15 years, I developed password-based security full time. I had an alias or two on the cracker boards. I analyzed thousands and thousands of attacks. The "complexity" you want isn't the type of complexity that makes things hard to remember. For example, this:
    jJg6%#5@fB

    Is weaker than this:
    I can readily remember this simple passphrase.

  14. BS Slashvertisement for password manager on Nearly 40% of Americans Would Give Up Sex For Better Online Security, Survey Finds (huffingtonpost.com) · · Score: 5, Insightful

    After 20 years working in internet security, the headline struck me as bullshit. Just yesterday when I told a guy that making his DVR accessible via the internet would mean hackers would likely get into it, his response was "I don't care". That's about typical. So why would this survey come up with that result? The bottom section of the article begins with:
    __
    Dashlane makes identity and checkouts simple with its password manager and secure digital wallet app. Dashlane allows its users to securely manage passwords
    __

    And according to a survey conducted by McDonald's, their burgers are wonderful.

  15. Decent effort. I wonder how many noticed on Google Search Results Have Liberal Bias, Study Finds (thedenverchannel.com) · · Score: 1

    Just after posting, I realized I had swapped the variables. I figured I'd get about two idiots saying "haha you stupid idiot. You used the wrong variable, so you're a moron." Or perhaps more likely:

    your a idiot you said x not y your stupid fucker

    Your post was slightly more clever.

  16. 1 conservative says Clinton was classy on Clinton Urged To Challenge Election Results Due To Possible Hacking [Update] (cnn.com) · · Score: 2, Interesting

    > They are already being labelled "sore losers" despite conceding the election and explicitly instructing their supporters to accept the results

    I'm sure SOMEBODY in the world called SOME Democrat a sore loser based on something they said. As one Slashdot's resident conservatives, I applauded Mrs. Clinton's concession speech. I post to Facebook about twice a year, and one of those was "Clinton showed some class this this morning". I thought it was worth bringing attention to her response to the election, which was more "statesman-like" than many politicians.

  17. 1% is much longer term on Google Search Results Have Liberal Bias, Study Finds (thedenverchannel.com) · · Score: 1

    I mentioned 1%, then the chart I linked is just since 1990.
    The two don't go together, of course. 1% is a very long term number.

  18. Largest defense spending cuts on Google Search Results Have Liberal Bias, Study Finds (thedenverchannel.com) · · Score: 1

    > And they don't even talk about cutting defense spending which is the biggest issue.

    As far as "the biggest issue", it's about 1% of GDP. That's significant. Obamacare probably has larger economic effects, but 1% is significant.

    Here's a chart of defense spending over 30 years. You can see the largest cuts, which are significant, were the cuts passed in 1989, starting with the 1990 budget and phased in over ten years. You probably remember who was president.

    http://www.usgovernmentspendin...

  19. Name ANY conservative and I'll show you on Google Search Results Have Liberal Bias, Study Finds (thedenverchannel.com) · · Score: 1

    I have to wonder where you get your news. Name ANY conservative leader and I'll give you some links of them addressing exactly those issues. The leading Republican right now is the guy who was unanimously voted Speaker of the House, Paul Ryan. He said, very clearly, that fixing Medicare is a top priority for the new Congress. The headlines of left-leaning publications currently are things like "Paul Ryan to dismantle Medicare". The LA Times just had that headline, for example. This Washington Post article is a tad more factual.
    https://www.washingtonpost.com...

    I don't know where you've been getting your information, but obviously not from any of the major media. Chris Christie's speeches about Social Security are legendary. So anyway go ahead and name ANY conservative leader and I'll show you video of them covering those topics or specific policy proposals to address them.

  20. Ps both are needed, dreams AND plans on Google Search Results Have Liberal Bias, Study Finds (thedenverchannel.com) · · Score: 1

    My first post may have cast liberals in a negative role. Both viewpoints are needed, so ideally we'd all respect the others' ways of looking at things. Liberals are strong at imagining a great thing, as dream end state. Then respect the conservatives' that the budget won't cover all that, but we CAN afford to do A, B, and C.

  21. Cold, heartless liberal bean counters on Google Search Results Have Liberal Bias, Study Finds (thedenverchannel.com) · · Score: 1, Insightful

    I have observed that liberals tend to be idealists, conservatives realists. The song Imagine by John Lennon is a beautiful expression of liberal thinking.

      Liberals speak of what they desire *could* be, and very often of how things *should* be. Conservatives focus much more on the cold, hard facts of how things *are*. So much so that it often makes discussions difficult:

    Conservative: That doesn't work, X% of y are Z.
    Liberal: No! X shouldn't be Z!
    Conservative: "Should" doesn't matter, X -are- Z.
    Liberal: You racist fuck, you think X should be Z!? That makes you a bigot!

  22. Thanks on Oracle Buys Dyn DNS Provider (techcrunch.com) · · Score: 1

    Thanks for that.

  23. Trump CRAVES exascale. It's HUGE! on US Sets Plan To Build Two Exascale Supercomputers (computerworld.com) · · Score: 1

    If you were going to describe Trump's personality in 3 words, one of those words would have to be "huge". Trump has a passion for the oversized, overdone, magnificent - anything bigger and more lavish than the other guy. It should be easy to sell Trump in "the biggest, fastest computers ever built", if the people selling him on it have any understanding of who they are talking to.

    His dad bought two-story apartment buildings, Trump builds skyscrapers, with gold-plated fixtures. Some rich guys have a Leer jet, Trump has a private airliner. Wanna sell Trump on a super computer? Just tell him it's going to be huge, magnificent, incredible. He can't help himself when something is incredible.

  24. Also banned, for fraud on Symantec To Acquire LifeLock for $2.3B (usatoday.com) · · Score: 1

    He was also banned from being an executive or owner of any such business because he engaged in widespread fraud. He continued to appear in commercials for the scam^H^H^H^H company.

  25. Know anything about soliciting without rumors? on Oracle Buys Dyn DNS Provider (techcrunch.com) · · Score: 1

    Do you have some experience with this? I've sold a couple businesses and the problem has always been how to solicit bids without a) encouraging silly rumors to start and b) revealing too much about the financials of my privately-held company to competitors or potential competitors, who may or may not have a genuine interest in buying my company.