Slashdot Mirror


User: raymorris

raymorris's activity in the archive.

Stories
0
Comments
10,114
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,114

  1. Christmas shopping - direct delivery on Amazon Splits Prime Video Service To Compete Directly With Netflix (techcrunch.com) · · Score: 1

    We use Amazon a lot for Christmas shopping. If we purchase from local brick and mortar stores we still have to pay shipping to send gifts to relatives, and pack other gifts in the car. Having them shipped direct to the recipient makes sense, so we use Amazon for that and each year we calculate whether $99 for "free" shipping makes sense. If we could pay about $10 for one month of free shipping, that would be a good deal to ship all of our Christmas presents.

  2. Plus two 110,000 vacuum cleaners on Jet Strikes Drone Near Heathrow Airport (marketwatch.com) · · Score: 1

    The engines on an airliner suck in a lot of air, too. The 777 is equipped with a pair of what could be considered 110,000 HP vacuum cleaners.

    How likely is it to happen on one SPECIFIC flight? About as likely that you'll get in a traffic accident with a white pickup on your way to work this morning. How likely that it'll ever happen? About as likely that there will a white pickup involved in an accident, somewhere.

  3. Loss of one engine deadly near takeoff on Jet Strikes Drone Near Heathrow Airport (marketwatch.com) · · Score: 0

    If a Boeing 777 or similar aircraft loses one of its two engines during cruise, it will suddenly yaw toward that side and begin losing altitude quickly, but if there's 30,000 feet between the plane and the ground a competent pilot can recover in 30 seconds or so. Scary, but not deadly. Also wouldn't involve drones because hobby drones don't fly at 20,000 or 30,000 feet.

    An airliner would encounter a hobby drone (or small commercial drone) at takeoff or landing. Just after akeoff at full power, loss of one engine means there's 110,000 horsepower violently whipping the aircraft around and two seconds later it slams into ground at 180 MPH. Better hope the pilot has lightning fast reflexes and isn't reaching for something at the moment.

    Problems at cruise altitude can be dealt with - it's okay to run into the AIR at full speed. Running into the ground at speed is quite a different matter.

  4. Top talent doesn't seek 3% (neither does competent on US Anti-Encryption Law Is So 'Braindead' It Will Outlaw File Compression (theregister.co.uk) · · Score: 1

    > You're completely missing the fact that the company is not obliged in any way to keep the slackers and clock-punchers employed.

    Top talent, even reasonably competent people, don't seek organizations where they can hope for a 3% increase. 3% companies get the clock-punchers. Remember I mentioned my current employer was able to offer me 80% more, and nexr week I expect an offer that's another 20% higher. My old employer couldn't offer even a 10% raise BECAUSE their budget was mostly exhausted by 3% for everyone, including the drunk. After the highly competent people go to places where their hard work and skill is rewarded, the unionesque shop is left with whomever remains. These are the facts of my experience.

  5. in a world of unlimited budgets on US Anti-Encryption Law Is So 'Braindead' It Will Outlaw File Compression (theregister.co.uk) · · Score: 1

    > Every year, they handle the collective pay raise negotiations with the company, usually ending up with some fixed percentage raise for every worker
    > But we're still 100% allowed to sit down with our managers and negotiate a further pay raise,

    In a world of unlimited budgets, spending $x million on a 5% raise for everyone who punches clock, sober or not, wouldn't deplete the budget and affect in any way your ability to work hard, know your job, and get a 20% raise. On earth, the company has a certain amount of money, say $10 million. Once $9 million of that is spent without regard to performance, only a little bit is left for the motivated workers. My last employer was like that.

    At my last employer, everybody got about 2.5% each year. The total budget was increased by about 3%, meaning that 0.5% was available for raises actually based on merit. I studied my field in order to get better at my job. My boss gave me appropriately the maximum raise he could, about 3%. Another company me 85% more. I'm enjoying my new job making almost twice as much and the old employer no longer has one of their best employees.

  6. 1/2 of /. readers say AI will take their job on Microsoft's New AI Mistakenly Identifies Photos, Ignores Hitler (mashable.com) · · Score: 4, Funny

    I'm reminded that about half of Slashdotters are afraid that AI like this will put them out of a job soon. The other half of Slashdotters can tell the difference between a cell phone and the first lady, so they won't be replaced by Microsoft software.

    On the other hand, 15% of Slashdot readers can't tell the difference between Obama and Hitler, with this AI can do so.

  7. "An operating system suitable for critical servers on Microsoft's New AI Mistakenly Identifies Photos, Ignores Hitler (mashable.com) · · Score: 1

    The most ridiculous might be what Microsoft's AI describes an "an operating system suitable for mission critical servers". Or maybe that was Microsoft Marketing, not Microsoft AI. Either way.

  8. Yeah, waste is a much better idea on Amazon Begins Housing Homeless In Seattle (jeffreifman.com) · · Score: 0

    That's a much better idea. The Amazon building should sit empty. Then whichever construction company financed the local politicians can talk about how far over budget the new city shelter will be when it's built in 2023, if it's done on time. That's much better than providing for people's needs now, with a facility that already exists and was sitting empty, at very little cost.

  9. In reality, coercive unions and forced stocks on US Anti-Encryption Law Is So 'Braindead' It Will Outlaw File Compression (theregister.co.uk) · · Score: 1

    I'm familiar with the ideals, the dreams that socialist libertarians have. Let's look at how some of those most important ideas have been put into actual practice, how it actually works out.

    They dream of worker collectives, such that you don't individually negotiate your pay, the collective does that. To ensure that happens, of course individual negotiation has to be illegal - the company MUST negotiate with the union, and therefore the worker MUST join and financially support the union. Meaning that a percentage of your is under the control of the union bosses (and the politicians they finance). Since wages aren't tied to individual performance, how do you deal with slackers? In practice, you can either MAKE them work, or you can ignore them, meaning that productively (and everyone's pay) suffers. Either authoritarian control or economic failure, those are two options when each worker's well-being isn't tied to their own efforts.

    They seek collective ownership of the means of production- of factories, ships, etc. Right now we have VOLUNTARY collective ownership- you can choose to invest $500 or $5000 in a company that is building a new factory and you become a part-owner, a stockholder. Socialists of all stripes seek would have a system in which everyone MUST participate; AMD's new fab WILL be built with your money, whether you like it or not. They don't realize that's just the same as Wall Street except you're forced to finance the new coal mine. That's the only option other than voluntary financing. The mine is either built with money from people who volunteered their savings (in hopes of participating in profits), or it's built with money taken by force. Unless of course no productive facilities are built at all.

    So it really is binary/ternary. It costs $50 million to build a new car factory. You really do have to decide whether that $50 million is invested willingly (current system) or if it's taken by force. If the money is neither invested willingly nor taken coercively, no factories , ships, or semiconductor fabs can be built.

     

  10. A stupid browser bug causes my posts to be submitted as I write, mid sentence. Anyway ...

    Kinda odd that you'd be both reasonably well-informed and call yourself a libertarian yet still lean socialist. More socialist/ communist invariably requires more tighter government control of the citizens. Still, at least you have some clue, which is better than most candidates.

  11. Often 51%/49%. You should run, communist scum on US Anti-Encryption Law Is So 'Braindead' It Will Outlaw File Compression (theregister.co.uk) · · Score: 1

    Important issues are decided by thin margins often enough; you can make a difference. On the issues you care most about even more so, because other legislatures will have different interests, so they'll listen to your point of view on the issues you know about and care about.

    You've made enough intelligent posts to catch my attention, so you are apparently smarter/ better informed than the average citizen.

    It's odd you haven't noticed that as an economy swings further toward socialism and communism, that requires more government control, the reduction of liberty. It happens every time. So kinda odd you'd be both inform

  12. mount -o remount on Man Deletes His Entire Company With One Line of Bad Code (independent.co.uk) · · Score: 1

    Mount options may not do much good, because an attacker (or malware) could remount. Also for efficiency you often don't want to write everything again, you want to clone the old through some efficient mechanism such as hard links or volume tricks, then update it by updated files which have been updated, deleting deleted files, and creating any new files. A pull with read-only access to the live system does this well, and read-only is very well supported by existing file systems.

  13. Yeah, credentials in the URI==doing it wrong on Researchers Find Vulnerabilities In Microsoft's and Google's Short URL Services (arstechnica.com) · · Score: 4, Informative

    > data protected by credentials included in the Web address

    You're doing it wrong.

    A web address, or URI, is a universal resource IDENTIFIER (or locator, for the older terminology). It specifies which data you wish to access. That's not the place for authentication to be.

    Sharing a long URL which includes your user name and password is stupid too.

  14. rsnap is popular. Should pull from read-only accou on Man Deletes His Entire Company With One Line of Bad Code (independent.co.uk) · · Score: 4, Insightful

    Rsnap is a very popular backup system which uses network mounted drive as it's default/most common configuration. I constantly remind people on the rsnap mailing list about the existence of cryptolocker type malware.

    A much safer way to do it is to have the backup system PULL backups using a read-only account. That way no command on the live system can touch the backups, and the backup system can't change anything on the live system - either accidentally or maliciously.

    One solid backup / hot spare system that does it safely by default is Clonebox.

  15. DMCA allows it on FBI Couldn't Tell Apple What Hack It Used, Even If It Wanted To (qz.com) · · Score: 4, Informative

    I posted relevant portions of the law last week, if you care to read the details. There are two sections that are mainly relevant.

    First, DMCA explicitly says that circumvention by or FOR the government is legal. So you can hack it if the government asks you to.

    Secondly, and this is important to my job developing security testing tools, DMCA says twice that it is legal to create tools to research on the security of the measures as long as those tools aren't used, or intended to be used, for copyright infringement as specified in DMCA.

    So it's a lot like gun laws in areas that have Constitutional gun laws - using a gun to commit a felony is an additional crime, but just having a gun is legal. Similarly, building a circumvention tool FOR THE PURPOSE of copyright violation is unlawful, but building it for research, security, and investigation purposes is fine.

  16. Year-round in Texas it helps on World's Largest Private Coal Company Files For Bankruptcy (reuters.com) · · Score: 1

    A black pipe in full sun will get quite hot even if the temperature outside is 50F or so. At lower temps, it at least REDUCES the amount of natural gas needed to finish heating the water.

    Even if the air is 40F, the ground 50F, and the solar water 80F, that reduces the energy that the natural gas water heater uses.

    I'm glad to see that many well-known environmentalists are now acknowledging that the way to significantly reduce fossil fuel use, with technologies that actually exist, is to use wind power during windy time to augment the nuclear baseline.

  17. liberals aren't normally so clear. Doesn't work on World's Largest Private Coal Company Files For Bankruptcy (reuters.com) · · Score: 3, Insightful

    It's been 50 years, isn't it time to stop the political shenanigans and do something the environment now? Handing billions of dollars to democrat campaign contributors while ignoring the stuff that could actually save the planet is getting tiresome.

    > 3. Numbers don't matter ...

    Liberals normally seem to THINK like that, but they rarely say it so clearly. "So what if it doesn't work, it makes me feel good to pretend".

    We're not talking about "it would be hard" or "or would cost a little more". It's impossible, and therefore a huge waste of precious time. So far you guys have wasted 50 years chasing solar-electric, which is one of the most ineffective energy sources ever proposed, next to "pyramid power".

    Now if you go down to the hardware store and get an 8" plastic pipe for $12, you can put it outside, connect it to your water line, and have hot water. That works; it works quite well. Since it works, and you can do it yourself for $12, it doesn't involve handing a few billion dollars to Clinton and Gore's campaigning contributors, so they tell you to do that. They tell you to ignore what works and instead give billions to their buddies. You go right ahead and do that, while power continues to come from 80% fossil fuels because you're too busy handing money to political donors rather than using the carbon-free energy technologies that actually work.

  18. are NOT trained in "users are attackers " on Zero-Days Doubled In 2015, More Companies Hiding Breach Data, Says Symantec (csoonline.com) · · Score: 1

    I left out the word "not". People with desktop programming experience think of the input as coming from a friendly user, NOT from an attacker who is trying to break things.

  19. Programmers with desktop mentality, little trainin on Zero-Days Doubled In 2015, More Companies Hiding Breach Data, Says Symantec (csoonline.com) · · Score: 2

    > A lot of these Mature Programmers are use to making applications based on Local systems access ...
    > Also most of these apps are based on Older Code sets, Taking a PC App and just changing the UI to be Web Based.

    Yep, many programmers are reasonably competent for desktop programming, where the user is trying to make the program work correctly. They are trained in and don't think with the mindset that "users" are attacking the software daily, trying to find ways to make it fail. Because Windows is the most popular desktop of all time, there are an especially high number of experienced Windows programmers who habitually think with a desktop-like mindset, not an adversarial mindset where the user is an attacker.

    This goes along with the problems of teaching everyone to code just a little bit. They know enough that they can make it mostly work, most of the time. Thinking about how it be forced to not work correctly, how it responds to invalid and malicious input, is an entirely different level.

    We're also lacking in tools and libraries which have been formerly proven safe, but the mindset of programmers and their managers is the biggest thing. If every line of code is looked at with an eye toward "how could this go wrong" we'd have MUCH more reliable software . If it works reliably even when being attacked, think about how well it will work when you're not attacking it!

  20. I see, you're still thinking generalities, don't s on Experts Crack Petya Ransomware, Enable Hard Drive Decryption For Free · · Score: 1

    I THINK I'm starting to see where you're coming from. You're still thinking in general terms (hashes generally, encryption generally) rather than thinking about the exact purpose served here, you're ignoring the specific algorithm used by this malware, plus you're unfamiliar with how hashes are used with secrets - they are salted. Or you've thought of, but not articulated, some method that I haven't.

    > You don't understand how an encrypted blob can be computer unique but a hash cannot be?

    The second half of that sentence is "and serve the purpose". It has to be used to confirm whether the password is correct. Tell me if I'm missing something in how you're thinking this could be done with ciphertext:

    1) Generate a machine-specific random bytes (the malware does this) .
    2) Save the random bytes for later comparison. (It does this too).
    3) generate a key (does this).
    4) Encrypt the random bytes using the correct key (hash does this repeatedly) .
    5) Decrypt the random bytes using the candidate key (a hash malware does the reverse, it encrypts with the candidate)
    6) Check whether the decrypted bytes match the random bytes. (A hash does this, but compares th ciphertexts rather than the plaintexts).

    Note especially that step 6 is impossible without step 2. Is that what you have mind?

  21. Even MD5 is within 1% even distribution on Experts Crack Petya Ransomware, Enable Hard Drive Decryption For Free · · Score: 4, Informative

    >no algorithms that I am aware of come close to ... 1

    Even distribution is a design requirement for hash functions. Any unevenness is predictably and therefore brokenness.
    MD5 gives even distribution, though it is otherwise broken for many use cases. In one experiment, the experimenter hashed 10 million values, I believe, and compared the number of times each possible value appeared in the first 8 bits and the last 8 bits. The difference between the most common value and the least common was less than 1%. To my knowledge, there's no theory that MD5 isn't evenly distributed .

    For SHA256, it is known that the distribution isn't perfectly even, but the variance from even distribution may well be less than 1% for SHA256 as well.

  22. Don't know understand why you're not getting this on Experts Crack Petya Ransomware, Enable Hard Drive Decryption For Free · · Score: 1

    > The fixed size block can easily be computer specific unlike the hash key,

    How can one be computer specific and the other not, while serving the same purpose ?

    What you don't seem to be understanding is that the hash IS precisely what you're suggesting- it's a blob of data encrypted- 64 times. Your suggestion only works if either a) encrypting it 64 times is easier than encrypting it once, or b) you artificially limit the "hash" to be much smaller than the ciphertext.

    A hash is GENERALLY easier to crack than a long ciphertext, simply because the cipher text is longer. In this instance, the complete program is a few hundred bytes. It's short because space is limited. Encrypting it fewer times isn't going to make it harder to crack.

  23. Always average of 1-to-1. For any decent hash ... on Experts Crack Petya Ransomware, Enable Hard Drive Decryption For Free · · Score: 4, Informative

    Let P be the number of possible plaintexts and J be the number of possible hashes. The average number of plaintexts which hash to a given value is therefore P / J.

    We said the input is the same length as the hash. Therefore, there are always the same number of potential hashes of that lemgth as there are potential plaintexts. That is, P = J. Therefore, the average number of plaintexts per hash is P / P = 1.

    When designing a hash function, it is fairly trivial to ensure that the distribution is approximately uniform, and virtually all hash functions in use have this property. Therefore, for substantially all hash values, the number of possible plaintexts is approximately equal to the average, which is 1.

  24. Intended for cross-platform drivers (html/JS app) on Google Developers Create API For Direct USB Access Via Web Pages (softpedia.com) · · Score: 1

    The proposed benefit is cross-platform drivers. Given a USB device that isn't one of the device types with generic drivers built into the OS, a JavaScript driver could be provided that will run on any OS - Windows, Linux, Mac, FreeBSD, Android - anything with a web browser.

    Consider as an example a USB-connected sensor board or relay board . The USB device declares that it will accept input only locally stored JavaScript, from file:// URLs. The software can then be an html file with an html GUI and JavaScript logic, reading sensors or sending commands with the endpoints defined by the USB device.

  25. A single round encryption is EASIER w/ same method on Experts Crack Petya Ransomware, Enable Hard Drive Decryption For Free · · Score: 2

    Remember the suggestion was to encrypt a small, fixed-sized block.

    You can create a rainbow table for encrypting a 16-byte block MORE easily than a hash rainbow of the same 16 bytes, because it's precisely the same operation, except the hash version does the operation 64 times.

    If you stored a million bytes of encrypted data, that would be (probably) more difficult than 16 bytes of hash, but not harder than a million byte hash.