Slashdot Mirror


User: raymorris

raymorris's activity in the archive.

Stories
0
Comments
10,114
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,114

  1. 20,000 H1Bs for the country vs 320 million citizen on HP Makes More Money, Cuts 16,000 Jobs · · Score: -1, Flamebait

    There are a total of 20,000 H1Bs for the entire country, compared to 320 million citizens, so ...

  2. yep, stupid. Teaching my kid her race is "wtf?" on Facebook Refuses To Share Employee Race and Gender Data · · Score: 3, Insightful

    On my daughter's birth certificate, I was quite tempted to enter it as "who cares, what year is it, 1814?"

    When Milan gets older and asks whether she's white, black, or Mexican, I may tell her "you are Milan, that's all. You're not a group, you are you."
    If she presses me, asking where her great-great-grandparents lived, they honest answer is "A lot of places, I don't know them all. Probably some in Jamaica, some either Ireland, Scotland, or both, some in Texas somewhere , but maybe that part of Texas was Mexico at the time."

  3. Not really. Versus "soft censorship" on WikiLeaks: NSA Recording All Telephone Calls In Afghanistan · · Score: 1

    Sounds like you just logically disproved the existence of "self censorship".

    > Censorship is when the authority prevents someone from saying something

    I don't think so.
    Government censorship = government is the authority preventing it.
    Network censorship = the TV network is the authority preventing it from going on-air.
    Self censorship = your own higher principles or prudence is the authority preventing you from saying something.

    > Or maybe you don't consider it to be a kind of censorship, despite its suggestive name...

    Where "self censorship" is defined as being just what the words imply - the self choosing what one wishes to say or not say, I don't really classify that as censorship. At least, most intelligent discussion about censorship wouldn't include a free person making up their own mind as to what they want to say or not say. You COULD call it self-censorship if I decide not to call you a fathead, but that dilutes the meaning of the word so much that censorship becomes a _good_ thing.

    Self censorship, as defined above, should not be confused with "soft censorship". We said censorship is when the authority prevents publication. Soft censorship, therefore, would be when the authority uses "soft" methods to prevent publication. If a government prevents the publication by "strongly suggesting" that it not be published, that is still the government preventing publication. They aren't excused because they used veiled threats as opposed to explicit threats.

  4. Surprised Assange has no idea what censorship is on WikiLeaks: NSA Recording All Telephone Calls In Afghanistan · · Score: -1, Redundant

    Mass surveillance is bad. I would have thought Assange would have said that. Instead, he doesn't seem to know what surveillance is and what censorship is. Twice he called this "censorship". Censorship is when the authority prevents someone from saying something, when communications have to be pre-approved before they are disseminated. I kind of assumed Assange had at least a grade-school education, but I guess not.

  5. Doh! Missing an important word on Google Fiber: No Charge For Peering, No Fast Lanes · · Score: 1

    That should read:

    If they've installed multi-terabit fiber at the curb you're all good. That's not exactly "the existing infrastructure (yes, copper)", is it?

    Pushing theoretically almost a gig on coax doesn't get there when there's one coax line line serving a hundred households. New infrastructure is needed.

  6. That takes care of the last 50 feet, with new cabl on Google Fiber: No Charge For Peering, No Fast Lanes · · Score: 1

    That gives you a maximum theoretical bandwidth of 900 Mbps from your house to the curb, assuming your coax has been upgraded in the last several years (RG6 with compression connectors, not crimp connectors). If they've installed multi-terabit lines to the curb you're all good. That's not exactly "the existing infrastructure (yes, copper)", is it?

    To use "the existing infrastructure" means your neighborhood has a coax line capable of no more than 900 Mbps theoretical max. Let's see, divide that by 100 households ...

    I'm not a big fan of some of the cable companies, but to say the pre-existing infrastructure from the 1980s is capable of providing gigabit speeds to each house is plain silly. I'm glad I don't have Comcast or Time Warner (Suddenlink has been good to work with) and I'm anxiously awaiting the arrival of Google fiber or something similar. I sure wish they'd all upgrade to fiber everywhere. There's a reason the upgrades are done by installing fiber, though. There's no magic wand they can wave to turn old coax based equipment into multi-terabit equipment needed to provide each customer with gigabit. If there were, nobody would be installing fiber.

  7. a ballsy prediction. 256k of RAM? on Google Fiber: No Charge For Peering, No Fast Lanes · · Score: 0

    > Single mode fibre is for Internet what copper is for phone lines. It works even if it is 50 years old

    Predicting that fiber optic technology won't change in the next fifty years is pretty audacious. Are you the same guy who decided "noone will ever need more than 256k of ram"?

  8. same old 1980s service on a new pole, sure on Google Fiber: No Charge For Peering, No Fast Lanes · · Score: 1

    To add one more house, providing the same old 1980s cable TV service, sure. That shouldn't take more than a few weeks to approve. I'm talking about new types of services, such as Google fiber. What happened with cable TV when it was new? On August 1, 1949, FCC secretary T.J. Slowie noticed that a company was developing cable TV and launched an inquiry. In 1965, finally issued it's first approval.

  9. Thousands upon thousands of case studies on Google Fiber: No Charge For Peering, No Fast Lanes · · Score: 1

    I should actually have said that slightly differently. It's SEVEN years for the approval process itself. Two years is a reasonable estimate of the additional deployment time to meet regulator demands re deploying to less populated areas, etc.

    > why does that necessarily follow?

    There are 50 states each regulating several utilities, and thousands of cities and counties doing the same. What DOES happen is that approvals for service upgrades take, on average, seven years. That's just the fact. Why is it necessary? I don't know, maybe because in a republic, government bureaucracy is designed to be fair, not fast? Whatever the reason, it's a SLOW process, that's consistently true.

    > Around here the phone, electricity, gas, sewer, and water are all municipal or provincially-owned utilities. They seem to do just fine.

    US infrastructure has some real problems, but yeah it's normally okay to use sewer pipes that are 80 years old. The utility has a full crew that goes around patching in new sections when they break. Same for phone - untwisted copper that was installed in 1950 still works just fine. Using 1950s wiring for internet doesn't work, because that would mean no internet. Yes, those old POTS phone lines still work, exactly the same as they worked 20 years ago. I don't want internet service from 1994. If you're old enough, you may remember it took over 25 years from the introduction of touch tone to completely transition from pulse dialing to touch tone. That didn't even begin until touch tone protocol was approved, 20 years after it was defined. So you had the touch tone protocol defined in 1943, approved in the 1960s. and the upgrade finally complete in the 1980s. That's kind of okay for phones - they haven't changed much in the last 100 years. Internet technology is still in the stage of innovation and improvement. Waiting a total of 40 years from the time a new protocol is developed until it's deployed would be a problem.

  10. Uverse is 45 Mbps over new(ish) wire on Google Fiber: No Charge For Peering, No Fast Lanes · · Score: 3, Informative

    Uverse maxes as 45 Mbps and requires a minimum of UTP drop. It does not work over "the existing infrastructure" (untwisted pair) unless that infrastructure has recently been upgraded.

  11. or nine years sooner on Google Fiber: No Charge For Peering, No Fast Lanes · · Score: 1

    > probably a regulated monopoly if the local laws require.

    Which means it would take, on average, nine years to approve a service improvement. That's exactly what Google does not want.

  12. gigabit over cat3. Profit! on Google Fiber: No Charge For Peering, No Fast Lanes · · Score: 1

    > the existing infrastructure (yes, copper) works well for speeds up to what Google Fiber is offering and more (100Mbps - 1Gbps).

    Explain how you can do that and we can both become billionaires.

  13. for one, the speed and price wasn't approved in on Congress Unhappy With FCC's Proposed Changes To Net Neutrality · · Score: 1

    The idea behind treating them as common carriers is that the FCC would then be allowed to set the services they can offer, coverage areas, and what price they can charge*. It takes a few years to go through that process because it's based on calculating the company's cost, bickering about how much profit will be allowed, penalties for operating efficiently and making more profit than planned, etc. It's illegal to offer a regulated service that's not approved, and Google fiber wouldn't be approved.

    There are many conditions of approval that Google fiber wouldn't meet. An obvious one is universal coverage - generally you can't just run service to places where a lot of people want to buy it. You have to run lines to each household in the sparsely populated areas if county, to neighborhoods where no customers have preregistered, etc. One can argue about whether or not that was good for copper phone lines, but it simply wouldn't have happened with gigabit fiber. Google would have gone to appropriate areas in Costa Rica or somewhere instead.

    Assuming Google managed to work out some agreement about universal coverage, etc. figure that whole process should take 5-10 years and end up with Google running gigabit to all incorporated areas (city limits) whether or not any customers in the neighborhood want it. Those comprises might add 35% to the cost and two years to the deployment. So figure seven years in the approval process and two extra years deploying to different areas in different ways to meet FCC demands - it would be delayed by about nine years total. Nine years delay is "okay" when you're talking about upgrading POTS from party lines to dedicated lines. Nine years is a long time in internet time, though.

    * For phone companies, the FCC used to set prices, but a few years ago they turned that over to state boards, so there are 50 negotiations and 50 approval processes required before improving service.

  14. So 40X slower than I originally said on eBay Compromised · · Score: 1

    Avoiding the word "billion" because it means different things in different countries ...

    > oclHashcat's fron page says 11231M c/s for SHA256

    Yes, I should get some sleep. Divide that by 110,000 rounds, you get 102,100 hashes ($5$) per second. A bit higher than 100, and a bit lower than 10 billion. For any definition of billion. :)

    Note my original calculation assumed 4 million hashes per second. With the oclHashcat numbers, we're looking at 160,000 years per password, for a reasonably good password.

    If the user then set their password to the very minimum that eBay will allow, that could of course end up badly. Password1234 is going to get cracked no matter how you hash it.

    Hmm, I see there is a competition going on for a new hash function. Robert Morris created crypt(3). His son, Robert T Morris, created the Morris worm. It might be time for Ray Morris to become known beyond the 50,000 sites or so that use our existing security solutions.

  15. Would be 100 million as fast as hashcat claims on eBay Compromised · · Score: 1

    On it's front page, oclHashcat says it can run sha256() 11 million (not billion) times per second on a GPU. That's reasonably close to what I get.

    crypt($5$) is 110,000 rounds of sha256(). Therefore, hashcat can run crypt($5$) 100 times per second.

    You thought "easily check over 10 billion hashes a second", hashcat's web page says 100 per second. Doing 110,000 rounds instead of one matters, and of course there's the little confusion between million and billion.

  16. 3,963 years per password on eBay Compromised · · Score: 3, Interesting

    Let's assume they are using a good salt. With more than 64 bits of entropy, that means the bad guy has to crack one password at a time. That's critically important.

    Ebay currently requires that passwords have uppercase, lower case, and number or punctuation, so lets say a typical password is about 60 bits of entropy*. (That's a rough guess). So we have roughly 1 X 10^18 passwords to try.

    As I recall, crypt() defaults to 110,000 rounds, so we can crypt($5$) about 4,000,000 times per second.

    So how many seconds will it take to try all of the passwords?
    1 X 10^18 / 4 X 10^6 = 2.5 X 10^11 = 250,000,000,000 seconds
    On average, we'll need to try half of the passwords to get the right one, so we'll need 125,000,000,000 seconds.
    125,000,000,000 / 3600 = 34,722,222 hours
    34,722,222 / 24 = 1,446,759
    3963 years

    I'm happy with 3,963 years per password.

    That assumes 60 bits of entropy in the password - a decently good password. With a 50 bit password, it would be three years per password - still not too feasible for a Paypal password. A 40 bit password would fall in about 33 hours, if I did that bit of math right. That's still kind of high, but certainly doable - you just won't get very many people's passwords.

    It seems to me that when using good salt, so the bad guy has to attack one password a time, and a reasonably good password, SHA256 is definitely not too fast to be secure.

  17. bestiality is illegal and guns are not for oral us on Step Toward Liberating Electronic Devices From Their Power Cords · · Score: 3, Funny

    > a 9-colt with your tongue?

    If that's a 9mm Colt, that sure sounds like a bad idea.
    If you're talking about tonguing a horse - nasty.

  18. instant charge. Touch, not plug in on Step Toward Liberating Electronic Devices From Their Power Cords · · Score: 1

    Capacitors charge virtually instantly, so a device wouldn't have a power cord attached to it for hours. Instead, you'd just touch it to the charger.

  19. Good point on eBay Compromised · · Score: 1

    I kind of had tunnel vision there, didn't I. That comes from 17 yeas of focusing on protecting passwords for a living.

  20. Please read the first 3 sentences, or last 3 on Congress Unhappy With FCC's Proposed Changes To Net Neutrality · · Score: 1

    Please read the first three sentences of my post. Alternatively, read the last three sentences. My post isn't about either common carriers or net neutrality, it's about the FCC rule making process.

    If you're interested in my thoughts on those other topics, see the last four paragraphs of this other post:
    http://slashdot.org/comments.p...

  21. Yes, I did that when a server NEEDED something new on Robyn Bergeron Stepping Down As Fedora Project Leader · · Score: 1

    Certainly, if you want to develop next year's version of your software on next year's version of RHEL, Fedora is appropriate. I even deployed Fedora to production once when the application absolutely had to have a new subsystem that wasn't yet available in CentOS (not without compiling and replacing a bunch of stuff).

    Okay, so actually I'v done it more than once. First I did it not knowing any better, than when that bit me I did it one more time when I didn't have much choice.

  22. Hash algorithm? Static salt like eBay Japan? on eBay Compromised · · Score: 2

    If eBay US was using a static salt like eBay Japan was, this is a big deal. If they were using a proper (random) salt, and a strong hash, it's not that big of a deal. Does anyone have any idea how eBay hashes the passwords?

    I'm not worried about it if they were doing something like:
    UPDATE user SET password= ENCRYPT(password, CONCAT('$5$' , uuid(), '$')

  23. Comments, WHT, century-old copper vs Google Fiber on Congress Unhappy With FCC's Proposed Changes To Net Neutrality · · Score: 5, Interesting

    Several people replied asking for more information. It's really cool that we, as a community, are wanting to engage beyond just a slogan or headline.

    My main point was that in my experience the FCC does read comments and incorporate good ideas into the next round of rules. So my post was more about the FCC process than about net neutrality per se. I'm no expert on wholesale bandwidth, though I've run a SMALL hosting company for many years. I'd have to do some research myself before I'd be able to file a useful comments. There's also more to learn than can fit in a reasonable Slashdot post. That said, I can point people in the right direction to learn more. There's a lot to learn, so it will take some time.

    The current proposal is informed by the existing comments. Many of the people who bothered to submit a comment to the FCC are knowledgeable about the issue and the direction that the FCC has been thinking about going. You can read comments others have made on various FCC filings here:
    http://www.fcc.gov/comments
    Specifically this one is relevant:
    http://apps.fcc.gov/ecfs/comme...

    Of course there are plenty of less informative comments, too, but there will be some gold in there.

    Webostingtalk.com is a forum about web hosting where operators of a lot of small mom-and-pop internet companies discuss these things, as well as people involved with larger operations. There are threads on WHT discussing things in more detail, from people who actually know the difference between single-mode fiber and multimode fiber, and why one might be deployed rather than the other, and what kinds of government policies might influence such choices.

    The core problem, as I understand it, is that the thousands of pages of regulations for common carriers are all designed for very mature industries, like POTS. The FCC will say "for the next 20 years, you must provide exactly this grade of service at this cost". It takes a for years to get a new grade of service or a new price approved, so you don't change things every year - more like every 10-20 years. That almost works for railroads and copper phone lines - nothing much has changed in the last 20 years (or 100 years) in the realm of copper phone service - some of the lines are about 100 years old. Do you want your ISP to be providing the same service they did in 1994? Obviously that wouldn't work.

    A great example is Google fiber - that would have been all kinds of illegal under a common carrier regulatory regime. That service is GIGABIT - 50X as fast as the competition, for about the same cost as the old cable or DSL. That's exactly the kind of progress we want to promote, not outlaw.

    Let's say you wrote a new set of common-carrier style regulations for internet, rather than inheriting most of the POTS bureaucracy. You may recall that for Google Fiber, Google looked for cities where the government would get out of the way and let them get the damn thing built, ASAP. If the FCC were managing ISPs the way they do phone companies, Google wouldn't (couldn't) have deployed quickly in Provo, they would have had to chose a city in Costa Rica or somewhere instead.

    Again, I'm not an expert on the wholesale or retail internet market. I commented on the 2257 rules because I did have a useful combination of expertise in that area - and the FCC implemented the suggestions I and others made.

  24. Not THAT many. Some people write in PHP 4 too. on Robyn Bergeron Stepping Down As Fedora Project Leader · · Score: 1

    Fedora makes sense for a computer geek's desktop, if that geek wants to play with the cutting edge. For web hosting, not so much. Centos makes more sense if you want it to just work, and keep working. Consider the support lifetime for Fedora.

    Some people DO use Fedora on a web server. Since people write software in PHP 4 too - that doesn't mean it's a good idea.

  25. You CAN influence FCC rules, I have on Congress Unhappy With FCC's Proposed Changes To Net Neutrality · · Score: 5, Interesting

    Your post pretty well covered the popular meme on Slashdot. In fact you really CAN influence FCC rule making, I have. I had the opportunity to observe several rounds of 2257 rule making and participating in one around. The FCC does in fact incorporate well reasoned comments into their rules. Chairman Wheeler KNOWS that the proposed rules have problems. He testified it has problems. The problem is, there's not currently a better proposal. "Pretend that they are telephone companies, call them common carriers" is the common refrain on Slashdot. Unfortunately regulating the entire year United States Internet is a little bit more complex than a headline. There's a REASON he isn't categorizing ISPs as telephone companies. If you want to participate directly, you will l need to find out what the problem is, why it doesn't work to just call them common carriers and think that's going to solve anything. What problems does that cause? It does cause real problems, that would really affect you. If you come to understand what those problems are then you can file comments and make a proposal to actually solve the problem. As I mentioned I've done the same with 2257. Actually understand the issues -understand why common carrier status is not by itself an answer and then you can propose actual solutions. The FCC does listen to actual solutions, they listened to mine. Mindlessly repeating a slogan doesn't help them come up with rules that actually work, though.