Slashdot Mirror


User: raymorris

raymorris's activity in the archive.

Stories
0
Comments
10,114
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,114

  1. workplace violence on Learning To Code: Are We Having Fun Yet? · · Score: 1

    That would result in workplace violence.

  2. Artificial intelligence says no. Design 9M or 4? on "Ballooning" Spiders Use Electrostatic Forces To Generate Lift · · Score: 1

    > That is like saying "why would you use math to figure out the area of that rectangle when you can just guess randomly until you find a fitting number".
    > Both solutions work but one is intelligent.

    That's the same distinction between an old-school program that tells the machine exact instructions "go forward 3 meters, turn left, go 1 meter", vs. artificial intelligence - building a robot that can adapt to it's environment. Why make it adaptable when you can program in precise instructions to begin with?

    The entire field of AI is based on the idea that adaptable is better. We know of about 8.7 million species, from ones that live in boiling acid to blue whales and humans. If you wanted to make million variations on something, is it smarter to explicitly design one, then the next, then another, nine million times, or is it more intelligent to design one or ten which have the ability to morph into whatever variation is required?

    You're assuming hard-coding specific values is the smart way. In almost al cases, hard-coding is the dumb way to do things.

  3. interesting that a newbie is telling the world how on Learning To Code: Are We Having Fun Yet? · · Score: 5, Interesting

    The author has a point, maybe. I did notice that he was ten years old in the nineties and learned to program after college, meaning he has maybe five years of experience. He may be missing the REASON you name it "XMLReader", not "SusieQ" or whatever he said. If he ever has to grok a medium sized project full of classes with "whimsical" names he may wish for clear, intuitive names.

    My predecessor at work was whimsical - every script or class has a variable named "bob", which sometimes is important, sometimes does nothing. Occasionally, he forgot what he was using bob for in a particular function and tried to have it represent two different things. One of our tasks is to slowly replace all of his whimsical code with proper code that is reliable and self documenting

  4. wonder if they'd be there without the airport on New Species of Legless Lizard Discovered Near LAX Runway · · Score: 1

    I wonder if they were there BECAUSE the airport was there.
    Save wildlife - build more giant complexes of buildings and asphalt .

  5. Comp Sci 20 years, applications 2-3 years on Ask Slashdot: Prioritizing Saleable Used Computer Books? · · Score: 3, Insightful

    I have some computer science / theory books that are twenty years old and still quite valuable. Those include Cod on relational database design theory. My Visual Basic 6 books are trash because they cover a specific, outdated version of the software.

    Thinking about it further, not only are the good old books theory oriented, the ones that come to mind on authored by the originators of the topic - Cod & Date, K&R, etc. The thoughts of the founding fathers of a discipline are always relevant.

  6. Yeah, lots of repeats. Checked in multiple browers on RSA Warns Developers Not To Use RSA Products · · Score: 1

    I checked it in a couple of different browsers. Only the Android browser made it look correct, and that was only on the second viewing using that browser.
    When I first viewed it, it was broken in Android too. Most lines are repeated three times. For example, the sentence starting with "Here's the problem. Dual_EC_DRGB is flawed" is in there three times. I wonder what you'll see if I repost a copy / paste of the text:

    Putting it bluntly, you can't.

    Here's the problem. Dual_EC_DRGB is flawed, but is *required* to be implemented as part of anything that claims FIPS 140-2 compliance. Anything cryptographic you sell to the government is *required* to be FIPS 140-2 compliant, and operated in FIPS 140-2 compliant mode.

    This includes just about all routers, switches, firewalls, operating systems and any other network or security gear in use by the U.S. gov't. Companies that supply this equipment include Cisco, HP, Dell, IBM, Juniper, EMC/RSA, Red Hat and others. In short -- everyone.

    Granted, Dual_EC_DRGB is only one of four RNGs in the NIST suite, there is no way a user can specify *which* of those RNGs are actually used. Unlike setting cryptographic algorithms for SSL/TLS, there isn't any frontend for RNGs. They're implemented by the vendors. They're enabled in the products by a simple checkbox setting a registry entry (Windows), a kernel boot parameter (Red Hat) or config setting (most network infrastructure equipment).

    Which is your vendor using? Who knows. But if we take the Snowden leaks seriously, the NSA has pressured many major companies to insert "weaknesses" or "backdoors" in various crypto-enabled gear.

    Most people are thinking along the lines of "look for malicious code, odd errors or the like". But in the world of crypto, if the RNG isn't R, the entire thing collapsed like a house of cards. All tPutting it bluntly, you can't.

    Here's the problem. Dual_EC_DRGB is flawed, but is *required* to be implemented as part of anything that claims FIPS 140-2 compliance. Anything cryptographic you sell to the government is *required* to be FIPS 140-2 compliant, and operated in FIPS 140-2 compliant mode.

    This includes just about all routers, switches, firewalls, operating systems and any other network or security gear in use by the U.S. gov't. Companies that supply this equipment include Cisco, HP, Dell, IBM, Juniper, EMC/RSA, Red Hat and others. In short -- everyone.

    Granted, Dual_EC_DRGB is only one of four RNGs in the NIST suite, there is no way a user can specify *which* of those RNGs are actually used. Unlike setting cryptographic algorithms for SSL/TLS, there isn't any frontend for RNGs. They're implemented by the vendors. They're enabled in the products by a simple checkbox setting a registry entry (Windows), a kernel boot parameter (Red Hat) or config setting (most network infrastructure equipment).

    Which is your vendor using? Who knows. But if we take the Snowden leaks seriously, the NSA has pressured many major companies to insert "weaknesses" or "backdoors" in various crypto-enabled gear.

    Most people are thinking along the lines of "look for malicious code, odd errors or the like". But in the world of crypto, if the RNG isn't R, the entire thing collapsed like a house of cards. All the NSA has to do is have essentially a single obfuscated line of code in the RNG. Something along the lines of "if Backdoor then RNG=Dual_EC_DRGB". Hell, in assembly it could probably be a simple JNE instruction.he NSA has to do is have essentially a single obfuscated line of code in the RNG. Something along the lines of "if Backdoor then RNG=Dual_EC_DRGB". Hell, in assembly it could probably be a simple JNE instruction.

    The answer is don't use FIPS 140-2 mode, but if you're dealing with the government -- and a huge number Putting it bluntly, you can't.

    Here's the problem. Dual_EC_DRGB is flawed, but is *required* to be implemented as part of anything that claims FIPS 140-2 compliance. Anything cryptographic you sell to the government is *required* to be

  7. android 2.3? on RSA Warns Developers Not To Use RSA Products · · Score: 1

    Was that mess posted with Android 2.3 by chance?

  8. read while carrying TBs from datacenter in Scion on Never Underestimate the Bandwidth of a Suburban Filled With MicroSD Cards · · Score: 1

    As I read this, I'm on a trip to Houston to retrieve several terabytes of data for Clonebox. At 90 minutes each way, if I bring back 8TB, that's what, 60 Gbps. There's no way I could transfer that data over my cable modem.

  9. I'd like a "stop advertising this" button and so w on Google May Replace Cookies With Unique AdIDs · · Score: 1

    That's a good idea. More generally, "stop showing me ads for this, I'm not going to buy it (or don't care to have it show up where other people might see it on my screen). That would be a win-win for consumers and advertisers.

    I don't care for the fact that advertisers have a profile of me, but I do like seeing ads that might actually interest me. eBay does a good job of showing me listings I might want to look at.

  10. did they confuse feet and meters again? on Software Glitch Means Loss of NASA's Deep Impact Comet Probe · · Score: 1

    Nm

  11. Ferarri rolls out Kia competitor on Intel Rolls Out Raspberry Pi Competitor · · Score: 3, Insightful

    It just costs ten times as much and lacks the same capabilities.
    Other than the fact that it's a completely different class of product ...

  12. Could, would be error while Congressional hearings on Linus Torvalds Admits He's Been Asked To Insert Backdoor Into Linux · · Score: 1

    Sure they _could_, but since the people who misled the judges were representatives of an agency, engaging in the agency's business as directed by their superiors, it's better that the agency and it's leaders are held accountable. For now, there are congressional hearings going on handling the matter through the political process, with congresscritters feeling public pressure. As a general rule, judges don't like to single-handedly usurp the public political process. Of course the Supreme Court from time to time has to rule on cases involving politically disputed issues, but lower courts generally shouldn't.

    If, through the process of congressional hearings and such, it becomes clear that specific people committed perjury, that would be time for courts to convict certain people, after the public has made decisions through their elected representatives.

  13. Some MOOCs say they don't know, are experimenting on Massive Open Online School "FutureLearn" Opens · · Score: 3, Insightful

    > I worry about the educational validity of MOOCs and feel that universities don't really have an idea of what they are for

    A Google fellow working on MOOC.org / edX, Dr. Guha, said Tuesday that they most certainly don't know what they are doing, no more than he knew what he was doing when he created RSS, so they are trying to set up a flexible framework in which people can experiment, try things.

  14. legal != ok, UK not busting US pot smokers on Linus Torvalds Admits He's Been Asked To Insert Backdoor Into Linux · · Score: 5, Insightful

    It's ILLEGAL for the NSA to spy on Americans, and for good reason. That doesn't mean it's OKAY for them to spy on everyone else, but at least it's LEGAL.

    As a US citizen, I'd rather China spy on me than the NSA. The reason is because China isn't going to try to "bust" me on a minor and erroneous charge. For example, there is a porn star named Ann Howe aka Melissa who started in porn when she was 20. She looks young, so several people have been busted for "child porn" for having pics of her when she was 20-25 years old. I don't want my government spying on my internet usage because my government will charge me with child porn based on a chick in her twenties. The Chinese government doesn't give a shit what porn I see. Therefore yes, it's less bad for a government to spy on foreigners - even when I am the foreigner.

  15. judges are pissed NSA lied to get their okay on Linus Torvalds Admits He's Been Asked To Insert Backdoor Into Linux · · Score: 4, Insightful

    Judges have ruled that the NSA could do these things - when the NSA lied to the judges about what they were doing and how. Some of those judges are pretty pisses off now that they know how the subpoenas were abused, so I wouldn't think think those rulings definitively say what NSA is doing is in fact legal. The judges who made the rulings don't think they approved what was actually going on.

  16. Wishing them the best of luck on Massive Open Online School "FutureLearn" Opens · · Score: 2

    There are some good people at Open University. A commenter mentioned quality. The person at OU who I work with annoys me at times because he insists on top quality. There's no such thing as a quick fix on the software we use - the OU person insists that every change is WELL thought out and implemented in the very best way possible, even if that's a lot more work than doing it the easy way.

    Best of luck to my friends at OU in this new endeavour.

  17. when you show the patent examiner what part, how, on Group Attacks Bad Software Patents Before They're Approved · · Score: 3, Informative

    Sure, when you show the patent examiner what part of the Linux OS (or just kernel if you prefer) previously did that thing in the patent, how, and when. It sounds like that's the type of thing these people are doing.

  18. 12 trolls, hundreds of NPEs with salespeople on Ask Slashdot: When Is Patent License Trading Not Trolling? · · Score: 2

    MOST patent suits are filed by one of twelve companies. There are hundreds of companies who actively try to license their IP, like Arm and Bell Labs do.

    The "good" scenario is in fact the common one. The bad scenario is the one you see covered on Slashdot.
    Also from time to time Slashdot covers a story of proper patent use, but in a totally misleading way so as to make it sound bad. For example, last week we had the story of Cisco wanting to come to the rescue when a big bad patent troll was suing defenseless defendants. The big bad wolf in that case is a nonprofit organization and the "defenseless victims" are AT&T, Comcast, Level3, and Time Warner.

  19. NRA supports background checks, training etc. on Ask Slashdot: When Is Patent License Trading Not Trolling? · · Score: 1

    You have a valid point. It's also worth noting that the NRA regularly supports bills requiring background checks, mandatory training to get a CHL, etc. Of course as you said they also have to watch out for slippery slopes.

  20. Re:overwrites previously allocated virtual memory on New IE Remote Code Execution Vulnerability Discovered · · Score: 1

    Here are 1.3 million pieces of evidence:
    https://www.google.com/search?q=IE+security+zone+exploit

    As explained US_CERT, the US Computer Emergency response team:

    > There are a number of significant vulnerabilities in technologies relating to the IE domain/zone security model,
    > local file system (Local Machine Zone) trust, the Dynamic HTML (DHTML) document object model (in particular,
    > proprietary DHTML features), the HTML Help system, MIME type determination, the graphical user interface (GUI),
    > and ActiveX. IE is integrated into Windows to such an extent that vulnerabilities in IE frequently provide an
    > attacker significant access to the operating system.

    Microsoft winked a acknowledgement the root of the problem yesterday with their advisory about this particular
    vulnerability. Microsoft's advisory says:

    > By default, all supported versions of Microsoft Outlook, Microsoft Outlook Express, and Windows Mail open HTML
    > email messages in the Restricted sites zone.

    That's as opposed to the Local Intranet Zone, the Trusted Sites Zone, etc. IE opens content in the restricted zone (cage) and hope that there isn't a leak, like hoping that lion doesn't reach out of the cage. (and hope that IE picked the right zone to start with - web sites and batch files are both .com addresses.) Opera doesn't need to try to keep web sites from accessing functions in the local computer zone - there is no local zone, it just does web sites.

    If your browser doesn't run shell batch files and registry patches, it doesn't have to decide which batch files to run in what context. It simply doesn't run batch files, or do anything else but show web pages.

  21. Re:overwrites previously allocated virtual memory on New IE Remote Code Execution Vulnerability Discovered · · Score: 1

    My language was unclear. In Explorer, you can go to "My Computer" and choose "Format Drive". Windows Explorer IS Internet Explorer, showing a different menu bar.

    In Chrome, Firefox or Seamonkey, there is no "format drive" function. Browsers don't need, and should not have, the ability to reformat your hard drive. That decision to combine the system shell with the browser is the underlying cause of the severity of many Explorer security issues.

  22. overwrites previously allocated virtual memory on New IE Remote Code Execution Vulnerability Discovered · · Score: 2

    It sounds like the destruction of objects is incomplete, so the attacker can still write to that area of memory. It's certainly possible that it's writeable BECAUSE it's still associated with the process, which mean it runs in the context of that process. Additionally, it's likely that while the attacker can write to the memory, they can't arbitrarily execute it directly. Rather, they have to cause IE to execute it, in which case it would run with the privileges IE has when IE runs it.

    A security problem there is that since IE4, IE has been integrated with the system shell. Therefore, IE privileges are shell privileges - anything the user can do, the browser can do. For this reason, I much prefer a browser that is only a browser, not another view of the system shell. A browser that's just a browser can only screw up web pages, not the entire system.

    Yes, I'm aware that on Windows 8 Microsoft has attempted to sandbox the browser. Like putting a lion in a cage, that works until the lion reaches through the bars. It doesn't compare to using a browser such as Firefox which does not have the potential harmful abilities baked in. No need to sandbox something that doesn't exist.

  23. bcache does read, write back, and write through on OpenZFS Project Launches, Uniting ZFS Developers · · Score: 1

    Bcache does read caching and your choice of write through or write back. I believe that's the same thing ads offers. If you know of some difference in the caching, please specify what you are referring to.

    Obviously ZFS is a volume manager, a filesystem, a file server AND a caching solution. Bcache does one thing and does it well - caching. Volume management is a separate thing handled by a volume manager such as LVM, though LVM can serve as a front end to bcache, allowing the user to manage both with one set of tools.

  24. aka bcache + any filesystem you want on OpenZFS Project Launches, Uniting ZFS Developers · · Score: 3, Informative

    Using a small, fast SSD as a cache for large, slow disks can be awesome for some workloads, mostly servers with many concurrent users.

    To do that with ANY filesystem, bcache is now part of the mainline kernel . dmcache does the same thing, and there is another one that Facebook uses.

  25. Linux user for 15 years. One thing MS IDE is nice on IBM Promises $1B Investment In Linux Development · · Score: 1

    Agreed. I've used Linux for fifteen years and very rarely use anything else on hardware I own. One of the few things MS does better is their IDE. Visual Studio is excellent. Their programming languages may be excrement, but the IDE is excellent.