You did a great job further explaining the last sentence you quoted from me "Then if one generator is slightly ahead of or behind the grid it can sense the difference and speed up or slow down as needed."
That of course doesn't define the frequency the grid should run. For a very small grid, as can often be found in less developed countries, the grid may be only a very few power stations, so the "right" frequency isn't as stable as it is on the primary grids in the US. In the degenerate case of two generators, there's absolutely nothing that makes them converge to the right frequency. They'll converge, but to some random frequency.
Where smaller facilities are located far from industrial centers and feed through a relatively small line (think wind), the local condition after impedance is considered is not unlike the two-generator case.
Here's a bit more about what AC is referring to. AC electricity switches from positive to negative 50 (or 60) times per second. Imagine two power stations that are interlinked. If both send positive at the same time and both send negative at the same time, they can share the load. If one sends negative while the other sends positive, they'll cancel each other out. The grid becomes a short circuit between the two generators.
In order to have an electric grid, to have many power stations interconnected, they all need to switch from positive to negative at exactly the same time. The easiest way to have them all running in sync is to agree they'll all run at exactly 50 Hz. That establishes the frequency of the grid as a whole. Then if one generator is slightly ahead of or behind the grid it can sense the difference and speed up or slow down as needed.
So an accurate AC frequency is needed in order to have the grid work right. Since the frequency is already accurately controlled for grid requirements, clocks may as well need make use of it.
In the last year or two grid operators have starting allowing the frequency to vary a bit more than they used to. This is needed where wind power makes up a significant percentage of generation because wind is gusty. Wind is a cheap source of power, but very different from traditional methods and not nearly as controllable / predictable, so the grid has to adapt to the idiosyncrasies of wind.
>. create two nonces, stuff one in KeyChain, have an app PIN or PW unlock the other part, XOR it for the working key.... > If the data has to be backed up, it could be encrypted with a nonce
The key to your whole scheme is the nonce. And you don't know what a nonce is. So I'll answer your question: > Maybe app developers should consider doing their own encryption?
App developers should develop apps. Cryptographers, who not only know what a nonce is, but can rattle off the top three most common problems when using a nonce, should do cryptography. Secure encryption is such a difficult problem that people who get a master's degree and spend their entire careers doing it STILL can't reliably do right. It's *that* difficult.
I moved sites to new servers enough times that my checklist was detailed enough to turn into a set of Perl modules and scripts. Our system literally copied sites to new hardware in a different data center fully automated every night (for warm spares). It did that with no prior knowledge of the site configuration. Just parse config files and figure it out - ServerAlias gives a name, that means they'll be a DNS to match which we have to handle. Zero down time server moves without even any human intervention.
> no hardware broke
Geez I sure hope that's not right. If you're down for a week trying to move to a new server and you didn't even have to deal with any hardware issues, a week of down time just because you don't know what you're doing, that's REALLY bad.
I made an analogy to flying a plane "three mistakes high"; let me expand on that. Yesterday I finally got to fly my new plane for a minute after waiting two weeks due to all the rain. Like most RC planes, mine has the battery almost all the way at the tip of the nose to achieve proper balance.
On climb out before I could got to altitude, the nose fell off and hung down, throwing the balance way out of whack. A tail-heavy plane is VERY hard to fly. So I had a mechanical failure at exactly the wrong time. Not my fault it crashed, right? I could say that.
The nose came off because I made the mistake of forgetting to bring the part which secures the nose. Mistake number 1.
Further, I was so anxious to try out the new plane that when I realized I forgot the part, I decided to go ahead and fly "for a minute" without the nose properly secured. Mistake number 2.. When I saw it came off, I knew the CG would be much too far back and I tried to turn the plane around back toward me. What I should have done instead is apply down elevator to compensate for the rearward CG. Mistake 3. I saw that the plane wasn't turning as expected. I thought "gee I wonder why?" A better pilot would immediately recognize that being unresponsive to control input is an indication of a stall, and would apply down elevator. Mistake 4. Because I didn't recover from the stall, the plane ended up nose diving into the ground.
When I designed and built the plane, I knew that nose dives are the most common crash, so I designed and built it to survive a nose-down crash with little damage. I had it fixed in 5 minutes.
I could blame mechanical failure - the nose fell off. I could point out it fell off before I had a chance to gain altitude. The fact is, it took FOUR mistakes from me to allow the crash to happen yesterday. Still because I didn't make design mistakes that would cause catastrophic damage in a nose-down crash, it was no big deal. It would have required five mistakes in my part to really damage the plane.
I'm obviously not a great RC pilot. Yet getting even one thing right was enough to avoid a big issue.
> This can be technical, it can also be financial (if we roll back we have to pay two data centers for another month or even a year).
That's why you do the migration a week before the billing period ends. That's part of my checklist. What do you want to bet these guys didn't have that on their checklist, if they had a checklist at all?
Shit happens. Good engineers *know* that shit happens. So they have roll back plans, backups, etc. So that even when shit happens, you don't have the site down for a week.
It CAN be hard to decide when to roll back (or switch over to the warm/hot spare). Sometimes you make a mistake in that decision. I've made a mistake in not switching over sooner. (Yet 've never regretted switching over too soon - lesson learned). Available evidence strongly suggests the Slashdot team made just such a mistake. I didn't say they are idiots, I said they made mistakes.
I'm about to go fly my RC plane. The altitude rule with RC planes is "fly three mistakes high". That means you're high enough to make an error, recover from it, make another error and have time to recover from it, and make a third error in that recovery before you hit the ground. It definitely looks like either the person running this migration wasn't three mistakes high before starting (which would itself be a mistake), or they made more than three mistakes. They definitely crashed, hard.
I don't know exactly what happened, and even the boss may not know because techs may be trying to cover their ass. (In fact trying to cover your ass during an incident is a VERY common mistake.). That's why I suggested he may want to have a third party look into what happened and how robust the set up is now. Because evidence suggests there is little reason to be confident.
I said I'm sure they ran into some bad luck with a drive failing or something. On a well-run server migration drive failure doesn't result in a week down time, or any down time - drives are redundant in raid. During a properly- managed server migration, you can always switch back to the old server, which has been working for years, by updates the A record. That takes no more than five minutes for roll back, because you lower the TTL ahead of time.
Worst case would be two simultaneous data center fires, in which both the old and new data center burn to the ground. Since the first step of any major change is to pull a backup, the worst case means restoring that backup, which could take several hours. Hours, not a week. If both datacenters burn.
> most likely they worked their asses of the last few days
I'm sure they did. The hardest work most people ever do is trying to handle something that they don't what to do with.
> deserve better than a baseless claim that the technical team didn't know how to handle the issues properly
We know the results were terrible. They did a migration and either wiped out the old working server before they had the new one up, or decided rather than taking 30 seconds to switch the A record back they'd just be down for a week. They didn't do the job at all. So either they weren't trying or they didn't really know what they were doing. Never heard of a tar pipe, TTL, and run chown -R during a migration. They didn't do a decent job, total failure. So either they didn't know how, or they were slacking. I highly doubt they were slacking.
I've been active on Slashdot for many years. This is my second account, my new account only five years old or so. I have an affection for this site.
I've been managing servers far longer, since 1997 or so. I've owned two hosting companies and consulted for several others. I've had the opportunity to contribute code to the Apache server, the Linux kernel, and a lot of the other software we all use. I've been writing code in Perl, like Slashdot uses, the whole time. I was once the only person allowed to touch the GirlsGoneWild servers because I was the only one trusted to not break something. So in other words, I've been around a while.
In all that time, I've never seen a site move cause a week of down time unless people just kept making mistake after mistake after mistake. It's just not necessary to have more than a few minutes down time *even when things go very wrong*. When things go right, switching to a new server in a new location has no down time, or on a highly dynamic site you can use 60 seconds to expire DNS caches (with the the TTL previously lowered). When unexpected problems come up and people don't know the best way to handle them, you can have a few hours of down time.
Evidence suggests that the planning and execution of the new hosting and the move was very poor. Shit happened, I know. Maybe a hard drive failed. That's why your new server uses RAID 10, so hard drive failures don't take the site down. Maybe you thought the new server was ready, but it wasn't. That's when you flip the switch to revert back to the old server for a day while you fix the new one. Unfortunate things happened, they do happen. And your technical team didn't know how to handle them properly.
May I suggest you have an outside, independent, expert have a look at your new server setup and make some suggestions on how to make it robust? It's clear the people who handled this don't know how to do servers in a robust way. Heck I'd *volunteer* to give you an hour of my time discussing it and looking it over, without charge, just because I have an affection for Slashdot and this community. [ Not audience;) ]
I've been pretty clear with my boss that I don't care for the bureaucratic stuff and don't really want to go into management per-se, rather seeking (and even creating) a mentor-like position, a position that might be called "software architect" rather than "manager". So it wouldn't be a lie to acknowledge that.
Even if it WEREN'T clear, the manager who made that decision is already a liar, so if he took a moment to acknowledge my superior technical skills by saying something to me before announcing it, even lying to me about his exact motivations would at least acknowledge that a) having twice as much experience as anyone else on the team, I'm an obvious candidate for any leadership position, and b) I am the guy everyone goes to for help. It would be nice to have a token of respect, even if he said "I know you have decades of experience, but we've decided to offer the position to this new guy", without explaining any reason. I do like for my decades of study and experience running software development teams to be acknowledged. A nod of respect would have been nice.
Note this bill is NOT about trafficking. There *was* a bill that dealt with trafficking. Then there was an amendment which replaced *all* of the text of the original bill. It's now about prostitution, not trafficking. An example of the current wording of the bill: -- a defendant may be held liable, under this subsection, where promotion or facilitation of prostitution activity ---
> I know it's frustrating to be the strongest technically and not get promoted, but the strongest technical contributor isn't necessarily the best manager.
Indeed, and I don't necessarily -want- to go into management per se.* I've actually been working on creating a position that I fill, a position based around mentoring, teaching, and technical leadership. I then pitch to management that the less-experienced team members are doing a great job, being very productive doing the technical work following the blueprints I have laid out for them, doing things the ways I've trained them to do based on my 20 years of experience and study.
* Though it really would have been nice if management talked to me for a few seconds before announcing the new guy I was training had been promoted to become my boss. It would have been worth spending 60 seconds to say to me, "Ray I know you want to do the hard core technical stuff more than the organizational management stuff. The new guy, whom you've been teaching programming 101 to, wants to do all that bureaucratic management stuff you hate doing. We're going to have him do the red tape, management crud because we know you hate that stuff."
I'm not a people person. I have a lot of weaknesses in various areas, and one area of strength - I'm really good at the technical skills of software development. I'm that major nerd who studies software design in his free time, and has done so for many years. My massive nerdiness shows in my record of contributing to well-known projects such as the Linux kernel and helping development internet protocols as a member of IETF. (Good developers read the RFC, bad developers ignore the RFC and guess at the protocol, I write the RFC.). It's quite obvious that on *the coding stuff*, and architecture, I'm very clearly the best on my team, by a significant margin.
I have a new boss, a new head of our software development team. He couldn't code his way out of a paper bag. He has soft skills.
Modern CPUs that do virtualization on the die mean you don't need massive horsepower to do virtualization. You probably want text-mode Linux rather than a GUI in your VM unless you have extra RAM to spare, though.
You also don't need virtualization for containers.
> the budget for a datacenter with bazillaflops of GPUs, a petabyte of database dumps
> Typical blackhats have to work with their own deficiencies or form teams. They don't have a ton of say about the kinds of skills that they acquire for their teams. They don't have a lot of ability to do QA on each other's work
Red Dawn was a movie. When Albert Gonzalez (one of the Shadow Crew members) was arrested, the FBI seized $1.6 million in cash he had laying around at that particular house at the moment. You think Shadow Crew couldn't manage to use Git? To contract people with whatever skill they want?
Hamza Bendelladj used SpyEye (a trojan horse) to steal $400 million. That'll hire an expert dev with any skill you need, thousands of times over.
All those Nigerian Prince emails and all that - those aren't done a million times a day because nobody is making any money from them. One organization running email scams may employ a hundred people. "Telling anyone their shit's not up to snuff might mean they walk off and take as many assets as they can and leadership of the group can change in a weekend"? Not any more than at any other business.
Yes, in general, if the purchaser is a minor, and the sale isn't necessities (food, clothes, etc), the minor has the right to void it (dissaffirm) and return the item.
You might also see signs on trucks full of gravel saying "not responsible for broken windshields". Those signs have no legal effect. If the truck driver doesn't properly secure their load, they are liable - a sign doesn't eliminate liability or change legal rights unless there is a law specifically addressing notice in a particular situation.
People still use it. It's effective, despite the fact that theory says attackers *could* try combinations of ports. Personally, I don't use it. Non-standard ports get most of the benefit - reduced attack attempts, and either way it still needs to be secure after an attacker connects to the port.
Kaspersky suggested that NSA may have, at one time, used code which was also used by authors of Stuxnet. We also know they purchased much of the code they used. That's quite far from "the authors of Sticker were NSA employees". There is no evidence that the developers were NSA employees. Indeed the fact that similar code is also found in incidents for which NSA has no motive strongly suggests that NSA is but one of the clients/friends of the authors.
> how can you claim that you could even begin to know how competently they operate?
I know them, I work with them. I'm not tremendously impressed by them. Federal hiring regulations and processes, and salaries explain *why* this is so. The *director* of the NSA makes $180K. That's only slightly higher than the *average* private-sector exploit specialist. That's the director of the agency. My boss makes more than that, and he can barely use exploitdb.
>. I'd like to think that if the intelligence agencies devoted their time and effort to helping companies identify security weaknesses and shore them up, we wouldn't be seeing massive data breaches every few months.
That sounds nice, but it really wouldn't matter. Note "the intelligence agencies" can't hack iPhones, it's a private company that can. The people a the intelligence agencies really aren't that smart. It's nothing AT ALL like the movies. It's people who got a certificate in cyber security but couldn't get a job in the private sector, which pays better (but expects you to know wtf you're doing). You think Google wastes a lot of time talking about PC bullshit? You should see government! Government doesn't hire the best people. They hire the "disadvantaged" people.
Many, many private companies are in the business of "helping companies identify security weaknesses and shore them up". Heck you can get services from companies like Alert Logic for tens of dollars per month; does your company have static analysis and daily scans?
Your ram disk can very easily appear on disk. Windows calls it the page file, Linux calls it swap.
> Just modify all the necessary paths for Firefox
Also Firefox, and applications in general, are essentially wrappers around system calls. For example, browser doesn't open connections to web servers. It asks the O's to do that. Firefox doesn't know what's happening.
PS, these techniques will NOT be effective if, after receiving a subpoena for emails, you post on Reddit "my client is a VERY VIP and I need to wipe out all evidence of her emails" while posting under the same username you use on Twitter.
Their approach is targeted to avoid leaving evidence on the user's machine. Sometimes you see these criminal cases where a guy dies from arsenic poisoning and investigators discover that the wife Googled "arsenic poisoning" a week before, and read up on how people can be poisoned with arsenic. If the wife used these techniques, it would be more difficult for investigators to look on her computer and see that she had been researching arsenic poisoning before her husband was poisoned.
I haven't used Savannah. I see that it supports many different types of version control. That may be good if you use many types, but if you have chosen Git, it would be reasonable to expect that a Git-focused system, by far the most popular and best-funded Git-based system, probably works better with Git than does a "jack of all trades" with less than 1% as much development funding.
I know Linus at one point chose Bitbucket. Linus isn't stupid, so obviously it's worth considering.
Slashdot Mirror
You did a great job further explaining the last sentence you quoted from me "Then if one generator is slightly ahead of or behind the grid it can sense the difference and speed up or slow down as needed."
That of course doesn't define the frequency the grid should run. For a very small grid, as can often be found in less developed countries, the grid may be only a very few power stations, so the "right" frequency isn't as stable as it is on the primary grids in the US. In the degenerate case of two generators, there's absolutely nothing that makes them converge to the right frequency. They'll converge, but to some random frequency.
Where smaller facilities are located far from industrial centers and feed through a relatively small line (think wind), the local condition after impedance is considered is not unlike the two-generator case.
Here's a bit more about what AC is referring to. AC electricity switches from positive to negative 50 (or 60) times per second. Imagine two power stations that are interlinked. If both send positive at the same time and both send negative at the same time, they can share the load. If one sends negative while the other sends positive, they'll cancel each other out. The grid becomes a short circuit between the two generators.
In order to have an electric grid, to have many power stations interconnected, they all need to switch from positive to negative at exactly the same time. The easiest way to have them all running in sync is to agree they'll all run at exactly 50 Hz. That establishes the frequency of the grid as a whole. Then if one generator is slightly ahead of or behind the grid it can sense the difference and speed up or slow down as needed.
So an accurate AC frequency is needed in order to have the grid work right. Since the frequency is already accurately controlled for grid requirements, clocks may as well need make use of it.
In the last year or two grid operators have starting allowing the frequency to vary a bit more than they used to. This is needed where wind power makes up a significant percentage of generation because wind is gusty. Wind is a cheap source of power, but very different from traditional methods and not nearly as controllable / predictable, so the grid has to adapt to the idiosyncrasies of wind.
>. create two nonces, stuff one in KeyChain, have an app PIN or PW unlock the other part, XOR it for the working key. ...
> If the data has to be backed up, it could be encrypted with a nonce
The key to your whole scheme is the nonce. And you don't know what a nonce is. So I'll answer your question:
> Maybe app developers should consider doing their own encryption?
App developers should develop apps. Cryptographers, who not only know what a nonce is, but can rattle off the top three most common problems when using a nonce, should do cryptography. Secure encryption is such a difficult problem that people who get a master's degree and spend their entire careers doing it STILL can't reliably do right. It's *that* difficult.
I moved sites to new servers enough times that my checklist was detailed enough to turn into a set of Perl modules and scripts. Our system literally copied sites to new hardware in a different data center fully automated every night (for warm spares). It did that with no prior knowledge of the site configuration. Just parse config files and figure it out - ServerAlias gives a name, that means they'll be a DNS to match which we have to handle. Zero down time server moves without even any human intervention.
> no hardware broke
Geez I sure hope that's not right. If you're down for a week trying to move to a new server and you didn't even have to deal with any hardware issues, a week of down time just because you don't know what you're doing, that's REALLY bad.
I made an analogy to flying a plane "three mistakes high"; let me expand on that. Yesterday I finally got to fly my new plane for a minute after waiting two weeks due to all the rain. Like most RC planes, mine has the battery almost all the way at the tip of the nose to achieve proper balance.
On climb out before I could got to altitude, the nose fell off and hung down, throwing the balance way out of whack. A tail-heavy plane is VERY hard to fly. So I had a mechanical failure at exactly the wrong time. Not my fault it crashed, right? I could say that.
The nose came off because I made the mistake of forgetting to bring the part which secures the nose. Mistake number 1.
Further, I was so anxious to try out the new plane that when I realized I forgot the part, I decided to go ahead and fly "for a minute" without the nose properly secured. Mistake number 2.. When I saw it came off, I knew the CG would be much too far back and I tried to turn the plane around back toward me. What I should have done instead is apply down elevator to compensate for the rearward CG. Mistake 3. I saw that the plane wasn't turning as expected. I thought "gee I wonder why?" A better pilot would immediately recognize that being unresponsive to control input is an indication of a stall, and would apply down elevator. Mistake 4. Because I didn't recover from the stall, the plane ended up nose diving into the ground.
When I designed and built the plane, I knew that nose dives are the most common crash, so I designed and built it to survive a nose-down crash with little damage. I had it fixed in 5 minutes.
I could blame mechanical failure - the nose fell off. I could point out it fell off before I had a chance to gain altitude. The fact is, it took FOUR mistakes from me to allow the crash to happen yesterday. Still because I didn't make design mistakes that would cause catastrophic damage in a nose-down crash, it was no big deal. It would have required five mistakes in my part to really damage the plane.
I'm obviously not a great RC pilot. Yet getting even one thing right was enough to avoid a big issue.
> This can be technical, it can also be financial (if we roll back we have to pay two data centers for another month or even a year).
That's why you do the migration a week before the billing period ends. That's part of my checklist. What do you want to bet these guys didn't have that on their checklist, if they had a checklist at all?
Shit happens. Good engineers *know* that shit happens. So they have roll back plans, backups, etc. So that even when shit happens, you don't have the site down for a week.
It CAN be hard to decide when to roll back (or switch over to the warm/hot spare). Sometimes you make a mistake in that decision. I've made a mistake in not switching over sooner. (Yet 've never regretted switching over too soon - lesson learned). Available evidence strongly suggests the Slashdot team made just such a mistake. I didn't say they are idiots, I said they made mistakes.
I'm about to go fly my RC plane. The altitude rule with RC planes is "fly three mistakes high". That means you're high enough to make an error, recover from it, make another error and have time to recover from it, and make a third error in that recovery before you hit the ground. It definitely looks like either the person running this migration wasn't three mistakes high before starting (which would itself be a mistake), or they made more than three mistakes. They definitely crashed, hard.
I don't know exactly what happened, and even the boss may not know because techs may be trying to cover their ass. (In fact trying to cover your ass during an incident is a VERY common mistake.). That's why I suggested he may want to have a third party look into what happened and how robust the set up is now. Because evidence suggests there is little reason to be confident.
I didn't say I know exactly what went wrong.
I said I'm sure they ran into some bad luck with a drive failing or something. On a well-run server migration drive failure doesn't result in a week down time, or any down time - drives are redundant in raid. During a properly- managed server migration, you can always switch back to the old server, which has been working for years, by updates the A record. That takes no more than five minutes for roll back, because you lower the TTL ahead of time.
Worst case would be two simultaneous data center fires, in which both the old and new data center burn to the ground. Since the first step of any major change is to pull a backup, the worst case means restoring that backup, which could take several hours. Hours, not a week. If both datacenters burn.
> most likely they worked their asses of the last few days
I'm sure they did. The hardest work most people ever do is trying to handle something that they don't what to do with.
> deserve better than a baseless claim that the technical team didn't know how to handle the issues properly
We know the results were terrible. They did a migration and either wiped out the old working server before they had the new one up, or decided rather than taking 30 seconds to switch the A record back they'd just be down for a week. They didn't do the job at all. So either they weren't trying or they didn't really know what they were doing. Never heard of a tar pipe, TTL, and run chown -R during a migration. They didn't do a decent job, total failure. So either they didn't know how, or they were slacking. I highly doubt they were slacking.
I've been active on Slashdot for many years. This is my second account, my new account only five years old or so. I have an affection for this site.
I've been managing servers far longer, since 1997 or so.
I've owned two hosting companies and consulted for several others. I've had the opportunity to contribute code to the Apache server, the Linux kernel, and a lot of the other software we all use. I've been writing code in Perl, like Slashdot uses, the whole time. I was once the only person allowed to touch the GirlsGoneWild servers because I was the only one trusted to not break something. So in other words, I've been around a while.
In all that time, I've never seen a site move cause a week of down time unless people just kept making mistake after mistake after mistake. It's just not necessary to have more than a few minutes down time *even when things go very wrong*. When things go right, switching to a new server in a new location has no down time, or on a highly dynamic site you can use 60 seconds to expire DNS caches (with the the TTL previously lowered). When unexpected problems come up and people don't know the best way to handle them, you can have a few hours of down time.
Evidence suggests that the planning and execution of the new hosting and the move was very poor. Shit happened, I know. Maybe a hard drive failed. That's why your new server uses RAID 10, so hard drive failures don't take the site down. Maybe you thought the new server was ready, but it wasn't. That's when you flip the switch to revert back to the old server for a day while you fix the new one. Unfortunate things happened, they do happen. And your technical team didn't know how to handle them properly.
May I suggest you have an outside, independent, expert have a look at your new server setup and make some suggestions on how to make it robust? It's clear the people who handled this don't know how to do servers in a robust way. Heck I'd *volunteer* to give you an hour of my time discussing it and looking it over, without charge, just because I have an affection for Slashdot and this community. [ Not audience ;) ]
I've been pretty clear with my boss that I don't care for the bureaucratic stuff and don't really want to go into management per-se, rather seeking (and even creating) a mentor-like position, a position that might be called "software architect" rather than "manager". So it wouldn't be a lie to acknowledge that.
Even if it WEREN'T clear, the manager who made that decision is already a liar, so if he took a moment to acknowledge my superior technical skills by saying something to me before announcing it, even lying to me about his exact motivations would at least acknowledge that a) having twice as much experience as anyone else on the team, I'm an obvious candidate for any leadership position, and b) I am the guy everyone goes to for help. It would be nice to have a token of respect, even if he said "I know you have decades of experience, but we've decided to offer the position to this new guy", without explaining any reason. I do like for my decades of study and experience running software development teams to be acknowledged. A nod of respect would have been nice.
Note this bill is NOT about trafficking. There *was* a bill that dealt with trafficking. Then there was an amendment which replaced *all* of the text of the original bill. It's now about prostitution, not trafficking. An example of the current wording of the bill:
--
a defendant may be held liable, under
this subsection, where promotion or facilitation of prostitution activity
---
Merriam Webster says:
Bing : Noun
A heap or pile
A heaping pile of WHAT is an open question.
That's a pretty good list of things you do.
> I know it's frustrating to be the strongest technically and not get promoted, but the strongest technical contributor isn't necessarily the best manager.
Indeed, and I don't necessarily -want- to go into management per se.* I've actually been working on creating a position that I fill, a position based around mentoring, teaching, and technical leadership. I then pitch to management that the less-experienced team members are doing a great job, being very productive doing the technical work following the blueprints I have laid out for them, doing things the ways I've trained them to do based on my 20 years of experience and study.
* Though it really would have been nice if management talked to me for a few seconds before announcing the new guy I was training had been promoted to become my boss. It would have been worth spending 60 seconds to say to me, "Ray I know you want to do the hard core technical stuff more than the organizational management stuff. The new guy, whom you've been teaching programming 101 to, wants to do all that bureaucratic management stuff you hate doing. We're going to have him do the red tape, management crud because we know you hate that stuff."
funny
> who makes most ÃÃÃ?
iPhone users. Android users make $$$
I'm not a people person. I have a lot of weaknesses in various areas, and one area of strength - I'm really good at the technical skills of software development. I'm that major nerd who studies software design in his free time, and has done so for many years. My massive nerdiness shows in my record of contributing to well-known projects such as the Linux kernel and helping development internet protocols as a member of IETF. (Good developers read the RFC, bad developers ignore the RFC and guess at the protocol, I write the RFC.). It's quite obvious that on *the coding stuff*, and architecture, I'm very clearly the best on my team, by a significant margin.
I have a new boss, a new head of our software development team. He couldn't code his way out of a paper bag. He has soft skills.
Me: Write http standards
Him: Lead a team meeting
He's the one who gets promoted
Modern CPUs that do virtualization on the die mean you don't need massive horsepower to do virtualization. You probably want text-mode Linux rather than a GUI in your VM unless you have extra RAM to spare, though.
You also don't need virtualization for containers.
You got this part right:
> the budget for a datacenter with bazillaflops of GPUs, a petabyte of database dumps
> Typical blackhats have to work with their own deficiencies or form teams. They don't have a ton of say about the kinds of skills that they acquire for their teams. They don't have a lot of ability to do QA on each other's work
Red Dawn was a movie. When Albert Gonzalez (one of the Shadow Crew members) was arrested, the FBI seized $1.6 million in cash he had laying around at that particular house at the moment. You think Shadow Crew couldn't manage to use Git? To contract people with whatever skill they want?
Hamza Bendelladj used SpyEye (a trojan horse) to steal $400 million. That'll hire an expert dev with any skill you need, thousands of times over.
All those Nigerian Prince emails and all that - those aren't done a million times a day because nobody is making any money from them. One organization running email scams may employ a hundred people. "Telling anyone their shit's not up to snuff might mean they walk off and take as many assets as they can and leadership of the group can change in a weekend"? Not any more than at any other business.
This is an industry, not a movie.
Yes, in general, if the purchaser is a minor, and the sale isn't necessities (food, clothes, etc), the minor has the right to void it (dissaffirm) and return the item.
You might also see signs on trucks full of gravel saying "not responsible for broken windshields". Those signs have no legal effect. If the truck driver doesn't properly secure their load, they are liable - a sign doesn't eliminate liability or change legal rights unless there is a law specifically addressing notice in a particular situation.
People still use it. It's effective, despite the fact that theory says attackers *could* try combinations of ports. Personally, I don't use it. Non-standard ports get most of the benefit - reduced attack attempts, and either way it still needs to be secure after an attacker connects to the port.
Kaspersky suggested that NSA may have, at one time, used code which was also used by authors of Stuxnet. We also know they purchased much of the code they used. That's quite far from "the authors of Sticker were NSA employees". There is no evidence that the developers were NSA employees. Indeed the fact that similar code is also found in incidents for which NSA has no motive strongly suggests that NSA is but one of the clients/friends of the authors.
> how can you claim that you could even begin to know how competently they operate?
I know them, I work with them. I'm not tremendously impressed by them. Federal hiring regulations and processes, and salaries explain *why* this is so. The *director* of the NSA makes $180K. That's only slightly higher than the *average* private-sector exploit specialist. That's the director of the agency. My boss makes more than that, and he can barely use exploitdb.
>. I'd like to think that if the intelligence agencies devoted their time and effort to helping companies identify security weaknesses and shore them up, we wouldn't be seeing massive data breaches every few months.
That sounds nice, but it really wouldn't matter. Note "the intelligence agencies" can't hack iPhones, it's a private company that can. The people a the intelligence agencies really aren't that smart. It's nothing AT ALL like the movies. It's people who got a certificate in cyber security but couldn't get a job in the private sector, which pays better (but expects you to know wtf you're doing). You think Google wastes a lot of time talking about PC bullshit? You should see government! Government doesn't hire the best people. They hire the "disadvantaged" people.
Many, many private companies are in the business of "helping companies identify security weaknesses and shore them up". Heck you can get services from companies like Alert Logic for tens of dollars per month; does your company have static analysis and daily scans?
Your ram disk can very easily appear on disk. Windows calls it the page file, Linux calls it swap.
> Just modify all the necessary paths for Firefox
Also Firefox, and applications in general, are essentially wrappers around system calls. For example, browser doesn't open connections to web servers. It asks the O's to do that. Firefox doesn't know what's happening.
PS, these techniques will NOT be effective if, after receiving a subpoena for emails, you post on Reddit "my client is a VERY VIP and I need to wipe out all evidence of her emails" while posting under the same username you use on Twitter.
Their approach is targeted to avoid leaving evidence on the user's machine. Sometimes you see these criminal cases where a guy dies from arsenic poisoning and investigators discover that the wife Googled "arsenic poisoning" a week before, and read up on how people can be poisoned with arsenic. If the wife used these techniques, it would be more difficult for investigators to look on her computer and see that she had been researching arsenic poisoning before her husband was poisoned.
I haven't used Savannah. I see that it supports many different types of version control. That may be good if you use many types, but if you have chosen Git, it would be reasonable to expect that a Git-focused system, by far the most popular and best-funded Git-based system, probably works better with Git than does a "jack of all trades" with less than 1% as much development funding.
I know Linus at one point chose Bitbucket. Linus isn't stupid, so obviously it's worth considering.