It kind of does. Well, at least it will go a long way toward having your opinions fall on deaf and unwelcoming ears - here, anyway.
I don't know you, Florian, and I don't have anything against you personally. You might be a great guy that I'd enjoy hanging out with for all I know. However, I'm sure this isn't the first time you've heard that large chunks of the F/OSS community don't particularly trust you. I can't comment on your disclosure timeline that you described in another post, but I know that I was disgusted to find out that you'd written some very supportive stuff about a company which was seen as attacking Free Software, and then it came out that they were paying you. While you have as much right to speak your opinion as anyone else, you can't be surprised that forums like Slashdot are unlikely to care to hear it.
Unless you're talking about something that I'm not getting, it's not susceptible to a dictionary attack. The individual words may be, but a brute force attack would still need to guess all of those words in that order.
The part you're missing is Markov chains and Bayesian analysis. I'll bet a reasonable corpus of phrases would show that "is" follows "love" fairly often, and "love is beautiful" is far more common than "love is axiopisty". Similarly, "birds that sing" is hugely more likely than "birds that exhibitorship".
While the whole phrase is unlikely to be the first random thing someone types, each word in that phrase is quite likely to be the one chosen based on its predecessors. I still think correct horse battery staple is a poor idea compared to a strong randomly generated string, but/usr/share/dict/words on my system has 235886 entries and 235886^4 ~= 2^72. That's reasonably random. I would much rather have to iterate through Markov chains branching from each word in the dictionary and trying the likely phrases than to have to brute force each possible 4-word combination. I don't have the numbers to back it, but I bet you could reduce the search space by quite a lot of orders of magnitude.
Somehow that doesn't sound like a loving healthy relationship. It sounds like a relationship based on sex and mutual attraction.
By what corruption do you assume that those are mutually exclusive? It's perfectly normal to be in a loving, healthy relationship with someone you're attracted to and want to have sex with. If Ms. Lawrence wanted her boyfriend to think of her when the separation grew unbearable, then that's between her and her boyfriend. There's nothing remotely unhealthy or unusual about that.
Everybody already knows that the only way to absolutely guarantee that your nude selfies don't get out, is not to take any.
No they don't. Lots of people believe that Facebook's privacy controls actually work as advertised, and that WhatsApp messages disappear after a while. Most people have no idea how a computer works, and anyway it would never occur to them that you could just use a camera to take a picture of your screen if you really wanted to preserve a photo or chat so badly.
You and I know that privacy controls mean "best effort but no guarantee" and that DRM is impossible, but plenty (maybe most) intelligent adults don't have the technical background to reach the same conclusion.
Telling someone it's a bad idea, in all of those cases, is not "victim blaming."
Thank you! If you want to blacklist all advice giving as victim blaming, then you quickly create an environment where it's impossible to give someone safety tips without someone else calling you an ass for doing it.
By the way, I wrote up my own advice to my children in "What I Tell My Kids About The Internet". I'd be very upset if my kids' private information was leaked all over the place, so I gave them practical advice on how to make that not happen. This isn't the same as blaming them if it got out anyway.
Name names. What specific programmers not financially motivated by their employment with parties in the case disagree with the judge's decision? I've talked to quite a few people about the case and have yet to meet one who thought Alsup was wrong.
You bet he would. Although I disagree with Steve on a great many things, the guy is very open and honest about his biases. I'm sure I could have a great conversation with him at a party and walk away knowing I got his true opinions.
The disconnect is that I don't see the author as a victim. I see him as someone who wrote a grey tool to take more of a public resource than would otherwise be allotted to him. I'm having a very hard time being sympathetic to his plight.
Libertarians aren't for the kind of vigilante justice you like. You're advocating an arms race of might makes right. While my peers and I would fare OK with that in this scope, I really don't think that would be good for most people.
Would you be pissed at those people or at the one who would stand up and yell "Hey, leave some for the others"?
No. I'd be pissed at the owner for not setting and enforcing a policy, and I'd complain to them. And if the buffet was free, I'd be pissed at myself for expecting anything different.
This is not your Internet. If a public hotspot is being overloaded by any client, not just someone's porn torrent, then that's between the user and the network admin. It's not your job or your right to be The Internet Police. Running a BT client on a public net is a dickish thing to do, but I can imagine scenarios when I might need to do it myself: "oh crap, my root drive is horked and I desperately need to download a Debian USB image. Good thing there's a Starbucks around the block!"
A sane policy would be for the net admins to limit the number of open connections or UDP sessions from a single machine. An insane policy is to think that "my technodick is bigger than yours and I'm going to knock you offline" is less than sociopathic.
Guess what, OP: I don't like your SSH sessions interfering with my Skype. Check out my new SSHWACK Banhammer that frees open networks from latency-hogging assholes like you. Are you sure you want to start this game?
Joking aside, that's a perfectly valid point. If they'd made the things out of asbestos, I think most of us would agree that some other material might be appropriate for new models. But I do stand by my point: it's not "the same keyboard". It's very, very similar, sure, and a perfectly fine piece of hardware in its own right! It's not a Model M, though.
I came here to say this. I bought a Unicomp for its USB goodness and extra keys, expecting to get a newer Model M. The keys were nice but it weighed maybe 2/3 as much as the original. Worse - and this is the real travesty - I was able to flex it by twisting either end. God himself couldn't twist a real Model M with his bare hands. He might not be able to create an unmovable boulder, but Big Blue made a keyboard He couldn't break.
Even the $5 basic Dell keyboards are pretty durable. The only keyboards I can remember throwing out were because they were filthy, not because they were broken.
My Model M has been through the dishwasher and laughs at your puny "pretty durable" keyboards.
What's funny is you believe they are doing it for US.
What's funny is you think I care. The abuses cost them money, either directly by requiring additional technical and administrative support or indirectly by driving away customers (like "no way I'm using Foo if the government is tapping right into their data center"). They don't like to lose money so they fight it. You and I benefit from the fight.
I don't care if their motivation is altruism or greed, as long as it gets them off their butts to protest. If I had to choose an effective motivator, I'd probably side with greed as it's a lot more trustworthy. When $megacorp says "we're doing this because we love you and want to protect you!", run quickly. When they say "we're doing this because those assholes in DC are costing us profit", there's a very good chance that they're being perfectly honest.
This incident sounds like a good case for recording all of your conversations with such companies. It is my understanding that you have to tell them that the conversation is being recorded; something they may not agree to.
It's almost certain that their recording says "this call may be recorded for quality assurance and training purposes" or something very similar. Well, thanks! They just said I may record them for quality assurance purposes!
I'm sure that's not what they intended by that message, but I'm equally sure I don't give a rat's butt what they intended. What they said was "this call may be recorded". And I'd be willing to argue - and I'm 99% certain a judge would agree - that it otherwise forms an unconscionable agreement for them to assert that they and only they have the right to record the conversation. And in any case, they've clearly stated their intent to record it, making it pretty damn hard for them to argue that they didn't want to conversation to be taped.
You use Form WH-4: H-1B Nonimmigrant Information to to report employers who violate the provisions of the H-1B program. Should, you know, you want to file formal complaints against a company for some random reason.
Agreed, but now there's precedent. If they do it again, it probably won't take months of investigating and legal hand-wringing. Instead, the FCC gets to say, "that think you did? You did it again. Here's another $600,000. And another every single time we find you've done this." That suddenly makes the profit margin on a $250 service a little slimmer.
The architecture of Google is utterly useless for many businesses cases.There are many use cases where it'd be perfectly appropriate.
it does not and can not provide accurate answers to queries.
In most cases, businesses don't really care about accurate answers to queries; they want quick, more-or-less correct answers. For example, suppose Amazon has a dashboard that shows their book sales on an hourly basis. Timeliness is more important than exactness here, and answers more precise than the pixel resolution of the graph on the big TV are wasted. A "big data" style query that is 99% correct and runs in 5 seconds is much more valuable here than the exact answer that returns in 2 hours.
For accounting types of reporting, slow, exact architectures are probably more appropriate. For realtime analytics, a best guess that comes back immediately may be the right thing.
you are limited by your storage hardware regardless of what technology you use.
Well, right, but I think we set our expectations too low in some cases. For example, the data item {"key": "foo", "value": "bar"} serializes to 30 bytes of JSON. With a few bytes to act as record separators, a hard drive with a 100MB/s write speed should be table of recording about 3,000,000 items per second. There's a lot more overhead than that, of course! But in the document we're discussing, PostgreSQL was averaging about 1,700 inserts per second, or about 170,000 times slower than the hypothetical maximum. Exactly how much overhead should we expect to have when doing simple inserts into a non-foreign-keyed table?
Cassandra makes data access between many servers easy (once you get used to its specialized API), but you could have done the same on multiple servers with their own PostgreSQL server by sharding your data among them.
Our write throughput was 150 times that of the "fast" PostgreSQL server in the article. We were running Cassandra on a cluster of 4 decent sized (but not heroic) EC2 instances. We had neither the time, money, nor desire to replace a 4-node Cassandra cluster and its out-of-the-box configuration with a 150-node sharded PostgreSQL cluster. Sure, it could be done, but there was no reason in the world why we'd want to.
Cassandra/MongoDB/Redis/etc. are not appropriate replacements for PostgreSQL in every - or even many - cases. Likewise, PostgreSQL is not an appropriate replacement for them when dealing with their own specialized use cases.
Slashdot Mirror
That's a killer idea!
It kind of does. Well, at least it will go a long way toward having your opinions fall on deaf and unwelcoming ears - here, anyway.
I don't know you, Florian, and I don't have anything against you personally. You might be a great guy that I'd enjoy hanging out with for all I know. However, I'm sure this isn't the first time you've heard that large chunks of the F/OSS community don't particularly trust you. I can't comment on your disclosure timeline that you described in another post, but I know that I was disgusted to find out that you'd written some very supportive stuff about a company which was seen as attacking Free Software, and then it came out that they were paying you. While you have as much right to speak your opinion as anyone else, you can't be surprised that forums like Slashdot are unlikely to care to hear it.
Unless you're talking about something that I'm not getting, it's not susceptible to a dictionary attack. The individual words may be, but a brute force attack would still need to guess all of those words in that order.
The part you're missing is Markov chains and Bayesian analysis. I'll bet a reasonable corpus of phrases would show that "is" follows "love" fairly often, and "love is beautiful" is far more common than "love is axiopisty". Similarly, "birds that sing" is hugely more likely than "birds that exhibitorship".
While the whole phrase is unlikely to be the first random thing someone types, each word in that phrase is quite likely to be the one chosen based on its predecessors. I still think correct horse battery staple is a poor idea compared to a strong randomly generated string, but /usr/share/dict/words on my system has 235886 entries and 235886^4 ~= 2^72. That's reasonably random. I would much rather have to iterate through Markov chains branching from each word in the dictionary and trying the likely phrases than to have to brute force each possible 4-word combination. I don't have the numbers to back it, but I bet you could reduce the search space by quite a lot of orders of magnitude.
Somehow that doesn't sound like a loving healthy relationship. It sounds like a relationship based on sex and mutual attraction.
By what corruption do you assume that those are mutually exclusive? It's perfectly normal to be in a loving, healthy relationship with someone you're attracted to and want to have sex with. If Ms. Lawrence wanted her boyfriend to think of her when the separation grew unbearable, then that's between her and her boyfriend. There's nothing remotely unhealthy or unusual about that.
Everybody already knows that the only way to absolutely guarantee that your nude selfies don't get out, is not to take any.
No they don't. Lots of people believe that Facebook's privacy controls actually work as advertised, and that WhatsApp messages disappear after a while. Most people have no idea how a computer works, and anyway it would never occur to them that you could just use a camera to take a picture of your screen if you really wanted to preserve a photo or chat so badly.
You and I know that privacy controls mean "best effort but no guarantee" and that DRM is impossible, but plenty (maybe most) intelligent adults don't have the technical background to reach the same conclusion.
Telling someone it's a bad idea, in all of those cases, is not "victim blaming."
Thank you! If you want to blacklist all advice giving as victim blaming, then you quickly create an environment where it's impossible to give someone safety tips without someone else calling you an ass for doing it.
By the way, I wrote up my own advice to my children in "What I Tell My Kids About The Internet". I'd be very upset if my kids' private information was leaked all over the place, so I gave them practical advice on how to make that not happen. This isn't the same as blaming them if it got out anyway.
Name names. What specific programmers not financially motivated by their employment with parties in the case disagree with the judge's decision? I've talked to quite a few people about the case and have yet to meet one who thought Alsup was wrong.
You bet he would. Although I disagree with Steve on a great many things, the guy is very open and honest about his biases. I'm sure I could have a great conversation with him at a party and walk away knowing I got his true opinions.
Which town was that?
The disconnect is that I don't see the author as a victim. I see him as someone who wrote a grey tool to take more of a public resource than would otherwise be allotted to him. I'm having a very hard time being sympathetic to his plight.
Libertarians aren't for the kind of vigilante justice you like. You're advocating an arms race of might makes right. While my peers and I would fare OK with that in this scope, I really don't think that would be good for most people.
You only carry one laptop around with you? N00b. And no, not my mom. Tell Joannie I said hi.
Hah.
Would you be pissed at those people or at the one who would stand up and yell "Hey, leave some for the others"?
No. I'd be pissed at the owner for not setting and enforcing a policy, and I'd complain to them. And if the buffet was free, I'd be pissed at myself for expecting anything different.
This is not your Internet. If a public hotspot is being overloaded by any client, not just someone's porn torrent, then that's between the user and the network admin. It's not your job or your right to be The Internet Police. Running a BT client on a public net is a dickish thing to do, but I can imagine scenarios when I might need to do it myself: "oh crap, my root drive is horked and I desperately need to download a Debian USB image. Good thing there's a Starbucks around the block!"
A sane policy would be for the net admins to limit the number of open connections or UDP sessions from a single machine. An insane policy is to think that "my technodick is bigger than yours and I'm going to knock you offline" is less than sociopathic.
Guess what, OP: I don't like your SSH sessions interfering with my Skype. Check out my new SSHWACK Banhammer that frees open networks from latency-hogging assholes like you. Are you sure you want to start this game?
I'm thinking of a Honda generator chugging away happily next to my desk. At least it wouldn't add much to the noise of my typing.
Joking aside, that's a perfectly valid point. If they'd made the things out of asbestos, I think most of us would agree that some other material might be appropriate for new models. But I do stand by my point: it's not "the same keyboard". It's very, very similar, sure, and a perfectly fine piece of hardware in its own right! It's not a Model M, though.
I came here to say this. I bought a Unicomp for its USB goodness and extra keys, expecting to get a newer Model M. The keys were nice but it weighed maybe 2/3 as much as the original. Worse - and this is the real travesty - I was able to flex it by twisting either end. God himself couldn't twist a real Model M with his bare hands. He might not be able to create an unmovable boulder, but Big Blue made a keyboard He couldn't break.
Even the $5 basic Dell keyboards are pretty durable. The only keyboards I can remember throwing out were because they were filthy, not because they were broken.
My Model M has been through the dishwasher and laughs at your puny "pretty durable" keyboards.
What's funny is you believe they are doing it for US.
What's funny is you think I care. The abuses cost them money, either directly by requiring additional technical and administrative support or indirectly by driving away customers (like "no way I'm using Foo if the government is tapping right into their data center"). They don't like to lose money so they fight it. You and I benefit from the fight.
I don't care if their motivation is altruism or greed, as long as it gets them off their butts to protest. If I had to choose an effective motivator, I'd probably side with greed as it's a lot more trustworthy. When $megacorp says "we're doing this because we love you and want to protect you!", run quickly. When they say "we're doing this because those assholes in DC are costing us profit", there's a very good chance that they're being perfectly honest.
This incident sounds like a good case for recording all of your conversations with such companies. It is my understanding that you have to tell them that the conversation is being recorded; something they may not agree to.
It's almost certain that their recording says "this call may be recorded for quality assurance and training purposes" or something very similar. Well, thanks! They just said I may record them for quality assurance purposes!
I'm sure that's not what they intended by that message, but I'm equally sure I don't give a rat's butt what they intended. What they said was "this call may be recorded". And I'd be willing to argue - and I'm 99% certain a judge would agree - that it otherwise forms an unconscionable agreement for them to assert that they and only they have the right to record the conversation. And in any case, they've clearly stated their intent to record it, making it pretty damn hard for them to argue that they didn't want to conversation to be taped.
You use Form WH-4: H-1B Nonimmigrant Information to to report employers who violate the provisions of the H-1B program. Should, you know, you want to file formal complaints against a company for some random reason.
$600k seems too small for such a large company.
Agreed, but now there's precedent. If they do it again, it probably won't take months of investigating and legal hand-wringing. Instead, the FCC gets to say, "that think you did? You did it again. Here's another $600,000. And another every single time we find you've done this." That suddenly makes the profit margin on a $250 service a little slimmer.
The architecture of Google is utterly useless for many businesses cases.There are many use cases where it'd be perfectly appropriate.
it does not and can not provide accurate answers to queries.
In most cases, businesses don't really care about accurate answers to queries; they want quick, more-or-less correct answers. For example, suppose Amazon has a dashboard that shows their book sales on an hourly basis. Timeliness is more important than exactness here, and answers more precise than the pixel resolution of the graph on the big TV are wasted. A "big data" style query that is 99% correct and runs in 5 seconds is much more valuable here than the exact answer that returns in 2 hours.
For accounting types of reporting, slow, exact architectures are probably more appropriate. For realtime analytics, a best guess that comes back immediately may be the right thing.
you are limited by your storage hardware regardless of what technology you use.
Well, right, but I think we set our expectations too low in some cases. For example, the data item {"key": "foo", "value": "bar"} serializes to 30 bytes of JSON. With a few bytes to act as record separators, a hard drive with a 100MB/s write speed should be table of recording about 3,000,000 items per second. There's a lot more overhead than that, of course! But in the document we're discussing, PostgreSQL was averaging about 1,700 inserts per second, or about 170,000 times slower than the hypothetical maximum. Exactly how much overhead should we expect to have when doing simple inserts into a non-foreign-keyed table?
Cassandra makes data access between many servers easy (once you get used to its specialized API), but you could have done the same on multiple servers with their own PostgreSQL server by sharding your data among them.
Our write throughput was 150 times that of the "fast" PostgreSQL server in the article. We were running Cassandra on a cluster of 4 decent sized (but not heroic) EC2 instances. We had neither the time, money, nor desire to replace a 4-node Cassandra cluster and its out-of-the-box configuration with a 150-node sharded PostgreSQL cluster. Sure, it could be done, but there was no reason in the world why we'd want to.
Cassandra/MongoDB/Redis/etc. are not appropriate replacements for PostgreSQL in every - or even many - cases. Likewise, PostgreSQL is not an appropriate replacement for them when dealing with their own specialized use cases.