It was reported to work on Snow Leopard with a 32-bit kernel. It did not work with a 64-bit kernel. The source would build, but there were missing symbols.
Of course, there's more to do, but you can at least read your volumes again now.
Just the typical 11 year old girl, as commonly found in typical settings like a DefCon convention. Yep.
No, she didn't know what theory she was applying. Just a plain old 11 year old girl, like all the other 11 year old girls who attend DefCon conventions.
Why is this whole thing hard to swallow?
*shrug* I'm not sure what difficulty you are having. The whole reason you're reading an article about an 11-year-old doing this is not because she's a prodigy (that is orthogonal to this discussion), but because the vulunerability is so severe they can pick a random person out of a room and have her doing it in a couple of minutes.
If it had been me, I don't think the headline would've been as impressive, ``28-year-old Proves Locks Not So Secure.''
It is easy to pick that kind of lock. I picked one when I was about that age on a bike rack out in front of school. Just because I wanted to see if I could. I had no interest in the bike. Thank god I wasn't caught. Would have been tagged a hopeless nerd years earlier than I was.
That's not picking, it's bumping. But yeah, she picked several locks (including a five pin that had one ``pick resistant'' spool driver in under a minute). I had only taught her to pick locks the day before.
Knowing one thing about something doesn't make you a hopeless nerd. Bumping a lock doesn't make her a thief. Skating the half at our local park doesn't make her a thug. Driving the WRX doesn't make her a sideshow kid. Getting an amateur radio license doesn't make her a 60 year-old man.
We can all do many interesting things if we stop worrying about labels and just try.
An 11 year old, with no prior experience in locks and clearly little interest in it not only attends the Defcon Hacker Convention, but takes the time to furnish us with a demonstration.
She actually had quite a bit of interest in locks. I taught her how to pick locks the day before. Matt Fiddler taught her how to bump them the day that video was taken, and Mark Weber Tobias thought it was really cool to see. She enjoyed picking way more than bumping (it's more of an intellectual challenge).
Now, she didn't seem to be that interested in the interviews (yes, there was more than one)... She wanted to get back to the locks.
The event took place from Friday 4th to Sunday 6th. Does she honestly have nowhere better to be?
What do you believe is a better place my daughter could've been that weekend? The mall?
She wasn't too happy when we mentioned getting someone to watch her for Defcon 15, so I think we all had quite a good time there.
Yikes! The poor girl...she might get the wrong impression that this how she should make a living.
I realize you're probably trying to be funny and all that, but the event isn't about teaching people to be criminals as much as it is understanding security issues. She no longer trusts all locks as providing impenetrable security.
The end result after Defcon 14 is that she learned a lot about how locks work, and what makes certain locks more secure than others. She's a good kid, and will be more likely to use the skills she learned from Defcon to help people pick out locks than she will to break into anything.
Educating people won't make them criminals any more than they would be otherwise. We didn't have Defcon when I was her age, and I certainly learned about vulnerabilities in some of the security related items around my neighborhood.
The only thing scary about the movie is that they let an 11 year old girl into DEFCON 14 and apparently there aren't any parents nearby.
First of all, that's my kid, and her mom and I was standing right next to her.
You don't have to trivialize it so much, though. I taught her how to pick locks the day before and I'm sure she understands how they work at least as well as you do.
I don't know what you perceive as the problem with her being there. It was quite a fun event for the whole family.
If the music is taken for free, reward them with what exactly? Warm fuzzies?
Please read about the intent and supposed implementation of copyright laws before making such silly comments.
Copyright law gives exclusive distribution control to the copyright owner for a limited time. After this time expires, the works fall into the public domain, i.e., they become ``ours.''
Why can't I freely modify and redistribute the works of Jimi Hendrix however I feel fit. We all know who he is, and what his contributions were because he was a significant part of our culture...but that was quite a while ago. How does he suffer if I aquire his music for free?
They will belong to you when their copyright expires. And at any rate, that still does not give you an entitlement to free music.
Just when do you believe that to be? Legislation indefinitely and implicitly extends this copyright period as far as I've seen.
But yes, that does give me the right to free music. This is the entire point of copyright laws -- to reward creators for the contributions they bring that define our culture.
If you are still relying on something a family member created seventy years ago to to sustain you, maybe you should just make new stuff.
You idiot, the music these kids are stealing isn't in the public domain, are you on crack?
It would be good to understand his point before calling him names.
Yes, the music is supposed to fall into the public domain after a short period of copyright (similar to the way patents work). Legislation has lengthened that period to long enough that it no longer matters.
The things that make up our culture no longer belong to us nor do they really have any chance to.
While it's true that PostgreSQL is more database than most corporate weenies need, it falls down in moderate write environments. It's best used for systems that write data very infrequently, otherwise it fragments quickly. The only solution to table and database fragmentation is dump & reload.
I send a bit over 100 write transactions per second on average to a postgres server. The bulk of that goes to a partitioned table (view + query rewrite rule) with two indexes per partition.
I've been doing that since 7.4. In 7.4, inserts would get slow and after a couple of weeks of that, my asynchronous transaction input queue would fill faster than I could empty it and I'd have to roll a new partition.
Shortly after we upgraded to 8.0, the guy who used to manage this machine left the company. I found it a few days ago having not rolled a new partition in several months. The table had over a billion records in it and the insert rate was not affected.
Most of the queries we perform against this partitioned are as fast as you'd hope they would be, but there are a few for which the plans aren't all that great across the partition. My understanding is that 8.1 improves the planner for partitioned tables, though.
(this is the second response I got with this informaiton, so I'm going to paste my response again):
Believe it or not, they actually did that on purpose. They wanted to modify their database schema, and if you do that on a live database in MySQL you're going to block everyone else from using the database for a long time
No, the outtage I'm talking about was described on the wikipedia site as having been caused by a power outtage that caused database corruption.
I don't know the details of the schema change you're describing, but I don't know why you'd expect downtime in general. I've certainly done schema changes on large tables in active databases in the past. I've done the same with downtime, though.
More recently, we've done it at work with multiple hundred million row tables by creating a new table and renaming the old one, then placing a view where the old table was and having all of the inserts start going against the view (all in a transaction).
Wikipedia has never had a substantial mysql related failure. The outage you're talking about was due to the upgrade to mediawiki 1.5, it was a planed and announced outage that took about as long as we announced it would take, although we'd been hoping for about half the time.
No, the outtage I'm talking about was described on the wikipedia site as having been caused by a power outtage that caused database corruption.
Can you be more specific? How often does slashdot go down?
Slashdot has a subtle ``down'' state where they only serve static pages. It causes neat things to break like the RSS feed that I get for my home page (any request returns a static page).
Wikimedia Foundation also runs on a small cluster of MySQL servers
Perhaps you don't remember their recent outtage that took the entire thing off the internet for a day or two while they had to completely rebuild their database from backups. All of the mySQL apologists were quick to point out that databases should be expected to be all corrupt and stuff when they lose power. Users of real databases were amazed that anyone would think that.
This is not possible without crippling the programming language.
Such languages exist, and I certainly don't consider them crippled. OCaml does lots of type safety checks at compile time, and the resulting applications run fast relative to what I can get any other compiler to do.
I don't know tons, but the cheapest AC Fry's had ($100 for something like 5000BTU) keeps my machine room fairly cool. I've got an Indy, O2, dual Ultra 2 (and a full D1000), G4 cube, and four or five random PCs. There's also a couple of managed switches and possibly more stuff (including UPS).
NAT is a "Good Thing"(tm) because most machines shouldn't have incoming access from outside their LAN. The inconvenience of manually mapping incoming packets forwarding far outweights the blatant lack of security. And god knows our networks are insecure enough already.
NAT stands for ``Network Address Translation'' not ``Stateful Firewall.'' I will never understand why people confuse these things so easily.
Why couldn't you just pass in a reference to the XmlHttpRequest object so people wouldn't be forced to use global variables to store the reference? Is that so hard?
I don't have any problem doing it without global variables. Look at the javascript behind this:
arch is vi unfriendly (you have to edit filenames that start with +), so that perhaps discourages a third of the potential users.
This is not entirely true. I use vi and arch and everything's cool. ``vi./+blah'' I don't try to edit those directly anyway, I just have an alias that looks like this:
vi `tla make-log`
Also arch enforces some rules by default that annoy people (like you can't keep any non-repository files in your directory, everything must be under version control at all times. which stinks if you like to keep little notes in your own shorthand).
It's perfectly happy ignoring my build directories and other random crap I use for testing. I just need to tell it what kinds of things it should ignore.
More importantly, if something looks like source, I want my revision control system to let me know if I'm forgetting it on a checkin (or worse, if someone else is forgetting it on their checkin and I sync and attempt a build only to find that they're gone and one little piece they added is missing).
Of course, the best feature of a voice-controlled remote would be to yell out, "Where the hell are you?" and have it respond, "Over here!"
Nah, voice controlled remote just means you're more likely to lose your voice.
(Roommate was all excited about using his PDA as a remote control and, just as I predicted, he lost it immediately after installing remote control software).
Slashdot Mirror
It was reported to work on Snow Leopard with a 32-bit kernel. It did not work with a 64-bit kernel. The source would build, but there were missing symbols.
Of course, there's more to do, but you can at least read your volumes again now.
She asked when she was a lot younger, but I told her she was too smart to be President.
Is it the age, gender, frequency, lack of experience, or area of interest that got this modded interesting?
I'll answer each part separately:
Kids aren't dumb.
Girls aren't dumb.
There are new people at Defcon every year.
Everybody starts somewhere.
Many people find puzzles interesting.
*shrug* I'm not sure what difficulty you are having. The whole reason you're reading an article about an 11-year-old doing this is not because she's a prodigy (that is orthogonal to this discussion), but because the vulunerability is so severe they can pick a random person out of a room and have her doing it in a couple of minutes.
If it had been me, I don't think the headline would've been as impressive, ``28-year-old Proves Locks Not So Secure.''
That's not picking, it's bumping. But yeah, she picked several locks (including a five pin that had one ``pick resistant'' spool driver in under a minute). I had only taught her to pick locks the day before.
Knowing one thing about something doesn't make you a hopeless nerd. Bumping a lock doesn't make her a thief. Skating the half at our local park doesn't make her a thug. Driving the WRX doesn't make her a sideshow kid. Getting an amateur radio license doesn't make her a 60 year-old man.
We can all do many interesting things if we stop worrying about labels and just try.
She actually had quite a bit of interest in locks. I taught her how to pick locks the day before. Matt Fiddler taught her how to bump them the day that video was taken, and Mark Weber Tobias thought it was really cool to see. She enjoyed picking way more than bumping (it's more of an intellectual challenge).
Now, she didn't seem to be that interested in the interviews (yes, there was more than one)... She wanted to get back to the locks.
What do you believe is a better place my daughter could've been that weekend? The mall?
She wasn't too happy when we mentioned getting someone to watch her for Defcon 15, so I think we all had quite a good time there.
Same thing the rest of us were doing there (myself, her mom, and several friends): Learning.
We all learned a lot. She had a really good time and wrote about it in her (otherwise hideous) blog.
I realize you're probably trying to be funny and all that, but the event isn't about teaching people to be criminals as much as it is understanding security issues. She no longer trusts all locks as providing impenetrable security.
The end result after Defcon 14 is that she learned a lot about how locks work, and what makes certain locks more secure than others. She's a good kid, and will be more likely to use the skills she learned from Defcon to help people pick out locks than she will to break into anything.
Educating people won't make them criminals any more than they would be otherwise. We didn't have Defcon when I was her age, and I certainly learned about vulnerabilities in some of the security related items around my neighborhood.
First of all, that's my kid, and her mom and I was standing right next to her.
You don't have to trivialize it so much, though. I taught her how to pick locks the day before and I'm sure she understands how they work at least as well as you do.
I don't know what you perceive as the problem with her being there. It was quite a fun event for the whole family.
Please read about the intent and supposed implementation of copyright laws before making such silly comments.
Copyright law gives exclusive distribution control to the copyright owner for a limited time. After this time expires, the works fall into the public domain, i.e., they become ``ours.''
Why can't I freely modify and redistribute the works of Jimi Hendrix however I feel fit. We all know who he is, and what his contributions were because he was a significant part of our culture...but that was quite a while ago. How does he suffer if I aquire his music for free?
Just when do you believe that to be? Legislation indefinitely and implicitly extends this copyright period as far as I've seen.
But yes, that does give me the right to free music. This is the entire point of copyright laws -- to reward creators for the contributions they bring that define our culture.
If you are still relying on something a family member created seventy years ago to to sustain you, maybe you should just make new stuff.
It would be good to understand his point before calling him names.
Yes, the music is supposed to fall into the public domain after a short period of copyright (similar to the way patents work). Legislation has lengthened that period to long enough that it no longer matters.
The things that make up our culture no longer belong to us nor do they really have any chance to.
Just create a functional index on lower(column) and search on lower(column). There are likely other solutions to this problem (such as ILIKE).
While it's true that PostgreSQL is more database than most corporate weenies need, it falls down in moderate write environments. It's best used for systems that write data very infrequently, otherwise it fragments quickly. The only solution to table and database fragmentation is dump & reload.
I send a bit over 100 write transactions per second on average to a postgres server. The bulk of that goes to a partitioned table (view + query rewrite rule) with two indexes per partition.
I've been doing that since 7.4. In 7.4, inserts would get slow and after a couple of weeks of that, my asynchronous transaction input queue would fill faster than I could empty it and I'd have to roll a new partition.
Shortly after we upgraded to 8.0, the guy who used to manage this machine left the company. I found it a few days ago having not rolled a new partition in several months. The table had over a billion records in it and the insert rate was not affected.
Most of the queries we perform against this partitioned are as fast as you'd hope they would be, but there are a few for which the plans aren't all that great across the partition. My understanding is that 8.1 improves the planner for partitioned tables, though.
They keep making it better.
(this is the second response I got with this informaiton, so I'm going to paste my response again):
Believe it or not, they actually did that on purpose. They wanted to modify their database schema, and if you do that on a live database in MySQL you're going to block everyone else from using the database for a long time
No, the outtage I'm talking about was described on the wikipedia site as having been caused by a power outtage that caused database corruption.
Here's the slashdot article to jog your memory.
Postgres has the same problem
I don't know the details of the schema change you're describing, but I don't know why you'd expect downtime in general. I've certainly done schema changes on large tables in active databases in the past. I've done the same with downtime, though.
More recently, we've done it at work with multiple hundred million row tables by creating a new table and renaming the old one, then placing a view where the old table was and having all of the inserts start going against the view (all in a transaction).
Wikipedia has never had a substantial mysql related failure. The outage you're talking about was due to the upgrade to mediawiki 1.5, it was a planed and announced outage that took about as long as we announced it would take, although we'd been hoping for about half the time.
No, the outtage I'm talking about was described on the wikipedia site as having been caused by a power outtage that caused database corruption.
Here's the slashdot article to jog your memory.
1. I've never encountered corrupted data with mysql (It seems to be urban legend), and I have worked on tables with billions rows for two years.
See wikimedia. It certainly happened there and affected all of us.
Can you be more specific? How often does slashdot go down?
Slashdot has a subtle ``down'' state where they only serve static pages. It causes neat things to break like the RSS feed that I get for my home page (any request returns a static page).
Wikimedia Foundation also runs on a small cluster of MySQL servers
Perhaps you don't remember their recent outtage that took the entire thing off the internet for a day or two while they had to completely rebuild their database from backups. All of the mySQL apologists were quick to point out that databases should be expected to be all corrupt and stuff when they lose power. Users of real databases were amazed that anyone would think that.
This is not possible without crippling the programming language.
Such languages exist, and I certainly don't consider them crippled. OCaml does lots of type safety checks at compile time, and the resulting applications run fast relative to what I can get any other compiler to do.
What are these three computers?
I don't know tons, but the cheapest AC Fry's had ($100 for something like 5000BTU) keeps my machine room fairly cool. I've got an Indy, O2, dual Ultra 2 (and a full D1000), G4 cube, and four or five random PCs. There's also a couple of managed switches and possibly more stuff (including UPS).
NAT is a "Good Thing"(tm) because most machines shouldn't have incoming access from outside their LAN. The inconvenience of manually mapping incoming packets forwarding far outweights the blatant lack of security. And god knows our networks are insecure enough already.
NAT stands for ``Network Address Translation'' not ``Stateful Firewall.'' I will never understand why people confuse these things so easily.
Why couldn't you just pass in a reference to the XmlHttpRequest object so people wouldn't be forced to use global variables to store the reference? Is that so hard?
I don't have any problem doing it without global variables. Look at the javascript behind this:
http://bleu.west.spy.net/jwebkit/threads.html
It's easy to get many asynchronous XML requests going on concurrently without a global variable in here. It appears to work for me.
...or just use less expensive cgi techniques.
It's not like they'd be the first to make a star wars fan film.
arch is vi unfriendly (you have to edit filenames that start with +), so that perhaps discourages a third of the potential users.
./+blah'' I don't try to edit those directly anyway, I just have an alias that looks like this:
This is not entirely true. I use vi and arch and everything's cool. ``vi
vi `tla make-log`
Also arch enforces some rules by default that annoy people (like you can't keep any non-repository files in your directory, everything must be under version control at all times. which stinks if you like to keep little notes in your own shorthand).
It's perfectly happy ignoring my build directories and other random crap I use for testing. I just need to tell it what kinds of things it should ignore.
More importantly, if something looks like source, I want my revision control system to let me know if I'm forgetting it on a checkin (or worse, if someone else is forgetting it on their checkin and I sync and attempt a build only to find that they're gone and one little piece they added is missing).
Logging in is REALLY hard to sell
See NeXTSTEP and MacOS X. Users were not root. Users seem to be getting along just fine. Login optional.
Of course, the best feature of a voice-controlled remote would be to yell out, "Where the hell are you?" and have it respond, "Over here!"
Nah, voice controlled remote just means you're more likely to lose your voice.
(Roommate was all excited about using his PDA as a remote control and, just as I predicted, he lost it immediately after installing remote control software).