You could also take the opposite spin on this: There is no secure internet access to begin with so why wouldn't you choose faster connection over more secure, but still compromised connection? Use SSL, TLS, SSH and the like where you need to be secure and assume that everything else is compromised. Why would one assume that their ISP is secure? Always assume that somebody is eavesdropping the connection, or running an active MITM against you, and consider if your mitigation actions are sufficient?
Would I consider TLS with SHA-1 to be sufficient for accessing Slashdot over potentially compromised network? Yes. In worst case my Slashdot account would be compromised, no big deal.
Would I consider the same to be sufficient for the company payment interface? No, I wouldn't.
My experience on this is that you need 'DevOps' to run the development environments but you need production ops to run, eh, production.
DevOps people don't necessarily have good understanding of the underlying issues of the production environment. There are several issues revolving around this: Security, availability, scalability, etc. As an example is dev who can secure the application but not the platform (database, web servers and so on).
Good handovers between the two are the key for success. If 'DevOps' changes the development environment in a significant way this needs to be taken into account when moving the version to production. Oh, you upgraded the database in development environment? I guess that explains why RTP failed and we had to roll back.
Some changes may be very simple to do in development environment, while difficult in production environment. Need some extra disk and upgrade your database backend? Sure, just get it done in the development environment but there may some issues when doing that in production environment; you may need unacceptable amount of downtime, etc...
That sounds like a Structure Query Language that was developed some years ago to allow business users to query databases. It would free programmers to focus on programming instead of running reports. Looks like it worked pretty well.
I'm not sure about the currency you got there, but it doesn't really matter: 100 currency units is cheap for 3-5 hours of flying, no matter what currency! I'd have to pay almost 3-5 times more than that for flying.
On the other hand 100 EUR will get me 3-5 skydives in Europe or 100 USD will get me 3-5 skydives in US.
This is not them asking for your account but rather asking you to AUTHORISE gawker's access to your account details.
The way I read it is that Gawker is using Facebook as authentication service. Once authenticated Gawker is authorizing you to do certain things, like post comments.
Bug finders now still get paid. but those who don't reveal everything Google wants do not.
True, and I don't think they are unreasonable to demand the full exploit when they are paying for it.
I don't necessarily always agree with Google's approach but I think it's good that they man up and pay for the bugs. I wish more companies would do that.
I now alias "r" as "rm -i". "r" by itself does not have default behavior on most computers.
I have a friend that used to alias "r" for "rm" and "e" for "emacs". Once he had to restore his thesis from day or two old backup he stopped doing that:)
- Create a new file.
- Dump the data into the new file.
- Rename the old file.
- Rename the new file so it has the same name as the old one.
- Delete the old file.
This. Some of the more recent applications may replace last three steps with atomic rename so that new file replaces the old one. Linux has supported atomic rename already for a good while and so do Vista and later versions of Windows. Even after this data from the old file and new file are still retained on disk, even though space used for the old file will be marked 'free'.
Before I go any further, I am a pilot.
[...]
Final approach and landing is the single most dangerous operation performed by pilots
I have to say I'm surprised about that statement. Here I thought that being on final would set you up nicely for the landing; you'd be already lined up with the runway, most probably well positioned on the glideslope and more or less ready to take anything. Lose an engine and dead-sticking it down shouldn't be a problem.
I'd call take-off the most dangerous stage of the flight. You are just about the leave the runway, if you lose the power too many inexperienced pilots will try to make the "impossible turn" and make it back to the runway they departed. During and immediately after the take-off you don't have altitude, you are usually out of position and have limited number of outs to take if something goes wrong.
"Altitude above you, runway behind you and fuel on the ground don't do you any good."
Now, if you take the lasers into the equations it doesn't change the fact that additional risk is the same in both of the cases. Losing your sight on the take off is just as bad and during the landing - same thing goes for being momentarily distracted. VFR pilots are notoriously bad at maintaining the level flight when the lose sight of the horizon. Controlled Flight Into Terrain is just as deadly no matter whether just after the take off or just before landing. It is still worth remembering that the baseline risk is higher on the takeoff.
USPA suggest that skydivers should pre-breath 100% oxygen for 30 minutes before take off for jumps with exit altitude is above 25000ft MSL, so well within range of commercial airlines and to some extent, general aviation.
Difference between climbing Everest and rapid decompression of an plane is that there is no time to acclimatize. Above 25k most of the people will be affected by hypoxia almost immediately and would be in risk of DCS. Logic is the same as for why scuba divers ascend slowly at end of the dive to avoid DCS.
My comparison of the risks was limited to DCS, obviously parachute would help the survival a bit.Usefulness of the parachute may be limited by hypoxia which may lead to unconsciousness - even though person may recover in the freefall once they have reached lower altitudes, as has happened with high-altitude skydivers.
Oxygen pre-breathing is required for high altitude skydiving to avoid DCS. I'd assume that rapid decompression in the plane would subject you to the same risks.
This. I really don't like Apple products because of arbitrary lock down, but I do have to give you that they came up with the best touch interface I have ever seen.
I'll tell you why. Because it's patent-free, unencumbered, and an easy bulletlist item to put on a device.
The fact that it is patent free is a selling point for the company that manufactures the device, not for the end user. End user doesn't have to deal with patent licensing or any of that crap, they just either have the product or they don't.
Acording to the aztec, their Tlatoani Ahuizotl, persoally killed 84,400 prisioners in four days using a stone knife...
That means he would have killed prisoner every 4 seconds for four days, non-stop. I go out on a limb and say that it's pretty safe to assume that the number is a bit on the high side.
Slashdot Mirror
You could also take the opposite spin on this: There is no secure internet access to begin with so why wouldn't you choose faster connection over more secure, but still compromised connection? Use SSL, TLS, SSH and the like where you need to be secure and assume that everything else is compromised. Why would one assume that their ISP is secure? Always assume that somebody is eavesdropping the connection, or running an active MITM against you, and consider if your mitigation actions are sufficient?
Would I consider TLS with SHA-1 to be sufficient for accessing Slashdot over potentially compromised network? Yes. In worst case my Slashdot account would be compromised, no big deal.
Would I consider the same to be sufficient for the company payment interface? No, I wouldn't.
Hey, don't be mean! MySQL supports it as well
No, I need the review to avoid being ripped off.
No, it's not downsizing, it's just restructuring overlapping functions after all the mergers.
My experience on this is that you need 'DevOps' to run the development environments but you need production ops to run, eh, production.
DevOps people don't necessarily have good understanding of the underlying issues of the production environment. There are several issues revolving around this: Security, availability, scalability, etc. As an example is dev who can secure the application but not the platform (database, web servers and so on).
Good handovers between the two are the key for success. If 'DevOps' changes the development environment in a significant way this needs to be taken into account when moving the version to production. Oh, you upgraded the database in development environment? I guess that explains why RTP failed and we had to roll back.
Some changes may be very simple to do in development environment, while difficult in production environment. Need some extra disk and upgrade your database backend? Sure, just get it done in the development environment but there may some issues when doing that in production environment; you may need unacceptable amount of downtime, etc...
Is "Pre-Alpha" same as Beta used to be before Google?
That sounds like a Structure Query Language that was developed some years ago to allow business users to query databases. It would free programmers to focus on programming instead of running reports. Looks like it worked pretty well.
I'm not sure about the currency you got there, but it doesn't really matter: 100 currency units is cheap for 3-5 hours of flying, no matter what currency! I'd have to pay almost 3-5 times more than that for flying.
On the other hand 100 EUR will get me 3-5 skydives in Europe or 100 USD will get me 3-5 skydives in US.
Why connect to a free and often slow/overloaded wifi when most people get acceptable 3/4G service around town ?
Because my "service provider" charges me my first born son for roaming data.
True. Atleast HEL is using that but based on Bluetooth instead of WIFI. Article mentions CPH, OSL and LHR using it as well.
It’s massive, so it’s almost certainly a gas giant like Jupiter, and it’s hot, probably about 730 C (1350 F) at the tops of its clouds.
This is not them asking for your account but rather asking you to AUTHORISE gawker's access to your account details.
The way I read it is that Gawker is using Facebook as authentication service. Once authenticated Gawker is authorizing you to do certain things, like post comments.
I guess that accounts for all the cheap labor.
to this:
I wouldn't believe anything Mr. Woo has to say.
If you have other reasons why you don't trust what Mr. Woo said, maybe it'd be worthwhile to air those as well.
As the old saying goes: "A man with one clock knows what time it is. A man with two clocks is never sure."
Bug finders now still get paid. but those who don't reveal everything Google wants do not.
True, and I don't think they are unreasonable to demand the full exploit when they are paying for it. I don't necessarily always agree with Google's approach but I think it's good that they man up and pay for the bugs. I wish more companies would do that.
If you are sure about this, I suggest you short the stock and make some money out of it.
I now alias "r" as "rm -i". "r" by itself does not have default behavior on most computers.
I have a friend that used to alias "r" for "rm" and "e" for "emacs". Once he had to restore his thesis from day or two old backup he stopped doing that :)
it's not unusual for a program to:
- Create a new file.
- Dump the data into the new file.
- Rename the old file.
- Rename the new file so it has the same name as the old one.
- Delete the old file.
This. Some of the more recent applications may replace last three steps with atomic rename so that new file replaces the old one. Linux has supported atomic rename already for a good while and so do Vista and later versions of Windows. Even after this data from the old file and new file are still retained on disk, even though space used for the old file will be marked 'free'.
Before I go any further, I am a pilot. [...] Final approach and landing is the single most dangerous operation performed by pilots
I have to say I'm surprised about that statement. Here I thought that being on final would set you up nicely for the landing; you'd be already lined up with the runway, most probably well positioned on the glideslope and more or less ready to take anything. Lose an engine and dead-sticking it down shouldn't be a problem.
I'd call take-off the most dangerous stage of the flight. You are just about the leave the runway, if you lose the power too many inexperienced pilots will try to make the "impossible turn" and make it back to the runway they departed. During and immediately after the take-off you don't have altitude, you are usually out of position and have limited number of outs to take if something goes wrong.
"Altitude above you, runway behind you and fuel on the ground don't do you any good." Now, if you take the lasers into the equations it doesn't change the fact that additional risk is the same in both of the cases. Losing your sight on the take off is just as bad and during the landing - same thing goes for being momentarily distracted. VFR pilots are notoriously bad at maintaining the level flight when the lose sight of the horizon. Controlled Flight Into Terrain is just as deadly no matter whether just after the take off or just before landing. It is still worth remembering that the baseline risk is higher on the takeoff.
USPA suggest that skydivers should pre-breath 100% oxygen for 30 minutes before take off for jumps with exit altitude is above 25000ft MSL, so well within range of commercial airlines and to some extent, general aviation. Difference between climbing Everest and rapid decompression of an plane is that there is no time to acclimatize. Above 25k most of the people will be affected by hypoxia almost immediately and would be in risk of DCS. Logic is the same as for why scuba divers ascend slowly at end of the dive to avoid DCS. My comparison of the risks was limited to DCS, obviously parachute would help the survival a bit.Usefulness of the parachute may be limited by hypoxia which may lead to unconsciousness - even though person may recover in the freefall once they have reached lower altitudes, as has happened with high-altitude skydivers.
Oxygen pre-breathing is required for high altitude skydiving to avoid DCS. I'd assume that rapid decompression in the plane would subject you to the same risks.
good UI for people
This. I really don't like Apple products because of arbitrary lock down, but I do have to give you that they came up with the best touch interface I have ever seen.
I'll tell you why. Because it's patent-free, unencumbered, and an easy bulletlist item to put on a device.
The fact that it is patent free is a selling point for the company that manufactures the device, not for the end user. End user doesn't have to deal with patent licensing or any of that crap, they just either have the product or they don't.
UAC is quite different from su / sudo. [...] it allows an Administrator to run processes as a LESS privileged user
But how is that different from su or sudo? Your su/sudo target account doesn't have to be root.
Acording to the aztec, their Tlatoani Ahuizotl, persoally killed 84,400 prisioners in four days using a stone knife...
That means he would have killed prisoner every 4 seconds for four days, non-stop. I go out on a limb and say that it's pretty safe to assume that the number is a bit on the high side.