Slashdot Mirror


User: Rich0

Rich0's activity in the archive.

Stories
0
Comments
11,574
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,574

  1. Re:human germs don't like higher body temp on Fighting the Flu May Hurt Those Around You · · Score: 1

    In Europe we call temperatures of more than 100 boiling, not fever. I'm surprised your kid lasted a week.

    Don't act like you're all scientific and stuff until you start using Kelvin. Normal body temperature is 310.2K.

    My body is 558.27R and that's the way I like it...

  2. Re:M81 and M82 on New Supernova Seen In Nearby Galaxy M82 · · Score: 1

    The galaxies M81 and M82 are only about 300K ly from each other. A decent telescope can image them both at the same time.

    Well, technically, the less decent the telescope is the better the chance of "imaging" both at the same time - less magnification = larger FOV. Any photo of the night sky at the right time would contain both, not that you'd actually see them.

  3. Re:LOL ... on New Supernova Seen In Nearby Galaxy M82 · · Score: 3, Informative

    I always get a kick out of the title "The Local Group", which means stars in our relative vicinity, 12 ly or so. .

    The Local Group is actually a collection of nearby galaxies, not stars. The closest member (not including the Milky Way) is 25k ly away...

  4. Well, you get the NSA endpoints whether you use TOR or not, so...

  5. Re:I look forward . . . on You Might Rent Features & Options On Cars In the Future · · Score: 1

    very cool. Kia has been really trying to move upscale recently. I think the Korean auto makers are tired of not getting enough respect.

    Honestly, it wasn't a hard choice for me. 100k mile warranty, and for just a bit more than their base model on truecar I got a car loaded with just about every feature I cared about, and some I've learned to love but never thought I needed. I ended up with a no-compromise car for less than what I expected to pay for a generic Camry.

    Not that it will do me any good, but it looks like Kia is getting into the Open Automotive Alliance. Support for reading their extended OBD/etc codes is built into apps like Torque, and they publish their service manuals for free online (registration required - kiatechinfo.com). Their service requirements are also fairly minimal, and they use a timing chain. The local dealer of course still wants you to replace half the car every 30k miles, but overall they seem very consumer-friendly. I do hear they can be a pain on warranty claims if you don't document everything well, so I've been saving my receipts/etc (I do most of my own routine work - plenty of room in this car probably since I don't have the turbo).

  6. Re:How do I get clients like this? on Hacker Says He Could Access 70,000 Healthcare.Gov Records In 4 Minutes · · Score: 1

    I get between a few hundred and a few thousand USD for any given contract, and my clients actually expect their software to work. How does one go about getting this much money for a steaming pile of shit?

    Back when the healthcare.gov story broke I was a little behind on browsing the news, and a friend asked me how much it cost to put together a website. I said that it basically depends, and he said, "well, you can do it for a few thousand dollars, right?" I said, "for a simple store/etc, sure." He then began to rant about healthcare.gov and I smiled having not heard the news, and explained that even though I worked for one of those highly esteemed private company, there is no way we'd put together something half as complex as that signup website for internal use only for less than about $200k. I've seen $30k spent on little more than sharepoint forms, and that is accounting only for the IT organization's time and hard costs and not even for stuff like enterprise licensing.

    When you write software for some small business you usually have to come up with something that works reasonably well and which pleases one person who probably has a huge personal stake in the outcome and is probably paying for it out of his pocket (effectively). When you write software for a large business you have to deal with all kinds of interface requirements, lots of formalism, and dealing with pleasing 14 people who can't agree on anything and half of which don't really care if the project succeeds or not. When you write software for a government contract you get all of that, plus you're dealing with 37 subcontractors that you're told you have to deal with like it or not, and half of the government and about 49.8% of the US population are rooting for you to completely fail. Oh, and when you're done every single hacker on the planet is going to take a crack at it the day it launches.

    These projects also fall into the trap of formalism all the time. If success/failure are defined by whether a list of 35,824 requirements are met or not, then you focus on those requirements to the exclusion of ANYTHING else. I doubt there was a requirement, "the system shall not allow access if a client submits a cookie based on a valid cookie but a sequentially near session ID and timestamp." Heck, I doubt cookies made it into the list at all. Maybe there was a requirement, "the system will not provide access without a valid password" - no doubt a test case was run where a user types in a password correctly and incorrectly, and check, the latter gives an error.

  7. Re:Okay, but... on Hacker Says He Could Access 70,000 Healthcare.Gov Records In 4 Minutes · · Score: 1

    Sure, it was a pain, but it really wasn't that hard to secure an additional 7 hack attempts (6 of which I had never heard of, despite all my years in the industry).

    A chain is as weak as its weakest link - how is it useful to secure against an additional 7 attack vectors, when you know about an 8th that is still open and apparently automatable? And that says nothing about unknown vulnerabilities. Unless the 8th vector was purely hypothetical and you have good reason to believe it would not be possible in practice, you're not really secure. Even if you fixed it you can't be sure you're secure.

    Security is very hard. Just look at the unknown list of zero-days it sounds like the NSA is sitting on and ask yourself who else has a list like that?

  8. Re: Okay, but... on Hacker Says He Could Access 70,000 Healthcare.Gov Records In 4 Minutes · · Score: 1

    While that is true, customers have the choice to not work with companies that have shown poor security practices.

    Sounds great - tell me how to opt-out of Experian, Equifax, and TransUnion? I imagine 98% of the US population would be interested in joining me.

  9. Re:Okay, but... on Hacker Says He Could Access 70,000 Healthcare.Gov Records In 4 Minutes · · Score: 1

    However, Healthcare.gov has access to SS numbers, addresses, phone numbers, driver's license numbers and God knows what else. Not only is it damned hard to change some of those, but even if you succeed you could be ruined for the rest of your life.

    While the security problems are inexcusable, frankly so is the fact that your life can be ruined simply because somebody knows some information about you. Information that is shared with anybody at all is almost impossible to keep completely secure, and the numbers you list above are shared with a LOT of organizations. If you want to authenticate a connection to a server you don't ask it for its IP address or the name of its CEO's mother - you ask it to decode a hash you encrypted using its published public key.

    If it didn't cause so much chaos for the people involved I'd half-wish that somebody would just get it over with and publish the complete credit histories of every American on a website somewhere so that it becomes completely impossible to authenticate anybody using the current schemes. Instead the problem is just big enough to cause incredible hardship for an unlucky few while society just plows ahead oblivious to their plight.

  10. Re:HTTP/HTTPS Issues? on Scientists Detect Two Dozen Computers Trying To Sabotage Tor Privacy Network · · Score: 1

    Sorry, but modern browsers don't really address that. The problem with the browser warnings is their definition of insecure. You only get warnings if there is something wrong with an encrypted https site like an invalid certificate. Using an unencrypted site is NOT seen as insecure as it would annoy users during most of their normal browsing sessions.

    Indeed, it drives me nuts that a self-signed SSL cert makes users jump through about 47 hoops to bypass, but right now I'm posting this form on Slashdot without any authentication or encryption at all and the browser is just fine with that. I have no idea if this session is being intercepted or tampered with.

  11. Re:Rave for Diatomacious. on CES 2014: A Bedbug Detector that Looks Interesting but has Detractors (Video) · · Score: 2

    It's completely and absolutely harmless for you, babies, pets, etc.

    Once it's settled out of the air, sure. During application and until it settles, you should wear respiratory protection and keep kids/pets/etc out of the area. That pure, fine dust can and will cause inflammation of the respiratory tract if inhaled.

    Well, I probably wouldn't want to inhale too much of the dust in any case, but you should use food-grade DE. Other grades can be treated in a way that can cause serious lung issues.

  12. Re:Diatomaceous earth works. on CES 2014: A Bedbug Detector that Looks Interesting but has Detractors (Video) · · Score: 1

    Yup - used it to de-flea the house after treating the pets.

    Oh, be sure to buy food grade though. The filtration-grade stuff (often used in pool filters) is treated differently and can cause lung problems if inhaled (silicates/etc). The food-grade stuff is, as the name suggests, suitable for ingestion. It isn't really used as an ingredient in human food, though it might very well be used in processing food (it is a decent filtration substrate, less effective than carbon but it lasts a lot longer).

    My understanding is that the little pieces of silica basically get caught in the exoskeletons of insects and puncture their skin, causing them to dehydrate. I thought it was fatal to them, but it does get rid of them. With the flea problem we had I just sprinkled it into any place the pets frequented and all the beds, and just lightly rubbed it in. After a few weeks I vacuumed it up anyplace it was still around. A little goes a long way and it is dirt cheap - it is literally dug out of the ground.

  13. Re:And what about... on Who Makes the Best Hard Disk Drives? · · Score: 1

    Enterprise grade disks? The cheapest disk is not always the cheapest disk in the long run. I can buy consumer disks for my disk servers, but when they fail I have to spend time replacing them and paying for them myself. When my enterprise grade disks fail, they're under warranty and are replaced "free".

    Enterprise grade anything costs quite a bit more. It has some benefits, and some costs. It tends to make sense in enterprise implementations at low to moderate scale, or where IT managers just dread the thought of IT. Companies that are best in class tend to avoid it. Google runs its clusters off of consumer grade hardware, so it doesn't surprise me if storage vendors do the same with their storage. In both cases they just design the software to make up for the shortcomings of the hardware, which is a one-time investment that easily pays for itself at the scale they operate at.

    All those fortunate 500 companies that run VMWare or use Amazon could probably do better by hiring qualified personnel to run OpenStack or whatever. However, this is WAY more than a typical IT manager wants to deal with, so they just throw a lot more money at the problem to make it somebody else's problem. That's probably better than their second choice, which is to do it in-house but under-invest so that the whole thing ends up costing them more. At work we have forced downtime on servers for backups/etc before upgrades even though they're virtualized on VMWare with databases on Oracle. We're paying a premium for features like snapshotting and hot backups that we don't take advantage of, because nobody wants to hire a DBA/admin who knows how to do anything other than follow a script to provision a server/schema/etc. I'm sure it all runs on Enterprise grade hardware...

  14. Re:100% write? on Who Makes the Best Hard Disk Drives? · · Score: 1

    What's the use case for any more than 50% write?

    Besides backup which everybody else is pointing out, what you think of as 50% read, 50% write, ends up being more than 50% write if you need redundancy. Take mirroring for example - every byte gets written twice, but need only be read once if you only access it once.

    Just look at Amazon Glacier - it is dirt cheap as long as you never need to read the data back. Sometimes there is data you need to keep for legal reasons and you never know what you'll need to recall, but you know that it isn't likely you'll need to recall much.

  15. Re:Ignorant to their own research on Who Makes the Best Hard Disk Drives? · · Score: 1

    When you're talking about thousands of drives, I'm sure they are arrayed such that they can handle quite a few failures before there are problems. I doubt redundancy is engineered across the entire set of drives, so there probably are some circumstances where losing the right set of 3 drives or whatever could cause them problems. However, the chances that 3 randomly chosen drives cause problems is probably vanishingly small.

    I don't work for them or know the details - I'm just speculating here. If you just set up 10k drives in 1000 RAID6 arrays of 10 drives each, then you could in theory have 2000 drives fail before losing data, but that would require a LOT of luck. In theory you could lose data if only three drives fail, but that would also require a LOT of luck. If redundancy were engineered across the entire collection of drives then they'll obviously need to handle more than a few failures, but knowing failure rates you could make the chances of a data loss due to anything other than a disaster extremely low.

    Oh, and unless you don't care about a flood or whatever destroying all your data you still need offsite redundancy.

  16. Re:Ignorant to their own research on Who Makes the Best Hard Disk Drives? · · Score: 1

    Right... if you can get 50 drives from Hitachi with a 5% failure rate or 100 drives from seagate with a 25% failure rate, it's still cheaper to go with seagate. If you're only buying 1 drive and have no backup, clearly steer away from them.

    Somehow I doubt they're getting more than a 20% discount relative to what they could get at the same volume from the other vendors. But, who knows...

  17. Re:If I install open source ECU software.... on You Might Rent Features & Options On Cars In the Future · · Score: 1

    ...will I be charged with circumventing security & have my car towed away?

    No, but you will be charged with tampering with an emissions control device. Not kidding - in counties that have emissions controls it is illegal to mess with the ECU. Since modern emissions tests just consist of asking the ECU how it is doing (and charging you $70), I guess that makes some sense.

  18. Re:I look forward . . . on You Might Rent Features & Options On Cars In the Future · · Score: 1

    There are heated steering wheels. Generally only on high end cars, but they do exist.

    My Kia Optima has them and costs less than a Camry - they're not only high-end...

  19. Re:All I Have To Say Is on You Might Rent Features & Options On Cars In the Future · · Score: 2

    Which oscilloscope?

    No idea what the parent had, but I know back in the day at least the nicer Tektronix oscilloscopes were configurable feature-wise before delivery. A lot of it was software anyway, and it was cheaper to just make them all the same and then charge for what the customer paid for. But, from what I hear people still got annoyed by it (though my understanding was that back in the 80s no engineer was too upset about getting a Tek scope).

  20. Re:eh? on Rosetta Probe Awakens, Prepares To Chase Comet · · Score: 1

    To land on a body with an atmosphere you have to just carry shielding and hit it at the right angle and the friction does the rest.

    Except Mars has such an incredibly thin atmosphere that a parachute needs to be impossibly large for a soft landing. The gravity is too high for a rocket-powered landing like on the moon. Not to mention that same thin atmosphere being thick enough that you also need a tough heat shield.

    Actually, the atmosphere gets you 99% of the way. As I said in my post, an atmosphere only gets you to terminal velocity, so you usually still have some slowing down to do.

    Compared to interplanetary velocity, terminal velocity is barely moving at all. On Mars it just happens to still be high enough to smash the probe. If you had to decelerate the probe completely to rest using only propellant (such as to land on one of Mars's moons) you'd need a lot more propellant. Actually, Mars's moons have the advantage of being small, so at least you don't pick up too much speed as you approach them.

  21. Re:eh? on Rosetta Probe Awakens, Prepares To Chase Comet · · Score: 2

    The lack of gravity and atmosphere might make the comet easier.

    Well, lack of atmosphere means that you need more propellant to equalize velocity. To land on a body with an atmosphere you have to just carry shielding and hit it at the right angle and the friction does the rest. The problem is that this gets you to terminal velocity and not zero velocity, and you don't want to hit the ground at terminal velocity.

    If you're going to intercept a body without an atmosphere you have to equalize speed with only the use of propellant, so that is a lot more mass to carry. However, you can do that in a much more orderly fashion so that when you get close to the body you're barely moving at all relative to it.

    So, both are challenging problems, but in different ways.

  22. Re:Dump the Japanimation on How Can Nintendo Recover? · · Score: 1

    Nintendo is based in Japan but is an international company.

    Historically, there really was no such thing as an international company based in Japan. There were Japanese companies that just happened to also sell some of their products overseas. It used to be that companies in Japan didn't really concern themselves much with international market share.

    Now, clearly that is less the case today, but could Nintendo's problem be that they're still in the mindset of a traditional Japanese company that doesn't really care how much money they make in the US, other than for the fact that if they go out of business they can't sell their consoles in Japan?

  23. Re:Market is Apple/Google's, but N has an advantag on How Can Nintendo Recover? · · Score: 1

    Android is even easier (you can do it on a PC, there is a bigger range of device options and IIRC you dont need to pay any costs to publish on Google Play)

    The SDK is open source. You can basically use it on any computer, though I imagine it would be easier on an x86-derivative.

    The platform is also open-source. If you wanted to you could make an Android-based console of your own - like a tablet with a controller built in. Android even works without a touchscreen (though I'd hate to use it that way, and ever since they stopped putting trackballs in them I'd shudder to think about whether most app devs really test accessibility).

    But, yes, just about every computing platform out there from MS, Google, and Apple and others is far more open than Nintendo. I imagine that XBox is somewhat painful to license a game for, but for that you can at least target your code at Windows to get started and port it over, and have a consolation prize if MS doesn't let you in.

  24. Re:For a noted pragmatist, Linus is dead wrong... on Linus Torvalds: Any CLA Is Fundamentally Broken · · Score: 1

    I'm just saying that there is a finite risk of a court doing exactly what you say that it won't do, just as there is a risk that the FSF will screw everybody over with GPLv5 that says all your code belongs to us.

    The problem with depending on a non-upgradable license is that it can't evolve. The legal system evolves. Nobody changed any laws or the constitution and yet bans on gay marriage were once perfectly legal and most likely will not be in the US. There isn't a securities or tax law out there which isn't wantonly violated every day by companies with enough lawyers to weasel their way around it.

    I think that GPLv2 being de-fanged isn't terribly likely. However, I still think it is unwise to hang all your hopes around any single legal document that is immutable. If the GPLv2's equivalent of the interstate commerce clause is ever discovered, there goes Linux...

  25. Re:For a noted pragmatist, Linus is dead wrong... on Linus Torvalds: Any CLA Is Fundamentally Broken · · Score: 1

    Is that not the point of clause 14's or any later version. Yes your risking that the FSF does not go bad and publish GPL 9321 everything belongs to your corporate masters edition. The main issue with the CLA's is them allowing dual licencing without your consent it's just a for profit company getting free labor. We already have cases like this Bacula comes to mind.

    Don't get me wrong - I'm no fan of Canonical's CLA. Of the CLAs I've seen the FSFe's FLA seems like the best I've seen so far. I just think that GPL n+ is a better choice than GPL n because the benefits outweigh the risks. I recognize that there are risks either way - trusting the FSF vs trusting the legal system.

    Here's another perspective - what law designed to regulate corporations wasn't ever ultimately twisted via loopholes into basically accomplishing the opposite of what it intended. That is, those it intended to regulate ended up being free to violate the intent of the law, and the law ended up instead limiting the competition by raising barriers to entry?