Thankfully I'm not important enough to be a target.
A common myth, based on a belief that "hacking" is done by some smart guy sitting around thinking about which "important person" to go after next.
The answer (if you're smart enough and slightly lazy) is "why not everyone?" or at least "anyone that falls into the trap". An automated program doesn't really care who you are, if you're "important" or not. Only that it can trick you into losing some money. Personally I think that's why a lot of people fall for 419 scams.
Once firefox has visited a website using SSL, firefox needs to automatically connect to SSL, and never trust unencrypted data from that site again.
There's at least one problem with that approach. The one I can think off the top of me head is the initial landing site might be http only, and the login site is https. So your browser goes to http://www.nameofmybank.com/ you click on a link to https://login.nameofmybank.com/ If the browser only cares about the whole site name, it'll only go to the http site when you start at the landing page. If that's the case, you're sunk and the attack works.
Such a fix would need to be domain wide (which may or may not work for some domains). So I'm not sure if there's any EASY, generalized way to fix this problem.
If I read it right, encrypt it all, turn off http except as a 301 redirect to https and you should be fine. Anyone confirm this?
Not really. You've only shifted the problem into one of intercepting and modifying the 301 redirect, from intercepting the individual links.
You could turn off http entirely, but then you'll get people complaining that your website doesn't work from the vast majority of people (hell, including me really).
This is really a browser problem, and a user problem. One way to fix this would be for the browser to recognize sites (domains really) that should be HTTPS ONLY, and refuses to use HTTP when going to them. I.e. the user types, clicks, or uses a bookmark to go to www.mybank.com, and instead of the default http, it goes to https. If it encounters a non-http link for that domain, it simply disobeys (or puts up a huge warning flag).
Melting ice from the north pole will not alter the sea level at all.
Sometimes experiments you conduct in your house don't have enough precision, or don't replicate the conditions accurately enough.
The problem with the kitchen experiment is that the sea is composed of salt water, and the polar caps are mostly fresh water. I forget the actual science involved (you can look it up at http://www.physorg.com/news5619.html , but the end effect is that even floating ice melting will raise sea level a little.
It's always a very good idea to take single quotes from a summary out of context, and make sweeping statements about that. This is especially true for science. Science really isn't one of those topics that require some in-depth knowledge to understand what's going on.
Taking off the sarcasm tag for a moment, this is one of the worst "science" pieces I've seen on slashdot in perhaps the last year. Cobbling together some serious accusations of scientific incompetence from a series of links doesn't really show anything. How the hell do I know how to interpret these statements in context? The links are all taken OUT of context and put into an entirely new argument without any further analysis or explanation. I'm left with what amounts to some hand waving and ranting about "scientific bias". Without a real analysis by someone qualified to make it this "story" is best left ignored.
I've had plenty of private citizens and rent-a-cops (though no real cops) jump down my throat because they perceive me as some sort of "threat".
The thing you have to understand is that most people learn about "terrorists" or "evil-doers" through movies and television. What's the first thing the people in movies/television do when planning a big heist? Take pictures. It's a standard movie plot line as it sets up part of the "planning stage" of the movie. Whether REAL "terrorists" or "evil doers" do this I couldn't say, but it doesn't really matter. In this sense, perception is reality.
I read the page. The take home is that a douche-bag could sue you (a photographer) and cost you a lot of money for buildings built after 1990, so better get permission first. That's really always the case anyway.
The context we're operating in here is Google, with nearly unlimited resources vs. a couple trying to make a payday. They really have no case here, and never did. There's simply no way to spin this into a big payday.
could you make a copyright claim about photos of your house under U.S. Copyright law, as a "3-D work of art"?
No. Taking a picture of your house isn't "copying" it. Taking the plans of your house and building an exact copy of it _might_ be a violation of copyright. Just thinking this couple didn't think creatively enough here for the proper law that could be used for a suit.
No, the couple are just money grubbers looking for a payday from someone with deep pockets. Sometimes people just have no case.
If all you've got are analogies, you've already lost. "If X's were Y's, then I'd be correct!". Reasoning by analogy might reveal your thinking and be an interesting intellectual exercise in connecting unlike things, but it makes an extremely poor argument.
He got arrested because even after they fired him he wouldn't give them the passwords.
Is refusing to give out a password illegal? How? How are they supposed to manage the network if the only guy who knows the passwords is the guy you fired?
I don't know. How would the manage the network if the guy got hit by a bus?
The problem of an unknown password that can't be reset is much larger than one guy going for a power grab. There's various ways to solve this, but one of them isn't throwing a guy in jail, charging him with 4 felonies and pretending it's all his fault.
It seems to me the whole thing is really about a power struggle with a recalcitrant employee. Someone with a lot of authority in City Government sicked Johnny Law after this guy when he refused to give out the admin passwords. The city then calls up the media, lets out the dogs, scarlet letter, the whole 9 yards.
In reality, is failing to reveal an admin password a criminal offense? Have we really gotten so strange in this day and age that some passwords are now considered "property"?
I have no problem with him being fired. He sounds like a control freak who took the whole system to be his personal baby. But the charges against him sound more like someone is pissed off, and trying to take it out through the court system.
However, he did also say that there was no guarantee that it wouldn't be blocked again, all that had to happen was for someone to make a complaint against me for spam.
So why not take the hint, and send your mail through a 3rd party (maybe the free comcast SMTP server)?
I couldn't agree more. Unfortunately we've created both of those situations in the US. The Iraq war has/had hundreds of billions of dollars going to paid mercenaries. Blackwater (one of the mercenary companies) has recently had plans of expanding their business to INSIDE the united states.
I worked on Itanium/Merced. Keep in mind I was mid-level (not high enough to see the good political fights first hand, only getting the after effects).
I have to believe that there were forces inside Intel that wanted Itanium to fail. It's hard for me to believe that if the project was this important they wouldn't have pulled some Top Guy that Gets Things Done on the project. After the chip had slipped 2+years, no one wanted to work on this thing anymore.
Back in 2000 or 2001 I went to JavaOne and went to a talk by some Intel engineers about how cool Itanium was going to be. They had to be he least enthused about any project I'd ever seen. The paper features sounded pretty cool, but you'd talk to them and you could just tell they thought the thing was a total piece of garbage. They didn't say it outright of course, but the sounds of their voices and the expressions on their faces told a very different story.
You've made two assertions that I believe are incorrect.
That a context switch occurs when you go from a one library to another. That context switches can account for a 20% speed difference in executing Javascript.
The first one is outright wrong. There's no need to either start a new process just to use a different library, or switch to some other already running process.
The second one is extraordinarily hard for me to believe. You'd only see a high overhead for a context switch (which isn't happening here anyway) if you were doing a tiny amount of work that doesn't make up for the cost of the switch.
Small pox killed tons of people too, yet that one isn't getting passed out these days.
Right. Because smallpox was eradicated from the planet more than 30 years ago. So...1% risk of death from taking the Small Pox vaccine .
1% risk of death? Where the hell did you come up with that number? That's an ENORMOUS risk, and would never be deemed acceptable by anyone. The risk of death is more like one in a million, and nowhere near 1%.
You might want to actually do a little research before picking an example.
So...while I generally believe vaccines are a good thing blindly trusting those who profit on you getting them when they say there is no risk is stupid and dangerous to say the least.
Who said there's no risk? There's always a risk. The GP was trying to point out that the risk of the vaccine is a lot lower than the risk of doing nothing (which a lot of people seem to ignore).
I also don't really with how you've tried to polarize this argument into a series of extremes. Big Bad Pharma who "doesn't create cures" vs. Poor Ignorant Parents who lap up everything Big Pharma says.
You shouldn't really blindly trust anyone. In this case we don't have to. There's huge rafts of evidence on the efficacy of these vaccines, and a long history of people dying of Measles, Mumps and Rubella. Isn't that what we're talking about here, not a vaccination (HPV) just developed practically yesterday?
Deflation might suck if you are already loaded up with debt, but not all of us are.
I don't know the actual numbers, but most people ARE loaded up with debt. That might be a mortgage or student loan. That means that a larger debt load hurts a lot more people than it would "help". I kind of like the idea of having everything drop in price, except for my wage that is.
You don't live in a vacuum in isolation with everyone else and the whole economy. Everyone else effects you, since the economy links us all together. Deflation is bad for people without debt because you just might not HAVE a job in a deflationary economy. Wages are hard for employers to cut, so they wind up just laying people off.
The author of the article takes the position that filesystem external calls == "operating system size", and then proceeds to start measuring his new definition.
What he never mentioned or even tries to justify was his metric. Why does more external calls (or as someone more accurately pointed out, diversity of external calls) equate to "operating system size"? Why does this equate to an even more abstract concept of "simple"?
I don't see any reason to equate these measurements to such conclusions. "size" and "simple" are abstract concepts that involve a lot more than a simple count of external references.
Like sendmail has never had critical vulnerabilities in its address parsing code?
I find it extraordinarily funny that Sendmail... probably the most insecure example of a popular open source program, is what you've chosen to compare to Exchange. Years ago there used to be a sendmail vulnerability every week!
Hell, even sendmail is more secure these days. I still won't use it though, mostly because it's a bear to configure and postfix is far better for anything I've used it for.
I think the point the GP is trying to make is that cold isn't really as severe as the article was trying to make it sound. Reading the article it sounds like it got to near absolute zero, and everything was starting to super-conduct.
I'm sure if the environment hasn't adapted to that kind of cold it can cause severe problems for people. But I've never seen a tree explode, and I've gone through -25F on an extraordinarily cold day in Minneapolis.
Good question: http://en.wikipedia.org/wiki/Unix_time the times it represents are UTC but it has no way of representing UTC leap seconds (e.g. 1998-12-31 23:59:60).
I don't think there's any defined way for a POSIX machine to deal with leap seconds. The usual solution is to slew the clock a bit after they occur.
Yeah, you will be when your utility companies start raising rates because they aren't making enough money due to conversation and energy efficient hardware
Decreased usage is _one_ of the reasons they list for increasing rates. The prices increases are relatively small, and for transportation costs, not fuel costs.
Would you really prefer everyone use far more energy and much larger costs overall? You certainly have that option at your disposal. Leave your windows open all the time and see how much money you'll save.
we have already seen a 300% increase since 2006 (I don't have any data before then for this house on hand) and they are expecting it to now go up another $6/month?
You're talking about fuel costs, not transportation costs. Those have gone up, but gas prices have fluctuated greatly over the last several years. Your gas company buys gas on the open market just like everyone else, and really doesn't make much money (any?) on the fuel. Don't blame your local distribution company for high gas costs.
You're really 100% wrong that the increased costs have come from increased efficiency. If we didn't have higher efficiency furnaces, increased insulation, and use natural gas more efficiently, we'd have even GREATER natural gas costs. Hell, transportation costs might have gone up as well because the infra-structure would have had to be increased even more than it is now. I love having exactly ONE option (mandated by the local municipality) for utilities and not having any choice to turn to when the rates become cost prohibitive.
This is true, and I'm sure everyone except the utilities would prefer to have more options in energy suppliers. (Actually large consumers really DO have multiple options, it's just not cost effective for individual homeowners to do the same). The reality is though that efficiency always makes sense. It seems a bit odd that you're actually trying to argue AGAINST saving money by using less energy.
Righto.. Because this past year I bought a new fridge that uses 1/5 the energy of my old fridge and replaced all the bulbs in my house with CF ones. This year I'll insulate my home (it currently has very little).
So in your opinion I'm now "more poor" than I was before? That's a bit odd, because all those decisions were purely economic ones, and I expect the fridge to pay for itself in 5-6 years. The lights are harder to calculate, but they shouldn't be more than a couple years. The insulation will pay for itself in one winter. So in my case using less energy makes me LESS poor because it winds up costing me less money.
Slashdot Mirror
Thankfully I'm not important enough to be a target.
A common myth, based on a belief that "hacking" is done by some smart guy sitting around thinking about which "important person" to go after next.
The answer (if you're smart enough and slightly lazy) is "why not everyone?" or at least "anyone that falls into the trap". An automated program doesn't really care who you are, if you're "important" or not. Only that it can trick you into losing some money. Personally I think that's why a lot of people fall for 419 scams.
Once firefox has visited a website using SSL, firefox needs to automatically connect to SSL, and never trust unencrypted data from that site again.
There's at least one problem with that approach. The one I can think off the top of me head is the initial landing site might be http only, and the login site is https. So your browser goes to http://www.nameofmybank.com/ you click on a link to https://login.nameofmybank.com/ If the browser only cares about the whole site name, it'll only go to the http site when you start at the landing page. If that's the case, you're sunk and the attack works.
Such a fix would need to be domain wide (which may or may not work for some domains). So I'm not sure if there's any EASY, generalized way to fix this problem.
If I read it right, encrypt it all, turn off http except as a 301 redirect to https and you should be fine. Anyone confirm this?
Not really. You've only shifted the problem into one of intercepting and modifying the 301 redirect, from intercepting the individual links.
You could turn off http entirely, but then you'll get people complaining that your website doesn't work from the vast majority of people (hell, including me really).
This is really a browser problem, and a user problem. One way to fix this would be for the browser to recognize sites (domains really) that should be HTTPS ONLY, and refuses to use HTTP when going to them. I.e. the user types, clicks, or uses a bookmark to go to www.mybank.com, and instead of the default http, it goes to https. If it encounters a non-http link for that domain, it simply disobeys (or puts up a huge warning flag).
Melting ice from the north pole will not alter the sea level at all.
Sometimes experiments you conduct in your house don't have enough precision, or don't replicate the conditions accurately enough.
The problem with the kitchen experiment is that the sea is composed of salt water, and the polar caps are mostly fresh water. I forget the actual science involved (you can look it up at http://www.physorg.com/news5619.html , but the end effect is that even floating ice melting will raise sea level a little.
It's always a very good idea to take single quotes from a summary out of context, and make sweeping statements about that. This is especially true for science. Science really isn't one of those topics that require some in-depth knowledge to understand what's going on.
Taking off the sarcasm tag for a moment, this is one of the worst "science" pieces I've seen on slashdot in perhaps the last year. Cobbling together some serious accusations of scientific incompetence from a series of links doesn't really show anything. How the hell do I know how to interpret these statements in context? The links are all taken OUT of context and put into an entirely new argument without any further analysis or explanation. I'm left with what amounts to some hand waving and ranting about "scientific bias". Without a real analysis by someone qualified to make it this "story" is best left ignored.
I've had plenty of private citizens and rent-a-cops (though no real cops) jump down my throat because they perceive me as some sort of "threat".
The thing you have to understand is that most people learn about "terrorists" or "evil-doers" through movies and television. What's the first thing the people in movies/television do when planning a big heist? Take pictures. It's a standard movie plot line as it sets up part of the "planning stage" of the movie. Whether REAL "terrorists" or "evil doers" do this I couldn't say, but it doesn't really matter. In this sense, perception is reality.
See ASMP's page on photographing public buildings
I read the page. The take home is that a douche-bag could sue you (a photographer) and cost you a lot of money for buildings built after 1990, so better get permission first. That's really always the case anyway.
The context we're operating in here is Google, with nearly unlimited resources vs. a couple trying to make a payday. They really have no case here, and never did. There's simply no way to spin this into a big payday.
could you make a copyright claim about photos of your house under U.S. Copyright law, as a "3-D work of art"?
No. Taking a picture of your house isn't "copying" it. Taking the plans of your house and building an exact copy of it _might_ be a violation of copyright.
Just thinking this couple didn't think creatively enough here for the proper law that could be used for a suit.
No, the couple are just money grubbers looking for a payday from someone with deep pockets. Sometimes people just have no case.
That's interesting. When did "passing notes" or "not submitting to authority figures" become against the law?
The police don't exist to simply put people in line (though sadly some people seem to think that). They exist to enforce laws, and protect the people.
If all you've got are analogies, you've already lost. "If X's were Y's, then I'd be correct!". Reasoning by analogy might reveal your thinking and be an interesting intellectual exercise in connecting unlike things, but it makes an extremely poor argument.
He got arrested because even after they fired him he wouldn't give them the passwords.
Is refusing to give out a password illegal? How?
How are they supposed to manage the network if the only guy who knows the passwords is the guy you fired?
I don't know. How would the manage the network if the guy got hit by a bus?
The problem of an unknown password that can't be reset is much larger than one guy going for a power grab. There's various ways to solve this, but one of them isn't throwing a guy in jail, charging him with 4 felonies and pretending it's all his fault.
It seems to me the whole thing is really about a power struggle with a recalcitrant employee. Someone with a lot of authority in City Government sicked Johnny Law after this guy when he refused to give out the admin passwords. The city then calls up the media, lets out the dogs, scarlet letter, the whole 9 yards.
In reality, is failing to reveal an admin password a criminal offense? Have we really gotten so strange in this day and age that some passwords are now considered "property"?
I have no problem with him being fired. He sounds like a control freak who took the whole system to be his personal baby. But the charges against him sound more like someone is pissed off, and trying to take it out through the court system.
However, he did also say that there was no guarantee that it wouldn't be blocked again, all that had to happen was for someone to make a complaint against me for spam.
So why not take the hint, and send your mail through a 3rd party (maybe the free comcast SMTP server)?
I couldn't agree more. Unfortunately we've created both of those situations in the US. The Iraq war has/had hundreds of billions of dollars going to paid mercenaries. Blackwater (one of the mercenary companies) has recently had plans of expanding their business to INSIDE the united states.
I worked on Itanium/Merced. Keep in mind I was mid-level (not high enough to see the good political fights first hand, only getting the after effects).
I have to believe that there were forces inside Intel that wanted Itanium to fail. It's hard for me to believe that if the project was this important they wouldn't have pulled some Top Guy that Gets Things Done on the project.
After the chip had slipped 2+years, no one wanted to work on this thing anymore.
Back in 2000 or 2001 I went to JavaOne and went to a talk by some Intel engineers about how cool Itanium was going to be. They had to be he least enthused about any project I'd ever seen. The paper features sounded pretty cool, but you'd talk to them and you could just tell they thought the thing was a total piece of garbage. They didn't say it outright of course, but the sounds of their voices and the expressions on their faces told a very different story.
Huh?
You've made two assertions that I believe are incorrect.
That a context switch occurs when you go from a one library to another.
That context switches can account for a 20% speed difference in executing Javascript.
The first one is outright wrong. There's no need to either start a new process just to use a different library, or switch to some other already running process.
The second one is extraordinarily hard for me to believe. You'd only see a high overhead for a context switch (which isn't happening here anyway) if you were doing a tiny amount of work that doesn't make up for the cost of the switch.
Small pox killed tons of people too, yet that one isn't getting passed out these days.
Right. Because smallpox was eradicated from the planet more than 30 years ago.
So...1% risk of death from taking the Small Pox vaccine .
1% risk of death? Where the hell did you come up with that number? That's an ENORMOUS risk, and would never be deemed acceptable by anyone. The risk of death is more like one in a million, and nowhere near 1%.
You might want to actually do a little research before picking an example.
So...while I generally believe vaccines are a good thing blindly trusting those who profit on you getting them when they say there is no risk is stupid and dangerous to say the least.
Who said there's no risk? There's always a risk. The GP was trying to point out that the risk of the vaccine is a lot lower than the risk of doing nothing (which a lot of people seem to ignore).
I also don't really with how you've tried to polarize this argument into a series of extremes. Big Bad Pharma who "doesn't create cures" vs. Poor Ignorant Parents who lap up everything Big Pharma says.
You shouldn't really blindly trust anyone. In this case we don't have to. There's huge rafts of evidence on the efficacy of these vaccines, and a long history of people dying of Measles, Mumps and Rubella. Isn't that what we're talking about here, not a vaccination (HPV) just developed practically yesterday?
Deflation might suck if you are already loaded up with debt, but not all of us are.
I don't know the actual numbers, but most people ARE loaded up with debt. That might be a mortgage or student loan. That means that a larger debt load hurts a lot more people than it would "help".
I kind of like the idea of having everything drop in price, except for my wage that is.
You don't live in a vacuum in isolation with everyone else and the whole economy. Everyone else effects you, since the economy links us all together. Deflation is bad for people without debt because you just might not HAVE a job in a deflationary economy. Wages are hard for employers to cut, so they wind up just laying people off.
The author of the article takes the position that filesystem external calls == "operating system size", and then proceeds to start measuring his new definition.
What he never mentioned or even tries to justify was his metric. Why does more external calls (or as someone more accurately pointed out, diversity of external calls) equate to "operating system size"? Why does this equate to an even more abstract concept of "simple"?
I don't see any reason to equate these measurements to such conclusions. "size" and "simple" are abstract concepts that involve a lot more than a simple count of external references.
Like sendmail has never had critical vulnerabilities in its address parsing code?
I find it extraordinarily funny that Sendmail... probably the most insecure example of a popular open source program, is what you've chosen to compare to Exchange. Years ago there used to be a sendmail vulnerability every week!
Hell, even sendmail is more secure these days. I still won't use it though, mostly because it's a bear to configure and postfix is far better for anything I've used it for.
I think the point the GP is trying to make is that cold isn't really as severe as the article was trying to make it sound. Reading the article it sounds like it got to near absolute zero, and everything was starting to super-conduct.
I'm sure if the environment hasn't adapted to that kind of cold it can cause severe problems for people. But I've never seen a tree explode, and I've gone through -25F on an extraordinarily cold day in Minneapolis.
Good question:
http://en.wikipedia.org/wiki/Unix_time
the times it represents are UTC but it has no way of representing UTC leap seconds (e.g. 1998-12-31 23:59:60).
I don't think there's any defined way for a POSIX machine to deal with leap seconds. The usual solution is to slew the clock a bit after they occur.
Yeah, you will be when your utility companies start raising rates because they aren't making enough money due to conversation and energy efficient hardware
Decreased usage is _one_ of the reasons they list for increasing rates. The prices increases are relatively small, and for transportation costs, not fuel costs.
Would you really prefer everyone use far more energy and much larger costs overall? You certainly have that option at your disposal. Leave your windows open all the time and see how much money you'll save.
we have already seen a 300% increase since 2006 (I don't have any data before then for this house on hand) and they are expecting it to now go up another $6/month?
You're talking about fuel costs, not transportation costs. Those have gone up, but gas prices have fluctuated greatly over the last several years. Your gas company buys gas on the open market just like everyone else, and really doesn't make much money (any?) on the fuel. Don't blame your local distribution company for high gas costs.
You're really 100% wrong that the increased costs have come from increased efficiency. If we didn't have higher efficiency furnaces, increased insulation, and use natural gas more efficiently, we'd have even GREATER natural gas costs. Hell, transportation costs might have gone up as well because the infra-structure would have had to be increased even more than it is now.
I love having exactly ONE option (mandated by the local municipality) for utilities and not having any choice to turn to when the rates become cost prohibitive.
This is true, and I'm sure everyone except the utilities would prefer to have more options in energy suppliers. (Actually large consumers really DO have multiple options, it's just not cost effective for individual homeowners to do the same). The reality is though that efficiency always makes sense. It seems a bit odd that you're actually trying to argue AGAINST saving money by using less energy.
aka "be more poor".
Righto.. Because this past year I bought a new fridge that uses 1/5 the energy of my old fridge and replaced all the bulbs in my house with CF ones. This year I'll insulate my home (it currently has very little).
So in your opinion I'm now "more poor" than I was before? That's a bit odd, because all those decisions were purely economic ones, and I expect the fridge to pay for itself in 5-6 years. The lights are harder to calculate, but they shouldn't be more than a couple years. The insulation will pay for itself in one winter. So in my case using less energy makes me LESS poor because it winds up costing me less money.