We just mixed a little vinegar in to get the last of the bottle and slop it on our french fries.
I second this. As a kid when we went hunting and were down to the end of the only ketchup bottle, my uncle would add vinegar and thin it out to make it last longer.
I am annoyed that Firefox does not respect my choices for trusted certs when it does an update. Every time FF updates I go in an un-trust certs from CAs from foreign countries (China, Turkey, etc.). But after the next update, they are back. This is not a secure way to operate.
A long tome ago for a project I adapted some open source m-of-n secret sharing code written by Hal. I wasn't aware of his contributions to Bitcoin though. Sorry he had to suffer with ALS. RIP.
I would say that open source bugs are easier to exploit because you have the source. Closed source bugs rely on reverse engineering and should in theory be harder to find. So yes bad guys can focus on a high-value product or target whether closed or open source, but I think their job is a lot easier if it is open source.
To reiterate my point, I think that this argument is applicable to high value targets mostly. For non-security code or that without strong monetary implications tied to it, open source should still be better than closed source from a bug perspective.
I've read the FOSS argument for years and I guess I have leaned in favor of it from a bug perspective. But in this case, I think closed source would have won, at least to the current point in time. If OpenSSL is truly behind 60-75% of the world's web servers, then the value in hacking it is enormous. Thus if I am a criminal organization, it might be worth spending $1M for guys to read that open source code and find problems that I can then monetize for a big profit.
I don't think you are going to get $1M worth of code inspection on the white hat side for OpenSSL. Maybe going forward it will, and companies may be willing to invest in the upkeep. Not out of goodness, but because it makes good business sense. For a large organization, how many soft and hard dollars have been chewed up in the last week doing analysis, patching, client communication and general PR for Heartbleed? Probably enough that a $10K donation in time or money to OpenSSL upkeep would be feasible.
There is also evidence that the bad guys have been exploiting this in the wild. So the usual argument of "we found the bug quicker with open source" is probably wrong here. The better-funded and more highly motivated bad guys found it quickest.
My guess is the bad guys have been working this bug against Yahoo for awhile. Yahoo told me a couple of months ago (and others I know) that someone was attempting to login to my account from Russia. I would now suspect Heartbleed here.
The logic for finding bugs on the black hat side is OR (find any bug and exploit). The logic on the white hat side is AND (prevent all bugs). The table is always tilted like this unfortunately in the security arena. Bugs will always happen and the good guys can't win every time, regardless of code access.
You are asking for permission to improve your life. Just do it. Everyone is replaceable. Leave good documentation for stuff that is hard to figure out. If you have been a good employee then you would have done that as a matter of course anyway. Give them sufficient notice and help them as much as possible during your transition out period.
Another major bank that shall remain nameless had a four-day outage in recent years. It was due to internal problems (messed up backups, bad SQL causing corrupted database, etc.). So it can happen although 6 days is really stretching it. I have also worked for a bank and seen systems hard down for close to a day (forcing me to fly across the country) due to a hardware failure that begat a human failure that begat a second hardware failure that begat a second human failure (lost backup media). So shit can happen even without hackers.
I started work on what I called ACCP (Advanced Car-to-Car Protocol) in 2004. From the overview:
ACCP is a protocol for communication between two moving vehicles, to assist in making the driving task more efficient, and to make driver intentions explicitly known to those around them. The capabilities of this system advance upon the limited “communications” available today (turn signals and brake lights). Computers within each participating vehicle can talk wirelessly to vehicles near (adjacent) to them.
My intent was for things like signaling "I am looking for an address and don't see it" while driving slowly, and co-operatively determining target speed to aid in passing situations on single lane roads. I was wondering how long it would be before someone started doing something like this (although Michigan is more skewed to safety).
Over the last few years I've second-guessed myself on exactly how much of this I would really want to see. The opportunities for abuse are many and getting the implementation right would be difficult.
I am early 50s, coding for almost 40 years. Still employed but worried about the next job (taking a pay cut and/or competing against clueless but cheap weenies). The fact you went into PM tells me you went to the dark side. I don't generally see people come back from that. At least stay abreast of trends and development environments that have traction. Perhaps start focusing on Android. I feel safer having coding skills than management skills. In a downturn you need to retain the "doers" not the PMs. All our PMs were let go in the last round of layoffs. All us 40+ year old coders are still working. My friend retired from his programming job last year at the age of 79. Still had calls asking him to do some contract work.
One day I smelled something burning and scrambled frantically, as I thought I had an electrical fire starting within the walls of my house. Turns out it was my wife's make up mirror sitting innocently on the edge of the bathtub. The sun hit the mirror just right and beamed a focused light onto a plastic container. The lid of the container was half-melted and smoking badly.
I hadn't thought of that angle. Maybe also the cage surrounding the plants results in an increased ambient temperature affecting the growth. Wind currents changed. So there's three variables to control and check: metallic substances, temperature, and airflow (with airborne entities).
Agreed, users would screw up the knob - that's why I said the knob maybe should be hidden. It's there only for "backwards compatibility".
Going forward with new products and the new standard, we lose the knob, lower costs and all are happy. For machines running less than the set voltage an internal voltage regulator can adapt, since the voltage should be close. Best to use the standard voltage however and not transfer any extra electricity into heat.
One knob to set the voltage, probably between 15V and 20V. Maybe we hide the knob so it doesn't get adjusted accidentally. n amps of current max. 2.5mm or bigger jack size. There, specs all done. Build 100M of them and cut me my cheque.
They were able to crack a 1024-bit key in 104 hours using 80 slave workers. They also say the cracking app should scale linearly with the number of workers. So 800 slaves would mean on the order of 10 hours. That is pretty scary.
Newer commercial apps should be using at least 2048-bit keys. I am not sure how that affects the results.
I would say 9-12 months ago, my quarantined email mailbox contained about 160 SPAM emails per day. Now I would say I only have to look at 20. That's a decrease of 87.5% from last year. I can't say for sure whether my ISP does any sort of pre-filtering to eliminate more before it hits my box, but otherwise, I would say, yes, the spammers might be giving up and moving on to other avenues (spamvenues).
Another undesirable feature I've found on Win 2K is that I frequently receive a BSOD when exiting MusicMatch. It's really hard to get a BSOD these days. Congrats to this product for accomplishing that.
Was also not impressed with this product on WinXP for many of the reasons you cited.
Yah, what he said. Start out teaching how computers really work from a software perspective. Bits, bytes, boolean. Abstract if-then logic, do-loops,
function calls and subroutines, heaps and stacks, program counters and stack pointers.
After that, high level languages are just syntax and you have feel for what is really going on. Then add OO principles and pick a language. Crudely, in the last 25 years I've worked full time programming assembler, then C, then C++ then Java. A little VB on the side. Back to assembler and C for embedded stuff.
Java strongly preferred by me. YMMV. Better than C because OO principles. Better than C++ because of simplicity (no #defines to create massively obfuscated shit). Free powerful IDEs and compilers. Tons of open source. If submerged in MS world consider C#. Java doesn't bind you to MS.
But it depends on what you want to accomplish. I don't do a lot of GUI and I suppose Java isn't the best there. What works for me might be wrong for you.
The answer as to whether VB should be used is the same answer as to the question of should abortions be allowed.
Slashdot Mirror
We just mixed a little vinegar in to get the last of the bottle and slop it on our french fries.
I second this. As a kid when we went hunting and were down to the end of the only ketchup bottle, my uncle would add vinegar and thin it out to make it last longer.
I am annoyed that Firefox does not respect my choices for trusted certs when it does an update. Every time FF updates I go in an un-trust certs from CAs from foreign countries (China, Turkey, etc.). But after the next update, they are back. This is not a secure way to operate.
OneCrypt. One = true zero = false.
A long tome ago for a project I adapted some open source m-of-n secret sharing code written by Hal. I wasn't aware of his contributions to Bitcoin though. Sorry he had to suffer with ALS. RIP.
Could be used for Feats of Strength during Festivus.
A little dab 'll do ya ...
Is it really 22.70000000 or is there some interesting splatter of digits beyond? I didn't see any more specific number in the article.
I would say that open source bugs are easier to exploit because you have the source. Closed source bugs rely on reverse engineering and should in theory be harder to find. So yes bad guys can focus on a high-value product or target whether closed or open source, but I think their job is a lot easier if it is open source.
To reiterate my point, I think that this argument is applicable to high value targets mostly. For non-security code or that without strong monetary implications tied to it, open source should still be better than closed source from a bug perspective.
I've read the FOSS argument for years and I guess I have leaned in favor of it from a bug perspective. But in this case, I think closed source would have won, at least to the current point in time. If OpenSSL is truly behind 60-75% of the world's web servers, then the value in hacking it is enormous. Thus if I am a criminal organization, it might be worth spending $1M for guys to read that open source code and find problems that I can then monetize for a big profit.
I don't think you are going to get $1M worth of code inspection on the white hat side for OpenSSL. Maybe going forward it will, and companies may be willing to invest in the upkeep. Not out of goodness, but because it makes good business sense. For a large organization, how many soft and hard dollars have been chewed up in the last week doing analysis, patching, client communication and general PR for Heartbleed? Probably enough that a $10K donation in time or money to OpenSSL upkeep would be feasible.
There is also evidence that the bad guys have been exploiting this in the wild. So the usual argument of "we found the bug quicker with open source" is probably wrong here. The better-funded and more highly motivated bad guys found it quickest.
My guess is the bad guys have been working this bug against Yahoo for awhile. Yahoo told me a couple of months ago (and others I know) that someone was attempting to login to my account from Russia. I would now suspect Heartbleed here.
The logic for finding bugs on the black hat side is OR (find any bug and exploit). The logic on the white hat side is AND (prevent all bugs). The table is always tilted like this unfortunately in the security arena. Bugs will always happen and the good guys can't win every time, regardless of code access.
Film at 11
So the upshot is to secure GPS communications to prevent spoofing using countermeasures as discussed here.
You are asking for permission to improve your life. Just do it. Everyone is replaceable. Leave good documentation for stuff that is hard to figure out. If you have been a good employee then you would have done that as a matter of course anyway. Give them sufficient notice and help them as much as possible during your transition out period.
Another major bank that shall remain nameless had a four-day outage in recent years. It was due to internal problems (messed up backups, bad SQL causing corrupted database, etc.). So it can happen although 6 days is really stretching it. I have also worked for a bank and seen systems hard down for close to a day (forcing me to fly across the country) due to a hardware failure that begat a human failure that begat a second hardware failure that begat a second human failure (lost backup media). So shit can happen even without hackers.
I started work on what I called ACCP (Advanced Car-to-Car Protocol) in 2004. From the overview:
ACCP is a protocol for communication between two moving vehicles, to assist in making the driving task more efficient, and to make driver intentions explicitly known to those around them. The capabilities of this system advance upon the limited “communications” available today (turn signals and brake lights). Computers within each participating vehicle can talk wirelessly to vehicles near (adjacent) to them.
My intent was for things like signaling "I am looking for an address and don't see it" while driving slowly, and co-operatively determining target speed to aid in passing situations on single lane roads. I was wondering how long it would be before someone started doing something like this (although Michigan is more skewed to safety).
Over the last few years I've second-guessed myself on exactly how much of this I would really want to see. The opportunities for abuse are many and getting the implementation right would be difficult.
I am early 50s, coding for almost 40 years. Still employed but worried about the next job (taking a pay cut and/or competing against clueless but cheap weenies). The fact you went into PM tells me you went to the dark side. I don't generally see people come back from that. At least stay abreast of trends and development environments that have traction. Perhaps start focusing on Android. I feel safer having coding skills than management skills. In a downturn you need to retain the "doers" not the PMs. All our PMs were let go in the last round of layoffs. All us 40+ year old coders are still working. My friend retired from his programming job last year at the age of 79. Still had calls asking him to do some contract work.
There already is a National Pinball Museum in DC, recently opened.
One day I smelled something burning and scrambled frantically, as I thought I had an electrical fire starting within the walls of my house. Turns out it was my wife's make up mirror sitting innocently on the edge of the bathtub. The sun hit the mirror just right and beamed a focused light onto a plastic container. The lid of the container was half-melted and smoking badly.
I hadn't thought of that angle. Maybe also the cage surrounding the plants results in an increased ambient temperature affecting the growth. Wind currents changed. So there's three variables to control and check: metallic substances, temperature, and airflow (with airborne entities).
Agreed, users would screw up the knob - that's why I said the knob maybe should be hidden. It's there only for "backwards compatibility". Going forward with new products and the new standard, we lose the knob, lower costs and all are happy. For machines running less than the set voltage an internal voltage regulator can adapt, since the voltage should be close. Best to use the standard voltage however and not transfer any extra electricity into heat.
One knob to set the voltage, probably between 15V and 20V. Maybe we hide the knob so it doesn't get adjusted accidentally. n amps of current max. 2.5mm or bigger jack size. There, specs all done. Build 100M of them and cut me my cheque.
They were able to crack a 1024-bit key in 104 hours using 80 slave workers. They also say the cracking app should scale linearly with the number of workers. So 800 slaves would mean on the order of 10 hours. That is pretty scary. Newer commercial apps should be using at least 2048-bit keys. I am not sure how that affects the results.
I would say 9-12 months ago, my quarantined email mailbox contained about 160 SPAM emails per day. Now I would say I only have to look at 20. That's a decrease of 87.5% from last year. I can't say for sure whether my ISP does any sort of pre-filtering to eliminate more before it hits my box, but otherwise, I would say, yes, the spammers might be giving up and moving on to other avenues (spamvenues).
Another undesirable feature I've found on Win 2K is that I frequently receive a BSOD when exiting MusicMatch. It's really hard to get a BSOD these days. Congrats to this product for accomplishing that.
Was also not impressed with this product on WinXP for many of the reasons you cited.
Yah, what he said. Start out teaching how computers really work from a software perspective. Bits, bytes, boolean. Abstract if-then logic, do-loops, function calls and subroutines, heaps and stacks, program counters and stack pointers.
After that, high level languages are just syntax and you have feel for what is really going on. Then add OO principles and pick a language. Crudely, in the last 25 years I've worked full time programming assembler, then C, then C++ then Java. A little VB on the side. Back to assembler and C for embedded stuff.
Java strongly preferred by me. YMMV. Better than C because OO principles. Better than C++ because of simplicity (no #defines to create massively obfuscated shit). Free powerful IDEs and compilers. Tons of open source. If submerged in MS world consider C#. Java doesn't bind you to MS.
But it depends on what you want to accomplish. I don't do a lot of GUI and I suppose Java isn't the best there. What works for me might be wrong for you.
The answer as to whether VB should be used is the same answer as to the question of should abortions be allowed.
a ** x = e ** (x ln a)
Much prettier than a lot of the other equations I've seen here.