I'm posting about the people who stated specifically that they thought it was fine and funny for "criminals" (whatever that means) to be anal gang raped. Read some of the lower scored comments.
Oh, those people.
Please don't make sweeping generalizations that lump me in with them.
a proud owner of two company's CEO's claim Depending who take responsibility for the actions of the corporation some companies act better than others, the problem with public companies is that nobody wants to take responsibility for their negatives actions.
You're putting words into his mouth. He didn't say that the US is as bad a place to live for the average citizenry (and certainly not as bad a place for immigrants). The "kind of monster" we've become is the state that invades those we don't like or pretense or the one that decides that people we don't like (say, those that end up in internment camps) don't really need their civil rights. That's not to say that your average citizen (or even your foreign visitor) doesn't have more rights here than there -- rather, it's to say that we've publicly broken the principals we once claimed to have. In short, it's no longer a question of type -- now, it's just a question of degree, and for the moment, said degree is by no means severe.
And no, the US wasn't hated the same way 10 years ago -- sure, it was hated, but not as widely, and the folks who did so had less ground to stand on.
Just because it happens here, does that mean there's a group meme saying it's OK? As a member of the/.ing public that *isn't* perpetrating such behaviour, I dislike being implicitly accused of it.
*shrug*. Depends on context. There are plenty of comedians who, being part of some minority, that make jokes about their own people that, were said jokes coming from someone else, would be considered severely inappropriate. I don't think that makes them wrong, necessarily.
In any event, it's not really what I was referring to -- making jokes about someone isn't the same as making jokes about something. A better corollary would be making jokes about racism or making jokes about bigotry -- would you argue that said jokes are necessarily supportive of their subject matter?
Re:I just saw that I was marked as a troll
on
SHA-1 Broken
·
· Score: 1
I hope you realise what a waste of effort your post was
Wasting a bit of effort from time to time is, as I see it, a cost of doing business inasmuch as effective communications is concerned.
Posting without making effort is wasting the time of others -- in the case of a forum like/., a large number of others, since a large number of people read any given post -- and so is a wasteful, selfish thing to do.
Yet we not only allow it, we practical cheer for it. On a large scale.
Since when does joking about something make one a supporter, or even tolerant, of it in real life?
The only extent to which most people "allow" such is the same extent to which we allow human rights violations in China or Burma -- we have our own lives to get on with, and if we dedicated ourselves to fighting every kind of evil out there, we'd have no time for ourselves anymore, so we acknowledge that it happens (with, in this case, some humor) and go about our way.
Re:I just saw that I was marked as a troll
on
SHA-1 Broken
·
· Score: 1
The point of my post was:
Point? What point? Your post was a collection of short, barely-connected paragraphs. Have you ever taken an English composition class? They teach you to write in paragraphs no shorter than three sentences each, such that each paragraph establishes what you intend to say, provides backing evidence, and (finally) connects the paragraph in question to the remainder of the missive. This is a useful technique; you should try it some time.
and as you yourself have misinterpretted what I have said to be the exact opposite, you should try and deal with your own s/n issues.
My post, unlike yours, wasn't interspersed with mostly irreverant crap making it practically impossible to figure out what my point was. Going back and rereading your post, even after you gave me the list of the three points you intended to make, I find it difficult to see how to distill it down to the essence you claim it contains.
Ignoring that, and going back to content, I still have issues with your claims -- some of which probably boil down to imprecise use of language. When you claim, for instance, that "SHA1 was secure as it always was, which is not secure at all (because it is trivial to crack SHA1) but computationally it is not viable", you're claiming that SHA1 should be considered insecure, even though the attack is computationally unviable! It's this position that I found untenable, and consequently attacked.
I don't know at all what you mean by stating that "the 'attack' isn't an attack". Which attack -- the practical one being discussed in the rest of the thread or the theoretical one you propose as an example of a trivial attack? How isn't it an attack? What are the criterion for being an attack? You provide no backing argument for this statement at all, in either the immediate parent post or your previous post in the thread.
So, I stand by my statement: By writing posts which are at best ineffective at communicating their intent to the reader and at worst near-certain to be interpreted erroniously, you do the community to whom you expose said drivel a severe injustice.
Speaking of manners, btw, it's polite to disable your +1 when writing posts which aren't both topical and of interest to the community at large.
Re:Not a problem (yet)
on
SHA-1 Broken
·
· Score: 1
One attribute of competant one-way hashes (and cryptosystems, for that matter) is that they make any trivial approaches which may exist in theory entirely useless in practice. The brute-force attack you suggest is onesuch -- trivial in theory, completely unworkable in practice. Every cryptographic hash (and, if you extend your suggestion to its logical conclusion of guessing keys, every key-based cryptosystem barring OTP) is vulnerable to the "attack" you suggest -- except, in the case of a good algorithm, executing that attack will take longer than the lifetime of the universe.
If you consider the existance of an impractical brute force attack evidence of insecurity, then, they're all insecure. This definition of "security" you propose is, therefore, useless for practical work -- it excludes broad regions of potential solutions which, in practice, have the effect of being unassailable. Further, it ignores the limits that information theory places on the amount of computation which can physically be performed within the bounds of our universe. (No, I'm not particularly fluent on the subject, being more closely involved with practice than theory myself).
In short: Please stop dilluting the s/n raitio here on/.; it's bad enough as it is.
Re:Not a problem (yet)
on
SHA-1 Broken
·
· Score: 1
There WILL be collisions for any maping like that.
Sure, they exist -- but finding them isn't supposed to be any easier than raw brute-force.
Can you site an instance where M$FT ever sued someone on patent grounds?
I can't cite a case where Microsoft sued on grounds of patent infringement -- but I can remember cases where they've threatened to, overtly or otherwise, without about as much effect. See their enforcement of vfat-related patents for an example.
...and, indeed, there are quite a lot of folks using OpenVPN in UDP mode for moving VoIP traffic.
Trying to tunnel a protocol which has its own reliability layer through another protocol which also implements a reliability layer makes bad things happen.
Third, if it was so straight forward to port a Win32 app, why not just write a library that maps the windows calls onto the equivalent Linux calls instead of manually changing all your source?
What do you think WINE is? It's exactly that library, plus a loader and relinker and other related tools. You certainly can compile win32 programs against it for porting purposes.
WINE is a binary solution only in the worst case -- if the port is being done by someone with the source, they can recompile against winelib and so be portable to non-x86 targets.
Whereas arch has the userbase and the general maturity to make it suitable for GCC?
As opposed to any other Free distributed revision control tool? Absolutely. Arch's major outstanding issue (IMHO) is mature win32 support, and that's targeted as a fix for tla2.
Indeed, in a number of other respects, I'd argue that Arch is more stable than SVN. It certainly doesn't have the same propensity for corrupting itself -- such being one of the advantages of using a write-only archive format.
I'm aware of SVK (and it's much more than a mirroring tool -- referring to distributed revision control that way does the concept a severe injustice). Best I can tell, however, it has neither the userbase nor the general maturity to make it suitable for a project on the scale of gcc.
That's what the PQM (the Patch Queue Manager -- effectively a "maintainer-bot" responsible for pulling, testing and applying patches on demand) is for.
By the way, the GCC team is starting to make experiments with svn, and it looks like they might switch in 2 or 3 months.
That's something of a disappointment -- I'd hoped to see them on Arch. Given the magnitude of their project and the number of 3rd parties interested in maintaining their own branches, I'd think that distributed revision control support would be as valuable a feature for them as it's proved to be for Linus.
The system wasn't on their network -- their customer's home computer was compromised and used to initiate a wire transfer, and now he's trying to blame the bank.
How are they supposed to know if something coming from a customer's home computer, with that customer's password, is legitimate or not?
How would changing professions help? Do any of my points of getting started become invalid when switching careers?
All your points about it being hard to get started are things that can be overcome via taking appropriate steps; if you're taking these steps and still not getting hired, then you're either going about it wrong or your competition is genuinely better than you are and you should find something either less competitive or better tuned to your skillset.
Simplicity doesn't mean correct. Fine. Lets say you put out a book that tells people to have these characteristics. And now a new job opens up at the company and EVERY ONE of the people who applies has those characteristics. It's not going to help them, is it? Only one will be hired, and it will be with the criteria that the hiring manager made up that you don't know about.
Where I work, everyone who meets HR's criteria gets, at minimum, their resume reviewed by a member of the engineering team and a phone interview, again by an engineer. In-person interviews for engineering positions always include engineers; same for the hiring decision. HR is a first-line bozo filter, the department manager a second-tier filter -- but the actual decision of who to hire for a dev position isn't done by some "hiring manager" -- it's done by the dev lead, using input from the other members of the dev team who were in on the interview. If everyone is good enough at looking good to get by HR and managerial review, they all get their shot with the developers -- and may the best candidate get the job.
My job before this one, likewise, was obtained by receiving a positive reference from a preexisting team member, failing to look like a bozo in front of management, and then interviewing well with the engineering team. (My current one, the same, but without the positive reference from anyone on-staff -- I was new in town). That's how I'm used to the process working. I don't know what the hiring process is like at the place where you work, but it sounds pretty fucked up.
Slashdot Mirror
As the cool wind blows,
education comes to one
gaijin programmer.
Silly is that wind --
though it tries and tries again,
office walls protect.
If they did that, it would cost them business.
In the short term, maybe. In the long term, it caused them... well, this.
Companies, even public ones, are quite capable of taking the long view -- it's just that so many don't.
Please don't make sweeping generalizations that lump me in with them.
Writing in this thread,
Proper form is now haiku
Please make an attempt.
Should be obvious
Why their hatred for Bill Gates
Look at OS/2.
You're putting words into his mouth. He didn't say that the US is as bad a place to live for the average citizenry (and certainly not as bad a place for immigrants). The "kind of monster" we've become is the state that invades those we don't like or pretense or the one that decides that people we don't like (say, those that end up in internment camps) don't really need their civil rights. That's not to say that your average citizen (or even your foreign visitor) doesn't have more rights here than there -- rather, it's to say that we've publicly broken the principals we once claimed to have. In short, it's no longer a question of type -- now, it's just a question of degree, and for the moment, said degree is by no means severe.
And no, the US wasn't hated the same way 10 years ago -- sure, it was hated, but not as widely, and the folks who did so had less ground to stand on.
Just because it happens here, does that mean there's a group meme saying it's OK? As a member of the /.ing public that *isn't* perpetrating such behaviour, I dislike being implicitly accused of it.
*shrug*. Depends on context. There are plenty of comedians who, being part of some minority, that make jokes about their own people that, were said jokes coming from someone else, would be considered severely inappropriate. I don't think that makes them wrong, necessarily.
In any event, it's not really what I was referring to -- making jokes about someone isn't the same as making jokes about something. A better corollary would be making jokes about racism or making jokes about bigotry -- would you argue that said jokes are necessarily supportive of their subject matter?
Posting without making effort is wasting the time of others -- in the case of a forum like
Yet we not only allow it, we practical cheer for it. On a large scale.
Since when does joking about something make one a supporter, or even tolerant, of it in real life?
The only extent to which most people "allow" such is the same extent to which we allow human rights violations in China or Burma -- we have our own lives to get on with, and if we dedicated ourselves to fighting every kind of evil out there, we'd have no time for ourselves anymore, so we acknowledge that it happens (with, in this case, some humor) and go about our way.
Ignoring that, and going back to content, I still have issues with your claims -- some of which probably boil down to imprecise use of language. When you claim, for instance, that "SHA1 was secure as it always was, which is not secure at all (because it is trivial to crack SHA1) but computationally it is not viable", you're claiming that SHA1 should be considered insecure, even though the attack is computationally unviable! It's this position that I found untenable, and consequently attacked.
I don't know at all what you mean by stating that "the 'attack' isn't an attack". Which attack -- the practical one being discussed in the rest of the thread or the theoretical one you propose as an example of a trivial attack? How isn't it an attack? What are the criterion for being an attack? You provide no backing argument for this statement at all, in either the immediate parent post or your previous post in the thread.
So, I stand by my statement: By writing posts which are at best ineffective at communicating their intent to the reader and at worst near-certain to be interpreted erroniously, you do the community to whom you expose said drivel a severe injustice.
Speaking of manners, btw, it's polite to disable your +1 when writing posts which aren't both topical and of interest to the community at large.
One attribute of competant one-way hashes (and cryptosystems, for that matter) is that they make any trivial approaches which may exist in theory entirely useless in practice. The brute-force attack you suggest is onesuch -- trivial in theory, completely unworkable in practice. Every cryptographic hash (and, if you extend your suggestion to its logical conclusion of guessing keys, every key-based cryptosystem barring OTP) is vulnerable to the "attack" you suggest -- except, in the case of a good algorithm, executing that attack will take longer than the lifetime of the universe.
/.; it's bad enough as it is.
If you consider the existance of an impractical brute force attack evidence of insecurity, then, they're all insecure. This definition of "security" you propose is, therefore, useless for practical work -- it excludes broad regions of potential solutions which, in practice, have the effect of being unassailable. Further, it ignores the limits that information theory places on the amount of computation which can physically be performed within the bounds of our universe. (No, I'm not particularly fluent on the subject, being more closely involved with practice than theory myself).
In short: Please stop dilluting the s/n raitio here on
There WILL be collisions for any maping like that.
Sure, they exist -- but finding them isn't supposed to be any easier than raw brute-force.
Can you site an instance where M$FT ever sued someone on patent grounds?
I can't cite a case where Microsoft sued on grounds of patent infringement -- but I can remember cases where they've threatened to, overtly or otherwise, without about as much effect. See their enforcement of vfat-related patents for an example.
...and, indeed, there are quite a lot of folks using OpenVPN in UDP mode for moving VoIP traffic.
Trying to tunnel a protocol which has its own reliability layer through another protocol which also implements a reliability layer makes bad things happen.
Third, if it was so straight forward to port a Win32 app, why not just write a library that maps the windows calls onto the equivalent Linux calls instead of manually changing all your source?
What do you think WINE is? It's exactly that library, plus a loader and relinker and other related tools. You certainly can compile win32 programs against it for porting purposes.
WINE is a binary solution only in the worst case -- if the port is being done by someone with the source, they can recompile against winelib and so be portable to non-x86 targets.
Whereas arch has the userbase and the general maturity to make it suitable for GCC?
As opposed to any other Free distributed revision control tool? Absolutely. Arch's major outstanding issue (IMHO) is mature win32 support, and that's targeted as a fix for tla2.
Indeed, in a number of other respects, I'd argue that Arch is more stable than SVN. It certainly doesn't have the same propensity for corrupting itself -- such being one of the advantages of using a write-only archive format.
I'm aware of SVK (and it's much more than a mirroring tool -- referring to distributed revision control that way does the concept a severe injustice). Best I can tell, however, it has neither the userbase nor the general maturity to make it suitable for a project on the scale of gcc.
That's what the PQM (the Patch Queue Manager -- effectively a "maintainer-bot" responsible for pulling, testing and applying patches on demand) is for.
By the way, the GCC team is starting to make experiments with svn, and it looks like they might switch in 2 or 3 months.
That's something of a disappointment -- I'd hoped to see them on Arch. Given the magnitude of their project and the number of 3rd parties interested in maintaining their own branches, I'd think that distributed revision control support would be as valuable a feature for them as it's proved to be for Linus.
You realize it'll "just work" without any mods at all?
The system wasn't on their network -- their customer's home computer was compromised and used to initiate a wire transfer, and now he's trying to blame the bank.
How are they supposed to know if something coming from a customer's home computer, with that customer's password, is legitimate or not?
My job before this one, likewise, was obtained by receiving a positive reference from a preexisting team member, failing to look like a bozo in front of management, and then interviewing well with the engineering team. (My current one, the same, but without the positive reference from anyone on-staff -- I was new in town). That's how I'm used to the process working. I don't know what the hiring process is like at the place where you work, but it sounds pretty fucked up.