Apparently he has been working with Google Summer of Code for many years, the linked article does seem pretty alarmist, but that may be what it takes to get people to take action
Apparently he is keeping 7 doctoral and post-doc students busy working on timestamps, noise and 'something' that he did not seem to have a firm grasp on He also mentioned a need for admins, a webmail guy and people who want to do documentation
Having been handed projects after a leads retirement, I think that documentation may be the more pressing need
This paper seems to indicate that the capability of the random number generator varies based on implementation, if this is the case then it seems that the foundation for OpenSSL is suspect. Will rand and prng be part of the audit (they were not mentioned in the linked article)
ABSTRACT OpenSSL is the most widely used library for SSL/TLS on the Android platform. The security of OpenSSL depends greatly on the unpredictability of its Pseudo Random Number Generator (PRNG). In this paper, we reveal the vulnerability of the OpenSSL PRNG on the Android http://www.researchgate.net/pu...
My initial reaction to it in 2005 was Gah! what is this FrontPage? The most recent work we did in it relied heavily on Angular and a palette of templates that made for wordpress-like presentation We had very spotty adoption by nontechnical people, i.e. a smattering of people who would take the time to learn how to configure their group pages, but most people coming back to us for anything like adding/configuring a list or other web part Eventually we handled it like mini-dev projects with 2-3 one week sprints handling most user requirements Out biggest boat anchor was getting internal IT to keep us on the most recent version, so we moved aggressively to the 365 hosted options
Thanks for the pointers, but the 'parent' that I replied to was identifying a project tracking software and there seemed to be discussion about getting non-technical people to us such software. I felt that it was an appropriate place to discuss experiences with 'other' software
I'll probably get down-modded for this, but Sharepoint is a pretty capable tool for issue tracking
I was working at a non-profit that used MS Office as their primary authoring tool We were able to license Sharepoint for a pittance and decided to support it on an enterprise level My group used Sharepoint lists to track all work in progress, publish white papers and best practices, and produce new website for the organization (via Sharepoint365)
I would suggest that they speak with their software rep for MS apps and see if they qualify for discounted Sharepoint pricing If their It department is unable to turnaround enough boxes for a Sharepoint farm quickly, then look at using Sharepoiint365 to get up and running and produce demonstration sites for further buy in form all parties
If there are any developers in the organization, see if they have active MSDN licenses because they usually are allowed to build out Sharepoint365 sites withing that license for no additional cost
Yeah... wooo hooo Solar produces many giga watts of power, while coal continues to spread CO2, uranium and heavy metals at an increasing rate
Does it bother anybody else that nuclear isn't even mentioned in passing in the linked article?
It has been well documented that Solar has a high initial energy cost for production, suffers from spikes and lulls in availability and cannot be easily transferred across the US due to an aging and outdated power transmission system. Why does not anybody in the solar industry step up and support nuclear energy as the logical replacement for coal to fill all of the known gaps in solar power?
Um... yeah, that North West Oregon Housing Authority (NOHA) has really been cooking the books, probably getting kickback from the corning insulation people
From on update to the linked story: "The original plan we had was to stick a Raspberry Pi in the cart to handle networking and video conversion," one of the devs wrote. "Due to time and resource constraints we ended up building a standalone rom."
Sure, although you might find it a bit droll When a conversation gets off-track, use conversation to draw it back to the point of the meeting in the first place Project Managers do it all of the time, either time-boxing conversations, or putting things onto a list to get worked over later People seem to be pretty understanding when given a list of things that we are going to do now, and things that we are going to do next (sprint like, eh) What people do not like is when the list of things to get to next never gets addressed, or when they feel like they are not getting noticed for their input Of course you are always going to have those who just want to burn the world, and you would probably have to be more creative with them, either bringing them into (or excluding them from) side-bar or working sessions with the intent to either get something done that they are preventing, or take issue with claims they are making without dragging the entire community through an issue that has already been ground to dust It make seen unmanageable when it is all clogged up, or even difficult to discern when it is starting to get all wobbly, but these are skills that you should expect of your leads, and if they fail to manage it then they are probably not lead material
When rational thought becomes a religion the leaders and followers of that religion will go to war over any outsiders who dare question the religion well before they will attempt to straighten out the inconsistencies within that religion
And in case you are dense, I am equating the current foss environment with religion
So there is an upside to insider trading and making false claims, or was their multibillion dollar debt and poor revenue stream (not to mention poor customer service) all a plot by the nsa
California is short on cash because of a combination of two nitwit rightwing ideas
1. Reduce the ability of the government to raise taxes 2. Make any three strike crime a 30 year sentence so that you lock people up at taxpayer expense
How's that working for you? Hope you really enjoyed your wait in line. You do realize that for a nominal fee you could go to a private DMV service and avoid the wait
So... now Linux has become a celestial body and requires no mortal coil?
The desire to believe in the infallibility of your chosen tools leaves you open to attack. What is that word again? Oh yeah, hubris
And sure, sure, tell your self that you use ECC RAM (not fakey, just the good stuff) and help old ladies across the street and nobody could pierce your armor like demeanor, and enjoy the comfort that your beliefs give you while you are just as vulnerable at that mac-idiot or windows-moron that you disparage so freely
Not so much, I would say that he is a student of history
Look back a decade to the telecom meltdown
One company started building out a large and improved global fibre network
Once that company got positive attention, a slew of competitors started a cavalcade of press releases
Some companies cobbled together networks from bankrupt telcos and entered the market as a lowest cost provider, despite the fact that they aggressively hot potato routed packets to the innovative company's network, effectively getting them to carry traffic that was undermining their own position
Some companies boasted about the new technology that they were delivering, even sticking guys in lab coats on their websites, while they purchased bandwidth from the innovative company, then sold it to the market at a loss with the intention of undermining the innovative company's stock presence and strangling it by preventing it from getting access to additional capital
A few companies actually built out networks and attempted to compete on a level playing field, they were eventually consumed by the innovative company and became part of its next gen network
So, if I was running SpaceX, I would be very interested in what happened to Level(3) and I would make strong moves to prevent the same jolly bullshit that nearly drug Level(3) under
More like train HR to not make unrealistic barriers to getting people interviewed who can do the job
I used to hire people to customize the Oracle eBusiness application stack. I was given a range of $50-60k as a starting salary. I would like for them to have 3-5 years experience (solid on pl/sql, knowledge of the table structure, some familiarity with admin functions, etc...), but anybody with those skill sets was already earning more money
So... I either get absolute liars that HR thinks are a good match, or I interview a ton of people and distinguish which experienced C programmer can make the switch, which recent graduate is willing to put out the effort to learn and which existing functional app user may be able to take on SQL and be successful
HR is the bane of getting hired into IT and Business Management are the vampires who constantly undermine IT wages because they fail to understand where value is being generated in their own company, hell most executives came from sales, so that is where they would rather pay out wages
Somewhat, perhaps it would be ironic if the entire bloodline of the person responsible for the first two conditions (as a way of getting bonuses to provide for them) were on the flight
I totally agree with you, and in a modern aircraft with GPS and satellite communications, I would expect the discussion of communications should be in the range of, 'Should we sent aircraft updates in one second or one minute intervals?", not "Should we disable automated communications in order to save money on our maintenance contract with Boeing and Rolls Royce?"
I suspect that there were also cultural issues with communications and the desire of the pilots not to announce information over air traffic control lines that may be embarrassing to the company. The last AirAsia flight to go down was operating outside of their allowed corridor/day assignment... It certainly opens the door to questions about how much the airline discouraged 'chatter'
Aviate It does seem that they kept the plane in the air, even climbing to a higher elevation for some time, pure speculation here, but they may have thought to use the high altitude to help extinguish the burning batteries
Navigate There has been mention of them following waypoints to another airport, whether this navigation consisted of punching the numbers inot the autopilot or a pilot guiding the plane is unknown
Communicate This did not happen, but there are plenty of things that could have occurred in the prior two steps; pilots incapacitated by smoke, pilots incapacitated by low oxygen, communications system affected by fire on board..., which would have prevented communication
All of these things have been points of discussion for the past year, what was not included in the discussion until this month was the potential source for the sudden fire
They were also carrying a load of lithium batteries, which other passenger airlines refuse to carry due to past accidents
"It confirms that a large consignment of lithium-ion batteries was aboard the Boeing 777 and outlined in a red box was the warning: “The package must be handled with care and that a flammability hazard exists if the package is damaged. Special procedures must be followed in the event the package is damaged, to include inspection and repacking if necessary.”" http://www.thedailybeast.com/a...
Yeah, $200k seems a bit steep. I mean, if it was for national defense, pushing data against the stock market, or even running a moderately sized corporation's ERP stack it would be a totally acceptable expenditure
It is an interesting problem to posit how it would be possible to get the same gear for a fraction of the cost, say 10%, or $20k
This may seem wildly optimistic, but in the dot-com meltdown I remember seeing gear with million dollar price tags going for $10k on ebay
The chassis, processors, and potentially even disk arrays may be easily obtained. I have worked at companies where they were shoved out the loading dock door on a monthly basis, because newer gear had smaller footprints and we could stuff ten times as many processors or terabytes into the same constrained space that we were stuck with
RAM may be a problem since they are asking for 512GB per machine. This would probably be in 32GB sticks, which are as easily traded as gold, and even if a company was shit-canning them, the more enterprising techs should be expected to be grabbing them at every opportunity
The common nexus for this gear would be the computer salvage companies that get paid to haul it away and make a secondary profit off of reselling what they can. How would these go-crackers find a salvage company with similar leanings? If that connection could be made, they may get away with it for the discounted cost of re-sold RAM
Which leads us to the next issue, supplying 15KW of juice to run these on, the additional power to pull that heat out of the space and enough battery supply to handle a power outage without losing your entire data set. In the corporate world, this is another $50k of Liebert gear and a diesel generator. And your gonna have somebody on-call to monitor, tune and otherwise tend to their wants and needs...
in cheapo-town... this could be a garage and a stack of deep-cell batteries with the over-worked go-crackers reheating pizza on the top of a server
I think that it is an interesting exercise to figure out how to deliver a half-million dollar hardware solution for next to nothing, anybody else have their 2-bits to throw at it?
Slashdot Mirror
Apparently he has been working with Google Summer of Code for many years, the linked article does seem pretty alarmist, but that may be what it takes to get people to take action
Here is an interesting interview with Harlan Stenn at the 2013 Google Summer of Code
https://www.youtube.com/watch?...
Apparently he is keeping 7 doctoral and post-doc students busy working on timestamps, noise and 'something' that he did not seem to have a firm grasp on
He also mentioned a need for admins, a webmail guy and people who want to do documentation
Having been handed projects after a leads retirement, I think that documentation may be the more pressing need
This paper seems to indicate that the capability of the random number generator varies based on implementation, if this is the case then it seems that the foundation for OpenSSL is suspect. Will rand and prng be part of the audit (they were not mentioned in the linked article)
ABSTRACT OpenSSL is the most widely used library for SSL/TLS on the Android platform. The security of OpenSSL depends greatly on the unpredictability of its Pseudo Random Number Generator (PRNG). In this paper, we reveal the vulnerability of the OpenSSL PRNG on the Android
http://www.researchgate.net/pu...
My initial reaction to it in 2005 was Gah! what is this FrontPage?
The most recent work we did in it relied heavily on Angular and a palette of templates that made for wordpress-like presentation
We had very spotty adoption by nontechnical people, i.e. a smattering of people who would take the time to learn how to configure their group pages, but most people coming back to us for anything like adding/configuring a list or other web part
Eventually we handled it like mini-dev projects with 2-3 one week sprints handling most user requirements
Out biggest boat anchor was getting internal IT to keep us on the most recent version, so we moved aggressively to the 365 hosted options
Thanks for the pointers, but the 'parent' that I replied to was identifying a project tracking software and there seemed to be discussion about getting non-technical people to us such software. I felt that it was an appropriate place to discuss experiences with 'other' software
and it was close to the top of the page :)
I'll probably get down-modded for this, but Sharepoint is a pretty capable tool for issue tracking
I was working at a non-profit that used MS Office as their primary authoring tool
We were able to license Sharepoint for a pittance and decided to support it on an enterprise level
My group used Sharepoint lists to track all work in progress, publish white papers and best practices, and produce new website for the organization (via Sharepoint365)
I would suggest that they speak with their software rep for MS apps and see if they qualify for discounted Sharepoint pricing
If their It department is unable to turnaround enough boxes for a Sharepoint farm quickly, then look at using Sharepoiint365 to get up and running and produce demonstration sites for further buy in form all parties
If there are any developers in the organization, see if they have active MSDN licenses because they usually are allowed to build out Sharepoint365 sites withing that license for no additional cost
Yeah... wooo hooo Solar produces many giga watts of power, while coal continues to spread CO2, uranium and heavy metals at an increasing rate
Does it bother anybody else that nuclear isn't even mentioned in passing in the linked article?
It has been well documented that Solar has a high initial energy cost for production, suffers from spikes and lulls in availability and cannot be easily transferred across the US due to an aging and outdated power transmission system. Why does not anybody in the solar industry step up and support nuclear energy as the logical replacement for coal to fill all of the known gaps in solar power?
Um... yeah, that North West Oregon Housing Authority (NOHA) has really been cooking the books, probably getting kickback from the corning insulation people
You win the internet today
From on update to the linked story:
"The original plan we had was to stick a Raspberry Pi in the cart to handle networking and video conversion," one of the devs wrote. "Due to time and resource constraints we ended up building a standalone rom."
Sure, although you might find it a bit droll
When a conversation gets off-track, use conversation to draw it back to the point of the meeting in the first place
Project Managers do it all of the time, either time-boxing conversations, or putting things onto a list to get worked over later
People seem to be pretty understanding when given a list of things that we are going to do now, and things that we are going to do next (sprint like, eh)
What people do not like is when the list of things to get to next never gets addressed, or when they feel like they are not getting noticed for their input
Of course you are always going to have those who just want to burn the world, and you would probably have to be more creative with them, either bringing them into (or excluding them from) side-bar or working sessions with the intent to either get something done that they are preventing, or take issue with claims they are making without dragging the entire community through an issue that has already been ground to dust
It make seen unmanageable when it is all clogged up, or even difficult to discern when it is starting to get all wobbly, but these are skills that you should expect of your leads, and if they fail to manage it then they are probably not lead material
When rational thought becomes a religion the leaders and followers of that religion will go to war over any outsiders who dare question the religion well before they will attempt to straighten out the inconsistencies within that religion
And in case you are dense, I am equating the current foss environment with religion
So there is an upside to insider trading and making false claims, or was their multibillion dollar debt and poor revenue stream (not to mention poor customer service) all a plot by the nsa
Qwest was a CLEC with management that acted like Enron
California is short on cash because of a combination of two nitwit rightwing ideas
1. Reduce the ability of the government to raise taxes
2. Make any three strike crime a 30 year sentence so that you lock people up at taxpayer expense
How's that working for you?
Hope you really enjoyed your wait in line. You do realize that for a nominal fee you could go to a private DMV service and avoid the wait
You must have sine you are so superior
Oh yeah, Linux is slashdot's sacred cow. Thanks for reminding me
So... now Linux has become a celestial body and requires no mortal coil?
The desire to believe in the infallibility of your chosen tools leaves you open to attack. What is that word again? Oh yeah, hubris
And sure, sure, tell your self that you use ECC RAM (not fakey, just the good stuff) and help old ladies across the street and nobody could pierce your armor like demeanor, and enjoy the comfort that your beliefs give you while you are just as vulnerable at that mac-idiot or windows-moron that you disparage so freely
Not so much, I would say that he is a student of history
Look back a decade to the telecom meltdown
One company started building out a large and improved global fibre network
Once that company got positive attention, a slew of competitors started a cavalcade of press releases
Some companies cobbled together networks from bankrupt telcos and entered the market as a lowest cost provider, despite the fact that they aggressively hot potato routed packets to the innovative company's network, effectively getting them to carry traffic that was undermining their own position
Some companies boasted about the new technology that they were delivering, even sticking guys in lab coats on their websites, while they purchased bandwidth from the innovative company, then sold it to the market at a loss with the intention of undermining the innovative company's stock presence and strangling it by preventing it from getting access to additional capital
A few companies actually built out networks and attempted to compete on a level playing field, they were eventually consumed by the innovative company and became part of its next gen network
So, if I was running SpaceX, I would be very interested in what happened to Level(3) and I would make strong moves to prevent the same jolly bullshit that nearly drug Level(3) under
I cannot believe this, an AC on slashdot told me that privilege escalation is impossible in Linux, so this must be wrong
More like train HR to not make unrealistic barriers to getting people interviewed who can do the job
I used to hire people to customize the Oracle eBusiness application stack. I was given a range of $50-60k as a starting salary. I would like for them to have 3-5 years experience (solid on pl/sql, knowledge of the table structure, some familiarity with admin functions, etc...), but anybody with those skill sets was already earning more money
So... I either get absolute liars that HR thinks are a good match, or I interview a ton of people and distinguish which experienced C programmer can make the switch, which recent graduate is willing to put out the effort to learn and which existing functional app user may be able to take on SQL and be successful
HR is the bane of getting hired into IT and Business Management are the vampires who constantly undermine IT wages because they fail to understand where value is being generated in their own company, hell most executives came from sales, so that is where they would rather pay out wages
Somewhat, perhaps it would be ironic if the entire bloodline of the person responsible for the first two conditions (as a way of getting bonuses to provide for them) were on the flight
I totally agree with you, and in a modern aircraft with GPS and satellite communications, I would expect the discussion of communications should be in the range of, 'Should we sent aircraft updates in one second or one minute intervals?", not "Should we disable automated communications in order to save money on our maintenance contract with Boeing and Rolls Royce?"
I suspect that there were also cultural issues with communications and the desire of the pilots not to announce information over air traffic control lines that may be embarrassing to the company. The last AirAsia flight to go down was operating outside of their allowed corridor/day assignment... It certainly opens the door to questions about how much the airline discouraged 'chatter'
The priorities of a pilot are Aviate, Navigate, Communicate
https://www.faasafety.gov/gsla...
Aviate
It does seem that they kept the plane in the air, even climbing to a higher elevation for some time, pure speculation here, but they may have thought to use the high altitude to help extinguish the burning batteries
Navigate
There has been mention of them following waypoints to another airport, whether this navigation consisted of punching the numbers inot the autopilot or a pilot guiding the plane is unknown
Communicate
This did not happen, but there are plenty of things that could have occurred in the prior two steps; pilots incapacitated by smoke, pilots incapacitated by low oxygen, communications system affected by fire on board..., which would have prevented communication
All of these things have been points of discussion for the past year, what was not included in the discussion until this month was the potential source for the sudden fire
They were also carrying a load of lithium batteries, which other passenger airlines refuse to carry due to past accidents
"It confirms that a large consignment of lithium-ion batteries was aboard the Boeing 777 and outlined in a red box was the warning: “The package must be handled with care and that a flammability hazard exists if the package is damaged. Special procedures must be followed in the event the package is damaged, to include inspection and repacking if necessary.”"
http://www.thedailybeast.com/a...
Yeah, $200k seems a bit steep. I mean, if it was for national defense, pushing data against the stock market, or even running a moderately sized corporation's ERP stack it would be a totally acceptable expenditure
It is an interesting problem to posit how it would be possible to get the same gear for a fraction of the cost, say 10%, or $20k
This may seem wildly optimistic, but in the dot-com meltdown I remember seeing gear with million dollar price tags going for $10k on ebay
The chassis, processors, and potentially even disk arrays may be easily obtained. I have worked at companies where they were shoved out the loading dock door on a monthly basis, because newer gear had smaller footprints and we could stuff ten times as many processors or terabytes into the same constrained space that we were stuck with
RAM may be a problem since they are asking for 512GB per machine. This would probably be in 32GB sticks, which are as easily traded as gold, and even if a company was shit-canning them, the more enterprising techs should be expected to be grabbing them at every opportunity
The common nexus for this gear would be the computer salvage companies that get paid to haul it away and make a secondary profit off of reselling what they can. How would these go-crackers find a salvage company with similar leanings? If that connection could be made, they may get away with it for the discounted cost of re-sold RAM
Which leads us to the next issue, supplying 15KW of juice to run these on, the additional power to pull that heat out of the space and enough battery supply to handle a power outage without losing your entire data set. In the corporate world, this is another $50k of Liebert gear and a diesel generator. And your gonna have somebody on-call to monitor, tune and otherwise tend to their wants and needs...
in cheapo-town... this could be a garage and a stack of deep-cell batteries with the over-worked go-crackers reheating pizza on the top of a server
I think that it is an interesting exercise to figure out how to deliver a half-million dollar hardware solution for next to nothing, anybody else have their 2-bits to throw at it?
Clocks have been the established method for synchronizing measurements along a baseline
The atomic clocks used for GPS are world beyond the ones used on ships for navigation in ages past, and better clocks are constantly being created
Sure, it is not as fancy as entaglement, but sometimes a hammer is the only tool that you have