Look, if you want to emulate ancient technology, you'd also better make sure that if you only send carriage-return, your emulation should smear the next character across the paper about 40 positions to the left of the prior character, and that every character past 72 should overwrite that 72nd position, getting darker and darker until the ink starts to spread. And your terminal emulator should make a terrible racket with every printable character, which by the way, only included UPPERCASE letters and run at 110 baud (10 characters per second, 11 bits per character - an extra stop bit because it needed that extra time, too).
ASR33s needed carriage-return, followed by line-feed because it took 200ms to get the carriage brought back to the left margin, slamming into the dashpot to cushion the blow, with the small metal arm carefully adjusting the size of the air hole to make the dashpot as close as possible to critically damped.
As a purchaser of BLU phones, I've read the proposed settlement, and find it worse than useless. No compensation, and no firmware repairs/upgrades are promised to customers. I put a complaint to that effect in the FTC comment files. BLU phones should be blocked from the US market until they clean up the mess.
Unfortunately, even if it's "harder," it's still possible to exploit in JavaScript, and with development of portable assembly language variants, it'll be easier. And once written as POC, it's easy to deploy in a vast variety of contexts.
The process of reserving CVE numbers clearly discloses timing of discovery of vulnerabilities. The CVE numbering authority should close that potential security hole.
I'm at least half serious about this. Arguably, knowing that vulnerability disclosures are coming reduces the value of current and upcoming products and can even have an effect on stock prices. It may also embolden black-hat security to step up efforts to discover vulnerabilities, knowing of the presence of them, and encourage them to attempt to subvert security measures to keep them secret until patches are available.
Hey, I'm a clever guy from California. Would you pay a few million be introduced to the concept of Dynamic Soaring? Never mind, you got it for free. https://www.wired.com/2009/06/...
I've seen little focus on the concrete, other than the observation of some "minor cracking," prior to the failure.
One notable feature of the bridge is that it was THE FIRST IN THE WORLD built with "self cleaning concrete," most frequently done by adding TiO2 (Titanium dioxide) to the mixture. A little research suggests that concrete strength is negatively affected, on the order of 10% weaker with 6% TiO2, according to http://www.cipremier.com/e107_... Does someone know more precisely what concrete was used?
While most are focusing on a failure of the tensioning members, another cause may be a hinge failure at the point where the posts meet, where the concrete strength may be an important factor. In addition to the self-cleaning mix being weaker in general, other problems in the concrete pour or the concrete mix could create even weaker points, and as the hinge failure is at the top of the structure, presumably at the end of the pour, using the "bottom of the barrel" of the concrete mix which may differ from majority of the concrete produced.
Has anyone ever collected on damaged equipment plugged into a UPS? I figure the rate of occurrence is incredibly low, the flaming hoops that you have to jump through to collect are incredibly tight, or the depreciation on equipment heavily discounts the loss.
I'm not that impressed with disk drive warranties either. I've seen drive replacements that amount to a discount off the nobody-pays-this-list price of a new hard drive, ending up no cheaper than the street price, or an offer of a refurbished drive with an unknown past.
Standard/daylight savings time mean nothing except as documentation. Working hours aren't always 9-to-5, schools, companies, government are presumably free to set their own schedules as they see fit, including seasonally or periodically varying their schedules. Why does it matter whether Florida is permanently on standard time or daylight savings time, if Floridians can set their schedule as they wish?
Does the Federal government really require certain working hours? The OPM sets shift differential pay only if the majority of work hours are outside 8 AM-3PM, so work schedules of 11AM-7PM, 10AM-6PM, 9AM-5PM, 8AM-4PM, 7AM-3PM, 6AM-2PM, 5AM-1PM, and 4AM-12PM are all considered basic pay scale schedules. https://www.opm.gov/policy-dat...
While the theoretical model has been carefully studied (See for example, http://epubs.siam.org/doi/pdf/... ), I'm not aware if any entity ever validated the model by actually flying an aircraft along one of the potential flight paths and comparing the ping times and doppler offsets from the theoretical model with an actual flight path. Does anyone know if that was ever done? Second best would be to compare the metadata from some other known flight with that flight's actual path.
OK, so how do I check whether a system has been pwned via any of these CVE's before being patched? openBSD provided system updates that essentially leaked the vulnerability, and government agencies have known for at least two months, not to mention everyone that they notified. Of course, we all have complete faith in the fidelity of our beloved United States government and all commercial corporations - they've never let us down.....
Does anyone have utilities that checks all system programs and critical files via digital signatures against the versions that are supposed to be there? Bonus points if it identifies out-of-date programs and suggests updates. Let us ignore for now the possibilities that (1) the system has been pwned so cleverly that such utilities can be fooled (2) the utility installs a backdoor that pwns the system and reports false signatures, as (3) open-sourcing the utility is a basic requirement for transparency, or many independent versions could be easily written given an appropriate database...
The database of file signatures is the important part, and can be quickly developed from one or more clean installs (multiple installs to catch variable files). I'm already aware of signatures used to validate updates, but this is for validation of existing systems. Presumably a list of files not covered by the database is a starting point to complete the system validation.
A little searching turned up machinery-project.org - anyone familiar with that, or can suggest other tools?
Everying old become new again when rediscovered. Here's an old patent from a former co-worker on an ADC that performs this analog adjustment bit-by-bit to create a flash ADC. https://www.google.us/patents/... The precision of such ADC's depend upon having deadly accurate 2^N analog values. If you can create a deadly accurate 2x amplification, you can cascade an series of identical stages to build an ADC.
Specify font size in points, please. Those of us who've been working in typography for years all specify point size. While the definition of a point has varied with geography and time, the most common definition today is 1/72 of an inch (0.013888... in), or 3.175/9 mm (0.352777.... mm). This "DTP point" definition came to be as Warnock & Geschke of Adobe either didn't know or care that Donald Knuth was already using 1/72.27 in in Tex. https://en.wikipedia.org/wiki/...
Even so, fonts are often designed to be a little bigger or smaller than the stated point size, as subtle adjustments are made for font weight and other design issues, such as running curved lines slightly beyond straight ones so that characters appear to be properly aligned to the human eye - at least they used to be until display on low-resolution CRTs and printers totally destroyed the subtle adjustments that font designers made - though greyscale fonts can somewhat repair the damage.
Amazon's naive to think that banning incentive-driven reviews will make them go away. Of course they'd like to think that all vendors will transition to Vine, but more likely they'll just go underground - when they're not marked, readers can't adjust their interpretation based upon the information, nor can they be studied statistically. Vendors will also get suckered into participating in underground paid reviewing, increasing their real sales costs, and run the risk of losing the invested money when they get caught.
There's been several comments about "co-mingling" of products. I'd agree that we, and Amazon, should be concerned about that, too. Amazon could address the co-mingling issue for reviews that are connected to a purchase by identifying the vendor associated with that purchase, just as when products are lumped together, the reviews have a notation as to which of the several products are reviewed. Amazon needs to go even further, and separate the star rating average by product and vendor as appropriate. Probably, it would help identify poor vendors more quickly.
I'm speaking as the author of one of the top-rated reviews on Amazon for the WRT-54GL soon after it came out. My review cited the availability of open-source firmware for the device as the main reason for buying it, and its compatibility with the earlier WRT-54G v2-v4 devices that had enough available memory bringing on firmware with greater features than the design had with the stock software.
However, that review was written December 2, 2005, and more than ten years have passed. Now, if you want a low-cost router that runs open source software, I'd instead recommend the ASUS RT-N12, which is more than 30% cheaper, uses a 50% faster processor, all-black exterior, adds 802.11n at 300Mbps, and runs Tomato by Shibby firmware just fine.
Reserving one of these cars now increases the likelihood that your car will be eligible for the $7500 tax credit. As I understand it, this credit only applies to the first 200,000 qualifying vehicles sold by a manufacturer. At last estimates, Tesla sold about 100,000 or so vehicles which leaves about 100,000 credits left.
I reserved mine last night. The deposit is fully refundable. At the very least, I think I've got a shot at getting the federal credit.
It's not a bad deal.
Note that only US sales count against the 200k limit. Based upon some knapkin-scratch computation (I got to an estimate of 175k by end of 2017), the 200k figure (assuming 50% of sales are in the US and 50% annual sales growth) seems likely to be hit about the end of 2017, which is when the Model 3 is supposed to start shipping. It's not a sure thing, as sales over the next two years may be depressed by the Model 3 announcement (as iPhone new model expectations depress sales of existing models), and Telsa has been at least a little late in first shipping of each new model. I'd estimate that if you don't get an early order of the Model 3, you're not likely to get the 7.5k bonus rebate from the US, unless Congress (hah!) sees fit to extend the program.
This kind of application desperately needs to include hotspot software that does a VPN over SSL or TLS (https security layer, relying on PKI). An ideal platform for doing this would be for email providers to add VPN for internet access alongside the SSL/TLS links they already operate for IMAP/POP3/SMTP, as it provides for some level of user authentication and traceability. There's also existing standalone VPN hotspots, but incorporating VPN into email would help make VPN ubiquitous.
The 3TB Seagate (ST3000DM001) wasn't in the main table because it had a 28%/year failure rate and they've all been retired. It's not that they bought a small number of them - they ripped them out - I've been doing the same. The 4TB Seagate's have been about average in reliability.
Or if you're using Software RAID on Linux, just do a resync weekly. Which will also read every sector on every drive with the bonus of making sure that all drives report back good information.
Most hardware RAID cards have a similar feature to check the array for errors.
mdadm already does a "checkarray" starting at 00:57 on the first Sunday of each month by default. See/etc/cron.d/mdadm
Slashdot Mirror
Look, if you want to emulate ancient technology, you'd also better make sure that if you only send carriage-return, your emulation should smear the next character across the paper about 40 positions to the left of the prior character, and that every character past 72 should overwrite that 72nd position, getting darker and darker until the ink starts to spread. And your terminal emulator should make a terrible racket with every printable character, which by the way, only included UPPERCASE letters and run at 110 baud (10 characters per second, 11 bits per character - an extra stop bit because it needed that extra time, too).
ASR33s needed carriage-return, followed by line-feed because it took 200ms to get the carriage brought back to the left margin, slamming into the dashpot to cushion the blow, with the small metal arm carefully adjusting the size of the air hole to make the dashpot as close as possible to critically damped.
As a purchaser of BLU phones, I've read the proposed settlement, and find it worse than useless. No compensation, and no firmware repairs/upgrades are promised to customers. I put a complaint to that effect in the FTC comment files. BLU phones should be blocked from the US market until they clean up the mess.
Unfortunately, even if it's "harder," it's still possible to exploit in JavaScript, and with development of portable assembly language variants, it'll be easier. And once written as POC, it's easy to deploy in a vast variety of contexts.
There's no clear need for CVE numbers to be issued sequentially at all, whether individually or in blocks; only that they be unique.
The process of reserving CVE numbers clearly discloses timing of discovery of vulnerabilities. The CVE numbering authority should close that potential security hole.
I'm at least half serious about this. Arguably, knowing that vulnerability disclosures are coming reduces the value of current and upcoming products and can even have an effect on stock prices. It may also embolden black-hat security to step up efforts to discover vulnerabilities, knowing of the presence of them, and encourage them to attempt to subvert security measures to keep them secret until patches are available.
Hey, I'm a clever guy from California. Would you pay a few million be introduced to the concept of Dynamic Soaring? Never mind, you got it for free. https://www.wired.com/2009/06/...
I've seen little focus on the concrete, other than the observation of some "minor cracking," prior to the failure.
One notable feature of the bridge is that it was THE FIRST IN THE WORLD built with "self cleaning concrete," most frequently done by adding TiO2 (Titanium dioxide) to the mixture. A little research suggests that concrete strength is negatively affected, on the order of 10% weaker with 6% TiO2, according to http://www.cipremier.com/e107_... Does someone know more precisely what concrete was used?
While most are focusing on a failure of the tensioning members, another cause may be a hinge failure at the point where the posts meet, where the concrete strength may be an important factor. In addition to the self-cleaning mix being weaker in general, other problems in the concrete pour or the concrete mix could create even weaker points, and as the hinge failure is at the top of the structure, presumably at the end of the pour, using the "bottom of the barrel" of the concrete mix which may differ from majority of the concrete produced.
Has anyone ever collected on damaged equipment plugged into a UPS? I figure the rate of occurrence is incredibly low, the flaming hoops that you have to jump through to collect are incredibly tight, or the depreciation on equipment heavily discounts the loss.
I'm not that impressed with disk drive warranties either. I've seen drive replacements that amount to a discount off the nobody-pays-this-list price of a new hard drive, ending up no cheaper than the street price, or an offer of a refurbished drive with an unknown past.
Standard/daylight savings time mean nothing except as documentation. Working hours aren't always 9-to-5, schools, companies, government are presumably free to set their own schedules as they see fit, including seasonally or periodically varying their schedules. Why does it matter whether Florida is permanently on standard time or daylight savings time, if Floridians can set their schedule as they wish?
Does the Federal government really require certain working hours? The OPM sets shift differential pay only if the majority of work hours are outside 8 AM-3PM, so work schedules of 11AM-7PM, 10AM-6PM, 9AM-5PM, 8AM-4PM, 7AM-3PM, 6AM-2PM, 5AM-1PM, and 4AM-12PM are all considered basic pay scale schedules. https://www.opm.gov/policy-dat...
...and another FAQ left unanswered: How will it be abused?
While the theoretical model has been carefully studied (See for example, http://epubs.siam.org/doi/pdf/... ), I'm not aware if any entity ever validated the model by actually flying an aircraft along one of the potential flight paths and comparing the ping times and doppler offsets from the theoretical model with an actual flight path. Does anyone know if that was ever done? Second best would be to compare the metadata from some other known flight with that flight's actual path.
I don't believe half of what my government tells me.
Which half?
OK, so how do I check whether a system has been pwned via any of these CVE's before being patched? openBSD provided system updates that essentially leaked the vulnerability, and government agencies have known for at least two months, not to mention everyone that they notified. Of course, we all have complete faith in the fidelity of our beloved United States government and all commercial corporations - they've never let us down.....
Does anyone have utilities that checks all system programs and critical files via digital signatures against the versions that are supposed to be there? Bonus points if it identifies out-of-date programs and suggests updates. Let us ignore for now the possibilities that (1) the system has been pwned so cleverly that such utilities can be fooled (2) the utility installs a backdoor that pwns the system and reports false signatures, as (3) open-sourcing the utility is a basic requirement for transparency, or many independent versions could be easily written given an appropriate database...
The database of file signatures is the important part, and can be quickly developed from one or more clean installs (multiple installs to catch variable files). I'm already aware of signatures used to validate updates, but this is for validation of existing systems. Presumably a list of files not covered by the database is a starting point to complete the system validation.
A little searching turned up machinery-project.org - anyone familiar with that, or can suggest other tools?
Everying old become new again when rediscovered. Here's an old patent from a former co-worker on an ADC that performs this analog adjustment bit-by-bit to create a flash ADC. https://www.google.us/patents/... The precision of such ADC's depend upon having deadly accurate 2^N analog values. If you can create a deadly accurate 2x amplification, you can cascade an series of identical stages to build an ADC.
That is truly evil, and the FAA ought to crack down on them.
Specify font size in points, please. Those of us who've been working in typography for years all specify point size. While the definition of a point has varied with geography and time, the most common definition today is 1/72 of an inch (0.013888... in), or 3.175/9 mm (0.352777.... mm). This "DTP point" definition came to be as Warnock & Geschke of Adobe either didn't know or care that Donald Knuth was already using 1/72.27 in in Tex. https://en.wikipedia.org/wiki/...
Even so, fonts are often designed to be a little bigger or smaller than the stated point size, as subtle adjustments are made for font weight and other design issues, such as running curved lines slightly beyond straight ones so that characters appear to be properly aligned to the human eye - at least they used to be until display on low-resolution CRTs and printers totally destroyed the subtle adjustments that font designers made - though greyscale fonts can somewhat repair the damage.
Amazon's naive to think that banning incentive-driven reviews will make them go away. Of course they'd like to think that all vendors will transition to Vine, but more likely they'll just go underground - when they're not marked, readers can't adjust their interpretation based upon the information, nor can they be studied statistically. Vendors will also get suckered into participating in underground paid reviewing, increasing their real sales costs, and run the risk of losing the invested money when they get caught.
There's been several comments about "co-mingling" of products. I'd agree that we, and Amazon, should be concerned about that, too. Amazon could address the co-mingling issue for reviews that are connected to a purchase by identifying the vendor associated with that purchase, just as when products are lumped together, the reviews have a notation as to which of the several products are reviewed. Amazon needs to go even further, and separate the star rating average by product and vendor as appropriate. Probably, it would help identify poor vendors more quickly.
Mylan's current patent is on their current autoinjector - the original patent dates back to 1977.
I'm speaking as the author of one of the top-rated reviews on Amazon for the WRT-54GL soon after it came out. My review cited the availability of open-source firmware for the device as the main reason for buying it, and its compatibility with the earlier WRT-54G v2-v4 devices that had enough available memory bringing on firmware with greater features than the design had with the stock software.
However, that review was written December 2, 2005, and more than ten years have passed. Now, if you want a low-cost router that runs open source software, I'd instead recommend the ASUS RT-N12, which is more than 30% cheaper, uses a 50% faster processor, all-black exterior, adds 802.11n at 300Mbps, and runs Tomato by Shibby firmware just fine.
The rebate doesn't immediately disappear when the 200K number is hit, it gets phased out.
True, it gets cut in half for two quarters, then gets cut in half again for one quarter, then it's done. It phases out dramatically and rapidly.
Reserving one of these cars now increases the likelihood that your car will be eligible for the $7500 tax credit. As I understand it, this credit only applies to the first 200,000 qualifying vehicles sold by a manufacturer. At last estimates, Tesla sold about 100,000 or so vehicles which leaves about 100,000 credits left.
I reserved mine last night. The deposit is fully refundable. At the very least, I think I've got a shot at getting the federal credit.
It's not a bad deal.
Note that only US sales count against the 200k limit. Based upon some knapkin-scratch computation (I got to an estimate of 175k by end of 2017), the 200k figure (assuming 50% of sales are in the US and 50% annual sales growth) seems likely to be hit about the end of 2017, which is when the Model 3 is supposed to start shipping. It's not a sure thing, as sales over the next two years may be depressed by the Model 3 announcement (as iPhone new model expectations depress sales of existing models), and Telsa has been at least a little late in first shipping of each new model. I'd estimate that if you don't get an early order of the Model 3, you're not likely to get the 7.5k bonus rebate from the US, unless Congress (hah!) sees fit to extend the program.
This kind of application desperately needs to include hotspot software that does a VPN over SSL or TLS (https security layer, relying on PKI). An ideal platform for doing this would be for email providers to add VPN for internet access alongside the SSL/TLS links they already operate for IMAP/POP3/SMTP, as it provides for some level of user authentication and traceability. There's also existing standalone VPN hotspots, but incorporating VPN into email would help make VPN ubiquitous.
ZFS on Ubuntu is problematic because it doesn't properly rebuild the kernel modules when the kernel is upgraded.
The 3TB Seagate (ST3000DM001) wasn't in the main table because it had a 28%/year failure rate and they've all been retired. It's not that they bought a small number of them - they ripped them out - I've been doing the same. The 4TB Seagate's have been about average in reliability.
Or if you're using Software RAID on Linux, just do a resync weekly. Which will also read every sector on every drive with the bonus of making sure that all drives report back good information.
Most hardware RAID cards have a similar feature to check the array for errors.
mdadm already does a "checkarray" starting at 00:57 on the first Sunday of each month by default. See /etc/cron.d/mdadm