Probably PCI (Payment Card Industry). They're anal about the software development process and how features get onto web sites that deal with credit cards.
And it was a very stupid way to claim that they were compromised.
A low pin chip connected at the ethernet port. Or where the PHY is. By this point the data should have already been encrypted and secured. Especially if its in a secure facility, even communications inside a rack are usually encrypted. Besides if they were wanting to get any unsecured data off the network then it would be better just to compromise the switch. That way they get what they need from multiple sources, and compromise the thing that would be used to detect the information drain.
If they wanted to get data that isn't secure, they'd have to tap something on the data bus. I think data buses are around 256 bits in most servers. Add in 40-64 bits for the address lines, and you have over 300 pins on the chip, and then you have to have power, grounds, and the pins to send the data out, which means talking to the PHY. I suppose the chip could send out ethernet direct, requiring only 4 pins, but then it would have to be 12V tolerant, and that you need to use a larger silicon process, and more gap between the pins. Most likely they're would talk to the PHY through SMII (or whatever the gigabit interface is, I'm more familiar with 100 mbit interfaces at the hardware level), which is another 20 pins or so. They probably also need an external oscillator.... So I don't think you're going to find a chip to monitor data in a server with less than 400 pins.
Even with a BGA package this is not a 'small' chip. And then they have to deal with internal RAM/ROM and the processing power to figure out what information they've found and send. There's no way they're going to send all of it. It would take too much time, and make it too detectable.
I'm not saying it can't be done, and the supermicro servers can't be compromised. Just I believe that they can be compromised in the way Bloomberg claims they are. Hollywood Magic doesn't work, you can't just add in a 'chip' and compromise stuff. You have to add it to where it can be effective.
I was looking at picking up a new Mac when they do the refresh for video editing, digital artwork and animation. Mac is supposed to be better for that type of work. But if they're switching to ARM, I think I'll pass. I'll just look at something like an i9 and programs that can use multiple cores for the rendering the final output of videos and animations.
While the Intel chips are crufty with all the stuff built up over the years, ARM is not going to be able to replace it for the work I do and plan on doing. I may pick up a Mac mini in the future to cross platform test my games, but its not going to be for any of the major work I do.
I need a powerhouse for what I do, not a phone with a keyboard.
This is the problem my company faces. I also wish they didn't see $30 k in India as luxury wages. There's plenty of competent people in India, but they're competent enough to know that they can get much more than $30 k, or the peanuts my company pays. The cheapness of my company is also the reason why my job isn't at risk of automation, they look to save money for this quarter, and will never make the up front investment to automate my job. Ship it off to India if they can, but automate it? No. I also write the build and test automation software as one of my many hats, and I do my best to automate my job so they keep giving me more jobs that I automate. Fortunately its positioned us to get into industries that require a lot of certifications on code quality and process and that means much more work so in a way I'm creating employment by automating the stuff I am.
We had a paid intern at work (I don't know how much but it sounded like north of $70k per year). He never showed up, never did any work. Found out he was the son of a VP in another department, and HR rules said he couldn't be in VP's department, so we paid it out of our budget. Fortunately we don't have this paid intern anymore and we can actually use the money for people who actually do work.
I blame Moore's Law and smaller transistors. And that might end sooner rather than later.
Most coders get to deal with fast processors, fast ram, and its always getting faster and faster. So sloppy programming can be covered with more overhead provided in more recent languages. Java & C# don't really have the concepts of memory allocation and clean up, that's all handled by the overhead. Python & Perl and other similar languages don't even need to worry about what types are passing through the system. Its all handled by the overhead.
I'm from an old school of programming. I can barely tolerate Java & C#. I've been poisoned by C/C++ and assembly. I always have to know when memory is allocated and when it is deallocated. I always have to know when something goes from memory to cache and into registers. I always have to know how much memory a chunk of data takes up. How it flows through the processor. I start to twitch when I try to use a typeless language, because I was trained to know where everything is in memory, and to always clean up after yourself. I can't trust the compiler or run time to do it right. Why? Because I can't see the bits in memory, or toss a logic analyzer onto the memory bus and see what is going on.
Recent machines give the power to wrap recent programmers in bubble wrap. C/C++ gives programmers enough rope to hang themselves and will jerk on the rope if they aren't careful. But with C/C++ you can tune things down to sub microseconds in your drivers (which I've done). I don't think you can expect the same determinism with more recent languages, not with runtimes that can randomly garbage collect or other overhead things.
I deal with embedded parts, microcontrollers, with fixed RAM and Flash and cycles. I can't rely on the overhead to cover my ass. I just don't have the resources to do it. I think that when processor efficiency improvements start to slow down that coding will slowly turn back to less overhead as the software will have to make up the speed differences that the hardware can no longer provide. I saw that when I was programming for game consoles. When a new generation of consoles came the code was sloppy, but as the console cycle went on the code needed to get more and more optimized, the sloppiness needed to go as customers always demand more.
I'm waiting for the new optimization wars to start. I'll be happily sitting back in my rocking chair with my lemonaid and popcorn as a new generation of coders have to fight for microseconds like I did. I'll probably be retired before physics really starts to impact performance efficiency enhancements.
You forgot: Designing will slow them down, much faster to just code.
I'm, unfortunately, in charge of my companies security drive for software and let me tell you I hear everything you said, apart from version control, from my boss.
It's very hard to convince anyone that just drawing a state machine on a white board and have a few people 'throw darts' at it is invaluable in saving time and improving security. A few minutes thinking about the abstract and how people can break it saves a boat load of time. But no, that's design and it slows people down.
The only other person in the group who cares about design and I have two expressions right now at work: 'We're too busy working in the dark to turn the light on' And 'We're too busy doing it over to do it right'
I'm not advocating a waterfall model or humongous design since that prevents flexibility and does slow you down. But something, anything, just to switch gears from coding to get you thinking of how people can screw with your system and how to mitigate the risk.
And even just trying to get simple changes to code to think about security is hard to push onto some people who have their minds closed. I look at simple code changes to frustrate (not block) the normal attacks, like not having insecure/developer/debug mode to be 0 and it just blows the minds of some developers. Developer Mode must be zero, since it's the first mode!!!
You're definitely right about nothing slows you down as much as trying to pull your trousers from the fire after being caught with your pants down on security. You're not going to want to wear them, and everyone will think you have a strange smell afterwards.
Tesla is also a manufacturer of solar panels, and they do plan on moving all their supercharger stations to Solar. https://electrek.co/2017/06/09/tesla-superchargers-solar-battery-grid-elon-musk/
California is a good place to get a good charge off of solar panels. Oregon and Washington not so much. If Tesla really does disconnect all their Superchargers from the grid and just use Solar and batteries, they will need larger installations in the states with less solar time. The cost difference between California/Oregon/Washington is based off of this.
As a person who's played KSP without mods: Math? What's that? Just strap a big enough booster on it, a fuel tank and it'll get to space*.
* you may not achieve orbit, you probably won't put it where you want, and you'll send hours and hours and hours fiddling with things till you actually dock with your target. Then you realize you forgot to watch your fuel gauge and don't have enough fuel to get home. Then decide to launch a rescue mission, repeat. Soon you'll have a nice impromptu space station going till you get good enough to dock with enough fuel to get some of your kerbals home.
Joking aside, KSP definitely gives you an appreciation of how much effort goes into every step of a space program, and how exact everything has to be, because you often don't have all that planning to back you up, and you fly the space programs by the seat of your pants. I can't tell you how many times I've been frustrated playing that game and trying to close for docking and the apogees were slightly out of alignment.
Or that high end gamers who can't get the $1000+ cards realize that they can stay with their current cards, or go with cheaper cards.
Game studios will also start to optimize their graphics more and not rely on Nvidia and AMD to save their asses for having a poorly optimized game. This will lower demand for the high end cards, because they aren't needed to get stunning graphics.
Nvidia probably realizes this and don't want to start back at square one with their marketing program, to convince gamers they need $1000+ cards, and to convince game studios that there will be enough cards out there to be lazy with their optimizations.
And once game studios learn to optimize their graphics, they'll realize that there is a much broader market out there they can service, and this will lower demand for those super high end cards, and maybe even for the $300+ cards too.
When the cryptocurrency bubble pops, they want the demand for the high and higher end cards to still be there, and it might not be if the bubble lasts too long because gamers have learned to settle, and game companies have learned to optimize better.
Not exactly getting something for nothing. The energy to turn those blades have to come from somewhere.
It will come from slowing down the air that passes by the blades, while its not a quantum butterfly effect, there will still be some sort of effect caused from pulling energy out of the air.
One turbine won't cause anything measurable, 1000 probably not as well. 1,000,000 you might see something. The effect might be something like a mountain, and cause a down draft convection effect on the downwind side of a turbine farm. Who knows maybe we can use large wind farms for both energy and weather control.
No matter what the air leaving the turbine farm will have less energy than the air going in, which will cause a pressure difference between the air above and air below, a pressure difference before the farm and after. Maybe it will be a quantum butterfly after all.
I opted out to all the messages except the weather alerts. I live in Phoenix, and alerts that there is a dust storm coming in is personally important. It will modify my behavior: * Am I going to go out grocery shopping, or to a restaurant now, or wait till it blows through? * I need to shut off the fresh air intake in the house, and make sure all the doors and windows are closed. * Time to break out the beverage of choice and watch the wall of dust roll over the fields.
Things like that. Those alerts are important since they are personally important to the people they're being sent to. Amber/Silver alerts aren't so important: 'Look out for this Vehicle' 'but I'm at work/home/etc right now.' And when people get on the road they forget what they're suppose to be looking for. So I agree, most of those alerts are useless alerts for people who don't care. But like most cases of generalizations arguments there are exceptions.
Not only that, there were extreme safety concerns too. It use to be said that you could tell how long a brakeman had been working for the railroad by how many fingers he had left. If he had all of them he was a rookie.
Brakemen use to have to couple the cars together. Even though there were the same sort of couplers that are used today back then the railroads thought it was cheaper to use the old method. The brakeman held a loop of steel between the two cars as they were pushed together and then pulled his hand back at the last second. Then two pins were hammered into place in the couplers to hold the steel loop in place and the cars together. If there were a fraction of a second too slow getting their hands out of the way they lost fingers. The railway unions helped force the railways to go to the then patented automatic couplers. (https://en.wikipedia.org/wiki/Railway_coupling#Link_and_pin).
Brakes on the cars were also controlled by those big wheels you see at the top of the cars in the old photos. Going around a corner the brakemen had to apply the brakes to the cars to make sure they didn't derail. And there were never enough brakemen for every car on the train, so they would have to jump between cars on the moving train to apply and release the brakes. Again there was a then patented invention that used air pressure from the engine to trigger the brakes on the cars, again the companies didn't care about human life and focused on profit. The railway unions helped fix that.
The brakemen also had to often run ahead of the train to do the switching. Since switching was another one of those things that could have been automated but didn't. Trains were suppose to stop so that the switching could be done in time and the brakemen get back aboard, but time is money and you know what that means.
There's a reason that the railway owners were called robber barons. And there were a lot of things they did that we would object to, that unions helped to fix.
I am in no way saying that unions are pure and benevolent organizations. Often they're corrupt, and as greedy as the people running the corporations. They have their place, and there are a lot of instances in the 2010s that they should come back. The Amazon story is a good example of it. Uber is another good example. A lot of other areas in high tech could use them too. All of these aren't for wages as the parent to the post said, but for working conditions and safety. When there is too much power in the hands of the employers the employees suffer, and there needs to be a balance.
In absolute terms its there. Say I have a 100 Mbit pipe, and 200 providers shoving data down it equally.
That works out to 0.5 Mbits for all the providers.
Now say 10 of those providers gets 'faster lanes' at double the priority of the other 190. Those 190 providers will now only have a speed of around 0.476 Mbits, while the paying providers get 0.952 mbits. While it doesn't seem like much only a 4.8% decrease in speed for 190 providers, its still a decrease in speed.
Of course these numbers are picked to make calculations easy, it does show that with a capped resource like a cable, that 'Same Speed' providers will get less if you're giving more to others.
You also have to structure the commission right. I worked for a company that bought another company that had just straight gross commission for the the sales people. That company was losing money which is why they were bought. It turned out a lot of the problems were caused by that commission structure, where the sales people did everything to get the sale together, including marking the product down so that it was sold at a loss and offering free support. They didn't care about the profitability of the company, only their own bottom line.
If you structure the commission based on the profit on a deal then the sales people will only push the high profit margin products and newer products that are still working off their R&D costs get neglected and may never become profitable.
While I agree you have to provide commission to encourage your sales force, you have to do it in such a way that is of value to the company. Ideally it would be of value to the customer too, but Wells Fargo proved that isn't usual.
It really depends on where you work. I'm over 40 and my time on the job has been increasing as I go along - first job was 6 weeks (company closed) - second job was 20 months (got fed up with trying to work in the system and got a better offer). - third job was three years (split between two companies the second one died off) - forth job was four years (got a better job and didn't want to do on-site support in the jungles of Guyana) - fifth job was six and a half years. (left because they gave my company vital function to experts in the field: 2 new grads in China). - Current job is going on 4 years, don't plan on leaving it till I retire
I'm one of the newest people in my group too. Most people have been there at least 8 years, some at 15+ years. At 42 I'm in the middle of the pack when it comes to age too (we did recently get a bunch of young wippersnappers in their 30s). It is still software engineering. Though I do pay price of it not being very dynamic and bleeding edge it is stable.
As I and others have said its all depends on where you work. Some places are very unstable, others are stable.
Hey that's easy for them to fix. Just throw in an if statement that if the number of digits is two automatically put a 0 in there at the end. Problem solved that'll be 10 hours charged to your account.
Then you'll test it against $9.00. Which will turn into 9 cents. Well that's easy to fix, if the number of digits equals to one then add two zeros. Problem solved this is a bit harder, that's 15 hours charged to your account.
That covers all the problems, ship it.
Well what about a $1000.00 item? That's going to take more analysis they'll get back to you on that. And the result will be an if statement that looks up the magic number/hard coded item id, and put in the magic number / hard coded price. That'll work.
You can probably tell I've had to deal with this too often, and I'm not allowed to talk to people in India directly, I have to go through two layers of managers, and before the developers in India get told about the issues its been filtered down to just the issue, all suggested solutions have been stripped from the communications, because I was insulting their intelligence.
I just wrote some grammars for a language and I might be a bit sensitive to the way it is set up. I agree that the truckers are wrong. Looking at it from a lexical/parser perspective we have the sentence:
The canning, processing, preserving, freezing, drying, marketing, storing, packing for shipment or distribution of:
Long story short the OR in the wording above is the operator to tell the parser (human), what type of list it is. In this case the OR operator indicates that the list is one of the items in the list. If the last identifier was 'packing for shipment or distribution of' then there is no way to say what type of list it is.
I also think this bullshit that people can get forced to work unpaid overtime. That includes C level executives. If you're going to work the hours you should be paid for it. The only time I would disagree with this is if you signed a very specific contract that says 'I will get X, Y and Z done by T and I will be paid $ for the work' that was properly negotiated then I can see overtime needing to uncompensated. But that's for very specific mostly deterministic tasks. Driving a truck to make deliveries doesn't fall under this, there's too many uncontrolled variables (Traffic, people receiving being slow, etc).
I've worked for similar companies. The one I worked for had terrible rules.
- Passwords need to be changed every month - Must be a minimum of 8 characters long - Must have a mix of upper and lower case. Must have digits (more than one), and symbols - Cannot have more than 3 characters in the same sequence as the last 12 passwords.
They did have people from HR go around and look for the sticky notes on monitors and remove them, of course writing down who was violating policy. So we just started to hide the sticky notes in our log books. And this was for a start up that was spun off of a large company that ultimately failed. Had no government, financial or similar contracts. The idiot who came up with these policies was fired 3 months later when everyone threatened to quit, what really did it was his stupid 8am - 6pm core business hour policy.
This seems to be very common at Amazon. Going by the FACE site, it shows a clear pattern of abuse, and I'm not surprised that this hasn't happened before.
Granted the FACE site is posted to those who are usually pissed at Amazon, but with so many postings and so often it shows that there is a clear pattern of employee abuse.
Even if their code was open source, you still can't trust them. Especially if the people rigging the machines is the people who own the machines.
Who is going to be able to verify all the lines of code? Even if you had a million programmers looking at it, something will probably still slip through, after all there are contests every year on making code that looks legit but is actually nefarious.
Who makes the compiler? Can you trust them? Has the code for the compiler been checked into? There's a legend (real or not) that when AT&T was going to commercialize UNIX that they asked the programmers if there were any obvious security holes. Dennis Ritchie spoke up about a backdoor he made in the C compiler. If it noticed it was creating the login program that it would automatically insert code for his username and password so that he'd always have root access. This was not in the login code, but the compiler itself. So you can't trust the compiler.
Are you using signed binaries? Well who signs the binaries and calculates the hash (see the point about the compiler).
What about what downloads the code to the voting machine? Can you trust that?
And that's just the voting machine itself, what about the thing that collects all the results from the voting machines and gives you the final results? Who's checked all that? Do you trust the people doing that? Do all the interested parties trust that?
There are so many points of failure and compromise with this that its scary. Especially when they want to go paperless, with no paper backup, and trusting it all to the machines. Some electronic voting machines are still this way.
The only voting machines that I see being any close to secure are the ones with the cardstock ballot that the voter fills in a line with a black marker to indicate who they are voting for. That can be machine counted for quick results. But to certify the election each ballot should be counted by a human official, with the concerned parties watching. That way if the vote can be called into question the ballots can be looked at.
Machine counted for initial (fast) results, Human counted with observers for certified results. In the case of US elections that would be at least 3 people counting each ballot: one independent election official, one republican and one democrat.
Mainly for latency reasons. From what I can find from a simple google search most optical cables transmit light 31% slower than in a vacuum. This means that for every 1000 km you add to the length of the cable you ad 4.8 ms of latency (if I did my math right)
4.8 ms might not seem like a lot, but when you're talk about needing speed it is one of the factors that is important. Trading, online games, etc. I'm not sure how much distance you will add if you run it up to Alaska and then over. If you're wanting to run it by land over to Alaska and then over to Japan it could be a fair amount, it might save a bunch on initial cost but will hurt latency. Plus there's Canada in the way, so you'd have to work through all that red tape too, and that might cost more (time == money) than just running it straight across the ocean.
I agree with you. For my work I would like to use classes, polymorphism, overloading (functions not operators), and pure virtual functions. Anything else on an embedded system would probably lead to bloat fast, so no templates (and STL). I would also avoid a lot of the new features like lambda functions.
We're already using classes, and pure virtual functions. It just looks ugly because we're doing it in pure C.
The arguments I usually get into are with people who think that any sort of c++ code automatically bloats the code by hundreds of percent and slows it down by 50%. The big argument I'm having right now is when we change the file extension from.c to.cpp and use the c++ compiler that the object file is suddenly larger, so it must be larger on the target and must be slower. I usually fix that by extern "c" in the header files, but I still have the same argument over and over again.
I constantly have the c vs c++ argument at work. We use c because our 'customers are afraid of c++'. But we're also doing embedded frameworks where we want to easily swap in and out drivers that follow a specific interface. And what was chosen was to use a structure of function pointers to do the interface. Others got upset when I started to label my structures with vTable for the interfaces I was creating.
I'll fully admit that c++ has it's disadvantages but when you're writing object code in c, why not use it and limit what aspects are legal?
Slashdot Mirror
Probably PCI (Payment Card Industry). They're anal about the software development process and how features get onto web sites that deal with credit cards.
Could it also be that the data is from Nvidia and gathered anonymous from their GeForce Experience and is completely false?
It's strange that a company that makes money selling high end video cards gets a result saying 'buy more high end video cards if you want to win'.
I can't trust the data provided by such a vested party, concluding something that has a high monetary reward to them.
And it was a very stupid way to claim that they were compromised.
A low pin chip connected at the ethernet port. Or where the PHY is. By this point the data should have already been encrypted and secured. Especially if its in a secure facility, even communications inside a rack are usually encrypted. Besides if they were wanting to get any unsecured data off the network then it would be better just to compromise the switch. That way they get what they need from multiple sources, and compromise the thing that would be used to detect the information drain.
If they wanted to get data that isn't secure, they'd have to tap something on the data bus. I think data buses are around 256 bits in most servers. Add in 40-64 bits for the address lines, and you have over 300 pins on the chip, and then you have to have power, grounds, and the pins to send the data out, which means talking to the PHY. I suppose the chip could send out ethernet direct, requiring only 4 pins, but then it would have to be 12V tolerant, and that you need to use a larger silicon process, and more gap between the pins. Most likely they're would talk to the PHY through SMII (or whatever the gigabit interface is, I'm more familiar with 100 mbit interfaces at the hardware level), which is another 20 pins or so. They probably also need an external oscillator.... So I don't think you're going to find a chip to monitor data in a server with less than 400 pins.
Even with a BGA package this is not a 'small' chip. And then they have to deal with internal RAM/ROM and the processing power to figure out what information they've found and send. There's no way they're going to send all of it. It would take too much time, and make it too detectable.
I'm not saying it can't be done, and the supermicro servers can't be compromised. Just I believe that they can be compromised in the way Bloomberg claims they are. Hollywood Magic doesn't work, you can't just add in a 'chip' and compromise stuff. You have to add it to where it can be effective.
I was looking at picking up a new Mac when they do the refresh for video editing, digital artwork and animation. Mac is supposed to be better for that type of work. But if they're switching to ARM, I think I'll pass. I'll just look at something like an i9 and programs that can use multiple cores for the rendering the final output of videos and animations.
While the Intel chips are crufty with all the stuff built up over the years, ARM is not going to be able to replace it for the work I do and plan on doing. I may pick up a Mac mini in the future to cross platform test my games, but its not going to be for any of the major work I do.
I need a powerhouse for what I do, not a phone with a keyboard.
This is the problem my company faces. I also wish they didn't see $30 k in India as luxury wages. There's plenty of competent people in India, but they're competent enough to know that they can get much more than $30 k, or the peanuts my company pays.
The cheapness of my company is also the reason why my job isn't at risk of automation, they look to save money for this quarter, and will never make the up front investment to automate my job. Ship it off to India if they can, but automate it? No.
I also write the build and test automation software as one of my many hats, and I do my best to automate my job so they keep giving me more jobs that I automate. Fortunately its positioned us to get into industries that require a lot of certifications on code quality and process and that means much more work so in a way I'm creating employment by automating the stuff I am.
This happens a lot.
We had a paid intern at work (I don't know how much but it sounded like north of $70k per year). He never showed up, never did any work. Found out he was the son of a VP in another department, and HR rules said he couldn't be in VP's department, so we paid it out of our budget. Fortunately we don't have this paid intern anymore and we can actually use the money for people who actually do work.
I blame Moore's Law and smaller transistors. And that might end sooner rather than later.
Most coders get to deal with fast processors, fast ram, and its always getting faster and faster. So sloppy programming can be covered with more overhead provided in more recent languages. Java & C# don't really have the concepts of memory allocation and clean up, that's all handled by the overhead. Python & Perl and other similar languages don't even need to worry about what types are passing through the system. Its all handled by the overhead.
I'm from an old school of programming. I can barely tolerate Java & C#. I've been poisoned by C/C++ and assembly. I always have to know when memory is allocated and when it is deallocated. I always have to know when something goes from memory to cache and into registers. I always have to know how much memory a chunk of data takes up. How it flows through the processor. I start to twitch when I try to use a typeless language, because I was trained to know where everything is in memory, and to always clean up after yourself. I can't trust the compiler or run time to do it right. Why? Because I can't see the bits in memory, or toss a logic analyzer onto the memory bus and see what is going on.
Recent machines give the power to wrap recent programmers in bubble wrap. C/C++ gives programmers enough rope to hang themselves and will jerk on the rope if they aren't careful. But with C/C++ you can tune things down to sub microseconds in your drivers (which I've done). I don't think you can expect the same determinism with more recent languages, not with runtimes that can randomly garbage collect or other overhead things.
I deal with embedded parts, microcontrollers, with fixed RAM and Flash and cycles. I can't rely on the overhead to cover my ass. I just don't have the resources to do it. I think that when processor efficiency improvements start to slow down that coding will slowly turn back to less overhead as the software will have to make up the speed differences that the hardware can no longer provide. I saw that when I was programming for game consoles. When a new generation of consoles came the code was sloppy, but as the console cycle went on the code needed to get more and more optimized, the sloppiness needed to go as customers always demand more.
I'm waiting for the new optimization wars to start. I'll be happily sitting back in my rocking chair with my lemonaid and popcorn as a new generation of coders have to fight for microseconds like I did. I'll probably be retired before physics really starts to impact performance efficiency enhancements.
You forgot: Designing will slow them down, much faster to just code.
I'm, unfortunately, in charge of my companies security drive for software and let me tell you I hear everything you said, apart from version control, from my boss.
It's very hard to convince anyone that just drawing a state machine on a white board and have a few people 'throw darts' at it is invaluable in saving time and improving security. A few minutes thinking about the abstract and how people can break it saves a boat load of time. But no, that's design and it slows people down.
The only other person in the group who cares about design and I have two expressions right now at work:
'We're too busy working in the dark to turn the light on'
And 'We're too busy doing it over to do it right'
I'm not advocating a waterfall model or humongous design since that prevents flexibility and does slow you down. But something, anything, just to switch gears from coding to get you thinking of how people can screw with your system and how to mitigate the risk.
And even just trying to get simple changes to code to think about security is hard to push onto some people who have their minds closed. I look at simple code changes to frustrate (not block) the normal attacks, like not having insecure/developer/debug mode to be 0 and it just blows the minds of some developers. Developer Mode must be zero, since it's the first mode!!!
You're definitely right about nothing slows you down as much as trying to pull your trousers from the fire after being caught with your pants down on security. You're not going to want to wear them, and everyone will think you have a strange smell afterwards.
Tesla is also a manufacturer of solar panels, and they do plan on moving all their supercharger stations to Solar. https://electrek.co/2017/06/09/tesla-superchargers-solar-battery-grid-elon-musk/
California is a good place to get a good charge off of solar panels. Oregon and Washington not so much. If Tesla really does disconnect all their Superchargers from the grid and just use Solar and batteries, they will need larger installations in the states with less solar time. The cost difference between California/Oregon/Washington is based off of this.
As a person who's played KSP without mods: Math? What's that? Just strap a big enough booster on it, a fuel tank and it'll get to space*.
* you may not achieve orbit, you probably won't put it where you want, and you'll send hours and hours and hours fiddling with things till you actually dock with your target. Then you realize you forgot to watch your fuel gauge and don't have enough fuel to get home. Then decide to launch a rescue mission, repeat. Soon you'll have a nice impromptu space station going till you get good enough to dock with enough fuel to get some of your kerbals home.
Joking aside, KSP definitely gives you an appreciation of how much effort goes into every step of a space program, and how exact everything has to be, because you often don't have all that planning to back you up, and you fly the space programs by the seat of your pants. I can't tell you how many times I've been frustrated playing that game and trying to close for docking and the apogees were slightly out of alignment.
Another XKCD: https://xkcd.com/1244/
Or that high end gamers who can't get the $1000+ cards realize that they can stay with their current cards, or go with cheaper cards.
Game studios will also start to optimize their graphics more and not rely on Nvidia and AMD to save their asses for having a poorly optimized game. This will lower demand for the high end cards, because they aren't needed to get stunning graphics.
Nvidia probably realizes this and don't want to start back at square one with their marketing program, to convince gamers they need $1000+ cards, and to convince game studios that there will be enough cards out there to be lazy with their optimizations.
And once game studios learn to optimize their graphics, they'll realize that there is a much broader market out there they can service, and this will lower demand for those super high end cards, and maybe even for the $300+ cards too.
When the cryptocurrency bubble pops, they want the demand for the high and higher end cards to still be there, and it might not be if the bubble lasts too long because gamers have learned to settle, and game companies have learned to optimize better.
Not exactly getting something for nothing. The energy to turn those blades have to come from somewhere.
It will come from slowing down the air that passes by the blades, while its not a quantum butterfly effect, there will still be some sort of effect caused from pulling energy out of the air.
One turbine won't cause anything measurable, 1000 probably not as well. 1,000,000 you might see something. The effect might be something like a mountain, and cause a down draft convection effect on the downwind side of a turbine farm. Who knows maybe we can use large wind farms for both energy and weather control.
No matter what the air leaving the turbine farm will have less energy than the air going in, which will cause a pressure difference between the air above and air below, a pressure difference before the farm and after. Maybe it will be a quantum butterfly after all.
I opted out to all the messages except the weather alerts. I live in Phoenix, and alerts that there is a dust storm coming in is personally important. It will modify my behavior:
* Am I going to go out grocery shopping, or to a restaurant now, or wait till it blows through?
* I need to shut off the fresh air intake in the house, and make sure all the doors and windows are closed.
* Time to break out the beverage of choice and watch the wall of dust roll over the fields.
Things like that. Those alerts are important since they are personally important to the people they're being sent to. Amber/Silver alerts aren't so important: 'Look out for this Vehicle' 'but I'm at work/home/etc right now.' And when people get on the road they forget what they're suppose to be looking for. So I agree, most of those alerts are useless alerts for people who don't care. But like most cases of generalizations arguments there are exceptions.
Not only that, there were extreme safety concerns too. It use to be said that you could tell how long a brakeman had been working for the railroad by how many fingers he had left. If he had all of them he was a rookie.
Brakemen use to have to couple the cars together. Even though there were the same sort of couplers that are used today back then the railroads thought it was cheaper to use the old method. The brakeman held a loop of steel between the two cars as they were pushed together and then pulled his hand back at the last second. Then two pins were hammered into place in the couplers to hold the steel loop in place and the cars together. If there were a fraction of a second too slow getting their hands out of the way they lost fingers. The railway unions helped force the railways to go to the then patented automatic couplers. (https://en.wikipedia.org/wiki/Railway_coupling#Link_and_pin).
Brakes on the cars were also controlled by those big wheels you see at the top of the cars in the old photos. Going around a corner the brakemen had to apply the brakes to the cars to make sure they didn't derail. And there were never enough brakemen for every car on the train, so they would have to jump between cars on the moving train to apply and release the brakes. Again there was a then patented invention that used air pressure from the engine to trigger the brakes on the cars, again the companies didn't care about human life and focused on profit. The railway unions helped fix that.
The brakemen also had to often run ahead of the train to do the switching. Since switching was another one of those things that could have been automated but didn't. Trains were suppose to stop so that the switching could be done in time and the brakemen get back aboard, but time is money and you know what that means.
There's a reason that the railway owners were called robber barons. And there were a lot of things they did that we would object to, that unions helped to fix.
I am in no way saying that unions are pure and benevolent organizations. Often they're corrupt, and as greedy as the people running the corporations. They have their place, and there are a lot of instances in the 2010s that they should come back. The Amazon story is a good example of it. Uber is another good example. A lot of other areas in high tech could use them too. All of these aren't for wages as the parent to the post said, but for working conditions and safety. When there is too much power in the hands of the employers the employees suffer, and there needs to be a balance.
In absolute terms its there. Say I have a 100 Mbit pipe, and 200 providers shoving data down it equally.
That works out to 0.5 Mbits for all the providers.
Now say 10 of those providers gets 'faster lanes' at double the priority of the other 190. Those 190 providers will now only have a speed of around 0.476 Mbits, while the paying providers get 0.952 mbits. While it doesn't seem like much only a 4.8% decrease in speed for 190 providers, its still a decrease in speed.
Of course these numbers are picked to make calculations easy, it does show that with a capped resource like a cable, that 'Same Speed' providers will get less if you're giving more to others.
You also have to structure the commission right. I worked for a company that bought another company that had just straight gross commission for the the sales people. That company was losing money which is why they were bought. It turned out a lot of the problems were caused by that commission structure, where the sales people did everything to get the sale together, including marking the product down so that it was sold at a loss and offering free support. They didn't care about the profitability of the company, only their own bottom line.
If you structure the commission based on the profit on a deal then the sales people will only push the high profit margin products and newer products that are still working off their R&D costs get neglected and may never become profitable.
While I agree you have to provide commission to encourage your sales force, you have to do it in such a way that is of value to the company. Ideally it would be of value to the customer too, but Wells Fargo proved that isn't usual.
It really depends on where you work. I'm over 40 and my time on the job has been increasing as I go along
- first job was 6 weeks (company closed)
- second job was 20 months (got fed up with trying to work in the system and got a better offer).
- third job was three years (split between two companies the second one died off)
- forth job was four years (got a better job and didn't want to do on-site support in the jungles of Guyana)
- fifth job was six and a half years. (left because they gave my company vital function to experts in the field: 2 new grads in China).
- Current job is going on 4 years, don't plan on leaving it till I retire
I'm one of the newest people in my group too. Most people have been there at least 8 years, some at 15+ years. At 42 I'm in the middle of the pack when it comes to age too (we did recently get a bunch of young wippersnappers in their 30s). It is still software engineering. Though I do pay price of it not being very dynamic and bleeding edge it is stable.
As I and others have said its all depends on where you work. Some places are very unstable, others are stable.
Hey that's easy for them to fix. Just throw in an if statement that if the number of digits is two automatically put a 0 in there at the end. Problem solved that'll be 10 hours charged to your account.
Then you'll test it against $9.00. Which will turn into 9 cents. Well that's easy to fix, if the number of digits equals to one then add two zeros. Problem solved this is a bit harder, that's 15 hours charged to your account.
That covers all the problems, ship it.
Well what about a $1000.00 item? That's going to take more analysis they'll get back to you on that. And the result will be an if statement that looks up the magic number/hard coded item id, and put in the magic number / hard coded price. That'll work.
You can probably tell I've had to deal with this too often, and I'm not allowed to talk to people in India directly, I have to go through two layers of managers, and before the developers in India get told about the issues its been filtered down to just the issue, all suggested solutions have been stripped from the communications, because I was insulting their intelligence.
I just wrote some grammars for a language and I might be a bit sensitive to the way it is set up. I agree that the truckers are wrong. Looking at it from a lexical/parser perspective we have the sentence:
The canning, processing, preserving, freezing, drying, marketing, storing, packing for shipment or distribution of:
With the lexical tokens:
The (1 - article) | canning (2 - identifier) | , (3 - separator)| processing (2 - identifier)| , (3 - separator) | , freezing (2) |, (3) | drying (2) | , (3) | marketing (2) | , (3) | storing (2) | , (3) | packing for shipment (2) | or (4 - operator) | distribution of (2)
In English this would be a logical list. And that is usually set up as:
logicalList : identifierList OR_OPERATOR identifier
| identifierList AND_OPERATOR identifier
;
identifierList : identifier
| identifierList COMMA identifier
;
Long story short the OR in the wording above is the operator to tell the parser (human), what type of list it is. In this case the OR operator indicates that the list is one of the items in the list. If the last identifier was 'packing for shipment or distribution of' then there is no way to say what type of list it is.
I also think this bullshit that people can get forced to work unpaid overtime. That includes C level executives. If you're going to work the hours you should be paid for it. The only time I would disagree with this is if you signed a very specific contract that says 'I will get X, Y and Z done by T and I will be paid $ for the work' that was properly negotiated then I can see overtime needing to uncompensated. But that's for very specific mostly deterministic tasks. Driving a truck to make deliveries doesn't fall under this, there's too many uncontrolled variables (Traffic, people receiving being slow, etc).
I've worked for similar companies. The one I worked for had terrible rules.
- Passwords need to be changed every month
- Must be a minimum of 8 characters long
- Must have a mix of upper and lower case. Must have digits (more than one), and symbols
- Cannot have more than 3 characters in the same sequence as the last 12 passwords.
They did have people from HR go around and look for the sticky notes on monitors and remove them, of course writing down who was violating policy. So we just started to hide the sticky notes in our log books. And this was for a start up that was spun off of a large company that ultimately failed. Had no government, financial or similar contracts. The idiot who came up with these policies was fired 3 months later when everyone threatened to quit, what really did it was his stupid 8am - 6pm core business hour policy.
This seems to be very common at Amazon. Going by the FACE site, it shows a clear pattern of abuse, and I'm not surprised that this hasn't happened before.
Granted the FACE site is posted to those who are usually pissed at Amazon, but with so many postings and so often it shows that there is a clear pattern of employee abuse.
Even if their code was open source, you still can't trust them. Especially if the people rigging the machines is the people who own the machines.
Who is going to be able to verify all the lines of code? Even if you had a million programmers looking at it, something will probably still slip through, after all there are contests every year on making code that looks legit but is actually nefarious.
Who makes the compiler? Can you trust them? Has the code for the compiler been checked into? There's a legend (real or not) that when AT&T was going to commercialize UNIX that they asked the programmers if there were any obvious security holes. Dennis Ritchie spoke up about a backdoor he made in the C compiler. If it noticed it was creating the login program that it would automatically insert code for his username and password so that he'd always have root access. This was not in the login code, but the compiler itself. So you can't trust the compiler.
Are you using signed binaries? Well who signs the binaries and calculates the hash (see the point about the compiler).
What about what downloads the code to the voting machine? Can you trust that?
And that's just the voting machine itself, what about the thing that collects all the results from the voting machines and gives you the final results? Who's checked all that? Do you trust the people doing that? Do all the interested parties trust that?
There are so many points of failure and compromise with this that its scary. Especially when they want to go paperless, with no paper backup, and trusting it all to the machines. Some electronic voting machines are still this way.
The only voting machines that I see being any close to secure are the ones with the cardstock ballot that the voter fills in a line with a black marker to indicate who they are voting for. That can be machine counted for quick results. But to certify the election each ballot should be counted by a human official, with the concerned parties watching. That way if the vote can be called into question the ballots can be looked at.
Machine counted for initial (fast) results, Human counted with observers for certified results. In the case of US elections that would be at least 3 people counting each ballot: one independent election official, one republican and one democrat.
4.8 ms might not seem like a lot, but when you're talk about needing speed it is one of the factors that is important. Trading, online games, etc. I'm not sure how much distance you will add if you run it up to Alaska and then over. If you're wanting to run it by land over to Alaska and then over to Japan it could be a fair amount, it might save a bunch on initial cost but will hurt latency. Plus there's Canada in the way, so you'd have to work through all that red tape too, and that might cost more (time == money) than just running it straight across the ocean.
We're already using classes, and pure virtual functions. It just looks ugly because we're doing it in pure C.
The arguments I usually get into are with people who think that any sort of c++ code automatically bloats the code by hundreds of percent and slows it down by 50%. The big argument I'm having right now is when we change the file extension from .c to .cpp and use the c++ compiler that the object file is suddenly larger, so it must be larger on the target and must be slower. I usually fix that by extern "c" in the header files, but I still have the same argument over and over again.
I'll fully admit that c++ has it's disadvantages but when you're writing object code in c, why not use it and limit what aspects are legal?