No you can't, you're mixing things a bit up./dev/random - in most implementation is of the *blocking* variety. I will never let the entropy go low enough. If there isn't enough entropy, the device will simply block until enough entropy has been gathered.
While for most cases you are correct, Linux heuristic estimator function is dated and does not always work. For example, you can't rely on Disk I/O for entropy if you are using SSD. In such cases estimation function would fail by over-estimating entropy and system would not correctly block at low-entropy conditions. This is because when it was written disk drives with their variable seek time were the norm.
Another consideration, is that you might think you are using/dev/random, but in reality have system fall-back to/dev/urandom in low entropy conditions. Modern OpenSSL does this unless you explicitly configure it to not do this.
I think government is very justified when looking into cases of negligence when it impacts a large number of people. There is very clear case of public interest.
Many random routines boil down to trusting the OS, like/dev/random, and just running entropy tests against the data.
This is relatively secure, unless someone has root access to the machine, and can replace/dev/random or the kernel.
Alternatively, they can just predict/dev/random output if it contains sufficiently low entropy. You don't need root access for that.
See Mining Your Ps and Qs: Detection of
Widespread Weak Keys in Network Devices
I share concerns that such service violates Net Neutrality rules and imposes walled garden on its users. The fact that it is free is irrelevant, as the principle it violates has nothing to do with the cost.
Just like Lenin and his following learned that you couldn't build Communism, you too one day will learn that you can't build unregulated supply and demand market for labor.
While your theory sounds nice on paper, practicalities of outsourcing, HB-1 visas, illegal non-poaching agreements, punitive non-compete contract clauses and so on get in the way.
I've met plenty of aware, highly intelligent, and hugely curious people all across the age spectrum, from children on up. The difficulty is that those people tend to be drowned out by the ones who don't much care to think, observe, and learn.
How could you claim this is not true for any generation? Sure, you have decades of experience, and based on your writing and arguments I can see that you "care to think, observe, and learn". This ability is not based on your age, I bet if you were born in 90s you'd still possess ability to "care to think, observe, and learn".
Does your experience affords you better perspective and let you recognize cyclical trends? Absolutely! Still you don't need to be a graybeard sage to see that existing walled garden trends are problematic. Barbarians are indeed at the gates! But they have always been there, and the good people will fight them off this time as well.
Please don't confuse general public apathy, that always been there, with inter-generational difference.
While I am a lot more digital libertarian than Schneier, I tend to agree with him on this. Social Media corporations are not going to reign-in their data collection abuses on their own, instead they will weasel into official status so it is no longer possible to avoid their clutches. Not unless, we the people, write some laws disallowing this and that and threaten to send the worst abusers to the federal PMITAP.
The key difference is that "I can go without one" can apply to a personal electronic device, but generally would not apply to feeding your own children.Consequently, labor supply side is largely inelastic, while demand is. You can see how, save substantial global population drop, megacorps would have upper hand.
Outsourcing can and does produce as good if not better software.
People can and do win lottery. In my experience, outsourcing to China and India results in a quality drop. Indian teams tend to practice cowboy coding and are more comfortable releasing without robust testing. Chinese teams tend to value seniority and rigid hierarchy, as such problems that are discovered are not communicated and as a result go unaddressed. Sure, all of this can happen without outsourcing, but outsourcing makes it a lot more likely.
What Mozilla, Microsoft, and Google do is largely irrelevant for adoption of standards. The adoption laggards are government-space IT, and they are still mandating support for 3DES and vendors still offer it to be able to meet procurement requirements. While Google can grandstand all they want, big fed-space vendors like CISCO will be offering SHA1 for decades to come. This means it is, and will be supported by default by a vast majority of networking infrastructure transporting and managing vast majority of data traveling through every network out there.
That aside, SHA1 is still part of mandatory TLS 1.0 ciphersuites, you can't deprecate it and still support TLS 1.0. There are also lots of issues with RSA and non-SHA1 diffie-hellman. As such, there are plenty of technical issues that still have to be solved prior to be able to drop it.
Outsourcing does work, for some definitions of work.
In my mind there is no question that outsourcing results in inferior work that translates in less secure, less robust product. None of this matters, as long as it is still possible/acceptable to blanket-absolve any corporate responsibility for software product flaws. In software quality doesn't seem to matter, as a consequence outsourcing will continue prospering. Change that, and the jobs might come home.
I wholeheartedly agree with Cederic on this. If you are practicing 'pulse and glide' anywhere but on an empty road with no other traffic around you, then you are inconsiderate asshole.
Ironically, pulse and glide would be acceptable to speed limit zealots, when it is very obvious this is very disruptive to other drivers and very likely lead to accident and unnecessary traffic snarl while other drivers try to navigate around such idiot.
(I have worked in motor vehicle accident investigation, and am a mechanical engineer.)
At least this explains your irrationality, just like DEA imagines seeing drug dealers everywhere, you see every traffic situation as a potential accident.
Generally speaking, the driver who is going 60mph in a scenario where the law compels him to is not creating this "death toll."
I disagree. Even if we ignore slow driver's culpability in the increase of accidents caused by other drivers, there is still an issue of slowing down all other traffic. If you just slow down entire highway by 1mph by your driving, then that alone would by sufficient to attribute road carnage element I mentioned.
How about instead, we give me police escort to clear out traffic ahead? They could also block roads ahead to reduce my chances of getting into accident. Consequently, it will be much safer for me to operate my car this way.
No? Well, I thought I should try asking anyways.
So can you please explain again why are you suggesting similar approach for making AI cars safer?
I don't disagree with what you are saying, but I think you failing to consider very simple math - that if at 60mph you can get X cars through at peak, then at 120mph you can get close to 2X cars at peak. Therefore, it follows that drivers that are not willing to speed are constantly making traffic worse, while drivers that speed only occasionally make traffic worse.
I imagine a lot of traffic would go away if we set all highways to 80mph without drastically increasing road kill ratio.
Slashdot Mirror
No you can't, you're mixing things a bit up. /dev/random - in most implementation is of the *blocking* variety. I will never let the entropy go low enough. If there isn't enough entropy, the device will simply block until enough entropy has been gathered.
While for most cases you are correct, Linux heuristic estimator function is dated and does not always work. For example, you can't rely on Disk I/O for entropy if you are using SSD. In such cases estimation function would fail by over-estimating entropy and system would not correctly block at low-entropy conditions. This is because when it was written disk drives with their variable seek time were the norm.
/dev/random, but in reality have system fall-back to /dev/urandom in low entropy conditions. Modern OpenSSL does this unless you explicitly configure it to not do this.
Another consideration, is that you might think you are using
I think government is very justified when looking into cases of negligence when it impacts a large number of people. There is very clear case of public interest.
Why would it matter? They would be equally screwed in all-Linux shop.
You don't stop targeted malware at OS level, you stop it at the network level when it attempts to dial home.
Many random routines boil down to trusting the OS, like /dev/random, and just running entropy tests against the data.
This is relatively secure, unless someone has root access to the machine, and can replace /dev/random or the kernel.
Alternatively, they can just predict /dev/random output if it contains sufficiently low entropy. You don't need root access for that.
See Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices
I share concerns that such service violates Net Neutrality rules and imposes walled garden on its users. The fact that it is free is irrelevant, as the principle it violates has nothing to do with the cost.
Just like Lenin and his following learned that you couldn't build Communism, you too one day will learn that you can't build unregulated supply and demand market for labor.
While your theory sounds nice on paper, practicalities of outsourcing, HB-1 visas, illegal non-poaching agreements, punitive non-compete contract clauses and so on get in the way.
I've met plenty of aware, highly intelligent, and hugely curious people all across the age spectrum, from children on up. The difficulty is that those people tend to be drowned out by the ones who don't much care to think, observe, and learn.
How could you claim this is not true for any generation? Sure, you have decades of experience, and based on your writing and arguments I can see that you "care to think, observe, and learn". This ability is not based on your age, I bet if you were born in 90s you'd still possess ability to "care to think, observe, and learn".
Does your experience affords you better perspective and let you recognize cyclical trends? Absolutely! Still you don't need to be a graybeard sage to see that existing walled garden trends are problematic. Barbarians are indeed at the gates! But they have always been there, and the good people will fight them off this time as well.
Please don't confuse general public apathy, that always been there, with inter-generational difference.
While I am a lot more digital libertarian than Schneier, I tend to agree with him on this. Social Media corporations are not going to reign-in their data collection abuses on their own, instead they will weasel into official status so it is no longer possible to avoid their clutches. Not unless, we the people, write some laws disallowing this and that and threaten to send the worst abusers to the federal PMITAP.
Lawn. You know what to do.
Who got your punch cards out of order?
The key difference is that "I can go without one" can apply to a personal electronic device, but generally would not apply to feeding your own children.Consequently, labor supply side is largely inelastic, while demand is. You can see how, save substantial global population drop, megacorps would have upper hand.
And I'm changing my title from "troll" to "agitation engineer".
Please, you are nothing more but self-stimulation engineer.
Outsourcing can and does produce as good if not better software.
People can and do win lottery. In my experience, outsourcing to China and India results in a quality drop. Indian teams tend to practice cowboy coding and are more comfortable releasing without robust testing. Chinese teams tend to value seniority and rigid hierarchy, as such problems that are discovered are not communicated and as a result go unaddressed. Sure, all of this can happen without outsourcing, but outsourcing makes it a lot more likely.
What Mozilla, Microsoft, and Google do is largely irrelevant for adoption of standards. The adoption laggards are government-space IT, and they are still mandating support for 3DES and vendors still offer it to be able to meet procurement requirements. While Google can grandstand all they want, big fed-space vendors like CISCO will be offering SHA1 for decades to come. This means it is, and will be supported by default by a vast majority of networking infrastructure transporting and managing vast majority of data traveling through every network out there.
That aside, SHA1 is still part of mandatory TLS 1.0 ciphersuites, you can't deprecate it and still support TLS 1.0. There are also lots of issues with RSA and non-SHA1 diffie-hellman. As such, there are plenty of technical issues that still have to be solved prior to be able to drop it.
Am I a programmer? Am I a Software Developer? Maybe I'm a Software Engineer! Maybe a software architect... honestly I can't tell anymore
Thus went Bob's from accounting existential crisis.
Outsourcing does work, for some definitions of work.
In my mind there is no question that outsourcing results in inferior work that translates in less secure, less robust product. None of this matters, as long as it is still possible/acceptable to blanket-absolve any corporate responsibility for software product flaws. In software quality doesn't seem to matter, as a consequence outsourcing will continue prospering. Change that, and the jobs might come home.
Ray Bradbury Fahrenheit 451 https://en.wikipedia.org/wiki/...
I am not interested in having insecure, locked-in, proprietary software getting attached to my car.
"Facebook reports that user engagement has gone up since the switch was made."
No, this is absolutely total fucking bullshit.
With Flash, it was easy to block it wholesale. With HTML5? Not so much.
Welcome back to punching monkeys.
Why did you chose to generalize from LA traffic patterns and not from German autobahn?
I wholeheartedly agree with Cederic on this. If you are practicing 'pulse and glide' anywhere but on an empty road with no other traffic around you, then you are inconsiderate asshole.
Ironically, pulse and glide would be acceptable to speed limit zealots, when it is very obvious this is very disruptive to other drivers and very likely lead to accident and unnecessary traffic snarl while other drivers try to navigate around such idiot.
(I have worked in motor vehicle accident investigation, and am a mechanical engineer.)
At least this explains your irrationality, just like DEA imagines seeing drug dealers everywhere, you see every traffic situation as a potential accident.
Generally speaking, the driver who is going 60mph in a scenario where the law compels him to is not creating this "death toll."
I disagree. Even if we ignore slow driver's culpability in the increase of accidents caused by other drivers, there is still an issue of slowing down all other traffic. If you just slow down entire highway by 1mph by your driving, then that alone would by sufficient to attribute road carnage element I mentioned.
How about instead, we give me police escort to clear out traffic ahead? They could also block roads ahead to reduce my chances of getting into accident. Consequently, it will be much safer for me to operate my car this way.
No? Well, I thought I should try asking anyways.
So can you please explain again why are you suggesting similar approach for making AI cars safer?
it would be better to train people to follow the same rules as the autonomous vehicles
As a representative of "people", I object to your assertion that we must change in order to enable your autonomous vehicles.
I don't disagree with what you are saying, but I think you failing to consider very simple math - that if at 60mph you can get X cars through at peak, then at 120mph you can get close to 2X cars at peak. Therefore, it follows that drivers that are not willing to speed are constantly making traffic worse, while drivers that speed only occasionally make traffic worse.
I imagine a lot of traffic would go away if we set all highways to 80mph without drastically increasing road kill ratio.