Curious. This would seem to result in a failure every time. Without reading the code further - how could auth ever succeed? Or did it ignore the failure return code and relied on hash update results anyway?
Switching away from OpenSSL that is widely used and audited for generations of releases to homegrown crypto is a mistake on Apples part. This is most certainly not the last security flaw in their code we will see.
Funny, if you happen to be Russian and of that generation - this is pretty much how "bioplastic" drive was described in a sort-of-science-fiction book about "Neznaika in a sunny town":) Here is the relevant page: http://vseskazki.su/avtorskie-skazki/n-nosov-rasskazi/neznajka-v-solnechnom-gorode.html?start=28
Disclaimer: I am an Apple product user. I like my iPhone 5. However, I tried and could not like iOS 7 (my primary iPhone is still on 6, and I'll stick with it for as long as possible), and admittedly for a few years I felt about my iDevices about the same as anything else - they serve the purpose, annoy me sometimes, whatever. Mildly ambivalent.
At the same time, I wasn't too excited about wearable computing. Watch-like devices that came out so far seemed to be trying the form factor without actually having figured out their purpose. They were poor answers to questions no one asked.
Then Apple does this. I have no idea what specifically "this" is but admittedly a "bio-metric" angle is intriguing. I am now somewhat curious and even a little excited to see what they will develop. This may be in part because as I got older, I've got a lot more careful about maintaining my health (whatever is left of it anyway). As part of that quest, I've been through a number of dedicated health-metric devices - and virtually all of them so far came up extremely short in both functionality, usability and integration. In fact, ironically, the most used "health" device is my iPhone which I consistently use for nutrition and fitness tracking.
So - great angle from Apple. Wish I could work on that project:)
Don't confuse debit cards (that do have a PIN in US, as anywhere) and credit. The difference is crucial and in principle. With direct debit cards account holder is liable for any losses due to fraud (though banks claim they will help, by law it's the responsibility of account holder). With credit cards card issuer is liable by law for any fraudulent charges. I'll take the second option, thank you.
First, chip & pin is how Europe does not, not the "rest of the world". In my travel around Asia I haven't seen chip & pin cards or machines anywhere (anecdotal evidence it may be, but it definitely isn't universal). I got a (rare) US chip & pin card just in case for my travels a few years ago, and so far had not a single chance to use it - not even on a recent trip to Germany. In places that could "go either way" that card still fell back to signature mode (though, perhaps, that's more of an issue of how VISA presents it).
Secondly, chip & pin has one interesting issue in US market - tipping at restaurants and such places. The (imho vile) practice of inflating one's bill by 20-25% post-consumption is not particularly common in the chip & pin world. Since chip & pin transaction has to be fully concluded at pin entrance, we would have to tip at restaurants through hand-held machines brought to our table, while waiter is standing there looking on anxiously. I am guessing tip rates can then go to 50%?
So that a smug overpaid CEO of a sinking remnant of a company could not complain about employees receiving "too much money" for the healthcare for their family. Incidentally, this douche's compensation is north of 25 million dollars. That would pay for a dozen families health needs.
I am a "white guy with a job" too, about as law-abiding as anyone can get without becoming a monk - yet I absolutely do not trust police. My (albeit limited) personal experience with police, as well as what I see happening in general, suggests that by a large margin they are no less dishonest, selfish and brutal than general population. However, where general population is held in check by external factors, police have additional "special rights", whether by actual law or by precedent, that make them that much more dangerous.
May be up there in Canada things are different, but this was my experience in every location in US I lived in.
That said, I think cameras of any kind on police would be a good thing in most cases, though I suspect they will quickly learn to cope by having batteries run out just in time, or suspects need to be strip-searched every time, which *obviously* would require camera to be turned off for privacy reasons (and, don't you know it, naked suspect is probably more cooperative anyway).
In the words of Homer Simpson - "Just because I don't care doesn't mean that I don't understand".
I think the recent slashdot poll was directly tied to the redesign. Slashdot audience is getting older, the crowd is now mid-to later in their careers. I can see that - I've been a consistent reader since 1997.
So, Dice decides it is time to rejuvenate the website. I suspect that the objective is to pare down the number of crusty old coots, who block ads and otherwise freeload, and get the "hip, young" crowd that now hangs on Reddit and what not. It sounds like someone with experience in marketing had a hand in this.
The problem as I see it is that Slashdot is more of a Saab of web/news industry. You have a specific image, and a dedicated customer base. Historically, attempts at rebranding and reinventing oneself, in particular for a company with that kind of background, are generally not successful. This is particularly so when a rebranding is done in such an obvious, hamfisted way.
Dice was never a particularly web-savvy company. I've been using them as long as I've been a slashdot reader. Dice (no offense) is a poorly designed concentrator for all the spammy recruiters out there. It's a bit of a cesspool, but it serves its purpose. However, given their history and performance - it is highly unlikely they have sufficient web/social/marketing expertise to turn this site around.
Slashdot hasn't been as exciting as in the past for a while now. What it needed is fresh ideas, better ways to get involved in duscussion, *more* interactivity and possibly ability to connect among its users (I don't suggest it become a facebook, but it's has a long way to go in improving social side). Slashdot will not, in my view, benefit from gaudy pictures, "web 3.0" design and general dumbing down. You will not get the "hip crowd" and you will lose your current user base. Look at Saab for guidance.
Does the article really need to begin with ridiculous generalization? "We all talk about the Tesla Model S and Nissan Leaf as if electric cars are brand-new. In fact, electric cars were around long before you were alive, or your father, or maybe even your grandfather. It turns out...." Yes, yes - the readers on slashdot are morons, who have absolutely no idea about most basic technology. "We all" are so dumb, we think the wheel was invented yesterday. Hurr-durr...
I suspect that someone misplaced a comma:) Perhaps these values are $18.50 and $13.50 (of course then it'd have to be a decimal dot, but the developers that wrote this are probably outsourced:) ). It's difficult to understand how NS would expect this to fly under the radar (or fly at all) given the cost of similar services at other registrars. I mean, they are overpriced - but this is nuts.
There is no such thing as "patent owner". You could be "patent holder" - in that you hold it at the pleasure of the public which allows you to do so for the public good. Nice term substitution there.
While they are at it, could they please make condoms biodegradable. After plastic bags, condoms are probably one of the worst culprits in terms of emitting plastic into the ocean and nature (unlike plastic bags, condoms are often flushed down the toilet).
Loss compared to "ideal" use of bitcoin. In this case, bitcoin provides no better privacy than using a major credit card. Aside from privacy - what other objective advantages are to bitcoin compared to other payment methods?
They don't actually accept bitcoins (or quote prices in bitcoins). What they do is offer a 3rd party check-out option. At the time of check out, the amount of USD will be converted to bitcoins according to the rate quoted by 3rd party (coinbase) and buyer would have to send the quoted amount. According to FAQ, quotes are valid for 10 minutes.
This mode of payment conveniently comes with a number of restrictions, in particular any orders paid for in this manner are not refundable in either USD or bitcoin, all buyer can get back is store credit.
More importantly, I don't see what is there to gain for bitcoin users. Privacy afforded by bitcoin is lost here since buyer identity is known to at least two parties - Overstock and Coinbase.
Whoa, that's news to me. I was under impression that we had virtually no treatment, other than symptomatic support, for viral illnesses such as influenza, common cold, mononucleosis and many others. We do have immunizations that provide a small measure of protection against acquiring some of these, and public health measures (like hand washing and wearing masks in Asian countries) that slow down their spread. But once a person gets one of those viruses - all modern medicine can do is say "there-there". I just spent 3 weeks fighting off a most miserable flu (it still isn't quite gone) and all doctors could do is recommend "bed rest". I think we are overstating our disease fighting abilities here, never mind cancer.
Fortunately, halogen filled bulbs are "energy saving" enough to pass the environment police. Same form factor (though the actual halogen "bulb" is encapsulated inside), same incandescent principle, slightly more light per watt, still warm and dimmable. They do cost a pretty penny, but at least they provide the technology that does not cause me migraines (unlike both CFLs and LEDs). So - no loss here, move along.
Part of what I do is writing high performance code both in "native" and various scripting languages. I just completed yet another comparison for our product, looking for the best performing scripting language for a specific task. Lua with a "just in time" compiler came in first. It is *only* about x10 slower than native code produced by gcc with moderate optimization, when measured on variety of numeric benchmarks. It is considerably slower when dealing with strings and more complex data types, as expected. All other tested scripting engines were considerably behind. I'll admit that javascript was not tested, and promise to try it out. That said, a claim of "being only 1.5 times slower than native code" is something I haven't seen *any* non-native environment be able to achieve in the last 20 years or so.
Even though the article is also lean on the details, at least it provides the actual quote, which is:
"It relies not on large amounts of tin, black boxes, but uses open source and mechanisms on the web to store and access data,” Shiplee told MPs. When asked why he didn’t adopt this approach two and a half years ago at the start of the project, Shiplee said: “Technology is moving very rapidly, such things weren’t available as they are today.”
Ok, so "such things" - does not necessarily refer to "open source". It may (and probably does) refer to "mechanisms on the web to store and access data". Perhaps something "in the cloud", given that article does not provide sufficient detail - hard to say.
In recent years, during doctor visits about 50-80% of their time was spent looking at computer (or tablet) screen, reading, typing etc. So the time actually looking at and/or examining the patient is already a minority. Add "Google glass" - and they are not really "looking at a patient" even when they do. Great.
Bitcoin is in simple terms an "artificial gold" (or any other commodity). It has artificially imposed scarcity, some exchange value, and is not tied to an individual (not traceable, can be lost etc). If you look at it that way - it only has value so long as those using it agree it has value. At least gold has also practical uses in technology/industry and in fashion.
Don't know if it's doomed to fail, perhaps not. But I don't own any gold and for the same reason do not plan to own any bitcoin. YMMV
" One provision of the bill would earmark a classified sum of money... to help fund efforts by intelligence agencies to install new software designed to spot and track attempts to access or download secret materials without proper authorization.'"
Ok, so they will spy on those who spy on Internet users. But who will spy on them, in turn?
I've got a better "hack" for them. Buy one of these devices (I am sure they are not hard to obtain). When it arrives, update firmware - or better yet, remove internal IC board, and replace with a battery hard-wired to "green light" (or whatever method they use to flag "good currency"). Then come to the store of your choice, and with a sleight of hand replace the device they already have. Presto! Will take a lot less time than "hacking" one at the store.
Of course, if that's a "hack" - how about just taking a cash register and carrying it off?
Slashdot Mirror
Dumb. We are in for more than that. It took a decade to get OpenSSL clean with many more eyes on it.
Curious. This would seem to result in a failure every time. Without reading the code further - how could auth ever succeed? Or did it ignore the failure return code and relied on hash update results anyway?
Switching away from OpenSSL that is widely used and audited for generations of releases to homegrown crypto is a mistake on Apples part. This is most certainly not the last security flaw in their code we will see.
Funny, if you happen to be Russian and of that generation - this is pretty much how "bioplastic" drive was described in a sort-of-science-fiction book about "Neznaika in a sunny town" :) Here is the relevant page:
http://vseskazki.su/avtorskie-skazki/n-nosov-rasskazi/neznajka-v-solnechnom-gorode.html?start=28
I've been waiting for this one for a while.
Disclaimer: I am an Apple product user. I like my iPhone 5. However, I tried and could not like iOS 7 (my primary iPhone is still on 6, and I'll stick with it for as long as possible), and admittedly for a few years I felt about my iDevices about the same as anything else - they serve the purpose, annoy me sometimes, whatever. Mildly ambivalent.
At the same time, I wasn't too excited about wearable computing. Watch-like devices that came out so far seemed to be trying the form factor without actually having figured out their purpose. They were poor answers to questions no one asked.
Then Apple does this. I have no idea what specifically "this" is but admittedly a "bio-metric" angle is intriguing. I am now somewhat curious and even a little excited to see what they will develop. This may be in part because as I got older, I've got a lot more careful about maintaining my health (whatever is left of it anyway). As part of that quest, I've been through a number of dedicated health-metric devices - and virtually all of them so far came up extremely short in both functionality, usability and integration. In fact, ironically, the most used "health" device is my iPhone which I consistently use for nutrition and fitness tracking.
So - great angle from Apple. Wish I could work on that project :)
Suddenly, study abroad begins to sound ever more attractive :)
Don't confuse debit cards (that do have a PIN in US, as anywhere) and credit. The difference is crucial and in principle. With direct debit cards account holder is liable for any losses due to fraud (though banks claim they will help, by law it's the responsibility of account holder). With credit cards card issuer is liable by law for any fraudulent charges. I'll take the second option, thank you.
First, chip & pin is how Europe does not, not the "rest of the world". In my travel around Asia I haven't seen chip & pin cards or machines anywhere (anecdotal evidence it may be, but it definitely isn't universal). I got a (rare) US chip & pin card just in case for my travels a few years ago, and so far had not a single chance to use it - not even on a recent trip to Germany. In places that could "go either way" that card still fell back to signature mode (though, perhaps, that's more of an issue of how VISA presents it).
Secondly, chip & pin has one interesting issue in US market - tipping at restaurants and such places. The (imho vile) practice of inflating one's bill by 20-25% post-consumption is not particularly common in the chip & pin world. Since chip & pin transaction has to be fully concluded at pin entrance, we would have to tip at restaurants through hand-held machines brought to our table, while waiter is standing there looking on anxiously. I am guessing tip rates can then go to 50%?
So that a smug overpaid CEO of a sinking remnant of a company could not complain about employees receiving "too much money" for the healthcare for their family. Incidentally, this douche's compensation is north of 25 million dollars. That would pay for a dozen families health needs.
I am a "white guy with a job" too, about as law-abiding as anyone can get without becoming a monk - yet I absolutely do not trust police. My (albeit limited) personal experience with police, as well as what I see happening in general, suggests that by a large margin they are no less dishonest, selfish and brutal than general population. However, where general population is held in check by external factors, police have additional "special rights", whether by actual law or by precedent, that make them that much more dangerous.
May be up there in Canada things are different, but this was my experience in every location in US I lived in.
That said, I think cameras of any kind on police would be a good thing in most cases, though I suspect they will quickly learn to cope by having batteries run out just in time, or suspects need to be strip-searched every time, which *obviously* would require camera to be turned off for privacy reasons (and, don't you know it, naked suspect is probably more cooperative anyway).
In the words of Homer Simpson - "Just because I don't care doesn't mean that I don't understand".
I think the recent slashdot poll was directly tied to the redesign. Slashdot audience is getting older, the crowd is now mid-to later in their careers. I can see that - I've been a consistent reader since 1997.
So, Dice decides it is time to rejuvenate the website. I suspect that the objective is to pare down the number of crusty old coots, who block ads and otherwise freeload, and get the "hip, young" crowd that now hangs on Reddit and what not. It sounds like someone with experience in marketing had a hand in this.
The problem as I see it is that Slashdot is more of a Saab of web/news industry. You have a specific image, and a dedicated customer base. Historically, attempts at rebranding and reinventing oneself, in particular for a company with that kind of background, are generally not successful. This is particularly so when a rebranding is done in such an obvious, hamfisted way.
Dice was never a particularly web-savvy company. I've been using them as long as I've been a slashdot reader. Dice (no offense) is a poorly designed concentrator for all the spammy recruiters out there. It's a bit of a cesspool, but it serves its purpose. However, given their history and performance - it is highly unlikely they have sufficient web/social/marketing expertise to turn this site around.
Slashdot hasn't been as exciting as in the past for a while now. What it needed is fresh ideas, better ways to get involved in duscussion, *more* interactivity and possibly ability to connect among its users (I don't suggest it become a facebook, but it's has a long way to go in improving social side). Slashdot will not, in my view, benefit from gaudy pictures, "web 3.0" design and general dumbing down. You will not get the "hip crowd" and you will lose your current user base. Look at Saab for guidance.
Does the article really need to begin with ridiculous generalization?
"We all talk about the Tesla Model S and Nissan Leaf as if electric cars are brand-new. In fact, electric cars were around long before you were alive, or your father, or maybe even your grandfather. It turns out...."
Yes, yes - the readers on slashdot are morons, who have absolutely no idea about most basic technology. "We all" are so dumb, we think the wheel was invented yesterday. Hurr-durr...
I suspect that someone misplaced a comma :) Perhaps these values are $18.50 and $13.50 (of course then it'd have to be a decimal dot, but the developers that wrote this are probably outsourced :) ). It's difficult to understand how NS would expect this to fly under the radar (or fly at all) given the cost of similar services at other registrars. I mean, they are overpriced - but this is nuts.
There is no such thing as "patent owner". You could be "patent holder" - in that you hold it at the pleasure of the public which allows you to do so for the public good. Nice term substitution there.
While they are at it, could they please make condoms biodegradable. After plastic bags, condoms are probably one of the worst culprits in terms of emitting plastic into the ocean and nature (unlike plastic bags, condoms are often flushed down the toilet).
Loss compared to "ideal" use of bitcoin. In this case, bitcoin provides no better privacy than using a major credit card. Aside from privacy - what other objective advantages are to bitcoin compared to other payment methods?
They don't actually accept bitcoins (or quote prices in bitcoins). What they do is offer a 3rd party check-out option. At the time of check out, the amount of USD will be converted to bitcoins according to the rate quoted by 3rd party (coinbase) and buyer would have to send the quoted amount. According to FAQ, quotes are valid for 10 minutes.
This mode of payment conveniently comes with a number of restrictions, in particular any orders paid for in this manner are not refundable in either USD or bitcoin, all buyer can get back is store credit.
More importantly, I don't see what is there to gain for bitcoin users. Privacy afforded by bitcoin is lost here since buyer identity is known to at least two parties - Overstock and Coinbase.
Whoa, that's news to me. I was under impression that we had virtually no treatment, other than symptomatic support, for viral illnesses such as influenza, common cold, mononucleosis and many others. We do have immunizations that provide a small measure of protection against acquiring some of these, and public health measures (like hand washing and wearing masks in Asian countries) that slow down their spread. But once a person gets one of those viruses - all modern medicine can do is say "there-there". I just spent 3 weeks fighting off a most miserable flu (it still isn't quite gone) and all doctors could do is recommend "bed rest". I think we are overstating our disease fighting abilities here, never mind cancer.
Fortunately, halogen filled bulbs are "energy saving" enough to pass the environment police. Same form factor (though the actual halogen "bulb" is encapsulated inside), same incandescent principle, slightly more light per watt, still warm and dimmable. They do cost a pretty penny, but at least they provide the technology that does not cause me migraines (unlike both CFLs and LEDs). So - no loss here, move along.
Part of what I do is writing high performance code both in "native" and various scripting languages. I just completed yet another comparison for our product, looking for the best performing scripting language for a specific task. Lua with a "just in time" compiler came in first. It is *only* about x10 slower than native code produced by gcc with moderate optimization, when measured on variety of numeric benchmarks. It is considerably slower when dealing with strings and more complex data types, as expected. All other tested scripting engines were considerably behind. I'll admit that javascript was not tested, and promise to try it out. That said, a claim of "being only 1.5 times slower than native code" is something I haven't seen *any* non-native environment be able to achieve in the last 20 years or so.
We interrupt this program to bring you an important update: typing all day on the keyboard makes you type faster. Report at 11.
Even though the article is also lean on the details, at least it provides the actual quote, which is:
"It relies not on large amounts of tin, black boxes, but uses open source and mechanisms on the web to store and access data,” Shiplee told MPs. When asked why he didn’t adopt this approach two and a half years ago at the start of the project, Shiplee said: “Technology is moving very rapidly, such things weren’t available as they are today.”
Ok, so "such things" - does not necessarily refer to "open source". It may (and probably does) refer to "mechanisms on the web to store and access data". Perhaps something "in the cloud", given that article does not provide sufficient detail - hard to say.
In recent years, during doctor visits about 50-80% of their time was spent looking at computer (or tablet) screen, reading, typing etc. So the time actually looking at and/or examining the patient is already a minority. Add "Google glass" - and they are not really "looking at a patient" even when they do. Great.
Bitcoin is in simple terms an "artificial gold" (or any other commodity). It has artificially imposed scarcity, some exchange value, and is not tied to an individual (not traceable, can be lost etc). If you look at it that way - it only has value so long as those using it agree it has value. At least gold has also practical uses in technology/industry and in fashion.
Don't know if it's doomed to fail, perhaps not. But I don't own any gold and for the same reason do not plan to own any bitcoin. YMMV
" One provision of the bill would earmark a classified sum of money ... to help fund efforts by intelligence agencies to install new software designed to spot and track attempts to access or download secret materials without proper authorization.'"
Ok, so they will spy on those who spy on Internet users. But who will spy on them, in turn?
I've got a better "hack" for them. Buy one of these devices (I am sure they are not hard to obtain). When it arrives, update firmware - or better yet, remove internal IC board, and replace with a battery hard-wired to "green light" (or whatever method they use to flag "good currency"). Then come to the store of your choice, and with a sleight of hand replace the device they already have. Presto! Will take a lot less time than "hacking" one at the store.
Of course, if that's a "hack" - how about just taking a cash register and carrying it off?