2 spam/day? I consider something very very broken with gmail if two spam messages per month hit my inbox - across all of my Google accounts.
Don't get me wrong - props for building something useful, and even more props for open sourcing it. But objectively, the collective knowledge of Google's engineers combined with the sheer volume of email they can analyze is going to produce a far more accurate tool than any single person could ever hope to produce. I also despise email interfaces that aren't gmail, although that's obviously a matter of taste (I'd put using Outlook just over fellating a goat on the list of things I want to avoid)
That's because they want to have your full attention during takeoff and landing, not because of radio interference. You know, using fear as the default instead of a perfectly valid explanation that people will probably be happy to comply with.
That also varies by airline. I fly Virgin America all the time and they're quite happy with airplane mode; Continental and United have given me similar experiences. Policy != science.
Although to back the point you're trying to make - airplane mode is a software-based control and software has bugs. It also explicitly allows you to turn WiFi back *on* (at least on the iPhone); it just disables cellular and, I believe, GPS. So yeah, don't use it as a means to prevent hackers from accessing your phone.
This is a possible approach; it has a potential drawback though. The phone cannot get e-mail in the background before the user types in their PIN, then.
Sure it can - store the PIN (or whatever key the PIN is transformed into) in memory after its first entered. The file is still stored encrypted, but the device can decrypt the relevant information once authentication has taken place the first time after booting. This is only relevant for polling-based solutions anyway; I believe most of the Exchange-based push services do some sort of long-running connection over a secure socket (I have done no research on that and could be completely wrong; and regardless it would still need a similar mechanism to reauthenticate if the connection drops)
Also, PINs on a phone are likely to be simple, often numeric codes.
And if you use a short PIN or passcode, you're trading security for convenience. That's why you transform it with some sort of obscure one-way algorithm to get a stronger key and use that. Hard to decrypt the raw file if you get access to it, and you can still use software-based lockouts (lock device for ten minutes after five failed attempts, wipe after ten, etc.) to increase security further. Not foolproof but that's the nature of the business. If you're that scared about someone accessing your email if your phone is lost, don't put your email on your phone.
China is going through the same thing we more or less fixed about... six or seven years ago. Websites are coded to IE6 because everyone uses IE6, and everyone uses IE6 because that's the only thing that will render these websites "correctly".
Between that and the Great Firewall, China might as well be considered as having its own version of the Internet.
PCI needs to be clarified and enforced properly. If you've read the spec (I have), you'd realize how utterly vague parts of it are, and pointless other parts are. There are some perfectly valid things in there that should be second nature to anyone but never hurts to have on a checklist (run firewalls, do not use default passwords on your software, etc.), some things that are good to have (unless there's a business requirement to do so such as in an admin panel, do not display more than bin+last4 of card), and other parts that are so unclear as to be completely pointless - namely almost everything regarding actual data storage.
Obviously Citi screwed up here, since even the PCI non-spec around access controls covers altering the querystring to get different account info and performing no checks based on the authenticated user's ability to view that card data.
The real issue is that even the spirit (never mind the letter) of the PCI spec is almost pointless. It's something that's part of working with the credit card networks, not any sort of federal mandate. Basically if you're out of spec, it gives Visa and Mastercard valid grounds to cut off your ability to issue and/or process payments over their network. So if Citi fails an audit, it just means they must take a badge off their site. There's no requirement that they get shut off, and given the amount of volume they do it's a certainty that they would not.
I was just thinking... 10000 scents, and yet you'll always be replacing the entire block of nearly full cartridges (like those tri-color inkjets) because it ran out of fart/BO/feces/urine.
I don't disagree - but by not paying taxes, you're supporting someone else's terrorists* (by not supporting some group of anti-terrorists). Another one you can't win. Of course that's a bullshit argument, but you can count on some politician using it to really hit someone extra hard for tax evasion.
To be fair, it's hardly PHP's fault that the shared library's implementation was broken. The primary benefits of using a library (not reinventing the wheel, wisdom of many, etc.) are generally outweighed by occasionally inheriting one of their bugs. Especially since you also inherit their bugfixes. While the core PHP team is actually quite well accomplished at security (even if PHP enables any idiot to make insecure sites by virtue of being easy to learn), I'd still rather them use widely adopted libraries than come up with their own implementation.
Have a setting in the tools that call it to use the legacy/broken implementation, and enable it by default in the next patch. See: MySQL old passwords. Or some sort of option that you can set on the function, similar idea.
The better but less compatible way is to put a huge warning on the patch, telling people that if the password doesn't match, check again with the USE_BROKEN_BLOWFISH_IMPLEMENTATION flag passed into the function and if that matches, update your data with the good hash and continue on as normal. That will inevitably piss off a lot of people on shared hosting and/or unmaintained applications but from a security standpoint it's the better option.
Employers make a lot of (often invalid) assumptions based around that kind of thing. You know, like that employees will be useless on Monday until 2pm because of the hangovers, etc. Or less severely, maybe it just indicates a poor cultural fit (or a great one - there's no reason these photos can't work in your favor)
I'm sure it's not terribly mobile-friendly nor is it organized particularly well, but the information is out there. They should publish this data over some sort of API so we can make it presentable (whether as an app, a mobile site, or a stack of printouts), but unfortunately I can't fault them for not providing the data at all.
The piece about getting info on the Senator's stance on various issues is interesting. They should digitize that and then replace all of these guys with a small shell script.
Yes indeed - that's probably one of its finer points. Minimum wage is designed to prevent workers from being abused, not to allow them to live happy, comfortable lifestyles while doing unskilled menial tasks. Plenty of minimum wage jobs hardly even need human involvement (such as answering questions that would take three seconds on google to research)
Depends where you want a job. If you're applying to a startup or other smaller company that doesn't likely have tech-ignorant gatekeepers, it's very unlikely to make a difference. I hardly glance at degrees or schools when checking out an applicant. Github and other open source repos are my primary screening tool, generally followed by relevant work experience, websites you've created, and recent technical blog posts - in that order. A solid intro from a trusted source tends to trump all of those. Even a Stanford or MIT degree is almost irrelevant to me, and anything else is nothing more than idle chit-chat.
However if you're trying to get past the HR gatekeeper (which tends to be an issue that scales proportionally with the size of the company), sometimes you simply have to have one. But again, knowing someone really helps.
There's really never been any problem. I need to do business flights many times a year and I usually fly with Emirates (United Arab Airlines). The first class private suites are truly awesome and come with your own minibar, adjustable ambient lighting, big tv and lots of movies and a la carte menu. Drinks are free too and theres showers and spa. I have no idea why anyone would fly with American Airlines when you can have service like that.
Not everyone can get away with expensing an $19,000+ flight. Hell, the one time I flew first (it was the only opening available) at "only" ~5x the standard coach rate... yes, it was nice, but certainly not nice enough to justify the increase in price. 2-2.5x, maybe, but for the rest of the world without insane expense accounts, we'll just buy a new car instead.
Yes, it's actually that much for a JFK-Dubai roundtrip (for the random days I picked in late June).
I've been asked the same. It's not because of signal interference (despite what they will claim), but because the flight attendants want to be able to easily get your attention during takeoff and landing if it becomes necessary. Of course the noise canceling drowns out engines wonderfully while it tends to allow speech through quite well so it probably would have *helped* them get my attention, but they have no way of knowing that.
What do you mean raytracing doesn't match the way light works in the real world? It's an exact reproduction of the real world. Light is emitted from things and enters your retina, and interacts with whatever's in between you and the light source. The only difference is that computers are working from your eye going forward, instead of the light source working back to your eye. It's still straight lines, reflection, refraction, and changes that occur along the way.
Your second point is valid (for now), but that's a technology problem that WILL be solved with time. Chips will still get faster.
No, I'm pretty sure this is a matter of "pics or it didn't happen".
And that's a very fair viewpoint, all things considered. The White House calls a press conference, says they did something they've been trying to do for nearly a decade, and provides no evidence whatsoever that they actually did. I'm inherently distrustful of anything the government says or does, but you don't need to be a conspiracy theorist to be skeptical on this one. Hell, at least with the moon landing, people saw a rocket go up.
Don't mistake scope creep for planning ahead. Maybe the spec only calls for a user-facing feature, but a good developer can recognize that it also needs a place in the admin panel or else that same developer is going to spend the next six months manually editing rows in the database because the support team can no longer do their jobs. Some may consider that scope creep*, I consider that not shooting yourself in the foot, and it's something I hugely value when interviewing people.
* Strictly speaking, they're not wrong. But smart coders will actually think about what the spec is trying to accomplish and realize that it's incomplete. It's the difference between blindly implementing feature requests and actually understanding what people are trying to do and solving the real problem.
Sounds like an interfacing problem... There's no need for two pieces of technology to interact in a way designed for humans - think acoustic coupler modems. Should a robot ever need to drive a car (unlikely as the car would probably be self driving by that time) it should just plug into a network or service port, or even some sort of Bluetooth interface, not use the pedals and steering wheel.
This is why we need proper engineers coming up with new technology. They try to solve the actual problem, rather than just implementing some weird hack because some guy said product X should have feature Y.
Slashdot Mirror
2 spam/day? I consider something very very broken with gmail if two spam messages per month hit my inbox - across all of my Google accounts.
Don't get me wrong - props for building something useful, and even more props for open sourcing it. But objectively, the collective knowledge of Google's engineers combined with the sheer volume of email they can analyze is going to produce a far more accurate tool than any single person could ever hope to produce. I also despise email interfaces that aren't gmail, although that's obviously a matter of taste (I'd put using Outlook just over fellating a goat on the list of things I want to avoid)
That's because they want to have your full attention during takeoff and landing, not because of radio interference. You know, using fear as the default instead of a perfectly valid explanation that people will probably be happy to comply with.
That also varies by airline. I fly Virgin America all the time and they're quite happy with airplane mode; Continental and United have given me similar experiences. Policy != science.
Although to back the point you're trying to make - airplane mode is a software-based control and software has bugs. It also explicitly allows you to turn WiFi back *on* (at least on the iPhone); it just disables cellular and, I believe, GPS. So yeah, don't use it as a means to prevent hackers from accessing your phone.
This is a possible approach; it has a potential drawback though. The phone cannot get e-mail in the background before the user types in their PIN, then.
Sure it can - store the PIN (or whatever key the PIN is transformed into) in memory after its first entered. The file is still stored encrypted, but the device can decrypt the relevant information once authentication has taken place the first time after booting. This is only relevant for polling-based solutions anyway; I believe most of the Exchange-based push services do some sort of long-running connection over a secure socket (I have done no research on that and could be completely wrong; and regardless it would still need a similar mechanism to reauthenticate if the connection drops)
Also, PINs on a phone are likely to be simple, often numeric codes.
And if you use a short PIN or passcode, you're trading security for convenience. That's why you transform it with some sort of obscure one-way algorithm to get a stronger key and use that. Hard to decrypt the raw file if you get access to it, and you can still use software-based lockouts (lock device for ten minutes after five failed attempts, wipe after ten, etc.) to increase security further. Not foolproof but that's the nature of the business. If you're that scared about someone accessing your email if your phone is lost, don't put your email on your phone.
Updates. Web apps always run at the latest version, desktop apps do not.
China is going through the same thing we more or less fixed about... six or seven years ago. Websites are coded to IE6 because everyone uses IE6, and everyone uses IE6 because that's the only thing that will render these websites "correctly".
Between that and the Great Firewall, China might as well be considered as having its own version of the Internet.
PCI needs to be clarified and enforced properly. If you've read the spec (I have), you'd realize how utterly vague parts of it are, and pointless other parts are. There are some perfectly valid things in there that should be second nature to anyone but never hurts to have on a checklist (run firewalls, do not use default passwords on your software, etc.), some things that are good to have (unless there's a business requirement to do so such as in an admin panel, do not display more than bin+last4 of card), and other parts that are so unclear as to be completely pointless - namely almost everything regarding actual data storage.
Obviously Citi screwed up here, since even the PCI non-spec around access controls covers altering the querystring to get different account info and performing no checks based on the authenticated user's ability to view that card data.
The real issue is that even the spirit (never mind the letter) of the PCI spec is almost pointless. It's something that's part of working with the credit card networks, not any sort of federal mandate. Basically if you're out of spec, it gives Visa and Mastercard valid grounds to cut off your ability to issue and/or process payments over their network. So if Citi fails an audit, it just means they must take a badge off their site. There's no requirement that they get shut off, and given the amount of volume they do it's a certainty that they would not.
I was just thinking... 10000 scents, and yet you'll always be replacing the entire block of nearly full cartridges (like those tri-color inkjets) because it ran out of fart/BO/feces/urine.
I don't disagree - but by not paying taxes, you're supporting someone else's terrorists* (by not supporting some group of anti-terrorists). Another one you can't win. Of course that's a bullshit argument, but you can count on some politician using it to really hit someone extra hard for tax evasion.
To be fair, it's hardly PHP's fault that the shared library's implementation was broken. The primary benefits of using a library (not reinventing the wheel, wisdom of many, etc.) are generally outweighed by occasionally inheriting one of their bugs. Especially since you also inherit their bugfixes. While the core PHP team is actually quite well accomplished at security (even if PHP enables any idiot to make insecure sites by virtue of being easy to learn), I'd still rather them use widely adopted libraries than come up with their own implementation.
Have a setting in the tools that call it to use the legacy/broken implementation, and enable it by default in the next patch. See: MySQL old passwords. Or some sort of option that you can set on the function, similar idea.
The better but less compatible way is to put a huge warning on the patch, telling people that if the password doesn't match, check again with the USE_BROKEN_BLOWFISH_IMPLEMENTATION flag passed into the function and if that matches, update your data with the good hash and continue on as normal. That will inevitably piss off a lot of people on shared hosting and/or unmaintained applications but from a security standpoint it's the better option.
Employers make a lot of (often invalid) assumptions based around that kind of thing. You know, like that employees will be useless on Monday until 2pm because of the hangovers, etc. Or less severely, maybe it just indicates a poor cultural fit (or a great one - there's no reason these photos can't work in your favor)
http://www.senate.gov/general/contact_information/senators_cfm.cfm
http://www.senate.gov/legislative/LIS/roll_call_lists/roll_call_vote_cfm.cfm?congress=112&session=1&vote=00089
I'm sure it's not terribly mobile-friendly nor is it organized particularly well, but the information is out there. They should publish this data over some sort of API so we can make it presentable (whether as an app, a mobile site, or a stack of printouts), but unfortunately I can't fault them for not providing the data at all.
The piece about getting info on the Senator's stance on various issues is interesting. They should digitize that and then replace all of these guys with a small shell script.
s/fined/arrested/g
Seriously. That is criminal negligence.
Or butterflies if you've got far more patience than I.
Yes indeed - that's probably one of its finer points. Minimum wage is designed to prevent workers from being abused, not to allow them to live happy, comfortable lifestyles while doing unskilled menial tasks. Plenty of minimum wage jobs hardly even need human involvement (such as answering questions that would take three seconds on google to research)
Depends where you want a job. If you're applying to a startup or other smaller company that doesn't likely have tech-ignorant gatekeepers, it's very unlikely to make a difference. I hardly glance at degrees or schools when checking out an applicant. Github and other open source repos are my primary screening tool, generally followed by relevant work experience, websites you've created, and recent technical blog posts - in that order. A solid intro from a trusted source tends to trump all of those. Even a Stanford or MIT degree is almost irrelevant to me, and anything else is nothing more than idle chit-chat.
However if you're trying to get past the HR gatekeeper (which tends to be an issue that scales proportionally with the size of the company), sometimes you simply have to have one. But again, knowing someone really helps.
There's really never been any problem. I need to do business flights many times a year and I usually fly with Emirates (United Arab Airlines). The first class private suites are truly awesome and come with your own minibar, adjustable ambient lighting, big tv and lots of movies and a la carte menu. Drinks are free too and theres showers and spa. I have no idea why anyone would fly with American Airlines when you can have service like that.
Not everyone can get away with expensing an $19,000+ flight. Hell, the one time I flew first (it was the only opening available) at "only" ~5x the standard coach rate... yes, it was nice, but certainly not nice enough to justify the increase in price. 2-2.5x, maybe, but for the rest of the world without insane expense accounts, we'll just buy a new car instead.
Yes, it's actually that much for a JFK-Dubai roundtrip (for the random days I picked in late June).
I've been asked the same. It's not because of signal interference (despite what they will claim), but because the flight attendants want to be able to easily get your attention during takeoff and landing if it becomes necessary. Of course the noise canceling drowns out engines wonderfully while it tends to allow speech through quite well so it probably would have *helped* them get my attention, but they have no way of knowing that.
What do you mean raytracing doesn't match the way light works in the real world? It's an exact reproduction of the real world. Light is emitted from things and enters your retina, and interacts with whatever's in between you and the light source. The only difference is that computers are working from your eye going forward, instead of the light source working back to your eye. It's still straight lines, reflection, refraction, and changes that occur along the way.
Your second point is valid (for now), but that's a technology problem that WILL be solved with time. Chips will still get faster.
That's a feature - if it's password protected, you're best off not doing it while intoxicated.
A judge can make someone convicted. Only that person can make himself guilty.
2% * all cars on the road is still a pretty substancial impact.
No, I'm pretty sure this is a matter of "pics or it didn't happen".
And that's a very fair viewpoint, all things considered. The White House calls a press conference, says they did something they've been trying to do for nearly a decade, and provides no evidence whatsoever that they actually did. I'm inherently distrustful of anything the government says or does, but you don't need to be a conspiracy theorist to be skeptical on this one. Hell, at least with the moon landing, people saw a rocket go up.
Props to the AP.
Don't mistake scope creep for planning ahead. Maybe the spec only calls for a user-facing feature, but a good developer can recognize that it also needs a place in the admin panel or else that same developer is going to spend the next six months manually editing rows in the database because the support team can no longer do their jobs. Some may consider that scope creep*, I consider that not shooting yourself in the foot, and it's something I hugely value when interviewing people.
* Strictly speaking, they're not wrong. But smart coders will actually think about what the spec is trying to accomplish and realize that it's incomplete. It's the difference between blindly implementing feature requests and actually understanding what people are trying to do and solving the real problem.
Sounds like an interfacing problem... There's no need for two pieces of technology to interact in a way designed for humans - think acoustic coupler modems. Should a robot ever need to drive a car (unlikely as the car would probably be self driving by that time) it should just plug into a network or service port, or even some sort of Bluetooth interface, not use the pedals and steering wheel.
This is why we need proper engineers coming up with new technology. They try to solve the actual problem, rather than just implementing some weird hack because some guy said product X should have feature Y.