Forgot your password?
typodupeerror

Comment: Re:But... But... Why? (Score 4, Informative) 133

by Annirak (#43524309) Attached to: Wikipedia Moved To MariaDB 5.5

RTFA.

For the last several years, we’ve been operating the Facebook fork of MySQL 5.1 with most of our production environment running a build of r3753. We’ve been pleased with its performance; Facebook’s MySQL team contains some of the finest database engineers in the industry and they’ve done much to advance the open source MySQL ecosystem.
That said, MariaDB’s optimizer enhancements, the feature set of Percona’s XtraDB (many overlap with the Facebook patch, but I particularly like add-ons such as the ability to save the buffer pool LRU list, avoiding costly warmups on new servers), and of Oracle’s MySQL 5.5 provide compelling reasons to consider upgrading. Equally important, as supporters of the free culture movement, the Wikimedia Foundation strongly prefers free software projects; that includes a preference for projects without bifurcated code bases between differently licensed free and enterprise editions. We welcome and support the MariaDB Foundation as a not-for-profit steward of the free and open MySQL related database community.

It's part performance and part philosophical. Given that wikipedia is a strongly philosophical enterprise, this seems reasonable.

Comment: Re:That title has quite a spin on it. (Score 4, Informative) 170

by Annirak (#43523915) Attached to: RCMP Says Terror Plot Against Canadian Trains Thwarted

That's not what it says. The article says this:

Toronto Imam Yusuf Badat, of the Islamic Foundation of Toronto, told CBC's Evan Solomon that RCMP officers said they received tips from the Muslim community that led to the arrests.

This is not the same as:

A few men, in the Mosque that they went to, heard about the plan and reported it to the RCMP.

Comment: Re:Tyranny of Age (Score 1) 196

by Annirak (#43246705) Attached to: Google Reportedly Making a Smartwatch, Too

Watches have some kind of an allure, much like fountain pens. Just take a look at the Tread 1. It's a beautiful watch and I want one, but I can't have one because it's $20,000. Some people like Rolex's too. Personally, I don't get that one, but that's fine.

If you have a smartphone, you surely must have had at least on occasion where it alerts, but it's awkward to get at it. You'll fish it out if it's important, but you'd like to know if it's important before you do that. For me, this has happened in a few ways: 1) it's raining and I'm outside. 2) it's winter, and the phone is in my pants pocket, which my coat covers. Finding out what the alert was requires removing a glove, and fishing it out of my pocket. 3) I'm in a meeting.

There's another use-case: Suppose you have bluetooth headphones. If you also have a smart-watch, you don't need to get out the smartphone to: 1) see who is calling and/or answer a call. 2) check which track is playing. 3) read a text message or email. 4) skip tracks, adjust volume...
The list goes on. Some of these functions are also covered by the bluetooth headphones, but not all.

Is it necessary for the smartphone to fulfill its purpose? Absolutely not. Can it be convenient to have a tiny UI strapped to your wrist? Absolutely.

Comment: Re:Decent books are worth more; your book was junk (Score 2) 96

by Annirak (#43244671) Attached to: CS Faculty and Students To Write a Creative Commons C++ Textbook

K&R ANSI C is the only usable C reference. If you have a prof require a book other than K&R for a C course, you need to file a complaint with your CS dean, alleging incompetence.

C++, on the other hand, doesn't seem to have a similar significant tome. I tried reading Stroustrop... it's just not the same. There's also the problem that while C is effectively a static language now, C++ is evolving constantly. (See c++0x, c++11)

In addition, many of the C++ concepts are libraries, rather than the actual language syntax, e.g. use of the STL or other container classes to prevent rewriting commonly used containers is almost as important as being able to write said containers if you need them.

Comment: Re:Why does 3d printing matter (Score 4, Interesting) 404

by Annirak (#43235131) Attached to: Digging Into the Legal Status of 3-D Printed Guns

I just don't see how it matter what tech made the gun parts

Legally, it shouldn't matter. Practically, 3D printing has big implications for gun right/gun control.

I disagree. It took me a while to put my finger on it, but I finally worked it out. 3D printing is not a revolution, it's just popular. You can put a CNC mill together for between 1.5x and 2x the price of a hobbyist 3D printer. It will work with metal and it will produce a smoother and more accurate final product. Why is 3D printing being singled out when CNC mills are a much more viable problem?

3D printing changes the world so that making a gun no longer requires specialized equipment nor specialized skills. So from the gun-control point of view, there is a real risk of guns being made in secret, in a decentralized way that is hard to detect, and being trafficked outside the existing system of licensed dealers and background checks. So the old framework of gun-control laws won't work. A would-be criminal who can easily make his own gun neatly evades the whole system.

This simply isn't true. Home CNC has been around for over a decade, in the $2000-$10,000 range. The more DIY you want to get, the lower it goes. The software is open source (LinuxCNC) and the electronics are simple.

There big question is, what will replace the old legal model? There are many possible things the legislature could try, from giving up on gun control (unlikely) to trying to regulate the plans for gun parts (impractical, as we know from file sharing) to trying to clamp down on the printers themselves (scary).

This is a good question. The problem, though, is that the ship has sailed on controlling the printers. There are so many plans available from so many people (see file sharing) and the printers themselves are cobbled together from hobby electronics and parts you can buy at Home Depot.

This is how the tech used to make the gun parts matters.

You may be right that someone in government will try and crack down on the printers themselves (Think of the children!), but it won't be long after that happens that someone with a CNC mill starts producing "controlled" items. The technology used is irrelevant.

Comment: Re:Tick the box exercise for auditors (Score 4, Insightful) 284

by Annirak (#43222751) Attached to: Schneier: Security Awareness Training 'a Waste of Time'

Yes, I do. The problem is that passwords are fundamentally broken. They are broken in several ways.

1) The password must be hard to guess. This, generally, makes it hard to remember.
2) Many implementations restrict the number of characters that I can use for a password. This is downright stupid, as it prevents xkcd/936 compliance.
3) Every service which uses a password must have a different password to prevent password reuse attacks. This exacerbates 1).
4) I need a way to recover the password if I lose it. This exposes a secondary attack vector on my password.
5) There needs to be a guarantee that the password will never be transmitted or stored unencrypted.

OAuth fixes 3) and mitigates 5) and 2).
Two-factor authentication fixes 1): guessing my password can be easy provided that attacks on my service provider are slow and that I can report my token lost/stolen in time several orders of magnitude lower than the time required to guess the whole solution space.
Biometrics can be used to mitigate 1) and 4), but they expose additional flaws, such as lack of revocation. If someone ever gets your fingerprint, they have access to all your fingerprint secured data/possessions, unless they are additionally secured by something else.

Using most OAuth vendors, however, exposes an additional security hole: tracking by the OAuth vendor (see Google, Facebook privacy concerns).

Ultimately, it seems to me that the solution is probably private OAuth vendors with support for smartphone-based secure keys. The problem is getting service providers, such as banks, to implement OAuth via a username + domain (OAuth vendor) + token approach.

This should allow users to choose their OAuth vendor, thereby allowing flexibility in the market when a particular OAuth vendor does Bad Things with users' data. This makes the required password complexity minimal. If the engine which processes the token and password were rolled into a secure smartphone application and transmitted to the OAuth vendor via a back-channel, it would also prevent password scraping.

Comment: What about mitochondrial DNA? (Score 5, Interesting) 154

by Annirak (#43202607) Attached to: "Lazarus Project" Clones Extinct Frog

This is the thing I still don't get about cloning extinct species. The mitochondria are also part of the organism, but they don't seem seem to ever get taken into account when there is talk of cloning. If you take the mitochondria from one species and the nuclear DNA from another species, what do you get? You could easily argue that you get a sort of hybrid species, which is not quite the same as either parent species.

Comment: Re:Why stop there ? (Score 2) 401

For Security!

No, I'm serious. Vague handwaving about "security" seems to make all kinds of human rights abuses "okay." So UEFI secure boot is clearly good for everyone. I mean, it has "secure" right in the name! That must make it good! We should all thank Microsoft for making our BIOS's "secure"! After all, once the BIOS is "secure," we can use it to make the whole system secure! Right? Right....?

Microsoft can get away with UEFI Secureboot right now because it's for security. But it happens to coincide with a move in the industry away from PC's as PCs. People are buying tablets as entertainment devices (you still can't do real work on them) instead of PCs. I don't think that the anti-trust courts are really going to pay much attention to this one.

Comment: Re:What is the point? (Score 1) 141

by Annirak (#43090909) Attached to: Seagate's New SSHD Hybrids Have Dual-Mode Flash Caches

Bonus: All your data will be cached, not only what's on the SSD (OS + core programs). That includes the games you have installed on the HDD. (When you have a 120 GB SSD +1 TB HDD setup you typically do not install games on the SSD.)

All this is true, but it ignores SSD-caching solutions, such as Intel SRT. In that case, you get the same deal as the hybrid hdd, but instead of an 8GB cache, you get a cache the size of an SSD. However, this does not mean that you get the reliability benefits for SLC+MLC. If you really want the SSD-caching solution, you should look for a SLC SSD, which is even more expensive.

Comment: Re:Anyone who doesn't like electric cars (Score 2) 609

by Annirak (#42907917) Attached to: NY Times' Broder Responds To Tesla's Elon Musk

The Chevy Volt is a series hybrid. It's the same idea as a diesel-electric. You run an engine to run a generator to run a motor. That may sound wasteful, but the conversion losses are low (~5%/conversion) and (in heavy machinery, at least) you do away with gear boxes, which is a big win, and you get the engine running on the Atkinson cycle, which is a big efficiency win.

The new thing for the Chevy Volt is to throw a battery in the mix to get you regenerative braking (another big win).

So while the Chevy Volt is partially an EV, it's no more so than a plug-in Prius. It's a plug-in series Hybrid.

Not that this is a bad thing, but the question to ask is whether it's a better idea to put in a gas tank, engine, and generator, or to put in a bigger battery. It's an awful lot of weight to carry around for a "backup."

If it's speed of charge you're concerned about, check out Project Better Place. Their model is swappable batteries. A full "recharge" takes under 60s.

What the scientists have in their briefcases is terrifying. -- Nikita Khruschev

Working...