Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:Billionaire Donors... So what?! (Score 1) 352

Have you met anyone ever at all? Sure, you're a smart cookie, but do you feel that you are average?

I don't care what your answer is, and here's why. If you don't feel average, then you are not representative of the majority of voters. If you do feel average, then you are not, by definition, smart. You are average.

Money means paying people to research every video, every quote, every statement by your opponent, and make a montage of them being dishonest, or contradictory, or in some fashion the opposite of what voters seem to want. Oh, and being able to afford to show that montage when opponents bid up the advertising rate.

It's about controlling the message, to react quickly, to have ad slots bought that you can swap out for the latest narrative. It's about having the money to compete with the other people who also have the money.

You can call it blame passing if you don't understand anything about people, or politics, or marketing, or economics, or everything that is in play.

Comment Re:I know my state rep, city council member. Wall (Score 0) 352

I get the point that you're making, but how many representatives can live near enough to their representative to be their neighbor? All 167,000 of them?

More likely is the city councilman being a relative of sorts. All 8,000 people being somehow related, somewhat less likely.

It sounds like you live in a very exclusive area, where most people don't have a chance to hob-nob. You had some sort of point, but I guess it was about how awesome it is to be connected politically, or about how much money you make to be able to afford a house where you live.

Lots of people have never met a Wall St banker. A state representative in New York maybe, but otherwise, what's your point? City councilman anywhere other than the 5 largest cities? Not likely.

I can't even start to explain how stupid your comment is, how unrelatable to anyone else completely at all.

Comment Re:You're making it more complex than it is (Score 2) 84

Also, the correlating behind the scenes that happens when you access multiple websites that use either a CDN or something like ajax.google.com

Everyone hosting their JQuery on Google's servers basically allow Google to correlate visits, and build up a picture of which websites you visit. Combine that with direct access to GMail, Youtube, or Google searches, and they pretty much know what you do at least half the time on the internet.

You're going to have to wipe everything, including your IP address, in order to avoid the kind of correlation that Google does, or Verizon and AOL, or any number of big data providers.

Visit one website, no multitasking, torch everything, and start over. Best done via proxy. One that allocates IP addresses randomly. And switch proxies every time you visit another website.

Or, block everything and only visit bookmarks and don't allow JavaScript and never give any information and... yeah, there's a whole lot more behind the scenes that does not involve delivering information to your browser as the delivery mechanism.

Comment Re:These ARE the Auth Cookies you are looking for (Score 2) 41

That page does not list these two cookies:


It's clearly ASP.NET, and WebForms. The dump is the Request.ServerVariables collection, and if you need to debug issues it's fairly standard. If you need to put it in production code, though, you always put it on a server that your load balancer will skip, because that should not be seen, at all, by anyone.

But how would you get someone else's session? It's impossible.

Scott Hanselman has one suggestion as to how it might happen, and it's 100% code errors.

There's a comment there "You just found the famous TLS bug :)" So maybe not impossible. Windows uses Thread Local Storage to store things like static variables. The thread handling the request might change, and ASP.NET properly sets the .NET Thread data (and HttpContext data for MVC applications) every time it processes an event so it should all line up. But, static variables are thread-locked, so they can transfer between request handlers. That's the TLS Bug referenced there. It is possible to access someone else's session data if it is stored in TLS (static variable is one possibility).

So, this is not "a lot of crying over nothing" - it could be very serious. Having said all of that, it is very unlikely that you would see someone else's information consistently with that bug - it might show up once and go away.

Two weeks after I initially found this critical vulnerability, I took the time to find a way to report it to them (on August 26).

HTTP_SOPSESMTTS = 2015-08-26-
HTTP_SOPTID = 2015-08-26-

If this were replay data for load tests or unit tests, it's unlikely that the dates would be the same as when it was reported. The user admits altering some of the data, so we can't draw concrete conclusions there.

A security professional wouldn't draw attention to *possible* leakage of Basic Auth, because that's really unlikely at the SSL interface behind a username/password login. At least a knowledgeable one, I think.

If the IP address were a load balancer, the User agent should have matched what the user expected. Dynamic content hosted by a CDN/edge provider? If the data changed, it's probably dynamic. So, what is the conclusion?

I don't know, but it doesn't sound like something that can be dismissed so nonchalantly. If users were getting each others' sessions, we would likely have heard about it, since it happened for two weeks. That's the only thing I can conclude, but that supposes that the news would have made it to international press.

Comment Re:Big Whoop (Score 1) 328

Is Apple a competitor? Just barely. Omit Sun because they are stupid. And IBM sold to Lenovo in 2005.

Apple sells hardware? Sure. HP, Dell, and IBM sold consumer hardware featuring Microsoft operating systems to consumers, and Apple didn't.

HP, Dell, and IBM sold commodity computers with little margin. Apple sold premium software on commodity hardware, with better margins and limited variability in hardware, limiting the cost of development and testing.

Apple is not something you want to include in a comparison unless you are an ignorant fool. Not just ignorant, and not just a fool.

Comment Re:Seriously, comparing to Sun? (Score 1) 328

So ignore Sun, they are obviously on the bottom of the chart anyway. HP was on the bottom briefly for about 4 months, and if you exclude Sun, was on the bottom but trending upwards when Fiorina left.

The trend lines are essentially the same, especially if you exclude Sun.

So...... I guess your point is I'm basically right? Or did someone miss the chance to mod you "funny but irrelevant"?

Comment Re:Big Whoop (Score 1) 328

I compared their competitors. You propose unrelated companies. That's a shoddy argument.

HP and its competitors suffered basically the same problems, and had the same results. At this point, I'm going to point out that, as I said, the Compaq deal was stupid, and HP still managed to be in the range of its competitors. Meaning that perhaps Carly The Stupid managed to pull off something fairly amazing.

Now I feel dirty, having said that. You have the responsibility to explain why we should compare random tech companies instead of direct competitors.

Comment Re:Who? (Score 1) 688

Sarah seems rather talented, considering she (apparently) wrote and maintained the USB 3.0 code for Linux. And Matthew seems okay, having been awarded the 2013 FSF Free Software Award.

But the news here: A PNW Millennial and a Feminist do not agree with someone who is the architect of a giant, massively adopted project, and who has no time nor inclination to mentor people. It's going to be great in the next 5-10 years as the coddled Millennials meet the kind of international attitude where being overly polite is rude because it wastes time (German specifically, confirmed).

The Sarah Sharp thread shows her as a typical Social Justice Warrior who flies off the handle incomprehensibly. If she is a typical woman who saves everything up until it boils over (sorry for generalizing based on every woman I've ever met, minus two who do not fit the stereotype, but bear with me) then she may have a point that we just don't see in print. But we don't see it in print.

As for Matthew, This shows the reasoning behind Linus not adopting BSD style securelevels. Not that he refuses to listen - he clearly understands the limitations, and explained how he would accept an implementation of securelevels. In 1998.

And is it just a coincidence that he decided to fork after Sarah quit, and references that in his blog post? It doesn't matter, he's arguing a 17 year old point, and Linus has already said how he would accept the code.

For example, I would personally never be interested in using the BSD kind
of securelevels: by design the BSD securelevels would prevent me from
doing exactly the kinds of things I need to do (ie install a new kernel
and reboot, which is a very obvious security risk).
In short, to me the BSD securelevels are completely useless. Why should I
support them, when there is something that is a _superset_ of the BSD
behaviour, that I could actually find useful (ie I might well want to
limit some people from doing specific things).
Read my email again - I specifically said that if you want the bsd
behaviour you can get it with the per-process-bitmap approach. I don't
want to (I _cannot_) work in that kind of fascist setup, but it certainly
works well enough.


Matthew characterized is this way:

... having to deal with interminable arguments over the naming of an interface because Linus has an undying hatred of BSD securelevel, or having my name forever associated with the deepthroating of Microsoft because Linus couldn't be bothered asking questions about the reasoning behind a design before trashing it.

Is that anything like the same thing?

Sarah Sharp - Portland State University
BS, Computer Engineering
2002 â" 2007
Pacific Northwest Millennial

Matthew Garrett
".. I'm very aware of how different my life might have been if Hanna hadn't gone to the trouble of ensuring that I knew not to be a dick. "

"In October 2014, Garrett stated on his blog that he would no longer contribute Linux kernel changes relating to Intel hardware, in response to Intel pulling their ads from Gamasutra over the Gamergate controversy."

Linus Benedict Torvalds
Linus Benedict Torvalds (born December 28, 1969) is a Finnish American
He later became the chief architect of the Linux kernel

At an online chat with Finlandâ(TM)s Aalto University, Linus explained:

        "Iâ(TM)d like to be a nice person and curse less and encourage people to grow rather than telling them they are idiots. Iâ(TM)m sorry - I tried, itâ(TM)s just not in me,"

Comment Re:I don't see how this hurt HP (Score 1) 328

HP provided an installed based of iTunes users around 2005.

In comparison, Microsoft was under anti-trust monitoring until at least 2007, so there would be very little that Microsoft could do without attracting unwanted attention. "Willing to pay" maybe, but it would have at a minimum extended the monitoring. Which doesn't sound bad, unless you understand a little more about how business decisions were made during those times.

HP may not have lost anything, but it gave an awful lot to Apple when it could have gained something in exchange. To me, that's the failing. Trade for patents or tech, or something? Anything?

Comment Re:Big Whoop (Score 1) 328

Comparing HP, a single company, to the tech index, or to "other tech companies" is basically a lie in broad daylight. How about to competitors?

Oh, there it is

Compaq was a mistake, no question. The "learning from your mistakes" bullet point is more about acknowledging in public - she could have learned, but still puts on a front in public. Much of the rest of that is really just personal attack, for which Fiorina should be reviled, but this author trusted, or more about Compaq.

Certainly she's no saint, and has no reason leading any country. But there is so much in the way of skewed opinion that it's impossible to have a discussion about the real failings.

There is no better way to convince your debate opponent that they are right than to present a clearly shoddy argument. And that's what you linked to. If I liked her, I would continue to do so. If not, I would continue to not like her. There are all kinds of psychological tricks at work here, including the Backfire effect, certainly the Dunning-Kruger effect, and many others.

I continue to point out the flaws in arguments because I guess I expected better of "nerds".

Comment Re:Moon as a gas station (Score 2) 194

The cost of getting fuel to the moon is a lot less in a two pilot heavy launch vehicle with no supplies. Compared to a mars destined ship with many people and months of supplies.

If the supply ship loses half its fuel to escape gravity, it can transfer the rest to replace what the travel ship lost.

I really don't see a problem with the math or logic. Arguing mars direct on its merits seems a better strategy.

Comment Re:Probably a true bug (Score -1, Troll) 69

Good thing we have all those eyeballs reading the chromium source to ensure this kind of shoddy QA doesn't make it out to patch Tuesday. Right?

It's a bug, obviously not intentional, and easily overlooked. Until someone verified the behavior.

I'm only commenting as a bookmark for when someone thinks open source has better quality. There are bugs everywhere, and being open does not fix them without people auditing the code. That exists, for a very small number of projects.

Comment Re:Slightly more technical (Score -1) 111

Or, you could rtfa to see the expected false positive rate, or wait until the stats exist. Until then, you are tilting at windmills, or chasing waterfalls, or pavements, depending on your age. It's all speculation, in other words, on your part.

You have achieved label 1 critical thinking, now you have to learn context.

It was kinda like stuffing the wrong card in a computer, when you're stickin' those artificial stimulants in your arm. -- Dion, noted computer scientist