Forgot your password?
typodupeerror

Comment: Re: Parent of University Frosh Twins: "Thank You" (Score 2) 161

by David Jao (#47841941) Attached to: Getting Into College the Old Fashioned Way: With Money
To clarify, the goal is to be rich enough that I won't need to borrow money. I'm not implying that I insist on some sort of draconian no-debt stance. If I fail in my goal then sure, I'll borrow what's sensible. But I'm not starting out with debt as a goal. I can't see how car loans make sense under any circumstances. The basic purpose of a car is to get me from point A to point B safely and reliably. Such a car, used, costs well under $5000 in almost all localities. This is not a useful or interesting enough amount of money to be worth taking on debt.

Comment: Not the old-fashioned way (Score 3, Insightful) 161

by David Jao (#47841605) Attached to: Getting Into College the Old Fashioned Way: With Money
The approach mentioned here may get you into college, and it may cost money, but it is not old-fashioned. The old-fashioned way to get into colleges with money goes something like this: "My dad is a trustee at Princeton, so I knew I would get in." If you have 2 million dollars to spend, endowing a faculty chair at a university is a much better bet than paying for high-priced consulting services.

Comment: Re:Parent of University Frosh Twins: "Thank You" (Score 2) 161

by David Jao (#47841579) Attached to: Getting Into College the Old Fashioned Way: With Money
Need based tuition scholarships do not come close to explaining the extraordinary rise in tuitions. The real reason is decreased state funding (for public universities) and government-guaranteed student loans (affecting all universities).

Without student loans, colleges would only be able to charge what the market can bear. No entity can violate this ironclad law of economics. If families can't pay the amount of tuition that you charge, you're not getting that amount of tuition, period. Loan availability increases the amount that families can afford to pay. In principle, there is nothing wrong with this idea, and in fact if the free market were allowed to determine loan availability, the system as a whole would quickly converge onto the optimal amount of loan availability. Under this hypothetical free-market scenario, banks wishing to make student loans would have to vet their students properly and make sure with reasonable confidence that they will be repaid. If the free market were at work, there would be a natural market-based limit on the amount of loan money available, simply because not every student is going to represent a good investment.

Unfortunately, what we have right now in the student loan market is not even close to a free market. The dominant lender is the government, and even in the case of privately held student loans, the laws and regulations governing student loans are highly and artificially favorable to the lenders. To give just a few examples, unlike any other form of loan, student loans (including private loans) can almost never be discharged in bankruptcy; cannot expire from statute of limitations; allow the lender to garnish wages, tax refunds, social security, and disability payments without a court order; and repayment is guaranteed by the government, even if the borrower defaults (but the lender can still pursue the borrower for repayment even after the government makes them whole). The result of such amazingly biased and favorable laws is exactly what you would expect: lenders throw money at students far out of proportion to the actual amount of money that it would make economic sense for them to lend under ordinary circumstances. Having this much money supply available in the system is then the primary factor that enables and allows ridiculous increases in tuition.

I don't have school age children yet, but I will soon. I have no intention of taking out loans or making them take out loans, no matter how hard it is to achieve this goal. I would love to compete on a level playing field with other similarly responsible parents, but unfortunately I'm not going to have that chance. Instead I'm going to have to compete with irresponsible borrowers who have borrowed way more money than anything that remotely makes sense for them to borrow.

Comment: Re: Wireless security (Score 1) 84

by David Jao (#47798233) Attached to: Wi-Fi Router Attack Only Requires a Single PIN Guess
If you're using client certificates for authentication, and an attacker obtains the server cert, then the attacker can successfully fool you into thinking that you have connected to the real server, but the attacker cannot successfully fool the real server into thinking that you have connected to it. This kind of "half-MITM" attack is not usually thought of as a full MITM. The authentication protocol uses a challenge/response protocol which incorporates ephemeral keys and hence is not portable even between two entities both holding the same server cert. That is, if A and B both have the server cert, and A challenges C, and B obtains C's response to A's challenge, B cannot then impersonate C to A, since B does not know either C or A's ephemeral DH keys. Even if the attacker just blindly proxies between the real server and the real client, it won't work; in this case the communication would just be a real connection that the attacker can't decrypt or alter in any way thanks to forward secrecy.

Comment: Re: Wireless security (Score 1) 84

by David Jao (#47794097) Attached to: Wi-Fi Router Attack Only Requires a Single PIN Guess
Having all their traffic to and from one server is not as devastating an attack as having their password. For one thing, users tend to re-use passwords across multiple sites. I'm sure you can think of plenty of other reasons why client certs are at least *slightly* safer than username/passwords.

Comment: Re:The problem of Microsoft (Score 1) 337

by David Jao (#47663849) Attached to: Microsoft Surface Drowning?
You often can't customize your own install without breaking the law. The GP post specifically mentioned OEM Windows licenses as a way of getting cheap Windows licenses. This is no accident: OEM licenses are the only way to get cheap Windows licenses. Any sort of enterprise license will be far more expensive. But an OEM license is the least customizable of all the options. You can't even legally install an OEM licensed copy on any other machine other than the individual machine that the software came with, since an OEM license is tied to an individual machine. To get a custom install starting from an OEM copy, you can't just make one custom version and install it on all your machines; that kind of activity is specifically forbidden by the terms of the OEM license. You'd have to spend 30 minutes individually on each and every machine in your organization if you go the OEM license route and you don't want to break the law. Those 30 minutes of staff time are way more expensive than the bare-bones OEM license cost. Alternatively, you could purchase an enterprise license, but now we're no longer talking about cheap Windows licenses, we're talking about very expensive Windows licenses.

So, yes, you can customize Windows installs, but it's much more expensive to do so in any legal way, since you need an enterprise license, which really does cost ridiculous amounts of money. There is no cheap way to get customizable Windows. Even then, it's a bit of a hassle compared to Linux.

Comment: Re: The problem of Microsoft (Score 1) 337

by David Jao (#47647745) Attached to: Microsoft Surface Drowning?
It's not the price (free or pay). It's what you can do with the software. Apple software is still subject to BSA audits. You can't distribute customized versions. Things are slightly better in that hardware support is uniform and there are no client access licenses, but you also encounter new problems like Apple dropping software support for your hardware. Free software is just better. The cost of purchasing the software is insignificant. The time and hassle saved by free software is the real jewel.

Microsoft and Apple are poor choices unless your (sysadmin, IT, and staff) time isn't worth anything.

Comment: Re:The problem of Microsoft (Score 5, Insightful) 337

by David Jao (#47646661) Attached to: Microsoft Surface Drowning?
The Microsoft tax is not just about the monetary price of Windows. That's actually the least burdensome part of the tax. The real problem is the cost of license compliance. Most obvious are the direct costs: license management, purchase records, and receipt tracking. How much staff time are you going to spend on keeping track of Client Access Licenses? Is this expense worth it, when there are free platforms with no CAL requirements? I bet you didn't know the MS EULA gives the BSA the right to audit your premises at will. That's another huge overhead which simply does not exist with free software: A single small screw-up (almost inevitable, given the minuteness with which the audit is conducted) results in heavy fines plus having to pay the considerable costs of the audit. Compared to this insanity, anyone using exclusively free software can simply slam the door on the BSA and tell them never to come back unless they have a warrant.

Those are just the direct costs of compliance. The indirect costs of Microsoft's licensing model are something that even fewer users realize. You can't customize a distro and legally release the result to anyone outside of the organizational unit holding the license. You can't slipstream updates and legally distribute to outside parties. You can't create USB bootable media and legally release it to anyone else. Rescue discs and installation discs customized for particular hardware are left to the mercy of your OEM. All of these restrictions cause considerable friction which slows down the agility of your business. If nothing else, it makes it very hard to outsource IT functions; at most, you can hire contractors who have to keep your OS software bits separate from everyone else's OS software bits. How can this situation possibly compare favorably to free software where anyone can create and share anything? It really can't.

Comment: Re:Hash Collision (Score 1) 790

Finding an incidental collision in SHA512 is newsworthy. SHA512 is an iterated hash function (more specifically, a Merkle-Damgard construction). Any iterated hash function has the property that a single collision can be leveraged to produce arbitrarily many collisions. A single collision would destroy the entire utility of the hash function for almost any application that depends on collision resistance.

Lisp Users: Due to the holiday next Monday, there will be no garbage collection.

Working...