Forgot your password?

Comment: Or are bitter and jaded (Score 3, Interesting) 255

I know that when I am being data mined I am very likely to pick the funny or ironic answer to any poll. The less intelligent the dumbest option is, the more likely I am to select it. My data is valuable and if you aren't gong to pay a fair price, and you intend to use it to subvert my happiness, I am not likely to go quietly to the slaugter.

I remember some movie where a guy lands in a Gulag and is being forced to make mitten liners. He learns from one of the other guys to sew them shut across the fingers and then hide the sabatoged ones by slipping them into the "already inspected" pile. It is sabatoge and it's faster than making the proper stitch so it's easier to meet the quota.

Lots of people maliciously answer polls and such, or so I suspect, which is why they are such a terrible instrument of governance and polity.

And P.S. if you don't limit people to thinking about tech, well there are _many_ blue species of sting and mant rays, so contextually they might have a point on answering some of those questions. Its that whole ability to read past typos that humans are so gifted with.

So conclusion? Polls suck, they suck slightly more than the pollsters conducting them, um-kay?

Comment: The case _for_ goto (Score 1) 231

by IBitOBear (#46406465) Attached to: Bug In the GnuTLS Library Leaves Many OSs and Apps At Risk

The linux kernel is full of gotos. Assembly is bereft blocks and that sort of structure. So "goto" isn't the source of all evil.

Consier this example of the linux goto paradigm below. When taking locks and establsihing component preconditions you can write an optimal routine that does the stepwise creation, and includes the non-conditional cleanup. Then skipping the cleanup if all the parts succede. The example below is trivial, but when it comes to preserving locking orders it solves a hard problem very simply. And if you check out the generated code its very efficent. More so if you hint the compiler that the success case is most likely for each conditional.

So take the simple example and imagine you are building something complex like a network request with data and metadata buffers and the actual request structure itself et al... as the number of parts grow the number of bizarre else conditions you have to use to do stepwise cleanup become bothersome repetitions of code. Its even worse if it's part1 _or_ part2 along with part3 etc. Complexity and repetition of phrases in the elses is plenty of reason to use goto.

complex_thing * hard_thing() {
complex_thing * retval = 0;
thing_pt1 * pt1 = 0;
thing_pt2 * pt2 = 0;
if (pt1 = generate_first()) {
    if (pt2 = generate_last(pt1)) {
        if (retval = generate_final(pt1,pt2)) {
            goto success;
if (pt2) cleanup_last(pt2);
if (pt1) cleanup_first(pt1);
return retval;

Simply put, there are times when a well-placed goto with a clear purpose and precondition can simplify code and accelerate execution.

Do I use a lot of gotos? no. Probably six C/C++ gotos in the last fifteen years. But when they are the correct tool to use, they can be magical.

Comment: Writing safety-aware code _somewhere_ (Score 2) 231

by IBitOBear (#46406365) Attached to: Bug In the GnuTLS Library Leaves Many OSs and Apps At Risk

Since all machine code is potentially brittle, the argument for using "safety aware languages" is itself brittle. For instance, Ada is safe because it doesn't allow deallocation unless you use ada.unchecked_deallocation(), or in the alternate, build nothing on the heap, or just hope that the Ada implementation has garbage collection, or..., or... etc.

_Someone_ has to do the work to protect whatever the brittleness is at issue.

For years I have used "struct Buffer { char * start, char * end};" instead of just char * string. (thing.end-thing.begin) is faster than strlen() and the constraints are always present. I've got a library full of simple bits that make this work (a wrapper around write(2) and read(2) for example).

Bad code can be written in any language. Java is safe? Well kind of, until you start making circles of referencds and losing them. sounds harmless unles there is a task and open socket in that circular reference and you've left a link back to some structure so that the socket is now able to access some nonsense.

The best tools in the worst hands are far worse than the worst tools in the best hands. Yelling for tools is a specious argument. Someone has to do the work, and that someone may well bone the job.

Comment: I propose "Snowden" become a active tense op (Score 2) 231

by IBitOBear (#46405211) Attached to: Bug In the GnuTLS Library Leaves Many OSs and Apps At Risk

(v) Adding a bit of code, hardware, or operation you know you shoudln't because an authority requires you do so.
"Hey honey, I'll be late for dinner, I have to snowden the latest release of firefox."

(n) the sneaky bit of intrusive technology
"Hey what's this bit?" "Shhh, that's the snowden."

I know he was the wistleblower, but we should enshrine his deed and the knowledge that this is happening using his name in memoriam.

Comment: Definition of "Enough" and "fase dichotomy" (Score 1) 231

by IBitOBear (#46405153) Attached to: Bug In the GnuTLS Library Leaves Many OSs and Apps At Risk

ASIDE: Your point is mute [look up "moot" before attempting correction. 8-) ]. Enough is enough, and any less is not enough. That's the definition of enough.

Consider: "If you eat enough pudding you'll die"... the only test case is to keep eating pudding till you die. If you stop before you die you didn't eat enough. 8-)

Now the point that all eyeballs are not equal is fine and obvious. It only takes one metaphorical eyeball, connected to the correct brain, to find a bug. So one is enough if the rest of the configuration is suitable, and an infinite number are not enough if they lack the context.

The real difference between FOSS and others is not the quality of the eyeballs but the opportunity for the correctly quipped eyeball to fall on the relevant bit. In closed source applications the right post-eyeball configuration would have to first be part of the set of allowed eyeballs, and it would likely have to be actively paid to look for the bug directly or indirectly since the limited herd of eyeballs all have their assignments.

Pretending that the better solution (FOSS IMHO) is unworkable because it's demonstrably imperfect ignores the fact that the far less functional (NON FOSS IMHO) has a demonstrably worse track record. That comparason and derision is just "false dichotomy" and kind of an example of, perhaps, why you aren't the set of eyeballs in charge.

In non-FOSS circumstances virtually all eyeballs lack the context to find and fix problems because they lack access to the source.

So your argument fails because it implicitly argues against exposure, or argues that exposure isn't enough if the right people aren't looking. The failure isn't one of fact but of position. You offer no counter proposal. You are pissing on the model that exists but offering no alternative. In short you are engaged in venting of some sort but you are apparently not one of the set of eyeballs ready to offer solutions.

Comment: Didn't "run away" from europe... (Score 1) 835

Actually the "Prutian Sepratists" were kicked out of europe for advocating regicide (trying to get someone to kill the king). They were granted title to what is now Verginia but decided to stay where they made landfall instead (not very good sailors). And they didn't come for freedom of religion, they wanted to set up their very own Jonestown (Guyana). It's right there in their name "puritan sepratists".

We don't necessarily have a thing for fear. We have a thing for authoritarianism.

So dear Europe, the next time you decided to export all your religious wacos, don't sent them all to the same place... it weakens the gene-pool.

There just happens to be a high correlation between fear and republicanism, so they run on the more police, more prisons, and to do so the conservative media bias is deliberately miss-sold as a liberal one. It's a self-perpetuating cycle.

On top of that, criminals all want to be cops, but only the petty criminals can make it though the background check. The cirminals want a taste of the power that previously held them down. So you end up with a lot of well armed, otherwise petty criminals ganged up in one profession exercising their egos.

Comment: So ask nicely and don't be a dick. (Score 3, Insightful) 298

Seriously, just ask your client base not to copy the mag, and maybe even do "pay what you want". It worked really well for The Humble Bundle.

If the product is good and you treat your customer base well, they will pay. IF you don't they wont.

The people who are going to copy it are not the people you want to care about as customers. Count them for ad revenue (like any other advertisement model, the reader is the product as far as the advertisers are concerned so copying is good from that angle.

You just need to find the sweet spot between universally free distribution (for high advert return) and enough direct sales for it's own sake.

And don't be a dick.

Comment: Sharpshooter Falacy (Score 3, Insightful) 107

You know, when people talk about who was warned about what, they completely forget the sharpshooter falacy. Warn everyone about everyone, then when some one does some one thing you can say "you were warned" because, in the huge pile of everything-squared you can find that nedle in the nedle-stack.

Now all the people who pointed at the nedle demand a bigger nedle-stack full of smaller and smaller nedles.

More signal. But more noise. And more noise per each increment in signal.

And more blame to go around.

There was a song, it has a point. "You have to hold-on loosly but don't let go". There was a movie, and it has a point "the more you tighten your grip the more systems will slip through your fingers." It's like there are all these old aphorisms and they came about for having truth within them. The truth of moderation.

More isn't better, it likely never was.

Comment: Re:Schadenfreude (Score 1) 427

by IBitOBear (#43211449) Attached to: Electronics Arts CEO Ousted In Wake of SimCity Launch Disaster

No you wouldn't want to jump from a plane with a solid gold parachute (it'd be too heavy). Golden is a different beast alltogether. A golden parachute could be made out of $20m of rarest silk with all the d-rings made from chocolate diamonds and a harness embroydered with hundreds of untraceable swiss bank account numbers.

In one of the Books of the Malazans series there was a town where, should you default on an obligation the holder of that obligation could decide to to make you swim across the local harbor with bearing the amount of your default strapped to your body in gold. It cost the owed party twice the amount (e.g. his cash out of pocket and the money he'd never get from you) but people were very unlikely to default on obligations. Plus the creditor coudl often make his money back on the side bets for how long it took you to drown... Now _that_ woudl be a system for exiting CEOs.

Comment: more on point (Score 1) 349

by IBitOBear (#42939679) Attached to: SSH Password Gropers Are Now Trying High Ports

since fail2ban would ban the entire NAT(ed) other office if one actor there were to fail-out from a host in that office, it suffers from the same "short coming" as my script in general, and if you know that some particular shop somewhere is behind a nat, why wouldn't you then white-list that address anyway? e.g. using fail2ban is a good way to let one noob at (remote office) lock out everyone at (remote office). Just because it _hasn't_ happened to you yet doesn't mean that you are ready for the case when it does.

That's a real wizzer of a solution there bob...

If you don't already have white-lists (and preferably VPNs) between known good sites you are just a denial-of-service or "I can't remember my password with this hangover" event away from the theoretical firing anyway.

Again, if you don't know how to apply your tools then all solutions that you don't already think are super-duper will seem suspect. Since you don't seem to know the weaknesses of your current solution, and you improperly apply your "wisdom" as analysis of _my_ solution, you are proved doubly wrong.

Cookbook fail to you, good sir...

(P.S. I know, and point out, that the good and bad attempts are counted in the limit. There are reasons. That those reasons don't apply to your case doesn't make _me_ wrong, it makes _you_ short-sighted for assuming that what doesn't work for your case can't possibly be correct for anyone. 8-)

Comment: The reason(s) for this constructon (Score 1) 349

by IBitOBear (#42939601) Attached to: SSH Password Gropers Are Now Trying High Ports

While I do use this at home, I also use it on a number of forward facing servers for business purposes (usually with different thresholds and numbers). I spend very little time at "my desk" so the ability to know that I will always have a computer with a pre-shared key available is quite limited. If I am, say, at a hangar at an airfield and I get an emergency call to check on a host, I can ssh to my own (unprivileged) account and elevate my privileges thereafter. So I, and my very few alternates, can respond from anywhere with no chance of leaking meaningful key material as one might if they tried to match up known/authorized keys (and USB sticks are verboten in many of the places I find myself).

In that usage pattern, if I ended up having to ssh in more than five times in a single hour then things are really not right. (and if I knew that sort of thing was going to happen I _could_ always tweak the rule, but I more often use the multi-session ControlPath etc options to side-step the 5-per-hour limit if larger maintenance comes to the front).

That is, I limit the connections pass-or-fail, because it matches the expected (sparse) use pattern and so also limits the ability of a compromised machine I might use as a source box from spanning into the target machine. For instance I can use a source host and then invalidate it by making a couple extra connections so if, say, I have to use an internet cafe (it's never happened, but it might) or hotel computer or whatever, I can keep a clever follower-on from using a key-logger or whatever, from just using the link agian. [granted he could use the information from a different computer etc and I have other means for dealing with that sort of thing (locking the access account after use until I can get somewhere secure and change the password; single-use passwords on some systems, etc), but in terms of a quick access and then block, this works well.]

Different access models require different tools. Being able to ssh in from just about anywhere has come up as useful. Having several useful ways of closing that door, or having it slammed shut perforce, after the valid use are also important levels in any paradigm.

Also, if you reuse the named recent table (e.g. "bad_actors" in this example) [or indeed a whole chain if it's not SSH specific if you replace "ACCEPT" with "RETURN"] in different rules you can easily catch a machine on its very first port-scan or on a single attempt to reach a service you know you don't offer (like SMB service) and drop it into the named table. This lets the co-variants of the one rule "gang up" on the bad actor from different parts of your rule set without invoking expensive external processes. For instance if you also --set an IP address as a bad_actor for sending you a SYN/FIN or a broadcast ping then that one host doesn't get to double or triple dip your security.

Comment: Re:Better than that... (Score 1) 349

by IBitOBear (#42939297) Attached to: SSH Password Gropers Are Now Trying High Ports

I would expect to be called on shortcomings... But that didn't happen... Someone who didn't bother to understand the code mis-applied it to his situation and then called that misapplication for being flawed.

See, I responded in a conversational chain about "brute forcing a key" with a basic structure on how to blacklist a brute force attempt source. (and in two other places I did paste the same code since Slashdot doesn't let you easily fold sub-topics, but in each case the conversation was slightly different.)

Now at no time did I say "this will solve all your problems or address all your issues". For example one of the "short-comings" was about logging and the other involved use _inside_ a VPN where connection rates would be intentionally much higher. Neither is a real short-coming as people with even trivial knowledge of program flow and iptables in general would know how to deal with both situations. Things like picking the network interfaces to apply the rules to, and fully understanding that where rules are not desired, they should not be applied. (it's kind of no-duh that way, life). [In fact, if you look at the command I use "ext+" (instead of the default "eth+" et al.) as the interface, which is completely non-standard to deter "cut and paste" application and encourage thought about how the model might be used.

Logging is another issue wholly. Most people collect _way_ more logs than they should and then end up losing their important information in a flood of data. [ASIDE: this is why Gestaltism failed and the Scientific Method came to prominence.] It _shouldn't_ take much brain at all to figure out the various ways that logging would dress onto the skeleton above. On systems with high logging standards I usually replace most-or-all "ACCEPT" rules with a jump to an accept chain that contains uniform "success" logging (e.g. see LOG target --log-prefix element). I like to put failure logging at "the point of failure detection", and only one fail notice, so that I don't have to fish through repeats. Then I let tools (like the way the "recent" match stores the date/time of encounters) do their jobs rather than spending a lot of CPU to re-chew raw logs for no flipping reason at all. [Mil-spec sites will, clearly, have other requirements, which are solved by other means.]

As for the Condescension. That too is a useful tool, applied quite carefully in this case, that makes people think and re-read instead of reflex flame. Now you have jumped valiantly to the defense of some clod, and I decry you for that, because you have amplified his mistake with your opprobrium. This makes you more wrong than him. You have stepped in as arbiter of form with disregard to content. You are pure noise with no signal whatsoever. your single data point is my *horror* repetition of the code in other contexts. You got me. I am willing to put the same idea in front of more than one subset of a conversation. How this must wound the internet, and confuse it beyond its ability to cope. The internet has never seen repetition so foul as I have done here.... oh wait....

I do indeed condescend, to him, and to you. His histrionic, left-handed, and unsupported assertion (q.v. "I would be fired if...") set the tone for what followed and I was willing in whole to treat with him on his terms. Your yappy-dog, I want to seem important too, infantile insertion was not even up to the low bar we were dancing above. Oh good show to you find tagger-along. You have wounded me to the quick with your amazing and subtle support of his shortsightedness. Bravo!

If you don't understand why littering a design pattern/example with noise is just plain bad instruction, perhaps you should retire from the field and take up something that better suits your cook-book-only, can't be bothered to think, self-limiting mentality.

"The greatest warriors are the ones who fight for peace." -- Holly Near