Forgot your password?

Comment: Re:For domestic use only (Score 1) 157

by Bob9113 (#47563589) Attached to: Senate Bill Would Ban Most Bulk Surveillance

Isn't self-hosting a violation of most ISP EULAs?

I think so, if you have user-grade service, but I pay for a commercial-grade Internet connection that comes with a static IP for running services, and I run three hosted servers. Freedom isn't free (but it is a lot of fun). :)

Ever wonder if maybe that rule has less to do with bandwidth and more to do with preventing the creation of a peer-to-peer, decentralized internet?

I think there's some truth to that, if for no other reason than that the ISP probably would rather not have the headache associated with average idiots running servers. They're run by guys with MBAs who genuinely believe that centralized is inherently better -- like to the level that they don't even grasp what you're saying at first, if you try to explain the benefits of decentralized.

Comment: Re:Such a Waste (Score 2) 66

by bill_mcgonigle (#47563033) Attached to: The Hobbit: the Battle of Five Armies Trailer Released

sold out to the suits at Warner Brothers

That's not going to turn out well for them. After the first steaming pile, the subsequent two aren't even on my list. Even if the next two were great, what were we going to do, show our kids only the last half of the story (well, with other random crap thrown in)? It's not like they were going to go back and fix the first one.

Once the copyright fully expires, somebody will make a great TV miniseries of The Hobbit. The folks doing Pratchet's stories would do a good job, for instance.

Oh, and Jackson has blown his cred with everybody. Hope the contract with WB was airtight on this trilogy because that payment's gonna have to last for quite a while.

Comment: Re:Appalling (Score 5, Informative) 88

by swillden (#47562755) Attached to: Old Apache Code At Root of Android FakeID Mess

I don't know the fine details of this bug, but am I the only one appalled at how obvious this bug sounds? It doesn't even properly check the certificate? I mean buffer overflows and such are one thing, but not properly testing your certificate code seems unforgivable.

No, it's not that it doesn't check certificates generally, it's that if there's an additional, extra certificate of a particular form in the list that forms an app's certificate chain (but isn't actually in the chain) then that extra certificate gets included in the list of signatures associated with an app... making other apps that query the signature list believe that the app is signed by a certificate it's not. This doesn't, for example, fool the Play store into believing an app is from developer A when it's really from developer B. But it can fool other apps. There are some apps that load others as plugins, and make decisions about which plugins to load based on whether they're signed by a particular key. This flaw allows malicious apps to subvert that, convincing the plugin-loading apps to execute them, thereby giving the malicious app the same permissions as the plugin-loading app.

It's a serious security flaw, no doubt. But it's a little more subtle and less obvious than the summary makes it appear. Also, it appears that no app in the Play store, nor any of the other apps that Google has scanned, attempt to exploit the flaw. It's very easy to identify them by scanning the certificates in the package.

I've implemented tests for certificate chain validation code several times (not in Android), and it never once occurred to me to test for this particular odd construction, nor, I think, would anyone else think to test for it without some specific reason. This sort of bug requires inspection of the code.

(Disclaimer: I'm a member of the Android security team, but I'm not speaking in an official capacity, just summarizing what I've read of the vulnerability -- which isn't a great deal. Others on my team are well-informed, but I haven't followed this issue closely.)

Comment: Re:Is it a legitimate collection? (Score 1) 285

by bill_mcgonigle (#47562167) Attached to: 35% of American Adults Have Debt 'In Collections'

Yeah, it should be higher. People are so afraid of a credit rating problem these days that they will often pay off a "bad debt" that is fraudulent to get their score "fixed".

Creditors know this and are abusive because of it. I tell them to go suck a big one if they pull that crap. It's better to pay cash anyway, but I've actually had very few try to report bogus charges I refused to pay (90% or so are just bluffing).

Frankly I'd trust somebody with 'very good' credit more than somebody with 'perfect credit'.

Comment: Relative Window Duration (Score 2) 285

by Bob9113 (#47561995) Attached to: 35% of American Adults Have Debt 'In Collections'

Anyone have other theories why this number is so much higher than the 5% of people who are just "late"?

The first window lasts from 0.08 years to 0.5 years, while the second window lasts from 0.5 years to 7.0 years. The relative window width is (7.0 - 0.5) / (0.5 - 0.08) = 6.5 / 0.42 = 15.47. So if each person only had zero or one debts, and no debt was ever paid off, you'd expect there to be 15.47 times as many debt holders in the second window as in the first. 15.47 * 5% = 77%. So the fact that it is at 35% means that there is some combination of people being in both categories and people paying off their debt while it is "In Collections." If it was 5%, or 77%, you'd be able to make a pretty solid guess that something was hinky, but 35% is in the "could be perfectly reasonable" range.

I'll also echo the sentiment that some creditors do a horrible job of billing. I had a large outstanding debt for years before finding it on my credit report. The company had a typo in my address from the original signup, but had been getting copies of my credit report which had my correct address. They sent all the bills to the incorrect address they had on file, never once contacted me at the address on file with the credit reporting company they had been contacting.

Comment: Re:What's the point? (Score 1) 157

by Bob9113 (#47560357) Attached to: Senate Bill Would Ban Most Bulk Surveillance

I can't find words for how much I hate Congress and the President for this.

I can. But I'm afraid that if I use them in public, I could be put on the secret watch list and have to face extra scrutiny in every LEO encounter when "possible terrorist, report to FBI" pops up on their computer.

Of course, that chilling effect means that the peaceful feedback mechanism that is supposed to moderate government overreach is being attenuated. When that moderation system is weakened, excesses grow. Fortunately, as The Declaration of Independence notes, "accordingly all experience hath shewn, that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed." So we have time.

But time grows short; The Declaration does not end with that phrase.

Comment: Re:For domestic use only (Score 3, Informative) 157

by Bob9113 (#47560163) Attached to: Senate Bill Would Ban Most Bulk Surveillance

Decentralized Internet is badly needed

Very true, that is the only real solution to this problem. Whether corporations, governments, or criminals, the value in surveillance is too great to be resisted. The only solution is increasing the cost and detecting it when it happens. Decentralization will both make it more expensive to do generalized surveillance, and make it harder to do it without getting caught.

and nothing seems to be in works...

Not as true.

OwnCloud lets you host your own dropbox, mobile-to-desktop sync, etc.
MediaGoblin lets you host your own replacement for YouTube.
Asterisk lets you host an end-to-end encrypted replacement for Skype.
Tor and I2P let you slip past your ISP's surveillance net.

That's just the tip of the iceberg. Learn more at

Comment: Re:Little Appliance Parts (Score 2) 56

by fuzzyfuzzyfungus (#47559565) Attached to: 3-D Printing Comes To Amazon
Amazon's offering is substantially less flexible than that of existing players (shapeways is the name that comes to mind; but there are others), who already accept basically any STL that isn't horribly munged in some way and spit the result out in a number of different materials.

You still have to model the part, or buy a (currently rather expensive) 3d scanner to do it; but if you are willing to put on your CAD hat, you could have the part by next week, just not from Amazon. I wonder if they are just moving slowly, or worried about the copy cops coming after them once people start knocking off action figures or something...

Comment: Re:Strength (Score 1) 56

by fuzzyfuzzyfungus (#47559531) Attached to: 3-D Printing Comes To Amazon
It lacks the sci-fi appeal of pure printing; but there are a variety of techniques that use the 3d printed part as the first step and then subject it to additional treatment steps in order to make up for those sorts of deficiencies.

As long as the subsequent processing steps don't change the dimensions(or change them in predictable ways that you can compensate for) you can get away with whatever tempering, annealing, and so on your application requires.

Comment: Re:Strength (Score 4, Insightful) 56

by fuzzyfuzzyfungus (#47559471) Attached to: 3-D Printing Comes To Amazon
Depends on what you pay.

A poorly calibrated fused filament unit will produce stringy junk that delaminates if you look at it funny. A well calibrated one will achieve something reasonably close to what the plastic it is using is actually capable of. Outside the cheap seats, you can print all kinds of things(especially if you count parts that require one or more additional processing steps as '3d printed'. Printing wax, for example, is pretty undemanding, and allows you to do lost-wax casts of more or less any shape that will cast properly, without needing a printer that can sinter or melt metals. Some of the techniques for producing ceramics are in the same vein, the printer just needs to tack the ceramic material together long enough for firing, which takes care of the mechanical properties.)

The one thing that is (relatively) easy with injection molding that 3d printing (to my knowledge) isn't so hot for is overmolds. When injection molding you can use insert molding or multi-shot systems to achieve the (enormously common and fairly popular) combination of a rigid plastic structure with an elastomeric surface treatment for grip or aesthetic reasons. For prototyping purposes you can get paint-like coatings that emulate elastomeric overmolds that you can brush on to 3d printed parts; but the quality isn't as good and production takes longer.

Comment: Re:Trivial observation (Score 1) 131

by swillden (#47556973) Attached to: A Fictional Compression Metric Moves Into the Real World

some bullshit "universal compresser"

Not a universal compressor, a standard compressor, such as gzip. The metric is ultimately just a comparison between the compressor being evaluated and the compressor chosen as the standard, and it is unitless.

That said, I agree with you that the scaling constant has no reason to be present. As for using the logs of times... I don't know. It's essentially a base change, expressing the time of the compressor being evaluated in the base of the standard compressor, which is then multiplied by the ratio of the compression ratios. Handling the time relationship as a base change may have some useful properties, but I can't see what they would be.

Optimism is the content of small men in high places. -- F. Scott Fitzgerald, "The Crack Up"