Forgot your password?

Comment: By what definition of "millionaire"? (Score 1) 456

by QilessQi (#46773897) Attached to: Survey: 56 Percent of US Developers Expect To Become Millionaires

If we're talking "has a net worth of over US$1M", that's not too crazy, especially given how inflation will affect salaries in the coming years. Heck, even though they called Thurston Howell III a "millionaire", he was probably a multi-millionaire, since $1M in 1964 would be just about $7.5M today*.

But if we're using millionaire figuratively, as in, "will be in the top 1%", well... not likely. You'd have to have a net income of around $1M to make it into the top 1%, and a net worth of about $16M. A net worth of $1M (and a net income of $250K) barely gets you into the top 20% ( )

* Yes, "Gilligan's Island" is 50 years old come this September. Half a century. I have just made some of you feel incredibly old.

Comment: Re:What about a re-implementation... (Score 1) 288

by QilessQi (#46760427) Attached to: OpenBSD Team Cleaning Up OpenSSL

Agreed, in Java using a char[] still gives you some safety -- the fact that Java has primitives like byte and byte[] also let you mix high- and low-level code. But other languages may not give you that ability to get down-and-dirty with the machine.

Also, as another poster on this thread has observed, paging makes things even more complicated. If you can't prevent that char[]'s block of memory from getting swapped out to disk, then in theory there's an attack vector. C may let you avoid that scenario.

Comment: Re:What about a re-implementation... (Score 4, Informative) 288

by QilessQi (#46758877) Attached to: OpenBSD Team Cleaning Up OpenSSL

As I understand it, one reason that security-related code is best done in low level languages is that the implementer has absolute control over sensitive data.

For example, consider an server which acquires a passphrase from the client for authentication purposes. If your implementation language is C, you can receive that passphrase into a char array on the stack, use it, and zero it out immediately. Poof, gone in microseconds.

But let's say you used some language which dynamically allocates memory for all strings and garbage-collects them when they go out of scope. It's "safer" in one respect, because it prevents the developer from having to do their own memory management. But auto-growing strings (and lists) often work via some invisible sleight-of-hand whereby the string's data is copied to new memory once it grows enough to fill its original underlying buffer. This can happen several times as you concatenate more characters onto the end of that string. So as you read it a long passphrase into a dynamically-growing string, little now-unused copies of the prefixes are being put back on the heap all the time, completely outside your control. If that daemon dumps core and you inspect the dumpfile, you might see something like "correct-horse-battery-sta". Marry that to the log of IP connections, and boom, you can make an educated guess at what Randall Munroe's passphrase is.

Comment: Re:Anyone know if there are regression tests? (Score 1) 288

by QilessQi (#46758583) Attached to: OpenBSD Team Cleaning Up OpenSSL

Whatever they're using as the baseline of their fork. There are already patches that fix Heartbleed (the simplest being "don't support heartbeats", which are not mandatory in the spec anyway). If they're taking this as an opportunity to do radical cleanup, that's great -- but I'm sure we'd all feel better if regression tests were in place to reduce the risk of introducing another subtle bug. Major surgery on critical security infrastructure should not be rushed.

Comment: Re:The Epicurean Paradox (Score 2) 1037

by QilessQi (#46704821) Attached to: How the Internet Is Taking Away America's Religion

This is about the Problem of Evil as it pertains to the idea of God as being both just and omnipotent by definition. Put another way:

Is God willing to prevent evil, but not able? Then he is not omnipotent.
Is God able to prevent evil, but not willing? Then he is not just.
Is God neither able nor willing to prevent evil? Then he is neither omnipotent nor just.
Is God both able and willing to prevent evil? Then why is there evil in the world?

Most defenders of faith fall back on the Job argument: "God is able to prevent evil, he's just not willing to do so, but he can't possibly be injust, because that would violate Scripture. Therefore, it must be because we can't comprehend his reasons." But if the justice of God is not the justice of Man, than how can we call it "justice", or indeed, assign any human quality to it?

Comment: The Epicurean Paradox (Score 5, Informative) 1037

by QilessQi (#46677703) Attached to: How the Internet Is Taking Away America's Religion

From :

Epicurus is generally credited with first expounding the problem of evil, and it is sometimes called "the Epicurean paradox" or "the riddle of Epicurus":
"Is God willing to prevent evil, but not able? Then he is not omnipotent. Is he able, but not willing? Then he is malevolent. Is he both able and willing? Then whence cometh evil? Is he neither able nor willing? Then why call him God?" - 'the Epicurean paradox'.

Comment: I am reminded of Flainian Pobble Beads... (Score 1) 100

by QilessQi (#46653877) Attached to: China Cracks Down On Bitcoin, Cuts Off Exchanges' Bank Access

Yes, as I understand it, the whole point is that BTC are meant to be spent on goods/services, and the recipients can then spend their BTC on the goods/services they need, and so on, without the need to ever convert to or from other currencies except maybe to pay local taxes. In such a world, the exchanges become far less important.

But I don't think we're at the point yet where a community of people buy groceries, gasoline, pay rent and utilities, etc. purely by using BTC. And if the exchanges can't be trusted, the BTC user base may start to degrade to much smaller population of speculators, hoarders, and true believers waiting for a change in the technological or political winds.

At which point you basically have the Flainian Pobble Beads from The Hitchhiker's Guide to the Galaxy, which are only exchangeable for other Flainian Pobble Beads...

Comment: Re:Oh, it's on SyFy? (Score 5, Informative) 167

by QilessQi (#46643755) Attached to: Wil Wheaton Announces New TV Show

Actually (to answer the AC), Wesley Crusher was the annoying one, mostly due to the Mary-Sue-ing scriptwriters, and the fact that no one really wanted to see a teenage boy on the bridge of the Enterprise no matter who was playing him. Wil Wheaton was just an actor, all grown up now, and apparently a pretty nice guy. And when a little girl asked him a question about being bullied for being a nerd, he responded like this:

So: famous Trek actor, nice guy, nerd-friendly, and he tours with Jonathan Coulton. Lots of folks like him. As for everyone else, well, haters gonna hate.

Those who can, do; those who can't, simulate.