Forgot your password?

Comment: Re:Wat? (Score 1) 580

You seriously think that black hats bother with reading millions of lines of code in the hope of finding an exploit when all they have to do is play with the data sent to services/applications and see if it misbehaves. Which is why exploits are equally found among closed and open softwares.

Generally I still think that open source projects have an advantage over closed source because there are more eyes on the code in a FOSS project. That being said shit does and will happen and unfortunately even in open source projects sometimes a whole lot of shit manages to pile up before it finally hits the fan which of course then results in a particularly big and very stinky mess like Heartbleed. What the OpenSSL team seems to have failed to do is to perform a really serious amount of destructive testing on their library which, as you pointed out is essentially what black hats do to find these kinds of vulnerabilities anyway. This is not surprising since quality assurance and testing seems to be a bit of a poor relations many FOSS projects just like it is in the closed source community. Another thing I'd try if I was a black hat is to run some kind of static code analyser on the codebase that can identify this kind of problem so that might be another thing the OpenSSL team can try if they aren't doing it already. Finally, when something is as widely used and fundamental to the workings of the internet and online commerce as OpenSSL is one would expect that perhaps some of the big beneficiaries of the OpenSSL project like Google, Apple, Amazon, Facebook etc. could foot the bill to do some suitably paranoid amount of quality assurance on it and other such FOSS projects. After all it's not like any of them is short of cash now is it and maybe these corporations could invest some of that cash they avoid paying in taxes to make everybody's digital lives a little safer by offering bounties for OpenSSL bugs? (...and yes, I know that expecting corporations to show communal responsibility is a long shot but hope springs eternal)

Comment: Re:Well, yeah (Score 4, Insightful) 134

Spy agency's job is to spy. It'd be remiss of them not to use such a security hole.

The question is, would he allow the NSA to exploit a similar vulnerability against Americans. And I think we already know the answer to that one too.

No, the role of the NSA is not just to gather SIGINT, the NSA iis also tasked with preventing unfriendly entities from gathering SIGINT which is why the NSA initiated and open sourced SE Linux just to cite one example. So the question here is should the NSA put every single American SSL using business at risk for years on end to protect a single source of SIGINT? After all, foreign intelligence services may not have to budget of the NSA but they are not stupid either, they can discover bugs like Heartbleed just as easily as the NSA can and might well use it sufficiently stealthily for the NSA not to notice that they aren't the only ones sitting on this vulnerability. When do the costs of spying outweigh the benefits?

Comment: Re:Audit time (Score 1) 322

by Savage-Rabbit (#46736673) Attached to: IRS Misses XP Deadline, Pays Microsoft Millions For Patches

So the IRS missed a deadline they knew was coming... I wonder what they would do to any of us in a similar but different situation?

he IRS isn't the only SNAFU out there by any stretch of the imagination. They are in good company along with many members of the much vaunted and ever efficient private sector when it comes to missing this particular deadline.

Comment: Re:Especially solar cells and carbon fiber windmil (Score 2) 214

The average person's ability to "invest tomorrow" is piss poor, that's why they need a push sometimes. Investing in the short term now in renewable energy is going to result in significant price decreases in the future, especially when you consider the likely future path of oil prices.

The people who made a killing on Google/Apple stocks were the ones who got in early and took a risk. Is it any different with renewables? The ones who get in early are the ones who reap the most benefits. Whoever invests in renewables research and development now, when it is painful and expensive, will be the one who comes out on top later when everybody else is forced to make that transition in a third of the time and with much more pain than you can do it now because these early adopters will be sitting on mature technology and the means to mass produce it and everybody else will either be doing lots of business with them or frantically playing catch-up.

Case in point:

Renewables also have a political dimension. If anybody in Germany thought the Energiewende was expensive (and a lot of people do), they have now had cause to reconsider as they watch Vlad Putin sitting in Moscow with his hand on the gas valve threatening to shut it off unless the NATO powers feed him the Ukraine on a plate.

Comment: Re:IANA Physicist, So... (Score 5, Funny) 630

by Savage-Rabbit (#46708813) Attached to: Navy Debuts New Railgun That Launches Shells at Mach 7

Oxygen, it's in the air...

fine vaporized particles of metal...


And that, ladies and gentlemen, is a demonstration of what we science nerds like to call 'simple science for senators". The amazing thing about it is that you can actually get billions of dollars in funding using this simplified approach when brilliantly researched and written scientific papers fail miserably. Go figure!?!?

Comment: Re:Tracking` (Score 4, Insightful) 233

And yet, people stated that "it would be soooo expensive" to add proper tracking to planes.

It is. As a manufacturer you have to machete your way through a jungle of red tape, get all manner of safety assessments etc. to even be allowed to install the ADSC-B/C equipment on the aircraft. This is very time consuming and expensive, which is one reason why all aircraft avionics and generally anything that goes into an aircraft is by definition obscenely expensive to buy (right down to LCD screens and coffee makers) and why old airliner designs get reworked (it's a smaller bureaucratic workload to get a new variant of an existing design flying than a totally new design). If this seems like dumb bureaucracy keep in mind that aircraft have been lost to crappy installation of retrofitted electronics (a good example being Swissair Flight 111). To install the equipment your airline has to ground the aircraft for at least a week (installation costs and lost revenue). Depending on the type of aircraft you operate and its age there may not even have been provision for the ADSC-B/C equipment which means airframe modifications and more downtime (yet more lost revenue and expenses) followed by more certifications and inspections. On top of that different ATC areas sometimes require you to have different equipment. Even simple stuff like software upgrades only happen at a glacial pace so if you think that fixing a simple software bug on an airliner is as simple as downloading an install package from the support section of the Boeing/Airbus website, uploading it to your USB stick, plugging it into a USB socket in the dashboard of your Boeing 777 airliner and selecting "Update firmware" on the FMS screen you have another thing coming. Airliners are one of the safest modes of transportation but that comes at a cost in time and money.

Comment: Re:Android Body Needed (Score 2) 40

> a new division that aims to 'merge biology, engineering, and computer science to harness the power of natural systems for national security

In other words, Dick Cheney needs an android body urgently.

Is that a good idea? He was dangerous enough with a shotgun, he will be a walking disaster when he can shoot laser beams form his eyes.

Comment: Re:Just to be clear (Score 4, Interesting) 66

by Savage-Rabbit (#46647081) Attached to: Fukushima Photo Essay: a Drone's Eye View

Just to be clear here: the devastation is all due to the tsunami, not to the reactor failure. Foreign media seem to often forget or ignore that the disaster was the earthquake and tsunami. That's what killed almost 20k people dead and destroyed the homes of many hundreds of thousands of people.

It seems to me that the root of the Fukushima disaster was the decision to build a nuclear power plant in a place where there was even the remotest chance of Tsunami damage. The government of a country whose history is littered with Tsunami disasters should have known better. The design basis for tsunamis at Fukushima was 5.7 meters, it should have been: "Don't build a nuclear plant within 20-30km of the coast and even then put it on high ground" and keep in mind that this restriction does not account for earthquakes although the Fukushima plant survived a magnitude 7.7 quake rather well so at least in that regard it was better designed..

Comment: Re:Annoying cable wrangling (Score 3, Informative) 180

by Savage-Rabbit (#46638523) Attached to: A Third of Consumers Who Bought Wearable Devices Have Ditched Them

Wearable devices will not be massively popular unless they will be as simple to use as headphones.

Maybe you are different but I don't carry headphones either and frankly I think headphones are a huge PITA. Headphones require all kinds of annoying cable wrangling or if wireless all kinds of unreliable setups that you are constantly dicking around with. Useful? Yes. Simple? Not so much.

I carry precisely 3 items 99% of the time - phone, wallet and keys - and I'd do away with any of them if I had a reasonable way to do so. I don't mind carrying a fitness tracker if I'm actually doing exercise but otherwise the phone should serve that purpose. I don't want to wear a special purpose device unless I'm doing something rather specific. I don't wear a watch except on rare occasions because they serve little purpose these days (clocks are everywhere) and are annoying to wear if you don't have to.

Generally I agree with you and I can see your point with corded headphones but cordless (Bluetooth) ones work fine for me. I used to go through a ton of corded headphones. Usually they'd wear out due to metal fatigue just above the plug to save money. For years I used to shorten the chord and solder it back to the plug like a true penny pinching geek. Then I finally gave up and spent an obscene amount of money on a set of Sennheiser MM 550-X Bluetooth headphones. So far they have, well .... just worked. I also have a couple of sets of Sennheiser MM200 earplugs phones, also Bluetooth. Same story here, they just work. The first set finally wore out after three years of daily use so I bought a second one on sale since this model is out of production now. The only complaint I have so far is that the audio quality suffers a bit because of the Bluetooth link but not so much that I'd forgo the comfort of being wireless.

Speaking of special purpose devices, what I'd really like for safety reasons is a __proper__ HUD for my car. There are after market ones but most of the suck, a HUD should be standard equipment in every car.

Comment: Re:Yeah right. (Score 1) 518

by Savage-Rabbit (#46629467) Attached to: Department of Transportation Makes Rear View Cameras Mandatory

It's April 1st. You're not fooling anyone.

I don't care, this is a good idea. I installed a dash cam in my car. It's just a HD webcam hooked up to a board computer that runs a C++ daemon using the OpenCV libraries but I have already captured some rather spectacular footage. Including a car that had gone off the road in icy conditions, there was a light post which the car had sheared off it's mounting resting on the car's roof (I arrived at the scene post facto). A couple of days ago I captured another bit off scary footage when I had to drive onto the shoulder of the road to avoid a frontal collision with a guy who decided it was a good idea to overhaul three other cars on blind turn in the road. If this keeps up I'll set up a YouTube channel and a website that uses the footage as a library of examples for student drivers of how not to drive.

Comment: Good.... (Score 4, Interesting) 518

by Savage-Rabbit (#46629161) Attached to: Department of Transportation Makes Rear View Cameras Mandatory

They can include a dash cam and side view cameras as well along with an interface that allows me to copy filmed material to an SD card or something... That would have saved me twice from getting stuck with being 50 percent at fault (both times the other driver ignored a red light).

Comment: Re:Bad law... (Score 1) 232

by Savage-Rabbit (#46629131) Attached to: Judge Overrules Samsung Objection To Jury Instructional Video

I like the way you single out North Americans, as if they indeed are somehow more corrupt than Europeans or Africans or South Americans or Asians or Australians.....

Anybody who claims that has never been to Russia. There are other countries in Europe where corruption is rife but from talking with people who have done business there, Russia is like the wild west (along with Belarus and the Ukraine). One guy I talked to called Russia a "kleptocracy". Take a look at this map of perceived corruption around the world:
High index is clean, a low one is corrupt. As you can see much of Eastern Europe (i.e. ex Warsaw pact) is at least two steps up from Russia. And the USA is perceived as being about as corrupt as Western Europe (i.e. W-Europe more or less as it is defied by Eurovoc).

Comment: Re:What. (Score 0) 284

If Google was, say, a public utility then I'd back you up. But they're not. Filtering or selectively promoting things is entirely within their scope. Their rights don't change because they're popular.

However, if they're publicly viewed as abusing those rights, they very well may become much less popular.

So it's OK to abuse monopolies in any way you want just as long as you don't use them to extort money from people? If there was real competition on the search market, if there were 5-10 different search providers that all more or less equally divided the market between them I'd be perfectly inclined to agree with you because then you could choose a provider that wasn't run by a bunch of reactionary morons. The whole problem is precisely that Google is a private company that has acquired the same position as a and role as public utility by virtue of their monopoly on internet searches. They have a stranglehold on what has become the primary communications platform of the 21st century and thus there are severe limitations on the political filters they are allowed to apply to their search result. We are bloody lucky Google is run by a couple of intellectuals who have for the most part not abused their position and made the concious choice not to push their political agenda with the same unrelenting and ruthless political partisanship as Fox News does. Both conservatives and liberals have benefited from that. Would you rather have the gatekeeper of internet search controlled and run by the likes of Rupert Murdoch or the Koch brothers?

Comment: Re:What. (Score 2) 284

What good is the first amendment if private entities providing essential information services to the public can effective bypass the right for people to be heard?

I fail to see the relevance. No wait - I do. If they're enforcing free speech, that means they can't regulate what a person (or corporation) can say. Or selectively not say of their own volition. Does Freedom of Speech imply that we force people/corporations to say things that they choose not to? Regardless of their motivations? If I run a web-site and there's an article somewhere that says, "China censors nothing!", do I have to provide a link to it despite the fact that I personally think it's biased?

I suspect that it depends on what your market share is, i.e. whether you are a "gatekeeper" or not. If you are just some two bit website that's one of a thousand others then the answer is that you can present whatever point of view you want and ignore others. If, however, you are Google, you handle 95% of all internet searches and you don't agree with, say the US Republican party's point of view so you start purging all links from your search results that represent a Republican point of view that you don't agree with then the game situations is a bit different and should be forced to be more neutral than you would like to be for the public good. I generally can't stand radical Republicans but I'll fight for their right to be heard, I don't have much use for communism either but I also think Commies have a right to be heard. This judge would seem to disagree with that which is IMHO quite amazing.

If a subordinate asks you a pertinent question, look at him as if he had lost his senses. When he looks down, paraphrase the question back at him.