Forgot your password?

Comment: Re:Why are the number of cabs [artificially] limit (Score 5, Insightful) 78

by Wrath0fb0b (#47435979) Attached to: Lyft's New York Launch Halted By Restraining Order

If the USA is the bastion of freedom, capitalism and independence, why are cab licenses limited by city bureaucrats? Why not let everyone who qualifies swim in the taxicab business leaving those who cannot stand the waters perish? I just don't get it!

Because historically taxis have engaged in a number of fraudulent and unsavory practices, outright racism in some cases and have generally made cities look bad. So there was a legitimate reason to regulate them in order to ensure that they didn't bilk (or take the long route) for gullible tourists, refuse rides to people of the wrong color, install fake meters, organize into a racket to overcharge customer or skip on carrying decent insurance.

Then, lo-and-behold, the well-meaning regulators were captured by the taxicabs (because they were smart) and turned around and instituted any number of illegitimate regulations designed to stifle competition. This is generally pretty easy in a democracy because when there's a small number of cabbies with a very large interest in certain policies, they can often get their way when there are a large number of citizens with contrary interests. It's the law of diffused costs versus concentrated benefits.

So now, instead of being predictably idiotic with our left/right pro/anti regulation, maybe we should think about stupid regulation versus smart regulation. Then we could distinguish a rule require cabbies to carry insurance for their passengers with one that limits the number of medallions to some artifical number. Or one that requires accurate metering of any form with one that requires a specific brand or type of metering. Or a law that requires cabbies to serve any part of the city with one that requires them to drive home from the airport empty instead of picking up a fare immediately after dropping one off (this one really I don't understand -- there is a line for cabs at the terminal!).

On the other hand, nah, let's just hurf about it....

Comment: Re:We can thank corporate America (Score 1) 281

by Wrath0fb0b (#47389797) Attached to: Ask Slashdot: How Often Should You Change Jobs?

Part of the problem is that it's easier to hire new folks than to reallocate existing ones without getting into political turf wars -- let alone shrinking some departments* that don't need the headcount. This means that the utility of a new employee is automatically greater than one that's been there forever, even if they are equal in skill, just because they can be put in the most useful position.

This is a facet of downwards-stickiness -- it's easy to tell an overstaffed* department that they don't get to hire new folks, it's nearly impossible to tell them to give up folks. But both of those are equivalent in terms of overall allocation of resources.

* Note: I don't mean to say that these folks are incompetent, only that demands change and a team that might be stretched thin one year because of a large project might have few demands the next. In fact, it's exactly the opposite -- the most talented teams end up overstaffed because they build things well and end up without much maintenance to do, rather than constantly chasing their tails duct-taping things up. We should be moving talent from those teams to where it's needed the most.

Comment: Re:Actually not /all/ corporations are covered ... (Score 1) 1323

Who ever said that the IRS definition for the purposes of taxation is the correct one to apply to a RFRA claim over contraception?

I highly doubt that the Waltons would qualify, given that billions of dollars of WalMart stock is held and traded publicly.

Comment: Actually not /all/ corporations are covered ... (Score 1) 1323

The opinion restricts itself to "closely-held corporations" (a phrase used dozens of times) rather than /all/ corporations. They don't define with precision what that exactly means -- that kind of drudgery is the domain of the lower courts -- they did point out that Hobby Lobby is privately held by a small number of folks from the same family. It would seem clear to infer that "closely-held" is sort of an antonym to "publicly-held" here, so I think there's virtually no chance any lower court would allow Wal Mart or Exxon to assert a RFRA claim.

Now, since companies under 100 employees are already exempt from most of PPACA, the net net of this only covers the rare company that simultaneously large enough to be hit by the mandate but still owned closely enough to merit RFRA protection. In other words, not too many in the scheme of things.

[ Full Disclosure: I don't support what Hobby Lobby believes, I think they deserve to lose on the merits. But at the end of the day, I'm not going to make a molehill into a mountain for rhetorical or fundraising purposes. ]

Comment: Re:Error so popular it was enshrined in PCI DSS (Score 1) 192

by Wrath0fb0b (#47325179) Attached to: Improperly Anonymized Logs Reveal Details of NYC Cab Trips

Yes, you are right, I mistyped.

Public: { H(CC+Salt), Salt, Amount of money spent on porn, Amount of student debt }

[ where + is just shorthanded for "mixed with" ]

It's not at all within the realm of possibility for an attacker to brute force the CC space for each salt separately. So yes, an attacker can run through (2**CC_entropy) hashes to brute force a single entry, but that exercise provides him no help when he goes to do the next entry. Moreover, he can't spin up a few TB of storage on S3 and pre-compute anything useful.

The point of the scheme is to turn a pwn-once-win-forever game into a pwn-one-win-one game. This guy paid once and won the entire database. I would like him to have to pay that cost once for each entry.

Comment: Re:Error so popular it was enshrined in PCI DSS (Score 1) 192

by Wrath0fb0b (#47321469) Attached to: Improperly Anonymized Logs Reveal Details of NYC Cab Trips

Yes, a secret salt is no salt at all.

But there are very important uses for salting that make it better than assigning a random number -- it allows someone that does know the input value look up the relevant entry without any involvement from the secure side.

Imagine you had the following two datasets that you've partitioned:

Private: { Credit Card Number, Random Salt }
Public: { H(CC+Salt), Amount of money spent on porn, Amount of student debt }

Now whenever you want to obscure an entry, you do need to go to private one. But if you want to answer the question "How much money did a person with CC X spend on porn", you can look it up without entering the secure domain. But no one without access to the private side can find credit cards in the DB or other stuff -- to within the computational costs of the operation multiplied by the entropy of the salt.

Comment: Re:Error so popular it was enshrined in PCI DSS (Score 1) 192

by Wrath0fb0b (#47321451) Attached to: Improperly Anonymized Logs Reveal Details of NYC Cab Trips

Yes, which is exactly what the person in this article actually did -- he created a lookup table to accelerate brute-forcing the entire released dataset.

And yes, there are a trillion credit cards. But if each one gets a random 32-byte salt added to it, then that's a 4-billion-trillion input space ...

Comment: Re:Error so popular it was enshrined in PCI DSS (Score 2) 192

by Wrath0fb0b (#47303271) Attached to: Improperly Anonymized Logs Reveal Details of NYC Cab Trips

Um, the standard is fine. The phrase "One-way hashes based on strong cryptography" means (to any professional in the business) that one must salt the hash with sufficient entropy to make brute-forcing the input space impossible. So 16 digit CC has little entry, but add a 16-byte hash and you've somewhere.

So yeah, "strong cryptography" can't fix stupid, but those that know how to use it are plenty fine.

Comment: The ethnicities of my tech workplace (Score 1) 435

by Wrath0fb0b (#47262937) Attached to: Yahoo's Diversity Record Is Almost As Bad As Google's

And this is counting just those around me:

East Asia: Han, Cantonese, Korean, Japanese,
Indian Subcontinent: Telugu, Tamil, Sinhalese, Punjabi,
West Asia: Syriac, Turkmen, Arab, Persian,
North Asia: Slavs of all flavors,
Europe: Scandinavian, Germanic, Anglo-saxons, Castilians,
Africa: Hamitic, Bantu,

Looks pretty diverse to me, at least once you get past the crippling simplicity of the "White/Asian/Black/Latin" universe in which the race-baiters are forever trapped.


IT Pro Gets Prison Time For Sabotaging Ex-Employer's System 265

Posted by Soulskill
from the fractions-of-a-penny dept.
itwbennett writes: "In June 2012, Ricky Joe Mitchell of Charleston, West Virginia, found out he was going to be fired from oil and gas company EnerVest and in response he decided to reset the company's servers to their original factory settings. He also disabled cooling equipment for EnerVest's systems and disabled a data-replication process. After pleading guilty in January, Mitchell has been sentenced to four years in federal prison."

Comment: Re:Vegetarian (Score 3, Insightful) 291

I also hate to be the one to point this out, but given a free choice much (not all) of the world population starts consuming meat once given the economic means to do so.

In a world that seems to be lurching towards greater individual autonomy and personal choice, your solution does not strike me as likely to get off the ground. At the end, you'll either have to adopt more and more coercive action to meet your goal or accept that there are billions of independent agents with different preferences.

Comment: Re:These days I think it's safe to assume (Score 1) 57


It's an interesting conundrum. We can at least try to pass laws to prevent our governments from spying us, but even if we succeed we can't very well pass a law forbidding others' governments from doing what they will.

Ultimately, I don't see a solution that's plausible here.


Star Cluster Ejected From Galaxy At 2,000,000 MPH 133

Posted by Soulskill
from the get-out-and-stay-out dept.
William Robinson writes: "According to a new report, a globular cluster of several thousand stars (compressed into a space just a few dozen light-years apart) is being thrown out of galaxy M87. The cluster, named HVGC-1, is traveling at a rate of 2 million miles per hour. The discovery was made by Nelson Caldwell of the Harvard-Smithsonian Center for Astrophysics and his team while studying the space around the supergiant elliptical galaxy M87. Caldwell and colleagues think M87 might have two supermassive black holes at its center. The star cluster wandered too close to the pair, which picked off many of the cluster's outer stars while the inner core remained intact. The black holes then acted like a slingshot, flinging the cluster away at a tremendous speed."

Comment: Re:No middle ground anymore. (Score 1) 146

by Wrath0fb0b (#46849359) Attached to: Texas Family Awarded $2.9 Million In Fracking Lawsuit

1) I would love nothing else for petro-power to become economically unsustainable with respect to renewables. Currently, that's not the case even with massive green-power subsidies. Here in CA, power prices are pushed ever higher as they push the mandates higher.

2) Functional regulation also requires a principled opposition that is willing to focus on actual deliverables rather than scoring points.

3) There is no way that global warming is going to be solved by regulations on the extractive industry, so this is a non-goal in this domain. If we want to try for a comprehensive solution to AGW, it needs to be done across industries and across countries. Global problems cannot be solved locally.

Now proper regulation would raise costs significantly and put pressure on finding REAL solutions sooner which is why environmentalists want to use them to prohibit dirty industry growth

This is exactly the problem, you are effectively deciding on the solution rather than the goal. If it's possible to pump crude out of Alaska without spilling it on the tundra, then you should be in favor of it. To the extent that safety requires raising the cost, that's an acceptable tradeoff, but it absolutely is not the goal unless you are just being obstructionist instead of productive.

Nuclear power is a great example. A still functioning regulatory system makes nuclear power more costly than solar PV. This is still the case with the large government subsidies involved in that industry already.

I worked in nuclear for a while. Most of the cost increase goes to lobbyists and lawyers to fight the other guys' lobbyists and lawyers. Which is all that the nimbyciles have every really accomplished -- making the industry grease the same palms that they are doing with at least as much dough.

[ Kind of ironic actually -- the fight against the parasitic plutocrats only spawns more plutocrats. Perhaps that's a sign about why it's unproductive not to engage with problems directly and find solutions. ]

I keep hearing other nations do a better job deciding such things; like Canada for example.

You mean that country that's pissed off we are stalling our decision on the giant pipeline to transport their oil from the tar sands?!

Truth be told, I've heard they don't care what the answer is since if we say no they'll build the pipeline to the Pacific themselves, but they wanted the stability of shipping it to us. Such a shame really to keep them in limbo, since they can't go elsewhere until we've officially said no too. But yeah, that oil isn't going to the stay in the ground in any event.

Comment: The rapidly disappearing middle ground ... (Score 4, Insightful) 146

by Wrath0fb0b (#46848015) Attached to: Texas Family Awarded $2.9 Million In Fracking Lawsuit

We are not anti-fracking or anti-drilling. My goodness, we live in Texas. Keep it in the pipes, and if you have a leak or spill, report it and be respectful to your neighbors. If you are going to put this stuff in close proximity to homes, be respectful and careful.

Yeah, pretty much this.

We all know that extraction companies do idiotic and careless things and don't give a fuck about safety -- either of their workers or of the environment around them.

We also know that a lot of environmentalists advocate the complete cessation of fracking and drilling even though that makes no practical sense (for now).

And so we've lost the middle ground of wanting a strong extractive industry with strong environmental safeguards and a culture of safety grown up around it. It would be a strategic error for companies to adopt such a policy in a situation where environmentalists are going to oppose them politically and legally anyway no matter what they do. And it would be a strategic error for environmentalists to advocate for responsible extraction given that the companies are going to weasel out of it anyway.

I know where we want to go, I think it's certainly technologically and economically feasible to extract oil and gas without damaging the environment. But the way we pursue it is fundamentally broken on all sides.

[ And none of this is intended to be negative. I consider myself an environmentalist and a technologist FWIW. ]

"The geeks shall inherit the earth." -- Karl Lehenbauer