Forgot your password?

Comment: Re:$3500 fine? (Score 4, Interesting) 279

by c (#48217071) Attached to: Tech Firm Fined For Paying Imported Workers $1.21 Per Hour

That's a joke. They should have been fined at least as much as the backwages were.

That's still peanuts.

If you really wanted to send a message, they should be required to pay for an external auditor of the governments choice to come in and perform a top-to-bottom audit on all employee and contractor compensation.

And then get fined for anything fishy.

Comment: Re:So really what's happening is that... (Score 2) 156

by c (#48187151) Attached to: Google Changes 'To Fight Piracy' By Highlighting Legal Sites

Google isn't going to change anything, just charge legal sites to place their ads on piracy searches.

Seems reasonable. How else is Google supposed to know the difference between honest content providers and those dirty pirates?

The whole DMCA takedown debacle shows us that you clearly can't take someones word that they're a copyright owner; they frequently lie about it. But we've been told time and time again that those dirty pirates expect everything for free, so you'd expect that charging money for listings will obviously let the legit operators bubble to the top.

Comment: Re:right.... (Score 1) 117

by c (#48158169) Attached to: The Great Robocoin Rip-off

If your scheme to make money from Bitcoin involves giving real money to someone else who's scheme to make money from Bitcoin involves getting real money from you, then looking at past history of Bitcoin money-making schemes it's highly likely that out of all the people around the table, you are the sucker.

Comment: Re:Meh (Score 1) 201

by c (#48155469) Attached to: Google Announces Motorola-Made Nexus 6 and HTC-Made Nexus 9

Not a one is actually a small, well featured phone. They are simply old and/or reduced spec phones every bit as big as the first wave of large phones.

Generally true, but I've been hearing good things about the Sony Xperia mini/compacts. At least, I'm hoping that's true because when I have to replace my current 4.3" phone, I'm not keen on going much larger...

Comment: Re:Go Ross, Go! (Score 1) 208

by c (#48101793) Attached to: Ross Ulbricht's Lawyer Says FBI's Hack of Silk Road Was "Criminal"

Silk Road Kingpin or not, I'm rooting for Ross here.

I wonder what the people he attempted to have murdered think about all this?

If we follow the arguments in the article to their logical conclusion, then you're talking about an accusation coming from a bunch of criminals. Indeed, one might argue that it's a criminal conspiracy against him.

If they're going to act like criminals, then the government has no credibility in any accusation they make against Mr. Ulbricht.

Now, he likely is a criminal scumbag who did some very stupid and/or shady things, but given the choice between going after one shady guy or an entire organization of criminals, which do you think is a better use of law enforcement resources?

Comment: Evidence? (Score 1) 336

by c (#48071807) Attached to: Why the FCC Will Probably Ignore the Public On Network Neutrality

Changes require systematic, reliable evidence, not emotional expressions . . . In the wake of more than 3 million comments...

3 million people having a coherent opinion on the subject is as systematic, reliable evidence as any other survey of public opinion. That the bulk of those 3 million are likely saying that network neutrality is a really good idea should be considered a fairly reliable data point. I'm not sure it would be a good idea for the FCC to just brush it off.

Comment: Re:Google just pissy (Score 1) 107

by c (#48070453) Attached to: Cyanogen Inc. Turns Down Google, Seeing $1 Billion Valuation

You implied that some manufacturers don't drop support prematurely.

Hm. True. I could've phrased that better, although the definition of "premature" in this case might be debatable. I like to think that everyone will agree that "while the device is still being sold in stores" definitely counts as "premature", and I'm of the opinion that anything less than 2 years after introduction is pushing it.

Outside of the Nexus line, I'm not sure any device would get a pass.

Even Google drops support for Nexus devices after 2 years.

They suggest it'll typically be 18 months, but I'm not sure they've released enough Nexus devices to establish any kind of solid track record. At the moment, the 1st gen Nexus 7 is over the 2 year mark and appears to still be seeing updates. The Nexus 4 and 10 are still being sold, so I doubt you'll see Google stop supporting them soon even though they're comfortably at the 2 year mark.

Comment: Re:Google just pissy (Score 5, Interesting) 107

by c (#48065277) Attached to: Cyanogen Inc. Turns Down Google, Seeing $1 Billion Valuation

Google is just in a snit that CyanogenMod is fantastically better than stock android, BECAUSE it gives power back to users.

So does Xposed, and far deeper than CM ever contemplated.

More likely Google is looking at CM because CM effectively helps to solve the Android "fragmentation" problem, namely getting the latest version onto devices where the manufacturers drop support prematurely. All they'd have to do is officially brand CM as their "Android legacy support" service and just kinda step back.

Comment: Re:FP? (Score 1) 942

by c (#48036785) Attached to: David Cameron Says Brits Should Be Taught Imperial Measures

Even if the US changed every single speed limit sign tomorrow to from MPH to KPH, how hard is it to match a number on a guage in front of you to the sign posted on the road?

US cars have mph as the main unit and km/h as the secondary. Canadian cars, for example, have km/h as the primary and mph as the secondary.

I would never have thought this was an issue until that stretch of time where I was switching between a Canadian and US vehicle for a period of time... it's not rocket science, but it's definitely an extra cognitive load when you're driving, and if you're not used to a particular vehicle then the difference between 55mph and 55km/h isn't as obvious as you'd expect.

It's a bit like what happens when the instrument cluster is put in the center of the dash (fuck the Nissan X-Trail) or the speedometer range is substantially different from what you're used to (if you're used to 100km/h being right at the top of the dial and you move to a vehicle where 80km/h is at the top, you *do* drive slower until you compensate).

As I said, not rocket science, and individually it's not a big issue, but with the sheer quantity of marginal drivers on the roads... I don't expect the transition would be bloodless.

Comment: Re:Call it what you will (Score 1) 329

by c (#48020063) Attached to: Bash To Require Further Patching, As More Shellshock Holes Found

The wrong mechanism (a semi-persistent environment) is being used to transfer what should have transient data. That is a vulnerability in the spec.

Hm. Okay, I'll buy that argument.

In practice, if the CGI developer follows best security practices it shouldn't be a more significant problem than any other "untrusted input" path, and whatever invokes the CGI does have the option of cleaning up the environment instead of accepting the default, but it's fair to say there's a flaw in the spec.

Comment: Re:Call it what you will (Score 3, Insightful) 329

by c (#48018573) Attached to: Bash To Require Further Patching, As More Shellshock Holes Found

The fact is that bash allows external entities to poison environment variables ahead of invocation, causing unintended behavior in bash when it is launched as a child process.

Well, it's not that it allows external entities to poison the environment, it's that it gives the finger to that basic secure programming practice where you should just assume that externally provided input is tainted data.

(you could say that there is a design vulnerability in CGI - and I would agree about that).


There's nothing in the CGI specification that requires or suggests that there needs to be any kind of intermediary in handling the reqests aside from the web server. The environment is a perfectly legitimate way of passing data, and if the web server calls the CGI safely (i.e. pipe()/fork()/exec()) there's no reason for a transient interpreter like bash to get involved. And, aside from security, the performance hit of invoking a shell just to launch another program makes it a bit silly to do it any other way.

And I'd point out that it's possible to explicitly control the environment of a subprocess (i.e. execle()), so anything calling a CGI program can at least sanitize things to minimize any damage. Not that the CGI should depend on the caller to sanitize things, of course.

On the other hand, the environment is a perfectly stupid way to pass code around.

This screen intentionally left blank.