Forgot your password?
typodupeerror

Comment: Re:Hoax (Score 1) 984

by dkf (#48129837) Attached to: Independent Researchers Test Rossi's Alleged Cold Fusion Device For 32 Days

Unfortunately, I suspect any funds recovered via such penalties would fail to even begin to approach the total economic damage done to the community.

Ah, but in that case there would also be a strong case to be made for setting aside the contract (it having been obtained through fraudulent actions; an illegal "contract" is never a real contract) or at least the lock-in terms of it. You mustn't just penalize one half of the crooked agreement; you've got to deal with the other side if they were part of the conspiracy too. And no, the fact that a contract has been signed off by all the people who were authorized to do so at the time doesn't make it sacrosanct and beyond review, and it cannot do as that would provide a mechanism to allow fraud on a massive scale without any legal recourse, which would be exceptionally abhorrent to the public morals.

Hmm... In fact, "conspiracy" is a very suitable word to be considering here, given the reported statements, as it would allow some pretty extreme penalties to be levied against all concerned (e.g., a corporate conviction for conspiracy would be catastrophic for the company concerned, and would run the real risk of making them go bust. Like you ought to care.) In fact, check who the state DA has been taking payments from, just in case. It pays to be careful with this sort of thing...

I would emphasize that I definitely don't know the facts of the case or any of the individuals concerned. I'm merely commenting on how I would expect such things to be possible to go forward, treating the whole thing as hypothetical, given the (not necessarily unbiased) statement of the situation in the posts I'm replying to.

Comment: Re:Nevertheless, Microsoft is doomed (Score 1) 93

by dkf (#48062861) Attached to: Samsung Paid Microsoft $1 Billion Last Year In Android Royalties

desktops and laptops last more than 8 to 12 years

Desktops may. Laptops, not really. You run into problems with loss of battery life and gradually increasing general crankiness of the hardware. (The higher-powered a system is when first bought, the longer it lasts; low-ball it, and you're going to have to refresh sooner. And it's possible to replace some components in a desktop far more easily than in a laptop.)

Comment: Re:Why is this a bash bug? (Score 2) 329

by dkf (#48019333) Attached to: Bash To Require Further Patching, As More Shellshock Holes Found

Why does bash have to worry about security?

Because if it is installed as /bin/sh (fairly common), it gets called in a great many places because of the OS APIs system() and popen(), which are both defined to use /bin/sh on Unix. Much of the reporting about it has been more than a little breathless, but that's journalists for you.

Not everything is vulnerable. CGI is not inherently vulnerable (it could use execve() directly) and the called code need not use bash ever. But it's still a serious problem as anything that explicitly requires bash is also definitely broken: we want it fixed ASAP. (A start would be to never process environment variables for function definitions during startup, especially when running as /bin/sh...)

Comment: Re:"could be worse than Heartbleed" (Score 1) 318

by dkf (#47997723) Attached to: Flurry of Scans Hint That Bash Vulnerability Could Already Be In the Wild

Outside of malicious HTTP headers landing in environment variable in CGI land, I'm hard pressed to think of another reasonable vector for this bug to be a problem...

To be fair, with a moderately competent CGI implementation, the subprocess will start just fine. The problem comes with whatever that subprocess calls, since environment variables are inherited by default. The deeper you go, the greater the likelihood that some programmer will have used system() or popen(), or even flat-out implemented the process as a shell script.

Comment: Re:Why is 1984 in this poll? (Score 1) 410

by dkf (#47975759) Attached to: It's Banned Books Week; I recommend ...

The American Library Association maintains lists of the most frequently challenged books (i.e. the ones people try to ban). Although 1984 shows up on the list of challenged classics, there is only one challenge listed -- someone in Jackson County, Florida in 1981 thought that it was "pro-communist and contained explicit sexual matter". The first part shows a massive failure of reading comprehension, not actual hostility towards the content. 1984 doesn't show up in the top 100 challenged books lists for 1990-1999 or 2000-2009.

However, the US isn't the only country that bans (or tries to ban) books. Works like 1984 are much more likely to be banned by totalitarian regimes precisely because they encourage people to think about the ways in which the regime is trying to restrict them. Banning books is basically wrong anywhere, not just in one country in one part of the planet.

Comment: Re:Failure tolerance is a mortal sin (Score 1) 101

by dkf (#47958763) Attached to: 'Reactive' Development Turns 2.0

Now I'm building an app with Scala/Play framework and we don't have user sesssions or the web servers so scaling and server failures are not a problem.

If you don't have user state or session state, scaling is no problem. You just throw more hardware at it so you can have replicated servers with a simple load balancer in front. Job done.

It's scaling in the presence of (mutable) state that is hard. It's also what a lot of use cases need. Sometimes you even have to give up on scaling (boo!) in order to achieve other objectives, or think very hard to come up with an alternative approach such as spinning out processing to cloud-based slaves, which also doesn't truly scale, but can often go pretty large despite that (if you get the finances/business-model right).

Comment: Re:Anthropometrics (Score 1) 819

by dkf (#47846933) Attached to: 3 Recent Flights Make Unscheduled Landings, After Disputes Over Knee Room

The solution is simple: load them up with tranquilizers/sedatives and stack 'em in like cordwood. ;)

A seemingly good idea that will fall apart as soon as someone overdoses on sedatives and their next-of-kin sue. Good luck with persuading a judge that some getout clause in a 3pt font prevents any liability attaching...

Comment: Re:So 1024 Bits Not Enough Now? (Score 1) 67

by dkf (#47840035) Attached to: Mozilla 1024-Bit Cert Deprecation Leaves 107,000 Sites Untrusted

You're confusing the cost of legitimate operations with the cost of searching the key space. You don't want legit users to bear too much cost since everyone ends up paying that over and over, but you do want the cost of searching to be high since that's not something that people should be doing.

Comment: Re:The last sentence of the summary is spot on (Score 1) 66

by dkf (#47840011) Attached to: Two Explorers Descend Into An Active Volcano, and Live to Tell About It

The trek itself was trivial compared to summiting Everest but the visuals were just a lot more impressive.

You don't need such fancy protective gear when doing Everest, which is just cold and lacking in oxygen, not outright chemically hostile and hot as hell. (Some volcanoes are even worse. The ones that spew fluorine gas (or hydrofluoric acid) are just awful...)

Comment: Re:Kodak had the right idea decades ago (Score 1) 161

by dkf (#47823577) Attached to: New HTML Picture Element To Make Future Web Faster

It's called JPEG2000, uses wavelet transformations instead of discrete cosine transformations that JPEG uses and has been around since over a decade ago. No one uses it.

You're wrong there. It's used quite a lot in high-capacity digital image storage. Libraries, that sort of thing. You might have the space and time to waste on using standard JPEG and you might not care too much about the compression artefacts, but libraries really do care. (A billion high-resolution images is only a medium-sized library...)

Facts are stubborn, but statistics are more pliable.

Working...