Forgot your password?

Comment: Re:Quality (Score 5, Funny) 101

by hawguy (#46830197) Attached to: Band Releases Album As Linux Kernel Module

They transcoded it a ton, don't expect FLAC or even mp3 v0. Seems more for publicity.

"...came from .ogg files that were encoded from .wav files that were created from .mp3 files that were encoded from the mastered .wav files which were generated from ProTools final mix .wav files that were created from 24-track analog tape."

Mod this insightful! I was tricked and thought that loadable kernel modules were going to be the music distribution format of the future... it seems so convenient! But it turns out that this was just about the publicity. How dissapointing!

Comment: Re:A foretaste... (Score 2) 75

by hawguy (#46828679) Attached to: The Hackers Who Recovered NASA's Lost Lunar Photos

...of what's to come.

This data's barely 50 years old, of extremely high value (thus worth the extraordinary effort), and relatively low Size.
We're talking about a couple of thousand high-resolution pictures, so what, each is perhaps what, 10 megabytes (they're all b&w)? So total of 20 gigs of images?

I know people that take more picture data than that in a single 1st birthday party.

And in 50 years, will it be gone?

When my grandmother died and we cleaned out her attic, we threw away a lot of old photos and 8mm movies because no one alive still knew who was in the pictures.

Someday my thousands of digital photos will suffer the same fate -- when my computer is sold off for scrap and the credit card that pays my dropbox bill is canceled, they will all dissappear except for images that I've specifically chosen to pass on... as they should.

Comment: Re:And As Usual... (Score 1) 157

by hawguy (#46826915) Attached to: OnePlus One Revealed: a CyanogenMod Smartphone

...No card slot, no keyboard, no daylight readable screen, and therefore no sale.

Why do companies insist on copying the same lack of features of the big-name manufacturers while still calling themselves "revolutionary?" It's just another clone phone, the Toyota Camry of boring copycat "me too" featureless blank slates that already flood the marketplace.


No microSD card slot? A non-removable battery? Into the trash it goes.

I was a little disappointed when I found out that you had to be invited to have the option of buying one but I wasn't aware they had gotten rid of the microSD slot and removable battery so I guess I'll be looking at the Galaxy S5 instead even if I had an invite. For the life of me I don't understand why people consider a non-removable battery (and batteries are very prone to failures) to be a feature; I like to have spares in case I go somewhere charging is not possible or convenient or in the more likely case the original battery loses its ability to keep a charge like I've experienced with two different Li-Ion batteries.

While I don't necessarily consider a non-removable battery to be a "feature" (though maybe it is if manufacturer claims that it lets them create a thinner phone are true), I never removed the battery in my Galaxy Nexus after almost 2 years of use, and while the Nexus 5 battery is "non-removable", that only means that it'll take 20 minutes to change the battery if it fails, it's really not that hard to open the phone. I already carry a USB battery pack for recharging other USB devices, so I don't really need to be able to change batteries on the fly.

Given the choice between a MicroSD card slot and a removable battery, I'd opt for the MicroSD, since I like to load up movies for long trips and would love to be able to just pop in a 64GB MicroSD card with dozens of movies rather than downloading them on the phone.

Comment: Re:Nice. Caught red-handed... (Score 1) 233

by hawguy (#46811869) Attached to: Intentional Backdoor In Consumer Routers Found

I have a slightly more ambitious suggestion. We should make a list of every device that uses this 'sercomm' module and make a point never to buy them again.

Who is 'we'? The .01% of consumers that are tech savvy enough to know what a backdoor is and why we don't want one? Meanwhile everyone else will continue to buy routers based on which picture on the box looks better.

Comment: Re:Low (Score 1) 80

by hawguy (#46810607) Attached to: Heartbleed Pricetag To Top $500 Million?

Testing department are useless when you can take a snapshot and rollback in case a problem is detected. Also, if you are into an organisation as big as you claim, your critical system run unecrypted behind an SSL accelerator&application firewall. Testing is so 200?ish...

Sure.... I've heard that before... rollback fixes everything... When the time clocks lose punches because they can't upload data to the attendance system you can just tell managers to manually reconcile timecards for 10,000 employees since IT didn't bother to test anything.

Comment: Re:Low (Score 1) 80

by hawguy (#46807573) Attached to: Heartbleed Pricetag To Top $500 Million?

That's ridiculous. I download firmware patches, software patches, etc on a daily basis. Patching heartbleed wouldn't even be out of the ordinary for my job as CIO. It basically costs IT nothing.

If you are downloading patches,you are no CIO regardless of the the title you gave yourself. Any company large enough to need a real CIO would have a gone through an extensive testing/qualification process for an emergency out-of-band patch. You would be lamenting the many man hours your teams lost while testing the patch (which, due to the urgency, meant that it could not go through the normal QA process you use before deploying patches). It took Amazon all day to deploy the patch across their load balancers.

Comment: Re:NSA (Score 1) 582

by hawguy (#46761827) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

The huge problem with OSS is that if no one takes the responsibility to do a good code audit for a project, the NSA will do that independently, file the found exploits, and tell nobody.

Of course, the flip side is that if you *want* to do a good code audit for software you're using, you can do it on your own with open source software (and you can review code changes in patches before applying them). However, with closed source software, you can (usually) only take the word of the closed source company and have to trust that they haven't purposely inserted back doors into the code.

And once one company does the audit, they can share it with others (or a group of companies could share the costs of the audit), and all users, no matter how large or small, can validate that the code they are running matches the audited code.

Of course, an audit isn't a guarantee of finding a bug (which is just as true for closed source software as it is for open source software), but at least with open source code, a company that finds a bug can choose to fix it immediately without waiting for it to filter through a large company's release process.

Comment: How does a language remediate anything? (Score 1) 188

by hawguy (#46760323) Attached to: The Security of Popular Programming Languages

I don't understand this:

Perl remediates 85% of all Cross-Site Scripting vulnerabilities, the highest rate among all languages but only 18% of SQL Injection.

There is no Perl language support to remediate cross site scripting. That's all done by the developer and/or framework he's using, so I don't see how it's useful to say that Perl remediates 85% of XSS vulnerabilities when the language itself has no idea what XSS is or how to remediate it.

I'm also having trouble reconciling this statement:

Perl has an observed rate of 67% Cross-Site Scripting vulnerabilities, over 17% more than any other language.

So Perl re mediates 85% of XSS vulnerabilities -- the highest rate of any language, yet it has a 17% higher rate of XSS vulnerabilities?

This study would be slightly more useful if they gave details on web frameworks instead of just languages.

I'm surprised Ruby and Python didn't make the list, I figured that either one of those languages would be more popular than Perl for web development today

Comment: Re:Climate engineering? (Score 1) 342

by hawguy (#46751365) Attached to: Climate Scientist: Climate Engineering Might Be the Answer To Warming

Considering this is a non-problem to start with, we'd absolutely be doing more harm than good. This was the most brutal winter I've seen in over 20 years. It seems like every other day I was plowing more global warming off my driveway and we just got another 5" of global warming last night that I had to shovel off my walk.

Why do so many people confuse weather with climate?

Comment: Re:Why in the FUCK (Score 5, Informative) 41

by hawguy (#46750597) Attached to: Google Buys Drone Maker Titan Aerospace

would either Google or especially Facebook be buying drone companies? These companies obviously have WAY too much money and are WAY overvalued. I suppose it is smart that rather than wait for the bubble to burst and the share price to crash, wiping out billions in value, they're trying to get stuff that is worth something while they still can. Still, this is actually kind of unsettling to me and makes me wonder if we may cruising obliviously towards the next text meltdown, sooner rather than later?

It's alluded to in the summary, and spelled out in TFA - both companies have shown interest in providing internet access in underserved areas through aerial platforms:

Both Ascenta and Titan Aerospace are in the business of high altitude drones, which cruise nearer the edge of the earth’s atmosphere and provide tech that could be integral to blanketing the globe in cheap, omnipresent Internet connectivity to help bring remote areas online. According to the WSJ, Google will be using Titan Aerospace’s expertise and tech to contribute to Project Loon, the balloon-based remote Internet delivery project it’s currently working on along these lines.


The main goal, however, is likely spreading the potential reach of Google and its network, which is Facebook’s aim, too. When you saturate your market and you’re among the world’s most wealthy companies, you don’t go into maintenance mode; you build new ones.

Comment: Why not? (Score 3, Interesting) 236

by hawguy (#46730399) Attached to: GM Names Names, Suspends Two Engineers Over Ignition-Switch Safety

The next time your mail goes down, should we know the name of the guy whose code flaw may have caused that?"

Why not let software engineers take responsibility for their work just like "real" engineers do when they sign off on a project?

The developer responsible for the Heartbleed bug that put the privacy of millions of users at risk stood up and took responsibility for his mistake.

If you know that the world is going to hear about it if you screw up, then maybe you'll take a little more time to vet your work before you sign off on it.

Comment: Re:It's time we own up to this one (Score 3, Interesting) 149

by hawguy (#46730341) Attached to: NSA Allegedly Exploited Heartbleed

It was discovered and fixed so quickly *because* it's open source

For crikessakes, the heartbleed vulnerability existed for over 2 years before being discovered and fixed!

Sorry my bad, that sentence was confusing -- I meant the fix was fast, not finding the bug.

An exact timeline for Hearthbleed is hard to find, but it looks like there was some responsible disclosure of the bug to some large parties about a week before public disclosure and release of the fixed SSL library.

In contract, Apple learned of its SSL vulnerability over a month before they released an IOS patch and even after public disclosure of the bug, it was about a week before they released the OSX patch. And just like the OpenSSL bug, Apple's vulnerability was believed to have been in the wild for about 2 years before detection. (of course, since the library code was opensourced by Apple, several unofficial patches were released before Apple's official patch).

Comment: Re:It's time we own up to this one (Score 1) 149

by hawguy (#46729753) Attached to: NSA Allegedly Exploited Heartbleed

OK guys. We've promoted Open Source for decades. We have to own up to our own problems.

This was a failure in the Open Source process. It is just as likely to happen to closed source software, and more likely to go unrevealed if it does, which is why we aren't already having our heads handed to us.

But we need to look at whether Open Source projects should be providing the world's security without any significant funding to do so.

If it's just as likely to happen to closed source software, then why is it a failure of the Open Source process? It was discovered and fixed so quickly *because* it's open source - there may be similar holes in closed source software that are being exploited today, yet no white hats have discovered them yet.

"If that makes any sense to you, you have a big problem." -- C. Durance, Computer Science 234