Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:this is one more reason (Score 2) 85

by hawguy (#49156795) Attached to: Under US Pressure, PayPal Stops Working With Mega

Nobody is stopping people in the US from doing business with mega. Send an international money order. People do it all the time. And if you trust them so much, you can always send cash.

It's not so much trust in the business on the other end that keeps me from sending cash through the mail, it's all the people in the middle that are handling the cash-filled mail. The business has a huge incentive to not rip off their customers since a customer that doesn't get what he paid for will soon be an ex-customer.

If postal workers knew that every envelope addressed to Mega had cash in it, they'd be a huge theft target.

Comment: Re:Just a distraction from the real fail... (Score 1) 40

by hawguy (#49156709) Attached to: Uber Discloses Database Breach, Targets GitHub With Subpoena

Because they think it was a crime of opportunity, which sounds like a reasonable supposition -- the hacker stumbled across the key in Github, then either gave (or sold) the key to someone else to do the hack, or did the hack himself. Clearly he wouldn't have downloaded the data using his own IP address, but it's entirely possible that when he found the key on Github, he was using a traceable IP.

There could be hundreds of legitimate accesses of that file. If the hacker was indeed using a hidden IP address to access the database, but his real IP to download the gist, how are Uber going to determine that from all the other legitimate accesses? If the hacker gave away or sold that information, there is going to be no way for Uber to determine a link at all. This just seems like a fishing expedition to hide the real fail.

Or there could be 2 accesses of that file, depending on how long they left it up there. Right now, only Github knows how many people accessed it.

By admitting that one of their developers leaked the key himself on Github, it seems a little late for them to claim that they have no responsibility for the breach.

Ahh... but the thing is that Uber haven't admitted to anything like that. By serving a subpoena against GitHub, it is clear that is what has happened, but nowhere have I seen Uber actually admit this. If Uber were actually to admit this, it would likely open them up to lawsuits from their affected drivers.

They provided the exact Gist URL that had the information, if the drivers want to sue, they can subpoena Github themselves.

Comment: Re:Just a distraction from the real fail... (Score 4, Insightful) 40

by hawguy (#49156645) Attached to: Uber Discloses Database Breach, Targets GitHub With Subpoena

Any hacker with any decent opsec would not be showing their actual IP address. The subpoena request is just smoke and mirrors to hide Uber's own security fail. Even if GitHub were to hand over the data, they would likely find nothing useful. Uber know that GitHub will not hand over that data without a fight. I am willing to bet that Uber are going to start claiming that the hack isn't their fault because GitHub won't hand over the data. If Uber already know the public IP of the hacker, why do they need the info from GitHub to proceed? Meanwhile the actual security fail of Uber making their database access info publicly accessible gets overlooked.

Because they think it was a crime of opportunity, which sounds like a reasonable supposition -- the hacker stumbled across the key in Github, then either gave (or sold) the key to someone else to do the hack, or did the hack himself. Clearly he wouldn't have downloaded the data using his own IP address, but it's entirely possible that when he found the key on Github, he was using a traceable IP.

By admitting that one of their developers leaked the key himself on Github, it seems a little late for them to claim that they have no responsibility for the breach.

Comment: Re:Thieves looking to steal metal? lolwut? (Score 1) 127

by hawguy (#49151833) Attached to: Vandalism In Arizona Shuts Down Internet and Phone Service

That doesn't even make sense. There have got to be a bunch of easier ways to steal metal than going out of your way to find the exposed pipe that just happens to contain out a bunch of important fibre.

These police are complete fucking idiots if they think this was the motive. It's quite obvious the objective wasn't theft, it was just to cause damage.

How do you know if the conduit contains copper wire or fiber until you cut it open?

Comment: Re:Bloatware?! (Score 1) 201

by hawguy (#49150373) Attached to: Lenovo Saying Goodbye To Bloatware

I don't understand why people call it "bloatware". This helpful software does many useful things for the user. It essentially subsidizes your $1000 computer into a more affordable $500 or so machine!

The manufacturer gets money for the installation, and you get helpful software that reduces your costs!

What would people do without search aggregators, browser toolbars, download accelerators, etc?

Maybe people should pay the full cost of the software that comes on their machines. Suddenly your "bargain" $350 "bloats" up to a $700. How about paying the full cost for Windows? How about paying the full cost for say hotmail access?

Software isn't , and shouldn't always be "free".

There should be an option for a "bloat" free computer, with the user paying the full cost for software.

Do you have a reference for that? I'd be surprised if all of the bloatware ads up to a $500 payment to Lenovo, I'd be surprised if it was even $50.

If software makers were willing to pay Lenovo up to $500 to pre-install this software, why aren't they making it available to consumers directly? I'm sure lots of people would be happy to install Superfish-like software if they were paid just $100 for it.

Comment: Re:Then why live on mars? (Score 2) 131

by hawguy (#49150321) Attached to: Adjusting To a Martian Day More Difficult Than Expected

It's only slightly better than living in a giant spinning space station... or in a bomb shelter right here.

Be that as it may, humans can tolerate such conditions and there are plenty of volunteers -- look how many people survive for decades in prison, even harsh prisons outside of the USA where they may literally never leave their cell.

Anything you can do on mars, robots can do better. already.

Then why did it take a big team of human workers to build my house? Surely a robot can hammer a nail into a piece of wood?

Why do we send human firefighters into a burning building? Why are we risking human lives for this if robots can do it better?

Why does an industrial plant call in a human technician to repair their broken robots, why don't they just call in a robot to fix the robot?

Special purpose science robots can do a lot, but there is still no robot that's as versatile as a human. The mars rover is a great example of a robot performing great science (that's far exceeded expectations), but try asking it to step over a 2 foot high wall to reach an interesting object, or asking it to excavate a 3 foot deep hole to see if someone buried an obelisk there.

Comment: Re:You know what else will be difficult (Score 1) 131

by hawguy (#49149913) Attached to: Adjusting To a Martian Day More Difficult Than Expected

to adjust to? No oxygen, -30C temperature, darkness, and no magnetosphere.

oops.

But no worries; Elon Musk will fix all!

Those are all mitigated by living in shelters. If they live underground, then they don't need to follow the Mars Day, they can still keep to Earth time.

Comment: Re:PLIP (Score 1) 446

by hawguy (#49143963) Attached to: Ask Slashdot: Old PC File Transfer Problem

LapLink lets you use the parallel port without having to configure TCP/IP stuff. It's raw bytes, more like a really fast null modem cable.

But why bother getting the right cables (I have some, easy to DIY, but you can't buy them off-the-shelf anymore) and software (some piracy required I imagine). Instead you can use RS232 at 115.2kbps. Google did the arithmetic and unit conversion for me:

160 Megabytes) / (1125 (bytes / second)) = 1.64609053 days

Zmodem is pretty slow, but ZedZap/8K-Zmodem is pretty quick and easy to find software that supports it for DOS, Win9x and Linux. If you do not require error detection and flow control, then Xmodem is fast. (recommend you use a null modem cable with flow control RTS/CTS wired, this is almost always wired correctly with off-the-shelf cables). Don't need a 16550 UART for this to work, an 8250 is adequate if you have flow control enabled.

I'd highly recommend you send ZIP files over your link rather than uncompressed data. If you have enough disk space free, you can use pkzip's multivolume support and archive the entire disk into several managable files. (rar's is even easier to use than pkzip's)

You're off by a factor of 10, 115kbs is around 11500 bytes/second. Even if his serial port can only handle 56kbs, he could transfer the data in less than 10 hours.

Xmodem does do simple error checking with a single byte checksum on every packet (admittedly inferior to zmodem's crc32). Though for anything important, he should be able to find an md5 or even sha1 hash program that'll run on his system.

Comment: Re:Cash is so much better. (Score 4, Informative) 186

by hawguy (#49116057) Attached to: Google Teams Up With 3 Wireless Carriers To Combat Apple Pay

Your ordering is wrong.

The correct ordering is:

1) Cash: 15 seconds or less
2) Credit/debit card: 45 seconds or more
3) Smart phone: 1 minute or more
4) Checks: 2 minutes or more

What kind of lame POS system does your coffee shop have? When I go to Starbucks or Peets, it takes me the same amount of time to hand over my card as it does to hand over cash, the difference being that it literally takes them only a second to swipe it, and by they time they hand it back to me, the transaction has already been approved, no signature required.

I don't see how cash could possibly be faster unless I hand them exact change, but even then they still have to count the bills and put them in the drawer, so even if *my* transaction is faster, the next patron has to wait.

Comment: Re:... and this is surprising how? (Score 1) 153

by hawguy (#49098083) Attached to: Samsung Smart TVs Don't Encrypt the Voice Data They Collect

Do you expect that your smartphone's voice recognition is all happening in the phone?

No, but I expect my smartphone to recognize more than "channel up" "volume down". Even my 2005 era feature phone could recognize key phrases without sending the audio anywhere. Surely a modern TV with multiple gigahertz CPU cores can do the same.

Comment: Re:... and this is surprising how? (Score 1) 153

by hawguy (#49089965) Attached to: Samsung Smart TVs Don't Encrypt the Voice Data They Collect

But it's not a secret. You know when you buy one of these your voice is going to be transmitted over the internets for analysis. You would expect them to take some obvious steps to secure the potentially private information from third parties but there is nothing "secret" about the collection and transmission of the user's voice. The only potential violation of privacy here would be the ability for a third party to intercept the unencrypted data on someone.

Why would someone think this? If my TV had voice detection, I would expect it to all happen locally, I certainly wouldn't expect the TV to record me 24x7 and send snippets of conversation to a central server for analysis.

Comment: Re:And so it begins ... (Score 1) 158

Of course. One of the articles I found proposed to do brute force solutions, and given the terabytes of code out there, it should be possible. Even the creation of the original modules should be open to brute-forcing.

Having terabytes of code to choose from does not make brute forcing any easier.

But note I described the results I wanted - not the code to achieve them. And since I've already written code to do it that way around the turn of the decade, and I don't have the resources to brute-force code creation, I'm figuring I'll go with automated code generation from a simple wish list.

Sure, natural language processing is becoming more refined and will continue to become more powerful. But that's not brute forcing - the natural language processor doesn't piece together random combinations of code to give you what you asked for, it already has algorithms to retrieve data from a database, perform transformations and updates, etc, so it puts together the code logically, not through blindly pasting code snippets together to see if it does what it needs.

Comment: Re:And so it begins ... (Score 1) 158

Example - you have several different database crud operation code modules to choose from.

You also have several different database user interface to pick from.

Additionally, you have several database schemas to choose from, including different indexing options depending on what is important to get fast, the mix of reads, deletes, writes, and rewrites, etc..

And several data input modules - keyboard, external data feed, whatever.

And several logging modules, each compatible with the back end.

And several different error-reporting modules (do we put up a user alert and give a chance to edit it, do we not allow it and send a text message to a phone, whatever).

It would be able to give a list of data we want, like Name, etc. without specifiying the data size or internal type, because that's all been standardized (last name, first name, middle name, etc).

Given the requirements in more or less plain english, it should be possible to come up with the optimal solution pretty quickly, since each module has standard interfaces to the others.

For example, I need a way to track a million people. The information that's mandatory is their name and address, date of birth, and gender. When the address changes, the old address should be preserved so that I can trace back if necessary.

Optional fields are cell number, email, home and work phone numbers, and 1 or more emergency contacts. When any of these change, the old ones should be preserved so I can trace back if necessary.

Initial input is via a record dump on a usb key stored in SDF format, with updates being done by either using the same method or by someone typing them in.

A sequential account number should be auto-generated for those records that don't have an account number from the initial dump. The account number is 2 letters, 6 digits, then 2 random digits to help detect bad account numbers.

I should be able to search by account number, name, or any phone number.

Input data from the initial dump should be flagged if not valid, and input data from later should only be entered if all required fields are there.

Auto-generating such an application should be doable now.

What you are describing now is not what you were describing earlier. Earlier you suggested that a computer could "mix and match billions of code snippets already written and brute-force" a program.

What you're suggesting now is that you want the computer to parse your natural language of a problem and turn that into a program.

Do you not see the vast difference between the two?

Force needed to accelerate 2.2lbs of cookies = 1 Fig-newton to 1 meter per second

Working...