Forgot your password?
typodupeerror

Comment: I can see this (Score 1) 39

which is stopping people feel sympathy towards people living on the street as it's easier to have 'less feelings when you're typing something' than looking at them in the eye"

If you are not looking them in the eye, then you are not experiencing the Identifiable Victim effect.

Comment: Re:I must be in the minority. (Score 2, Insightful) 324

by mysidia (#46773821) Attached to: Survey: 56 Percent of US Developers Expect To Become Millionaires

It looks like you skipped over the part, "that doesn't rely primarily on luck".

It doesn't depend primarily on luck. It depends on your ability to select a sequence of investments that will have an average payout of more than twice what they cost. You don't know the outcome of any one investment (success or failure), but your ability to pick a sequence of investments that are expected to offset each other's random risks and have sufficient average payout when taken together (expected total gain minus loss averaged more than twice cost), is one of skill, and it relies on decision making abilities.

Good luck is when the average payout turns out to be twice as much as expected and happens less than 1% of the time. Bad luck is when the payout is half or less, and happens less than 1% of the time.

This is assuming a skilled selection.

When we say "high risk"; we do not mean visiting a casino and placing bets, where you have an expected loss of 10% due to the house edge, (assuming you had infinite cash and placed bets forever).

Comment: Re:I must be in the minority. (Score 1) 324

by mysidia (#46773385) Attached to: Survey: 56 Percent of US Developers Expect To Become Millionaires

Sure becoming a multimillionaire is (theoretically) easy. But nothing I do will make me a billionaire that doesn't rely primarily on luck

You just need to become a millionaire and then double your money 10 times.

Once you have the millions, there are plenty of high-risk investments to pick from that are likely to do just that.

Comment: Re:u wot m8 (Score 1) 564

by mysidia (#46764333) Attached to: Microsoft Confirms It Is Dropping Windows 8.1 Support

I would be fed up with FedUp... if I were you

Wake me, when there's a RHELUp available to go from RHEL5 to RHEL6.

More seriously.... I don't run production systems on Fedora, and I don't think anyone should.

Fedora is more of a developer desktop OS; that gives an idea of what the future version of RHEL might look like in the future.

Comment: Re:Open source was never safer (Score 2) 519

by mysidia (#46763537) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

Safer != Perfect

Open Source is not perfect. It also does not help when you have large commercial institutions RELYING on the source code in a security critical role under constant attack by well-funded adversaries, AND the developers of said open source code are so pitifully underfunded, AND the commercial proprietors that cause said open source library to become a high-value target are only willing to invest in features, and not improvements that would lead to better quality and lesser likelihood of serious bugs.

Comment: Re:What about a re-implementation... (Score 1) 279

by mysidia (#46761171) Attached to: OpenBSD Team Cleaning Up OpenSSL

I never saw a C program with a remote file inclusion bug or a C code injection bug caused by an eval().

Pretty much all the errors caused by C fall into two buckets: reading an improper memory location and writing an improper memory location (including double-free'ing an invalid memory address).

As long as you can be certain to avoid those two conditions, C is just as safe as other languages. There are ways you can design your C programs, and rules you can follow which make it unlikely for you to include such errors.

For non-trivial programs, there are plenty of advantages of managing your own memory: which you cannot do in other languages such as Python or Java.

The other languages' use of garbage collection results in great space and runtime inefficiencies.

Comment: Re:And they've already stopped (Score 2) 279

by mysidia (#46761055) Attached to: OpenBSD Team Cleaning Up OpenSSL

$30,949 is how much the OpenBSD Foundation received in donations in 2013.

And yet... I heard OpenSSL itself gets at most $2000 in a typical year. Despite tens of thousands of banks, retailers, hardware manufacturers, software manufacturers, all relying on their code in a security critical fashion to support their business activities. The MOST the OpenSSL project gets in contributions is a mere shilling?

And no real support for high quality code review, maintenance, and release management. Just support for adding feature bloat.

Comment: Re:u wot m8 (Score 1) 564

by mysidia (#46755485) Attached to: Microsoft Confirms It Is Dropping Windows 8.1 Support

Oh... Redhat lover..... Actually, there's a problem with that: It will only upgrade packages within a release, AND you can't upgrade to the new release.

It's like being stuck at Windows XP Service Pack 1, and having to go do an offline boot from CD update from CD install media to go to SP2.

So it's really "Insert RHEL 6 CD"; Go through installer again; Windows has a much better experience....

Ubuntu's release upgrade process is also OK

Comment: Re:Don't keep vulnerable servers running! (Score 1) 151

by mysidia (#46752673) Attached to: Private Keys Stolen Within Hours From Heartbleed OpenSSL Site

I would also only be able to use EC cryptography with PFS with OpenSSL. I don't trust EC personally, yet. It's just not been around long enough for me.

The promise of PFS is that a private key compromised or lost after the fact does not compromise the contents of all sessions. Which means it's useless for an attacker to intercept thousands of SSH sessions, and then later make an attempt to break into the server --- they need private key at the time of any attack.

You're argument is the equivalent of saying "I would use SSH, but I just don't trust PAM yet for my password authentication, which SSH seems to require. So I'll keep on using Telnet."

By the way, ECDSA has been around over 10 years. In computer industry terms, that is quite ancient.

Comment: Re:The CA should not revoke the certificates, (Score 2) 151

by mysidia (#46752389) Attached to: Private Keys Stolen Within Hours From Heartbleed OpenSSL Site

Which only tells us they're patched now, it doesn't tell them how much time the site was vulnerable.

That's true, BUT for the ones that are patched now --- the admin probably understands the issue. The sites with negligent, clueless, or sloppy admins, will be unpatched sites mostly (or sites running earlier releases before the vulnerable version).

"It's curtains for you, Mighty Mouse! This gun is so futuristic that even *I* don't know how it works!" -- from Ralph Bakshi's Mighty Mouse

Working...