Forgot your password?

Comment: Re:If lack of security updates didn't kill IE 6... (Score 1) 35

by pavon (#48274665) Attached to: Google To Disable Fallback To SSL 3.0 In Chrome 39 and Remove In Chrome 40

Yeah, but not by default. I agree that this won't influence most businesses who are still running IE. But old grandma running IE 6 will find that her internet is broken, and will ask someone to fix it for her, which most likely will involve upgrading to an newer browser.

Comment: Re:If lack of security updates didn't kill IE 6... (Score 2) 35

by pavon (#48274631) Attached to: Google To Disable Fallback To SSL 3.0 In Chrome 39 and Remove In Chrome 40

It may also bring back the days of banks requiring the use of IE, as none of the citi group websites support any version of TLS. Of course, those in the know should cancel their citi accounts. Even if you don't use their website, if their security is this lax in one area, it probably isn't great in others as well. Sucks for people with mortgages and such that are very expensive to move to another company, though.

Comment: Re: Packages can't be removed? (Score 3, Insightful) 126

by pavon (#48227661) Attached to: OwnCloud Dev Requests Removal From Ubuntu Repos Over Security Holes

[quote]It's just irresponsible for the package maintainers to come back and say "we can't pull it, we're leaving it as is, and we're not patching it either".[/quote]
The package maintainers didn't say that. This package is in the universe repository. The entire purpose of this repository is that volunteers can upload packages that Canonical has decided they aren't going to support. So Canonical isn't the package maintainer and you can't really blame them for not supporting packages that they said they aren't going to support.

Furthermore, it sounds like the ownCloud developers want Ubuntu to either use the latest & greatest release, or remove the package entirely. If that is correct, then I think it is irresponsible on the developer's part. Version 7 only came out 3 months ago, so they really ought to be providing security patches for version 6.

Comment: Re:How secure is that connection string? (Score 1) 124

Even if BTSync were to process one connection string per CPU clock cycle, it would still take 1e20 years to try all the possible 20-character Base64 strings that BTSync uses by default. If you choose a longer string, then it will take even more time. In otherwords, the standard strings have 120 bits of entropy, and you can increase that to up to 240 bits. This is less than is typically used for encryption these days, but btsync doesn't have to deal with offline attacks.

Rather than key size, I would be more concerned about whether the client potentially leaks data through timing attacks, or any MITM/sniffing attacks that speed up the cracking faster than brute force.

Comment: That isn't open source (Score 1) 124

That isn't an open source implementation of btsync. It is just an unofficial debian package that installs the official proprietary btsync binary. It makes it easier to install and update btsync on debian based systems, but it is the exact same software that you download from the official site.

Comment: No notification of concurrent modification (Score 2) 124

I have been using bittorrent sync for about the same amount of time, and the thing that is killing me is that it makes no effort to detect and warn when a file has been modified on multiple computer since the last sync. It just chooses the one that was modified most recently, and silently overwrites the other one. It does create a temporary archive backup of the modified file that was overwritten, but by the time you noticed you have lost data, it can be very difficult to wade through all the archive files on different computers and figure out which ones need to be merged. The resolution to conflicts will always have to be a manual process, but the sooner you know that a conflict occured the easier it is to resolve.

I've lost track of how many password resets I have had to do because I lost a newly randomly generated password saved to my keypass database, synced across computers.

Comment: Re:Only usefull for wine? (Score 1) 55

by pavon (#48176993) Attached to: Direct3D 9.0 Support On Track For Linux's Gallium3D Drivers

Think of it this way. If you are a company that has a D3D application that you need to port to linux, does it make more sense to spend a small amount of time making wine-lib based port that works with any video card driver. Or to spend a larger amount of time to create a native port that only works with specific drivers, causing all sorts of complications for your potential user base. It's a no brainer; you take the path that is less work for you, and more compatible for your customers.

Comment: Re:Only usefull for wine? (Score 1) 55

by pavon (#48175915) Attached to: Direct3D 9.0 Support On Track For Linux's Gallium3D Drivers

This native D3D9 support only works for drivers based on Gallium3D, which includes Noveau and the newer cards supported by the Radeon driver. If you are using the proprietary NVidia or AMD drivers, then this won't work. I can't imagine that any company would want to support a Linux port that required you to have specific graphics card drivers installed. Especially a company that didn't care enough about cross-platform support to use OpenGL from the start, and especially when many of the people who care about gaming on linux will be running the proprietary drivers, since that is what works best for most other games.


The One App You Need On Your Resume If You Want a Job At Google 205

Posted by timothy
from the surprisingly-it's-not-I-am-Rich dept. writes Jim Edwards writes at Business Insider that Google is so large and has such a massive need for talent that if you have the right skills, Google is really enthusiastic to hear from you — especially if you know how to use MatLab, a fourth-generation programming language that allows matrix manipulations, plotting of functions and data, implementation of algorithms, creation of user interfaces, and interfacing with programs written in other languages, including C, C++, Java, Fortran and Python. The key is that data is produced visually or graphically, rather than in a spreadsheet. According to Jonathan Rosenberg , Google's former senior vice president for product management, being a master of statistics is probably your best way into Google right now and if you want to work at Google, make sure you can use MatLab. Big data — how to create it, manipulate it, and put it to good use — is one of those areas in which Google is really enthusiastic about. The sexy job in the next ten years will be statisticians. When every business has free and ubiquitous data, the ability to understand it and extract value from it becomes the complimentary scarce factor. It leads to intelligence, and the intelligent business is the successful business, regardless of its size. Rosenberg says that "my quote about statistics that I didn't use but often do is, 'Data is the sword of the 21st century, those who wield it the samurai.'"

Comment: Other side of the story. (Score 3, Insightful) 118

by pavon (#47892839) Attached to: Software Patents Are Crumbling, Thanks To the Supreme Court

When Arstechnica ran that WP story about corruption in the USPTO, several current and past patent examiners posted comments that are worth reading. Two key ones in particular are this and this.

Short story is that USPTO has stupid counterproductive performance metrics, so everyone games the system to look good by the metrics (we've all seen that before). Some managers recognize this and don't want to be assholes about time charging rules because of it, as long as employees are doing good work. Others get upset that the rules are being broken and assume it is blatant time card fraud, and blew the whistle to the news outlets.

Comment: Re:difference between driver and passenger? (Score 1) 364

by pavon (#47871113) Attached to: Text While Driving In Long Island and Have Your Phone Disabled

They are evaluating different technologiess, some of which are implemented on and affect a single phone, others implemented with hardware in the car and affect all phones in the car. But even if it disables all phones in the entire car, I am completely fine with this. Yes it is inconvient, but it's not like it is being required as standard equipment on all cars all the time. It is only being applied to cars of people who broke the law and put others around them at risk. You want to keep using your phone when you are riding with a friend/spouse; then give them shit about texting while they are driving.

Whoever dies with the most toys wins.