Forgot your password?

Comment: Re:Blame them, not Heartbleed (Score 1) 76

by plover (#47714693) Attached to: Heartbleed To Blame For Community Health Systems Breach

Given our track record with Juniper, "drop everything and patch now" is a foolhardy approach, especially with something as important as a border router or firewall. I wouldn't apply any of their patches without seeing a long track record of safety. With heartbleed there was an unknown level of risk that they would be attacked; with any given Juniper patch there is a known risk the network would just go down.

Of course, given the choice, I wouldn't select a Juniper device to route packets to a doghouse, and would never place one as a mission critical node on any network. Then again, that's not my choice to make, just one we have to live with.

Comment: Re:So? (Score 2) 92

by plover (#47711519) Attached to: Your Phone Can Be Snooped On Using Its Gyroscope

I'm going to assume most phones already have actual microphones, so how does this add any additional kind of insecurity? I'm going to assume most phones already have actual microphones, so how does this add any additional kind of insecurity?

Apparently the sound from your mic and the echo from your gyroscopes were both parsed by your speech-to-text converter. I guess it works better than we thought!

Comment: Re:not true at all (Score 1) 132

by plover (#47711485) Attached to: FarmBot: an Open Source Automated Farming Machine

When you look at the technical advancements in agriculture, they're composed of small features integrated in to (or bolted on to) existing equipment. You don't need a new tractor, you just need to mount a GPS receiver and a database onto your old one. A processor no bigger than a cell phone can do lots of that. Adding electrically operated valves to an existing fertilizer or pesticide spray system? Again, very small. It doesn't have to auto-steer, it just has to know where it is, and where it's been.

The makers don't have to build the tractors, they just want to improve them.

Comment: Re:Blame them, not Heartbleed (Score 2) 76

by plover (#47711413) Attached to: Heartbleed To Blame For Community Health Systems Breach

I realize reading the article is considered bad form, but if you read it you'd learn they think they were breached sometime between April and June. Heartbleed was announced in April. That's somewhere between zero to two months. Lots of big shops have a monthly patching cycle, and you don't just drop every patch into a mission critical system the day it arrives.

Comment: Re:It's not like they've had 5 months to fix it... (Score 5, Insightful) 76

by plover (#47711369) Attached to: Heartbleed To Blame For Community Health Systems Breach

They said they think they were breached sometime between April and June. Heartbleed was announced in April. The window was zero to two months, not five.

And it's not that data security is a low priority, it's just that it may not be as high a priority as network availability. This is health care, where problems in communication might affect patient outcomes. "Hey, sysadmin, Doctor Green couldn't respond to his page last night, and the patient died as a result." These are the kinds of arguments that are thrown at the IT departments at every health care provider. Whether or not we consider them rational or valid is irrelevant.

So in that backdrop, we might try to understand that they probably don't just slam in every patch that the vendor has to offer, at least not without a giant process circus. I would guess that they have a patch intake process, where they have to run the patch by some engineering team that evaluates the nature of the patch, and devises some kind of testing plan to execute in their lab environment. They then have to pass it to the testing team who will set up and execute the patch process in the lab, document all their findings, and then turn the patch over to the production network team. They'll put it on their list, and they'll have their own manager who says "whoa, why are you security guys rushing to slam this patch in to my border router? Let's slow down and think about this one."

I could easily see it taking a month in a big, regulated corporate environment.

Comment: Re:Pretty obvious (Score 1) 115

by plover (#47709447) Attached to: Feds: Red Light Camera Firm Paid For Chicago Official's Car, Condo

There are the ethics of the money collected, but that can be fixed. I'm more concerned about the inequity of the penalty. If I had to pay a $300.00 fine for a red light violation, it would be slightly annoying. If my unemployed neighbor had to pay $300.00, he'd fall further behind on his rent, or possibly go hungry. Conversely, if I had to unexpectedly sit in jail for a day, my projects would suffer, my employer would have no sympathy, and my job might be at stake; while my neighbor would simply wait out his days with little else of consequence. So if I know the penalty is monetary, I can afford to run the occasional red light. If we know the penalty is to serve time, my neighbor might run a red light just to get three squares.

How to best create a fair penalty is a difficult proposition.

Comment: Re:not true at all (Score 3, Insightful) 132

by plover (#47706775) Attached to: FarmBot: an Open Source Automated Farming Machine

And thus this is likely yet another solution without a problem.

No, I think the desire here is for it to be Open Source. Current agricultural tools are proprietary, where you pay a ton of money for the special GPS receiver, arrays of sensors, a database of moisture, fertilizer, and yield readings, continuously variable spray systems, auto-steering systems, and everything else.

The current systems are brilliant: they can reduce fertilizer usage by 60% or more by applying the proper amount of fertilizer on the areas that need it. This reduces cost, excess chemicals, and greatly reduces polluting runoff. They also measure how much water the crops need, and adjust irrigation accordingly. And in a greenhouse, they can even measure and control the light.

But all of that is not all that difficult to solve, apart from the hardware. Makers are getting pretty good at producing open source hardware for a lot of smaller things; and there is a desire to get open source solutions in the hands of the developing nations.

So I think there's a lot of problem out there that this could yet solve.

Comment: Re:Influence vs. similarity (Score 2) 74

Actually, the more I look at the Rockwell and the Bazille, the more sophisticated the results of the comparison appear to be. You've got a group of men, off in the background, engaging in a conversation that you are not able to hear. They're the subjects of the piece, but you don't see much of them, you can't hear what they're saying, and what they're talking about is partially obscured. You assume that because they're invited to the back room of the barbershop that they're more than just customers, similarly the men discussing the painting appear to share a common interest. The stoves suggest that a warmth exists, and that the people are physically comfortable in both places. The empty foreground spaces indicate a purpose that's going partially unused at the moment. The chairs give an identity to each place: the barbershop chair helps you understand that it's a shop, and because no one is sitting in it, you realize that a discussion other than banal haircut chatter about the ballgame is going on. The empty salon chair lets you know that the studio is underutilized - maybe this is a showing of unpopular works?

I still think that the paintings are likely unrelated to each other, but it seems that both artists were thinking similar thoughts when they chose to paint these. And that's the sophistication of the algorithm.

Comment: Re:A stretch (Score 1) 74

It's not just the furniture and the occupants, but how the artist chooses the scene. There is a balance to a picture, with different ways to give the painting a sense of place, or to guide the eye to focus on that which is more important to the artist. The artist could choose to leave out the stove. He could choose a time when the room has more or fewer people, or when the faces are distinct or obscured, whether or not they're facing the artist, etc. Rockwell chose to paint a barbershop with no customer in the chair, but instead used the illumination to highlight the barber and his friends otherwise occupied in the back room. He even went so far as to place himself outside of the shop entirely, looking through the front window with no chance of overhearing. Bazille chose to include a group of people talking at the back of a salon, highlighted by the light coming in from a window; they're set far enough away that you might not overhear them. Neither artist had to include the stove or the chair, but might have done so to help provide extra distance between the viewer and the subjects.

So given that, look at why someone would find these paintings interesting. Is it that there's a conversation going on that we have to imagine, but cannot hear? Do both of these paintings appeal to someone who likes to eavesdrop on others? Is there a universal desire being triggered? If so, was there influence? Did Bazille's painting ask a question that Rockwell tried to reinterpret, or is it simply that they both coincidentally wanted to dig into the same aspect of human nature in the same way?

I think it's a very relevant and interesting question; at least in this field. It might still be coincidence, but it might not. And we'll never know just by looking at the painting.

Comment: Re:Influence vs. similarity (Score 4, Interesting) 74

The human can only do that if both pictures come to his attention. But there is so much out there that it's almost impossible for someone to be familiar with every piece to the extent they'd be able to recognize them. The computer has infinite patience, it can attend to vast quantities of the most minute details, it has a catalog that doesn't fade with time, and the ability to re-run increasingly sophisticated algorithms as new ideas are brought to bear.

For example, Rockwell's barber shop and Bazille's studio share a few subjects in a few common locations, but it's hard to look at them and say "there was an artistic influence." Rockwell was noted for realistic depictions of idyllic Americana, so any influence there would likely have been the architecture of the setting and the choices of overall composition and balance. Choosing to include a group of three people, an unoccupied chair, and a wood stove, does not seem to imply much more than coincidence. But if you weren't comparing every item in the catalog with every other item in the catalog, you might not have bothered to notice at all.

Which brings us to the real question: how would knowing the answer (or even asking the question) make a difference to the world?

Comment: Re:Pretty obvious (Score 2) 115

by plover (#47695613) Attached to: Feds: Red Light Camera Firm Paid For Chicago Official's Car, Condo

No, but the point is that it was viewed as a revenue generator, instead of a public safety tool. It wasn't because "this will reduce accidents by X%" or "this will save X lives annually", he said out loud "this will make us $(money)." And that is the true corruption here, not simply that some scamologists benefited from it.

Really, public safety issues should always be revenue neutral so they avoid the conflict with revenue generation, and instead focus on delivering the purported benefit. But how do you take money out of the equation? Make everyone who runs a red light sit in jail for a day?

Comment: Re:Why do they have this data in the first place? (Score 1) 27

by plover (#47686655) Attached to: Supervalu Becomes Another Hacking Victim

Chip and PIN cards don't work at most U.S. retailers today, but as of October 2015 the Payment Card Industry has scheduled a change to the contracts to in what is being called the "liability shift". It means that whoever has the least security in the payment chain will be held liable for non-payment or fraud for the charges incurred. So if Home Depot doesn't accept a chip card, and your bank's card has a chip on it, then Home Depot will be liable because their system is the least secure. Or if Home Depot's systems are able to accept the chip cards, but your bank's card doesn't have a chip, then your bank will be liable. This penalty is a huge financial incentive for both retailers and banks to upgrade the security of their systems to fully support Chip and PIN by that date so they don't get left holding the bag.

Once Chip and PIN systems are deployed to most places, they will begin requiring the removal of mag stripes. That's when the final pieces of security will kick in, and account number theft will be essentially eliminated.

You've been Berkeley'ed!