Forgot your password?
typodupeerror

Comment: Re:SPOILERS (Score 1) 1233

by slamb (#44664377) Attached to: Don't Fly During Ramadan

Explosive test comes up positive in an airport and you wonder why they react strongly? You truly are a fuckwit.

They have false positives. My Ortlieb roller bags tested positive after a month-long bicycling trip. Could have been the construction of the bag, could have been the Tanzanian dirt throughly embedded in everything by then, who knows. It didn't come directly into contact with anything combustible, much less explosive. Apparently soap/lotions can cause false positives. And of course, ammonium nitrate (the explosive used in the Oklahoma City bombings) is more commonly called "fertilizer". So, no, they shouldn't be reacting so strongly. They should know that it's likely a false positive.

Comment: Re:Speed based on heat is a feature? (Score 1) 126

by slamb (#44118909) Attached to: AMD Overhauls Open-Source Linux Driver

A compute rate that varies with temperature would seem to be a bug, rather than a feature. I don't want a GPU that does that. I need repeatable Gazebo simulations.

I think they're talking about the opposite (a temperature that depends on load), which your CPU has probably been doing for a long, long time.

But you've lost this one, anyway; modern Intel processors have Turbo Boost, meaning the performance does indeed depend on temperature. I was scared, too, from a worst-case provisioning perspective in an environment where I can't predict what will be running on other cores. But I've had a couple years to come to terms with it, and in practice, it doesn't actually seem any worse than other factors like last-level cache contention.

Comment: Re:USA is very rich. (Score 1) 450

by slamb (#43015405) Attached to: We Aren't the World: Why Americans Make Bad Study Subjects

A household barely on the poverty line in USA is richer than 80% of the world! About 10% of the world, [globalissues.org] or 700 million people or twice the population of USA, lives in less than $365 a year! Again these dollar figures are not the foreign exchange rate based dollars. These are "purchase power parity" dollars. Which means the $365 buys in the poor country, what $365 would buy in the USA.

The poverty line in the USA is (intended to be) defined such that the household barely on it is barely able to supply basic needs - food, clothing, shelter, medical attention, education, sanitation - with the products available for sale in the USA. I think that's a more meaningful statement than comparing "purchase power parity" for hypothetical identical products available for sale in the other countries. I say that for a couple reasons:

First, as others have pointed out, the products available for sale in other countries tend to fulfill the same basic needs with inferior, cheaper products (even in purchase power parity-adjusted dollars). This means there are people with lower "purchasing power" who are better able to fulfill their basic needs. For the purchasing power parity to be truly meaningful, the most appropriate products have to be available in both marketplaces.

Second, I suspect these dollar figures are skewed by people who get their basic needs fulfilled outside of the marketplace. There are communities of subsistence farmers who make little to no money but are able to feed themselves, create their own clothes, and/or construct their own shelter without money. I wouldn't recommend this exactly - they're incredibly vulnerable to droughts and other disasters - but you'd be overstating it if you claimed one cannot survive in this way or that these things have no value, as I suspect those World Bank figures are implicitly doing.

China

Utilities Racing To Secure Electric Grid 113

Posted by Soulskill
from the shouldn't-they-have-done-this-5-years-ago dept.
FreeMichael61 writes "In the latest episode of Spy vs. Spy, China rejects accusations it's hacking U.S. companies to steal IP or bring down the grid. But there's no doubt the grid can be hacked, CIO Journal's Steve Rosenbush and Rachael King report. Industrial control networks are supposed to be protected from the Internet by an air gap that, it turns out, is largely theoretical. Internal security is often lax, laptops and other devices are frequently moved between corporate networks and control networks, and some SCADA systems are still directly connected to the internet. What security standards actually exist are out of date and don't cover enough, and corporations often use questionable supply chains because they are cheaper."

Comment: Re:For the last time Google! (Score 1) 480

by slamb (#42628709) Attached to: Google Declares War On the Password

You keep trying to get me to do it with Chrome, so I switched from that, but now you're going to badger me about this for my phone, too?

I don't understand why it was necessary for you to switch away from Chrome. Could you be more specific? In particular, I think all your points can be addressed easily in Chrome today (and I don't think the future stuff in this paper will change that).

You don't have to sign in to Chrome. To avoid it, (checking) you have to say "Skip for now" in the initial setup of the Chrome profile and ignore the small text "Not signed into Chrome. You're missing out - sign in" at the top of new tabs. Sound right? Maybe that text is pushier than you like, but it doesn't regularly interrupt your workflow or anything. You miss out on some features like shared bookmarks between devices, the ability to see what tabs are open on other devices, and auto-signin to Google services, but it sounds like you don't trust Google enough to be able to benefit from these services.

Sometimes I want to surf anonymously.

Is there something wrong with Incognito mode? This feature has existed in Chrome from the very beginning. Of the well-known browsers, only Safari had it first.

Sometimes I don't want Site X and Site Y knowing that I'm the same person logging into both.

This shouldn't be a concern in Chrome any more than in other browsers (except perhaps if signed into Chrome and Site X and Site Y are both Google services, but that can be addressed as well - read on). I'm not aware of any major security problems in cookie handling, for example. And Chrome allows you to really easily have separate profiles for different identities. (I guess the feature's called "Users" now; it's pretty prominent in the settings.) I do this all the time - one window with a happy guy in the upper right corner for my personal stuff, one window with a ninja in the upper right corner for my work stuff. Entirely different cookies between the two windows, and they can be signed into Chrome as different Google users as well. I love this feature. I'm surprised that as far as I know other major browsers still don't have it.

And I can say for certain that all the time, I don't want to be tracked by you so you can present me with more "targeted ads" to give me a better user experience.

Okay. Then you should probably opt out of ad personalization at www.google.com/ads/preferences to stop delay of personalized ads. Set a "do-not track" cookie through your browser's preferences. (In recent Chrome releases, it's at the bottom under "Advanced Settings".) And, while you're there, if you have other Chrome data collection enabled (IIRC this was opt-in rather than opt-out during Chrome installation) and have since become concerned about it, uncheck "Use a web service to help resolve navigation errors", "Use a prediction service to help complete searches and URLs typed in the address bar", "Enable phishing and malware protection", etc. These are all things you can turn off, and it's pretty clear what you're giving up by doing so, so I think it's not hard to make an informed choice.

Full disclosure: I work for Google (not on Chrome or this paper). My opinions are my own. I have a tough time understanding these criticisms - first of all, I don't understand if you think targeted ads and the other stated reasons for this data collection are for are inherently evil somehow (I disagree) or if you think Google is secretly using them for something far more nefarious (what?). Secondly, I don't think Google makes it harder than other browser vendors / websites to turn them off. It's probably much smarter for me not to feed this discussion but, screw it, I would like to actually understand the concern. It's too vague now for me to do anything but dismiss it.

Comment: Re:Wikipedia has something to say about this threa (Score 1) 452

by slamb (#40987715) Attached to: Could You Hack Into Mars Curiosity Rover?

Who said anything about breaking it?

I am, now. As this article makes clear, even the expert drivers of the Mars Rover are afraid of breaking it. If some idiot sends control signals with barely a clue what they do, nothing good will happen.

On the other hand, "just being able to tap into the live video feed" as you said in a later comment seems harmless enough. If all you want to do is listen to the transmission, have fun.

Comment: Re:Plaintext passwords again? (Score 1) 233

by slamb (#40635859) Attached to: Nearly Half a Million Yahoo Passwords Leaked [Updated]

Even if a hash was O(1) and took one clock-cycle no matter the password length, a 14+ char password will be safe for a very very long time. If you had EVERY computer in the world working on colliding your hash, to find your password, it would take decades even if they're lucky and found a way to make 500ghz graphite chips.

If you actually pick a totally random password of that length using an alphabet of (26 alphabetic + 10 numeric + 11 punctuation keys) * 2 characters/key (shift) + 1 space character = 95 practical characters, and the hash is >= 92 bits or better yet >= 184 bits so there are relatively few collisions in that search space, then that appears roughly correct. But very few people do that; the passwords are too painful to type. Password crackers work by checking a much smaller search space of likely passwords. That combinatoric implosion makes the search practical without having 10+ million of these magic 500-billion-hashes-per-second chips available.

Comment: Re:Unfortunate Reality of Being a Linux User (Score 1) 518

by slamb (#40305611) Attached to: NewEgg: Installing Linux Breaks Laptop

No. The hard disk, memory, and any other parts accessible through access panels in the bottom of the unit are user-serviceable and swapping them out does not void the warranty of any laptop that I've ever heard of. Maybe an Apple machine, but certainly not a Thinkpad.

Not Apple either. I use third-party RAM and disks with Apple laptops so I've checked on this. According to this support article, they suggest removing third-party equipment as a diagnostic step, and they may charge you a service fee if you ask them for help and the third-party equipment was at fault...all seems reasonable. Nothing about permanently voiding the warranty.

IMHO neither doing anything to the software nor swapping out these sorts of components (as long as you swap them back in prior to RMA) should void your warranty, and other than whoever handled this particular RMA, I haven't heard differently.

TFA has an update saying that the purchase has been refunded, so it sounds like posting to Consumerist is a successful strategy for dealing with these kinds of problems. It's cheaper than getting a hard drive specifically to avoid this, it's better for the community as a whole (as it ensures manufacturers/retailers are publicly reminded when necessary that it's not acceptable to be Linux-hostile), and on average it's less work, although occasionally you might lose the reverse lottery. But there shouldn't be anything stopping you from using the hard drive swapping approach if you prefer it.

Comment: Re:Define "enable?" (Score 1) 236

by slamb (#40240085) Attached to: World IPv6 Launch Day Underway
The future is buggy. :-( I just had to disable IPv6. It seems that the Netgear WNDR3800 V1.0.0.32 firmware is buggy: when IPv6 is enabled, it adds its LAN-side link-local address to my /etc/resolv.conf, and I can't ping6 it. With 1 working DNS server (its LAN-side IPv4 address + its LAN-side link-local IPv6 address), browsing the web is pretty flaky.

If by any chance a Netgear developer reads this, see freshly-filed support case 18723430...

Comment: Re:Define "enable?" (Score 1) 236

by slamb (#40235191) Attached to: World IPv6 Launch Day Underway
Ahh, not quite right. My Netgear router creates two wireless networks, a 2.4 GHz one and a 5.0 GHz one. IPv6 only works on the 5.0 GHz one; perhaps with prefix delegation unsupported by Comcast and possibly also by my router, they had to choose just one. (Though for IPv4 it uses the same subnet for both...I suspect if the firmware were a bit more sophisticated, the same might be possible for IPv6.) If I'm on the correct wireless network, IPv6 works regardless of how the Netgear is configured - DHCP vs SLAAC on the WAN, DHCP vs SLAAC on the LAN. But if the router uses DHCP, it gets a different subnet than with SLAAC. The laptop uses SLAAC regardless, and it seems to be something just passed through from Comcast rather than provided by the Netgear, as the laptop always uses the SLAAC subnet provided by Comcast rather than whatever subnet the router is using.

Comment: Re:Define "enable?" (Score 1) 236

by slamb (#40235057) Attached to: World IPv6 Launch Day Underway

Today I switched my Netgear WNDR3800's Advanced/IPv6 setting to "Auto Config" (as opposed to "Auto Detect", which uses 6to4...ugh) and it (somewhat oddly) doesn't show a WAN IP but does show a LAN IP of 2601:9:yadda:yadda:yadda/64. Seems to actually work

It looks like picking "DHCP" also works...sort of. There's the important caveat that OS X apparently doesn't support DHCPv6. If set my "Internet Connection type" to "DHCP", the laptop I'm typing on doesn't get an IPv6 address with the "LAN Setup" set to either choice, "Use DHCP Server" (unsurprising) or "Auto Config" (which maybe requires the upstream to be using "Auto Config" as well? that smells like a bug in my router's firmware rather than anything more fundamental). So WAN Auto Config / LAN Auto Config is the way to go for me, for now.

Comment: Re:Define "enable?" (Score 2) 236

by slamb (#40234583) Attached to: World IPv6 Launch Day Underway

I think ipv6 is available across much (maybe most or all) of the Comcast network, but will only be usable with compatible clients with ipv6 DHCP support (and specifically DHCP6-PD for routers.)

More or less. The Comcast blog says "To meet this goal, we launched and enabled IPv6 in over one-third of our broadband network ... we observe roughly 5% of users can take advantage of this. That percentage can increase dramatically if vendors act to enable IPv6 by default in software updates for existing devices and in newly shipping devices."

From what I saw on some Comcast page recently (which I can't find again, sorry), there's no prefix delegation yet, although they claim it's coming.

FWIW, I seem to be in the 1/3rd. Today I switched my Netgear WNDR3800's Advanced/IPv6 setting to "Auto Config" (as opposed to "Auto Detect", which uses 6to4...ugh) and it (somewhat oddly) doesn't show a WAN IP but does show a LAN IP of 2601:9:yadda:yadda:yadda/64. Seems to actually work, and once I disconnected my Mac from the wireless network and reconnected, it had an IPv6 address as well in the same subnet. "ping6 www.google.com" works with round trip times around 20 ms, and Chrome actually uses IPv6 - www.comcast6.net says my IPv6 address at the top of the page where it used to say my IPv4 address.

Comment: Re:Last bastion (Score 1) 963

by slamb (#39870201) Attached to: Last Bastion For Climate Dissenters Crumbling

OK, what should a politician do in a case where science has not reached a consensus? Going one way or the other is making a scientific judgment.

If you don't want to be a scientist but need to make a decision, you should generally go with what the vast majority of scientists believe, in this case that anthropogenic climate change is real. You should first accept there's some possibility you'll be wrong and do a bit of of cost/benefit analysis:

  • What happens if we regulate greenhouse gases and anthropogenic climate change is real? (We spend $X, spend some manpower, slow down some industries; there's some opportunity cost.)
  • What happens if we regulate greenhouse gases and anthropogenic climate change is not real? (Same.)
  • What happens if we don't regulate greenhouse gases and anthropogenic climate change is real? (We have massively increased severe weather, lose lives, lose coastline, and ultimately will spend >>>$X attempting to stop it later, maybe failing anyway.)
  • What happens if we don't regulate greenhouse gases and anthropogenic climate change is not real? (Nothing.)

I don't know what $X is or what else we'd do with that money, but at first glance it seems pretty clear to me that politicians should be acting as if this is real.

Comment: Re:Last bastion (Score 1) 963

by slamb (#39870015) Attached to: Last Bastion For Climate Dissenters Crumbling

No, in science, you modify your model and conclusions based on changing evidence. The difference here is that you're holding your conclusion constant and changing the reason you claim it's true every time your reason is found to be untrue.

In science, you form a new falsifiable hypothesis after your previous one was falsified. You don't just change your answer to a binary question like "is climate change real and anthropogenic?" and never question it again. If there's an idea that you don't believe, you keep probing at it until you're satisfied. Otherwise scientific thought would be basically dead. Imagine if I said "I have a perpetual motion machine!" and you said "are you sure it's gaining energy?" and we determined that it was...and you said "well, okay, then, perpetual machine proven", without questioning if that energy is coming in from an outside source...that would certainly be unscientific. So what makes this different? That you believe it? That's no good. Science is about independent thought, not about agreeing with blueg3 all the time.

Call these people stubborn, call them consistently wrong, call them outvoted and on the fringe of modern science, call them motivated by grants from industries that want to deny this, whatever, but I don't think it's right to say they are completely unscientific as long as they are still able to form new potentially useful hypotheses. Just keep disproving the hypotheses and sooner or later they'll go away, as has been true in many scientific debates in the past.

Comment: Re:Last bastion (Score 1) 963

by slamb (#39869703) Attached to: Last Bastion For Climate Dissenters Crumbling

No they're not honest scientific dissenters. The evidence is that they shift from one unsupported hypothesis to another as their ideas are disproven by data and careful analysis.

That's how you know they're scientists. If they were religious people, they'd form hypotheses that are not actually falsifiable or they would persist in believing them after they were falsified.

Of course, ideally they'd perform the experiments to test their own hypotheses, but not doing so makes means they are (at best) otherwise occupied/having trouble getting grants or (at worst) lazy, not unscientific.

Make sure your code does nothing gracefully.

Working...