Forgot your password?

Comment: Re:Negligence (Score 1) 62

by slimjim8094 (#46752969) Attached to: Heartbleed Disclosure Timeline Revealed

You must be reading a different article than I am. I see "The patch is then progressively applied to Google services/servers across the globe." which implies to me that the 21st was the start of the clock. I could easily imagine that it would take several days to update everything.

Then the clock starts ticking for whoever the "infrastructure providers under embargo" are. I emphasized "then" in my original post - presumably they wouldn't share the flaw even with trusted partners until they'd fixed it themselves. Two sequential "several days" could hardly be shorter than 10 days.

Comment: Re:Negligence (Score 1) 62

by slimjim8094 (#46752247) Attached to: Heartbleed Disclosure Timeline Revealed

You don't think it could take 10 days to find a flaw, fix it, make sure you've fixed it, and roll the fixes out to prod? And then "notif[y] some infrastructure providers under embargo" and let them fix it and roll it out to prod?

You may disagree with Google looking out for themselves first here, but the fact is they'd be negligent (and foolish) to spread this more widely until they'd ensured it was fixed for themselves and (by extension) their customers/users.

Comment: Re:To the point... (Score 2) 148

by slimjim8094 (#46730189) Attached to: 'weev' Conviction Vacated

You're seriously going to argue that even though he had to take deliberate steps to impersonate other people he wasn't accessing information "without authorization"?

Yes. "Without authorization" is more than "well I wasn't expecting him to ask that question!".

That's what this boils down to at the end of the day, he tricked AT&T's web servers into thinking he was an AT&T customer, and in so doing obtained access to information about that customer.

No, he sent a query to the webserver, and the webserver did what it was designed to do and answered it. AT&T was the one making the mistake by assuming that all trivially-correctly-formatted requests were from AT&T customers as opposed to actually checking whether the requester was - in fact - a customer (something they could've easily done!)

Then he wrote a script to automate the process and repeated it ~140,000 times.

Sure. So? It means he knows how to use 'seq' and 'wget'. Would it be different if he changed the number in his browser 140k times?

I really don't understand why people defend this kid's actions.

Like a lot of prosecutions people complain about, it wasn't really about the "kid" (why does it matter if he's a "kid"?). It's about precedent, and "some queries shouldn't be sent to a webserver, but you don't know what those are until we nail your ass" is a pretty damn bad precedent.

The Federal prosecution was bullshit, this should have been charged at the State level, but to claim that he's completely innocent when he went out of his way to obtain access to information he knew he had no right to access? That's absurd.

He probably had a suspicion that AT&T didn't mean to provide this access, but they did. This is more like calling up a place and asking what Frank's address is - you may think it's odd that they told you, but in the absence of even trivial checks to see whether you really are Frank, it would be reasonable to conclude that this was intended to be public. After all, they just happily told a member of the public. And no, the user agent is not even a trivial check, since every browser pretends to be every other browser anyway.

Comment: Re:Jesus Motherfucking Christ ... (Score 1) 673

by slimjim8094 (#46722085) Attached to: Google: Teach Girls Coding, Get $2,500; Teach Boys, Get $0

Well I wasn't going to start the cursing, but fuck that shit.

1) How is the industry a "sweaty jock party"? Most of the people I know haven't seen a jock strap in their life, and certainly wouldn't ever have qualified as "jocks". Mostly I see companies bending over backwards to provide an egalitarian work environment, and finding little resistance on most measures because the men aren't "jocks".
2) There's all kinds of stupid shit you can justify by shouting that "THEY ARE TRYING TO DO *SOMETHING*". Perhaps they should fire half the men, and put the rest in the locker room (you know, because they're "jocks") to keep them from pestering the women in the rest of the office. That would be something, alright. Or put a flower in the window. That would be something, too. Are we to try everything that someone somewhere thought might help? And then having said you haven't identified the solution ("might be the *wrong* thing....") you tell everybody who doesn't agree to "just go to Hell"

I totally agree that gender is completely irrelevant when writing code, but some of us feel that counterproductive and harmful initiatives are something to criticize, not endorse blindly. We don't have to be chickens running around with heads cut off just because there's some problem - in fact, that's about the fastest way to fuck up a situation that I can come up with. Personally, I believe companies should be trying to do the *right* thing.

Stepping back from your idiotic post, I think it's undeniable that there is a supply-side issue here. I don't know if it's cultural, stereotypical, biological, or just logical. It could be any, frankly - perhaps we view women as less technical (which we should fix), or women are less interested in joining the "losers" in the computer club (seriously, where did "jocks" come from?), or maybe what they've seen of CS is that it's a pretty shitty job with regards to the stuff they care about (like "working too much and never seeing my family") and they're making the right choice for them. Hey, more doctors and lawyers now are women then men, and it pays better (and is more rewarding in dimensions that may be more important to women). I don't exactly know what's going on (though I have my suspicions) but I do know that bribing teachers to ignore the boys and focus on the girls is the wrong way to approach this - for so many reasons, ranging from discrimination to backlash to unintended consequences to simple ineffectiveness.

Comment: Re:Sex discrimination. (Score 1) 673

by slimjim8094 (#46721947) Attached to: Google: Teach Girls Coding, Get $2,500; Teach Boys, Get $0

As long as it remains, the misogynists will have the argument that

The misogynists will always have an argument because they're working from an unshakable personal assumption that they are superior because of their gender. There's really no point pandering to them since they'll just writch to another argument.

No, you don't get it.

Let's say you have a company where they try to hire everyone "over the bar" regardless of any factors. You'd expect the gender ratio of the company to be whatever the percentage of the candidates who are above that ratio. (If it's not - and it often isn't, for various reasons - fix that first)

If this ratio is not 50/50, say because there are less women overall, and you determine that it is more important to fix the ratio than maintain the hiring standards, then you will unavoidably be diluting the pool of females with people of a lower standard. (If you don't decide to lower the bar, then you won't be changing the ratio)

So you are a rational individual (of any gender) in this company and you are presented with some person. It is an unavoidable fact that the average woman is of a lower competence than the average man. It is the only logical conclusion! The hiring process made it so!

This is a catastrophic approach because the sexist, backwards attitude shouldn't be made the correct logical inference! But by instituting the quota, the company has done exactly that!

There is a lot a company can do if it wants to have more females, without lowering the bar. Women typically require different outreach than men, such as more encouragement (men are more apt to pursue a path even in the face of active discouragement), seeing other females "leading the way" (part of encouragement), describing a job in terms of social impact (vs the "vanquish the challenge" aspect that appeals disproportionately to men). There's nothing wrong with this - a company that wants the best recruits should be picking the best messaging for many different groups, like new grad (great learning!) vs experienced industry (run stuff!), young (cool projects!) vs older (great benefits!), and, yes, even men vs women. Even something as simple as dropping the puzzle interview questions can help, since aside from being useless, a lot of the "fun" ones depend on cultural touchpoints (superheros and zombies in that article) that don't generally resonate with women. It's really an overall "change how we think about this" approach that's not generally too controversial - even stupid stuff like "hide the names on resumes" and "figure out what you're expecting before you meet the person" can help an interviewer avoid unconscious biases - against any group.

None of this is instituting a quota.

Comment: Re:Math ? (Score 1) 384

by slimjim8094 (#46459283) Attached to: Men And Women Think Women Are Bad At Basic Math

It's not plural at all. It's a collective noun, so it's singular. And 'math.' (note the period) started as an abbreviation, which lost the period by the 1870s. The wacky form 'maths' didn't come about until the 1910s, 40 years later.

It's a stupid spelling. It's awkward to say (the 's' often ends up nearly silent anyway) and grammatically confusing (it's not plural!), where 'math' is just a straight abbreviation. Couple that with the smug yet completely unwarranted sense of superiority ("the trouble with americans") people get for using it, and you've got a winner.

Comment: Re:Lawrence Summers, save me! (Score 1) 384

by slimjim8094 (#46459107) Attached to: Men And Women Think Women Are Bad At Basic Math

Well put, especially because all this is really about is averages.

The GP's post title is interesting - he refers to the ex-president of Harvard who lost his job (in part) due to comments - that were pretty completely misrepresented - about the aptitude of women in mathematics and science. His basic point - which isn't particularly controversial - is that men tend to have a greater standard deviation for many characteristics than women do, although they tend to have approximately the same averages. This wider bell curve would obviously lead to more men at the highest levels - but also at the lowest. Both of these are well supported observations (especially the low half, which is less controversial - go figure) and are also reasonable conclusions from a genetic standpoint - women have two X chromosomes, which moderate each other, while men have only one (this is why e.g., color blindness are almost exclusively male afflictions) - as well as an evolutionary standpoint (a population-exceptional male can have dramatically more successful offspring than an average male, but a population-exceptional female will have approximately the same number, although more fit, as an average female).

Stereotypes are all about averages, and the reason they've so pervasive is that they're how our brains work. We need to have a mental model of everything around us, so we don't spend 10 minutes trying to understand an apple every time we see one. We couldn't function if we weren't able to say "this is an apple, it acts like the other apples I've experienced" and put it in that bucket.

The problem doesn't even arise when we do that with people - to an extent. We have a stereotype of doctors as intelligent and knowledgeable about our health, for instance, that's usually quite helpful if we're a patient. No, the problem comes when we don't remember that stereotypes are just personal averages, and that a specific individual may not fit the model we have, combined with trying too hard to fit people into buckets when the evidence doesn't fit. The other problem is not discarding a bucket when essentially nobody fits it (e.g., common racism, sexism, anti-Semitism, etc - all of which persist only because the bigot in question has spent their life cherry-picking and exaggerating interactions).

(Also, back on topic, women aren't any worse at spatial reasoning, they just - on average - take slightly longer to do it)

Comment: Re:Oh dear Lord (Score 1) 94

by slimjim8094 (#46347325) Attached to: Terrafugia Wants Their Flying Car To Be Autonomous

Nope. They may have the equipment, but they need a Category IIIb instrument landing system at the airport to actually do so, along with a crew certified to operate it. All of which are shockingly expensive - you need computer equipment that continues to work after a failure, which in practical terms means you need a lot of computers cross-checking each other and extremely rigorously designed software (I think 7 9's). The ground equipment is similarly extremely expensive, rather tempermental, and requires lots of checking and re-certification (the risk of being wrong is that the plane flies into the ground).

Lesser categories of ILS (i.e., the ones at almost all airports, even commercial passenger carrying ones) require transitioning to visual control at or above the decision height to avoid going missed.

Comment: Re:It's not HUDs, it's what kinds of HUD (Score 1) 226

by slimjim8094 (#46340957) Attached to: Google Fighting Distracted Driver Laws

More to the point, in a car you need to be looking outside pretty much continuously. More than about a half-second of looking away starts to get dangerous, and 2 seconds is downright negligent. But in a small airplane, you have much, much longer (on the order of about 30 seconds) of eyes-inside time - you need it to do all your planning/charts/radios/checklists/etc! And that's just for visual rules - if you're on an instrument flight, you don't even need to look outside until you're trying to land (that's the point of an instrument rating - looking outside doesn't do you much good if you're in a cloud).

The two scenarios aren't even remotely comparable. Driving is a much more "real-time" operation than flying, so distractions should be minimized to a substantially greater extent.

Comment: Re:So (Score 2) 373

by slimjim8094 (#46272275) Attached to: Report: Valve Anti-Cheat (VAC) Scans Your DNS History

It doesn't matter.

Look, when I was a kid, I used to play Counterstrike pretty seriously. I was curious about these cheats that I kept seeing on VAC-secure servers, so I went and found some and played around with them - on VAC-insecure servers, of course*. They're really cool bits of code that hook into the game and understand the engine well enough to find the head "bone" and wait for it to come into the player's view. Being a coder, I wanted to know how they worked - not to write my own, but software that hooks into other software is fairly unusual, and thus, interesting to my teenage self.

Anyways, since I was just looking around (and not willing to pay/join the "clubs" that made new undetected hacks), the aimbot I had was definitely no secret and surely would've gotten me banned if I'd played on a VAC-secure server. The deal was - cheat on a secure server, get banned. But the counterpoint is - cheat on an insecure one, no problem. It felt really fair - joining a secure server is an agreement not to cheat, and if you do, you're banned.

If this story is true, it completely changes that agreement. Presumably it's a "once a cheater, always a cheater" attitude, but that's not really fair. The cool thing about VAC was that it was indisputable. It doesn't make mistakes - you knew categorically that someone who was VAC-banned had broken the agreement by having cheat code loaded while connected to a secure server. So there was no arguing, pleas, etc - they were a cheater, they had cheated in a game that was annotated "no cheats". This would completely change that dynamic, and Valve is really careful about that kind of thing, so I'm suspicious that this is as-reported.

*Before somebody chews me out for cheating anywhere - first, it was only on cheat servers (all players were using them), and second, it only makes sense to view the active decision to turn off VAC (it's on by default) as a decision to allow cheaters.

You are in a maze of little twisting passages, all alike.