Forgot your password?

Comment: Go-Daddy Bottom Feeder (Score 2) 110

by upuv (#47201891) Attached to: GoDaddy Files For $100 Million IPO

This company has been a lowbrow bottom feeder since the beginning.

At first glance the pricing looks OK. But soon you realize you are fenced in. You find out your domain is held hostage by lack of features. Features that are ransomed off.

Buying Go-Daddy is purely a speculative exercise that is not backed by history or sane projections.

Comment: Post Fix dereferencing about time. (Score 1) 126

I was very active back in the early days of 5.0 development. I fought for this and lost.

I always struggled with the non-nonsensical @{} ${} ..... style. It was difficult to mentally process. Long chains of dereferencing would be especially complicated.

I'm very pleased to see this finally make it in.

Comment: Re:bleh. (Score 1) 350

by upuv (#46986685) Attached to: Canadian Teen Arrested For Calling In 30+ Swattings, Bomb Threats

And that just teaches the kid that there are no consequences. Dumb kids need to be punished. They need to be seen paying for the crime themselves. Their peers need to see that Jimmy in their class went to jail for a year because he was acting like a twit and caused some serious harm.

I also feel that the US would over penalize the kid.

Comment: Re:Good, but... (Score 1) 350

by upuv (#46986657) Attached to: Canadian Teen Arrested For Calling In 30+ Swattings, Bomb Threats

If it's something like a bomb threat of a hostage taking with weapons you don't really have much choice. It's clear the area ASAP.

People don't call in a SWAT saying. "I''m having bad day and I'm slowly filling my house with water till I drown." giving the Police ample time to make decisions.

Comment: Re:Autoimmune disorder... (Score 4, Informative) 350

by upuv (#46986635) Attached to: Canadian Teen Arrested For Calling In 30+ Swattings, Bomb Threats

911 is not only accessible via standard phone lines and cell/mobile phones. Location tech only has 3 basic methods of locating you. Generally only the first is ever used. Most often however the 911 operator asks, "Where are you right now?"
1. Land line billing / install address.
2. Mobile phone GPS location. First the police must have authority to activate GPS remotely. Second the phone needs to have GPS. Not all phones do.
    2.1 Kind of a third method. Cell tower location that the caller used. This takes a hideous amount of time to determine despite laws that say telcos must provide the capability. So generally not used. And this is horribly inaccurate.
3. Geo location of IP address of user. Horribly inaccurate and police forces around the world are very slow to use this tech. Also for example if you have a 3/4G phone your IP address is usually geolocated at the telco company headquarters. This is not generally used for 911 type locations.

Remember the operator only has a few seconds to establish your location during an incident call. They tend to only fall back on location tools when the caller is unable to provide the address them selves. So if the caller says they are at a location then generally that is the accepted location for the incident.

In many jurisdictions around North America and the world for that matter you can place an emergency call via any number of means. You can text, email, tweet skype, use a web form, etc. Note that most of the new forms of emergency notifications come over the internet. Since it is painfully simple these days to make it appear as if you are coming from basically any spot on the globe with internet communications a person can spoof their location with ease.

Note all of this does not mean they can't find the location of the caller. After the incident a wealth of information can be investigated and fairly precise locations can be determined. So don't take what I have said as a open ticket to SWAT. This case proves it's only a matter of time before you get nabbed.

Comment: Re:180 nests gone, at 6 nests/monkey/day? really? (Score 4, Funny) 119

by upuv (#46947475) Attached to: China Using Troop of Trained Monkeys To Guard Air Base

You forgot that from the total number of monkeys you must subtract those monkeys involved in:
Project Management

Once we do this it's clear that the actual number of Monkey's involved far exceeds those quoted. The Chinese are clearly fudging the numbers to make the project appear to be viable.

Comment: Re:Please don't (Score 3, Interesting) 360

by upuv (#46814499) Attached to: Not Just a Cleanup Any More: LibreSSL Project Announced

SSL is the standard.
OpenSSL is an implementation
LibreSSL is an implementation

The standard isn't forked.

In this instance the standard mostly applies to the protocol. The on system interfaces will most likely mutate rather quickly. Most specifically at the user interaction level. The library interfaces will most likely remain steady.

This isn't a bad thing.

SSL and it's related crypto cousins is all about trust, but paradoxically Crypto people don't trust crypto people so there is very little trust out there. So really powerful things like personal / corporate certificate authorities just don't exist in practice. Imagine the power of a CA for personal certs. It would change authentication forever. Good bye 300 passwords. But since no two people can build two independent systems that truly trust each other there really is no hope for personal certificate authorities. Maybe this reboot of an SSL implementation can move us one step closer. Or even an inch/2.2cm.

Comment: Unfortunately it only takes one to abuse this. (Score 1) 177

by upuv (#46322467) Attached to: Most Alarming: IETF Draft Proposes "Trusted Proxy" In HTTP/2.0

This is laughably a bad idea.

This will be abused the instant it hits code. The temptation is too great. This will sink the adoption of http 2.0 and 1.1 will live for a far greater time.

With all of the news around man in the middle attacks I just can't believe this will be a feature.

This needs to be amended. I can see trusted chains, Where you would trust a chain from end to end, but just the proxy? With each node in the chain being able to cache.

Comment: It's outline in the contract. (Score 1) 716

by upuv (#46226777) Attached to: Ask Slashdot: Should Developers Fix Bugs They Cause On Their Own Time?

There are a few types of basic contract.

If you are full time employee.
- The employer pays for time and materials. No matter what the cause of the bug was the employer absorbs the costs of it's own mistakes.

If you are a contract employee on a Time and Materials contract.
- This is virtual the same as full time. The customer in this case pays for everything including bug repair.

If you on a contract to deliver a service or product.
- Well now the Contract owner is responsible for paying for all errors that fit with in the bounds of error as outlined in the contract.

There are a few variations on the above. Usually there are caps on all contracts to prevent excess expenditures. Things like T&M that can only reach X amount ever.

Comment: Re:configuration languages (Score 1) 141

by upuv (#46023029) Attached to: Linux 3.13 Released

A firewall in a sandbox?

Do you see the issue here?

Sandboxes are good for consuming applications. The firewall is not a consumer. It's a part of the command and control chain. It's a the heart of the system. Sandboxing the kernel is self defeating. As it's the kernel and everything spawns from it. So you can't really protect your child processes if your kernel is compromised.

Comment: Re:configuration languages (Score 5, Insightful) 141

by upuv (#46012067) Attached to: Linux 3.13 Released

The problem is overheads and security.

Embedding a language at such a low level is very tricky. It has to be blinding fast and user very very little resources. python, perl, ruby are all great languages. but ill suited for the task of network management tasks. The RAM overheads are huge. This is why we are seeing a relatively constant evolution, change of embedded languages at these low levels. This is a game of resource management on the host system.

Just imagine if this host was a web server. With thousands of socket requests per second. How would Python manage to keep up with that. Without crushing the system under load even before the traffic was passed off to a process like Ngynx to handle. Python would be a performance nightmare at this level.

Another way to look at this is. What if you hammered the system with a DOS style attack. If each request had to go through a python execution stack you are basically making the system far more vulnerable to DOS than it ever was before.

Now lets look at topics around these highly extensible languages. Here you have a system that in part is supposed to improve security. But by adding in a language like python you are adding in a very extensible lnaguage at a very low level. A kernel level to be precise. So higher than root. The security implications are enormous. You are basically exposing the kernel to a far higher risk. This would be a hackers dream come true.

So there are reason for these language syntax choices. They must be managed very carefully.

"More software projects have gone awry for lack of calendar time than for all other causes combined." -- Fred Brooks, Jr., _The Mythical Man Month_