Posts by Justin S.

Re: Seems ok

First rule of downvotes: don't complain about the downvotes.

Second rule of downvotes: engage in serious introspection that you might be wrong.

In other words, store the file type in metadata. Of course, the file *name* (and therefore its extension) is *also* metadata...

Hydrofluoric acid -- there's a reason it's also known as "devil's p-ss".

As you say, concentrated sulfuric acid is a good option, but you really want to combine it with a strong oxidizer like hydrogen peroxide or potassium dichromate, as has been suggested by others, which will turn much of the carbon into carbon dioxide.

Re: And again, SNAP

Das komputermaschine ist nicht fur der gefingerpoken und mittengraben!

Re: Parts of it date back to when fire was invented

But a good pair of running shoes *might*.

Re: Power!

Cat5-o-nine tails. Mmm, you naughty boy!

Re: mea culpa - always check compatibility

FBReader for Android. I've used it for years and love it.

Event Horizon Telescope

The Event Horizon Telescope does this, using ground-based radio telescopes, to produce the highest resolution images of the area around black hole event horizons.

But yeah, doing this in optical wavelengths is theoretically possible, but well outside our current ability.

Re: Bankers

If you're not being charged for a service, you're not the customer-- you're the product.

Re: Rename the terms?

"High crimes and misdemeanors" means whatever the sitting Congress wants it to mean; the terms, as they relate to impeachment, are not defined in the US Constitution.

In theory, Congress could impeach the president 'because he looks funny,' though that would be a patently ridiculous thing to so, so it hasn't happened thus far-- we'll see if that changes after the next Democrat takes office.

With regards to the difference between misdemeanors and felonies in criminal law, their distinction is also up to the legislature (Federal, State, and local, and thus vary slightly between locales), but they generally refer to minor (public intoxication, disturbing the peace, and licencing violations) and serious (battery with serious injury, robbery or fraud in the thousands or more dollars, and murder) offences, respectively.

It's entirely possible, however, for the same crime to be a misdemeanor in one location but a felony in another. It's even possible to have a crime be both in one location, with the choice being up to the prosecutor. (These are called "wobblers," if you want to look them up.)

It's "Ethernet." Surely that means, if you cut an Ethernet cable in half and plug each end into different computers, the two computers can communicate with each other at any distance, via the ether!

Re: spray-poop

That might be more true than you realized.

We discovered that our cleaners mop the restroom floors first, *then* use the same mop and rinse bucket to mop the lobby and other hard floors.

Re: Hutchins received notice of his Miranda rights?

"In the US. As noted in TFA, in the UK it's a bit different."

Also as noted in TFA, he was arrested in the US.

Re: Tens!

Nah. They overstate the number of worried by an order of magnitude.

Re: spare organs

Jobs died of pancreatic cancer. Unfortunately, humans only have one pancreas, and it is not divisible like the liver, so she would not have been able to donate hers even if she was willing.

Re: a sympathetic character...

Fun fact: in 2004, Nicholas campaigned against California Proposition 66, which would have dialed-back California's "three strikes" law. I'd say it was a good thing he was arrested in Nevada, but it looks like they have their own version of three-strikes.

10 minutes is 9 min 58 sec too long

Once upon a time, I crashed a Cisco 6509 core switch by connecting a new, yet-to-be-configured Netscreen firewall into it-- trust and untrust ports both. I hadn't realized that model firewall shipped in "transparent" mode, so it formed a loop on the switch.

I plugged the second interface in and, maybe two seconds later, every port indicator on the 6509 went dark and I heard some relays tick-over. Portfast was enabled on the switch ports.

After disconnecting the untrust port and configuring the firewall for NAT/routed mode, I was able to reconnect the untrust port without the switch falling over, so it wasn't electrical.

It probably didn't crash from the storm, either, but from a bug in the firmware-- I can't imagine a multi-gigabit, enterprise switch crashing from a measly 100 Mbps loop, but that's what happened.

Re: Stupid... Just stupid...

The Space Shuttle-- at least near the end of the program, if not from the inception-- had the capability of automatic landings, but it was never used due to the culture at NASA that a human should always be in control of the craft. That culture originated with the early space program, when the recruited pilots objected to being mere passengers.

www.spaceref.com/news/viewsr.html?pid=10518

Re: is that including time served

The seven year sentence does not include time served, which is six months at present, bringing his total sentence to 6.5 years. Unlike state prisons, the federal prison system does not offer parole or probation, so he'll serve almost all of that, minus up to 54 days per year for "good behaviour," so he could reduce that to a little more than 5.5 years.

Re: Why issue a sueball?

I wonder how much discretion the police get, or if they have a huge backlog of super-serious crimes to prosecute.

Contrary to popular belief, the police in the United States don't charge or prosecute people. They collect evidence and they arrest people-- ideally people under reasonable suspicion of committing a crime, but regrettably that's not always the case.

The decision to file charges/prosecute a person rests with the District or State Attorney's office. There's no national standard or requirement that I know of, but generally the prosecutor's office has two or three days to file charges after an arrest, otherwise they are required to release the arrestee; in California, they have forty-eight hours.

It is not uncommon for someone to be arrested and then released without charge: because an honest mistake was made by the arresting officer; because the prosecutor's office decides there isn't enough evidence; or because the officer acted stupidly or maliciously.

My guess for this case is that the police and/or District Attorney's office don't want to get involved, probably because it's almost entirely a domestic dispute.

If the plaintiff manages to win the case, his attorney might hand the evidence collected to that point to the District Attorney's office, which might be enough to get them going, and he would probably file a bar complaint against the ex-wife's divorce attorney.

Re: Trump listens to this guy

No, but it is possible for a nutcase with a gun to show up at a NASA facility.

Re: Hiring from the competiton - unprecedented?

The events unfolding between Waymo, Uber, and Otto aren't unprecedented, but it's not just "hiring from the competition," either: this is a case of employees (plural) going rogue, stealing from their former employer, and selling to an unscrupulous competitor.

Look at the timeline (condensed):

* Dec 2015-Jan 2016: Levandowski downloads thousands of files from Waymo's servers, and (unsuccessfully) attempts to cover his tracks. During this time, he and another Waymo employee (Ron Lior) solicit other employees to jump-ship.

* Jan 2016: Levandowski and Lior resign, form 280 Systems (which will become Otto), and meet with Uber execs. Uber awards Levandowski 5.3 million shares of Uber stock, which begin vesting the day after he leaves Waymo.

* Feb 2016: Levandowski and Lior officially form Otto. They sign various agreements with Uber, and Uber and Otto begin the process for Uber to acquire Otto.

* July 2016: Multiple employees leave Waymo for Otto. Some downloaded more documents on their way out.

* Aug: 2016: Uber announces its acquisition of Otto.

There were some other shenanigans in there, involving companies called Odin Wave and Tyto Lidar. Odin Wave's registered address was a property owned by Levandowski. A manager at Tyto Lidar is a friend of Levandowski. The two companies merged, were acquired by Otto, and then Uber.

From an article at Axios, "In 2013, [Odin Wave] reportedly ordered a custom part from a vendor used by Google that was very similar to Google's. Google employees questioned Levandowski but he denied any involvement with the company."

There's a comprehensive timeline at axios.com, which includes links to supporting documents (legal filings and other news articles): https://www.axios.com/the-tortured-history-of-the-uber-waymo-legal-fight-all-in-one-place-2349566425.html

Re: deny you adverse inference

@EveryTime

Adverse inference is not allowed in criminal trials, but it is allowed in civil trials, which Waymo vs. Uber is.

Re: But isn't the environment itself just as important?

@ShelLuser

If you don't have access to the source code, you're left with either decompiling the software and/or running it in a debugger, laboriously reverse-engineering the software to see how it works and might be broken. That is a far slower process than running automated throw-it-at-the-wall-and-see-what-sticks sessions, and then checking out the interesting results.

Re: Sounds like a candidate for the electric chair

Powered by Panasonic lithium-ion batteries!

Re: Flight failures

@ Bubba Von Braun

"Does not include development flights/failures as Atlas/Thor/Delta/Taurus failures are not available, so I excluded the Falcon 1 stats for balance."

And then you include a crap-ton of development flights for Falcon, e.g. anything listed as "Grasshopper" ("...consists of the first stage of Falcon-9 v1.0, fitted with only one Merlin-1D engine and fixed landing legs"), "Falcon-9R-Dev-1" ("...is test vehicle for the Falcon-9 v1.1 and consists of the longer first stage of Falcon-9 v1.1(ex), fitted with three Merlin-1D engine and operational deployable lightweight landing legs"), and/or "(R&D)".

Re: operational in all weather

I'd like to see video of a multi-kilowatt laser fire into the fog, though I'll take a pass on seeing it in person.

You know how you're not supposed to activate your car's high-beams in fog? It's like that, only brighter.

Get off my lawn!

"Like you, I wish people would use the correct terminology - 'powered off' to me me means 'without any power applied, connected etc'"

Some of us oldtimers remember when the on/off switch/button physically disconnected the device from power-- and we write/speak accordingly.

Re: The problem is the internet protocols - Explain!

There are many network protocols, and they exist in a hierarchy (I'm referring to the OSI model here; other models exist).

OSI layer 3, the Network layer, is "IP" or "Internet Protocol." Its job is to facilitate moving packets of data from one host to another, locally or across routers. While it is responsible for moving data between hosts, it cannot deliver it to the applications or services that need it-- that is done by OSI layer 4.

OSI layer 4, the Transport layer, is responsible for the end-to-end delivery of data for applications and services. There are two main Transport layer protocols for use with IP: "Transmission Control Protocol" or "TCP"; and "User Datagram Protocol" or "UDP."

You might recognize TCP from "TCP/IP," which commonly-- and improperly-- is used as shorthand for any Internet data communication. TCP is a "session oriented" protocol. That is, communication using TCP requires that the client and server establish a session before communication commences, which requires the client ask the server to start a new session, receive an acknowledgement from the server, and then negotiate the session details.

Setting up the session is, relatively, expensive: it take a bit of time, because multiple non-data exchanges need to occur first, and it requires a little more RAM to maintain information about the session. TCP has its benefits, however, because it guarantees the delivery of data by ensuring each packet is received and re-sending those that go missing. It also requires that the client address in the IP header be valid, because two-way communication is necessary to complete session setup. Most protocols make use of TCP: HTTP, SMTP, POP3, IMAP, SSH, TELNET, FTP, LDAP, SQL (Microsoft, MySQL, Postgress, Oracle, etc), and so on.

The other Transport layer protocol, UDP, is "the" problem. UDP is a "connection-less" protocol, which does not require any session setup. A client simply sends a UDP packet to a server and the server-- if it is listening-- sends a response. Because there is no session information, there is no built-in retransmission of lost packets, but that's usually okay because you rarely use UDP for anything sensitive to data loss: audio and video transmission are the most popular uses of UDP, along with DNS and NTP. It also doesn't perform any validation of the client address in the IP header.

The lack of session setup makes UDP ripe for abuse. A malicious user can create a UDP packet to a server with the "from" address field set to the target system the user wants to DDoS, "spoofing" the address. The server, upon receiving it, will then reply-- completely unaware that it is sending to a third-party.

UDP attacks are made worse by a process called "amplification." Take DNS, for example: the spoofed DNS request doesn't have to be very large-- maybe 120 bytes, maybe less-- requesting a particular domain name lookup, but the lookup could be for a domain name with lots of records, causing the reply to be ten or more times larger. This amplifies the attacker's power, allowing him to generate ten or more times as much traffic as he has directly available through his Internet connection.

Taking over an IoT device is even worse, as the attacker now has the potential to load custom scripts or firmware and generate attack traffic directly, without relying on amplification and with minimal Command and Control traffic. And because the traffic is sent using UDP, there's no session setup to prevent or mitigate the flood: it just goes and goes and goes.

It should be noted that TCP is not without its faults with regard to DoS attacks. One of the early DoS attacks involved sending bad session setup requests that were never completed but still caused the server to allocate resources while waiting for the session setup to complete, which ultimately lead to resource exhaustion and the denial of service. This has been at least partly mitigated, and tends to affect a small number of servers, so it is no longer a common attack method.

UDP attacks, on the other hand, are kind of like saturation bombardment: the target server is knocked out, and service is degraded or denied for anyone else using the same Internet connection as the target.

Re: Missing piece...

But it has exposed USB ports. Seriously?

Even air-gapped systems need software updates, as well as data-in/data-out. Different amounts and types of security are used for different systems/classification levels/etc.

This is just another chink in the proverbial armor: those who thought they were sufficiently secure will again (as though they ever [or should have] stopped) reconsider their arrangements and make the necessary adjustments. Or they won't, in which case there's another opportunity for ex-filtration.

Also, it should be noted that while a system may be secure against this particular attack-- perhaps because they have disabled or epoxied closed their USB ports-- another researcher or villain may use it as a starting point for another attack vector, or adapt it to work with other USB devices (keyboards, perhaps).

Security is not a static thing: the white and black hats both work to reveal the weaknesses of existing (and sometimes future) systems, spurring changes in the relevant industries.

"I squat"

That puts your mouth at the proper level...

Re: Bar none

Many commercial truck (lorry) trailers in the USA are now fitted with "trailer skirts," which improve the aerodynamics of the trailer, and thus improve the fuel economy of the truck. Had the trailer been fitted with skirts, the car's LIDAR would probably have seen them and prevented the collision.

https://en.wikipedia.org/wiki/Trailer_skirt

But I agree with the OP: paying attention to the drive would have done the trick.

Lies, damned lies, and statistics

@Ivan 4

As we have all seen that extradition is only one way - country X to the US NEVER US to country X, for some very strange reason.

According to a FOIA request to the Home Office in 2012, seven people were extradited from the US to the UK (and thirty-three from the UK to the US) from 2004 through 2011.

https://www.whatdotheyknow.com/request/details_of_numbers_of_us_citizen

As for the reason for the imbalance between countries, you may reach whatever conclusion you wish, but I will not presume to know without details of the specific circumstances around each extradition and, importantly, any rejected requests.

Re: Goddam

An admirable summation, thames.

SCOG is the gift, above all others, that just keeps giving-- it's kind of like herpes, in that respect.

Re: Sounds Expensive

I think that's rather unfair on an otherwise good investigative technique. Got any evidence that such abuse has ever happened?

Proving such abuse would be exceptionally difficult, as it would almost certainly require the handler to confess to the abuse; it might be possible to capture such abuse on video, but the cues used might be sufficiently subtle that it would require an examination of multiple true and false alerts to sort out.

However, a study by University of California at Davis showed that dogs do take cues from their handlers-- intentionally or otherwise-- with a recommendation that the study be replicated and expanded to determine what cues were causing the false alerts.

http://www.ucdmc.ucdavis.edu/welcome/features/2010-2011/02/20110223_drug_dogs.html

Re: Seems legit

Joe, while I get where you're coming from, I fear you have a poor grasp of the ratios of income tax versus earned income for America's citizens.

In 2012, the top 1% of earners (people who reported earning more than $434k) paid a tad more than 26.7% of all "individual" (i.e. not corporate) taxes.

In the same year, the top 10% of earners (people who reported earning more than $125k, and including the top 1%) paid 70.2% of all individual taxes.

The bottom 50% of all individual tax returns paid 2.8% of the income taxes collected that year.

http://taxfoundation.org/article/summary-latest-federal-income-tax-data-0

Where to define the break between the "common taxpayers" and the, what, "uncommon taxpayers?" is open for debate. As the data in the link has certain defined breaks, let's use the bottom 75%, which includes anyone who earned less than $73k. The bottom 75% of all personal tax returns filed in 2012 paid 13.6% of the individual income tax collected.

Based on the percentages paid, I would argue that the "uncommon taxpayers," which include the "rich people" you referred to, are overwhelmingly responsible for "prop[ping] up their [own] ventures". Ventures which employ thousands of people directly, and which facilitate the employ of tens or hundreds of thousands indirectly.

I should also point out that the income tax numbers above and in the link are only about half of the taxes collected by the feds for that year. I don't have a link handy for 2012, but 2011's individual income tax income was similar, and was supplemented by about as much from payroll taxes, corporate taxes, and various "other" tax streams, like customs duties and excise taxes.

http://www.npr.org/sections/money/2012/04/13/150441259/what-america-pays-in-taxes

Re: "An artist's rendition of..." @ Michael Hoffmann

It's on the Texas A&M News and Events page, in the right column, under "Blue Light Special."

http://www.science.tamu.edu/articles/1129

Re: dedupe

@Gordan That's one way. The other possibility-- perhaps mentioned in someone else's comment; quite a lot of chaff has been posted with the wheat-- is that deduplication is enabled but effectively applied on a per-user basis.

That is, if we accept that user data is being encrypted with the user's master key, and that only that single instance of the encrypted data is being stored by Mega (e.g. a second copy, encrypted with a Mega-owned key, is not also being stored), then the only *likely* instances of duplication the system will see will come from the user him/herself, either in the form of entire duplicate files or identical data chunks within those files (assuming the data chunks are encrypted independently of each other).

Data savings might be large enough to justify this, if we consider that there is a possibility for users to maintain multiple copies of the same music file (for example), either as identical tracks from different albums or as part of playlists. Yes, I know it is much more efficient to maintain playlists as text files pointing to member tracks, but it's often more convenient to copy the playlist tracks to their own directory. Of course, metadata for the tracks will probably be different-- different album names, publish dates, etc-- so deduplication is only likely if independent encryption of data chunks is performed.

Re: Let us centralise all our support into just 2 locations...

> "Except that HP don't have just two production sites. They have dozens which will mostly NOT have local support."

"Production site," in this case, doesn't mean "manufacturing." In the IT world, a "production site" (or "production system") is the one in operation at the time. "DR" is the "disaster recovery" site, which maintains backup copies of all data and services, to be brought online should something happen to the production site.

As for support, it depends how they choose to manage that. Typically, data centers do not house first-tier support. With international companies, it is typically best for tier one to remain near the end-users, so they speak the same language and are familiar with the local processes, and have higher (more advanced) tiers more centrally located; end-users rarely interact with data center personnel.