Posts by PhoenixRevealed 31 publicly visible posts • joined 1 Sep 2013
The last time I put a TSA lock on a bag it attracted the baggage handler thieves and I lost a digital SLR. Luggage locks are useless, and actually make your bag a more attractive target because the bad guys know there is likely something valuable in it. Just carry anything valuable in your carry on luggage.
My late father, a Naval Architect, went to the Hyundai dry dock in Korea about 25 years ago when the company he worked for needed a ship built that was too large for any North American facilities. I don't know if this is still true, but at the time the Hyundai dock was the largest in the world and the only one big enough for this particular container ship. When he got home he couldn't say enough about the Korean work ethic. He learned that after the war agriculture had been destroyed by chemical ordnance and all industry had been flattened, so the Koreans decided to leverage the only natural resource they had left, their people. They committed to do whatever was needed to rebuild their country even if that meant long hours and low wages. Unfortunately it seems their elites aren't ready to let them relax at all and have come to expect slave labor.
While clumsy, it is grammatically correct. I suspect what has you flummoxed is the last part, which sounds like it should end after the word "kernel". The integer signedness fault, however, doesn't cause a heap overflow in the kernel, it makes the kernel VULNERABLE to a heap overflow.
Clear as mud.
I've used GWX Control Panel on the half-dozen PCs I'm reponsible for and several others that people have asked me to squash GWX on. Excellent and completely effective so far. I do want to point out, however, that you don't need to "install" this utility if you don't want to. I just run the "portable" version and GWX hasn't come back on any of the PCs I've used it on. Supposedly, actually installing the tool provides a little more protection against GWX reinfection, but the portable version is so effective that I really don't see the need.
At 53, after nearly 25 years as a contract software developer for big corporations and government in the fourth biggest city in North America, most of that near the top of the heap, I suddenly found it impossible to find work. My experience made me too expensive to hire at full rate, and raised questions if I tried to undercut my younger competition. Permanent employers won't touch anybody with extensive contract experience out of the common (and often justified) fear that as soon as the contract market picks up again the worker will jump ship. Even Home Depot and Walmart won't hire you for a similar reason... they don't expect someone used to making $150,000/yr or more to stick around long. Now at 57 I haven't had any contract work since 2011 and made a valiant stab to move into mobile app development, which I found that I'm quite good at. Unfortunately, while it looked like a promising field back in 2012, we have all seen the numbers on the independent mobile app developer incomes since then. Only a handful of developers ever make more than a few hundred dollars a year, no matter how good their products are. Luckily, an understanding and supporting wife with her own successful Insurance/Investment practice, and strong handyman skills that have allowed me to earn some doing renovations and repairs, have kept starvation from the door. I'm still banging away at mobile apps in the hope I'll crack the code and hit the big bucks, but till then it's a good job I can replace a toilet and put up drywall.
My experience might have been different if I hadn't gone the contract route in my IT career, but after a quarter century of success and solid cashflow, getting to be an old IT geezer sure was a shock.
Neither was China or North and South America. All those places (except two small South American countries) drive on the right. While what you say may be true for Europe and North Africa, it doesn't apply to the large number of other right-driving countries around the world.
"If you were on the right hand side of the road, most people would have to let go of the wheel with their dominant hand, in order to change gear etc."
Bull... I'm left handed in a right-side driving country. As such I am forced to use my non-dominant hand to operate everything in the vehicle except the windshield wipers. That requires more of my attention than it would if I could use my more coordinated left hand, but I am NOT forced to take my left hand off the steering wheel to do so. When using the shifter I am sometimes forced to take my eyes off the road and look down at it since my muscle memory is less developed on that side and I find it harder to "feel" that it is in the correct position than if I could use my left hand instead. I actually find it easier to drive in a left-side drive country. Your argument is just wishful justification of what at its core is just a emotional position that makes you feel superior because your country "does it right".
Show me a scientifically conducted study that there are more accidents caused by right-handed drivers in right-side driving countries than in left-side ones (adjusted for population and overall accident rates) and maybe I'll take your argument more seriously. We all know how great the drivers are in Calcutta, and they drive on the left.
Get over yourself... there is no "correct" side of the road to drive on, as long as everybody drives on the same side. As a southpaw I wish North America drove on the left since then I'd be able to control my stick shift, radio, HVAC, etc, and pick up my coffee cup with my left dominant hand instead of being forced to use my right, less coordinated appendage. Since the vast majority of humans are right-handed, it actually makes more sense to drive on the right. That said, it really doesn't matter unless you regularly travel to places that drive opposite to what you are used to.
"Actually you are completely incorrect as more countries drive on the left, it's just that the BIG countries do the reverse so most drivers doing it properly drive on the right."
I don't know where you are getting your info to support your wishful thinking, but most world drivers are on the right, and it's not even close. China, The old Soviet states, Europe, the Middle East, the northern two-thirds of Africa, Scandinavia, all of North America, and all but two countries in South America all drive on the right. The only way your statement is even halfway correct is to count the number of minuscule island countries which are the remnants of Anglo colonization, but even then, the actual number of drivers in those places are vastly outnumbered by those in right-driving nations.
http://www.worldstandards.eu/cars/list-of-left-driving-countries/
What makes you smugly state Blackberry is pretending everything is fine? The new CEO has said publicly that survival is only 50-50. They are working hard, cutting fat to the bone, and still dominate the mobile management market. Blackberry doesn't have to beat Apple or Samsung to survive, it only needs to spend less than it brings in.
"The current *rate* of change is not the norm, making adaptation very difficult for many plant and animal species."
Not sure where you are getting your facts from. Several recent science articles I have read state that researchers have revised earlier assessments that major climate changes took a long time to happen. Due to positive feedback effects some of the revised estimates were a short as a dozen years, and certainly less than one hundred, even for life altering climactic changes..
Once again Icahn proves himself to be little more than a bully with money. Rather than go out and start a business of his own and then do what he wants with it, he instead buys minority ownership of successful private companies and then tries to club them into running things for his financial benefit alone.
Interesting to see fairly positive comments regarding BlackBerry's much improved Android runtime, but the author completely misuses the term "native", which NEVER refers to Android ports. Native BlackBerry apps are only those written in C++/QML/JavaScript using the Native or Cascades APIs.
Well, Wikipedia is hardly an authoritative source. Even if it were, the traditional meaning of Mexican Standoff is where three armed individuals, each wanting to kill both of the others, are forced to decide which of the two opponents should be targeted first to give the greatest likelihood of self-survival. The possible outcomes are:
1. A kills B who kills C who kills A, all on the first shot. All are dead.
2. A and B fire first at C, then must quickly retarget each other. This time C is always dead, as is the slower of A and B, while the faster survives.
3. Just like scenario 2, except A and B are equally fast and kill each other after mutually killing C. All are dead.
4. A and B fire first at C, but C manages to kill A or B before dying. In this case the sole survivor is never targeted, while C and the other are both dead.
5. None shoot due to uncertainty. All survive.
There are other permutations depending of the relative draw and fire speeds of the compbatants, but the essence of a Mexican Standoff is three adversaries who must either guess correctly who to target first to survive, or decide not to shoot at all. The classic Mexican Standoff is portrayed in the Arch Stanton/Unknown grave scene at the end of The Good, The Bad, and the Ugly (although Blondie has secretly skewed the odds in his favour).
If this term truly has been co-opted by the financial sector for the scenario you describe, then somebody just didn't understand the original, true definition.
Very low level system code like authentication is often written in C, not C++. In fact, this page...
http://nakedsecurity.sophos.com/2014/02/24/anatomy-of-a-goto-fail-apples-ssl-bug-explained-plus-an-unofficial-patch/
...not only describes it as C, but the code snippet that shows the error is clearly written in a style commonly used in C, but not in C++ (although it is valid syntax). C++ has exceptions... C does not.
Your question assumes that the flaw was added after an earlier version functioned correctly. We don't know this, and the extra line may have been there from the start. Regression testing will only catch errors that were previously integration tested and worked, but not flaws that were never tested for in the past. It seems quite possible that this code just wasn't properly tested from the start before promotion for release. I have quite often seen situations where a developer performs unit tests to make sure things work properly with correct inputs, but neglect to test for incorrect inputs.
Subsequent integration tests will then often also only test that things work as expected when inputs are correct, especially since the tests are often designed by the same developer that originally wrote the code (they shouldn't be but often are.)
I'm not one for conspiracy theories, and I lean toward the "programmer error" explanation, but if I was a baddie knowing how human cognition works and intent on a subtle, easily missed change that would render SSL worthless, I might do EXACTLY this. I've been a professional programmer since the mid 1980's, and even knowing there was something wrong in the code I would have likely needed to step through it with a debugger to spot the flaw as it just didn't jump out at me. The fact that every other line was "goto fail;" made the offending line recede into the background noise. Code reviews are tedious and boring tasks that will usually only catch things that look "wrong", not flaws like this one that trick bored eyes by repeating a valid pattern with an extraneous element.
Yes it is obvious... once it's been pointed out to you with a big arrow.
P.S. to those claiming that this would have been caught if "unreachable code" warnings were turned on in the compiler... how so? "Unreachable code", as the name suggests, is code that can NEVER be executed, such as inside an "if" block where the condition can never be true. In this situation there was no code that could never be executed, just one line that shouldn't have been there. Complier warnings wouldn't have caught this, but correctly written automated unit testing should have.
This article make a couple of disingenuous claims, so much so that if I didn't know better I'd think it was FUD from a big US Internet carrier. At the very least it demonstrates a lack of familiarity with the North American market.
The problem is not "blocking" big players like NetFlix or Hulu by ISPs. Of course, doing so would be counterproductive for any ISP since they are such visible targets and a large part of why customers sign up for Internet access in the first place. Also, those services are already large enough to do an end-run around such impediments. NetFlix, for instance, started a program with ISPs where the highest quality streaming (Super HD) is only available to the ISP's customers if certain technical specifications are followed by the ISP. This had the effect of motivating ISP customers to get noisy about the quality of NetFlix streaming provided by the ISP. Heavyweights like NetFlix can do this... smaller and new players cannot.
The author erects a giant straw man by repeatedly stating that ISPs would be foolish to block content that customers want, when in fact the issue is not outright blocking but degradation of competing services. Lower resolution video streaming and stuttery VOIP may not be an explicit block, but can subtly push customers in the direction of the ISP's own "uncompromised" offering, especially since viewers are unlikely to realize the shortcoming is not the fault of the service they are trying to use. The author scoffs at the judge's suggestion that customers would not know their services were being blocked, but if NetFlix works but constantly rebuffers just as the killer is revealed, how many would realize the cause is their packets being "shaped" rather than a flaw with NetFlix itself? The corollary can also occur, the carriers can build networking infrastucture that is only used to improve the performance of their own services. This would seem to be less problematic, but in fact the duopolistic nature of the North American ISP landscape makes it impossible for anyone but the largest concerns to do the same. Most areas have at most two choices for an ISP in North America, cable or DSL, with both vendors being equally protective of their own services. The cable providers don't want to cut into their own cable TV bundles, and DSL operators frown on VOIP competitors to their own long-distance voice services. Huge players like NetFlix may have the financial resources to build up some of their own infrastructure, but again, emerging services are at the mercy of the entrenched carriers and are easily smothered at birth.
It it not just the ISPs that are a threat to smaller or niche players either. Long-haul carriers, the "backbone" of the Internet that connect one ISP to another also do their own "traffic shaping", often to the detriment of specific services. Here in Canada there are only two backbone carriers, Bell and Rogers. No matter who your ISP is, your packets are transferred by one of these two companies. Bell in particular started throttling BitTorrent packets a couple of years ago, and Rogers does something similar. What this means is that the consumer has only an illusion of choice since the services available are actually determined by the backbone providers, not the ISPs. There is no ISP available to the Canadian consumer that does not throttle BitTorrent traffic, simply because the ISPs are all at the mercy of Bell or Rogers.
The "Big Two" in Canada even tried recently to impose an end to flat-rate unlimited billing on the ISPs forced to resell their backbone bandwidth. Traditionally independent ISPs have purchased huge blocks of bandwidth from the backbone carriers, which they have then been allowed to sell to customers as they see fit. This allowed independents to offer true flat-rate unlimited packages that were offset by their other customers using relatively small amounts of bandwidth. This allows streaming video services to compete against cable TV bundles, since like bundles, customers can choose a bandwidth with a known monthly cost that will not balloon no matter how much video is viewed.
This doesn't sit well with Bell and Rogers, the incumbent Satellite and Cable TV providers respectively. They argued in court that independent ISPs should no longer be able to bill their customers as they like, but would have to instead introduce "usage based billing", where rather than selling the independents a block of bandwidth they could resell as they wanted, they would be billed on individually metered packets and would have to bill their customers that way too. This caused a huge outcry in Canada, as cord-cutters and heavy NetFlix users rightfully anticipated huge monthly bills and uncertainty. Luckily the CRTC (Canada's FTC equivalent) saw the light and quashed the uncompetitive initiative.
Packet "favouritism" by ISPs makes it harder for the "next big thing" to gain traction in the marketplace, and actually entrenches the big boys in a market the new guys can't penetrate. If you have a great idea for a new service, but it has the potential to cut into sales of the ISPs own offerings, the ISP has great incentive to make your service less attractive by throttling.
The big incumbents in the NA market like to squawk that the independents are piggy-backing on the infrastructure investments made by the big boys, but they conveniently forget that they are the incumbents due to decades of government enforced monopolies, originally intended to encourage the build out of expensive infrastructure in under-served areas, but now having the exact opposite effect. Bell in particular benefited from nearly a century of being the only game in town due to government decree. Even though deregulation has made it theoretically possible for infrastructure competitors to arise, the mammoth cost of doing so gives the incumbents an almost insurmountable head start.
This situation makes the Internet backbone similar in practice to the public airwaves. There are many laws in place to ensure that the finite bandwidth available for radio transmission is allocated for the public good. Although technological advancement occasionally increases the highest useful radio frequencies or increases the number of channels within a given frequency range, radio spectrum is basically limited, and so it must be carefully allocated to ensure maximum benefit to its true owners, the public.
With so few immovably entrenched backbone incumbents in North America (even worse in Canada) backbone bandwidth has become a scarce resource like the airwaves. I don't know what it is like in the rest of the world, but I suspect most non-residents of NA don't realize that several of the backbone providers here are also huge content providers, and so are inherently in competition with the independents that have no choice but to buy their bandwidth from them.
Contrary to the author's argument, there is a REASON so many voices are raised in alarm at this recent court decision. Those affected by it, the residents of USA, and indirectly, Canada (since CDN carriers follow the US lead), know that giving de facto monopolies with a long history of price gouging control over which packets and services are favoured is bad for consumers and for innovation.
In a world without the relatively neutral Internet of the past couple of decades, NetFlix wouldn't even exist.
I'm surprised nobody has mentioned the set of essential tools every serious compact cassette needed:
1. Bulk Eraser - this big AC powered magnetic brick was used to deeply erase a whole tape in seconds, while dramatically reducing the hiss that got worse over time as tapes were played and rerecorded. These devices worked great on video tapes too.
2. Head Demagnetizer - with use the record/play heads would gradually build up a standing magnetic bias that would muddy the playback quality, and possibly permanently damage the recordings. To remedy this you either needed to wave an AC powered demagnetizer pencil over the head then smoothly take it away without turning off the power till several inches away, or in later years you could buy a small self-contained cassette complete with coin battery, electronics, and electromagnet that would apply a small burst of alternating magnetism to the heads then decay when the play button was pressed.
3. Tape Splicing Kit - not only to repair or edit recorded tapes, but also to replace worn or damaged leaders, which tended to fray or break before the recorded part of the tape failed.
4. Jeweller's Screwdriver - to open cassette when internally jammed or replace the shell with a new one once the teflon lubricant sheets (or wax ones on the cheapies) gave up the ghost.
5. Tape Head Cleaner and Pads - usually alcohol based liquid applied with q-tips or similar to remove minute magnetic particles shed from played tapes which would eventually degrade the higher frequencies.
Not everybody with a big tape collection had all of these, but serious audiophiles always did.
I was going to mention the Elcaset. Didn't know if anyone else remembered what was billed at the time as the audiophile successor to compact cassette. Had to go out for a few hours and now I see several people have chimed in about this failed format. What I distinctly remember was that a base model recorder at introduction was about $1000 (probably about $2500 in today's dollar) and that the format only survived a couple of years. since Sony was the only manufacturer making the cassettes I remember being very grateful that I hadn't had the cash to buy one only for it to turn into a $1000 boat anchor when you couldn't get tapes anymore.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
