WingNews logo WingNews GitHub [2]

trippy_biscuits's comments

trippy_biscuits | 11 years ago | on: OpenSSL Audit

You made the point that I was trying to make: implementations are not secure. A programming language can follow a philosophy but implementations never quite line up with the theory. We only use implementations of the theory and experience shows that implementations all have vulnerabilities.

trippy_biscuits | 11 years ago | on: OpenSSL Audit

Do people really believe in more secure languages? Are they the same people that think switches make networks secure? Switches don't and neither does a given language. I recall a CTO that would not allow C++ development because he thought the language was insecure. Java was the only language allowed. Even college courses are still teaching that security is one of the benefits of the virtual machine. We only have to look at all the patches for java to see that it hasn't been secure. Then we look at every other software that has been patched to see that nothing is secure.

Please stop perpetuating the myth that security is produced by a programming language. People make security happen just like they make it not happen. Obligatory Schneier: https://www.schneier.com/blog/archives/2008/03/the_security_...

trippy_biscuits | 11 years ago | on: A Natural Fix for A.D.H.D.?

I don't have a short attention span and I'm not hyperactive. I spend a lot of time thinking about things. I deduce things noticeably faster than my peers as long as it's not socially related. I have intense focus as long as something remains stimulating. When things lose my interest or are pointless they become tedious and it's not about attention span. I cannot stop worrying about assigned tasks to the point of anxiety. There is a mental barrier and I cannot work on the task despite intentions and efforts to do so. Medications don't really help me. They do at first, then they become less effective. An interesting side note about meds: The first time on meds I finally could see social cues and body language. It was a whole new world. I still see them off the meds now that I know about them but I may have trouble understanding what they mean due to lack of experience in receiving those signals. Getting proper sleep, nutrition, and having regular, serious exercise help more than meds. The affliction is very real. Just because you can't see it or refuse to believe in it doesn't change the fact that it impacts the lives of others.

trippy_biscuits | 11 years ago | on: fork() can fail

"Unix: just enough potholes and bear traps to keep an entire valley going."

If you don't understand how to use sharp tools, you may hurt yourself and others. Documentation for fork() clearly explains why and when fork() returns -1. Those that find the man page lacking or elusive may get more out of an earnest study of W. Richard Stevens' book, Advanced Programming in the UNIX Environment. In any case, every system programmer should own a copy and understand its contents.

trippy_biscuits | 12 years ago | on: Quake III bounty: we have a winner

In the 90s I built a FreeBSD firewall using discarded PC parts. It took 10.5 hours to build world and kernel. There were 2 power outages that forced me to start over each time. I bought my first personal UPS to fix that problem. I would learn how to cross compile instead of waiting 12 hours.

trippy_biscuits | 12 years ago | on: SXSW: 2 dead, 23 injured.

When I think of all the money spent in the name of improving and enriching the lives of human beings, it troubles me that we don't have a reliable solution for ending DUI. I know many companies fund research to end cancer or improve the quality of life for those with various diseases. While this research may help save or improve lives, it's motivated in part by a potential return on investment. Why can't we do something to prevent self-inflicted suffering? Those people did not need to die. While I don't consume alcohol I don't see why a person that has consumed alcohol should be transformed into a homicidal idiot after getting into the driver's seat. Since we can't seem to limit DUI, perhaps we can we make a car that won't operate when the driver is incapacitated? Although, I would oppose any legislation that forces such technology on everyone. To be sure, this remains a tough problem to solve (1). Rather than working around the problem (removing drivers or reducing the need to drive, limiting/controlling alcohol, etc) how should we address the issue? If we could stop alcohol-impaired driving the United States could save USD$51 billion per year and prevent over 10,000 deaths annually.

1. http://www.cdc.gov/motorvehiclesafety/impaired_driving/impai...

trippy_biscuits | 12 years ago | on: Apparent Theft at Mt. Gox Shakes Bitcoin World

It's interesting to watch ordinary people attempt to dabble in currency. How many criminal organizations, governments, and financial institutions (redundant?) the world over have people who wake up everyday just to manipulate the value of currency? For example, a common criticism of China is that they purposely manipulate their currency to devalue the US dollar. In which ways could such organizations impact a new currency like bitcoin? Simple theft doesn't work very well unless immediately converted to cash, just like tangible goods being fenced, often below true value. Was it really just theft?

trippy_biscuits | 12 years ago | on: Project Tango

So how long will it be before someone can take a picture of a person and find all the similar matches on Tinder modulo any profile preferences and desired attributes? Maybe save it for later and use it in a completely different location? In other words, take a picture and then have an app that finds as many matches for that person all while applying any filter preferences the user has in his or her own profile. One person may see exciting matching opportunities. Others may use these modern technology aids in becoming the ultimate modern predator. It's one thing when you want to find a great date. It's quite another when someone uses it to find your son or daughter.

trippy_biscuits | 12 years ago | on: Kids, this is story of How I Met... my VPS hacked

Obligatory xkcd: http://xkcd.com/463/

Why add more moving parts when they don't do anything but make more work? Scanning is a helpful idea, but not AV scanning. Regular vulnerability scanning can assess the platform security. At the very least, it can warn about potential security holes. It might also be plagued with false positives, causing more work for no added benefit. Safely running services on the internet is hard.

trippy_biscuits | 12 years ago | on: FreeBSD Journal announced

You are quite correct that installing from source doesn't really scale in hosting services. It does take too long and leads to incongruent deployments that may block migration. I don't believe any distribution is well suited for cloud deployment out of the box. I usually deploy from a suite of prepared images via netboot, then customers are free to compile from source or use canned packages.

trippy_biscuits | 12 years ago | on: FreeBSD Journal announced

Sure, I'm already using that option. I had to go and find it on my own, at the time. It wasn't as simple as updating the ports collection and installing from ports, but I suppose it's not much different than waiting for a maintainer to update a package and then installing it.

I use ports to mean compile on my own and packages to mean installing precompiled binaries. In my experience, FreeBSD seems more amenable to managing, building, and installing software from source code than a linux distribution. Perhaps I just haven't learned an efficient manner that integrates well with yum/rpm on CentOS? I've always had more dependency nightmares on a linux distro than with FreeBSD. Using FreeBSD's ports collection (single repository) has been less error prone for me than trying to manage all the different yum repos one must manually organize to get up to date software. Am I doing something wrong or is it really that clunky?

page 1
more