2324 posts • joined 7 May 2012
Re: Homomorphic encryption only option
Homomorphic encryption only* allowed for operations to be performed on encrypted data. You still must encrypt it at time of input and decrypt it when you want to use those results, so whilst the attack surface would be reduced**, it is not eliminated. Something, somewhere is going to need to do some math on the key, at which point, whatever facts that can be inferred from these registers come into play.
*this is still pretty mind blowing
** and no doubt increased in other areas
>> indexing by the numeric column ID is measurably faster
> If you only need a few columns but SELECT * then you're losing performance in the amount of surplus data you're cramming into the pipeline from the database.
Not to mention what happens under the hood if one of those columns in * is a blob of some form. The expression is "penny wise, pound foolish". Obviously a field index directly converts to a memory address offset so will be faster than an abstraction like a field name, but even that abstraction will likely use some sort of hash lookup internally or otherwise cache on first access, so you can bet your bottom dollar that the difference in almost any real world scenario is too small to reliably measure.
There are occasions to use column numbering, such as computing a row total at runtime for an arbitrary number of columns, but if you're in a position where you need to eek a bit more performance out of your system, there will almost certainly be lower hanging fruit to pick which carries much less risk and gives an order of magnitude benefit over this.
That doesn't even get into the find references to field X in table Y type problems which comes up in the real world quite a lot.
> "SELECT *" - Screams with pain.
It's one of those things that is nearly always a bad idea. There are some use cases for it where you cannot know the columns available until runtime, but for the most part, it is the result of some code snippet they found in SO.
But the same thing can also occur without selecting * if you think two BAL methods consuming the same DAL method, and one of those BAL methods now needs an additional fact. BAL method one is making an inappropriate assumption about a promise that the DAL never made, and the author of BAL method two failed to consider the effect of their change on others, but the real blame in my eyes is that the author of BAL method one didn't write a test case against the DAL method that would fail if the order was changed (in effect escalating those field orders to a promise). Had they done this, the second author would have had their commit rejected until they either stopped changing the sequence of these columns or adjusted the other methods accordingly.
Type safety can help, but only if the two types aren't otherwise assignable. But it isn't going to save you if you expect an int and the new column is also an int. Some modern languages are even using duck typing, so may not even "break" at runtime. Imagine accidentally selecting an int into a float field or something of that nature. You might get a number, just not the one you need to give the correct output.
> Presumably this wasn't an RDBMS
I can't see how you came to that assumption. SELECT * will include all columns that get added in the future. Many also have the misguided understanding that addressing a field by name is more expensive than by number. One of those premature optimisation consequences.
You can do this sort of nonsense with MS SQL, Oracle, postgres, mysql, and pretty much anything that would term itself as a rdbms and paired with any modern languages like c#, Java, .....
The thing that you can definitely conclude is that pretty much any test case coverage (even manual) would have prevented it from being released.
Re: Not an "autopilot"
Let me follow your logic. The person of your concern has a medical condition that prevents them from driving. They have enough money to live on their own rather than share, but not enough money to move somewhere closer to their employment and their employment is such that they cannot easily find a job that is more conveniently located. And the way you suggest that they may make this work is to buy a US$75,000 car which has a feature that can drive by itself up until the moment it can't.
Yeah, no. Self driving cars will be an amazing source of freedom to many people with medical conditions, elderly, disabled, even people under the influence of alcohol or other drugs. This certainly should not be understated as a benefit, but the problem is where certain people who should know better imply the technology is more advanced than it is, then run for the hills when it isn't.
I want to see manufacturers put their money where their mouth is before they are allowed to imply the car has an autopilot or similar technology. If they paid you out a million dollars if your car was at fault in an accident whilst self driving, and 10 million if that accident resulted in a permanent injury for anyone involved, and 100 million to the family of anyone killed, you might find that companies such as this are a lot more restrained when making these claims.
What worries me here isn't the failure of some sensor, but that we see a company not acknowledging that the design of their system (even down to its name) incorrectly encourages people to trust it beyond its capabilities. That is a design flaw. It needs to be rectified. Maybe it needs to pull itself over and stop if the driver isn't paying attention. When a plane crashes, Boeing or Airbus don't sit back and say well pilot/ground crew screwed up here, case closed. No, they figure out why their safety processes and systems didn't fire or were ignored, and implement changes in both instructions, design and training programs to make it less likely. I'm seeing none of that here. It's entirely about saving their reputation. Until that culture changes, I don't want these things on my roads.
Re: toing the party line
> *In their mind, only teenagers play Conley games.
That'd be computer games. Freaking autocarrot.
Re: toing the party line
> So if we had fibre all the way into the home, network concurrency and latency would not be a problem right?
Wireless will, by laws of physics, have concurrency limitations that a long shard of glass internally reflecting a laser beam will not suffer. The only way to avoid it is to build more masts, send up more birds, or free up new frequencies.
Tbh, the anti FTTN mob (where can I sign up) accept the inevitability of concurrency limitations on the wireless parts of the nbn. The congestion we complain about is on the nodes themselves, requiring the total scrapping of the Optus infrastructure that they paid a metric ton of cash for, as well as massive overbuild of the Telstra's cable to get somewhat acceptable speeds in 2018, but with no cheap future upgrade path.
Even mentioning gamers is frankly ridiculous. Games are very bandwidth efficient. They need good latency but the payload itself tends to be small. It's not like they're sending 4K streams to each other during gameplay. The big culprits are things like YouTube, Netflix, Spotify, torrents, etc. But I can well imagine the politics of "it's just a bunch of whining teenagers*" is an easier sell than "we choose technologies that cannot be cheaply scaled as data demands have gone up". I mean who could forsee that selling gigantic 4K internet connected televisions to everyone would result in everyone wanting to download online content.
*In their mind, only teenagers play Conley games.
Re: This is why science rocks
> I find tap water much better when diluted.
I find it best when diluted with sufficient quantities of real medicine.
How's that non-crypto Blockchain going?
Wait! If you're telling me that they have a laser pointer attachment, I'll become an IoT evangelist.
Re: Single Points of Failure
Have you been living under a rock? It is 2018. You can't even convince some people not to consider their data to be stored until it has been written to some spinning rust or SSD. Because webscale.
I have a bigger problem than the rounding. Metres? Feet? I mean, what is wrong with saying about 41 linguini?
I hear what you did there
Re: Apple have never really played ball...
> If sending a flag to the exchange server is enough to get you e-mails that you shouldn't get, then the security on the exchange server is absolutely broken
Not at all. Exchange is implementing security via the RFC3514 flag.
Re: Stalker's wet dream
> Alexa? Tell drone to follow <insert name of famous person>'s car
Alright, which one of you smarty pants was discussing flooring options with your better half?
> Will someone please tell me why I am wrong to say that no-one using a modern language (of a higher level than Assembler or C) needs to explicitly code a loop to sum [attributes of] the elements in an array?
Not a downvoter but ...
I have seen LINQ used in some pretty bad ways. Here are a couple.
Developer not realising that their method was O(n^2). They simply forgot that behind those magic select or first or find methods is a loop.
Another developer didn't realise that a .Any(a => a == 5) on a Hashset may yield the same result as .Contains(5), but the former is O(n) and the latter O(1).
In other cases, a loop which iterates some collection and conditionally yields another object with properties based on the initial collection item can end up with such a convoluted expression that the minute it would have taken any half competent developer to follow the intent now takes 10 minutes to unpack, and even then you're wondering if you missed something subtle.
Another issue is with debugging it can be hard to set breakpoints when your line may represent hundreds of function calls.
Note I never said you should never use them. Just remember that most of the time it doesn't matter if your class is 5 lines longer or 150ns slower, but it does matter if your code becomes difficult to read. Use them, but with appropriate discretion.
Always wondered what that last outsourced mob got up to after we, er, parted ways.
Re: Mapping plan
> I hope that IPv7 or IPv8 routers
At the risk of having a Bill Gates moment, what on earth do you think we'll be doing in the future to need such an immense address space.
Perspective time. The surface area of earth is roughly 5.1 x 10^8 km2
IPv6 gives 2^128 addresses (ignoring reserved ranges for the minute). That's a big number*.
That results in 667,220,330,000,000,000,000,000 ipv6 addresses per square metre on this planet. How much IoT tat do you need?
What counts as biometrics in this case? Is a photo or collection of photos of a known person considered to be holding biometric data? If so, then this net captures a lot of other businesses and indeed people.
Or does there have to be a conversion on those images to a series of measurements of ratios and angles between features before it is considered a biometric template. If so, does this mean that there are certain algorithms that are not permissible to run on a photo. Would smile and blink detection algorithms fall foul of such definitions.
Don't get me wrong, I'm hardly the person who would stick up for a massive advertising, tracking, manipulative company, but I have much bigger concerns about how they use such data to link people with other people in shadow profiles.
Re: Meanwhile, over in the UK ...
Wow that's a bad way to do things. Down here, the powers that be are planning on simply usurping the commendable laws of mathematics with our local laws.
Re: They got 100Mbps wireless in Iceland (country)
Re size of Australia, if the bottom of Tasmania is in Egypt, Perth is somewhere in Spain, Darwin somewhere up in Sweden, and Brisbane in Turkey. It has a cattle farm that is bigger than Israel (see Anna Creek).
All with the population of California.
But we don't each get our own mountain range. Rather, that population is largely collected in a few cities in the south and east with almost nothing in the middle (except big spiders and drop bears obviously). Serving remote communities with infrastructure of any sort is not without challenges, but nbns problem has always been political. The current mob needed a 'the previous mob are clueless wasters of money angle', a classic case study of not invented here syndrome. History won't look kindly on what the current mob have done to the project.
Re: National Security Boundaries
What does Apple maps call the spratly islands? How is China with that call? What about the Philippines or Vietnam?
How very quaint of you to think that these companies structure their legal entities and technical responsibilities such that those outposts have no capability to comply with demands made by those companies.
Let's not even get into whether China accepts your right to publish certain political commentary, or whether YouTube should depict women driving cars as prohibited in some backwaters from which a lot of your oil comes from.
If AWS has a bunch of bit barns across western Europe that become illegal to use for servicing European citizens due to GDPR or something, they will have no choice but to sell the bricks and mortar to some European company who isn't subject to American law. This was my very first point.
Re: Complete security is a MYTH there is ALWAYS the human element to bugger up the works.
> If a "rogue host-level administrator" is in charge of your network then you have bigger problems.
So where does an AWS or Azure sit in your threat model here?
If it helps, imagine there is a country out there, let's call this place Murika, which believes that it's laws apply to all other countries. Let's call these other mysterious places Notmerika, and let's pretend that they have their own governments, laws and legal frameworks. Notmerika has certain laws that governs the treatment of data of its citizens and companies. These laws restrict what data an organisation may collect and with whom it may be shared, including how law enforcement can, through legal mechanisms like subpoenas, force the organisation to hand over data.
If the host can access the guest's memory in a decrypted state, then it becomes practically certain that they will be subpoenaed by a Murikan court to produce contents from the guest which would otherwise have required the appropriate paperwork be passed to the Notmerikian authorities.
Two classes of people should care about this:
1. Murikan's who hope to sell their cloud services in Notmerika; and
2. Notmerikians who went to run services for other Notmerikians whilst complying with Notmerikian law.
Remember that $5,000 you spent on Tesla's Autopilot and then sued when it didn't deliver? We have good news...
Re: If you are contracted….
For any Aussies caught up with similar misrepresentations, you can thank your lucky stars that the Australian Consumer Guarantees explicitly cover motor vehicles unless bought at auction or from a private seller.
Specifically some pertinent quotes
"Products must also:
* match descriptions made by the salesperson, on packaging and labels, and in promotions or advertising
* be fit for the purpose the business told you it would be fit for and for any purpose that you made known to the business before purchasing
* meet any extra promises made about performance, condition and quality, such as life time guarantees and money back offers"
That said, if I'm spending 6 figures on a car, I'm spending a few hundred in getting a lawyer to draft something which they'll find a little trickier to ignore.
Re: Why is self-signed such a bad idea ?
> - To encrypt the connection to
> the endpoint.
> - To verify that the endpoint is
> the intended recipient.
> Self-signed combats the first
> but not the second.
A subtle point here that I suspect Lee understands but others may have missed.
The first point is more correctly stated as "To encrypt the connection to some endpoint". If you deliver your site over a self signed certificate, you cannot be sure that the self signed certificate presented to the browser is the one you sent. Here is the scenario in action.
1. Alice visits bob.com from Mallory's internet cafe.
2. Mallory intercepts the initial clienthello negotiation and sends a fake serverhello with a self signed bob.com certificate.
3. Simultaneously, Mallory does her own clienthello to the real* bob.com and negotiates everything from there.
4. When Mallory gets the response back from bob.com, she decrypts it with the negotiated session key between her and the real site, then re encrypts that stream with the session key she negotiated with Alice.
5. The process is reversed for sending any requests to the server.
Realise that neither Alice nor Bob see anything unusual in this interaction. Alice would be informed by a big red warning box in her browser that the certificate is untrusted. The problem in our scenario is that this is exactly the error she will see where communicating with bob.com without Mallory in the middle.
*A comment on real site in this context. Even Mallory could not know in this step whether another mitm exists between her and bob.com. It's turtles from there.
If being aware of these things is the driver's job, then being a data entry clerk cannot be a simultaneous task. You can't expect a human to diligently perform both tasks at the same time. Human brains aren't wired that way.
Re: Great move Amazon
If they were smart, they refund + small payment (Amazon gift card) + NDA with penalty and this never happened.
Re: Another example...
> There is a New Zealant arm of Google, as well as an NZ-localised version of their site, so it's not unreasonable to expect that part of Google to comply with local laws. Saying they don't have the technical means to do it, when they do so for various European jurisdictions sounds ... wrong ..?
One wonders whether they may find compliance cooperation more forthcoming if that lovely
.co.nz domain disappeared.
Re: "Tesla won’t stop until Model 3 has better braking"
Shirley that's boom crash!
Ah thanks, I was wondering where I'd left that coat.
Yes. Paying less per month now* line rental isn't a thing, but getting unlimited data, unlimited national calls and unlimited calls to mobiles.
Will look at NBN at some point. We have the box drilled onto the outside wall, but they still need big Mal to sidestep some laws of mathematics with the Telstra under-provisioned fraudband cable before they can shine some
lightelectrons down it.
*Ok very marginally more if you add the VPN cost but I value my privacy, but no bill shock on bigger. months.
Works both ways. When I moved into my current place, they had a pensioner discount* applied on the plan. Did the right thing and called up their accounts. They said thanks, told me they'd fixed the issue, just pay the discounted amount and next month it'd be normal.
Next month, you'll never guess what happened.. so I called them again, explained again how they had applied it by mistake and asked for its removal. Sure thing, they said. The last phone monkey pressed the wrong button but it's all fixed now.
Next month, go on, take a guess. So I called, told then that this was the final time that I would call them, re explained that I don't want this on my account. Then explained that no, I am not trying to apply for a pensioner discount. Eventually they got it, told me about how the other phone monkeys must have missed the steps. Got a receipt number that time.
So next month, actually let's fast forward a bit. About 5 years later, they sent me a nasty letter demanding documentation proving I'm entitled to the discount in 30 days or else they would cut off my discount. Perfect.
So about a year later, I transferred my phone line to nakeddsl with "not Telstra", still receiving my discount every month.
*This is Telstra's idea of a discount, which means only 1.9x the competition instead of 2x
Biometrics: Better than your mother's maiden name. Good luck changing your body if your info is stolen
Re: US Verification
@allan, the salient point is that seemingly non identifying attributes in combination can build up a profile that is anything but anonymous. I'm not really sure why you bring up authentication or reasonable doubt testing. But I guess if somehow police knew your date of birth, gender and suburb but absolutely nothing else about you, they would only catch you 80% of the time.
Re: US Verification
Three facts: Date of birth + gender + post/zip code get a surprisingly unique profile. I don't have the figures on hand, but it is enough to uniquely fingerprint a single person in well north of 80% of occasions.
So you heard it here first. Want privacy, be an identical twin....
@Julian, I think you'll find that the laws of mathematics don't apply here, so it's all good.
Off with e's head
His head fell off, you say?
Peter Madsen might have just got an idea for his next appeal.
> Remember that time a crazy person went into that primary school with a copy of "FIPS PUB 197" and he encrypted all those poor children
And I would have got away with encrypting the whole school if not for that pesky kid Robert'); DROP TABLE Students;--
> To say that .NET is a shit copy of Java is a bit harsh..
More than a bit harsh. Can we interest you in a mutable datetime class? Whoever thought that was a good idea, I'll have whatever they were smoking.
XAML is a brilliant idea terribly executed. Over engineered to the point where the winforms folk scratch their head as to why it should take an hour to write the code to hide an element based on an enum with some value and'd with some other bool property. Your triggers end up just as long as war and peace, can't be easily unit tested, resulting in people (ab)using their viewmodels and having to add a gazillion notify property change events, or (ab)using multivalueconverter because the expression is much simpler and you can at least write test cases on the converter. If it transcompiled to html5 then it would be very strong, but it doesn't open up any web options, unless you count silverlight or xbap (er, just no)
But back to my point, it's a bit stupid to claim it as a poor copy. It was able to avoid some of the more stupid architectural traps Java found itself in and end up with things like lambdas much earlier. The async await stuff is also excellent.
Re: Motherf***ers. I strongly doubt this is the only HP that has done this.
> More expensive than fine champagne. Tastes awful though.
You don't like champagne?
Re: Stupid Boy
> FFS most script kiddies could launch a working GPS system.
Totally true. Saw this on stackoverflow just this morning
I have written a GPS system. Here's my code.
I want to have sub metre accuracy in both longitude, latitude and elevation but I don't know where to start. I think I need generics.
Re: Block of flats
> Anyone know why they can not just use https without sni?
There needs to be a way for the web server to resolve the intended domain of the HTTPS request so it knows which certificate to use.
Without SNI, your server needs to rely upon a unique IP address per hosted domain. IP4 addresses are a limited resource, making that a costly proposition.
I guess SAN certificates are another option, but then you get a list of unrelated sites (including potentially, er, questionable activity sites) listed on your certificate. Try explaining that to world+dog.
Here phishy phishy phishy.
/Mine's the bright orange one, thanks
if dev == woman then dont_be(asshole): Stack Overflow tries again to be more friendly to non-male non-pasty coders
read his blog post last week
and I've got to say he nailed a few things. I can't really comment about hostility to women or people of colour (being neither myself). I haven't seen anything but that may be because the mods catch it early. But there is definitely a vigilante element where someone dares to ask two questions about a block of code. They get strung and quartered if they dare start a sentence with "what is the best practice for ....". They could have answered "The best practices in this area is heading into opinion territory. Rather, here is one way to achieve what you want that uses recognised design patterns XYZ."
I totally support the downvote of the code dump "My code has a problem" or the "insert literal quote from someone's homework with no effort of a solution". I totally support the XY response. I think people can be too aggressive on the duplicate flag, but support it in the right circumstances. I just don't get the idea of down voting something without you or someone else pointing out why the answer is wrong or dangerous or just a code dump without context.
At the end of the day, if there are people out there who don't contribute because of prevailing attitudes, then the answers aren't as good as they could potentially be. That doesn't mean that everyone is a snowflake. But it is possible to show respect to someone even when you think they are wrong. If you cannot articulate why there are dragons (or at least missed opportunities) on the suggested answer or comment that you disagree with, then that says more about you than the answer and you should defer to someone else to respond.
Re: if it works
He called it a measure, not a silver bullet to fix all debt. And on that basis I think his point is strong. Quite strong.
The sorts of organisations* that don't value unit testing** are highly correlated with the organisations that are too focused on the here and now to allocate time to resolving this technical debt.
It's understandable at one level because resolving technical debt is expensive. The only thing more expensive is to not resolve it and then attempt a fix/improvement. But don't expect the business to recognise that the week spent on fixing some deficiency here has saved them two weeks on other projects over the following 6 months.
*I speak of organisations because individual developers within those organisations may well be pushing the proverbial uphill trying to get the business onboard, but if they can't be convinced of the benefits of unit testing then they are likely to see any attempt at technical debt reduction as developers taking liberties with valuable company time.
** By value, I don't mean platitudes about their merits. I mean actually invest time into doing it, as well as investing in some sort of ci that runs them on every commit, as well as actually being prepared to rewrite code so badly coupled that unit testing is nigh impossible, as well as actually using the facts about whether an individual developer is consistently decreasing coverage as a KPI at their performance reviews.
Re: Don't be naive
@wally, I agree with 90% of your post, it's just the other 90% where we differ ;p
> Seriously, whoever is responsible for ensuring that a car hitting that barrier at the legal speed should not result in a death
Newton has a thing or two to say about such a possibility. Kinetic energy follows a square relationship to velocity.
ie. K = 0.5 * m * v2
What that means in practice is that a car doing 120km/hr must shed 4 times the energy it would have at 60 (or 16 times the energy of a 30km/hr crash).
At highway speeds, the barrier's main goal is to control the direction of the collision so you are less likely to be torpedoed into another vehicle (especially head on). With that much energy to absorb head on, the shear force of your brain mass hitting your skull is likely to be fatal, even if the barrier, crumple zones, air bags, pretensions, etc all perform perfectly. For perspective, EuroNCAP frontal test is at 64hm/hr. Take a look at one of the better performers in that test, then try and picture it without 4x the crash energy.
But I totally agree that replacing safety barriers after a collision must be a priority. I also share a big concern over why the sensors failed to detect the obstacle even if it got confused over the lane markings, or if it did see the obstacle, why it didn't appear to attempt to avoid it.
Re: Walter had complained to his Tesla dealer...
What are you stating, the obvious?
I guess it's
> They're only about a dozen kilometres apart, but on different floodplains and nicely close for networking and failover purposes.
This site has quite a proven track record of predicting the future.
My best wishes to the successful applicant. May this be a memorable day for you.
The client then says which encryption system it plans to use for the weaker, session key – which allows data to be sent much faster because it doesn't have to be processed as much
That's a bit misleading. The session key allows data to be sent faster because it uses a symmetric cipher. That is AES these days, and this is computationally as simple as bit shifting and XORing.
Asymmetric encryption is usually done with an elliptic curve* variant of the Diffie Hellman algorithm. In ballpark terms, that costs about 5000x more CPU time for the same payload. The real question is why not just use symmetric encryption? Spoiler alert, symmetric encryption requires both parties to know the shared secret (session key). How are two parties to communicate this without "Eve" learning it too? By using the asymmetric encryption to send the session key, you, in general, get the throughput close to symmetric alone but without the problems around how to share that key without another party discovering it.
*There is nothing wrong with Elliptic curves, just don't use the parameters that
NISTNSA were pushing.