Profile

Cover photo
Perry Metzger
1,653 followers|433,461 views
AboutPostsPhotosVideos

Stream

Perry Metzger

Shared publicly  - 
 
I'm suddenly getting added by loads and loads of obvious spam accounts on G+ -- started happening a day or so ago. Anyone know what the deal is?
2
Ed S's profile photoRandy Resnick (randulo)'s profile photoPerry Metzger's profile photoSean Hastings's profile photo
6 comments
 
+Perry Metzger Go to the persons profile by clicking their picture. Some icons appear there below the picture and "ADD" button including a down arrow "V" that gives you a choice of Mute/ Block or Report.
Add a comment...

Perry Metzger

Shared publicly  - 
 
French art film director Chris Marker made what seems to be the first and nearly most highbrow cat video of all time in 1994.

https://www.youtube.com/watch?v=KalkgX5Igwo
6
1
Ryan Lackey's profile photoAmitai Schlair's profile photoKlaus Klein's profile photo
2 comments
 
One of my favorite composers and species.
Add a comment...

Perry Metzger

Shared publicly  - 
 
People forget so quickly how wealthy the average person in the US is now, and how poor they used to be. A couple of centuries of exponential growth in productivity have done amazing things, but most people have a very short term view and are completely oblivious to it.
We've become so rich that we have forgotten something that is well within living memory: Americans used to have much, much less.
21
3
TJ Evans's profile photoCarl Rose's profile photo

Perry Metzger

Shared publicly  - 
 
The toys are getting insanely good. Imagine the sorts of software defined radios you could build with this....
Download a datasheet or document on TIs ADC12J4000 Analog to Digital Converter, from the High Speed ADC (>=1GSPS) collection of analog and digital product folders.# Added
7
3
Billy Harvey's profile photoJeroen van Gelderen's profile photo
Add a comment...

Perry Metzger

Shared publicly  - 
 
The International Journal of Advanced Computer Technology, a predatory open-access journal, has accepted for publication the marvelously titled paper "Get me off Your Fucking Mailing List."
View original post
4
Noah Friedman's profile photoPerry Metzger's profile photo
2 comments
Add a comment...
 
This is bad, but it lacks a cool name like "Shellshock" so likely people will not pay enough attention even though it is remotely exploitable and there is no mitigation without a patch. https://www.us-cert.gov/ncas/alerts/TA14-318A
A critical vulnerability in Microsoft Windows systems could allow a remote attacker to execute arbitrary code via specially crafted network traffic.
7
3
Jim Gettys's profile photoJohn S. Galliano's profile photo
Add a comment...
Have them in circles
1,653 people
Walid Shaari's profile photo
Mike Godwin's profile photo
Joseph Rasch's profile photo
Vapor Central's profile photo
John Levine's profile photo
Jim Lesczynski's profile photo
Kelly Davis's profile photo
Rhamdany Nirwana's profile photo
dacia damon's profile photo

Perry Metzger

Shared publicly  - 
 
Of interest only to my computer science friends who know and love C very well. I thought after over 30 years of using the language I had already seen every perversion and depravity possible in C, and yet, here's a new one to me: you can abuse Duff's Device plus macros to get co-routines. (The side effect may be to summon the old ones though.)

Apparently this was originally discovered by Tom Duff and he thought it was too disgusting to describe in his original Usenet posting on Duff's Device. Simon Tatham's "PuTTY" actually uses it throughout!

http://www.chiark.greenend.org.uk/~sgtatham/coroutines.html
Coroutines in C. by Simon Tatham. Introduction. Structuring a large program is always a difficult job. One of the particular problems that often comes up is this: if you have a piece of code producing data, and another piece of code consuming it, which should be the caller and which should be ...
15
4
Alan Olsen's profile photoMike Jurney's profile photoSteven Brier's profile photoGuillaume Andrieu's profile photo
8 comments
 
Contiki uses protothreads to provide multitasking, IPv6 and a user interface to C64 and sensor nodes…
http://dunkels.com/adam/pt/
Add a comment...

Perry Metzger

Shared publicly  - 
 
One does wonder how long it will last...
 
"Google+ Is Not Dead...

...But it does have an expiration date."

https://medium.com/@garyvee/google-is-not-dead-20331a6ea7b6
But it does have an expiration date.
1 comment on original post
5
Benny Siegert's profile photo
 
There are big plans for it. It's not going anywhere. 
Add a comment...

Perry Metzger

Shared publicly  - 
 
This may come as a surprise to some people, so I thought I would mention it. In most common law jurisdictions, it is considered immaterial that a victim of a crime or tort was unusually weak -- the mere fact that a blow or other assault against them was deliberate is enough for you to be liable for their subsequent death. Even if they have an unusually thin skull, or are asthmatic and thus unusually prone to choking to death, or anything similar, it does not diminish your culpability in the slightest.
The eggshell skull rule (or thin skull rule or you take your victim as you find him rule of the common law) is a well established legal doctrine used in some tort law systems, with a similar doctrine applicable to criminal law. It increases the liability of a person who may commit a tort against ...
6

Perry Metzger

Shared publicly  - 
 
Fifty years ago this month, John S. Bell submitted an elegant little paper to an obscure journal that proved Albert Einstein wrong on an important question. The paper itself is so wonderful that I've linked to the original below.

Quantum mechanics says that in a certain kind of experiment, two particles might be emitted that travel off at high speed in opposite directions, and will have an entangled property -- regardless of the direction in which you measure (and you an pick an arbitrary direction, even long after the particles are emitted), one particle will be measured as having opposite spin along that direction as the other.

Quantum mechanics also says there is no way whatsoever to predict in advance which will will be which (that is, say, which will be spin up and which spin down if you measure along that axis). Note that you can pick any axis to measure along, and instantly, the other particle will be seen to have a correlated spin along that axis, no matter how far away the other particle might now be! (You can't communicate information this way, so it doesn't violate relativity, but it still is, in Einstein's words, "spooky action at a distance".)

Einstein, who hated quantum mechanics even though he was one of its creators, said this was ridiculous, that clearly there is some sort of underlying information about the system that we just don't know -- quantum mechanics must be an incomplete description of the world, and if only we had a complete theory that provided us with all the relevant "hidden variables" that describe the state of the particles, we would know exactly what we would measure in advance, and there would be no "spooky action at a distance".

Then came along John Bell's little paper. It is a paragon of elegance. Trust me in saying that even if you only had a month of undergraduate quantum mechanics, you could understand the whole thing perfectly -- it is that simple and that well written.

Bell asks a beautifully stupid question. If there is some hidden variable or set of variables -- call them λ -- then we can calculate the probability distribution of those variables, call it p(λ). What's the distribution of observed spins given p(λ)? That's easy to calculate, so he does so. He then shows that the resulting probability distribution for measurements of a pair of entangled particles will be different from those quantum mechanics would predict, regardless of what p(λ) looks like -- a stunning and unexpected result!

People then went off into their labs, measured such systems, and discovered that, lo and behold, it appears the results follow quantum mechanics' predictions, not those that we would get if there's some classical process with a hidden variable. That means there are no hidden variables (at least not local ones, I'm sure someone will pipe up on that!) out there governing how the world works.

For better or worse, quantum mechanics is not an "incomplete theory", and the world around us really does have some sort of irreducible randomness in our observations.
9
1
Dave Gordon's profile photo
Add a comment...

Perry Metzger

Shared publicly  - 
 
 
"Recently, Verizon was caught tampering with its customer's web requests to inject a tracking super-cookie. Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks. In recent months, researchers have reported ISPs in the US and Thailand intercepting their customers' data to strip a security flag—called STARTTLS—from email traffic. The STARTTLS flag is an essential security and privacy protection used by an email server to request encryption when talking to another server or client."
Recently, Verizon was caught tampering with its customer's web requests to inject a tracking super-cookie. Another network-tampering threat to user safety has come to light from other providers: email encryption downgrade attacks.
1 comment on original post
5
1
Robert Collins's profile photoGreg A. Woods's profile photoWilliam Turner's profile photo
7 comments
 
The old nonsensical idea that TLS should be optional is really the root problem of all this.

It has led to this kind of confusion ever since before it was formally adopted.

Nobody (sane) does STARTTLS with IMAP -- they only do IMAPS.  We use HTTPS, not STARTTLS within HTTP.

There was a small push some years ago (well, over a decade ago now I guess) to have a port number assigned for SMTPS, but the main desire for it was for client submission, and thus we ended up with the SUBMISSION port instead.  (Though indeed SMTPS on #465 is still quite common.  There are far worse abuses of port assignments than using extra ones for SSL/TLS wrapping of existing protocols.  I'm probably even responsible for one such worse abuse myself.)

So, even trying to use STARTTLS on port #25 is mis-guided at best (especially where it's done by an MUA that should be doing SUBMISSION), and proceeding without fully verified TLS certificates being negotiated, and SMTP AUTH succeeding, on port #587 is completely stupid at best.  Thus what I said in the first place.

Also, given the store-and-forward nature of SMTP (including the SUBMISSION variant), and the security considerations noted in RFC3207, blocking of STARTTLS should not result in a MITM attack with properly configured mail servers.  It's still just barely a possible DoS attack -- though even that is debatable, especially if the client is mobile.
Add a comment...
People
Have them in circles
1,653 people
Walid Shaari's profile photo
Mike Godwin's profile photo
Joseph Rasch's profile photo
Vapor Central's profile photo
John Levine's profile photo
Jim Lesczynski's profile photo
Kelly Davis's profile photo
Rhamdany Nirwana's profile photo
dacia damon's profile photo
Links