Profile cover photo
Profile photo
Preston Bannister
73 followers
73 followers
About
Preston's posts

Post has attachment
Preston Bannister commented on a post on Blogger.
If this means NaCl has no future, please update the public NaCl webpages.

Watched the movie "Gravity". While this is a much better attempt compared to many past movies, they still violate the laws of Physics for dramatic effect.

Repeatedly.

Really?!? At the very least they could have invited some Physics undergraduates from the local university. This is basic stuff.

There is just so much stupid...



The Trappist-1 system seems more like something from science fiction. Planets orbiting the sun in a few days, and passing close enough to each other to appear in the sky larger than the moon?

Makes our solar system rather boring.

The Trappist-1 sun is estimated at less than a billion years old, but expected to last 12 trillions years (more than a thousand times longer than our Sun). That type of ultra-cool red dwarf is much more common than other stars like our Sun.

With a sun less than a billion years old, if we take Earth as a model, then any life on system's plants will not be beyond the single-cell phase.

The SETI folk are going to look for signs of intelligent life, but this sounds unlikely (unless there is seeding or settlers). A better bet would be to scan older red dwarfs. We may have been looking at the wrong stars.

There seems to be some question about the variability of star, and whether this makes the planets less habitable.

Of course, there is an enormous amount of guesswork in the above.


USB is a problem.

We have a history of hardware vendors unaware of risk.

When you plug in any device on USB, that device can pretend to be a hub, can pretend to be mass storage, and can pretend to be a user input device (a mouse or keyboard). Taken together, that is everything needed to hack your computer.

There is no defense against an evil USB device.

From the point of view of an engineer, trying to make hardware as flexible as possible, this all makes sense. Engineers tend to be trusting folk.

From the point of view of a customer, wanting to be able to trust their hardware, this is not so good.

What programming language, next?

I use C++ when bare-metal performance is needed. I do not use the STL. I do not use the latest C++ features (at least, so far). In the domain in which I use C++, I doubt there is enough need for a better replacement. I do not expect to replace C++.

I use Java for web applications. I like using Java, but doubt Oracle as a long term steward. I expect to use Java for quite some time, but less. For similar reason, I expect to steer away from languages based on the JVM.

I used Python in the last project/product. Python is rather nice, and the Python community has got some things better than the Java community. But Python is at present a bit legacy.

I have used Javascript quite a bit in the web browser (building an AJAX application in the early days, about a decade back). In a recent project I used Javascript for building extensive developer tests for a Java application.

What is next?

I might use Rust, if building something like a web browser. In my mind, Rust fits between C++ and Java. Most likely, I will not be in this space.

I wonder about porting the Android runtime to Linux servers. Then the entire Java ecosystem escapes Oracle, and languages based on the JVM are more viable (if you doubt Oracle, as do I). This seems to be a non-starter, for unclear reason.

There is Go, but I have no opinion.

There is Ruby, which seems an evolved version of Python or Perl. (I have used Perl quite a lot, but several years back set a personal goal to avoid Perl.)

Mostly, I am looking for a replacement for Java/Python when building web applications (the sort that are web/database not compute limited).

I am tempted to use Lisp, but that would just be contrary. :)

#java #python #ruby #go #rust

Read up on the Dakota Access pipeline. The story is not what I first thought.

This is what you need to read.
http://earthjustice.org/sites/default/files/files/order-denying-PI.pdf


First, checked the history the Alaskan pipeline.
https://en.wikipedia.org/wiki/Trans-Alaska_Pipeline_System

Learned two things I had not known.
1) Promises were kept in near forty years of operation.
2) Native Americans in Alaska got a very large reward.

Read the NPR article on recent events.
http://www.npr.org/sections/thetwo-way/2016/09/09/493280504/judge-rules-that-construction-can-proceed-on-dakota-access-pipeline

Read the recent judgement by the United States District Judge - James E. Boasberg. There are 58 pages of dense, well-written text to digest. This should take you a couple hours.
http://earthjustice.org/sites/default/files/files/order-denying-PI.pdf

Boasberg was very thorough, clear, and a bit restrained.

What I did not know, before:
1) The pipeline company complied with all requirements.
2) The route was reviewed as required.
3) Other tribes participated in this review.
4) The route was adjusted many times.
5) The actions of this one tribe are ... odd.
6) The pipeline does not cross the tribe's land.

What the judge does not say, is that the actions of this one tribe look very fishy. If you read the judgement, you should end up with a list much longer than this too-long post.

What do you think of this meme?
"Lone Indian tribe seeks to blackmail pipeline company!"

Passwords are broken. Really and completely broken.

I am a bit of a computer security geek - since the 1980's. I always knew passwords used across too many sites was not going to work.The human mind cannot hold too many truly unique passwords. When there are too many unique (and changing) passwords, humans have to write them down - and that in itself is a huge vector for breaking security.

None of this is new.

For more than a decade, I followed a simple model. For sites I trusted, I I used unique password (following a pattern I could easily recall). For low-value sites, I used a low-value common password. This worked well for a time.

When sites started asking "security questions" (like: "What is your mother's maiden name?"), I knew that was a problem. If any one of the sites that asked that question was subverted, the answer to that question would become a weakness.

Lots of sites (following shallow guidance on security) asked those questions.

Lots of sites have of late been subverted. I have to assume all the usual "security" questions have been harvested. I have to assume my usual choices for passwords have been subverted.

I no longer know the password to login to my bank. I tried to deposit a check from my cellphone, and realized my password had changed, and I did not recall the new password.

All my online security now depends on access to my email account (through Google).

So many sites have been subverted in recent years, you have to assume the old passwords, and answers all the usual "security questions" are known to the black hats.

In part, none of this is new. There are folk in the security community who have sounded the alarm ... for years. But for a time ... at the practical level, the present threat was less than the theory.

That time is over.

Any secondary or tertiary site that asks for a password is a failure.

Yes, I have a "password manager", also. First, this is a bit "techie" - not a problem for me. Second, this does not work seamlessly across my devices - which is fatal. As a larger solution, this fails.

I do trust the primary sites - those who have world-class security folk on staff (in large number), and aggressively push the theoretical bounds on security. I count the number of those sites on one hand. (Also, I want those sites to continue to earn my trust. As complacency will be fatal.)

But ... we are on an edge. Except for a very few, very capable sites - passwords have to go away. Security has to be delegated to a small number of trusted sites. (I count Google as one, so far.)

There is no surprise that passwords as an authentication model would become broken. Of note is we have reached the pragmatic point where passwords are broken for most use.






There is something to be said about the over-design of websites.

" Here's the thing web designers: I don't want your custom fonts, so I used some open source software - uBlock - to block them. I don't want your pointless giant images wasting my bandwidth so I blocked them too, and since your layout is so convoluted and clogged with crap I used a "Reader Mode" tool in my open source web browser to simplify things down to the actual content. "

http://www.theregister.co.uk/2016/09/28/open_source_insider_peak_web/

When a website loads in long, lagging jerks - the experience is unpleasant. Yes, if I spent a lot of time with your site, the slightly-improved appearance might be worth the initial jerky load (as the web fonts and common heavy assets would be cached).

But when visiting a site with uncached assets - especially on a smartphone over the cell data network - the initial experience is unpleasant. When assets take too long to load (often), I am part-way through reading a page, when ... yank!! ... the page layout changes and I have to hunt around to find where I was reading. (News sites seem to be especially bad about this.)

Of course, web designers spent a lot of time with the same sites, on fast networks, and with most of the heavy assets cached - so they do not see the first-load experience.


Post has attachment
Colonize the Moon before Mars.

Why is this a question? We can do rapid iteration with the Moon. Not with Mars. Once we colonize the Moon, then Mars is (almost) easy.



Post has attachment
Is this humor, or ... ?? :)
#OpenStack #cloud #datacenter
Wait while more posts are being loaded