Discussion:
Toll Free Area Codes
(too old to reply)
Garrison Hilliard
2016-06-24 03:55:15 UTC
Permalink
Raw Message
With toll free numbers the charges are paid for by the party who is
called instead of the caller. Although area code 844 is not assigned
to a geographical area, calls to any toll free number may be
restricted by the customer. Other toll free area codes are 800, 855,
866, 877, and 888.

--- news://freenews.netfront.net/ - complaints: ***@netfront.net ---
Bob Casanova
2016-06-24 17:50:09 UTC
Permalink
Raw Message
On Thu, 23 Jun 2016 23:55:15 -0400, the following appeared
in sci.skeptic, posted by Garrison Hilliard
Post by Garrison Hilliard
With toll free numbers the charges are paid for by the party who is
called instead of the caller. Although area code 844 is not assigned
to a geographical area, calls to any toll free number may be
restricted by the customer. Other toll free area codes are 800, 855,
866, 877, and 888.
Good to know (I already knew it), but just a *teensy* bit
off topic for s.s...
--
Bob C.

"The most exciting phrase to hear in science,
the one that heralds new discoveries, is not
'Eureka!' but 'That's funny...'"

- Isaac Asimov
BruceS
2016-06-24 20:33:55 UTC
Permalink
Raw Message
Post by Bob Casanova
On Thu, 23 Jun 2016 23:55:15 -0400, the following appeared
in sci.skeptic, posted by Garrison Hilliard
Post by Garrison Hilliard
With toll free numbers the charges are paid for by the party who is
called instead of the caller. Although area code 844 is not assigned
to a geographical area, calls to any toll free number may be
restricted by the customer. Other toll free area codes are 800, 855,
866, 877, and 888.
Good to know (I already knew it), but just a *teensy* bit
off topic for s.s...
That's as may be. The fact remains that it's the only post to s.s.
today (other than your response, of course) that my filters didn't
remove. I'm going to have to go ahead and thank Garrison Hilliard for
his contribution.
Bob Casanova
2016-06-25 18:16:11 UTC
Permalink
Raw Message
On Fri, 24 Jun 2016 14:33:55 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Thu, 23 Jun 2016 23:55:15 -0400, the following appeared
in sci.skeptic, posted by Garrison Hilliard
Post by Garrison Hilliard
With toll free numbers the charges are paid for by the party who is
called instead of the caller. Although area code 844 is not assigned
to a geographical area, calls to any toll free number may be
restricted by the customer. Other toll free area codes are 800, 855,
866, 877, and 888.
Good to know (I already knew it), but just a *teensy* bit
off topic for s.s...
That's as may be. The fact remains that it's the only post to s.s.
today (other than your response, of course) that my filters didn't
remove. I'm going to have to go ahead and thank Garrison Hilliard for
his contribution.
S.s went downhill when it became a forum for religion
instead of its stated purpose of discussion of claims of the
paranormal. So effectively, almost 100% of the posts in the
past few years were off-topic. Just not quite this far
off-topic, especially if one considers "supernatural" fully
synonymous with "paranormal", which some do. I don't, even
though the OED lists supernatural as one of many synonyms
for paranormal; I consider paranormal to be about human
psychic claims while deities are included in the
supernatural. YM, of course, MV.
--
Bob C.

"The most exciting phrase to hear in science,
the one that heralds new discoveries, is not
'Eureka!' but 'That's funny...'"

- Isaac Asimov
BruceS
2016-06-26 22:48:20 UTC
Permalink
Raw Message
Post by Bob Casanova
On Fri, 24 Jun 2016 14:33:55 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Thu, 23 Jun 2016 23:55:15 -0400, the following appeared
in sci.skeptic, posted by Garrison Hilliard
Post by Garrison Hilliard
With toll free numbers the charges are paid for by the party who is
called instead of the caller. Although area code 844 is not assigned
to a geographical area, calls to any toll free number may be
restricted by the customer. Other toll free area codes are 800, 855,
866, 877, and 888.
Good to know (I already knew it), but just a *teensy* bit
off topic for s.s...
That's as may be. The fact remains that it's the only post to s.s.
today (other than your response, of course) that my filters didn't
remove. I'm going to have to go ahead and thank Garrison Hilliard for
his contribution.
S.s went downhill when it became a forum for religion
instead of its stated purpose of discussion of claims of the
paranormal.
Even that would have been OK if the quality of such discussions were not
so low. We get a number of people from another, more
religiously-related group, who utterly fail to provide any rational
discussion, instead resorting to personal attacks, and justifying their
juvenile behavior by saying they've at some point in the past made
rational arguments and are now too tired to do so. I'm as happy to
discuss religion as to discuss mind-reading or homeopathy, as long as
it's with someone intelligent and reasonable. Actually, truth be told,
I've had a good bit of fun with at least one raving lunatic who claimed
magical powers, so that may be a slight exaggeration.
Post by Bob Casanova
So effectively, almost 100% of the posts in the
past few years were off-topic. Just not quite this far
off-topic, especially if one considers "supernatural" fully
synonymous with "paranormal", which some do. I don't, even
though the OED lists supernatural as one of many synonyms
for paranormal; I consider paranormal to be about human
psychic claims while deities are included in the
supernatural. YM, of course, MV.
It does, but that's OK. As pedantic as I like to be at times, fighting
the tides of hoi poloi pollution of the language, in this case I'll
accept the OED. I remain a skeptic of claims of all sorts of natures,
when those claims don't seem well supported by empirical data. For any
of that, sci.skeptic remains as good a place as any to argue the claims.

Back on topic, I haven't bothered to do any sort of fact-checking on the
claim about those area codes. I could really care less whether it's all
true. Not a lot less, not even enough to justify the work of a quick
search, but less.
Bob Casanova
2016-06-27 18:02:45 UTC
Permalink
Raw Message
On Sun, 26 Jun 2016 16:48:20 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Fri, 24 Jun 2016 14:33:55 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Thu, 23 Jun 2016 23:55:15 -0400, the following appeared
in sci.skeptic, posted by Garrison Hilliard
Post by Garrison Hilliard
With toll free numbers the charges are paid for by the party who is
called instead of the caller. Although area code 844 is not assigned
to a geographical area, calls to any toll free number may be
restricted by the customer. Other toll free area codes are 800, 855,
866, 877, and 888.
Good to know (I already knew it), but just a *teensy* bit
off topic for s.s...
That's as may be. The fact remains that it's the only post to s.s.
today (other than your response, of course) that my filters didn't
remove. I'm going to have to go ahead and thank Garrison Hilliard for
his contribution.
S.s went downhill when it became a forum for religion
instead of its stated purpose of discussion of claims of the
paranormal.
Even that would have been OK if the quality of such discussions were not
so low. We get a number of people from another, more
religiously-related group, who utterly fail to provide any rational
discussion, instead resorting to personal attacks, and justifying their
juvenile behavior by saying they've at some point in the past made
rational arguments and are now too tired to do so. I'm as happy to
discuss religion as to discuss mind-reading or homeopathy, as long as
it's with someone intelligent and reasonable. Actually, truth be told,
I've had a good bit of fun with at least one raving lunatic who claimed
magical powers, so that may be a slight exaggeration.
Remember Riley G? Earl Curley?

The quality hasn't gone down from those two; I can't imagine
how it could. What *has* changed is the switch to off-topic
subjects as nearly universal ("nearly" only because there's
one occasional poster who claims personal supernatural
powers).
Post by BruceS
Post by Bob Casanova
So effectively, almost 100% of the posts in the
past few years were off-topic. Just not quite this far
off-topic, especially if one considers "supernatural" fully
synonymous with "paranormal", which some do. I don't, even
though the OED lists supernatural as one of many synonyms
for paranormal; I consider paranormal to be about human
psychic claims while deities are included in the
supernatural. YM, of course, MV.
It does, but that's OK. As pedantic as I like to be at times, fighting
the tides of hoi poloi pollution of the language, in this case I'll
accept the OED. I remain a skeptic of claims of all sorts of natures,
when those claims don't seem well supported by empirical data. For any
of that, sci.skeptic remains as good a place as any to argue the claims.
I agree, but only to the extent that the claims are subject
to test and subsequent verification or disproof. Claims of
individual paranormal abilities qualify. Religious claims
don't, which is why science addresses the first but not the
second. And s.s was designed as a scientific newsgroup.
Post by BruceS
Back on topic, I haven't bothered to do any sort of fact-checking on the
claim about those area codes. I could really care less whether it's all
true. Not a lot less, not even enough to justify the work of a quick
search, but less.
I haven't verified all of the specific area codes, but I
know by experience that at least some of them are correct,
as is the ability of the subscriber to restrict access.
--
Bob C.

"The most exciting phrase to hear in science,
the one that heralds new discoveries, is not
'Eureka!' but 'That's funny...'"

- Isaac Asimov
BruceS
2016-06-28 15:40:10 UTC
Permalink
Raw Message
Post by Bob Casanova
On Sun, 26 Jun 2016 16:48:20 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Fri, 24 Jun 2016 14:33:55 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Thu, 23 Jun 2016 23:55:15 -0400, the following appeared
in sci.skeptic, posted by Garrison Hilliard
Post by Garrison Hilliard
With toll free numbers the charges are paid for by the party who is
called instead of the caller. Although area code 844 is not assigned
to a geographical area, calls to any toll free number may be
restricted by the customer. Other toll free area codes are 800, 855,
866, 877, and 888.
Good to know (I already knew it), but just a *teensy* bit
off topic for s.s...
That's as may be. The fact remains that it's the only post to s.s.
today (other than your response, of course) that my filters didn't
remove. I'm going to have to go ahead and thank Garrison Hilliard for
his contribution.
S.s went downhill when it became a forum for religion
instead of its stated purpose of discussion of claims of the
paranormal.
Even that would have been OK if the quality of such discussions were not
so low. We get a number of people from another, more
religiously-related group, who utterly fail to provide any rational
discussion, instead resorting to personal attacks, and justifying their
juvenile behavior by saying they've at some point in the past made
rational arguments and are now too tired to do so. I'm as happy to
discuss religion as to discuss mind-reading or homeopathy, as long as
it's with someone intelligent and reasonable. Actually, truth be told,
I've had a good bit of fun with at least one raving lunatic who claimed
magical powers, so that may be a slight exaggeration.
Remember Riley G? Earl Curley?
Nope. I guess I could check Google Groups for them. I do use twit
filters a bit, so if they weren't at all entertaining, I might have
only seen a few early posts from them.
Post by Bob Casanova
The quality hasn't gone down from those two; I can't imagine
how it could. What *has* changed is the switch to off-topic
subjects as nearly universal ("nearly" only because there's
one occasional poster who claims personal supernatural
powers).
I can't think of any since Graham, my favorite paranoid schizophrenic.
Since I demonstrated that my own magical powers are seven times as
strong as his, he stopped wanting to talk to me.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
So effectively, almost 100% of the posts in the
past few years were off-topic. Just not quite this far
off-topic, especially if one considers "supernatural" fully
synonymous with "paranormal", which some do. I don't, even
though the OED lists supernatural as one of many synonyms
for paranormal; I consider paranormal to be about human
psychic claims while deities are included in the
supernatural. YM, of course, MV.
It does, but that's OK. As pedantic as I like to be at times, fighting
the tides of hoi poloi pollution of the language, in this case I'll
accept the OED. I remain a skeptic of claims of all sorts of natures,
when those claims don't seem well supported by empirical data. For any
of that, sci.skeptic remains as good a place as any to argue the claims.
I agree, but only to the extent that the claims are subject
to test and subsequent verification or disproof. Claims of
individual paranormal abilities qualify. Religious claims
don't, which is why science addresses the first but not the
second. And s.s was designed as a scientific newsgroup.
Good point. While we can discuss religious claims at great length, the
fact remains that the "evidence" provided to support them is limited to
the anecdotal, popular, and circular varieties. I remain open minded,
to both religious claims and other forms of magic, in the hope that
*someone* can at least make an honest attempt to provide empirical
evidence to support his claims. It's that tendency to optimism in the
face of repeated disappointment that makes me ideal as a software
developer.
Post by Bob Casanova
Post by BruceS
Back on topic, I haven't bothered to do any sort of fact-checking on the
claim about those area codes. I could really care less whether it's all
true. Not a lot less, not even enough to justify the work of a quick
search, but less.
I haven't verified all of the specific area codes, but I
know by experience that at least some of them are correct,
as is the ability of the subscriber to restrict access.
I knew some of them to be correct, but didn't know about the restricted
access at all, so you're ahead of me there.

So now here we are, reduced to discussions of topicality. I *almost*
want to make some claims of personal magical powers, just to get
something started. I guess I'll go search some videos on Nostradammit,
or something like that. Or maybe look for some prepper stuff; that's
usually amusing for a while.
Bob Casanova
2016-06-28 19:26:32 UTC
Permalink
Raw Message
On Tue, 28 Jun 2016 09:40:10 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Sun, 26 Jun 2016 16:48:20 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Fri, 24 Jun 2016 14:33:55 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Thu, 23 Jun 2016 23:55:15 -0400, the following appeared
in sci.skeptic, posted by Garrison Hilliard
Post by Garrison Hilliard
With toll free numbers the charges are paid for by the party who is
called instead of the caller. Although area code 844 is not assigned
to a geographical area, calls to any toll free number may be
restricted by the customer. Other toll free area codes are 800, 855,
866, 877, and 888.
Good to know (I already knew it), but just a *teensy* bit
off topic for s.s...
That's as may be. The fact remains that it's the only post to s.s.
today (other than your response, of course) that my filters didn't
remove. I'm going to have to go ahead and thank Garrison Hilliard for
his contribution.
S.s went downhill when it became a forum for religion
instead of its stated purpose of discussion of claims of the
paranormal.
Even that would have been OK if the quality of such discussions were not
so low. We get a number of people from another, more
religiously-related group, who utterly fail to provide any rational
discussion, instead resorting to personal attacks, and justifying their
juvenile behavior by saying they've at some point in the past made
rational arguments and are now too tired to do so. I'm as happy to
discuss religion as to discuss mind-reading or homeopathy, as long as
it's with someone intelligent and reasonable. Actually, truth be told,
I've had a good bit of fun with at least one raving lunatic who claimed
magical powers, so that may be a slight exaggeration.
Remember Riley G? Earl Curley?
Nope. I guess I could check Google Groups for them. I do use twit
filters a bit, so if they weren't at all entertaining, I might have
only seen a few early posts from them.
They mostly had disappeared by 2000 or so; Earl Curley due
to becoming somewhat dead:

http://www.ratbags.com/loon/2001/06conspiracy.htm

I have no idea what happened to "Riley G., The Psychic
Detective" (usually referred to as the "Psychic (or
Psychotic) Defective":

http://www.skepticfiles.org/skep2/rileyfaq.htm
Post by BruceS
Post by Bob Casanova
The quality hasn't gone down from those two; I can't imagine
how it could. What *has* changed is the switch to off-topic
subjects as nearly universal ("nearly" only because there's
one occasional poster who claims personal supernatural
powers).
I can't think of any since Graham, my favorite paranoid schizophrenic.
Since I demonstrated that my own magical powers are seven times as
strong as his, he stopped wanting to talk to me.
*That* was it; Graham. Thanks; I'd forgotten his name (all I
could remember was <Something> Adam. I still chuckle at his
cloud images, especially of a supposed AK-47.
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
So effectively, almost 100% of the posts in the
past few years were off-topic. Just not quite this far
off-topic, especially if one considers "supernatural" fully
synonymous with "paranormal", which some do. I don't, even
though the OED lists supernatural as one of many synonyms
for paranormal; I consider paranormal to be about human
psychic claims while deities are included in the
supernatural. YM, of course, MV.
It does, but that's OK. As pedantic as I like to be at times, fighting
the tides of hoi poloi pollution of the language, in this case I'll
accept the OED. I remain a skeptic of claims of all sorts of natures,
when those claims don't seem well supported by empirical data. For any
of that, sci.skeptic remains as good a place as any to argue the claims.
I agree, but only to the extent that the claims are subject
to test and subsequent verification or disproof. Claims of
individual paranormal abilities qualify. Religious claims
don't, which is why science addresses the first but not the
second. And s.s was designed as a scientific newsgroup.
Good point. While we can discuss religious claims at great length, the
fact remains that the "evidence" provided to support them is limited to
the anecdotal, popular, and circular varieties. I remain open minded,
to both religious claims and other forms of magic, in the hope that
*someone* can at least make an honest attempt to provide empirical
evidence to support his claims. It's that tendency to optimism in the
face of repeated disappointment that makes me ideal as a software
developer.
It's a good tendency for anyone who does any sort of
development, software *or* hardware. I did both, so I know
where you're coming from. ;-)
Post by BruceS
Post by Bob Casanova
Post by BruceS
Back on topic, I haven't bothered to do any sort of fact-checking on the
claim about those area codes. I could really care less whether it's all
true. Not a lot less, not even enough to justify the work of a quick
search, but less.
I haven't verified all of the specific area codes, but I
know by experience that at least some of them are correct,
as is the ability of the subscriber to restrict access.
I knew some of them to be correct, but didn't know about the restricted
access at all, so you're ahead of me there.
So now here we are, reduced to discussions of topicality. I *almost*
want to make some claims of personal magical powers, just to get
something started. I guess I'll go search some videos on Nostradammit,
or something like that. Or maybe look for some prepper stuff; that's
usually amusing for a while.
Sounds like a plan...
--
Bob C.

"The most exciting phrase to hear in science,
the one that heralds new discoveries, is not
'Eureka!' but 'That's funny...'"

- Isaac Asimov
BruceS
2016-06-29 14:54:05 UTC
Permalink
Raw Message
Post by Bob Casanova
On Tue, 28 Jun 2016 09:40:10 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Sun, 26 Jun 2016 16:48:20 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Fri, 24 Jun 2016 14:33:55 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Thu, 23 Jun 2016 23:55:15 -0400, the following appeared
in sci.skeptic, posted by Garrison Hilliard
Post by Garrison Hilliard
With toll free numbers the charges are paid for by the party who is
called instead of the caller. Although area code 844 is not assigned
to a geographical area, calls to any toll free number may be
restricted by the customer. Other toll free area codes are 800, 855,
866, 877, and 888.
Good to know (I already knew it), but just a *teensy* bit
off topic for s.s...
That's as may be. The fact remains that it's the only post to s.s.
today (other than your response, of course) that my filters didn't
remove. I'm going to have to go ahead and thank Garrison Hilliard for
his contribution.
S.s went downhill when it became a forum for religion
instead of its stated purpose of discussion of claims of the
paranormal.
Even that would have been OK if the quality of such discussions were not
so low. We get a number of people from another, more
religiously-related group, who utterly fail to provide any rational
discussion, instead resorting to personal attacks, and justifying their
juvenile behavior by saying they've at some point in the past made
rational arguments and are now too tired to do so. I'm as happy to
discuss religion as to discuss mind-reading or homeopathy, as long as
it's with someone intelligent and reasonable. Actually, truth be told,
I've had a good bit of fun with at least one raving lunatic who claimed
magical powers, so that may be a slight exaggeration.
Remember Riley G? Earl Curley?
Nope. I guess I could check Google Groups for them. I do use twit
filters a bit, so if they weren't at all entertaining, I might have
only seen a few early posts from them.
They mostly had disappeared by 2000 or so; Earl Curley due
http://www.ratbags.com/loon/2001/06conspiracy.htm
I have no idea what happened to "Riley G., The Psychic
Detective" (usually referred to as the "Psychic (or
http://www.skepticfiles.org/skep2/rileyfaq.htm
I've opened both of those in my browser, skimmed a little, and will
read more later. Fortunately, I remembered to save the link location
from within Thunderbird, open new tabs in Firefox, and do the paste &
go there. I used to be able to just click on links here and they'd
open in new tabs in FF, but at some point that stopped working. Now it
just makes FF confused, and try to open the links when I close it. I
suspect some vast conspiracy of lizard-people are interfering with the
energies over the Internet, making my computer misbehave. Either that,
or I have a crap distro and need to find a better one.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
The quality hasn't gone down from those two; I can't imagine
how it could. What *has* changed is the switch to off-topic
subjects as nearly universal ("nearly" only because there's
one occasional poster who claims personal supernatural
powers).
I can't think of any since Graham, my favorite paranoid schizophrenic.
Since I demonstrated that my own magical powers are seven times as
strong as his, he stopped wanting to talk to me.
*That* was it; Graham. Thanks; I'd forgotten his name (all I
could remember was <Something> Adam. I still chuckle at his
cloud images, especially of a supposed AK-47.
Graham has (or at least had) a number of claims. One was that he's
"Adam of the Bible", apparently reborn though possibly just really
old. He also claimed to be Hercules, and liked to call himself "Herc"
or "|-| E R C" or something like that. He claimed every movie ever
made was based on his life, which ends up being a bit of a
head-scratcher. That one with the guy's life being (unknown to him) a
TV show was the main one. The cloud bit was something to the effect
that, in his presence, clouds would form into clear images of things,
to the point that other people would notice and take pictures of them.
I told him about my many cloud pictures, which are very clear and
realistic, but he didn't seem impressed. My pictures don't require any
interpretation or added lines; pretty much anyone can recognize the
real-world items the clouds depict, and anyone familiar with
meteorology can even tell specific varieties (e.g. "that's clearly an
altostratus!"). His claims of mind-reading were convoluted, and that's
where I showed my "7 times" power, getting far better results than he
did in a sort of cold reading situation.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
So effectively, almost 100% of the posts in the
past few years were off-topic. Just not quite this far
off-topic, especially if one considers "supernatural" fully
synonymous with "paranormal", which some do. I don't, even
though the OED lists supernatural as one of many synonyms
for paranormal; I consider paranormal to be about human
psychic claims while deities are included in the
supernatural. YM, of course, MV.
It does, but that's OK. As pedantic as I like to be at times, fighting
the tides of hoi poloi pollution of the language, in this case I'll
accept the OED. I remain a skeptic of claims of all sorts of natures,
when those claims don't seem well supported by empirical data. For any
of that, sci.skeptic remains as good a place as any to argue the claims.
I agree, but only to the extent that the claims are subject
to test and subsequent verification or disproof. Claims of
individual paranormal abilities qualify. Religious claims
don't, which is why science addresses the first but not the
second. And s.s was designed as a scientific newsgroup.
Good point. While we can discuss religious claims at great length, the
fact remains that the "evidence" provided to support them is limited to
the anecdotal, popular, and circular varieties. I remain open minded,
to both religious claims and other forms of magic, in the hope that
*someone* can at least make an honest attempt to provide empirical
evidence to support his claims. It's that tendency to optimism in the
face of repeated disappointment that makes me ideal as a software
developer.
It's a good tendency for anyone who does any sort of
development, software *or* hardware. I did both, so I know
where you're coming from. ;-)
I'm not a real hardware developer, but I do have a breadboard and a
bunch of chips, mostly quad NAND, that I used to play with a bit.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Back on topic, I haven't bothered to do any sort of fact-checking on the
claim about those area codes. I could really care less whether it's all
true. Not a lot less, not even enough to justify the work of a quick
search, but less.
I haven't verified all of the specific area codes, but I
know by experience that at least some of them are correct,
as is the ability of the subscriber to restrict access.
I knew some of them to be correct, but didn't know about the restricted
access at all, so you're ahead of me there.
So now here we are, reduced to discussions of topicality. I *almost*
want to make some claims of personal magical powers, just to get
something started. I guess I'll go search some videos on Nostradammit,
or something like that. Or maybe look for some prepper stuff; that's
usually amusing for a while.
Sounds like a plan...
I watched a bit, but got tired of it quickly. The loon factor in
Nostra fans is wearing. As for my own "powers", I'll say here that I
have the ability to predict the future, with great specificity and
precision. This includes objectively measurable events such as
throwing dice and picking stocks. For example, I can predict
tomorrow's closing price of a GE stock to the penny, and can predict
the outcomes of the next four times you throw a fair six-sided die. In
a similar vein, I can speak to the dead, though Shakespeare fans will
get the caveat to these abilities.

Now, if only this group had enough of an audience for any of that to
start something.
Bob Casanova
2016-06-29 18:22:25 UTC
Permalink
Raw Message
On Wed, 29 Jun 2016 08:54:05 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 28 Jun 2016 09:40:10 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Sun, 26 Jun 2016 16:48:20 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Fri, 24 Jun 2016 14:33:55 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Thu, 23 Jun 2016 23:55:15 -0400, the following appeared
in sci.skeptic, posted by Garrison Hilliard
Post by Garrison Hilliard
With toll free numbers the charges are paid for by the party who is
called instead of the caller. Although area code 844 is not assigned
to a geographical area, calls to any toll free number may be
restricted by the customer. Other toll free area codes are 800, 855,
866, 877, and 888.
Good to know (I already knew it), but just a *teensy* bit
off topic for s.s...
That's as may be. The fact remains that it's the only post to s.s.
today (other than your response, of course) that my filters didn't
remove. I'm going to have to go ahead and thank Garrison Hilliard for
his contribution.
S.s went downhill when it became a forum for religion
instead of its stated purpose of discussion of claims of the
paranormal.
Even that would have been OK if the quality of such discussions were not
so low. We get a number of people from another, more
religiously-related group, who utterly fail to provide any rational
discussion, instead resorting to personal attacks, and justifying their
juvenile behavior by saying they've at some point in the past made
rational arguments and are now too tired to do so. I'm as happy to
discuss religion as to discuss mind-reading or homeopathy, as long as
it's with someone intelligent and reasonable. Actually, truth be told,
I've had a good bit of fun with at least one raving lunatic who claimed
magical powers, so that may be a slight exaggeration.
Remember Riley G? Earl Curley?
Nope. I guess I could check Google Groups for them. I do use twit
filters a bit, so if they weren't at all entertaining, I might have
only seen a few early posts from them.
They mostly had disappeared by 2000 or so; Earl Curley due
http://www.ratbags.com/loon/2001/06conspiracy.htm
I have no idea what happened to "Riley G., The Psychic
Detective" (usually referred to as the "Psychic (or
http://www.skepticfiles.org/skep2/rileyfaq.htm
I've opened both of those in my browser, skimmed a little, and will
read more later. Fortunately, I remembered to save the link location
from within Thunderbird, open new tabs in Firefox, and do the paste &
go there. I used to be able to just click on links here and they'd
open in new tabs in FF, but at some point that stopped working. Now it
just makes FF confused, and try to open the links when I close it. I
suspect some vast conspiracy of lizard-people are interfering with the
energies over the Internet, making my computer misbehave. Either that,
or I have a crap distro and need to find a better one.
Could be. I use Agent and Firefox, and I have no problem
with links (now that I decided to enable them). I'm staying
with v.42 of Firefox since damn near every plugin I use
wouldn't work with v.43. It's now up to v.47, but my version
wants to update to v.43; go figure... Anyway, I may download
v.47 and see what happens when I try to install it. ;-)

And BTW, it's the Greys. Or maybe Microsoft; it's sometimes
hard to tell the difference.
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
The quality hasn't gone down from those two; I can't imagine
how it could. What *has* changed is the switch to off-topic
subjects as nearly universal ("nearly" only because there's
one occasional poster who claims personal supernatural
powers).
I can't think of any since Graham, my favorite paranoid schizophrenic.
Since I demonstrated that my own magical powers are seven times as
strong as his, he stopped wanting to talk to me.
*That* was it; Graham. Thanks; I'd forgotten his name (all I
could remember was <Something> Adam. I still chuckle at his
cloud images, especially of a supposed AK-47.
Graham has (or at least had) a number of claims. One was that he's
"Adam of the Bible", apparently reborn though possibly just really
old. He also claimed to be Hercules, and liked to call himself "Herc"
or "|-| E R C" or something like that. He claimed every movie ever
made was based on his life, which ends up being a bit of a
head-scratcher. That one with the guy's life being (unknown to him) a
TV show was the main one. The cloud bit was something to the effect
that, in his presence, clouds would form into clear images of things,
to the point that other people would notice and take pictures of them.
I told him about my many cloud pictures, which are very clear and
realistic, but he didn't seem impressed. My pictures don't require any
interpretation or added lines; pretty much anyone can recognize the
real-world items the clouds depict, and anyone familiar with
meteorology can even tell specific varieties (e.g. "that's clearly an
altostratus!"). His claims of mind-reading were convoluted, and that's
where I showed my "7 times" power, getting far better results than he
did in a sort of cold reading situation.
Yep, it's all coming back to me, |-| E R C, and all. And
IIRC his last name was Cooper.
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
So effectively, almost 100% of the posts in the
past few years were off-topic. Just not quite this far
off-topic, especially if one considers "supernatural" fully
synonymous with "paranormal", which some do. I don't, even
though the OED lists supernatural as one of many synonyms
for paranormal; I consider paranormal to be about human
psychic claims while deities are included in the
supernatural. YM, of course, MV.
It does, but that's OK. As pedantic as I like to be at times, fighting
the tides of hoi poloi pollution of the language, in this case I'll
accept the OED. I remain a skeptic of claims of all sorts of natures,
when those claims don't seem well supported by empirical data. For any
of that, sci.skeptic remains as good a place as any to argue the claims.
I agree, but only to the extent that the claims are subject
to test and subsequent verification or disproof. Claims of
individual paranormal abilities qualify. Religious claims
don't, which is why science addresses the first but not the
second. And s.s was designed as a scientific newsgroup.
Good point. While we can discuss religious claims at great length, the
fact remains that the "evidence" provided to support them is limited to
the anecdotal, popular, and circular varieties. I remain open minded,
to both religious claims and other forms of magic, in the hope that
*someone* can at least make an honest attempt to provide empirical
evidence to support his claims. It's that tendency to optimism in the
face of repeated disappointment that makes me ideal as a software
developer.
It's a good tendency for anyone who does any sort of
development, software *or* hardware. I did both, so I know
where you're coming from. ;-)
I'm not a real hardware developer, but I do have a breadboard and a
bunch of chips, mostly quad NAND, that I used to play with a bit.
I was an EE until I retired, and I was involved in both
designing hardware to test radar systems and writing the
software (Fortran 77 on an HP1000 system; we were just
starting to transition to C++ on desktop systems when I
retired in '06) to run it.
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Back on topic, I haven't bothered to do any sort of fact-checking on the
claim about those area codes. I could really care less whether it's all
true. Not a lot less, not even enough to justify the work of a quick
search, but less.
I haven't verified all of the specific area codes, but I
know by experience that at least some of them are correct,
as is the ability of the subscriber to restrict access.
I knew some of them to be correct, but didn't know about the restricted
access at all, so you're ahead of me there.
So now here we are, reduced to discussions of topicality. I *almost*
want to make some claims of personal magical powers, just to get
something started. I guess I'll go search some videos on Nostradammit,
or something like that. Or maybe look for some prepper stuff; that's
usually amusing for a while.
Sounds like a plan...
I watched a bit, but got tired of it quickly. The loon factor in
Nostra fans is wearing. As for my own "powers", I'll say here that I
have the ability to predict the future, with great specificity and
precision. This includes objectively measurable events such as
throwing dice and picking stocks. For example, I can predict
tomorrow's closing price of a GE stock to the penny, and can predict
the outcomes of the next four times you throw a fair six-sided die. In
a similar vein, I can speak to the dead, though Shakespeare fans will
get the caveat to these abilities.
Anyone can speak to the dead; the problem is to get an
answer.
Post by BruceS
Now, if only this group had enough of an audience for any of that to
start something.
Keep trying; |-| E R C made a successful career of it. ;-)
--
Bob C.

"The most exciting phrase to hear in science,
the one that heralds new discoveries, is not
'Eureka!' but 'That's funny...'"

- Isaac Asimov
BruceS
2016-06-29 21:24:50 UTC
Permalink
Raw Message
Post by Bob Casanova
On Wed, 29 Jun 2016 08:54:05 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 28 Jun 2016 09:40:10 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Sun, 26 Jun 2016 16:48:20 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Fri, 24 Jun 2016 14:33:55 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Thu, 23 Jun 2016 23:55:15 -0400, the following appeared
in sci.skeptic, posted by Garrison Hilliard
Post by Garrison Hilliard
With toll free numbers the charges are paid for by the party who is
called instead of the caller. Although area code 844 is not assigned
to a geographical area, calls to any toll free number may be
restricted by the customer. Other toll free area codes are 800, 855,
866, 877, and 888.
Good to know (I already knew it), but just a *teensy* bit
off topic for s.s...
That's as may be. The fact remains that it's the only post to s.s.
today (other than your response, of course) that my filters didn't
remove. I'm going to have to go ahead and thank Garrison Hilliard for
his contribution.
S.s went downhill when it became a forum for religion
instead of its stated purpose of discussion of claims of the
paranormal.
Even that would have been OK if the quality of such discussions were not
so low. We get a number of people from another, more
religiously-related group, who utterly fail to provide any rational
discussion, instead resorting to personal attacks, and justifying their
juvenile behavior by saying they've at some point in the past made
rational arguments and are now too tired to do so. I'm as happy to
discuss religion as to discuss mind-reading or homeopathy, as long as
it's with someone intelligent and reasonable. Actually, truth be told,
I've had a good bit of fun with at least one raving lunatic who claimed
magical powers, so that may be a slight exaggeration.
Remember Riley G? Earl Curley?
Nope. I guess I could check Google Groups for them. I do use twit
filters a bit, so if they weren't at all entertaining, I might have
only seen a few early posts from them.
They mostly had disappeared by 2000 or so; Earl Curley due
http://www.ratbags.com/loon/2001/06conspiracy.htm
I have no idea what happened to "Riley G., The Psychic
Detective" (usually referred to as the "Psychic (or
http://www.skepticfiles.org/skep2/rileyfaq.htm
I've opened both of those in my browser, skimmed a little, and will
read more later. Fortunately, I remembered to save the link location
from within Thunderbird, open new tabs in Firefox, and do the paste &
go there. I used to be able to just click on links here and they'd
open in new tabs in FF, but at some point that stopped working. Now it
just makes FF confused, and try to open the links when I close it. I
suspect some vast conspiracy of lizard-people are interfering with the
energies over the Internet, making my computer misbehave. Either that,
or I have a crap distro and need to find a better one.
Could be. I use Agent and Firefox, and I have no problem
with links (now that I decided to enable them). I'm staying
with v.42 of Firefox since damn near every plugin I use
wouldn't work with v.43. It's now up to v.47, but my version
wants to update to v.43; go figure... Anyway, I may download
v.47 and see what happens when I try to install it. ;-)
And BTW, it's the Greys. Or maybe Microsoft; it's sometimes
hard to tell the difference.
Ah, the Greys! They're those English people with the strange
perversions, who have mentally captivated so very many middle-aged
women, right? You just can't trust those alien types, whether from
Mexico or Jolly Ole.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
The quality hasn't gone down from those two; I can't imagine
how it could. What *has* changed is the switch to off-topic
subjects as nearly universal ("nearly" only because there's
one occasional poster who claims personal supernatural
powers).
I can't think of any since Graham, my favorite paranoid schizophrenic.
Since I demonstrated that my own magical powers are seven times as
strong as his, he stopped wanting to talk to me.
*That* was it; Graham. Thanks; I'd forgotten his name (all I
could remember was <Something> Adam. I still chuckle at his
cloud images, especially of a supposed AK-47.
Graham has (or at least had) a number of claims. One was that he's
"Adam of the Bible", apparently reborn though possibly just really
old. He also claimed to be Hercules, and liked to call himself "Herc"
or "|-| E R C" or something like that. He claimed every movie ever
made was based on his life, which ends up being a bit of a
head-scratcher. That one with the guy's life being (unknown to him) a
TV show was the main one. The cloud bit was something to the effect
that, in his presence, clouds would form into clear images of things,
to the point that other people would notice and take pictures of them.
I told him about my many cloud pictures, which are very clear and
realistic, but he didn't seem impressed. My pictures don't require any
interpretation or added lines; pretty much anyone can recognize the
real-world items the clouds depict, and anyone familiar with
meteorology can even tell specific varieties (e.g. "that's clearly an
altostratus!"). His claims of mind-reading were convoluted, and that's
where I showed my "7 times" power, getting far better results than he
did in a sort of cold reading situation.
Yep, it's all coming back to me, |-| E R C, and all. And
IIRC his last name was Cooper.
That's right. I'd seen some actual news accounts of some of his
exploits, but they involved stalking, threatening the public health,
and the like, rather than cloud formation or mind reading. He had some
translation of his name "Graham Cooper" into something about computers,
using a primitive sound-like approach. I forget why he wanted to be a
computer though. As "Adam", he claimed to be the start of a new,
better race of humanity, along with some poor woman he named "Eve", and
whose actual name he contorted into something about "wet pussy". She
had a protection order against him, which he got into a bit of trouble
for violating. He also drew a picture of her in the bath, and put that
on his website. I cringe at the thought of how it must have been for
her, getting his attention.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
So effectively, almost 100% of the posts in the
past few years were off-topic. Just not quite this far
off-topic, especially if one considers "supernatural" fully
synonymous with "paranormal", which some do. I don't, even
though the OED lists supernatural as one of many synonyms
for paranormal; I consider paranormal to be about human
psychic claims while deities are included in the
supernatural. YM, of course, MV.
It does, but that's OK. As pedantic as I like to be at times, fighting
the tides of hoi poloi pollution of the language, in this case I'll
accept the OED. I remain a skeptic of claims of all sorts of natures,
when those claims don't seem well supported by empirical data. For any
of that, sci.skeptic remains as good a place as any to argue the claims.
I agree, but only to the extent that the claims are subject
to test and subsequent verification or disproof. Claims of
individual paranormal abilities qualify. Religious claims
don't, which is why science addresses the first but not the
second. And s.s was designed as a scientific newsgroup.
Good point. While we can discuss religious claims at great length, the
fact remains that the "evidence" provided to support them is limited to
the anecdotal, popular, and circular varieties. I remain open minded,
to both religious claims and other forms of magic, in the hope that
*someone* can at least make an honest attempt to provide empirical
evidence to support his claims. It's that tendency to optimism in the
face of repeated disappointment that makes me ideal as a software
developer.
It's a good tendency for anyone who does any sort of
development, software *or* hardware. I did both, so I know
where you're coming from. ;-)
I'm not a real hardware developer, but I do have a breadboard and a
bunch of chips, mostly quad NAND, that I used to play with a bit.
I was an EE until I retired, and I was involved in both
designing hardware to test radar systems and writing the
software (Fortran 77 on an HP1000 system; we were just
starting to transition to C++ on desktop systems when I
retired in '06) to run it.
I've done nearly as much Fortran (also mostly 77, though some 66) as I
have C++. I'm primarily a C programmer, with a bit of Java and other
things thrown in. In college, one of my favorite classes was hardware,
in which we spent a lot of time designing circuits with gates, and then
translating them into all NAND. Oddly, I never pursued that
professionally.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Back on topic, I haven't bothered to do any sort of fact-checking on the
claim about those area codes. I could really care less whether it's all
true. Not a lot less, not even enough to justify the work of a quick
search, but less.
I haven't verified all of the specific area codes, but I
know by experience that at least some of them are correct,
as is the ability of the subscriber to restrict access.
I knew some of them to be correct, but didn't know about the restricted
access at all, so you're ahead of me there.
So now here we are, reduced to discussions of topicality. I *almost*
want to make some claims of personal magical powers, just to get
something started. I guess I'll go search some videos on Nostradammit,
or something like that. Or maybe look for some prepper stuff; that's
usually amusing for a while.
Sounds like a plan...
I watched a bit, but got tired of it quickly. The loon factor in
Nostra fans is wearing. As for my own "powers", I'll say here that I
have the ability to predict the future, with great specificity and
precision. This includes objectively measurable events such as
throwing dice and picking stocks. For example, I can predict
tomorrow's closing price of a GE stock to the penny, and can predict
the outcomes of the next four times you throw a fair six-sided die. In
a similar vein, I can speak to the dead, though Shakespeare fans will
get the caveat to these abilities.
Anyone can speak to the dead; the problem is to get an
answer.
LOL, that's the bit. As for the other, anyone can predict the future,
to any desired degree of precision; the problem is accuracy. Oddly, a
lot of people seem to mix up precision and accuracy.
Post by Bob Casanova
Post by BruceS
Now, if only this group had enough of an audience for any of that to
start something.
Keep trying; |-| E R C made a successful career of it. ;-)
AIUI, he's spent his life mostly either in institutions, on the dole,
or being dependent on family. For a while he was living in what looked
like a garden shed, somewhere in the boonies near a small Australian
town. I think I'll pass.
Bob Casanova
2016-07-01 01:16:18 UTC
Permalink
Raw Message
On Wed, 29 Jun 2016 15:24:50 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Wed, 29 Jun 2016 08:54:05 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 28 Jun 2016 09:40:10 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Sun, 26 Jun 2016 16:48:20 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Fri, 24 Jun 2016 14:33:55 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Thu, 23 Jun 2016 23:55:15 -0400, the following appeared
in sci.skeptic, posted by Garrison Hilliard
Post by Garrison Hilliard
With toll free numbers the charges are paid for by the party who is
called instead of the caller. Although area code 844 is not assigned
to a geographical area, calls to any toll free number may be
restricted by the customer. Other toll free area codes are 800, 855,
866, 877, and 888.
Good to know (I already knew it), but just a *teensy* bit
off topic for s.s...
That's as may be. The fact remains that it's the only post to s.s.
today (other than your response, of course) that my filters didn't
remove. I'm going to have to go ahead and thank Garrison Hilliard for
his contribution.
S.s went downhill when it became a forum for religion
instead of its stated purpose of discussion of claims of the
paranormal.
Even that would have been OK if the quality of such discussions were not
so low. We get a number of people from another, more
religiously-related group, who utterly fail to provide any rational
discussion, instead resorting to personal attacks, and justifying their
juvenile behavior by saying they've at some point in the past made
rational arguments and are now too tired to do so. I'm as happy to
discuss religion as to discuss mind-reading or homeopathy, as long as
it's with someone intelligent and reasonable. Actually, truth be told,
I've had a good bit of fun with at least one raving lunatic who claimed
magical powers, so that may be a slight exaggeration.
Remember Riley G? Earl Curley?
Nope. I guess I could check Google Groups for them. I do use twit
filters a bit, so if they weren't at all entertaining, I might have
only seen a few early posts from them.
They mostly had disappeared by 2000 or so; Earl Curley due
http://www.ratbags.com/loon/2001/06conspiracy.htm
I have no idea what happened to "Riley G., The Psychic
Detective" (usually referred to as the "Psychic (or
http://www.skepticfiles.org/skep2/rileyfaq.htm
I've opened both of those in my browser, skimmed a little, and will
read more later. Fortunately, I remembered to save the link location
from within Thunderbird, open new tabs in Firefox, and do the paste &
go there. I used to be able to just click on links here and they'd
open in new tabs in FF, but at some point that stopped working. Now it
just makes FF confused, and try to open the links when I close it. I
suspect some vast conspiracy of lizard-people are interfering with the
energies over the Internet, making my computer misbehave. Either that,
or I have a crap distro and need to find a better one.
Could be. I use Agent and Firefox, and I have no problem
with links (now that I decided to enable them). I'm staying
with v.42 of Firefox since damn near every plugin I use
wouldn't work with v.43. It's now up to v.47, but my version
wants to update to v.43; go figure... Anyway, I may download
v.47 and see what happens when I try to install it. ;-)
And BTW, it's the Greys. Or maybe Microsoft; it's sometimes
hard to tell the difference.
Ah, the Greys! They're those English people with the strange
perversions, who have mentally captivated so very many middle-aged
women, right? You just can't trust those alien types, whether from
Mexico or Jolly Ole.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
The quality hasn't gone down from those two; I can't imagine
how it could. What *has* changed is the switch to off-topic
subjects as nearly universal ("nearly" only because there's
one occasional poster who claims personal supernatural
powers).
I can't think of any since Graham, my favorite paranoid schizophrenic.
Since I demonstrated that my own magical powers are seven times as
strong as his, he stopped wanting to talk to me.
*That* was it; Graham. Thanks; I'd forgotten his name (all I
could remember was <Something> Adam. I still chuckle at his
cloud images, especially of a supposed AK-47.
Graham has (or at least had) a number of claims. One was that he's
"Adam of the Bible", apparently reborn though possibly just really
old. He also claimed to be Hercules, and liked to call himself "Herc"
or "|-| E R C" or something like that. He claimed every movie ever
made was based on his life, which ends up being a bit of a
head-scratcher. That one with the guy's life being (unknown to him) a
TV show was the main one. The cloud bit was something to the effect
that, in his presence, clouds would form into clear images of things,
to the point that other people would notice and take pictures of them.
I told him about my many cloud pictures, which are very clear and
realistic, but he didn't seem impressed. My pictures don't require any
interpretation or added lines; pretty much anyone can recognize the
real-world items the clouds depict, and anyone familiar with
meteorology can even tell specific varieties (e.g. "that's clearly an
altostratus!"). His claims of mind-reading were convoluted, and that's
where I showed my "7 times" power, getting far better results than he
did in a sort of cold reading situation.
Yep, it's all coming back to me, |-| E R C, and all. And
IIRC his last name was Cooper.
That's right. I'd seen some actual news accounts of some of his
exploits, but they involved stalking, threatening the public health,
and the like, rather than cloud formation or mind reading. He had some
translation of his name "Graham Cooper" into something about computers,
using a primitive sound-like approach. I forget why he wanted to be a
computer though. As "Adam", he claimed to be the start of a new,
better race of humanity, along with some poor woman he named "Eve", and
whose actual name he contorted into something about "wet pussy". She
had a protection order against him, which he got into a bit of trouble
for violating. He also drew a picture of her in the bath, and put that
on his website. I cringe at the thought of how it must have been for
her, getting his attention.
It has the makings of a bad movie; think "Fatal Attraction"
(or for a better one, "Fatal Instinct", a spoof with Armand
Assante; definitely worth watching).
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
So effectively, almost 100% of the posts in the
past few years were off-topic. Just not quite this far
off-topic, especially if one considers "supernatural" fully
synonymous with "paranormal", which some do. I don't, even
though the OED lists supernatural as one of many synonyms
for paranormal; I consider paranormal to be about human
psychic claims while deities are included in the
supernatural. YM, of course, MV.
It does, but that's OK. As pedantic as I like to be at times, fighting
the tides of hoi poloi pollution of the language, in this case I'll
accept the OED. I remain a skeptic of claims of all sorts of natures,
when those claims don't seem well supported by empirical data. For any
of that, sci.skeptic remains as good a place as any to argue the claims.
I agree, but only to the extent that the claims are subject
to test and subsequent verification or disproof. Claims of
individual paranormal abilities qualify. Religious claims
don't, which is why science addresses the first but not the
second. And s.s was designed as a scientific newsgroup.
Good point. While we can discuss religious claims at great length, the
fact remains that the "evidence" provided to support them is limited to
the anecdotal, popular, and circular varieties. I remain open minded,
to both religious claims and other forms of magic, in the hope that
*someone* can at least make an honest attempt to provide empirical
evidence to support his claims. It's that tendency to optimism in the
face of repeated disappointment that makes me ideal as a software
developer.
It's a good tendency for anyone who does any sort of
development, software *or* hardware. I did both, so I know
where you're coming from. ;-)
I'm not a real hardware developer, but I do have a breadboard and a
bunch of chips, mostly quad NAND, that I used to play with a bit.
I was an EE until I retired, and I was involved in both
designing hardware to test radar systems and writing the
software (Fortran 77 on an HP1000 system; we were just
starting to transition to C++ on desktop systems when I
retired in '06) to run it.
I've done nearly as much Fortran (also mostly 77, though some 66) as I
have C++. I'm primarily a C programmer, with a bit of Java and other
things thrown in. In college, one of my favorite classes was hardware,
in which we spent a lot of time designing circuits with gates, and then
translating them into all NAND. Oddly, I never pursued that
professionally.
The reverse for me; I only got into programming as it
related to my engineering work.
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Back on topic, I haven't bothered to do any sort of fact-checking on the
claim about those area codes. I could really care less whether it's all
true. Not a lot less, not even enough to justify the work of a quick
search, but less.
I haven't verified all of the specific area codes, but I
know by experience that at least some of them are correct,
as is the ability of the subscriber to restrict access.
I knew some of them to be correct, but didn't know about the restricted
access at all, so you're ahead of me there.
So now here we are, reduced to discussions of topicality. I *almost*
want to make some claims of personal magical powers, just to get
something started. I guess I'll go search some videos on Nostradammit,
or something like that. Or maybe look for some prepper stuff; that's
usually amusing for a while.
Sounds like a plan...
I watched a bit, but got tired of it quickly. The loon factor in
Nostra fans is wearing. As for my own "powers", I'll say here that I
have the ability to predict the future, with great specificity and
precision. This includes objectively measurable events such as
throwing dice and picking stocks. For example, I can predict
tomorrow's closing price of a GE stock to the penny, and can predict
the outcomes of the next four times you throw a fair six-sided die. In
a similar vein, I can speak to the dead, though Shakespeare fans will
get the caveat to these abilities.
Anyone can speak to the dead; the problem is to get an
answer.
LOL, that's the bit. As for the other, anyone can predict the future,
to any desired degree of precision; the problem is accuracy. Oddly, a
lot of people seem to mix up precision and accuracy.
The way I've found best to describe the difference is to
note that one can multiply two WAGs on a pocket calculator
to get a result to 13 significant figures: Incredibly
precise; near zero accuracy.
Post by BruceS
Post by Bob Casanova
Post by BruceS
Now, if only this group had enough of an audience for any of that to
start something.
Keep trying; |-| E R C made a successful career of it. ;-)
AIUI, he's spent his life mostly either in institutions, on the dole,
or being dependent on family. For a while he was living in what looked
like a garden shed, somewhere in the boonies near a small Australian
town. I think I'll pass.
Me, too.

And I think we've beaten an off-topic spinoff of an on-topic
loon nearly to death... ;-)
--
Bob C.

"The most exciting phrase to hear in science,
the one that heralds new discoveries, is not
'Eureka!' but 'That's funny...'"

- Isaac Asimov
BruceS
2016-07-01 22:42:02 UTC
Permalink
Raw Message
Post by Bob Casanova
On Wed, 29 Jun 2016 15:24:50 -0600, the following appeared
<snip>
Post by Bob Casanova
Post by BruceS
I've done nearly as much Fortran (also mostly 77, though some 66) as I
have C++. I'm primarily a C programmer, with a bit of Java and other
things thrown in. In college, one of my favorite classes was hardware,
in which we spent a lot of time designing circuits with gates, and then
translating them into all NAND. Oddly, I never pursued that
professionally.
The reverse for me; I only got into programming as it
related to my engineering work.
FWIW, a couple of the best programmers I worked with at my first job
were engineers (one nuke, one aero) with no formal training in software.
The aero engineer had a program (Fortran) that did something involving
compressible fluid dynamics that calculated thingA from thingB, and he
needed to reverse it so it calculated thingB from thingA. He found the
source, figured out how it did what it did, made the version he needed,
and went on from there. Very bright guy, and one of the most decent
people I've worked with. I kept in touch with him over the years, on
and off. Then one day his name came up in conversation with another
person from that job, who told me he thought the aero engineer had died.
I checked, and found it was true, and had happened ten years earlier.

<snip>
Post by Bob Casanova
Post by BruceS
LOL, that's the bit. As for the other, anyone can predict the future,
to any desired degree of precision; the problem is accuracy. Oddly, a
lot of people seem to mix up precision and accuracy.
The way I've found best to describe the difference is to
note that one can multiply two WAGs on a pocket calculator
to get a result to 13 significant figures: Incredibly
precise; near zero accuracy.
But...but...if you make enough WAGs, surely the errors cancel each other
out! Recently, I was reading test results in a motorcycle magazine.
One of the things they test is stopping distance from a set speed,
something like 60mph IIRC. I don't know why, but they presented the
result to the hundredth of a foot. I'm a little skeptical.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Now, if only this group had enough of an audience for any of that to
start something.
Keep trying; |-| E R C made a successful career of it. ;-)
AIUI, he's spent his life mostly either in institutions, on the dole,
or being dependent on family. For a while he was living in what looked
like a garden shed, somewhere in the boonies near a small Australian
town. I think I'll pass.
Me, too.
And I think we've beaten an off-topic spinoff of an on-topic
loon nearly to death... ;-)
That's better than beating said loon to death.
Bob Casanova
2016-07-02 17:28:39 UTC
Permalink
Raw Message
On Fri, 01 Jul 2016 16:42:02 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Wed, 29 Jun 2016 15:24:50 -0600, the following appeared
<snip>
Post by Bob Casanova
Post by BruceS
I've done nearly as much Fortran (also mostly 77, though some 66) as I
have C++. I'm primarily a C programmer, with a bit of Java and other
things thrown in. In college, one of my favorite classes was hardware,
in which we spent a lot of time designing circuits with gates, and then
translating them into all NAND. Oddly, I never pursued that
professionally.
The reverse for me; I only got into programming as it
related to my engineering work.
FWIW, a couple of the best programmers I worked with at my first job
were engineers (one nuke, one aero) with no formal training in software.
The aero engineer had a program (Fortran) that did something involving
compressible fluid dynamics that calculated thingA from thingB, and he
needed to reverse it so it calculated thingB from thingA. He found the
source, figured out how it did what it did, made the version he needed,
and went on from there. Very bright guy, and one of the most decent
people I've worked with. I kept in touch with him over the years, on
and off. Then one day his name came up in conversation with another
person from that job, who told me he thought the aero engineer had died.
I checked, and found it was true, and had happened ten years earlier.
It's amazing how time gets away from us, especially as we
get older and move around. I have no idea what's happened to
any of the people I grew up with, and only a very few of
those from my first jobs.
Post by BruceS
<snip>
Post by Bob Casanova
Post by BruceS
LOL, that's the bit. As for the other, anyone can predict the future,
to any desired degree of precision; the problem is accuracy. Oddly, a
lot of people seem to mix up precision and accuracy.
The way I've found best to describe the difference is to
note that one can multiply two WAGs on a pocket calculator
to get a result to 13 significant figures: Incredibly
precise; near zero accuracy.
But...but...if you make enough WAGs, surely the errors cancel each other
out!
Uh-huh...

That does sometimes seem to be the attitude.
Post by BruceS
Recently, I was reading test results in a motorcycle magazine.
One of the things they test is stopping distance from a set speed,
something like 60mph IIRC. I don't know why, but they presented the
result to the hundredth of a foot. I'm a little skeptical.
Yeah, me too. Especially since if the rider doing the test
had an extra burrito it would change the numbers. ;-)
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Now, if only this group had enough of an audience for any of that to
start something.
Keep trying; |-| E R C made a successful career of it. ;-)
AIUI, he's spent his life mostly either in institutions, on the dole,
or being dependent on family. For a while he was living in what looked
like a garden shed, somewhere in the boonies near a small Australian
town. I think I'll pass.
Me, too.
And I think we've beaten an off-topic spinoff of an on-topic
loon nearly to death... ;-)
That's better than beating said loon to death.
That one, yes. Some others, maybe not so much.
--
Bob C.

"The most exciting phrase to hear in science,
the one that heralds new discoveries, is not
'Eureka!' but 'That's funny...'"

- Isaac Asimov
BruceS
2016-07-03 16:20:40 UTC
Permalink
Raw Message
Post by Bob Casanova
On Fri, 01 Jul 2016 16:42:02 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Wed, 29 Jun 2016 15:24:50 -0600, the following appeared
<snip>
Post by Bob Casanova
Post by BruceS
I've done nearly as much Fortran (also mostly 77, though some 66) as I
have C++. I'm primarily a C programmer, with a bit of Java and other
things thrown in. In college, one of my favorite classes was hardware,
in which we spent a lot of time designing circuits with gates, and then
translating them into all NAND. Oddly, I never pursued that
professionally.
The reverse for me; I only got into programming as it
related to my engineering work.
FWIW, a couple of the best programmers I worked with at my first job
were engineers (one nuke, one aero) with no formal training in software.
The aero engineer had a program (Fortran) that did something involving
compressible fluid dynamics that calculated thingA from thingB, and he
needed to reverse it so it calculated thingB from thingA. He found the
source, figured out how it did what it did, made the version he needed,
and went on from there. Very bright guy, and one of the most decent
people I've worked with. I kept in touch with him over the years, on
and off. Then one day his name came up in conversation with another
person from that job, who told me he thought the aero engineer had died.
I checked, and found it was true, and had happened ten years earlier.
It's amazing how time gets away from us, especially as we
get older and move around. I have no idea what's happened to
any of the people I grew up with, and only a very few of
those from my first jobs.
Post by BruceS
<snip>
Post by Bob Casanova
Post by BruceS
LOL, that's the bit. As for the other, anyone can predict the future,
to any desired degree of precision; the problem is accuracy. Oddly, a
lot of people seem to mix up precision and accuracy.
The way I've found best to describe the difference is to
note that one can multiply two WAGs on a pocket calculator
to get a result to 13 significant figures: Incredibly
precise; near zero accuracy.
But...but...if you make enough WAGs, surely the errors cancel each other
out!
Uh-huh...
That does sometimes seem to be the attitude.
Post by BruceS
Recently, I was reading test results in a motorcycle magazine.
One of the things they test is stopping distance from a set speed,
something like 60mph IIRC. I don't know why, but they presented the
result to the hundredth of a foot. I'm a little skeptical.
Yeah, me too. Especially since if the rider doing the test
had an extra burrito it would change the numbers. ;-)
LOL, that would do it. That also reminds me of a situation at a
previous job. Our marketing types had promised the customer that we
could map the locations of their utilities (gas & electric
distribution) exactly. Unfortunately, even some of the more technical
sorts were under the impression that this was possible, by using
floating point coordinates. I had a very hard time explaining to them
that an infinitely divisible number line is only *approximated* by
floating point numbers. It even gets worse, as floating point gives a
lot more numbers near zero than further out, so as the coordinates get
farther from the origin, they get more approximate. Fortunately, the
system we used had integer, not floating point coordinates, so while
they're approximations, you get the same accuracy across the range.
After a lot of complaining and cajoling, we agreed with the customer to
a grid of positions something like 1/10,000th of an inch per unit. I
tried pointing out that even with buried utilities, assuming the
measurement was anywhere near that good to start with, a vehicle
driving by would invalidate it. Overhead would be hopeless for even
more reasons. To a more reasonable person, a grid of 1" units would be
far more sensible for that use.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Now, if only this group had enough of an audience for any of that to
start something.
Keep trying; |-| E R C made a successful career of it. ;-)
AIUI, he's spent his life mostly either in institutions, on the dole,
or being dependent on family. For a while he was living in what looked
like a garden shed, somewhere in the boonies near a small Australian
town. I think I'll pass.
Me, too.
And I think we've beaten an off-topic spinoff of an on-topic
loon nearly to death... ;-)
That's better than beating said loon to death.
That one, yes. Some others, maybe not so much.
I wouldn't want to in any way advocate violence, but there certainly
are some who seem to beg for it.
Bob Casanova
2016-07-03 17:54:37 UTC
Permalink
Raw Message
On Sun, 03 Jul 2016 10:20:40 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Fri, 01 Jul 2016 16:42:02 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Wed, 29 Jun 2016 15:24:50 -0600, the following appeared
<snip>
Post by Bob Casanova
Post by BruceS
I've done nearly as much Fortran (also mostly 77, though some 66) as I
have C++. I'm primarily a C programmer, with a bit of Java and other
things thrown in. In college, one of my favorite classes was hardware,
in which we spent a lot of time designing circuits with gates, and then
translating them into all NAND. Oddly, I never pursued that
professionally.
The reverse for me; I only got into programming as it
related to my engineering work.
FWIW, a couple of the best programmers I worked with at my first job
were engineers (one nuke, one aero) with no formal training in software.
The aero engineer had a program (Fortran) that did something involving
compressible fluid dynamics that calculated thingA from thingB, and he
needed to reverse it so it calculated thingB from thingA. He found the
source, figured out how it did what it did, made the version he needed,
and went on from there. Very bright guy, and one of the most decent
people I've worked with. I kept in touch with him over the years, on
and off. Then one day his name came up in conversation with another
person from that job, who told me he thought the aero engineer had died.
I checked, and found it was true, and had happened ten years earlier.
It's amazing how time gets away from us, especially as we
get older and move around. I have no idea what's happened to
any of the people I grew up with, and only a very few of
those from my first jobs.
Post by BruceS
<snip>
Post by Bob Casanova
Post by BruceS
LOL, that's the bit. As for the other, anyone can predict the future,
to any desired degree of precision; the problem is accuracy. Oddly, a
lot of people seem to mix up precision and accuracy.
The way I've found best to describe the difference is to
note that one can multiply two WAGs on a pocket calculator
to get a result to 13 significant figures: Incredibly
precise; near zero accuracy.
But...but...if you make enough WAGs, surely the errors cancel each other
out!
Uh-huh...
That does sometimes seem to be the attitude.
Post by BruceS
Recently, I was reading test results in a motorcycle magazine.
One of the things they test is stopping distance from a set speed,
something like 60mph IIRC. I don't know why, but they presented the
result to the hundredth of a foot. I'm a little skeptical.
Yeah, me too. Especially since if the rider doing the test
had an extra burrito it would change the numbers. ;-)
LOL, that would do it. That also reminds me of a situation at a
previous job. Our marketing types had promised the customer that we
could map the locations of their utilities (gas & electric
distribution) exactly. Unfortunately, even some of the more technical
sorts were under the impression that this was possible, by using
floating point coordinates. I had a very hard time explaining to them
that an infinitely divisible number line is only *approximated* by
floating point numbers. It even gets worse, as floating point gives a
lot more numbers near zero than further out, so as the coordinates get
farther from the origin, they get more approximate. Fortunately, the
system we used had integer, not floating point coordinates, so while
they're approximations, you get the same accuracy across the range.
After a lot of complaining and cajoling, we agreed with the customer to
a grid of positions something like 1/10,000th of an inch per unit. I
tried pointing out that even with buried utilities, assuming the
measurement was anywhere near that good to start with, a vehicle
driving by would invalidate it. Overhead would be hopeless for even
more reasons. To a more reasonable person, a grid of 1" units would be
far more sensible for that use.
Agreed. Marketing types, like too many program managers (in
my experience), are essentially math-illiterate. My favorite
marketing/management meme was "cost as an independent
variable". Think about it, and what it would lead to.
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Now, if only this group had enough of an audience for any of that to
start something.
Keep trying; |-| E R C made a successful career of it. ;-)
AIUI, he's spent his life mostly either in institutions, on the dole,
or being dependent on family. For a while he was living in what looked
like a garden shed, somewhere in the boonies near a small Australian
town. I think I'll pass.
Me, too.
And I think we've beaten an off-topic spinoff of an on-topic
loon nearly to death... ;-)
That's better than beating said loon to death.
That one, yes. Some others, maybe not so much.
I wouldn't want to in any way advocate violence, but there certainly
are some who seem to beg for it.
Yep.
--
Bob C.

"The most exciting phrase to hear in science,
the one that heralds new discoveries, is not
'Eureka!' but 'That's funny...'"

- Isaac Asimov
BruceS
2016-07-05 16:07:07 UTC
Permalink
Raw Message
Post by Bob Casanova
On Sun, 03 Jul 2016 10:20:40 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Fri, 01 Jul 2016 16:42:02 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Wed, 29 Jun 2016 15:24:50 -0600, the following appeared
<snip>
Post by Bob Casanova
Post by BruceS
I've done nearly as much Fortran (also mostly 77, though some 66) as I
have C++. I'm primarily a C programmer, with a bit of Java and other
things thrown in. In college, one of my favorite classes was hardware,
in which we spent a lot of time designing circuits with gates, and then
translating them into all NAND. Oddly, I never pursued that
professionally.
The reverse for me; I only got into programming as it
related to my engineering work.
FWIW, a couple of the best programmers I worked with at my first job
were engineers (one nuke, one aero) with no formal training in software.
The aero engineer had a program (Fortran) that did something involving
compressible fluid dynamics that calculated thingA from thingB, and he
needed to reverse it so it calculated thingB from thingA. He found the
source, figured out how it did what it did, made the version he needed,
and went on from there. Very bright guy, and one of the most decent
people I've worked with. I kept in touch with him over the years, on
and off. Then one day his name came up in conversation with another
person from that job, who told me he thought the aero engineer had died.
I checked, and found it was true, and had happened ten years earlier.
It's amazing how time gets away from us, especially as we
get older and move around. I have no idea what's happened to
any of the people I grew up with, and only a very few of
those from my first jobs.
Post by BruceS
<snip>
Post by Bob Casanova
Post by BruceS
LOL, that's the bit. As for the other, anyone can predict the future,
to any desired degree of precision; the problem is accuracy. Oddly, a
lot of people seem to mix up precision and accuracy.
The way I've found best to describe the difference is to
note that one can multiply two WAGs on a pocket calculator
to get a result to 13 significant figures: Incredibly
precise; near zero accuracy.
But...but...if you make enough WAGs, surely the errors cancel each other
out!
Uh-huh...
That does sometimes seem to be the attitude.
Post by BruceS
Recently, I was reading test results in a motorcycle magazine.
One of the things they test is stopping distance from a set speed,
something like 60mph IIRC. I don't know why, but they presented the
result to the hundredth of a foot. I'm a little skeptical.
Yeah, me too. Especially since if the rider doing the test
had an extra burrito it would change the numbers. ;-)
LOL, that would do it. That also reminds me of a situation at a
previous job. Our marketing types had promised the customer that we
could map the locations of their utilities (gas & electric
distribution) exactly. Unfortunately, even some of the more technical
sorts were under the impression that this was possible, by using
floating point coordinates. I had a very hard time explaining to them
that an infinitely divisible number line is only *approximated* by
floating point numbers. It even gets worse, as floating point gives a
lot more numbers near zero than further out, so as the coordinates get
farther from the origin, they get more approximate. Fortunately, the
system we used had integer, not floating point coordinates, so while
they're approximations, you get the same accuracy across the range.
After a lot of complaining and cajoling, we agreed with the customer to
a grid of positions something like 1/10,000th of an inch per unit. I
tried pointing out that even with buried utilities, assuming the
measurement was anywhere near that good to start with, a vehicle
driving by would invalidate it. Overhead would be hopeless for even
more reasons. To a more reasonable person, a grid of 1" units would be
far more sensible for that use.
Agreed. Marketing types, like too many program managers (in
my experience), are essentially math-illiterate. My favorite
marketing/management meme was "cost as an independent
variable". Think about it, and what it would lead to.
If only that shortcoming were restricted to the non-programmers. The
"exact because floating point" argument was supported by several
programmers. They just didn't get that a finite number of bits could
not represent an infinite number of possibilities. I decided to skip
the part where a 64-bit integer actually represents a larger number of
distinct numbers than does a 64-bit floating point. I also once had a
programmer-turned-manager try to correct me on what I thought was pretty
simple math. Her group had defined identifiers to be used by the
next-level-down programmers as case-insensitive, up to six characters,
with the first character being alpha and the rest alphanumeric. I did
some quick calculations and said that would get them about a million and
a half unique six-character identifiers, plus the shorter ones. She
came to my office later and told me the actual number was in the single
thousands. She'd done something like 36x5x26. After trying to explain
the fundamentals, I finally resorted to showing her on a whiteboard how
it worked with a much smaller set of choices and number of digits. This
was the same person who (before being promoted to management) designed a
reversible "encryption" method for use by our software to store
passwords in clear-text files. I tested it with two people, letting
each give me three passwords to "encrypt" and telling them the results.
Both broke the code immediately. It was something like adding two to
the odd characters and subtracting four from the even, with wrapping to
keep the results ASCII. I pitied our clients. Throughout my career
I've had similar situations, where people with STEM backgrounds didn't
understand pretty simple math.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Now, if only this group had enough of an audience for any of that to
start something.
Keep trying; |-| E R C made a successful career of it. ;-)
AIUI, he's spent his life mostly either in institutions, on the dole,
or being dependent on family. For a while he was living in what looked
like a garden shed, somewhere in the boonies near a small Australian
town. I think I'll pass.
Me, too.
And I think we've beaten an off-topic spinoff of an on-topic
loon nearly to death... ;-)
That's better than beating said loon to death.
That one, yes. Some others, maybe not so much.
I wouldn't want to in any way advocate violence, but there certainly
are some who seem to beg for it.
Yep.
Bob Casanova
2016-07-05 17:19:50 UTC
Permalink
Raw Message
On Tue, 05 Jul 2016 10:07:07 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Sun, 03 Jul 2016 10:20:40 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Fri, 01 Jul 2016 16:42:02 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Wed, 29 Jun 2016 15:24:50 -0600, the following appeared
<snip>
Post by Bob Casanova
Post by BruceS
I've done nearly as much Fortran (also mostly 77, though some 66) as I
have C++. I'm primarily a C programmer, with a bit of Java and other
things thrown in. In college, one of my favorite classes was hardware,
in which we spent a lot of time designing circuits with gates, and then
translating them into all NAND. Oddly, I never pursued that
professionally.
The reverse for me; I only got into programming as it
related to my engineering work.
FWIW, a couple of the best programmers I worked with at my first job
were engineers (one nuke, one aero) with no formal training in software.
The aero engineer had a program (Fortran) that did something involving
compressible fluid dynamics that calculated thingA from thingB, and he
needed to reverse it so it calculated thingB from thingA. He found the
source, figured out how it did what it did, made the version he needed,
and went on from there. Very bright guy, and one of the most decent
people I've worked with. I kept in touch with him over the years, on
and off. Then one day his name came up in conversation with another
person from that job, who told me he thought the aero engineer had died.
I checked, and found it was true, and had happened ten years earlier.
It's amazing how time gets away from us, especially as we
get older and move around. I have no idea what's happened to
any of the people I grew up with, and only a very few of
those from my first jobs.
Post by BruceS
<snip>
Post by Bob Casanova
Post by BruceS
LOL, that's the bit. As for the other, anyone can predict the future,
to any desired degree of precision; the problem is accuracy. Oddly, a
lot of people seem to mix up precision and accuracy.
The way I've found best to describe the difference is to
note that one can multiply two WAGs on a pocket calculator
to get a result to 13 significant figures: Incredibly
precise; near zero accuracy.
But...but...if you make enough WAGs, surely the errors cancel each other
out!
Uh-huh...
That does sometimes seem to be the attitude.
Post by BruceS
Recently, I was reading test results in a motorcycle magazine.
One of the things they test is stopping distance from a set speed,
something like 60mph IIRC. I don't know why, but they presented the
result to the hundredth of a foot. I'm a little skeptical.
Yeah, me too. Especially since if the rider doing the test
had an extra burrito it would change the numbers. ;-)
LOL, that would do it. That also reminds me of a situation at a
previous job. Our marketing types had promised the customer that we
could map the locations of their utilities (gas & electric
distribution) exactly. Unfortunately, even some of the more technical
sorts were under the impression that this was possible, by using
floating point coordinates. I had a very hard time explaining to them
that an infinitely divisible number line is only *approximated* by
floating point numbers. It even gets worse, as floating point gives a
lot more numbers near zero than further out, so as the coordinates get
farther from the origin, they get more approximate. Fortunately, the
system we used had integer, not floating point coordinates, so while
they're approximations, you get the same accuracy across the range.
After a lot of complaining and cajoling, we agreed with the customer to
a grid of positions something like 1/10,000th of an inch per unit. I
tried pointing out that even with buried utilities, assuming the
measurement was anywhere near that good to start with, a vehicle
driving by would invalidate it. Overhead would be hopeless for even
more reasons. To a more reasonable person, a grid of 1" units would be
far more sensible for that use.
Agreed. Marketing types, like too many program managers (in
my experience), are essentially math-illiterate. My favorite
marketing/management meme was "cost as an independent
variable". Think about it, and what it would lead to.
If only that shortcoming were restricted to the non-programmers. The
"exact because floating point" argument was supported by several
programmers. They just didn't get that a finite number of bits could
not represent an infinite number of possibilities. I decided to skip
the part where a 64-bit integer actually represents a larger number of
distinct numbers than does a 64-bit floating point. I also once had a
programmer-turned-manager try to correct me on what I thought was pretty
simple math. Her group had defined identifiers to be used by the
next-level-down programmers as case-insensitive, up to six characters,
with the first character being alpha and the rest alphanumeric. I did
some quick calculations and said that would get them about a million and
a half unique six-character identifiers, plus the shorter ones. She
came to my office later and told me the actual number was in the single
thousands. She'd done something like 36x5x26.
Oy...

She never took a stats course, huh? Or did any work with
truth tables? Even so, a bit of thought should have gotten
her close to the right answer; it's not rocket science.
Post by BruceS
After trying to explain
the fundamentals, I finally resorted to showing her on a whiteboard how
it worked with a much smaller set of choices and number of digits. This
was the same person who (before being promoted to management) designed a
reversible "encryption" method for use by our software to store
passwords in clear-text files. I tested it with two people, letting
each give me three passwords to "encrypt" and telling them the results.
Both broke the code immediately. It was something like adding two to
the odd characters and subtracting four from the even, with wrapping to
keep the results ASCII. I pitied our clients.
Same here. Did that actually get put into practice, or was
it shot down in design eval, as it should have been?
Post by BruceS
Throughout my career
I've had similar situations, where people with STEM backgrounds didn't
understand pretty simple math.
I suspect the blame for most of that can be laid on the "ed
biz", where it's become more important to coddle their
psyches than to actually teach the material.
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Now, if only this group had enough of an audience for any of that to
start something.
Keep trying; |-| E R C made a successful career of it. ;-)
AIUI, he's spent his life mostly either in institutions, on the dole,
or being dependent on family. For a while he was living in what looked
like a garden shed, somewhere in the boonies near a small Australian
town. I think I'll pass.
Me, too.
And I think we've beaten an off-topic spinoff of an on-topic
loon nearly to death... ;-)
That's better than beating said loon to death.
That one, yes. Some others, maybe not so much.
I wouldn't want to in any way advocate violence, but there certainly
are some who seem to beg for it.
Yep.
--
Bob C.

"The most exciting phrase to hear in science,
the one that heralds new discoveries, is not
'Eureka!' but 'That's funny...'"

- Isaac Asimov
BruceS
2016-07-05 21:08:08 UTC
Permalink
Raw Message
Post by Bob Casanova
On Tue, 05 Jul 2016 10:07:07 -0600, the following appeared
<snip>
Post by Bob Casanova
Post by BruceS
If only that shortcoming were restricted to the non-programmers. The
"exact because floating point" argument was supported by several
programmers. They just didn't get that a finite number of bits could
not represent an infinite number of possibilities. I decided to skip
the part where a 64-bit integer actually represents a larger number of
distinct numbers than does a 64-bit floating point. I also once had a
programmer-turned-manager try to correct me on what I thought was pretty
simple math. Her group had defined identifiers to be used by the
next-level-down programmers as case-insensitive, up to six characters,
with the first character being alpha and the rest alphanumeric. I did
some quick calculations and said that would get them about a million and
a half unique six-character identifiers, plus the shorter ones. She
came to my office later and told me the actual number was in the single
thousands. She'd done something like 36x5x26.
Oy...
She never took a stats course, huh? Or did any work with
truth tables? Even so, a bit of thought should have gotten
her close to the right answer; it's not rocket science.
I started laughing, then realized *I* never took a stats class! My
degree says "Computer Science and Statistics" (minor in math), but I
went out of my way to avoid stats. With 73% of statistics made up on
the spot, the whole field is mostly just lying with numbers. But I
agree, the above is not rocket science. Or diffy q. She was a great
example of the Dilbert Principal.
Post by Bob Casanova
Post by BruceS
After trying to explain
the fundamentals, I finally resorted to showing her on a whiteboard how
it worked with a much smaller set of choices and number of digits. This
was the same person who (before being promoted to management) designed a
reversible "encryption" method for use by our software to store
passwords in clear-text files. I tested it with two people, letting
each give me three passwords to "encrypt" and telling them the results.
Both broke the code immediately. It was something like adding two to
the odd characters and subtracting four from the even, with wrapping to
keep the results ASCII. I pitied our clients.
Same here. Did that actually get put into practice, or was
it shot down in design eval, as it should have been?
It was in practice, storing customers' logins and passwords in a clear
text config file. I wanted to get rid of that file entirely and store
things in a protected binary file, but got shot down. I was able to
use a different approach for the new logins/passwords my part of the
system needed. It still went to the same config file, but the
encrypted passwords were very long, with length not dependent on input
length (or even consistent run to run), and bore no resemblance to the
input. I still felt it was pretty risky, but that was the best I could
do. At this same job, I found a number of unintended exploits our
stuff would install, and notified the involved departments each time.
I'm not sure my help was appreciated. One form they had in multiple
places was a writable file with the setuid bit set (this is Unix),
owned by root. Seeing those just made me laugh.
Post by Bob Casanova
Post by BruceS
Throughout my career
I've had similar situations, where people with STEM backgrounds didn't
understand pretty simple math.
I suspect the blame for most of that can be laid on the "ed
biz", where it's become more important to coddle their
psyches than to actually teach the material.
At least when I was in school, they didn't have all the safe places and
related crap. Some of it had to just be low standards, letting people
get STEM degrees without demonstrating basic capabilities. There were
some I went to school with who fit that pattern as well. I wondered
why they didn't switch to something they could better handle, like
liberal arts.
Bob Casanova
2016-07-06 18:27:59 UTC
Permalink
Raw Message
On Tue, 05 Jul 2016 15:08:08 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 10:07:07 -0600, the following appeared
<snip>
Post by Bob Casanova
Post by BruceS
If only that shortcoming were restricted to the non-programmers. The
"exact because floating point" argument was supported by several
programmers. They just didn't get that a finite number of bits could
not represent an infinite number of possibilities. I decided to skip
the part where a 64-bit integer actually represents a larger number of
distinct numbers than does a 64-bit floating point. I also once had a
programmer-turned-manager try to correct me on what I thought was pretty
simple math. Her group had defined identifiers to be used by the
next-level-down programmers as case-insensitive, up to six characters,
with the first character being alpha and the rest alphanumeric. I did
some quick calculations and said that would get them about a million and
a half unique six-character identifiers, plus the shorter ones. She
came to my office later and told me the actual number was in the single
thousands. She'd done something like 36x5x26.
Oy...
She never took a stats course, huh? Or did any work with
truth tables? Even so, a bit of thought should have gotten
her close to the right answer; it's not rocket science.
I started laughing, then realized *I* never took a stats class! My
degree says "Computer Science and Statistics" (minor in math), but I
went out of my way to avoid stats. With 73% of statistics made up on
the spot, the whole field is mostly just lying with numbers.
It can be, but only if the one doing the lying misuses the
data (usually by cherry-picking, but there are other ways).
Properly used, stats can reveal quite a bit from "messy"
data. And if you understand how stats works when properly
done you can usually see when the misuse is happening.
Post by BruceS
But I
agree, the above is not rocket science. Or diffy q. She was a great
example of the Dilbert Principal.
...or maybe the Peter Principle...

https://en.wikipedia.org/wiki/Peter_principle

...which I've found to be endemic in most organizations.

Or maybe a combination, since they're related.
Post by BruceS
Post by Bob Casanova
Post by BruceS
After trying to explain
the fundamentals, I finally resorted to showing her on a whiteboard how
it worked with a much smaller set of choices and number of digits. This
was the same person who (before being promoted to management) designed a
reversible "encryption" method for use by our software to store
passwords in clear-text files. I tested it with two people, letting
each give me three passwords to "encrypt" and telling them the results.
Both broke the code immediately. It was something like adding two to
the odd characters and subtracting four from the even, with wrapping to
keep the results ASCII. I pitied our clients.
Same here. Did that actually get put into practice, or was
it shot down in design eval, as it should have been?
It was in practice, storing customers' logins and passwords in a clear
text config file. I wanted to get rid of that file entirely and store
things in a protected binary file, but got shot down. I was able to
use a different approach for the new logins/passwords my part of the
system needed. It still went to the same config file, but the
encrypted passwords were very long, with length not dependent on input
length (or even consistent run to run), and bore no resemblance to the
input. I still felt it was pretty risky, but that was the best I could
do. At this same job, I found a number of unintended exploits our
stuff would install, and notified the involved departments each time.
I'm not sure my help was appreciated. One form they had in multiple
places was a writable file with the setuid bit set (this is Unix),
owned by root. Seeing those just made me laugh.
Sounds like you did the best you could. I never worked with
Unix, although I did set up a couple of Linux systems to
play with before deciding that I didn't need a second career
as a sysadmin at home. ;-)
Post by BruceS
Post by Bob Casanova
Post by BruceS
Throughout my career
I've had similar situations, where people with STEM backgrounds didn't
understand pretty simple math.
I suspect the blame for most of that can be laid on the "ed
biz", where it's become more important to coddle their
psyches than to actually teach the material.
At least when I was in school, they didn't have all the safe places and
related crap.
...or the sense of entitlement that fosters those beliefs.
Post by BruceS
Some of it had to just be low standards, letting people
get STEM degrees without demonstrating basic capabilities. There were
some I went to school with who fit that pattern as well. I wondered
why they didn't switch to something they could better handle, like
liberal arts.
Maybe they couldn't handle that either. I think the greatest
disservice modern society has done is to insist that college
is for everyone; it's not.
--
Bob C.

"The most exciting phrase to hear in science,
the one that heralds new discoveries, is not
'Eureka!' but 'That's funny...'"

- Isaac Asimov
BruceS
2016-07-06 19:29:21 UTC
Permalink
Raw Message
Post by Bob Casanova
On Tue, 05 Jul 2016 15:08:08 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 10:07:07 -0600, the following appeared
<snip>
Post by Bob Casanova
Post by BruceS
If only that shortcoming were restricted to the non-programmers. The
"exact because floating point" argument was supported by several
programmers. They just didn't get that a finite number of bits could
not represent an infinite number of possibilities. I decided to skip
the part where a 64-bit integer actually represents a larger number of
distinct numbers than does a 64-bit floating point. I also once had a
programmer-turned-manager try to correct me on what I thought was pretty
simple math. Her group had defined identifiers to be used by the
next-level-down programmers as case-insensitive, up to six characters,
with the first character being alpha and the rest alphanumeric. I did
some quick calculations and said that would get them about a million and
a half unique six-character identifiers, plus the shorter ones. She
came to my office later and told me the actual number was in the single
thousands. She'd done something like 36x5x26.
Oy...
She never took a stats course, huh? Or did any work with
truth tables? Even so, a bit of thought should have gotten
her close to the right answer; it's not rocket science.
I started laughing, then realized *I* never took a stats class! My
degree says "Computer Science and Statistics" (minor in math), but I
went out of my way to avoid stats. With 73% of statistics made up on
the spot, the whole field is mostly just lying with numbers.
It can be, but only if the one doing the lying misuses the
data (usually by cherry-picking, but there are other ways).
Properly used, stats can reveal quite a bit from "messy"
data. And if you understand how stats works when properly
done you can usually see when the misuse is happening.
Post by BruceS
But I
agree, the above is not rocket science. Or diffy q. She was a great
example of the Dilbert Principal.
...or maybe the Peter Principle...
https://en.wikipedia.org/wiki/Peter_principle
Peter just has them being promoted *to* their level of incompetency,
then left there. She was promoted *beyond* her level of incompetency,
presumably to get her out of the production stream. I stand by Dilbert.
Post by Bob Casanova
...which I've found to be endemic in most organizations.
Or maybe a combination, since they're related.
I've seen more of the Dilbert variety in IT. Those who can, program
(or architect); those who can't, manage.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
After trying to explain
the fundamentals, I finally resorted to showing her on a whiteboard how
it worked with a much smaller set of choices and number of digits. This
was the same person who (before being promoted to management) designed a
reversible "encryption" method for use by our software to store
passwords in clear-text files. I tested it with two people, letting
each give me three passwords to "encrypt" and telling them the results.
Both broke the code immediately. It was something like adding two to
the odd characters and subtracting four from the even, with wrapping to
keep the results ASCII. I pitied our clients.
Same here. Did that actually get put into practice, or was
it shot down in design eval, as it should have been?
It was in practice, storing customers' logins and passwords in a clear
text config file. I wanted to get rid of that file entirely and store
things in a protected binary file, but got shot down. I was able to
use a different approach for the new logins/passwords my part of the
system needed. It still went to the same config file, but the
encrypted passwords were very long, with length not dependent on input
length (or even consistent run to run), and bore no resemblance to the
input. I still felt it was pretty risky, but that was the best I could
do. At this same job, I found a number of unintended exploits our
stuff would install, and notified the involved departments each time.
I'm not sure my help was appreciated. One form they had in multiple
places was a writable file with the setuid bit set (this is Unix),
owned by root. Seeing those just made me laugh.
Sounds like you did the best you could. I never worked with
Unix, although I did set up a couple of Linux systems to
play with before deciding that I didn't need a second career
as a sysadmin at home. ;-)
In Unix, there's an attribute of a file (the setuid bit) that, if set,
allows a program represented by the file to change its identity to
that of the file's owner, regardless of the actual user who runs the
program. That's a dangerous, but useful capability. Such a program
should not be writable, especially if it's owned by root. It's been a
while, but I think the C program one can replace such a file with if
it's writable is

int main(void)
{
if ( setuid(0) ) system("sh");
}

Simply overwrite the original file with the compiled version of that,
run it, and you're root, with all the privileges. If you first copy
the original file to a different name, you can even clean up after
yourself (don't forget to clean up the sulog!) and leave little
evidence of what you did. That same company had a file transfer tool
(like ftp) that included a shell capability which ignored the
privileges of the user running it. This meant that if a client gave us
a "restricted" user account, meant only for transferring files within a
limited area of the disk, we could combine those two exploits and be
root in seconds. There was another, somewhat similar exploit involving
inetd, but it would really only make sense if you're familiar with that.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Throughout my career
I've had similar situations, where people with STEM backgrounds didn't
understand pretty simple math.
I suspect the blame for most of that can be laid on the "ed
biz", where it's become more important to coddle their
psyches than to actually teach the material.
At least when I was in school, they didn't have all the safe places and
related crap.
...or the sense of entitlement that fosters those beliefs.
Exactly! We were entitled to what we earned, and not always even that.
I wish I were still entitled to what I've earned over the years. To
those who say Social Security is a good deal, I've offered to have them
give me a one-time payment representing all my "contributions" (both
parts), with no extra to represent the opportunity value, and I'll give
them every payment I get from SS. No takers yet.
Post by Bob Casanova
Post by BruceS
Some of it had to just be low standards, letting people
get STEM degrees without demonstrating basic capabilities. There were
some I went to school with who fit that pattern as well. I wondered
why they didn't switch to something they could better handle, like
liberal arts.
Maybe they couldn't handle that either. I think the greatest
disservice modern society has done is to insist that college
is for everyone; it's not.
I totally agree. For many, a trade school is not only a more practical
choice, but a happier one for everyone involved. For others, not even
trade school is appropriate. That attitude, along with the one that
everyone should own a house, have provided a lot of misery for a lot of
people, and financial cost that the rest of us have to bear.
Bob Casanova
2016-07-07 17:05:20 UTC
Permalink
Raw Message
On Wed, 06 Jul 2016 13:29:21 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 15:08:08 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 10:07:07 -0600, the following appeared
<snip>
Post by Bob Casanova
Post by BruceS
If only that shortcoming were restricted to the non-programmers. The
"exact because floating point" argument was supported by several
programmers. They just didn't get that a finite number of bits could
not represent an infinite number of possibilities. I decided to skip
the part where a 64-bit integer actually represents a larger number of
distinct numbers than does a 64-bit floating point. I also once had a
programmer-turned-manager try to correct me on what I thought was pretty
simple math. Her group had defined identifiers to be used by the
next-level-down programmers as case-insensitive, up to six characters,
with the first character being alpha and the rest alphanumeric. I did
some quick calculations and said that would get them about a million and
a half unique six-character identifiers, plus the shorter ones. She
came to my office later and told me the actual number was in the single
thousands. She'd done something like 36x5x26.
Oy...
She never took a stats course, huh? Or did any work with
truth tables? Even so, a bit of thought should have gotten
her close to the right answer; it's not rocket science.
I started laughing, then realized *I* never took a stats class! My
degree says "Computer Science and Statistics" (minor in math), but I
went out of my way to avoid stats. With 73% of statistics made up on
the spot, the whole field is mostly just lying with numbers.
It can be, but only if the one doing the lying misuses the
data (usually by cherry-picking, but there are other ways).
Properly used, stats can reveal quite a bit from "messy"
data. And if you understand how stats works when properly
done you can usually see when the misuse is happening.
Post by BruceS
But I
agree, the above is not rocket science. Or diffy q. She was a great
example of the Dilbert Principal.
...or maybe the Peter Principle...
https://en.wikipedia.org/wiki/Peter_principle
Peter just has them being promoted *to* their level of incompetency,
then left there. She was promoted *beyond* her level of incompetency,
presumably to get her out of the production stream. I stand by Dilbert.
OK. ;-)
Post by BruceS
Post by Bob Casanova
...which I've found to be endemic in most organizations.
Or maybe a combination, since they're related.
I've seen more of the Dilbert variety in IT. Those who can, program
(or architect); those who can't, manage.
...and those who can do neither, teach (or go into
politics).
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
After trying to explain
the fundamentals, I finally resorted to showing her on a whiteboard how
it worked with a much smaller set of choices and number of digits. This
was the same person who (before being promoted to management) designed a
reversible "encryption" method for use by our software to store
passwords in clear-text files. I tested it with two people, letting
each give me three passwords to "encrypt" and telling them the results.
Both broke the code immediately. It was something like adding two to
the odd characters and subtracting four from the even, with wrapping to
keep the results ASCII. I pitied our clients.
Same here. Did that actually get put into practice, or was
it shot down in design eval, as it should have been?
It was in practice, storing customers' logins and passwords in a clear
text config file. I wanted to get rid of that file entirely and store
things in a protected binary file, but got shot down. I was able to
use a different approach for the new logins/passwords my part of the
system needed. It still went to the same config file, but the
encrypted passwords were very long, with length not dependent on input
length (or even consistent run to run), and bore no resemblance to the
input. I still felt it was pretty risky, but that was the best I could
do. At this same job, I found a number of unintended exploits our
stuff would install, and notified the involved departments each time.
I'm not sure my help was appreciated. One form they had in multiple
places was a writable file with the setuid bit set (this is Unix),
owned by root. Seeing those just made me laugh.
Sounds like you did the best you could. I never worked with
Unix, although I did set up a couple of Linux systems to
play with before deciding that I didn't need a second career
as a sysadmin at home. ;-)
In Unix, there's an attribute of a file (the setuid bit) that, if set,
allows a program represented by the file to change its identity to
that of the file's owner, regardless of the actual user who runs the
program. That's a dangerous, but useful capability. Such a program
should not be writable, especially if it's owned by root. It's been a
while, but I think the C program one can replace such a file with if
it's writable is
int main(void)
{
if ( setuid(0) ) system("sh");
}
Simply overwrite the original file with the compiled version of that,
run it, and you're root, with all the privileges. If you first copy
the original file to a different name, you can even clean up after
yourself (don't forget to clean up the sulog!) and leave little
evidence of what you did. That same company had a file transfer tool
(like ftp) that included a shell capability which ignored the
privileges of the user running it. This meant that if a client gave us
a "restricted" user account, meant only for transferring files within a
limited area of the disk, we could combine those two exploits and be
root in seconds. There was another, somewhat similar exploit involving
inetd, but it would really only make sense if you're familiar with that.
...which I'm not.

And I think your explanation is a good reason why I decided
*not* to implement Linux on my home systems. Not the
specific scenario, but the requirement to be an expert
sysadmin in order to properly manage the system.
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Throughout my career
I've had similar situations, where people with STEM backgrounds didn't
understand pretty simple math.
I suspect the blame for most of that can be laid on the "ed
biz", where it's become more important to coddle their
psyches than to actually teach the material.
At least when I was in school, they didn't have all the safe places and
related crap.
...or the sense of entitlement that fosters those beliefs.
Exactly! We were entitled to what we earned, and not always even that.
I wish I were still entitled to what I've earned over the years. To
those who say Social Security is a good deal, I've offered to have them
give me a one-time payment representing all my "contributions" (both
parts), with no extra to represent the opportunity value, and I'll give
them every payment I get from SS. No takers yet.
Yeah, I had some bozo complain that SS is "welfare", but
when I posted the amount of combined contributions (self and
employers) over my working life, around $180k in current
dollars IIRC, and the fact that it would take almost 10
years to get even that principal back, he became strangely
silent. I didn't even have to note the loss I took by not
being able to invest that principal in equities, which would
have given me many times that amount based on equity growth
since '63.
Post by BruceS
Post by Bob Casanova
Post by BruceS
Some of it had to just be low standards, letting people
get STEM degrees without demonstrating basic capabilities. There were
some I went to school with who fit that pattern as well. I wondered
why they didn't switch to something they could better handle, like
liberal arts.
Maybe they couldn't handle that either. I think the greatest
disservice modern society has done is to insist that college
is for everyone; it's not.
I totally agree. For many, a trade school is not only a more practical
choice, but a happier one for everyone involved. For others, not even
trade school is appropriate. That attitude, along with the one that
everyone should own a house, have provided a lot of misery for a lot of
people, and financial cost that the rest of us have to bear.
Yep.
--
Bob C.

"The most exciting phrase to hear in science,
the one that heralds new discoveries, is not
'Eureka!' but 'That's funny...'"

- Isaac Asimov
BruceS
2016-07-07 23:04:03 UTC
Permalink
Raw Message
Post by Bob Casanova
On Wed, 06 Jul 2016 13:29:21 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 15:08:08 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 10:07:07 -0600, the following appeared
<snip>
Post by Bob Casanova
Post by BruceS
If only that shortcoming were restricted to the non-programmers. The
"exact because floating point" argument was supported by several
programmers. They just didn't get that a finite number of bits could
not represent an infinite number of possibilities. I decided to skip
the part where a 64-bit integer actually represents a larger number of
distinct numbers than does a 64-bit floating point. I also once had a
programmer-turned-manager try to correct me on what I thought was pretty
simple math. Her group had defined identifiers to be used by the
next-level-down programmers as case-insensitive, up to six characters,
with the first character being alpha and the rest alphanumeric. I did
some quick calculations and said that would get them about a million and
a half unique six-character identifiers, plus the shorter ones. She
came to my office later and told me the actual number was in the single
thousands. She'd done something like 36x5x26.
Oy...
She never took a stats course, huh? Or did any work with
truth tables? Even so, a bit of thought should have gotten
her close to the right answer; it's not rocket science.
I started laughing, then realized *I* never took a stats class! My
degree says "Computer Science and Statistics" (minor in math), but I
went out of my way to avoid stats. With 73% of statistics made up on
the spot, the whole field is mostly just lying with numbers.
It can be, but only if the one doing the lying misuses the
data (usually by cherry-picking, but there are other ways).
Properly used, stats can reveal quite a bit from "messy"
data. And if you understand how stats works when properly
done you can usually see when the misuse is happening.
Post by BruceS
But I
agree, the above is not rocket science. Or diffy q. She was a great
example of the Dilbert Principal.
...or maybe the Peter Principle...
https://en.wikipedia.org/wiki/Peter_principle
Peter just has them being promoted *to* their level of incompetency,
then left there. She was promoted *beyond* her level of incompetency,
presumably to get her out of the production stream. I stand by Dilbert.
OK. ;-)
Post by BruceS
Post by Bob Casanova
...which I've found to be endemic in most organizations.
Or maybe a combination, since they're related.
I've seen more of the Dilbert variety in IT. Those who can, program
(or architect); those who can't, manage.
...and those who can do neither, teach (or go into
politics).
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
After trying to explain
the fundamentals, I finally resorted to showing her on a whiteboard how
it worked with a much smaller set of choices and number of digits. This
was the same person who (before being promoted to management) designed a
reversible "encryption" method for use by our software to store
passwords in clear-text files. I tested it with two people, letting
each give me three passwords to "encrypt" and telling them the results.
Both broke the code immediately. It was something like adding two to
the odd characters and subtracting four from the even, with wrapping to
keep the results ASCII. I pitied our clients.
Same here. Did that actually get put into practice, or was
it shot down in design eval, as it should have been?
It was in practice, storing customers' logins and passwords in a clear
text config file. I wanted to get rid of that file entirely and store
things in a protected binary file, but got shot down. I was able to
use a different approach for the new logins/passwords my part of the
system needed. It still went to the same config file, but the
encrypted passwords were very long, with length not dependent on input
length (or even consistent run to run), and bore no resemblance to the
input. I still felt it was pretty risky, but that was the best I could
do. At this same job, I found a number of unintended exploits our
stuff would install, and notified the involved departments each time.
I'm not sure my help was appreciated. One form they had in multiple
places was a writable file with the setuid bit set (this is Unix),
owned by root. Seeing those just made me laugh.
Sounds like you did the best you could. I never worked with
Unix, although I did set up a couple of Linux systems to
play with before deciding that I didn't need a second career
as a sysadmin at home. ;-)
In Unix, there's an attribute of a file (the setuid bit) that, if set,
allows a program represented by the file to change its identity to
that of the file's owner, regardless of the actual user who runs the
program. That's a dangerous, but useful capability. Such a program
should not be writable, especially if it's owned by root. It's been a
while, but I think the C program one can replace such a file with if
it's writable is
int main(void)
{
if ( setuid(0) ) system("sh");
}
Simply overwrite the original file with the compiled version of that,
run it, and you're root, with all the privileges. If you first copy
the original file to a different name, you can even clean up after
yourself (don't forget to clean up the sulog!) and leave little
evidence of what you did. That same company had a file transfer tool
(like ftp) that included a shell capability which ignored the
privileges of the user running it. This meant that if a client gave us
a "restricted" user account, meant only for transferring files within a
limited area of the disk, we could combine those two exploits and be
root in seconds. There was another, somewhat similar exploit involving
inetd, but it would really only make sense if you're familiar with that.
...which I'm not.
And I think your explanation is a good reason why I decided
*not* to implement Linux on my home systems. Not the
specific scenario, but the requirement to be an expert
sysadmin in order to properly manage the system.
To be fair, Linux is safer than Windows in terms of external access and
malware even if you aren't any sort of expert. OTOH, it takes a certain
degree of expertise just to get it to do all the things you want it to.
Some distributions are supposed to be more end-user-friendly, somewhat
on a par with Windows, but I haven't used any of those so I can't
confirm that. The sort of exploit that I found on Unix are all over
Windows, and it seems that every time they close up one, they open a
couple more. Microsoft has even gone so far as to make all their office
document formats "virus-enabled". Still, for most users, I think
Windows makes more sense than Linux.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Throughout my career
I've had similar situations, where people with STEM backgrounds didn't
understand pretty simple math.
I suspect the blame for most of that can be laid on the "ed
biz", where it's become more important to coddle their
psyches than to actually teach the material.
At least when I was in school, they didn't have all the safe places and
related crap.
...or the sense of entitlement that fosters those beliefs.
Exactly! We were entitled to what we earned, and not always even that.
I wish I were still entitled to what I've earned over the years. To
those who say Social Security is a good deal, I've offered to have them
give me a one-time payment representing all my "contributions" (both
parts), with no extra to represent the opportunity value, and I'll give
them every payment I get from SS. No takers yet.
Yeah, I had some bozo complain that SS is "welfare", but
when I posted the amount of combined contributions (self and
employers) over my working life, around $180k in current
dollars IIRC, and the fact that it would take almost 10
years to get even that principal back, he became strangely
silent. I didn't even have to note the loss I took by not
being able to invest that principal in equities, which would
have given me many times that amount based on equity growth
since '63.
At least you got into it early enough to get *something* back for all
your losses. As it becomes more "means tested", and the system runs
lower and lower on funding, people like me who did anything on their own
for retirement are going to get nothing, or next to nothing back.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Some of it had to just be low standards, letting people
get STEM degrees without demonstrating basic capabilities. There were
some I went to school with who fit that pattern as well. I wondered
why they didn't switch to something they could better handle, like
liberal arts.
Maybe they couldn't handle that either. I think the greatest
disservice modern society has done is to insist that college
is for everyone; it's not.
I totally agree. For many, a trade school is not only a more practical
choice, but a happier one for everyone involved. For others, not even
trade school is appropriate. That attitude, along with the one that
everyone should own a house, have provided a lot of misery for a lot of
people, and financial cost that the rest of us have to bear.
Yep.
Bob Casanova
2016-07-08 18:31:45 UTC
Permalink
Raw Message
On Thu, 07 Jul 2016 17:04:03 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Wed, 06 Jul 2016 13:29:21 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 15:08:08 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 10:07:07 -0600, the following appeared
<snip>
Post by Bob Casanova
Post by BruceS
If only that shortcoming were restricted to the non-programmers. The
"exact because floating point" argument was supported by several
programmers. They just didn't get that a finite number of bits could
not represent an infinite number of possibilities. I decided to skip
the part where a 64-bit integer actually represents a larger number of
distinct numbers than does a 64-bit floating point. I also once had a
programmer-turned-manager try to correct me on what I thought was pretty
simple math. Her group had defined identifiers to be used by the
next-level-down programmers as case-insensitive, up to six characters,
with the first character being alpha and the rest alphanumeric. I did
some quick calculations and said that would get them about a million and
a half unique six-character identifiers, plus the shorter ones. She
came to my office later and told me the actual number was in the single
thousands. She'd done something like 36x5x26.
Oy...
She never took a stats course, huh? Or did any work with
truth tables? Even so, a bit of thought should have gotten
her close to the right answer; it's not rocket science.
I started laughing, then realized *I* never took a stats class! My
degree says "Computer Science and Statistics" (minor in math), but I
went out of my way to avoid stats. With 73% of statistics made up on
the spot, the whole field is mostly just lying with numbers.
It can be, but only if the one doing the lying misuses the
data (usually by cherry-picking, but there are other ways).
Properly used, stats can reveal quite a bit from "messy"
data. And if you understand how stats works when properly
done you can usually see when the misuse is happening.
Post by BruceS
But I
agree, the above is not rocket science. Or diffy q. She was a great
example of the Dilbert Principal.
...or maybe the Peter Principle...
https://en.wikipedia.org/wiki/Peter_principle
Peter just has them being promoted *to* their level of incompetency,
then left there. She was promoted *beyond* her level of incompetency,
presumably to get her out of the production stream. I stand by Dilbert.
OK. ;-)
Post by BruceS
Post by Bob Casanova
...which I've found to be endemic in most organizations.
Or maybe a combination, since they're related.
I've seen more of the Dilbert variety in IT. Those who can, program
(or architect); those who can't, manage.
...and those who can do neither, teach (or go into
politics).
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
After trying to explain
the fundamentals, I finally resorted to showing her on a whiteboard how
it worked with a much smaller set of choices and number of digits. This
was the same person who (before being promoted to management) designed a
reversible "encryption" method for use by our software to store
passwords in clear-text files. I tested it with two people, letting
each give me three passwords to "encrypt" and telling them the results.
Both broke the code immediately. It was something like adding two to
the odd characters and subtracting four from the even, with wrapping to
keep the results ASCII. I pitied our clients.
Same here. Did that actually get put into practice, or was
it shot down in design eval, as it should have been?
It was in practice, storing customers' logins and passwords in a clear
text config file. I wanted to get rid of that file entirely and store
things in a protected binary file, but got shot down. I was able to
use a different approach for the new logins/passwords my part of the
system needed. It still went to the same config file, but the
encrypted passwords were very long, with length not dependent on input
length (or even consistent run to run), and bore no resemblance to the
input. I still felt it was pretty risky, but that was the best I could
do. At this same job, I found a number of unintended exploits our
stuff would install, and notified the involved departments each time.
I'm not sure my help was appreciated. One form they had in multiple
places was a writable file with the setuid bit set (this is Unix),
owned by root. Seeing those just made me laugh.
Sounds like you did the best you could. I never worked with
Unix, although I did set up a couple of Linux systems to
play with before deciding that I didn't need a second career
as a sysadmin at home. ;-)
In Unix, there's an attribute of a file (the setuid bit) that, if set,
allows a program represented by the file to change its identity to
that of the file's owner, regardless of the actual user who runs the
program. That's a dangerous, but useful capability. Such a program
should not be writable, especially if it's owned by root. It's been a
while, but I think the C program one can replace such a file with if
it's writable is
int main(void)
{
if ( setuid(0) ) system("sh");
}
Simply overwrite the original file with the compiled version of that,
run it, and you're root, with all the privileges. If you first copy
the original file to a different name, you can even clean up after
yourself (don't forget to clean up the sulog!) and leave little
evidence of what you did. That same company had a file transfer tool
(like ftp) that included a shell capability which ignored the
privileges of the user running it. This meant that if a client gave us
a "restricted" user account, meant only for transferring files within a
limited area of the disk, we could combine those two exploits and be
root in seconds. There was another, somewhat similar exploit involving
inetd, but it would really only make sense if you're familiar with that.
...which I'm not.
And I think your explanation is a good reason why I decided
*not* to implement Linux on my home systems. Not the
specific scenario, but the requirement to be an expert
sysadmin in order to properly manage the system.
To be fair, Linux is safer than Windows in terms of external access and
malware even if you aren't any sort of expert. OTOH, it takes a certain
degree of expertise just to get it to do all the things you want it to.
Some distributions are supposed to be more end-user-friendly, somewhat
on a par with Windows, but I haven't used any of those so I can't
confirm that. The sort of exploit that I found on Unix are all over
Windows, and it seems that every time they close up one, they open a
couple more. Microsoft has even gone so far as to make all their office
document formats "virus-enabled". Still, for most users, I think
Windows makes more sense than Linux.
It does for me, even though given the current numbers the
Windows environment is a much more attractive target for
hackers (which would almost certainly change if the usage
numbers were reversed; target-rich vs. target-poor). If the
user is reasonably security-conscious Windows isn't
dangerous; I've been using it since 3.1 and have never had a
problem, *but* I maintain a good anti-malware program and
always have, from the days when MacAfee was the "best in
class" (which is no longer is; Webroot is *far* superior).
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Throughout my career
I've had similar situations, where people with STEM backgrounds didn't
understand pretty simple math.
I suspect the blame for most of that can be laid on the "ed
biz", where it's become more important to coddle their
psyches than to actually teach the material.
At least when I was in school, they didn't have all the safe places and
related crap.
...or the sense of entitlement that fosters those beliefs.
Exactly! We were entitled to what we earned, and not always even that.
I wish I were still entitled to what I've earned over the years. To
those who say Social Security is a good deal, I've offered to have them
give me a one-time payment representing all my "contributions" (both
parts), with no extra to represent the opportunity value, and I'll give
them every payment I get from SS. No takers yet.
Yeah, I had some bozo complain that SS is "welfare", but
when I posted the amount of combined contributions (self and
employers) over my working life, around $180k in current
dollars IIRC, and the fact that it would take almost 10
years to get even that principal back, he became strangely
silent. I didn't even have to note the loss I took by not
being able to invest that principal in equities, which would
have given me many times that amount based on equity growth
since '63.
At least you got into it early enough to get *something* back for all
your losses. As it becomes more "means tested", and the system runs
lower and lower on funding, people like me who did anything on their own
for retirement are going to get nothing, or next to nothing back.
The real problem is the way COLA is calculated for SS; in
retirement the cost of housing (mortgage) is basically a
non-issue, and the same for transportation since it's now
voluntary rather than mandatory (unless one can walk to
work), but the COLA makes both of these quite significant,
so when housing and gas prices dropped it resulted in
essentially a zero COLA, even though food and health
insurance costs zoomed.

That, plus the fact that, as I noted, it misses the
potential gains from equities. I was lucky enough to have a
good 401k (since converted to an IRA), so I had a "buffer"
and don't have to rely on SS for all my retirement income.
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Some of it had to just be low standards, letting people
get STEM degrees without demonstrating basic capabilities. There were
some I went to school with who fit that pattern as well. I wondered
why they didn't switch to something they could better handle, like
liberal arts.
Maybe they couldn't handle that either. I think the greatest
disservice modern society has done is to insist that college
is for everyone; it's not.
I totally agree. For many, a trade school is not only a more practical
choice, but a happier one for everyone involved. For others, not even
trade school is appropriate. That attitude, along with the one that
everyone should own a house, have provided a lot of misery for a lot of
people, and financial cost that the rest of us have to bear.
Yep.
--
Bob C.

"The most exciting phrase to hear in science,
the one that heralds new discoveries, is not
'Eureka!' but 'That's funny...'"

- Isaac Asimov
BruceS
2016-07-13 16:24:00 UTC
Permalink
Raw Message
Post by Bob Casanova
On Thu, 07 Jul 2016 17:04:03 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Wed, 06 Jul 2016 13:29:21 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 15:08:08 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 10:07:07 -0600, the following appeared
<snip>
Post by Bob Casanova
Post by BruceS
If only that shortcoming were restricted to the non-programmers. The
"exact because floating point" argument was supported by several
programmers. They just didn't get that a finite number of bits could
not represent an infinite number of possibilities. I decided to skip
the part where a 64-bit integer actually represents a larger number of
distinct numbers than does a 64-bit floating point. I also once had a
programmer-turned-manager try to correct me on what I thought was pretty
simple math. Her group had defined identifiers to be used by the
next-level-down programmers as case-insensitive, up to six characters,
with the first character being alpha and the rest alphanumeric. I did
some quick calculations and said that would get them about a million and
a half unique six-character identifiers, plus the shorter ones. She
came to my office later and told me the actual number was in the single
thousands. She'd done something like 36x5x26.
Oy...
She never took a stats course, huh? Or did any work with
truth tables? Even so, a bit of thought should have gotten
her close to the right answer; it's not rocket science.
I started laughing, then realized *I* never took a stats class! My
degree says "Computer Science and Statistics" (minor in math), but I
went out of my way to avoid stats. With 73% of statistics made up on
the spot, the whole field is mostly just lying with numbers.
It can be, but only if the one doing the lying misuses the
data (usually by cherry-picking, but there are other ways).
Properly used, stats can reveal quite a bit from "messy"
data. And if you understand how stats works when properly
done you can usually see when the misuse is happening.
Post by BruceS
But I
agree, the above is not rocket science. Or diffy q. She was a great
example of the Dilbert Principal.
...or maybe the Peter Principle...
https://en.wikipedia.org/wiki/Peter_principle
Peter just has them being promoted *to* their level of incompetency,
then left there. She was promoted *beyond* her level of incompetency,
presumably to get her out of the production stream. I stand by Dilbert.
OK. ;-)
Post by BruceS
Post by Bob Casanova
...which I've found to be endemic in most organizations.
Or maybe a combination, since they're related.
I've seen more of the Dilbert variety in IT. Those who can, program
(or architect); those who can't, manage.
...and those who can do neither, teach (or go into
politics).
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
After trying to explain
the fundamentals, I finally resorted to showing her on a whiteboard how
it worked with a much smaller set of choices and number of digits. This
was the same person who (before being promoted to management) designed a
reversible "encryption" method for use by our software to store
passwords in clear-text files. I tested it with two people, letting
each give me three passwords to "encrypt" and telling them the results.
Both broke the code immediately. It was something like adding two to
the odd characters and subtracting four from the even, with wrapping to
keep the results ASCII. I pitied our clients.
Same here. Did that actually get put into practice, or was
it shot down in design eval, as it should have been?
It was in practice, storing customers' logins and passwords in a clear
text config file. I wanted to get rid of that file entirely and store
things in a protected binary file, but got shot down. I was able to
use a different approach for the new logins/passwords my part of the
system needed. It still went to the same config file, but the
encrypted passwords were very long, with length not dependent on input
length (or even consistent run to run), and bore no resemblance to the
input. I still felt it was pretty risky, but that was the best I could
do. At this same job, I found a number of unintended exploits our
stuff would install, and notified the involved departments each time.
I'm not sure my help was appreciated. One form they had in multiple
places was a writable file with the setuid bit set (this is Unix),
owned by root. Seeing those just made me laugh.
Sounds like you did the best you could. I never worked with
Unix, although I did set up a couple of Linux systems to
play with before deciding that I didn't need a second career
as a sysadmin at home. ;-)
In Unix, there's an attribute of a file (the setuid bit) that, if set,
allows a program represented by the file to change its identity to
that of the file's owner, regardless of the actual user who runs the
program. That's a dangerous, but useful capability. Such a program
should not be writable, especially if it's owned by root. It's been a
while, but I think the C program one can replace such a file with if
it's writable is
int main(void)
{
if ( setuid(0) ) system("sh");
}
Simply overwrite the original file with the compiled version of that,
run it, and you're root, with all the privileges. If you first copy
the original file to a different name, you can even clean up after
yourself (don't forget to clean up the sulog!) and leave little
evidence of what you did. That same company had a file transfer tool
(like ftp) that included a shell capability which ignored the
privileges of the user running it. This meant that if a client gave us
a "restricted" user account, meant only for transferring files within a
limited area of the disk, we could combine those two exploits and be
root in seconds. There was another, somewhat similar exploit involving
inetd, but it would really only make sense if you're familiar with that.
...which I'm not.
And I think your explanation is a good reason why I decided
*not* to implement Linux on my home systems. Not the
specific scenario, but the requirement to be an expert
sysadmin in order to properly manage the system.
To be fair, Linux is safer than Windows in terms of external access and
malware even if you aren't any sort of expert. OTOH, it takes a certain
degree of expertise just to get it to do all the things you want it to.
Some distributions are supposed to be more end-user-friendly, somewhat
on a par with Windows, but I haven't used any of those so I can't
confirm that. The sort of exploit that I found on Unix are all over
Windows, and it seems that every time they close up one, they open a
couple more. Microsoft has even gone so far as to make all their office
document formats "virus-enabled". Still, for most users, I think
Windows makes more sense than Linux.
It does for me, even though given the current numbers the
Windows environment is a much more attractive target for
hackers (which would almost certainly change if the usage
numbers were reversed; target-rich vs. target-poor). If the
user is reasonably security-conscious Windows isn't
dangerous; I've been using it since 3.1 and have never had a
problem, *but* I maintain a good anti-malware program and
always have, from the days when MacAfee was the "best in
class" (which is no longer is; Webroot is *far* superior).
I agree on both counts. When I use Windows, I have anti-malware
software running (Norton currently) and I've never been hacked or had
malware. Still, it's nice to not have to worry about an attempt at an
attack, even though that's largely because my main machine is Linux and
therefore not much of a target. OTOH, my father *has* had numerous
viruses on his Windows machines. He expressed amazement at how this
happened on one such occasion, and I told him it was the same as the
other times, that he'd downloaded and installed the virus. I think
he's finally become careful, and suspicious of what I'd consider
obvious attack attempts. If it weren't for some things he needed that
were unavailable on Linux (AFAIK), I'd have gotten him moved to Linux
years ago. Most of the time he's just using a browser, and most of the
rest of the time he's using office software, so Linux would cover those
bases quite well.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Throughout my career
I've had similar situations, where people with STEM backgrounds didn't
understand pretty simple math.
I suspect the blame for most of that can be laid on the "ed
biz", where it's become more important to coddle their
psyches than to actually teach the material.
At least when I was in school, they didn't have all the safe places and
related crap.
...or the sense of entitlement that fosters those beliefs.
Exactly! We were entitled to what we earned, and not always even that.
I wish I were still entitled to what I've earned over the years. To
those who say Social Security is a good deal, I've offered to have them
give me a one-time payment representing all my "contributions" (both
parts), with no extra to represent the opportunity value, and I'll give
them every payment I get from SS. No takers yet.
Yeah, I had some bozo complain that SS is "welfare", but
when I posted the amount of combined contributions (self and
employers) over my working life, around $180k in current
dollars IIRC, and the fact that it would take almost 10
years to get even that principal back, he became strangely
silent. I didn't even have to note the loss I took by not
being able to invest that principal in equities, which would
have given me many times that amount based on equity growth
since '63.
At least you got into it early enough to get *something* back for all
your losses. As it becomes more "means tested", and the system runs
lower and lower on funding, people like me who did anything on their own
for retirement are going to get nothing, or next to nothing back.
The real problem is the way COLA is calculated for SS; in
retirement the cost of housing (mortgage) is basically a
non-issue, and the same for transportation since it's now
voluntary rather than mandatory (unless one can walk to
work), but the COLA makes both of these quite significant,
so when housing and gas prices dropped it resulted in
essentially a zero COLA, even though food and health
insurance costs zoomed.
That, plus the fact that, as I noted, it misses the
potential gains from equities. I was lucky enough to have a
good 401k (since converted to an IRA), so I had a "buffer"
and don't have to rely on SS for all my retirement income.
I wouldn't call it "luck" to have a good 401K/IRA; it's more a matter
of making good decisions. We've pretty much always maxed out our 401Ks
and similar, maxed our Roths, built up a respectable after-tax
brokerage account, built equity in our home by paying early and having
shorter-than-usual mortgages, and even bought some precious metals.
We're looking at possibly buying a new car in the near future (I'm
against it, but haven't fully convinced my wife), and won't need to
borrow to do so. Our only debt is our mortgage, which is much smaller
than the home's value. We shouldn't have any problems with retirement,
but it would be nice to not have lost so much over the years to the
Great Ponzi Scheme. When I read about the average net worth of people
who, like us, have had good incomes over the years, it makes me
cringe. I've known many who have made these bad decisions, spending
too much of their income and even borrowing money for things like
vacations. The big problem is that such people want those few of us
who have made good decisions to pay for their bad ones.
BruceS
2016-07-15 14:33:07 UTC
Permalink
Raw Message
Post by BruceS
Post by Bob Casanova
On Thu, 07 Jul 2016 17:04:03 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Wed, 06 Jul 2016 13:29:21 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 15:08:08 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 10:07:07 -0600, the following appeared
<snip>
Post by Bob Casanova
Post by BruceS
If only that shortcoming were restricted to the
non-programmers. The
"exact because floating point" argument was supported by several
programmers. They just didn't get that a finite number of bits could
not represent an infinite number of possibilities. I decided to skip
the part where a 64-bit integer actually represents a larger number of
distinct numbers than does a 64-bit floating point. I also once had a
programmer-turned-manager try to correct me on what I thought was pretty
simple math. Her group had defined identifiers to be used by the
next-level-down programmers as case-insensitive, up to six characters,
with the first character being alpha and the rest
alphanumeric. I did
some quick calculations and said that would get them about a million and
a half unique six-character identifiers, plus the shorter ones. She
came to my office later and told me the actual number was in the single
thousands. She'd done something like 36x5x26.
Oy...
She never took a stats course, huh? Or did any work with
truth tables? Even so, a bit of thought should have gotten
her close to the right answer; it's not rocket science.
I started laughing, then realized *I* never took a stats class! My
degree says "Computer Science and Statistics" (minor in math), but I
went out of my way to avoid stats. With 73% of statistics made up on
the spot, the whole field is mostly just lying with numbers.
It can be, but only if the one doing the lying misuses the
data (usually by cherry-picking, but there are other ways).
Properly used, stats can reveal quite a bit from "messy"
data. And if you understand how stats works when properly
done you can usually see when the misuse is happening.
Post by BruceS
But I
agree, the above is not rocket science. Or diffy q. She was a great
example of the Dilbert Principal.
...or maybe the Peter Principle...
https://en.wikipedia.org/wiki/Peter_principle
Peter just has them being promoted *to* their level of incompetency,
then left there. She was promoted *beyond* her level of incompetency,
presumably to get her out of the production stream. I stand by Dilbert.
OK. ;-)
Post by BruceS
Post by Bob Casanova
...which I've found to be endemic in most organizations.
Or maybe a combination, since they're related.
I've seen more of the Dilbert variety in IT. Those who can, program
(or architect); those who can't, manage.
...and those who can do neither, teach (or go into
politics).
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
After trying to explain
the fundamentals, I finally resorted to showing her on a whiteboard how
it worked with a much smaller set of choices and number of digits. This
was the same person who (before being promoted to management) designed a
reversible "encryption" method for use by our software to store
passwords in clear-text files. I tested it with two people, letting
each give me three passwords to "encrypt" and telling them the results.
Both broke the code immediately. It was something like adding two to
the odd characters and subtracting four from the even, with wrapping to
keep the results ASCII. I pitied our clients.
Same here. Did that actually get put into practice, or was
it shot down in design eval, as it should have been?
It was in practice, storing customers' logins and passwords in a clear
text config file. I wanted to get rid of that file entirely and store
things in a protected binary file, but got shot down. I was able to
use a different approach for the new logins/passwords my part of the
system needed. It still went to the same config file, but the
encrypted passwords were very long, with length not dependent on input
length (or even consistent run to run), and bore no resemblance to the
input. I still felt it was pretty risky, but that was the best I could
do. At this same job, I found a number of unintended exploits our
stuff would install, and notified the involved departments each time.
I'm not sure my help was appreciated. One form they had in multiple
places was a writable file with the setuid bit set (this is Unix),
owned by root. Seeing those just made me laugh.
Sounds like you did the best you could. I never worked with
Unix, although I did set up a couple of Linux systems to
play with before deciding that I didn't need a second career
as a sysadmin at home. ;-)
In Unix, there's an attribute of a file (the setuid bit) that, if set,
allows a program represented by the file to change its identity to
that of the file's owner, regardless of the actual user who runs the
program. That's a dangerous, but useful capability. Such a program
should not be writable, especially if it's owned by root. It's been a
while, but I think the C program one can replace such a file with if
it's writable is
int main(void)
{
if ( setuid(0) ) system("sh");
}
Simply overwrite the original file with the compiled version of that,
run it, and you're root, with all the privileges. If you first copy
the original file to a different name, you can even clean up after
yourself (don't forget to clean up the sulog!) and leave little
evidence of what you did. That same company had a file transfer tool
(like ftp) that included a shell capability which ignored the
privileges of the user running it. This meant that if a client gave us
a "restricted" user account, meant only for transferring files within a
limited area of the disk, we could combine those two exploits and be
root in seconds. There was another, somewhat similar exploit involving
inetd, but it would really only make sense if you're familiar with that.
...which I'm not.
And I think your explanation is a good reason why I decided
*not* to implement Linux on my home systems. Not the
specific scenario, but the requirement to be an expert
sysadmin in order to properly manage the system.
To be fair, Linux is safer than Windows in terms of external access and
malware even if you aren't any sort of expert. OTOH, it takes a certain
degree of expertise just to get it to do all the things you want it to.
Some distributions are supposed to be more end-user-friendly, somewhat
on a par with Windows, but I haven't used any of those so I can't
confirm that. The sort of exploit that I found on Unix are all over
Windows, and it seems that every time they close up one, they open a
couple more. Microsoft has even gone so far as to make all their office
document formats "virus-enabled". Still, for most users, I think
Windows makes more sense than Linux.
It does for me, even though given the current numbers the
Windows environment is a much more attractive target for
hackers (which would almost certainly change if the usage
numbers were reversed; target-rich vs. target-poor). If the
user is reasonably security-conscious Windows isn't
dangerous; I've been using it since 3.1 and have never had a
problem, *but* I maintain a good anti-malware program and
always have, from the days when MacAfee was the "best in
class" (which is no longer is; Webroot is *far* superior).
I agree on both counts. When I use Windows, I have anti-malware
software running (Norton currently) and I've never been hacked or had
malware. Still, it's nice to not have to worry about an attempt at an
attack, even though that's largely because my main machine is Linux and
therefore not much of a target. OTOH, my father *has* had numerous
viruses on his Windows machines. He expressed amazement at how this
happened on one such occasion, and I told him it was the same as the
other times, that he'd downloaded and installed the virus. I think
he's finally become careful, and suspicious of what I'd consider
obvious attack attempts. If it weren't for some things he needed that
were unavailable on Linux (AFAIK), I'd have gotten him moved to Linux
years ago. Most of the time he's just using a browser, and most of the
rest of the time he's using office software, so Linux would cover those
bases quite well.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Throughout my career
I've had similar situations, where people with STEM backgrounds didn't
understand pretty simple math.
I suspect the blame for most of that can be laid on the "ed
biz", where it's become more important to coddle their
psyches than to actually teach the material.
At least when I was in school, they didn't have all the safe places and
related crap.
...or the sense of entitlement that fosters those beliefs.
Exactly! We were entitled to what we earned, and not always even that.
I wish I were still entitled to what I've earned over the years. To
those who say Social Security is a good deal, I've offered to have them
give me a one-time payment representing all my "contributions" (both
parts), with no extra to represent the opportunity value, and I'll give
them every payment I get from SS. No takers yet.
Yeah, I had some bozo complain that SS is "welfare", but
when I posted the amount of combined contributions (self and
employers) over my working life, around $180k in current
dollars IIRC, and the fact that it would take almost 10
years to get even that principal back, he became strangely
silent. I didn't even have to note the loss I took by not
being able to invest that principal in equities, which would
have given me many times that amount based on equity growth
since '63.
At least you got into it early enough to get *something* back for all
your losses. As it becomes more "means tested", and the system runs
lower and lower on funding, people like me who did anything on their own
for retirement are going to get nothing, or next to nothing back.
The real problem is the way COLA is calculated for SS; in
retirement the cost of housing (mortgage) is basically a
non-issue, and the same for transportation since it's now
voluntary rather than mandatory (unless one can walk to
work), but the COLA makes both of these quite significant,
so when housing and gas prices dropped it resulted in
essentially a zero COLA, even though food and health
insurance costs zoomed.
That, plus the fact that, as I noted, it misses the
potential gains from equities. I was lucky enough to have a
good 401k (since converted to an IRA), so I had a "buffer"
and don't have to rely on SS for all my retirement income.
I wouldn't call it "luck" to have a good 401K/IRA; it's more a matter
of making good decisions. We've pretty much always maxed out our 401Ks
and similar, maxed our Roths, built up a respectable after-tax
brokerage account, built equity in our home by paying early and having
shorter-than-usual mortgages, and even bought some precious metals.
We're looking at possibly buying a new car in the near future (I'm
against it, but haven't fully convinced my wife), and won't need to
borrow to do so. Our only debt is our mortgage, which is much smaller
than the home's value. We shouldn't have any problems with retirement,
but it would be nice to not have lost so much over the years to the
Great Ponzi Scheme. When I read about the average net worth of people
who, like us, have had good incomes over the years, it makes me
cringe. I've known many who have made these bad decisions, spending
too much of their income and even borrowing money for things like
vacations. The big problem is that such people want those few of us
who have made good decisions to pay for their bad ones.
How about this? FWIW, "wildly off-topic" is par for the course for me,
as I tend to change subjects at the drop of a hat. Which reminds me of
the "hat" scene in Caddyshack.
Bob Casanova
2016-07-15 18:43:10 UTC
Permalink
Raw Message
On Fri, 15 Jul 2016 08:33:07 -0600, the following appeared
Post by BruceS
Post by BruceS
Post by Bob Casanova
On Thu, 07 Jul 2016 17:04:03 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Wed, 06 Jul 2016 13:29:21 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 15:08:08 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 10:07:07 -0600, the following appeared
<snip>
Post by Bob Casanova
Post by BruceS
If only that shortcoming were restricted to the
non-programmers. The
"exact because floating point" argument was supported by several
programmers. They just didn't get that a finite number of bits could
not represent an infinite number of possibilities. I decided to skip
the part where a 64-bit integer actually represents a larger number of
distinct numbers than does a 64-bit floating point. I also once had a
programmer-turned-manager try to correct me on what I thought was pretty
simple math. Her group had defined identifiers to be used by the
next-level-down programmers as case-insensitive, up to six characters,
with the first character being alpha and the rest
alphanumeric. I did
some quick calculations and said that would get them about a million and
a half unique six-character identifiers, plus the shorter ones. She
came to my office later and told me the actual number was in the single
thousands. She'd done something like 36x5x26.
Oy...
She never took a stats course, huh? Or did any work with
truth tables? Even so, a bit of thought should have gotten
her close to the right answer; it's not rocket science.
I started laughing, then realized *I* never took a stats class! My
degree says "Computer Science and Statistics" (minor in math), but I
went out of my way to avoid stats. With 73% of statistics made up on
the spot, the whole field is mostly just lying with numbers.
It can be, but only if the one doing the lying misuses the
data (usually by cherry-picking, but there are other ways).
Properly used, stats can reveal quite a bit from "messy"
data. And if you understand how stats works when properly
done you can usually see when the misuse is happening.
Post by BruceS
But I
agree, the above is not rocket science. Or diffy q. She was a great
example of the Dilbert Principal.
...or maybe the Peter Principle...
https://en.wikipedia.org/wiki/Peter_principle
Peter just has them being promoted *to* their level of incompetency,
then left there. She was promoted *beyond* her level of incompetency,
presumably to get her out of the production stream. I stand by Dilbert.
OK. ;-)
Post by BruceS
Post by Bob Casanova
...which I've found to be endemic in most organizations.
Or maybe a combination, since they're related.
I've seen more of the Dilbert variety in IT. Those who can, program
(or architect); those who can't, manage.
...and those who can do neither, teach (or go into
politics).
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
After trying to explain
the fundamentals, I finally resorted to showing her on a whiteboard how
it worked with a much smaller set of choices and number of digits. This
was the same person who (before being promoted to management) designed a
reversible "encryption" method for use by our software to store
passwords in clear-text files. I tested it with two people, letting
each give me three passwords to "encrypt" and telling them the results.
Both broke the code immediately. It was something like
adding two to
the odd characters and subtracting four from the even, with wrapping to
keep the results ASCII. I pitied our clients.
Same here. Did that actually get put into practice, or was
it shot down in design eval, as it should have been?
It was in practice, storing customers' logins and passwords in a clear
text config file. I wanted to get rid of that file entirely and store
things in a protected binary file, but got shot down. I was able to
use a different approach for the new logins/passwords my part of the
system needed. It still went to the same config file, but the
encrypted passwords were very long, with length not dependent on input
length (or even consistent run to run), and bore no resemblance to the
input. I still felt it was pretty risky, but that was the best I could
do. At this same job, I found a number of unintended exploits our
stuff would install, and notified the involved departments each time.
I'm not sure my help was appreciated. One form they had in multiple
places was a writable file with the setuid bit set (this is Unix),
owned by root. Seeing those just made me laugh.
Sounds like you did the best you could. I never worked with
Unix, although I did set up a couple of Linux systems to
play with before deciding that I didn't need a second career
as a sysadmin at home. ;-)
In Unix, there's an attribute of a file (the setuid bit) that, if set,
allows a program represented by the file to change its identity to
that of the file's owner, regardless of the actual user who runs the
program. That's a dangerous, but useful capability. Such a program
should not be writable, especially if it's owned by root. It's been a
while, but I think the C program one can replace such a file with if
it's writable is
int main(void)
{
if ( setuid(0) ) system("sh");
}
Simply overwrite the original file with the compiled version of that,
run it, and you're root, with all the privileges. If you first copy
the original file to a different name, you can even clean up after
yourself (don't forget to clean up the sulog!) and leave little
evidence of what you did. That same company had a file transfer tool
(like ftp) that included a shell capability which ignored the
privileges of the user running it. This meant that if a client gave us
a "restricted" user account, meant only for transferring files within a
limited area of the disk, we could combine those two exploits and be
root in seconds. There was another, somewhat similar exploit involving
inetd, but it would really only make sense if you're familiar with that.
...which I'm not.
And I think your explanation is a good reason why I decided
*not* to implement Linux on my home systems. Not the
specific scenario, but the requirement to be an expert
sysadmin in order to properly manage the system.
To be fair, Linux is safer than Windows in terms of external access and
malware even if you aren't any sort of expert. OTOH, it takes a certain
degree of expertise just to get it to do all the things you want it to.
Some distributions are supposed to be more end-user-friendly, somewhat
on a par with Windows, but I haven't used any of those so I can't
confirm that. The sort of exploit that I found on Unix are all over
Windows, and it seems that every time they close up one, they open a
couple more. Microsoft has even gone so far as to make all their office
document formats "virus-enabled". Still, for most users, I think
Windows makes more sense than Linux.
It does for me, even though given the current numbers the
Windows environment is a much more attractive target for
hackers (which would almost certainly change if the usage
numbers were reversed; target-rich vs. target-poor). If the
user is reasonably security-conscious Windows isn't
dangerous; I've been using it since 3.1 and have never had a
problem, *but* I maintain a good anti-malware program and
always have, from the days when MacAfee was the "best in
class" (which is no longer is; Webroot is *far* superior).
I agree on both counts. When I use Windows, I have anti-malware
software running (Norton currently) and I've never been hacked or had
malware. Still, it's nice to not have to worry about an attempt at an
attack, even though that's largely because my main machine is Linux and
therefore not much of a target. OTOH, my father *has* had numerous
viruses on his Windows machines. He expressed amazement at how this
happened on one such occasion, and I told him it was the same as the
other times, that he'd downloaded and installed the virus.
That seems to be true in the majority of cases. And *no*
anti-malware program can totally eliminate it; the best they
can do is warn. Webroot has *very* strong warnings, and
requires positive action to circumvent them.
Post by BruceS
I think
Post by BruceS
he's finally become careful, and suspicious of what I'd consider
obvious attack attempts. If it weren't for some things he needed that
were unavailable on Linux (AFAIK), I'd have gotten him moved to Linux
years ago. Most of the time he's just using a browser, and most of the
rest of the time he's using office software, so Linux would cover those
bases quite well.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Throughout my career
I've had similar situations, where people with STEM backgrounds didn't
understand pretty simple math.
I suspect the blame for most of that can be laid on the "ed
biz", where it's become more important to coddle their
psyches than to actually teach the material.
At least when I was in school, they didn't have all the safe places and
related crap.
...or the sense of entitlement that fosters those beliefs.
Exactly! We were entitled to what we earned, and not always even that.
I wish I were still entitled to what I've earned over the years. To
those who say Social Security is a good deal, I've offered to have them
give me a one-time payment representing all my "contributions" (both
parts), with no extra to represent the opportunity value, and I'll give
them every payment I get from SS. No takers yet.
Yeah, I had some bozo complain that SS is "welfare", but
when I posted the amount of combined contributions (self and
employers) over my working life, around $180k in current
dollars IIRC, and the fact that it would take almost 10
years to get even that principal back, he became strangely
silent. I didn't even have to note the loss I took by not
being able to invest that principal in equities, which would
have given me many times that amount based on equity growth
since '63.
At least you got into it early enough to get *something* back for all
your losses. As it becomes more "means tested", and the system runs
lower and lower on funding, people like me who did anything on their own
for retirement are going to get nothing, or next to nothing back.
The real problem is the way COLA is calculated for SS; in
retirement the cost of housing (mortgage) is basically a
non-issue, and the same for transportation since it's now
voluntary rather than mandatory (unless one can walk to
work), but the COLA makes both of these quite significant,
so when housing and gas prices dropped it resulted in
essentially a zero COLA, even though food and health
insurance costs zoomed.
That, plus the fact that, as I noted, it misses the
potential gains from equities. I was lucky enough to have a
good 401k (since converted to an IRA), so I had a "buffer"
and don't have to rely on SS for all my retirement income.
I wouldn't call it "luck" to have a good 401K/IRA; it's more a matter
of making good decisions. We've pretty much always maxed out our 401Ks
and similar, maxed our Roths, built up a respectable after-tax
brokerage account, built equity in our home by paying early and having
shorter-than-usual mortgages, and even bought some precious metals.
All that, with the exception of precious metals, is how I
did it. My good luck was in working for companies
(Westinghouse Defense, acquired by Northrop Grumman in the
early '90s) which had good 401k plans.
Post by BruceS
Post by BruceS
We're looking at possibly buying a new car in the near future (I'm
against it, but haven't fully convinced my wife), and won't need to
borrow to do so. Our only debt is our mortgage, which is much smaller
than the home's value. We shouldn't have any problems with retirement,
but it would be nice to not have lost so much over the years to the
Great Ponzi Scheme. When I read about the average net worth of people
who, like us, have had good incomes over the years, it makes me
cringe. I've known many who have made these bad decisions, spending
too much of their income and even borrowing money for things like
vacations. The big problem is that such people want those few of us
who have made good decisions to pay for their bad ones.
Yep. Just as those who will not (as contrasted with *can*
not) work want to be supported forever as something to which
they think they're "entitled", presumably by existing.
Post by BruceS
How about this? FWIW, "wildly off-topic" is par for the course for me,
as I tend to change subjects at the drop of a hat. Which reminds me of
the "hat" scene in Caddyshack.
--
Bob C.

"The most exciting phrase to hear in science,
the one that heralds new discoveries, is not
'Eureka!' but 'That's funny...'"

- Isaac Asimov
BruceS
2016-07-15 20:46:52 UTC
Permalink
Raw Message
Post by Bob Casanova
On Fri, 15 Jul 2016 08:33:07 -0600, the following appeared
Post by BruceS
Post by BruceS
Post by Bob Casanova
On Thu, 07 Jul 2016 17:04:03 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Wed, 06 Jul 2016 13:29:21 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 15:08:08 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 10:07:07 -0600, the following appeared
<snip>
Post by Bob Casanova
Post by BruceS
If only that shortcoming were restricted to the
non-programmers. The
"exact because floating point" argument was supported by several
programmers. They just didn't get that a finite number of bits could
not represent an infinite number of possibilities. I decided to skip
the part where a 64-bit integer actually represents a larger number of
distinct numbers than does a 64-bit floating point. I also once had a
programmer-turned-manager try to correct me on what I thought
was pretty
simple math. Her group had defined identifiers to be used by the
next-level-down programmers as case-insensitive, up to six characters,
with the first character being alpha and the rest
alphanumeric. I did
some quick calculations and said that would get them about a
million and
a half unique six-character identifiers, plus the shorter ones. She
came to my office later and told me the actual number was in the single
thousands. She'd done something like 36x5x26.
Oy...
She never took a stats course, huh? Or did any work with
truth tables? Even so, a bit of thought should have gotten
her close to the right answer; it's not rocket science.
I started laughing, then realized *I* never took a stats class! My
degree says "Computer Science and Statistics" (minor in math), but I
went out of my way to avoid stats. With 73% of statistics made up on
the spot, the whole field is mostly just lying with numbers.
It can be, but only if the one doing the lying misuses the
data (usually by cherry-picking, but there are other ways).
Properly used, stats can reveal quite a bit from "messy"
data. And if you understand how stats works when properly
done you can usually see when the misuse is happening.
Post by BruceS
But I
agree, the above is not rocket science. Or diffy q. She was a great
example of the Dilbert Principal.
...or maybe the Peter Principle...
https://en.wikipedia.org/wiki/Peter_principle
Peter just has them being promoted *to* their level of incompetency,
then left there. She was promoted *beyond* her level of incompetency,
presumably to get her out of the production stream. I stand by Dilbert.
OK. ;-)
Post by BruceS
Post by Bob Casanova
...which I've found to be endemic in most organizations.
Or maybe a combination, since they're related.
I've seen more of the Dilbert variety in IT. Those who can, program
(or architect); those who can't, manage.
...and those who can do neither, teach (or go into
politics).
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
After trying to explain
the fundamentals, I finally resorted to showing her on a whiteboard how
it worked with a much smaller set of choices and number of
digits. This
was the same person who (before being promoted to management)
designed a
reversible "encryption" method for use by our software to store
passwords in clear-text files. I tested it with two people, letting
each give me three passwords to "encrypt" and telling them the results.
Both broke the code immediately. It was something like
adding two to
the odd characters and subtracting four from the even, with wrapping to
keep the results ASCII. I pitied our clients.
Same here. Did that actually get put into practice, or was
it shot down in design eval, as it should have been?
It was in practice, storing customers' logins and passwords in a clear
text config file. I wanted to get rid of that file entirely and store
things in a protected binary file, but got shot down. I was able to
use a different approach for the new logins/passwords my part of the
system needed. It still went to the same config file, but the
encrypted passwords were very long, with length not dependent on input
length (or even consistent run to run), and bore no resemblance to the
input. I still felt it was pretty risky, but that was the best I could
do. At this same job, I found a number of unintended exploits our
stuff would install, and notified the involved departments each time.
I'm not sure my help was appreciated. One form they had in multiple
places was a writable file with the setuid bit set (this is Unix),
owned by root. Seeing those just made me laugh.
Sounds like you did the best you could. I never worked with
Unix, although I did set up a couple of Linux systems to
play with before deciding that I didn't need a second career
as a sysadmin at home. ;-)
In Unix, there's an attribute of a file (the setuid bit) that, if set,
allows a program represented by the file to change its identity to
that of the file's owner, regardless of the actual user who runs the
program. That's a dangerous, but useful capability. Such a program
should not be writable, especially if it's owned by root. It's been a
while, but I think the C program one can replace such a file with if
it's writable is
int main(void)
{
if ( setuid(0) ) system("sh");
}
Simply overwrite the original file with the compiled version of that,
run it, and you're root, with all the privileges. If you first copy
the original file to a different name, you can even clean up after
yourself (don't forget to clean up the sulog!) and leave little
evidence of what you did. That same company had a file transfer tool
(like ftp) that included a shell capability which ignored the
privileges of the user running it. This meant that if a client gave us
a "restricted" user account, meant only for transferring files within a
limited area of the disk, we could combine those two exploits and be
root in seconds. There was another, somewhat similar exploit involving
inetd, but it would really only make sense if you're familiar with that.
...which I'm not.
And I think your explanation is a good reason why I decided
*not* to implement Linux on my home systems. Not the
specific scenario, but the requirement to be an expert
sysadmin in order to properly manage the system.
To be fair, Linux is safer than Windows in terms of external access and
malware even if you aren't any sort of expert. OTOH, it takes a certain
degree of expertise just to get it to do all the things you want it to.
Some distributions are supposed to be more end-user-friendly, somewhat
on a par with Windows, but I haven't used any of those so I can't
confirm that. The sort of exploit that I found on Unix are all over
Windows, and it seems that every time they close up one, they open a
couple more. Microsoft has even gone so far as to make all their office
document formats "virus-enabled". Still, for most users, I think
Windows makes more sense than Linux.
It does for me, even though given the current numbers the
Windows environment is a much more attractive target for
hackers (which would almost certainly change if the usage
numbers were reversed; target-rich vs. target-poor). If the
user is reasonably security-conscious Windows isn't
dangerous; I've been using it since 3.1 and have never had a
problem, *but* I maintain a good anti-malware program and
always have, from the days when MacAfee was the "best in
class" (which is no longer is; Webroot is *far* superior).
I agree on both counts. When I use Windows, I have anti-malware
software running (Norton currently) and I've never been hacked or had
malware. Still, it's nice to not have to worry about an attempt at an
attack, even though that's largely because my main machine is Linux and
therefore not much of a target. OTOH, my father *has* had numerous
viruses on his Windows machines. He expressed amazement at how this
happened on one such occasion, and I told him it was the same as the
other times, that he'd downloaded and installed the virus.
That seems to be true in the majority of cases. And *no*
anti-malware program can totally eliminate it; the best they
can do is warn. Webroot has *very* strong warnings, and
requires positive action to circumvent them.
Absolutely. My dad had been set up repeatedly with anti-malware sw,
instructions about not opening attachments, etc., but he keeps
forgetting. He also keeps taking his PC in to a shop that has proven
time and again to be destructive. They charge him lots of money to
hold his PC for several days at a time, delete drivers and other needed
sw, and one of the family has to help him get it back working. We keep
telling him to stop taking it in to that shop, but he remembers their
name and not the damage done.
Post by Bob Casanova
Post by BruceS
I think
Post by BruceS
he's finally become careful, and suspicious of what I'd consider
obvious attack attempts. If it weren't for some things he needed that
were unavailable on Linux (AFAIK), I'd have gotten him moved to Linux
years ago. Most of the time he's just using a browser, and most of the
rest of the time he's using office software, so Linux would cover those
bases quite well.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Throughout my career
I've had similar situations, where people with STEM backgrounds didn't
understand pretty simple math.
I suspect the blame for most of that can be laid on the "ed
biz", where it's become more important to coddle their
psyches than to actually teach the material.
At least when I was in school, they didn't have all the safe places and
related crap.
...or the sense of entitlement that fosters those beliefs.
Exactly! We were entitled to what we earned, and not always even that.
I wish I were still entitled to what I've earned over the years. To
those who say Social Security is a good deal, I've offered to have them
give me a one-time payment representing all my "contributions" (both
parts), with no extra to represent the opportunity value, and I'll give
them every payment I get from SS. No takers yet.
Yeah, I had some bozo complain that SS is "welfare", but
when I posted the amount of combined contributions (self and
employers) over my working life, around $180k in current
dollars IIRC, and the fact that it would take almost 10
years to get even that principal back, he became strangely
silent. I didn't even have to note the loss I took by not
being able to invest that principal in equities, which would
have given me many times that amount based on equity growth
since '63.
At least you got into it early enough to get *something* back for all
your losses. As it becomes more "means tested", and the system runs
lower and lower on funding, people like me who did anything on their own
for retirement are going to get nothing, or next to nothing back.
The real problem is the way COLA is calculated for SS; in
retirement the cost of housing (mortgage) is basically a
non-issue, and the same for transportation since it's now
voluntary rather than mandatory (unless one can walk to
work), but the COLA makes both of these quite significant,
so when housing and gas prices dropped it resulted in
essentially a zero COLA, even though food and health
insurance costs zoomed.
That, plus the fact that, as I noted, it misses the
potential gains from equities. I was lucky enough to have a
good 401k (since converted to an IRA), so I had a "buffer"
and don't have to rely on SS for all my retirement income.
I wouldn't call it "luck" to have a good 401K/IRA; it's more a matter
of making good decisions. We've pretty much always maxed out our 401Ks
and similar, maxed our Roths, built up a respectable after-tax
brokerage account, built equity in our home by paying early and having
shorter-than-usual mortgages, and even bought some precious metals.
All that, with the exception of precious metals, is how I
did it. My good luck was in working for companies
(Westinghouse Defense, acquired by Northrop Grumman in the
early '90s) which had good 401k plans.
I've had a couple of decent 401Ks, some not very good ones, and a
self-employed, which worked out very well, just didn't have anyone else
to pay for "matching". At one job, we were separated into "highly
compensated" and non-highly compensated", and the highly's could only
contribute a couple points more than the average non-highly. The
non-highly's were mostly ignorant hourly workers who didn't contribute
anything (the government will take care of their retirement), so we
could only put in something like 3.5% of our gross. I can only think
of one employer that had no 401K at all. I'd asked ahead of time if
the position was 1099 or W2 and they said 1099, so I expected to use my
Keogh. As it turned out, it was W2, so I couldn't, and they had no
retirement plan at all. As for the metals, that's just a safe haven to
preserve wealth, with only about 6% of our wealth in it. If all else
fails, we have *something* other than real property. No hiding it in
the backyard or under the floorboards for us, though; we're not
preparing for the collapse of society.
Post by Bob Casanova
Post by BruceS
Post by BruceS
We're looking at possibly buying a new car in the near future (I'm
against it, but haven't fully convinced my wife), and won't need to
borrow to do so. Our only debt is our mortgage, which is much smaller
than the home's value. We shouldn't have any problems with retirement,
but it would be nice to not have lost so much over the years to the
Great Ponzi Scheme. When I read about the average net worth of people
who, like us, have had good incomes over the years, it makes me
cringe. I've known many who have made these bad decisions, spending
too much of their income and even borrowing money for things like
vacations. The big problem is that such people want those few of us
who have made good decisions to pay for their bad ones.
Yep. Just as those who will not (as contrasted with *can*
not) work want to be supported forever as something to which
they think they're "entitled", presumably by existing.
Exactly. Just by existing they believe they're entitled to the good
life. I say cut the handouts way back and let them emigrate if they
don't like it.
Bob Casanova
2016-07-16 17:40:23 UTC
Permalink
Raw Message
On Fri, 15 Jul 2016 14:46:52 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Fri, 15 Jul 2016 08:33:07 -0600, the following appeared
Post by BruceS
Post by BruceS
Post by Bob Casanova
On Thu, 07 Jul 2016 17:04:03 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Wed, 06 Jul 2016 13:29:21 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 15:08:08 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 10:07:07 -0600, the following appeared
<snip>
Post by Bob Casanova
Post by BruceS
If only that shortcoming were restricted to the
non-programmers. The
"exact because floating point" argument was supported by several
programmers. They just didn't get that a finite number of bits could
not represent an infinite number of possibilities. I decided to skip
the part where a 64-bit integer actually represents a larger
number of
distinct numbers than does a 64-bit floating point. I also
once had a
programmer-turned-manager try to correct me on what I thought
was pretty
simple math. Her group had defined identifiers to be used by the
next-level-down programmers as case-insensitive, up to six
characters,
with the first character being alpha and the rest
alphanumeric. I did
some quick calculations and said that would get them about a
million and
a half unique six-character identifiers, plus the shorter ones. She
came to my office later and told me the actual number was in
the single
thousands. She'd done something like 36x5x26.
Oy...
She never took a stats course, huh? Or did any work with
truth tables? Even so, a bit of thought should have gotten
her close to the right answer; it's not rocket science.
I started laughing, then realized *I* never took a stats class! My
degree says "Computer Science and Statistics" (minor in math), but I
went out of my way to avoid stats. With 73% of statistics made up on
the spot, the whole field is mostly just lying with numbers.
It can be, but only if the one doing the lying misuses the
data (usually by cherry-picking, but there are other ways).
Properly used, stats can reveal quite a bit from "messy"
data. And if you understand how stats works when properly
done you can usually see when the misuse is happening.
Post by BruceS
But I
agree, the above is not rocket science. Or diffy q. She was a great
example of the Dilbert Principal.
...or maybe the Peter Principle...
https://en.wikipedia.org/wiki/Peter_principle
Peter just has them being promoted *to* their level of incompetency,
then left there. She was promoted *beyond* her level of incompetency,
presumably to get her out of the production stream. I stand by Dilbert.
OK. ;-)
Post by BruceS
Post by Bob Casanova
...which I've found to be endemic in most organizations.
Or maybe a combination, since they're related.
I've seen more of the Dilbert variety in IT. Those who can, program
(or architect); those who can't, manage.
...and those who can do neither, teach (or go into
politics).
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
After trying to explain
the fundamentals, I finally resorted to showing her on a
whiteboard how
it worked with a much smaller set of choices and number of
digits. This
was the same person who (before being promoted to management)
designed a
reversible "encryption" method for use by our software to store
passwords in clear-text files. I tested it with two people, letting
each give me three passwords to "encrypt" and telling them the
results.
Both broke the code immediately. It was something like
adding two to
the odd characters and subtracting four from the even, with
wrapping to
keep the results ASCII. I pitied our clients.
Same here. Did that actually get put into practice, or was
it shot down in design eval, as it should have been?
It was in practice, storing customers' logins and passwords in a clear
text config file. I wanted to get rid of that file entirely and store
things in a protected binary file, but got shot down. I was able to
use a different approach for the new logins/passwords my part of the
system needed. It still went to the same config file, but the
encrypted passwords were very long, with length not dependent on input
length (or even consistent run to run), and bore no resemblance to the
input. I still felt it was pretty risky, but that was the best I could
do. At this same job, I found a number of unintended exploits our
stuff would install, and notified the involved departments each time.
I'm not sure my help was appreciated. One form they had in multiple
places was a writable file with the setuid bit set (this is Unix),
owned by root. Seeing those just made me laugh.
Sounds like you did the best you could. I never worked with
Unix, although I did set up a couple of Linux systems to
play with before deciding that I didn't need a second career
as a sysadmin at home. ;-)
In Unix, there's an attribute of a file (the setuid bit) that, if set,
allows a program represented by the file to change its identity to
that of the file's owner, regardless of the actual user who runs the
program. That's a dangerous, but useful capability. Such a program
should not be writable, especially if it's owned by root. It's been a
while, but I think the C program one can replace such a file with if
it's writable is
int main(void)
{
if ( setuid(0) ) system("sh");
}
Simply overwrite the original file with the compiled version of that,
run it, and you're root, with all the privileges. If you first copy
the original file to a different name, you can even clean up after
yourself (don't forget to clean up the sulog!) and leave little
evidence of what you did. That same company had a file transfer tool
(like ftp) that included a shell capability which ignored the
privileges of the user running it. This meant that if a client gave us
a "restricted" user account, meant only for transferring files within a
limited area of the disk, we could combine those two exploits and be
root in seconds. There was another, somewhat similar exploit involving
inetd, but it would really only make sense if you're familiar with that.
...which I'm not.
And I think your explanation is a good reason why I decided
*not* to implement Linux on my home systems. Not the
specific scenario, but the requirement to be an expert
sysadmin in order to properly manage the system.
To be fair, Linux is safer than Windows in terms of external access and
malware even if you aren't any sort of expert. OTOH, it takes a certain
degree of expertise just to get it to do all the things you want it to.
Some distributions are supposed to be more end-user-friendly, somewhat
on a par with Windows, but I haven't used any of those so I can't
confirm that. The sort of exploit that I found on Unix are all over
Windows, and it seems that every time they close up one, they open a
couple more. Microsoft has even gone so far as to make all their office
document formats "virus-enabled". Still, for most users, I think
Windows makes more sense than Linux.
It does for me, even though given the current numbers the
Windows environment is a much more attractive target for
hackers (which would almost certainly change if the usage
numbers were reversed; target-rich vs. target-poor). If the
user is reasonably security-conscious Windows isn't
dangerous; I've been using it since 3.1 and have never had a
problem, *but* I maintain a good anti-malware program and
always have, from the days when MacAfee was the "best in
class" (which is no longer is; Webroot is *far* superior).
I agree on both counts. When I use Windows, I have anti-malware
software running (Norton currently) and I've never been hacked or had
malware. Still, it's nice to not have to worry about an attempt at an
attack, even though that's largely because my main machine is Linux and
therefore not much of a target. OTOH, my father *has* had numerous
viruses on his Windows machines. He expressed amazement at how this
happened on one such occasion, and I told him it was the same as the
other times, that he'd downloaded and installed the virus.
That seems to be true in the majority of cases. And *no*
anti-malware program can totally eliminate it; the best they
can do is warn. Webroot has *very* strong warnings, and
requires positive action to circumvent them.
Absolutely. My dad had been set up repeatedly with anti-malware sw,
instructions about not opening attachments, etc., but he keeps
forgetting. He also keeps taking his PC in to a shop that has proven
time and again to be destructive. They charge him lots of money to
hold his PC for several days at a time, delete drivers and other needed
sw, and one of the family has to help him get it back working. We keep
telling him to stop taking it in to that shop, but he remembers their
name and not the damage done.
Not much you can do about any of that, so you should
probably stop worrying about it. When it happens again and
the schlock shop performs to its usual standard just have
him keep taking it back to them (or better, make them show
it works when he goes to pick it up) until it *is* fixed. It
won't cure the forgetfulness, but nothing will.
Post by BruceS
Post by Bob Casanova
Post by BruceS
I think
Post by BruceS
he's finally become careful, and suspicious of what I'd consider
obvious attack attempts. If it weren't for some things he needed that
were unavailable on Linux (AFAIK), I'd have gotten him moved to Linux
years ago. Most of the time he's just using a browser, and most of the
rest of the time he's using office software, so Linux would cover those
bases quite well.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Throughout my career
I've had similar situations, where people with STEM backgrounds
didn't
understand pretty simple math.
I suspect the blame for most of that can be laid on the "ed
biz", where it's become more important to coddle their
psyches than to actually teach the material.
At least when I was in school, they didn't have all the safe places and
related crap.
...or the sense of entitlement that fosters those beliefs.
Exactly! We were entitled to what we earned, and not always even that.
I wish I were still entitled to what I've earned over the years. To
those who say Social Security is a good deal, I've offered to have them
give me a one-time payment representing all my "contributions" (both
parts), with no extra to represent the opportunity value, and I'll give
them every payment I get from SS. No takers yet.
Yeah, I had some bozo complain that SS is "welfare", but
when I posted the amount of combined contributions (self and
employers) over my working life, around $180k in current
dollars IIRC, and the fact that it would take almost 10
years to get even that principal back, he became strangely
silent. I didn't even have to note the loss I took by not
being able to invest that principal in equities, which would
have given me many times that amount based on equity growth
since '63.
At least you got into it early enough to get *something* back for all
your losses. As it becomes more "means tested", and the system runs
lower and lower on funding, people like me who did anything on their own
for retirement are going to get nothing, or next to nothing back.
The real problem is the way COLA is calculated for SS; in
retirement the cost of housing (mortgage) is basically a
non-issue, and the same for transportation since it's now
voluntary rather than mandatory (unless one can walk to
work), but the COLA makes both of these quite significant,
so when housing and gas prices dropped it resulted in
essentially a zero COLA, even though food and health
insurance costs zoomed.
That, plus the fact that, as I noted, it misses the
potential gains from equities. I was lucky enough to have a
good 401k (since converted to an IRA), so I had a "buffer"
and don't have to rely on SS for all my retirement income.
I wouldn't call it "luck" to have a good 401K/IRA; it's more a matter
of making good decisions. We've pretty much always maxed out our 401Ks
and similar, maxed our Roths, built up a respectable after-tax
brokerage account, built equity in our home by paying early and having
shorter-than-usual mortgages, and even bought some precious metals.
All that, with the exception of precious metals, is how I
did it. My good luck was in working for companies
(Westinghouse Defense, acquired by Northrop Grumman in the
early '90s) which had good 401k plans.
I've had a couple of decent 401Ks, some not very good ones, and a
self-employed, which worked out very well, just didn't have anyone else
to pay for "matching". At one job, we were separated into "highly
compensated" and non-highly compensated", and the highly's could only
contribute a couple points more than the average non-highly. The
non-highly's were mostly ignorant hourly workers who didn't contribute
anything (the government will take care of their retirement), so we
could only put in something like 3.5% of our gross. I can only think
of one employer that had no 401K at all. I'd asked ahead of time if
the position was 1099 or W2 and they said 1099, so I expected to use my
Keogh. As it turned out, it was W2, so I couldn't, and they had no
retirement plan at all. As for the metals, that's just a safe haven to
preserve wealth, with only about 6% of our wealth in it. If all else
fails, we have *something* other than real property. No hiding it in
the backyard or under the floorboards for us, though; we're not
preparing for the collapse of society.
Maybe you should rethink that, considering the probable
presidential choices. Me, I'm voting Libertarian since I
can't stomach either probable major-party candidate; the
first time that's happened since I first voted in 1968. The
RNC and DNC could fix that if they had any guts, since the
candidate is not dependent on the primaries by law, but only
by the current convention rules. But they won't.
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by BruceS
We're looking at possibly buying a new car in the near future (I'm
against it, but haven't fully convinced my wife), and won't need to
borrow to do so. Our only debt is our mortgage, which is much smaller
than the home's value. We shouldn't have any problems with retirement,
but it would be nice to not have lost so much over the years to the
Great Ponzi Scheme. When I read about the average net worth of people
who, like us, have had good incomes over the years, it makes me
cringe. I've known many who have made these bad decisions, spending
too much of their income and even borrowing money for things like
vacations. The big problem is that such people want those few of us
who have made good decisions to pay for their bad ones.
Yep. Just as those who will not (as contrasted with *can*
not) work want to be supported forever as something to which
they think they're "entitled", presumably by existing.
Exactly. Just by existing they believe they're entitled to the good
life. I say cut the handouts way back and let them emigrate if they
don't like it.
Sounds good to me, so long as those who *can't* work
(probably less than 1% of the total) are supported.
--
Bob C.

"The most exciting phrase to hear in science,
the one that heralds new discoveries, is not
'Eureka!' but 'That's funny...'"

- Isaac Asimov
BruceS
2016-07-18 14:00:18 UTC
Permalink
Raw Message
Post by Bob Casanova
On Fri, 15 Jul 2016 14:46:52 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Fri, 15 Jul 2016 08:33:07 -0600, the following appeared
Post by BruceS
Post by BruceS
Post by Bob Casanova
On Thu, 07 Jul 2016 17:04:03 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Wed, 06 Jul 2016 13:29:21 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 15:08:08 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 10:07:07 -0600, the following appeared
<snip>
Post by Bob Casanova
Post by BruceS
If only that shortcoming were restricted to the
non-programmers. The
"exact because floating point" argument was supported by several
programmers. They just didn't get that a finite number of bits
could
not represent an infinite number of possibilities. I decided
to skip
the part where a 64-bit integer actually represents a larger
number of
distinct numbers than does a 64-bit floating point. I also
once had a
programmer-turned-manager try to correct me on what I thought
was pretty
simple math. Her group had defined identifiers to be used by the
next-level-down programmers as case-insensitive, up to six
characters,
with the first character being alpha and the rest
alphanumeric. I did
some quick calculations and said that would get them about a
million and
a half unique six-character identifiers, plus the shorter
ones. She
came to my office later and told me the actual number was in
the single
thousands. She'd done something like 36x5x26.
Oy...
She never took a stats course, huh? Or did any work with
truth tables? Even so, a bit of thought should have gotten
her close to the right answer; it's not rocket science.
I started laughing, then realized *I* never took a stats class! My
degree says "Computer Science and Statistics" (minor in math), but I
went out of my way to avoid stats. With 73% of statistics made up on
the spot, the whole field is mostly just lying with numbers.
It can be, but only if the one doing the lying misuses the
data (usually by cherry-picking, but there are other ways).
Properly used, stats can reveal quite a bit from "messy"
data. And if you understand how stats works when properly
done you can usually see when the misuse is happening.
Post by BruceS
But I
agree, the above is not rocket science. Or diffy q. She was a great
example of the Dilbert Principal.
...or maybe the Peter Principle...
https://en.wikipedia.org/wiki/Peter_principle
Peter just has them being promoted *to* their level of incompetency,
then left there. She was promoted *beyond* her level of incompetency,
presumably to get her out of the production stream. I stand by Dilbert.
OK. ;-)
Post by BruceS
Post by Bob Casanova
...which I've found to be endemic in most organizations.
Or maybe a combination, since they're related.
I've seen more of the Dilbert variety in IT. Those who can, program
(or architect); those who can't, manage.
...and those who can do neither, teach (or go into
politics).
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
After trying to explain
the fundamentals, I finally resorted to showing her on a
whiteboard how
it worked with a much smaller set of choices and number of
digits. This
was the same person who (before being promoted to management)
designed a
reversible "encryption" method for use by our software to store
passwords in clear-text files. I tested it with two people,
letting
each give me three passwords to "encrypt" and telling them the
results.
Both broke the code immediately. It was something like
adding two to
the odd characters and subtracting four from the even, with
wrapping to
keep the results ASCII. I pitied our clients.
Same here. Did that actually get put into practice, or was
it shot down in design eval, as it should have been?
It was in practice, storing customers' logins and passwords in a clear
text config file. I wanted to get rid of that file entirely and store
things in a protected binary file, but got shot down. I was able to
use a different approach for the new logins/passwords my part of the
system needed. It still went to the same config file, but the
encrypted passwords were very long, with length not dependent on input
length (or even consistent run to run), and bore no resemblance to the
input. I still felt it was pretty risky, but that was the best I could
do. At this same job, I found a number of unintended exploits our
stuff would install, and notified the involved departments each time.
I'm not sure my help was appreciated. One form they had in multiple
places was a writable file with the setuid bit set (this is Unix),
owned by root. Seeing those just made me laugh.
Sounds like you did the best you could. I never worked with
Unix, although I did set up a couple of Linux systems to
play with before deciding that I didn't need a second career
as a sysadmin at home. ;-)
In Unix, there's an attribute of a file (the setuid bit) that, if set,
allows a program represented by the file to change its identity to
that of the file's owner, regardless of the actual user who runs the
program. That's a dangerous, but useful capability. Such a program
should not be writable, especially if it's owned by root. It's been a
while, but I think the C program one can replace such a file with if
it's writable is
int main(void)
{
if ( setuid(0) ) system("sh");
}
Simply overwrite the original file with the compiled version of that,
run it, and you're root, with all the privileges. If you first copy
the original file to a different name, you can even clean up after
yourself (don't forget to clean up the sulog!) and leave little
evidence of what you did. That same company had a file transfer tool
(like ftp) that included a shell capability which ignored the
privileges of the user running it. This meant that if a client gave us
a "restricted" user account, meant only for transferring files within a
limited area of the disk, we could combine those two exploits and be
root in seconds. There was another, somewhat similar exploit involving
inetd, but it would really only make sense if you're familiar with that.
...which I'm not.
And I think your explanation is a good reason why I decided
*not* to implement Linux on my home systems. Not the
specific scenario, but the requirement to be an expert
sysadmin in order to properly manage the system.
To be fair, Linux is safer than Windows in terms of external access and
malware even if you aren't any sort of expert. OTOH, it takes a certain
degree of expertise just to get it to do all the things you want it to.
Some distributions are supposed to be more end-user-friendly, somewhat
on a par with Windows, but I haven't used any of those so I can't
confirm that. The sort of exploit that I found on Unix are all over
Windows, and it seems that every time they close up one, they open a
couple more. Microsoft has even gone so far as to make all their office
document formats "virus-enabled". Still, for most users, I think
Windows makes more sense than Linux.
It does for me, even though given the current numbers the
Windows environment is a much more attractive target for
hackers (which would almost certainly change if the usage
numbers were reversed; target-rich vs. target-poor). If the
user is reasonably security-conscious Windows isn't
dangerous; I've been using it since 3.1 and have never had a
problem, *but* I maintain a good anti-malware program and
always have, from the days when MacAfee was the "best in
class" (which is no longer is; Webroot is *far* superior).
I agree on both counts. When I use Windows, I have anti-malware
software running (Norton currently) and I've never been hacked or had
malware. Still, it's nice to not have to worry about an attempt at an
attack, even though that's largely because my main machine is Linux and
therefore not much of a target. OTOH, my father *has* had numerous
viruses on his Windows machines. He expressed amazement at how this
happened on one such occasion, and I told him it was the same as the
other times, that he'd downloaded and installed the virus.
That seems to be true in the majority of cases. And *no*
anti-malware program can totally eliminate it; the best they
can do is warn. Webroot has *very* strong warnings, and
requires positive action to circumvent them.
Absolutely. My dad had been set up repeatedly with anti-malware sw,
instructions about not opening attachments, etc., but he keeps
forgetting. He also keeps taking his PC in to a shop that has proven
time and again to be destructive. They charge him lots of money to
hold his PC for several days at a time, delete drivers and other needed
sw, and one of the family has to help him get it back working. We keep
telling him to stop taking it in to that shop, but he remembers their
name and not the damage done.
Not much you can do about any of that, so you should
probably stop worrying about it. When it happens again and
the schlock shop performs to its usual standard just have
him keep taking it back to them (or better, make them show
it works when he goes to pick it up) until it *is* fixed. It
won't cure the forgetfulness, but nothing will.
Unfortunately, we're a long ways apart, so I'm rarely on-site. I
usually hear about the problems after the fact. I do try not to worry
about it though; no point when I can't help.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
I think
Post by BruceS
he's finally become careful, and suspicious of what I'd consider
obvious attack attempts. If it weren't for some things he needed that
were unavailable on Linux (AFAIK), I'd have gotten him moved to Linux
years ago. Most of the time he's just using a browser, and most of the
rest of the time he's using office software, so Linux would cover those
bases quite well.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Throughout my career
I've had similar situations, where people with STEM backgrounds
didn't
understand pretty simple math.
I suspect the blame for most of that can be laid on the "ed
biz", where it's become more important to coddle their
psyches than to actually teach the material.
At least when I was in school, they didn't have all the safe places and
related crap.
...or the sense of entitlement that fosters those beliefs.
Exactly! We were entitled to what we earned, and not always even that.
I wish I were still entitled to what I've earned over the years. To
those who say Social Security is a good deal, I've offered to have them
give me a one-time payment representing all my "contributions" (both
parts), with no extra to represent the opportunity value, and I'll give
them every payment I get from SS. No takers yet.
Yeah, I had some bozo complain that SS is "welfare", but
when I posted the amount of combined contributions (self and
employers) over my working life, around $180k in current
dollars IIRC, and the fact that it would take almost 10
years to get even that principal back, he became strangely
silent. I didn't even have to note the loss I took by not
being able to invest that principal in equities, which would
have given me many times that amount based on equity growth
since '63.
At least you got into it early enough to get *something* back for all
your losses. As it becomes more "means tested", and the system runs
lower and lower on funding, people like me who did anything on their own
for retirement are going to get nothing, or next to nothing back.
The real problem is the way COLA is calculated for SS; in
retirement the cost of housing (mortgage) is basically a
non-issue, and the same for transportation since it's now
voluntary rather than mandatory (unless one can walk to
work), but the COLA makes both of these quite significant,
so when housing and gas prices dropped it resulted in
essentially a zero COLA, even though food and health
insurance costs zoomed.
That, plus the fact that, as I noted, it misses the
potential gains from equities. I was lucky enough to have a
good 401k (since converted to an IRA), so I had a "buffer"
and don't have to rely on SS for all my retirement income.
I wouldn't call it "luck" to have a good 401K/IRA; it's more a matter
of making good decisions. We've pretty much always maxed out our 401Ks
and similar, maxed our Roths, built up a respectable after-tax
brokerage account, built equity in our home by paying early and having
shorter-than-usual mortgages, and even bought some precious metals.
All that, with the exception of precious metals, is how I
did it. My good luck was in working for companies
(Westinghouse Defense, acquired by Northrop Grumman in the
early '90s) which had good 401k plans.
I've had a couple of decent 401Ks, some not very good ones, and a
self-employed, which worked out very well, just didn't have anyone else
to pay for "matching". At one job, we were separated into "highly
compensated" and non-highly compensated", and the highly's could only
contribute a couple points more than the average non-highly. The
non-highly's were mostly ignorant hourly workers who didn't contribute
anything (the government will take care of their retirement), so we
could only put in something like 3.5% of our gross. I can only think
of one employer that had no 401K at all. I'd asked ahead of time if
the position was 1099 or W2 and they said 1099, so I expected to use my
Keogh. As it turned out, it was W2, so I couldn't, and they had no
retirement plan at all. As for the metals, that's just a safe haven to
preserve wealth, with only about 6% of our wealth in it. If all else
fails, we have *something* other than real property. No hiding it in
the backyard or under the floorboards for us, though; we're not
preparing for the collapse of society.
Maybe you should rethink that, considering the probable
presidential choices. Me, I'm voting Libertarian since I
can't stomach either probable major-party candidate; the
first time that's happened since I first voted in 1968. The
RNC and DNC could fix that if they had any guts, since the
candidate is not dependent on the primaries by law, but only
by the current convention rules. But they won't.
I'm also voting Libertarian, but that's pretty common for me in the
Presidential race. I've voted for candidates at lower levels from all
sorts of parties, but for President I usually mark 'L'. Seeing the
popularity of Bernie Sanders and Donald Trump, both "outsider"
authoritarians, and the grudging acceptance of Hillary Clinton, an
"insider" authoritarian, I have little hope of a decent government.
The problem is not the pols, it's the proles.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by BruceS
We're looking at possibly buying a new car in the near future (I'm
against it, but haven't fully convinced my wife), and won't need to
borrow to do so. Our only debt is our mortgage, which is much smaller
than the home's value. We shouldn't have any problems with retirement,
but it would be nice to not have lost so much over the years to the
Great Ponzi Scheme. When I read about the average net worth of people
who, like us, have had good incomes over the years, it makes me
cringe. I've known many who have made these bad decisions, spending
too much of their income and even borrowing money for things like
vacations. The big problem is that such people want those few of us
who have made good decisions to pay for their bad ones.
Yep. Just as those who will not (as contrasted with *can*
not) work want to be supported forever as something to which
they think they're "entitled", presumably by existing.
Exactly. Just by existing they believe they're entitled to the good
life. I say cut the handouts way back and let them emigrate if they
don't like it.
Sounds good to me, so long as those who *can't* work
(probably less than 1% of the total) are supported.
The poor we have always had with us.
Bob Casanova
2016-07-18 17:23:23 UTC
Permalink
Raw Message
On Mon, 18 Jul 2016 08:00:18 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Fri, 15 Jul 2016 14:46:52 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Fri, 15 Jul 2016 08:33:07 -0600, the following appeared
Post by BruceS
Post by BruceS
Post by Bob Casanova
On Thu, 07 Jul 2016 17:04:03 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Wed, 06 Jul 2016 13:29:21 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 15:08:08 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 10:07:07 -0600, the following appeared
<snip>
Post by Bob Casanova
Post by BruceS
If only that shortcoming were restricted to the
non-programmers. The
"exact because floating point" argument was supported by several
programmers. They just didn't get that a finite number of bits
could
not represent an infinite number of possibilities. I decided
to skip
the part where a 64-bit integer actually represents a larger
number of
distinct numbers than does a 64-bit floating point. I also
once had a
programmer-turned-manager try to correct me on what I thought
was pretty
simple math. Her group had defined identifiers to be used by the
next-level-down programmers as case-insensitive, up to six
characters,
with the first character being alpha and the rest
alphanumeric. I did
some quick calculations and said that would get them about a
million and
a half unique six-character identifiers, plus the shorter
ones. She
came to my office later and told me the actual number was in
the single
thousands. She'd done something like 36x5x26.
Oy...
She never took a stats course, huh? Or did any work with
truth tables? Even so, a bit of thought should have gotten
her close to the right answer; it's not rocket science.
I started laughing, then realized *I* never took a stats class! My
degree says "Computer Science and Statistics" (minor in math), but I
went out of my way to avoid stats. With 73% of statistics made up on
the spot, the whole field is mostly just lying with numbers.
It can be, but only if the one doing the lying misuses the
data (usually by cherry-picking, but there are other ways).
Properly used, stats can reveal quite a bit from "messy"
data. And if you understand how stats works when properly
done you can usually see when the misuse is happening.
Post by BruceS
But I
agree, the above is not rocket science. Or diffy q. She was a great
example of the Dilbert Principal.
...or maybe the Peter Principle...
https://en.wikipedia.org/wiki/Peter_principle
Peter just has them being promoted *to* their level of incompetency,
then left there. She was promoted *beyond* her level of incompetency,
presumably to get her out of the production stream. I stand by Dilbert.
OK. ;-)
Post by BruceS
Post by Bob Casanova
...which I've found to be endemic in most organizations.
Or maybe a combination, since they're related.
I've seen more of the Dilbert variety in IT. Those who can, program
(or architect); those who can't, manage.
...and those who can do neither, teach (or go into
politics).
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
After trying to explain
the fundamentals, I finally resorted to showing her on a
whiteboard how
it worked with a much smaller set of choices and number of
digits. This
was the same person who (before being promoted to management)
designed a
reversible "encryption" method for use by our software to store
passwords in clear-text files. I tested it with two people,
letting
each give me three passwords to "encrypt" and telling them the
results.
Both broke the code immediately. It was something like
adding two to
the odd characters and subtracting four from the even, with
wrapping to
keep the results ASCII. I pitied our clients.
Same here. Did that actually get put into practice, or was
it shot down in design eval, as it should have been?
It was in practice, storing customers' logins and passwords in a
clear
text config file. I wanted to get rid of that file entirely and
store
things in a protected binary file, but got shot down. I was able to
use a different approach for the new logins/passwords my part of the
system needed. It still went to the same config file, but the
encrypted passwords were very long, with length not dependent on
input
length (or even consistent run to run), and bore no resemblance
to the
input. I still felt it was pretty risky, but that was the best I
could
do. At this same job, I found a number of unintended exploits our
stuff would install, and notified the involved departments each time.
I'm not sure my help was appreciated. One form they had in multiple
places was a writable file with the setuid bit set (this is Unix),
owned by root. Seeing those just made me laugh.
Sounds like you did the best you could. I never worked with
Unix, although I did set up a couple of Linux systems to
play with before deciding that I didn't need a second career
as a sysadmin at home. ;-)
In Unix, there's an attribute of a file (the setuid bit) that, if set,
allows a program represented by the file to change its identity to
that of the file's owner, regardless of the actual user who runs the
program. That's a dangerous, but useful capability. Such a program
should not be writable, especially if it's owned by root. It's been a
while, but I think the C program one can replace such a file with if
it's writable is
int main(void)
{
if ( setuid(0) ) system("sh");
}
Simply overwrite the original file with the compiled version of that,
run it, and you're root, with all the privileges. If you first copy
the original file to a different name, you can even clean up after
yourself (don't forget to clean up the sulog!) and leave little
evidence of what you did. That same company had a file transfer tool
(like ftp) that included a shell capability which ignored the
privileges of the user running it. This meant that if a client gave us
a "restricted" user account, meant only for transferring files within a
limited area of the disk, we could combine those two exploits and be
root in seconds. There was another, somewhat similar exploit involving
inetd, but it would really only make sense if you're familiar with that.
...which I'm not.
And I think your explanation is a good reason why I decided
*not* to implement Linux on my home systems. Not the
specific scenario, but the requirement to be an expert
sysadmin in order to properly manage the system.
To be fair, Linux is safer than Windows in terms of external access and
malware even if you aren't any sort of expert. OTOH, it takes a certain
degree of expertise just to get it to do all the things you want it to.
Some distributions are supposed to be more end-user-friendly, somewhat
on a par with Windows, but I haven't used any of those so I can't
confirm that. The sort of exploit that I found on Unix are all over
Windows, and it seems that every time they close up one, they open a
couple more. Microsoft has even gone so far as to make all their office
document formats "virus-enabled". Still, for most users, I think
Windows makes more sense than Linux.
It does for me, even though given the current numbers the
Windows environment is a much more attractive target for
hackers (which would almost certainly change if the usage
numbers were reversed; target-rich vs. target-poor). If the
user is reasonably security-conscious Windows isn't
dangerous; I've been using it since 3.1 and have never had a
problem, *but* I maintain a good anti-malware program and
always have, from the days when MacAfee was the "best in
class" (which is no longer is; Webroot is *far* superior).
I agree on both counts. When I use Windows, I have anti-malware
software running (Norton currently) and I've never been hacked or had
malware. Still, it's nice to not have to worry about an attempt at an
attack, even though that's largely because my main machine is Linux and
therefore not much of a target. OTOH, my father *has* had numerous
viruses on his Windows machines. He expressed amazement at how this
happened on one such occasion, and I told him it was the same as the
other times, that he'd downloaded and installed the virus.
That seems to be true in the majority of cases. And *no*
anti-malware program can totally eliminate it; the best they
can do is warn. Webroot has *very* strong warnings, and
requires positive action to circumvent them.
Absolutely. My dad had been set up repeatedly with anti-malware sw,
instructions about not opening attachments, etc., but he keeps
forgetting. He also keeps taking his PC in to a shop that has proven
time and again to be destructive. They charge him lots of money to
hold his PC for several days at a time, delete drivers and other needed
sw, and one of the family has to help him get it back working. We keep
telling him to stop taking it in to that shop, but he remembers their
name and not the damage done.
Not much you can do about any of that, so you should
probably stop worrying about it. When it happens again and
the schlock shop performs to its usual standard just have
him keep taking it back to them (or better, make them show
it works when he goes to pick it up) until it *is* fixed. It
won't cure the forgetfulness, but nothing will.
Unfortunately, we're a long ways apart, so I'm rarely on-site. I
usually hear about the problems after the fact. I do try not to worry
about it though; no point when I can't help.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
I think
Post by BruceS
he's finally become careful, and suspicious of what I'd consider
obvious attack attempts. If it weren't for some things he needed that
were unavailable on Linux (AFAIK), I'd have gotten him moved to Linux
years ago. Most of the time he's just using a browser, and most of the
rest of the time he's using office software, so Linux would cover those
bases quite well.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Throughout my career
I've had similar situations, where people with STEM backgrounds
didn't
understand pretty simple math.
I suspect the blame for most of that can be laid on the "ed
biz", where it's become more important to coddle their
psyches than to actually teach the material.
At least when I was in school, they didn't have all the safe
places and
related crap.
...or the sense of entitlement that fosters those beliefs.
Exactly! We were entitled to what we earned, and not always even that.
I wish I were still entitled to what I've earned over the years. To
those who say Social Security is a good deal, I've offered to have them
give me a one-time payment representing all my "contributions" (both
parts), with no extra to represent the opportunity value, and I'll give
them every payment I get from SS. No takers yet.
Yeah, I had some bozo complain that SS is "welfare", but
when I posted the amount of combined contributions (self and
employers) over my working life, around $180k in current
dollars IIRC, and the fact that it would take almost 10
years to get even that principal back, he became strangely
silent. I didn't even have to note the loss I took by not
being able to invest that principal in equities, which would
have given me many times that amount based on equity growth
since '63.
At least you got into it early enough to get *something* back for all
your losses. As it becomes more "means tested", and the system runs
lower and lower on funding, people like me who did anything on their own
for retirement are going to get nothing, or next to nothing back.
The real problem is the way COLA is calculated for SS; in
retirement the cost of housing (mortgage) is basically a
non-issue, and the same for transportation since it's now
voluntary rather than mandatory (unless one can walk to
work), but the COLA makes both of these quite significant,
so when housing and gas prices dropped it resulted in
essentially a zero COLA, even though food and health
insurance costs zoomed.
That, plus the fact that, as I noted, it misses the
potential gains from equities. I was lucky enough to have a
good 401k (since converted to an IRA), so I had a "buffer"
and don't have to rely on SS for all my retirement income.
I wouldn't call it "luck" to have a good 401K/IRA; it's more a matter
of making good decisions. We've pretty much always maxed out our 401Ks
and similar, maxed our Roths, built up a respectable after-tax
brokerage account, built equity in our home by paying early and having
shorter-than-usual mortgages, and even bought some precious metals.
All that, with the exception of precious metals, is how I
did it. My good luck was in working for companies
(Westinghouse Defense, acquired by Northrop Grumman in the
early '90s) which had good 401k plans.
I've had a couple of decent 401Ks, some not very good ones, and a
self-employed, which worked out very well, just didn't have anyone else
to pay for "matching". At one job, we were separated into "highly
compensated" and non-highly compensated", and the highly's could only
contribute a couple points more than the average non-highly. The
non-highly's were mostly ignorant hourly workers who didn't contribute
anything (the government will take care of their retirement), so we
could only put in something like 3.5% of our gross. I can only think
of one employer that had no 401K at all. I'd asked ahead of time if
the position was 1099 or W2 and they said 1099, so I expected to use my
Keogh. As it turned out, it was W2, so I couldn't, and they had no
retirement plan at all. As for the metals, that's just a safe haven to
preserve wealth, with only about 6% of our wealth in it. If all else
fails, we have *something* other than real property. No hiding it in
the backyard or under the floorboards for us, though; we're not
preparing for the collapse of society.
Maybe you should rethink that, considering the probable
presidential choices. Me, I'm voting Libertarian since I
can't stomach either probable major-party candidate; the
first time that's happened since I first voted in 1968. The
RNC and DNC could fix that if they had any guts, since the
candidate is not dependent on the primaries by law, but only
by the current convention rules. But they won't.
I'm also voting Libertarian, but that's pretty common for me in the
Presidential race. I've voted for candidates at lower levels from all
sorts of parties, but for President I usually mark 'L'. Seeing the
popularity of Bernie Sanders and Donald Trump, both "outsider"
authoritarians, and the grudging acceptance of Hillary Clinton, an
"insider" authoritarian, I have little hope of a decent government.
The problem is not the pols, it's the proles.
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by BruceS
We're looking at possibly buying a new car in the near future (I'm
against it, but haven't fully convinced my wife), and won't need to
borrow to do so. Our only debt is our mortgage, which is much smaller
than the home's value. We shouldn't have any problems with retirement,
but it would be nice to not have lost so much over the years to the
Great Ponzi Scheme. When I read about the average net worth of people
who, like us, have had good incomes over the years, it makes me
cringe. I've known many who have made these bad decisions, spending
too much of their income and even borrowing money for things like
vacations. The big problem is that such people want those few of us
who have made good decisions to pay for their bad ones.
Yep. Just as those who will not (as contrasted with *can*
not) work want to be supported forever as something to which
they think they're "entitled", presumably by existing.
Exactly. Just by existing they believe they're entitled to the good
life. I say cut the handouts way back and let them emigrate if they
don't like it.
Sounds good to me, so long as those who *can't* work
(probably less than 1% of the total) are supported.
The poor we have always had with us.
All well said. And now it really *is* time to cut this off,
so have a good one.
--
Bob C.

"The most exciting phrase to hear in science,
the one that heralds new discoveries, is not
'Eureka!' but 'That's funny...'"

- Isaac Asimov
BruceS
2016-07-19 14:43:12 UTC
Permalink
Raw Message
On 07/18/2016 11:23 AM, Bob Casanova wrote:
<snip>
Post by Bob Casanova
All well said. And now it really *is* time to cut this off,
so have a good one.
I agree. You too.

Bob Casanova
2016-07-14 18:18:11 UTC
Permalink
Raw Message
On Fri, 08 Jul 2016 11:31:45 -0700, the following appeared
in sci.skeptic, posted by Bob Casanova <***@buzz.off>:

Oopsie...

I saw your response to this, but inadvertently closed Agent
(with the default "cleanup") before I replied. Mea culpa.

If you want to continue this *wildly* off-topic discussion
you can repost your response; if you think it's gone far
enough just let it drop. Either way is OK by me. ;-)
Post by Bob Casanova
On Thu, 07 Jul 2016 17:04:03 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Wed, 06 Jul 2016 13:29:21 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 15:08:08 -0600, the following appeared
Post by BruceS
Post by Bob Casanova
On Tue, 05 Jul 2016 10:07:07 -0600, the following appeared
<snip>
Post by Bob Casanova
Post by BruceS
If only that shortcoming were restricted to the non-programmers. The
"exact because floating point" argument was supported by several
programmers. They just didn't get that a finite number of bits could
not represent an infinite number of possibilities. I decided to skip
the part where a 64-bit integer actually represents a larger number of
distinct numbers than does a 64-bit floating point. I also once had a
programmer-turned-manager try to correct me on what I thought was pretty
simple math. Her group had defined identifiers to be used by the
next-level-down programmers as case-insensitive, up to six characters,
with the first character being alpha and the rest alphanumeric. I did
some quick calculations and said that would get them about a million and
a half unique six-character identifiers, plus the shorter ones. She
came to my office later and told me the actual number was in the single
thousands. She'd done something like 36x5x26.
Oy...
She never took a stats course, huh? Or did any work with
truth tables? Even so, a bit of thought should have gotten
her close to the right answer; it's not rocket science.
I started laughing, then realized *I* never took a stats class! My
degree says "Computer Science and Statistics" (minor in math), but I
went out of my way to avoid stats. With 73% of statistics made up on
the spot, the whole field is mostly just lying with numbers.
It can be, but only if the one doing the lying misuses the
data (usually by cherry-picking, but there are other ways).
Properly used, stats can reveal quite a bit from "messy"
data. And if you understand how stats works when properly
done you can usually see when the misuse is happening.
Post by BruceS
But I
agree, the above is not rocket science. Or diffy q. She was a great
example of the Dilbert Principal.
...or maybe the Peter Principle...
https://en.wikipedia.org/wiki/Peter_principle
Peter just has them being promoted *to* their level of incompetency,
then left there. She was promoted *beyond* her level of incompetency,
presumably to get her out of the production stream. I stand by Dilbert.
OK. ;-)
Post by BruceS
Post by Bob Casanova
...which I've found to be endemic in most organizations.
Or maybe a combination, since they're related.
I've seen more of the Dilbert variety in IT. Those who can, program
(or architect); those who can't, manage.
...and those who can do neither, teach (or go into
politics).
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
After trying to explain
the fundamentals, I finally resorted to showing her on a whiteboard how
it worked with a much smaller set of choices and number of digits. This
was the same person who (before being promoted to management) designed a
reversible "encryption" method for use by our software to store
passwords in clear-text files. I tested it with two people, letting
each give me three passwords to "encrypt" and telling them the results.
Both broke the code immediately. It was something like adding two to
the odd characters and subtracting four from the even, with wrapping to
keep the results ASCII. I pitied our clients.
Same here. Did that actually get put into practice, or was
it shot down in design eval, as it should have been?
It was in practice, storing customers' logins and passwords in a clear
text config file. I wanted to get rid of that file entirely and store
things in a protected binary file, but got shot down. I was able to
use a different approach for the new logins/passwords my part of the
system needed. It still went to the same config file, but the
encrypted passwords were very long, with length not dependent on input
length (or even consistent run to run), and bore no resemblance to the
input. I still felt it was pretty risky, but that was the best I could
do. At this same job, I found a number of unintended exploits our
stuff would install, and notified the involved departments each time.
I'm not sure my help was appreciated. One form they had in multiple
places was a writable file with the setuid bit set (this is Unix),
owned by root. Seeing those just made me laugh.
Sounds like you did the best you could. I never worked with
Unix, although I did set up a couple of Linux systems to
play with before deciding that I didn't need a second career
as a sysadmin at home. ;-)
In Unix, there's an attribute of a file (the setuid bit) that, if set,
allows a program represented by the file to change its identity to
that of the file's owner, regardless of the actual user who runs the
program. That's a dangerous, but useful capability. Such a program
should not be writable, especially if it's owned by root. It's been a
while, but I think the C program one can replace such a file with if
it's writable is
int main(void)
{
if ( setuid(0) ) system("sh");
}
Simply overwrite the original file with the compiled version of that,
run it, and you're root, with all the privileges. If you first copy
the original file to a different name, you can even clean up after
yourself (don't forget to clean up the sulog!) and leave little
evidence of what you did. That same company had a file transfer tool
(like ftp) that included a shell capability which ignored the
privileges of the user running it. This meant that if a client gave us
a "restricted" user account, meant only for transferring files within a
limited area of the disk, we could combine those two exploits and be
root in seconds. There was another, somewhat similar exploit involving
inetd, but it would really only make sense if you're familiar with that.
...which I'm not.
And I think your explanation is a good reason why I decided
*not* to implement Linux on my home systems. Not the
specific scenario, but the requirement to be an expert
sysadmin in order to properly manage the system.
To be fair, Linux is safer than Windows in terms of external access and
malware even if you aren't any sort of expert. OTOH, it takes a certain
degree of expertise just to get it to do all the things you want it to.
Some distributions are supposed to be more end-user-friendly, somewhat
on a par with Windows, but I haven't used any of those so I can't
confirm that. The sort of exploit that I found on Unix are all over
Windows, and it seems that every time they close up one, they open a
couple more. Microsoft has even gone so far as to make all their office
document formats "virus-enabled". Still, for most users, I think
Windows makes more sense than Linux.
It does for me, even though given the current numbers the
Windows environment is a much more attractive target for
hackers (which would almost certainly change if the usage
numbers were reversed; target-rich vs. target-poor). If the
user is reasonably security-conscious Windows isn't
dangerous; I've been using it since 3.1 and have never had a
problem, *but* I maintain a good anti-malware program and
always have, from the days when MacAfee was the "best in
class" (which is no longer is; Webroot is *far* superior).
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Throughout my career
I've had similar situations, where people with STEM backgrounds didn't
understand pretty simple math.
I suspect the blame for most of that can be laid on the "ed
biz", where it's become more important to coddle their
psyches than to actually teach the material.
At least when I was in school, they didn't have all the safe places and
related crap.
...or the sense of entitlement that fosters those beliefs.
Exactly! We were entitled to what we earned, and not always even that.
I wish I were still entitled to what I've earned over the years. To
those who say Social Security is a good deal, I've offered to have them
give me a one-time payment representing all my "contributions" (both
parts), with no extra to represent the opportunity value, and I'll give
them every payment I get from SS. No takers yet.
Yeah, I had some bozo complain that SS is "welfare", but
when I posted the amount of combined contributions (self and
employers) over my working life, around $180k in current
dollars IIRC, and the fact that it would take almost 10
years to get even that principal back, he became strangely
silent. I didn't even have to note the loss I took by not
being able to invest that principal in equities, which would
have given me many times that amount based on equity growth
since '63.
At least you got into it early enough to get *something* back for all
your losses. As it becomes more "means tested", and the system runs
lower and lower on funding, people like me who did anything on their own
for retirement are going to get nothing, or next to nothing back.
The real problem is the way COLA is calculated for SS; in
retirement the cost of housing (mortgage) is basically a
non-issue, and the same for transportation since it's now
voluntary rather than mandatory (unless one can walk to
work), but the COLA makes both of these quite significant,
so when housing and gas prices dropped it resulted in
essentially a zero COLA, even though food and health
insurance costs zoomed.
That, plus the fact that, as I noted, it misses the
potential gains from equities. I was lucky enough to have a
good 401k (since converted to an IRA), so I had a "buffer"
and don't have to rely on SS for all my retirement income.
Post by BruceS
Post by Bob Casanova
Post by BruceS
Post by Bob Casanova
Post by BruceS
Some of it had to just be low standards, letting people
get STEM degrees without demonstrating basic capabilities. There were
some I went to school with who fit that pattern as well. I wondered
why they didn't switch to something they could better handle, like
liberal arts.
Maybe they couldn't handle that either. I think the greatest
disservice modern society has done is to insist that college
is for everyone; it's not.
I totally agree. For many, a trade school is not only a more practical
choice, but a happier one for everyone involved. For others, not even
trade school is appropriate. That attitude, along with the one that
everyone should own a house, have provided a lot of misery for a lot of
people, and financial cost that the rest of us have to bear.
Yep.
--
Bob C.

"The most exciting phrase to hear in science,
the one that heralds new discoveries, is not
'Eureka!' but 'That's funny...'"

- Isaac Asimov
Loading...