Forgot your password?

Comment: Re:So ... (Score 2) 43

by Opportunist (#46788943) Attached to: Samsung's Position On Tizen May Hurt Developer Recruitment

"Wearable" isn't something bad by definition. It's just that the approach they take to it could not be worse.

Everything that runs towards "wearable" today is basically a reskinned, retooled and reshaped smartphone. That's not really what wearable computing can or even should be. A wristwatch that is essentially a smartphone has nothing to do with wearable. It's a smartphone in a different format. Where is the "wearable" benefit?

If you want to create a wearable, create something where we actually benefit from "wearing" it rather than sticking it in a pocket. The least I'd expect from a wearable is having my hands free and either a HMD or a output interface that doesn't require me to take my eyes off whatever I'm busy with. Else there is exactly zero need to "wear" the gadget, I can as well take it into a hand.

Comment: Re:False sense of security (Score 2) 127

by Opportunist (#46788503) Attached to: Heartbleed Sparks 'Responsible' Disclosure Debate

What I really don't like about the whole statement behind it is the implied assumption that closed source offered any kind of better protection.

You know what's the main difference between an OSS and a CSS audit? That I can't go "hey, psst, take a look at $code. Maybe you see something interesting..." to you when I find something in CSS software and someone in a badly fitting suit tells me to shut up about it.

Comment: I think you're working from a few false assumption (Score 3, Insightful) 145

by Opportunist (#46788345) Attached to: Bug Bounties Don't Help If Bugs Never Run Out

First, bugs in a given program are not infinite in number. By definition. Because the code itself is finite. Finite code cannot have infinite bugs. Also, due to the nature of code and how it is created, patching one bug usually also takes care of many others. If you have a buffer overflow problem in your input routine, you need only patch it once, in the routine. Not everywhere that routine is being called.

I have spent a few years (closer to decades now) in IT security with a strong focus on code security. In my experience, the effort necessary to find bugs is not linear. Unless the code changes, bug hunting becomes increasingly time consuming. It would be interesting to actually do an analysis of it in depth, but from a gut feeling I would say it's closer to a logarithmic curve. You find a lot of security issues early in development (you have a lot of quick wins easily), issues that can easily even be found in a static analysis (like the mentioned overflow bugs, like unsanitized SQL input and the like), whereas it takes increasingly more time to hunt down elusive security bugs that rely on timing issues or race conditions, especially when interacting with specific other software.

Following this I cannot agree that you cannot "buy away" your bug problems. A sensible approach (ok, I call it sensible 'cause it's mine) is to get the static/easy bugs done in house (good devs can and will actually avoid them altogether), then hire a security analyst or two and THEN offer bug hunting rewards. You will usually only get a few to deal with before it gets quiet.

Exploiting bugs follow the same rules that the rest of the market follows: Finding the bug and developing an exploit for it has to be cheaper than what you hope to reap from exploiting it. If you now offer a reward that's level with the expected gain (adjusted by considerations like the legality of reporting vs. using it and the fact that you needn't actually develop the exploit), you will find someone to squeal. Because there's one more thing working in your favor: Only the first one to squeal gets the money, and unless you know about a bug that I don't know about, chances are that I have a patch done and rolled out before you got your exploit deployed. Your interest to tell me is proportional to how quickly I react to knowing about it. Because the smaller I can make the window in which you can use the bug, the smaller your window gets to make money with the exploit, and the more interesting my offer to pay you to report the bug gets.

Comment: Re:Not that good (Score 2) 127

by Opportunist (#46787677) Attached to: Heartbleed Sparks 'Responsible' Disclosure Debate

Sorry, but no. Just because it produces them revenue doesn't mean they have an incentive to do it properly. They have an incentive to do it good enough that people buy it. That does not necessarily mean that the software is of high quality.

What is necessary to this end is that the software appeals to decision makers. They are rarely if ever the same people that are by any means qualified to assess the technical quality of code.

For reference, see SAP.

Comment: Re:Not that good (Score 3, Insightful) 127

by Opportunist (#46786841) Attached to: Heartbleed Sparks 'Responsible' Disclosure Debate

Would you put your life on closed source software not having any bugs that we just don't know about because it's closed source and hence can NOT be reviewed sensibly?

Closed source and open source share one problem: Both can and will have bugs. Open source only has the advantage that they will be found and published. In closed source, usually NDAs keep you from publishing anything you might come across, ensuring that knowledge about these bugs stays within certain groups that have a special interest in not only knowing about it but abusing them.

Comment: Re:Are you kidding (Score 1) 778

by Opportunist (#46786031) Attached to: Study Finds US Is an Oligarchy, Not a Democracy

A lot of different topics, I'll try my best to address most of them at least.

First, most countries in Europe are actually rather small. Only 8 of the 53 have more than 20 mil people, 14 have more than 10. But even in some of the big countries, like Germany, Spain, Italy, France, you have a rather large amount of parties and they are by far not so "ancient" that you could say they grew out of a time when there were no firmly entrenched parties. Europe has a long history of political plurality, and voters tend to shop around.

Israel is a very special case indeed, a showcase of how a small party can have an impact and also one how a small party can have an impact that it's by no means entitled to. That's the threat when you have a three party system, where you have two large parties that can simply not agree on anything and a tiny one that could cooperate with either of the big ones and that will "sell" its handful of votes to whatever side offers them the biggest share of the cake.

But it's by no means hard to get an idea to national level, provided you're not the only one who has that idea. A good example is the Green movement of the 1980s. You have Green parties in pretty much every state of Europe, and independent of the size of the country they are all fairly successful, of course to varying degree. Germany, where the Greens actually made it into the national government a while ago, is a counter example to your claim that such new parties can only succeed in small countries because you cannot rally enough people to your "cause".

The problem of the US, and why it is so hard to form a new party, is not so much the size or the organization structure required to get it off the ground. The problem is a psychological one that stems from the first-past-the-post system. You will notice a similar psychological barrier to voting for a certain party in Europe, too, if people don't think that the party will make it past the election threshold. In most countries, you have to get at least 3-6% (it differs from country to country) of the votes to actually win a seat in the parliament. The goal is to avoid what happened in Italy where you suddenly had a few dozen parties sitting in the parliament which made it near impossible to govern the whole shit. It also means, though, that people do here the same they do in the US, just at a smaller scale. There are usually some parties with rather interesting concepts and ideas in many EU countries that would have a following but that following does not trust them to get in the parliament and hence their vote being "lost". So instead they give their vote to a party that does not match their preferences so well but at least has a chance to make it in.

It's the same with the US. To take up your example, if you're one of the group you mentioned, it would make a lot of sense to vote for the party you propose, but as long as people don't think that this party would gain majority they will rather fall back onto D or R, depending on what they're rather leaning towards.

Comment: Re:Are you kidding (Score 1) 778

by Opportunist (#46782847) Attached to: Study Finds US Is an Oligarchy, Not a Democracy

That is, in theory, a good idea. But for a third party to play a meaningful role, the first thing that would have to change is that first-past-the-post had to be abandoned. Else, all the effort you take to establish a third power will be void soon, history shows that a potential third power immediately results in one of the former two powers becoming irrelevant quickly and the power you established replacing it, resulting in a new, but by no means different, two party system.

The only ones that could change the system itself are, though, exactly the same entities that have no interest at all in changing it. If there is one thing that two parties in a FPTP system agree on, independent of possible differences, is that the system is great. Because it does exactly what is in their interest, ensure that they have only one potential competitor instead of many. And eventually the two competitors become so similar (for the simple reason that they want to appeal to as many voters as possible, I can get into detail but I guess it's self explanatory why the two parties become very similar over time) that it doesn't really matter which one you support.

The system ensures that you have two near identical groups to choose from and both of them have no interest in changing the election system to one that allows more variety in the political landscape.

The main reason that it works for most of Europe is that few countries in Europe actually have a first-past-the-post system in place. Coalitions are very common in most European countries, with parties needing usually between 3 and 6 percent of the votes to make it into parliament. And it's far from impossible that such comparably small parties can become part of the government if a big party needs just a few more seats to get a working majority. That's why the Greens actually made it into governments in Europe.

And now tell me how this should possibly happen in the US.

Comment: Re:The thing is... (Score 1) 787

The difference is that the homeless person did not CHOOSE to be homeless. He didn't get up one day and ponder that it would be so much nicer for him to abandon his home and live on the street.

The bully has always the choice NOT to bully someone. Instead he deliberately took the choice to be a bully.

Unless someone forces a bully to be a bully, I cannot follow your argument.

Someone is unenthusiastic about your work.