Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:GPLv3 - the kiss of death (Score 2, Insightful) 310

Using GPLv3 will all but ensure no corporate/enterprise support, thus leaving the older, less useful formats in place.

Sometimes zealots get in their own way...

Yeah, I was just about to say this. Why in God's name would one put a library like this in v3? I suppose I should be happy they made a library at all instead of just "creating an app", but this will be nothing more than a science project.

Comment Re:Blindfold Anyone? (Score 4, Interesting) 155

Why not use a blindfold for 5 days?

Are these people stupid or just trying to make everything more difficult than it seems?

A) Some light is likely to get in, and they would need to be in a mostly-dark room regardless to account for slip-ups. Even then, they wanted to get 100% darkness, not 99.5% darkness (by timeslice)
B) Ever worn a sleep mask or eye pillow? Your eye does different things when it's covered or has pressure on it (and a lot of pressure would need to be applied here, most likely). Having your eye "free" to look around (but having no source of light in the room) is likely to be physiologically different than wearing a dark blindfold.

Comment Re:4/5 in favor (Score 2) 755

In addition to what I said above, there's another growing demographic that's sort of the elephant in the room here: The basement dweller who spends his days playing World of Warcraft while his parents work. I've seen a lot of these, and IMO they're the biggest cause of the obesity epidemic. If you give these people free money, believe me, they don't move on unless they are literally evicted. I'm sure you guys have heard the horror stories about video game addiction where such and such person loses their job, their wife, and their house, while they were playing video games.

A term used in parts of Europe, heavily in Japan (especially within the last 10 years or so), but that's virtually non-existent in the US is "NEET" -- "Not in Education, Employment, or Training (school)". There's a little bit of overlap with the Hikikomori.

The take-away is that we really do have to consider there there's a higher case of actual psychological dysfunction associated with these groups (including "Failure-to-launch" Millennials in the US, etc...) . Whether it's caused by, exacerbated by, or simply correlates with the unemployment is almost beside the point -- once afflicted, any social policy for "fixing" the problem needs to take this into account.

Comment Re:Way to encourage responsible disclosure. (Score 1) 87

Two years? That's outrageous. Any vendor that takes that long to patch their holes *deserves* to get zero-day'd.

Newsflash: Fixing a problem like this in the field is harder than making a git commit and telling people to recompile.

Also, only a dipshit with no ethics equates "vendor" with "customer" when life or limb is on the line.

Comment Re:We are rapidly getting to a point where it's... (Score 1) 161

Whistle-blowing is releasing information. Without it, your consolation prize is a hat made of tinfoil and a ruined reputation.

Whistle-blowing is releasing information about the internal process, and *PERHAPS* demonstrating it opaquely. Not releasing the exploit itself.

Releasing an exploit down the road may be ethical for a generic security issue or bug. Not when lives are on the line.

Comment Re:We are rapidly getting to a point where it's... (Score 1) 161

It seems to me that it is similar to a whistle-blower, than the security through obscurity model of not releasing the information.

I question your ability to know that no one is actively doing this. Proving a negative is difficult at best.

I'm all for whistle-blowing. But if sufficient results are not achieved, the response should be *more whistle-blowing*... NOT releasing the information.

The latter may (may!) be ethically justified in other situations; not here.

Comment Re:We are rapidly getting to a point where it's... (Score 1) 161

This is the kind of problem that doesn't get solved unless you have people demanding answers on mass.

Absolutely correct.

If your answer to "How do we get people demanding answers en masse?" is "demonstrate to unethical 12 year olds how to easily kill people", then allowing the aforementioned dead people as a cause for more action, then you should probably re-evaluate your ethics.

Find another way besides treating "Crashing a car" the same way you treat "crashing a computer"

Frankly, I'd put this more along the lines of the folks who DoS'd 911 PNAPs. The fact that its possible doesn't excuse your doing it, and doesn't excuse intentional efforts to make it easier for others to do so.

Comment We are rapidly getting to a point where it's... (Score 1, Insightful) 161

... unethical to be releasing detailed information on an exploit.

It doesn't matter that the argument is that "Without exposure, car companies won't fix it!"... At the moment, no one is actively *doing* this or using this exploit. Simply being told that it's possible should be the limits of what an ethical hacker should release.

The cost-benefit analysis going into the value judgement of a release of more details for hacks is VERY different from the analysis of some HTTP flaw or kernel bug. Actual lives are at risk, and the ability of your work to be used to cause accidents and kill people by remote control changes things.

Comment Not obsolete if it meets specs (Score 4, Insightful) 620

It's not obsolete if it's still capable of performing its function within specifications.

The ability to *alter* it to match *new* specifications should be taken into account (if it's written in a language no one speaks any more), but that doesn't prevent it from functioning.

Systems that have to deal with altered specifications because the environment around (physical or virtual) them changes can become obsolete faster than systems that are disconnected from their environment.

Note: That's an excellent reason to keep your systems disconnected from the environment.

Comment Re:Roberts admits to being wrong (Score 1) 591

Jonathan Gruber wasn't a member of Congress, and didn't vote on the passage of the ACA. As such, his intentions regarding the legislation are irrelevant. The Supreme Court need only concern themselves with the intentions of the legislators that actually voted on the legislation.

Actually "intentions" are only relevant when the text is unclear or irrational. The fact that this statement was made during the passing period (and not immediately rejected) indicates that it was a *plausible* or *rational* intention. It's only when something doesn't make sense that you should have to go to intent.

Comment Re:Roberts admits to being wrong (Score 4, Informative) 591

The text is essentially a hunk of code describing how to execute the law.

The controversial section is a bug.

Do you think the courts should faithfully execute the buggy code, crashing part of the country in the process, or do you think they should fix or ignore the bug and allow the law to execute successfully?

Well, according to one of the law's architects, it was a Feature, not a Bug: https://www.youtube.com/watch?v=34rttqLh12U&feature=youtu.be

What’s important to remember politically about this is if you’re a state and you don’t set up an exchange, that means your citizens don’t get their tax credits—but your citizens still pay the taxes that support this bill. So you’re essentially saying [to] your citizens you’re going to pay all the taxes to help all the other states in the country. I hope that that’s a blatant enough political reality that states will get their act together and realize there are billions of dollars at stake here in setting up these exchanges. But, you know, once again the politics can get ugly around this. (via NB

So to answer your question: Yes.

Comment Re:Prime Scalia - "Words no longer having meaning" (Score 5, Insightful) 591

If SCOTUS can twist these words what stops them from twisting ANY words?

Except that if "State", only means individual states, then many of the constitutional amendments - including the second - fall apart on the federal level.

That's why in laws (especially 2400 page monstrosities like this one) they have sections on Definitions to specifically say whether "State" means "50 States", "50 States + US Territories like Puerto Rico", or "50 States + Territories + District of Columbia", etc.

In this case, the law was originally drafted to deal with State-level exchanges. A Federal exchange was an afterthought one they didn't expect/hope would be used. (And according to Gruber, was intentionally left out of this clause.) Whatever the case, the courts should be rewriting when it's a clear cut, cut-and-dried case of an error. As long as there's a plausible rationale for why the text is the way it is ("To discourage States from relying on the Federal exchange, at the cost of the Federal funding that we'd otherwise be giving to the citizens of that State to help with the insurance fee we're forcing them to pay"), we should be relying on the text.

Typos can indeed lead to ludicrous conclusions that can be corrected judicially. This was not one of them.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (7) Well, it's an excellent idea, but it would make the compilers too hard to write.