Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment: Changing Norms (Score 2) 216

by Etherwalk (#49555743) Attached to: Woman Behind Pakistan's First Hackathon, Sabeen Mahmud, Shot Dead

Your fifth point is notably in error. The issue is one of changing norms; you can change the norms of behavior that people expect of themselves and others in part by changing how they think about other people. That's why you dehumanize the enemy in war with names like "Charlie," for example. That means changing the internal narrative that people use when they think about the person or group of people they are interacting with. Popular entertainment--be it television, video gaming, or via other media--is one way to begin influencing the narrative of a large number of people.

Certainly, there is an economic cost to the individual company to optimizing its narrative in part along the dimension of positive norm-building in those circumstances where it is not in keeping with optimization for marketing to the company's target demographic. However, there is also a cost to society to leaving the norms that this fails to challenge in place. That latter cost may result in many wasted lives, in substantial domestic violence, and in similar things generally considered bad today's standards. When the cost to society exceeds the gain to the company, society has a role in encouraging the company to behave differently. The only legitimate reasons we don't mandate that the company behave differently are that it is very hard to measure the cost to society and that the potential for misuse of the power of censorship is significant enough that we don't give that power to government except in the most extreme situations.

Comment: Re:secure network? (Score 1) 63

by Etherwalk (#49549309) Attached to: Pentagon Discloses Network Breach By Russian Hackers

Details, check the damn details!!

1- there is also a agreement to not put weapons on space
2- Money! you would need a HUGE amount of fuel to put something that big on space, even if piece by piece... probably too expensive for any country.
3- physic laws:

      if you fired those guns on space, you would start to move away from the target... so on each fire round you would need to correct the velocity and position, quickly wasting all your fuel

So yes, damn details!! :)

I like to think they would be smart enough to fire the shells by dropping them...

In the alternative, you could just fire the guns on both ends of the ship simultaneously...

Comment: Re:secure network? (Score 2) 63

by Etherwalk (#49546231) Attached to: Pentagon Discloses Network Breach By Russian Hackers

No, no, they should be looking over fake plans to raise thebattleship Yamato and put her into space. Go big, or go home.

Or... maybe those are the real plans?

It had 18" guns, the biggest ones ever built for sea and in violation of international arms agreements. If you fire them from space, they're space guns!

Comment: Re:Maybe so but... (Score 1) 170

by Etherwalk (#49540133) Attached to: USGS: Oil and Gas Operations Could Trigger Large Earthquakes

Then again, if these are already areas of 'elevated seismic hazard', it's quite possible that inducing the plates to slip now will prevent an even larger quake in the future.

Geoengineering is a new science with great unknowns; we should not approach it without caution, nor should we assume anything we do is bad.

Then again, if these are already areas of 'elevated seismic hazard', it's quite possible that inducing the plates to slip now will prevent an even larger quake in the future.

Geoengineering is a new science with great unknowns; we should not approach it without caution, nor should we assume anything we do is bad.

No.

Niagra falls pushes back a lot of rock each year. Maybe it keeps more rock from breaking off all at once! Yes, but odds are if you had no Niagra falls the rock would stay for a much longer time.

Comment: Re:Poor Design... (Score 0) 73

by Etherwalk (#49526005) Attached to: Networking Library Bug Breaks HTTPS In ~1,500 iOS Apps

Non system libraries are statically linked .a files in IOS. Apple insists on this, although I'm not entirely sure why. I guess its to avoid DLL hell.

Well, to properly do this, requires a way to manage libraries separately from apps. And that rapidly becomes a usability nightmare, as well as, ironically, a security nightmare.

What happens when an update comes out? Do you keep both versions? What happens if an app is incompatible with the new version? What if the old version is insecure, and the new version incompatible? Do you go for insecure-but-working, or broken-but-secure? What if the developer isn't around anymore to fix it?

Then there's security - if you come up with a way to do this, how do you isolate the data from one another? How do you keep the library (which has access to everyone's data) from accessing and passing around the information? Perhaps a malicious update goes and accesses everyone's information then dumps it to another app for uploading?

Effectively, the only way is to statically link the library into each app - this way each app contains a library that works and is tested. But it also means developers are responsible for maintaining their apps.

All great questions, but static linking isn't an answer, it's giving up on having an answer.

Comment: Optimal Default Conditions (Score 0) 73

by Etherwalk (#49526001) Attached to: Networking Library Bug Breaks HTTPS In ~1,500 iOS Apps

Does Apple have to sign and push the 3rd party shared library itself? That would be the only safe solution I can think of, because otherwise you're giving apps the ability to modify each others' code, which is clearly a recipe for potential abuse. Apple can't realistically take the responsibility for monitoring, compiling, and pushing updates for third-party libraries, which would be nearly impossible to do in practice. Alternatively, there's no way Apple could allow the apps themselves to update the shared libraries, because then a single app could break or even hack thousands of other apps with a bad update. Delegating that authority to a third-party (like the library developer) is equally problematic, because there's no way for them to properly test any changes before pushing them, and the potential for abuse still exists.

DLLs make a lot of sense for shared systems libraries, but as far as third-party libraries, they'd be a practical nightmare.

Not at all; a developer is making a decision to trust a third-party when he incorporates the third-party library into his app. So long as you allow a developer to flag his app as needing to rely on an older version, the benefits would significantly outweigh the risks. Notably, even *IF* one party were to use a library to hack all those apps, you could still fix it in one place rather than having a vulnerability in every app for a year.

You would have to make strict standards for what behavior libraries can change to fall under this shared model, to minimize the likelihood of breaking any programs, but it's a LOT better to default to "secure even though 1 in 100 apps that both needs an old library and has a developer who failed to flag it as needing an old library has problems until fixed" than it is to "1500 apps insecure, with no timetable for securing."

Comment: Re:Poor Design... (Score 0) 73

by Etherwalk (#49525577) Attached to: Networking Library Bug Breaks HTTPS In ~1,500 iOS Apps

Non system libraries are statically linked .a files in IOS. Apple insists on this, although I'm not entirely sure why. I guess its to avoid DLL hell.

It saves them money; they don't have to spend the time developing a robust system for DLL registration, signing, updating, etc...

But it is still a really bad engineering decision, because it means what could have been patched once has to push security updates in *fifteen hundred statically linked applications*. It's their marketplace and their walled garden; they should be subsidizing the expenses which make it more secure for everybody and reduce total developer time for publishers. Push the update to developers a little in advance in case it breaks an app, then auto-push the update either to everyone or with a held-back copy for any apps that specifically flag no-security-update.

It's not rocket science, it's just good engineering.

Comment: Re:A sane supreme court decision? (Score 1) 399

To be honest, I figured that it /had/ to be a bad ruling and ...

No, it's all due to the stupid vague line between a "temporary stop", a "detention", and an "arrest". Our various branches of government have struggled with it for two centuries now.

Police need people to interact with them so the officers can do the job of investigating crimes. But legally in order to do that they must seize the thing, seize the person, seize the property, whatever. The requirements about due process, seizure of people and property, the law needed to allow for certain types of temporary seizures of people, and the balance is a hard one.

The traffic stop is just that, a stop. A temporary detention that can only last as long as necessary for the administrative task.

In the ruling (and according to most judges already), the officer stopped the individual and performed the task of writing a citation. Anything more than that is no longer a stop, it becomes either a detention or an arrest.

The ruling is clear on what the problem was here. The officer testified that they "had all their documents back and a copy of the written warning. I got all the reasons for the stop out of the way." Then after the stop was complete he did not allow the man to leave, even after the man asked to go, so the officer could call in a drug-sniffing dog. That was a second detention, done without probable cause (since he had already dealt with the reason for the stop), and was therefore unlawful.

Yes, there will be more litigation on whether it is okay for an officer to walk around your car with his dog while holding your license after this.

Comment: Already the Law (Score 3, Insightful) 399

This was *already* the law, from a Supreme Court Case in 2005. Some of the lower courts had just messed it up by not following it--basically saying that a couple of minutes is okay and doesn't really count.

SCOTUS just benchslapped them, although politely. This is one of those "No, we actually meant what we said, now stop being so pro-law-enforcement that you read this out of the law. Yes. They're criminals. But there's still a Constitution, and you have to follow it."

Comment: Zombie Apocalypse (Score 1) 134

As a part time bartender i can attest, chances are likely it was a healthy dose of booze that brought this on. Ive had customers that beat the crap out of eachother for disagreements over how to hold a martini, where to park during a football game, and how to lace shoes properly in the event of a zombie apocalypse.

I can understand the martini and laces, but why would you go a football game during a zombie apocalypse?

We don't know one millionth of one percent about anything.

Working...