Forgot your password?
typodupeerror

Comment: Failure of risk analysis by more than OpenSSL devs (Score 4, Informative) 149

by Goonie (#46732315) Attached to: NSA Allegedly Exploited Heartbleed
Just a minor correction - my piece does indeed suggest that the OpenSSL developers have some strange priorities. However, it lays the larger blame at the companies that used OpenSSL, when all the information necessary to suggest that this kind of thing could happen was already available, and the potential consequences for larger companies of a breach are easily enough to justify throwing a little money at the problem (which could have been used any number of ways to help prevent this).

+ - Heartbleed was a failure of risk analysis

Submitted by Goonie
Goonie (8651) writes "In the wake of the Heartbleed bug, there's been considerable discussion about what should be done to reduce the risks of such serious bugs in crucial pieces of software. Clearly, technologies can help. So can better software development processes. But, in a piece for The Conversation, as well as describing the bug for a lay readership (and feel free to nitpick away), I argue that the real problem is the lack of risk analysis by both those who developed OpenSSL, and those who make use of the library to build applications."

Comment: Re:Why? (Score 1) 769

by jsimon12 (#46392113) Attached to: The Next Keurig Will Make Your Coffee With a Dash of "DRM"

If grinding and brewing is too tough get a super automatic espresso machine. Better long term purchase than a Keurig. Unground beans and water in and espresso out at the push of a button.

http://www.amazon.com/DeLonghi...

Sure it is 700-800 bucks but if you like coffee it is AWESOME (my wife and I drink a lot of coffee). The only problem is all other coffee tastes like old dishwater after you have one of these.

Comment: Re:on slashdot its always funny to see (Score 1) 320

by Fantastic Lad (#46004851) Attached to: Solar Lull Could Cause Colder Winters In Europe

This story has half the number of comments than the one about code after it, despite it being slightly older.

Just shows you don't know how to look at data.

Sweet Jesus, it's true.

And he even brought up that 97% turkey.

AGW True Believers are the quintessential "Correlation != Causation" offenders.

Comment: A union would be helpful in this situation (Score 3, Insightful) 310

While trade/labor unions are much maligned in the often libertarian-leaning IT community, this is the kind of situation where a bit of organization amongst colleagues - along the lines of what engineers or medical professionals have, would actually be useful.

But given that we have the IT professional community that we have:

  • Document that you've told your boss, and probably your boss's boss, and probably the legal department (perhaps informally and verbally initially). If you've told them, it's their problem, not yours
  • Start polishing your resume. Whistleblowing usually has negative consequences for the whistleblower - and, furthermore, continuing to work for an organization which has such a lax attitude to software poses a risk to your career if you stay there.

Incidentally, your case neatly demonstrates the near-uselessness of the IEEE-ACM Software Engineering Code of Ethics, which is very long on what the ethical obligations of a software engineer are, but has nothing useful to say about what you should do where others are ordering you to act unethically.

Comment: Re:Are you backing away from Open Source HW? (Score 4, Informative) 139

by ptorrone (#45457299) Attached to: Interview: Ask Limor Fried About Open-Source Hardware and Adafruit

hi there, i'm one of the folks who work with limor at adafruit and i'm familiar with this product. this is one of the few products that we had to sign many NDA's in order to develop, so we are not able to open source it as per the agreement(s). for that reason we do not put the OSHW logo on it. we will be doing more with BTLE and for those we will have fully open source designs.

Comment: smartphone gaming sucks (Score 3, Insightful) 78

by Goonie (#45285541) Attached to: Google Nexus 5 Posts Best Gaming Benchmark Among Android Smartphones
Much and all as the 3D graphics prowess of modern smartphones is amazing, trying to do any serious gaming on them is an exercise in frustration. Touchscreens are useful for some things, but their slow response times and lack of real tactile feedback makes it impossible to play fast-action games well on them.

+ - Hardware is now open (sourced) for business

Submitted by ptorrone
ptorrone (638660) writes "CNBC has an interesting article about the growing trend of hardware companies going open-source "The open-source hardware movement is migrating from the garage to the marketplace. Companies that follow an open-source philosophy make their physical designs and software code available to the public. By doing so, these companies engage a wave of makers, hobbyists and designers who don't just want to buy products, but have a hand in developing them". Also in the article, New York City based, open-source hardware company, Adafruit, hit $20 million in revenue this year, tripling year over year."

The most delightful day after the one on which you buy a cottage in the country is the one on which you resell it. -- J. Brecheux

Working...