Forgot your password?

Comment: Re:The price you pay (Score 1) 316

by Jeremi (#47520587) Attached to: 'Just Let Me Code!'

You ask for the big picture, agile's answer is that there is none. The whole code base is alive and trying to keep on top of everything else that's happening is too much wasted time. You just keep the bits and pieces you work on working as you make changes.

My intuition tells me that this would cause the codebase to become an incomprehensible mess over time, as it would not have any consistent organizing principles to speak of. Is my intuition correct, or is that not generally a problem in practice?

Comment: Re:The data is valuable to Google, they don't hand (Score 1) 155

by mrchaotica (#47516089) Attached to: Privacy Lawsuit Against Google Rests On Battery Drain Claims

Of course the NSA illegally acquires data from most all email providers, ISPs, etc. Even the services that are explicitly based in privacy get NSLs, so to avoid that I could avoid using the internet at all. I'm going to use the internet, so the NSA will be able to snoop until that problem is handled using the three boxes - soap box, ballot box, and if absolutely necessary ammo box.

There are four boxes: soap, ballot, jury and ammo.

Comment: Re:Wait, wait... (Score 1) 130

by mrchaotica (#47515761) Attached to: Exodus Intelligence Details Zero-Day Vulnerabilities In Tails OS

I don't think it matters whether we take Exodus or the US Government. I'm not really sure why being a mercenary is so bad? What is the difference if the US Government pays Exodus or hires the people working for Exodus to write exploits directly?

The difference is motivation. If you're partisan -- if you're motivated because you think the cause is just -- then maybe it's ethical to fight. If you're motivated by money and otherwise don't care, it's clearly unethical.

(I say "maybe" because it's not ethical to fight if you're mistaken in your belief that the cause is just -- it has to genuinely be so. But if you don't care, fighting is unethical even before considering the justness of the cause because it's not your fight.)

And yes, people are using Tor to fight against the US; certainly hackers and terrorists use Tor. (I don't believe more than a small fraction of Tor users are malicious, but malicious users undoubtedly exist.

If the American Revolution were happening today, the Founding Fathers would be labeled "hackers and terrorists" from the perspective of the British Crown. In other words, unless you're purposefully targeting innocents, those sorts of labels are a matter of perspective. I'm not at all convinced that using TOR to fight against the US government is actually a bad thing.

If you have responsibly disclosed every exploit you know about, you are not going to be able to hack into the computer which triggers the bomb. I'm not sure why this isn't obvious. Unless somehow your "responsible disclosure" allows for holding on to exploits until you need them for dire situations, you have no way to stop such a computerized device.

Let's be more concrete here: someone has hooked up a Raspberry Pi to detonate a bomb, which is triggered, say, over Tor. Whoever made this wasn't stupid: it has a heartbeat which will detonate the bomb if it fails, so you can't just jam it or cut off internet access. It has normal motion sensors, etc. You have 1 hour to disable it. I propose that given the possibility of such a scenario (or scenarios like this; obviously this is an extreme and contrived example to try to prove a point), it is ethical to withhold disclosure of vulnerabilities. In your proposed scenario, the government has "emptied its cyber arsenal". It has nothing it can do to prevent such an attack. I believe it is superior to have the capability to prevent such an attack.

First of all, I understood your previous scenario to be that you're discovering a new exploit in the process of defusing the bomb, and deciding whether to responsibly disclose it afterwards or to keep it in your pocket for later use. That's different from what you wrote this time, which is that you're using a previously-discovered but undisclosed exploit to defuse a bomb at the present time.

The problem with your scenario is that you're presupposing it "will" happen, and judging your actions after the fact. That's not a valid mode of reasoning, since there's no way to know that the scenario will actually occur (or even that it's more than infinitesimally likely to occur) at the time you're making the decision to disclose or not.

In other words, you're saying that it's perfectly ethical to do actual harm now because you guess that it might lessen the possibility of doing potential harm later. If you don't understand the problem with this, there's nothing more I can do to explain it to you more clearly.

It's like saying we shouldn't have fought in Wold War II against Hitler, because war is bad. The Allied forces were the "lesser of two evils"--evil, of course, because war is unethical just like hacking is. Why choose to actively help the lesser of two evils? We should have remained neutral.

That's exactly what we did do until the Japanese attacked us directly at Pearl Harbor. I think we acted pretty appropriately in that case!

Comment: Re:"Compatible" (Score 1) 92

by RogueyWon (#47513879) Attached to: Open-Source Blu-Ray Library Now Supports BD-J Java

The Playstation 3 likely remains the most common blu-ray player around - and it does the job very well (though it helps to pick up the optional remote control, as managing playback via a game controller can be a touch irritating). It also, coupled with the PS3 Media Server software on a PC, makes a pretty damned good "just works" solution for playing media files off your hard drive onto the TV and - crucially - one which is easy enough for a total computing ignoramus to get up and running with little or no guidance.

It's a pity that the PS4 (and Xbox One) are missing most of this functionality. As media players, the "new" consoles are a significant step back from the last generation.

Comment: Re:This has nothing to do with sexism (Score 0) 874

by Tom (#47513701) Attached to: The Daily Harassment of Women In the Game Industry

The difference here as usual is that women expect to be treated differently. They don't think that's what they want but it is actually what they want.

The real truth is something that most men have trouble understanding: That women, like lawyers, have no problem at all holding two mutually exclusive opinions at the same time. They want to be skinny and make a diet and they want to eat that cake. To many women, there's no conflict in that.

And when it comes to equal rights and stuff, they want to be equal, but treated specially, and they don't notice that these two things cannot co-exist. You can be my equal or you can be my princess, but you cannot be both.

I'll hold the same position here for the same reasons. If the girls want to be treated like girls then that's fine. If they want to be treated like men, that's fine. But stop trying to eat your man cake and have your girl perks too. Its either/or.


Comment: Re:Gamers aren't special (Score 1) 874

by Jeremi (#47513237) Attached to: The Daily Harassment of Women In the Game Industry

ANYONE feels entitled to vent when you're on the Internet- you're relatively anonymous and there just aren't any real consequences for being a total douchebag.

Too true, and I'm not sure what the compensating benefit is. There are situations where anonymity can be beneficial, but a social/gaming arena is not one of them. Why allow anonymity if it only encourages people to act like irresponsible douchebags?

A half-serious solution for a gaming platform that wants to reduce the douchebag problem: make all gamers register under their real name, and record all of their in-game communications in a searchable database that the world (including present and future employers) can Google. That ought to clean at least some of them up.

Comment: Re:How do you (Score 0, Troll) 874

by mrchaotica (#47511697) Attached to: The Daily Harassment of Women In the Game Industry

Why do you feel you have to defend yourself against accusations like this? Have they been leveled at you?

They have, and they've been leveled at you, by the article itself, which made blanket statements about all men.

This woman thinks I'm asshole with no self-control for no other reason than because I have a penis. And she thinks I'm the one who's sexist?!

Not once have I ever felt the need to "defend myself against accusations like this." Why? Because it's pretty easy to avoid being a condescending sexist asshole...

Indeed. I have a suspicion that the opposite is also true: that the women who complain about these things are themselves the female equivalents of the condescending sexist assholes they're complaining about.

Comment: Re:Wait, wait... (Score 1) 130

by mrchaotica (#47511025) Attached to: Exodus Intelligence Details Zero-Day Vulnerabilities In Tails OS

If other people are attacking you, should you lay down all your weapons and hope they do the same?

Are people attacking Exodus via TOR? If not, then what ethical justification does it have for involving itself as the NSA's mercenary?

I'm all for self-defense; it's aiding aggression that I find unethical.

Hacking without responsible disclosure is always unethical, and what others choose to do is irrelevant.

I think this is an incredibly bold statement. I think it's a bit hard to judge the ethics of exploiting a computer "in a vacuum", the context certainly matters. Let's take a hypothetical situation: if a computer was used as the trigger for a bomb which was going to go off and kill 100 people, would it not be ethical to hack in to the computer and disable it? [we can assume it also has all the fancy triggering mechanisms in place.. capacitive sensing in case someone gets too close, tilt/shock sensors in case something tries to move it, etc]

Clearly, I'm failing to understand -- what is there about your hypothetical situation that precludes responsible disclosure?

Also, responsible disclosure is sort of tautologically ethical because it does consider context (that's what the "responsible" part means). If you're not sure what kind of disclosure is responsible, then the only ethical option would be to forgo the hacking.

The other thing is you have to consider that "cyber weapons" mean governments can gain intelligence or affect systems without hurting people. Stuxnet is an interesting example. How many lives would have been lost if instead someone bombed the Iranian nuclear facility, or killed off Iranian scientists (yes, I know this still happens anyway, sadly)? Stuxnet was a virus that infected the public's computers as well. Based on our discussion so far I would expect you to say something like "well sure, maybe it's better than bombing, but having neither would be even better". That's a totally understandable stance, but again, that isn't the world we live in. I think it's a step in the right direction to at least try to minimize deaths.

Being forced to choose the lesser of two evils doesn't mean you should become the active accomplice of that evil.

Besides, on a more practical note, you're also failing to consider the rest of the collateral damage. By supporting Exodus's position, you're saying that hypothetically saving the lives of the Iranian scientists is worth hypothetically risking the lives of TOR users worldwide.

For God's sake, stop researching for a while and begin to think!