Forgot your password?

Comment: Re:Impossible (Score 1) 536

by Opportunist (#46831293) Attached to: The US Public's Erratic Acceptance of Science

Can you prove that I didn't just create everything and that you are not the only person that I allowed to exist, with everything around and your memories of everything just my doing, me "implanting" those memories and creating those people and places around you? C'mon, prove that I don't control your sensory input and your memories, that I don't control what you see, hear, feel, smell, taste and remember.

You cannot. Because the very instrument you have to prove or disprove that is the very same that I claim to control. Every time you say "but I can..:", my response would be "because I make it so" or "because I let you".

It is incredibly hard to prove or disprove something about your universe from within the universe. What you can argue with is what's more likely. What's more likely? That you're you, that your friends are your friends and that what you see, hear, taste, feel and smell is actually genuine and that your memories are what you really experienced, or that I put you in some sort of bizarre matrix world where everything you experience is just my imagination telling you how it should be?

Likewise, proving that God does not exist is not only moot (why bother?) but also kinda impossible. How do you disprove the existence of something that by its very definition has the ability to shield itself from any and all sensory input you might have? My reply could be that you should disprove the existence of the various other elusive and fun creatures from the flying spaghetti monster to the invisible pink unicorn, which is just as impossible.

Comment: Re:Security by Obscurity? (Score 1) 91

by Opportunist (#46831243) Attached to: OpenSSL: the New Face of Technology Monoculture

Security by obscurity is by definition a bad idea. But the conclusion "CSS == SbO" is false. CSS can rely on SbO, but there is no immediate causal link. What keeps you from writing software that is actually secure by design (which would constitute the opposite of SbO) but leave the source closed? Yes, it could be opened and published without endangering the security of your system, but you decide against it.

That's just as valid.

The fallacy stems maybe from the fact that SbO must be CSS (for the obvious reason that the security is broken the moment someone gets to see the code). SbO requires CSS. It does not mean that the reverse is true, too.

Comment: Re:"but... but... but..." (Score 1) 91

by Opportunist (#46831217) Attached to: OpenSSL: the New Face of Technology Monoculture

Hush! Here, dump a few 1000 bucks on getting an ITIL certificate and you'll know why best practice can NEVER be wrong! NEVER!

Is it me or do certain IT certificates turn more and more into something akin to courses offered by a certain alien worshiping cult? You pay through the nose for courses of dubious quality so you need to sing their praise in the hope to get eventually at least the money out that you stuffed in...

Comment: Re:Closed and open are equivalent ... (Score 1) 91

by Opportunist (#46831189) Attached to: OpenSSL: the New Face of Technology Monoculture

In my experience, the main difference between open and closed source is the NDAs I'm bound with. Or rather, the effects such an NDA can possibly have.

In a CSS audit, the NDA will invariably include "and do not hand over any kind of source, lest we kill your firstborn", or a variation thereof. If I find something, it depends on the company that ordered the audit whether or not that bug will be even admitted, let alone fixed, and whether that fix will be delivered to everyone or whether they leave it open deliberately because someone wants that "bug" to exist.

In OSS audits such NDAs are rare. Not only because there's little use in telling you not to publish the source code (it's open. Duh), but also because it's trivial for someone to break that NDA without ever being possibly caught. Anything I find can be found by anyone else. It's kinda hard to prove that I pointed you to it should you happen to stumble upon the same bug that I found during the audit but the company ordering the audit wanted to keep hushed up.

OSS is not by definition better secured. It can be if people care. Well, we learned that people don't. But one thing remains, it's way harder to hush things up. OSS isn't more secure because more people look at the code. It is because more people can do so and because you can't simply swipe under the rug what you don't want people to see in your code. The Streisand Effect can only work if people can look.

Comment: Re:Is anyone surprised? (Score 2) 91

by Opportunist (#46831169) Attached to: OpenSSL: the New Face of Technology Monoculture

OpenSSL is one great example for what I dubbed "Monkey Island Cannibal security" in my talks (yes, believe it or not, you can actually entertain and inform managers that way, you'd be surprised how many played MI, and even if not that's at least something they can understand). But that whole Monkey Island spiel works as a perfect example for security blunders where one point gets improved over and over because everyone thinks that's the only point it could fail while the rest of the security system gets neglected even though the security problem is obviously there.

For those who don't know MI (or who forgot), there is a moment in Monkey Island where the cannibals catch your figure and lock him up in a hut. You can escape that hut via a loose panel in the wall. Now, every time the cannibals catch you again, the door of the hut gets more and more elaborate and secure, to the point where that bamboo hut has a code lock reinforced steel door befitting a high security vault in the end. Which of course has no effect on your chances to escape since you never pass that door (at least on your way out).

The point is that the cannibals, much like a lot of security managers, only look at a single point in their security system and immediately assume that, since this is their way of entering the hut, it must also be the point where you escape. Likewise, the focus on auditing OpenSSL lies always on the crypto routine, and you may assume with good reason that this is one of the most audited pieces of code in existence.

Sadly, the "hut" around it is less well audited and tested. And that's where the problems reside.

Comment: Re:Perhaps I'm racist but... (Score 1) 355

A nice idea, but how do you want to know before allowing them to start?

Certain fields of study already have certain requirements. Almost universally you need a university entry diploma, for some specific ones (like medicine) you need diplomas that included certain specific courses (e.g. Latin).

What would do a LOT more good is if students were informed what they get themselves into with certain fields. A lot of them have VERY odd expectations from what studying X would be like. I'm pretty sure you could lower the drop out rate of psychology/psychiatry students if they knew that a good 90% of the whole shit was statistics. Likewise, a lot of people start studying CS thinking they'll be taught programming. Knowing how to program is a prerequisite, though, instead a good 80% of the stuff you'll be studying is math related.

A lot of dropouts happen due to false expectations. I think there should be mandatory orientation days, that should take care of a lot of that first semester dropouts.

Comment: Re:This is completely absurd! (Score 1) 355

Then the boost should not be getting them into a college, dumping a truckload of tuition debt onto their back only to have them drop out or, if they're actually lucky enough to actually have a K-12 ed worth the money (i.e. outside the usual "ghetto schools"), eventually end up in a job that pays them almost enough to eventually recover their college cost.

The fact THAT they're by no means as well connected also means that they will be indentured servants after getting them through college. The whole "affirmative action" bull is nothing but the creation an insidious trap for the "smarter niggers". It's ingenious, you get educated slaves. And they're even happy about it.

No, that's not the solution. You can't fix in college what you fucked up before. If you really want to aid disadvantaged people, you have to start earlier. Way earlier.

Comment: Re:Bad comparison to gay marriage (Score 1) 355

Also, how the hell would gay marriage affect anyone (provided they're not gay, in which case it might have a positive effect, unless they're happy that they can NOT marry their loverboy... but I digress)?

Affirmative action may well affect anyone negatively who isn't part of whatever group gets pulled ahead.

Comment: Re:Its money (Score 1) 355

What is your goal? If you want to raise the level of education, paying people more will not solve it. Rather, make education affordable or even free, as it is in most of Europe.

Make the brain the decider who gets what job. Not whether daddy can afford to put him into an Ivy League, no matter what a pea brain rich boy may be.

"If that makes any sense to you, you have a big problem." -- C. Durance, Computer Science 234