Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment: Re:Not the testing, the interpretation. (Score 2) 36

by Rich0 (#49790005) Attached to: Gene Testing Often Gets It Wrong

Agree. It seems like a simple solution is to unbundle the testing and interpretation.

This is really no different from any other area of testing. A lab can assay the creatinine in my blood, or the microalbumin in my urine, or the concentration of glucose in my blood. Those results are likely to be very accurate and reproducible unless the lab is just criminally negligent.

What those results mean is an entirely different matter. A doctor will certainly utilize those results as well as the results of many other tests, history, interviewing the patient, and so on to make a diagnosis, and refine it as more data comes in.

Just make the labs, well, labs. Now you can certify them far more objectively.

Comment: Re:Seems reasonable (Score 4, Insightful) 116

by Rich0 (#49781061) Attached to: Insurer Won't Pay Out For Security Breach Because of Lax Security

everyone accepts that (for a given purpose; bank vaults and nuclear installations get judged differently than houses) there is some level of 'reasonable security', which reflects appropriate caution on the policyholder's part; but is known to be breakable.

I agree with your post. I'll just add that a big problem with IT security is that companies cannot rely on the same level of protection from governments in preventing intrusion.

For example, if I have a safe in my house, the means an attacker would have to penetrate it are going to be limited. Since my township has police and neighbors that wander around, they can only spend so much time there before they're likely to be detected. They can generally only carry in stuff that will fit in the doors and is man-portable, since if they have to cut a hole in the house and lower their equipment using a giant crane somebody is likely to notice. If they want to use explosives they will have to defeat numerous regulatory and border controls designed to prevent criminals from gaining access to them, and of course they will be detected quickly. Some destructive devices like nuclear weapons are theoretically possible to use to crack a safe, but in practice as so tightly controlled that no common thief will have them. If the criminal is detected at any point, the police will respond and will escalate force as necessary - it is extremely unlikely that the intruder will actually be able to defeat the police. If the criminal attempted to bring a platoon of tanks along to support their getaway the US would mobilize its considerable military and destroy them.

On the other hand, if somebody wants to break into my computer over the internet, most likely nobody is going to be looking for their intrusion attempts but me, and if they succeed there will be no immediate response unless I beg for a response from the FBI/etc. An intruder can attack me from a foreign country without ever having to go through a customs control point. They can use the absolute latest technology to pull off their intrusion. Indeed, a foreign military might even sponsor the intrusion using the resources of a major sate and most likely the military of my own state will not do anything to resist them.

The only reason our homes and businesses have physical security is that we have built governments that provide a reasonable assurance of physical security. Sure, we need to make small efforts like locking our doors to sufficiently deter an attacker, but these measures are very inexpensive because taxpayers are spending the necessary billions to build all the other infrastructure.

When it comes to computer security, for various reasons that secure environment does not exist.

Comment: Re:Seems reasonable (Score 2) 116

by Rich0 (#49780999) Attached to: Insurer Won't Pay Out For Security Breach Because of Lax Security

If a company cuts corners on security, then in the same way that if I leave my door unlocked and get burgled, I can't make a claim. There's going to be a good living for lawyers establishing what is the required level of security. But if this incentivises senior managers to ask the right questions, then it's probably a good development.

Maybe. If you're buying an insurance policy to cover leaks of information, then almost by definition any claim is going to be the result of lax security. So, why bother buying insurance at all if the insurer can get out of it? The likely result is that those harmed won't be able to collect damages since there will be no insurance, and the company that lost the data will simply declare bankruptcy.

I think there are better precedents. For example, my company is routinely audited by its insurers or other certification bodies. If they spot a blocked electrical panel, that has consequences for the company. The purpose of the audits is to PREVENT bad things from happening, and of course passed audits will support later claims if something bad things happen anyway.

So, why not do the same with "cyber policies" or whatever they're calling them. The insurer states some standard that the policyholder is to be audited against. The policyholder agrees to be audited. If the audit passes, they're in the clear.

And that is what insurance is about - elimination of risk. If you are in charge of some big company you can get the blessing of the appropriate auditors and now it isn't you're fault if something bad happens. It is a bit like having an IT team with skin in the game.

Sure, you can hire what you think is a good IT security team, but how do you really know if you've gotten one? If you buy a cyber insurance policy you're getting that IT audit, but then if you're declared clean and you get burned anyway, that insurance company comes in and puts their money behind their words and pays for your loss. THAT is what insurance is supposed to be.

Comment: Re:For those in Power,oversimplification is the Po (Score 1) 319

by Rich0 (#49779145) Attached to: Why PowerPoint Should Be Banned

Plus, oversimplification can be used to justify all kinds of short-sighted behavior, with all the plausible deniability you describe.

I remember learning my company's brand of six sigma, and they stressed not having more than a few CTQs for any process. It made for really nice-looking powerpoint slides (which seemed to be the main output of my company's six sigma efforts). It also made for some really broken processes in some cases, because the stuff the company was making was really hard to make. There were cases where somebody would optimize out some $10 part and end up destroying a million dollars worth of product from time to time due to a failure to deliver an acceptable level of quality. But, when you only focus on 3-5 key quality attributes, it is hard to justify every little $10 part in the multi-million-dollar manufacturing process.

I'm fairly convinced that far more was lost in market share due to an inability to meet demand than was ever gained from optimizing out the odd $10 part.

"For every complex problem there is an answer that is clear, simple, and wrong."
--H. L. Mencken

Comment: Re:"Slow and calculated torture?" (Score 1) 742

by Rich0 (#49772181) Attached to: Greece Is Running Out of Money, Cannot Make June IMF Repayment

Maybe Greeks are different but in Germany, if you borrow money, you are fully expected to pay it back. As soon as possible. Greece can make as much racket as it likes, but the Germans still want their money back. And frankly, I agree. If Greece is not willing to pay back what they take, that's theft, and they can go without aid for all I care. Especially when the borrowed money doesn't actually go to fixing its major economic issues.

That is a fairly naive viewpoint. No business approaches loans in this way. A loan is a contract, with terms that apply in the event of default, and terms governing repayment. Defaulting on a loan has consequences, but most businesses do not view it as a moral issue. If it ever becomes advantageous to default on a loan, they will do so. If it is advantageous to take measures to hinder attempts at collection, they will do this as well. As far as they're concerned, it isn't theft - it is just the terms of the agreement the lender agreed to. Most nations have bankruptcy laws, and sovereign nations have, well, sovereignty. Lenders who agree to make loans do so with full knowledge of these laws.

So, if a person declares bankruptcy I do not believe they are committing theft - the lender understood the bankruptcy laws when they freely made the loan, and they did so at an interest rate that they considered profitable even in light of this risk. Likewise, when a bank lends to a sovereign nation, they do so knowing that they have very little recourse if the nation chooses to default on the loan.

To the extent that anybody was forced to loan money against their will, they might be able to claim that whoever forced them to lend money was a thief.

Comment: Re:They're bums, why keep them around (Score 1) 742

by Rich0 (#49767787) Attached to: Greece Is Running Out of Money, Cannot Make June IMF Repayment

Greece already has a primary surplus so they can cover their own needs.
The problem is that the external debt is simply not viable. Up to 2030 greek debt obligations are up to 140billion euros. So while Greece managed with great sucrifices to have an unhealthy surplus based on neoliberal policies that finely IMF imposes for decades now, they still need 140/15 = 9 billions in average extra surplus for the next 15 years.

Well, the solution is simple then - they should just default. As long as they are internally self-sufficient as you assert, it won't be a problem for them. They won't be able to borrow money for a long time, but they shouldn't have to.

However, I'm not convinced their cash flow is nearly as rosy as you suggest. And of course they need to be able to defend their own borders/etc if they don't want somebody ticked off about their debts to come looking to collect.

Comment: Re:just what we all love (Score 1) 241

by Rich0 (#49767461) Attached to: Amazon Decides To Start Paying Tax In the UK

And this is a general problem with federated governments. When it comes to socialism/etc they tend to be a race to the bottom, because companies can effectively pay the lowest tax rate anywhere in the federation. It happens in the US as well - if a US state wanted to raise state income taxes to 60% and pay basic income to all their residents, their employment would go to zero because companies would flee the state, since they could do so while still being able to sell their wares in the state's market, since US states cannot interfere with interstate commerce. This is why US states are only "laboratories of democracy" to a limited extent.

If you want to have different tax rates and social policies, then you need to have tariffs at the border. That is obviously a two-edged sword, but it is still the reality of the economics.

Comment: Re:Why ext4 (Score 1) 226

by Rich0 (#49748219) Attached to: Linux 4.0 Has a File-System Corruption Problem, RAID Users Warned

Agree, as the other reply pointed out as well. And you can do the same with mdadm raid too (though obviously with none of the benefits btrfs/zfs bring for data integrity like checksumming and copy-on-write). Mdadm will also let you reshape an array in place (that is change raid levels or number of disks), though with mdadm that will often result in messing up your stripe alignment and of course it is more likely to eat your data if something goes wrong since if it finds a parity mismatch it has no way to know which copy is bad.

I was just commenting that btrfs tends to have a lot of features that appeal to small system users that you'll actually find missing on zfs, even if it is far less mature overall, and lacking in many enterprise-scale features. It just reflects the emphasis of the developers behind it.

I really can't complain about zfs - it is a great filesystem. However, things like not being able to reshape an array or mix disk sizes in an array are some of the things that hold me back from adopting it. Heck, btrfs will let you switch from raid1 to raid5 without touching any of the data already written - newly-allocated chunks will use raid5 and existing chunks will continue to use raid1 - it doesn't manage arrays at the whole-device level. In practice though you're likely to tell it to rebalance your data of course.

Comment: Re:Why ext4 (Score 1) 226

by Rich0 (#49748169) Attached to: Linux 4.0 Has a File-System Corruption Problem, RAID Users Warned

Sure, but with btrfs you can just add one drive and sometimes get its entire capacity added to your array - it works fine with mixed-size disks.

Of course, it might just decide not to boot the next day, and that is the downside to btrfs. It does tend to be a bit more friendly in scenarios where you have a small number of disks, though, which was my main point.

Comment: Re:Why ext4 (Score 1) 226

by Rich0 (#49744837) Attached to: Linux 4.0 Has a File-System Corruption Problem, RAID Users Warned

Why would you want to add just one drive to a server with 5x 6-drive RAID6 arrays? Just add another 6 drives at a time.

ZFS isn't ideal for growing like that since it doesn't do rebalancing. Your younger raid arrays will always have more data on them.
Also zfs destroy is very expensive.

Perhaps, but my point was more that if you want to grow ZFS this is the ONLY way to actually do it, as far as I'm aware. You can't add individual drives to individual "vdevs."

Comment: Re:Why ext4 (Score 2) 226

by Rich0 (#49743615) Attached to: Linux 4.0 Has a File-System Corruption Problem, RAID Users Warned

The problem is that the feature-list for ZFS is very enterprise-oriented.

Why would you want to add just one drive to a server with 5x 6-drive RAID6 arrays? Just add another 6 drives at a time.

On the other hand, if you have a PC with 3 drives in RAID5, you could easily want to turn that into a 4-drive RAID5 or a 5-drive RAID6 in-place.

Btrfs has a lot of features that are useful for smaller deployments, like being able to modify the equivalent of a vdev in-place. ZFS on the other hand has a lot of features like ZIL that are very useful for larger deployments.

Comment: Re:Plutonium Thermal-Electric? (Score 2) 116

by Rich0 (#49743527) Attached to: Hydrogen-Powered Drone Can Fly For 4 Hours at a Time

Agree. RTGs aren't actually all that efficient - they're a very primitive form of nuclear power. Their advantage is in their simplicity and longevity, which makes them great for things like spacecraft that need low power for VERY long duration, and where repairs are impossible.

You'd need a pretty big aircraft before nuclear turns into a viable option.

Comment: Just proprietary? (Score 4, Interesting) 126

by Rich0 (#49743431) Attached to: US Proposes Tighter Export Rules For Computer Security Tools

I'm interested in whether this is limited to ONLY proprietary research.

I could actually see an argument for banning export of such research. Do we really want companies finding flaws in widely-used software, keeping those flaws secret from the software vendors and the general public, but then selling details on those flaws to others who could potentially turn around and exploit them? In a sense, this does sound like a munition.

I don't see the same concern with public research. If you disclose a vulnerability publicly, then everybody can fix it, and that strengthens the ecosystem instead of weakening it.

If the ban were limited to proprietary research, I don't see it as a bad thing. Of course, it does nothing to keep companies from selling their findings to NSA contractors and such, but I don't expect the US to lift a finger to ban practices like these.

Wherever you go...There you are. - Buckaroo Banzai

Working...