Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Comment Re:What about shipped product? (Score 1) 130

Even an OSS one can have code in it that recognizes when it is compiling itself and adds the back door to the newly compiled version of the compiler.

You're referring to the "Ken Thompson hack," but it's not a real threat. You would have to solve the halting problem for a compiler to know whether or not it is compiling itself, or a version of itself. That is to say, a compiler could recognize a copy of its source code. It could also recognize familiar strings that it can find, or worse (from a false negative standpoint) hashes of that code, or parts thereof ("signatures"), and as we (should) all know, signatures are easy to defeat, which is why antivirus software is great for detecting known threats, but not so useful for preventing future threats. A program cannot identify another program based on what the program actually does -- say, compile source code and output a binary -- else we would have solved the halting problem, and we would have bug-free code, and perfect antivirus, which would render the Ken Thompson hack ineffective anyway. Yay!

Moreover, regardless of the attack vector, even a compromised binary can't hide from disassembly and human inspection. And if you're incredibly paranoid, then you could use side-channel analysis to see if anything is happening that's not supposed to be happening, unless you think the NSA has also hacked physics, then nothing I can say matters anyway.

Comment Re:Praise be to Putin (Score 3, Insightful) 291

Well, we're perfectly happy to deal with other monarchies, dictatorships, and sham-democracies in the region, so it's not strictly the non-democracy aspect of Assad's reign that we have a problem with, or even the human rights issues, so much as his uncooperative nature with regard to American foreign policy. The dictatorship is just something we bring up when it suits our agenda. Not that Assad deserved to be defended, but let's not pretend that we wouldn't overlook that if it suited us.

Comment Re:Praise be to Putin (Score 1) 291

Except ISIS made a credible claim to be responsible for the downed airliner, including both photos of the device, and details of how they smuggled it onto the plane. If your version of events were true, they would probably dispute those claims, or have no evidence.

I'm not saying that Putin is a "good guy," but he's not an idiot, and ISIS is run by, really, just idiots. You have to be truly stupid to believe that unilateral violence against any and all countries in the world, including your own, could possibly succeed, unless you're a religious zealot who believes God has his back.

Comment Re:How can there be? (Score 4, Insightful) 622

To be pedantic, a bittorrent server serves small .torrent files, not the actual files indexed therein.

Secondly, let's call "unlimited data" what it is: unmetered data. And unmetered data works in many other scenarios with lower costs to the end-user and equally large data, like VPN and NNTP services for $10/mo. Further, many countries have ISPs that profitably offer unmetered data. Indeed, Comcast has never been close to unprofitable in its years of offering unmetered data, and its 400GB (or whatever) cap has seldom been enforced.

The real reason corporations are pushing back against unmetered data is that it's non-billable data. It's a revenue stream that they're naturally eyeing in a never-ending push to increase margins quarter-over-quarter and year-over-year. It's not because unmetered data is unprofitable, it's because it's not as profitable as metered data. The apologists who defend these corporations are either being duped by their marketing, or are heavily invested in their profits.

Comment Re:It will be Armageddon! (Score 1) 124

Funny quote, but meeting technical specifications and passing NDT are part of the procurement process. Fail those, and you're on the hook for making new parts or refunding the government (assuming they paid already), as well as fines for missing deadlines, and possible loss of future contracts.

Comment Re:Work for free!! (Score 1) 124

Not just a personal resume, but a corporate resume. Past experience is a huge barrier to entry in gov't contracting, and so this was (will be?) an easy way to get that. It probably would have gone negative if the possibility was in place.

Anyway, it's all fun and games until the protests are filed and the lawyers get involved.

Comment Re:Detecting weapons is NOT the purpose of TSA... (Score 5, Insightful) 349

The government knows damn well that the TSA is security theater -- someone just forgot to tell this particular elected official.

Security theater can be great as a deterrent, but once everybody starts shouting about how it's not real, then its deterrent effect is decreased. So we can either tell people to shut up about it, or eliminate the facade, but increased security isn't an option, for two reasons:

1) Nobody can be vigilant against mostly non-existent threats for hours and days and years on end, except the most paranoid, OCD people, who aren't hireable anyway. That's why bouncers are effective -- people are constantly trying to sneak in, and bouncers know they're going to catch people. Most other security guards know they'll never, ever catch anyone, because nobody ever tries, and their attention suffers as a result. It's not that they don't want to do their job; it's that the reality of their job is incredibly tedious. It becomes about going through the motions most of the time, and maybe making an effort every so often.

2) Real security takes time, and that pisses people off. Maybe not in the immediate wake of a catastrophic security failure, but days or weeks later, it will. Patience will run thin. Moreover, the biggest advantage of flying is convenience -- it's fast. Once that convenience goes away, its popularity will decline.

Honestly, it doesn't matter though. Security has diminishing returns, like anything else, and no target can be fully protected. We can't, even collectively, control all of the variables. And when the risks are infinitesimal to begin with, then taking steps to lower them even more is usually a wasted effort. Better to focus on having procedures in place to handle things when the worst case happens.

Comment Re:Words with multiple meanings (Score 1) 386

Statistical analysis is a bit different from reading tea leaves. That's not to say they did it properly, but if they didn't, then they're only doing themselves a disservice by ignoring a potentially profitable customer base.

Personally, I would not/do not find it at all surprising that people who are getting shitfaced and posting about it on Facebook are a higher credit risk, because it's a pretty stupid thing to do, for many reasons. Either the individual doesn't know that, or doesn't care, but either way, it's not the sign of a responsible individual.

Comment Re:I have no debt and a hefty savings account (Score 1) 386

Your assets don't make you a risk; your (presumed) lack of history makes you a risk. Plenty of very wealthy people have filed for bankruptcy protection, presumably people who could have repaid their debts, at a high cost to their standard of living. If you lost your job, would you deplete your savings to repay creditors, or would you try to hold on to what you have? People tend to be loss averse, and hold on to what they have. So whether you *can* repay is an important consideration, but it's still just a prerequisite for whether you *will* repay.

Comment Re:Autie/Aspie is not a disease (Score 1) 345

I don't know about lawyers, but doctors and nurses are taught how to manage people. Many of them are in the industry for the problem-solving aspects of the job, and the interaction with people is a side benefit at best, or else just the cost of doing business and getting access to those problems.

Comment Re:Male privilege (Score 4, Insightful) 345

What you describe is an established "symptom" of ASD in women, but perhaps ASD is not an really appropriate classification for those symptoms. I know this is a controversial statement, but it's possible that men and women have different disorders. I mean, if we have to broaden the symptoms of one disorder to include symptoms which happen to be the antithesis of the "same" disorder, then perhaps we're actually looking at a something unique, and we should categorize it as such rather than trying to shoehorn it into an existing classification.

The trouble with money is it costs too much!