Forgot your password?

Comment: Nice Try (Score 1) 211

by Virtucon (#46783217) Attached to: Click Like? You May Have Given Up the Right To Sue

Companies like these are trying to take a page out of the software industry playbook. Nice Try but I doubt if I buy a Chevy in the future it will eliminate their liability should the ignition fail while driving it or I happen to use a $10 off oil change coupon at one of their dealerships. Likewise if General Mills says you can't sue them because you like them on Facebook or use a coupon won't protect them should you get poisoned from a box of Cheerios.

Comment: Bad, Bad idea (Score 2) 137

by Virtucon (#46774863) Attached to: Industry-Wide Smartphone "Kill Switch" Closer To Reality

This whole idea is unnecessary if the wireless carriers would just set up a database of stolen IMEI information. And while ESNs can be wiped, if a questionable ESN is discovered, like all zeros you can block the phone from being provisioned. If you did that stolen cell phones would be worth zero and we wouldn't have to introduce another tool that can be used by governments to lock us out of communicating. With mobile traffic increasing faster than any other sector on the Internet, this gives the governments of the world an effective Internet Kill Switch.

Comment: Useless analogy (Score 4, Interesting) 131

by Virtucon (#46774777) Attached to: Code Quality: Open Source vs. Proprietary

This is a useless analogy. Code Quality is a function of both skill and the stewardship of the team supporting the code. Tools help as well but you can write some elegant, high quality code regardless of the language chosen. You can also write some real shit too but ultimately how many defects a piece of software has comes down to the design and testing that goes along with it. Some bodies of work get rigorous testing and it's not like OpenSSL's recent problem wasn't about deficient design it was about a faulty implementation. Faulty implementations in logic happen all the time and there are some bugs that just take awhile to become known. I mean even with test driven development and tools for code analysis probably couldn't have found this particular issue but considering how long it was in the code base without somebody questioning it goes back to not only stewardship by the team but the rest of the world who are using the code. If anything this situation points out that FOSS can have vulnerabilities just like proprietary software however the advantage is that with FOSS you can get it fixed much more quickly and because other people can see the implementation it can become scrutinized by folks outside the team that develops and maintains it.

In the case of Heartbleed the system works. A problem was found, it was fixed it's now just a matter of rolling out the fix and regressions are put into place to help insure that it doesn't happen again. The repercussions of what it means is that another gaping hole in our privacy was closed and that "bad guys" may have stolen data, rollout the fix ASAP. Your guess is as good as mine as to what was stolen is a matter of research and conjecture at this point. I doubt that the bad guys will tell us what they gained by exploiting it. Let's also be sure that until the systems with the bug are patched, they're vulnerable so cleanup on aisle 5.

To be honest it's a bit naive if we all assume that FOSS software that handles security doesn't have potential vulnerabilities. Likewise it's also naive to assume that proprietary code has it licked as well given the revelations of NSA spying for the past year. Given that there are numerous nefarious companies that sell vulnerabilities to anybody who can pay for it, that means unless you're buying them you probably will never know what is exposed until somebody trips over it. What this means for everybody that you can depend on is when those vulnerability-selling companies are out of business can assume that your software is free of the easier to exploit vulnerabilities; governments will always use all their tools to get intelligence including subverting standards and paying off companies who can give them access to what they want.

Comment: It may be easier.. (Score 1) 1570

by Virtucon (#46771679) Attached to: Retired SCOTUS Justice Wants To 'Fix' the Second Amendment

It will be easier to fix SCOTUS than the constitution. Considering the 27th amendment is the most recently ratified in 1992. It also holds the distinction of taking 202 years to become ratified after being submitted in 1789. Of course it deals with congressional pay and not anything of real import to average citizens.

Comment: Re:Oh, it is completely surprising ... (Score 1) 796

by Virtucon (#46767811) Attached to: Study Finds US Is an Oligarchy, Not a Democracy

What you haven't seen the trend in this ridiculous studies that point out what's already common knowledge? Every week there's a new study that just fosters a "Duh!" comment from me about the results and this is no different. Yesterday however the news leaked "new knowledge" of a study that casual smoking pot changes brain chemistry, altering those areas dealing with motivation and emotion. Duh! I guess the researchers never watched the movie "Ted?"

Comment: Re:FOSS is still safer... (Score 1) 580

by Virtucon (#46762195) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

We don't but that goes with any product out there. The difference is software has things like License Agreements and Terms of Service most of which give the software vendor no liability whatsoever for their product if it fails to perform. Imagine if you bought a car with a License Agreement that said "you have a license to use this vehicle however we assume no liability for it's use or damages caused by or within the vehicle." In the case of software vendors when problems are found they shrug their shoulders and introduce a patch or fix. If the software is no longer supported, they'll just direct you to their professional services folks and sign you up for custom support or the sales department to get you to buy their latest offerings.

Another aspect of vulnerabilities like this isn't from a security but also a safety perspective. Bad software has killed people. Read "Fatal Defect." It's an older book but it's a fascinating study of bad software design that's actually killed people.

Comment: Re:Overstating the case (Score 1) 580

by Virtucon (#46762127) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

There are companies that sell vulnerabilities to anybody with deep enough pockets. They're looking at software constantly to find exploits and I wouldn't be surprised if open source wasn't on the menu for them as well. I think open source does lead to quicker fixes once they're discovered by white hats out there unlike closed source models where a company has a vested interest in not disclosing exposures while either muddling through a fix. Case in point, the fact that Oracle knew about the zero day vulnerabilities in Java for months before addressing them. The problem is that businesses and developers seem to shrug that off rather than saying it's not acceptable and other companies just follow the same pattern. In the case of Oracle it didn't hurt them much at all and validates their lousy business practice on addressing vulnerabilities. Just looking now, in early summer 2012 when the news hit, their stock sank to $25.61/share and it just hit $42 on 4/2. So in under two years that's an almost 64% increase in their stock price.

The test of intelligent tinkering is to save all the parts. -- Aldo Leopold