Forgot your password?

Comment: Nice Try (Score 1) 152

by Virtucon (#46783217) Attached to: Click Like? You May Have Given Up the Right To Sue

Companies like these are trying to take a page out of the software industry playbook. Nice Try but I doubt if I buy a Chevy in the future it will eliminate their liability should the ignition fail while driving it or I happen to use a $10 off oil change coupon at one of their dealerships. Likewise if General Mills says you can't sue them because you like them on Facebook or use a coupon won't protect them should you get poisoned from a box of Cheerios.

Comment: Bad, Bad idea (Score 2) 132

by Virtucon (#46774863) Attached to: Industry-Wide Smartphone "Kill Switch" Closer To Reality

This whole idea is unnecessary if the wireless carriers would just set up a database of stolen IMEI information. And while ESNs can be wiped, if a questionable ESN is discovered, like all zeros you can block the phone from being provisioned. If you did that stolen cell phones would be worth zero and we wouldn't have to introduce another tool that can be used by governments to lock us out of communicating. With mobile traffic increasing faster than any other sector on the Internet, this gives the governments of the world an effective Internet Kill Switch.

Comment: Useless analogy (Score 3, Interesting) 131

by Virtucon (#46774777) Attached to: Code Quality: Open Source vs. Proprietary

This is a useless analogy. Code Quality is a function of both skill and the stewardship of the team supporting the code. Tools help as well but you can write some elegant, high quality code regardless of the language chosen. You can also write some real shit too but ultimately how many defects a piece of software has comes down to the design and testing that goes along with it. Some bodies of work get rigorous testing and it's not like OpenSSL's recent problem wasn't about deficient design it was about a faulty implementation. Faulty implementations in logic happen all the time and there are some bugs that just take awhile to become known. I mean even with test driven development and tools for code analysis probably couldn't have found this particular issue but considering how long it was in the code base without somebody questioning it goes back to not only stewardship by the team but the rest of the world who are using the code. If anything this situation points out that FOSS can have vulnerabilities just like proprietary software however the advantage is that with FOSS you can get it fixed much more quickly and because other people can see the implementation it can become scrutinized by folks outside the team that develops and maintains it.

In the case of Heartbleed the system works. A problem was found, it was fixed it's now just a matter of rolling out the fix and regressions are put into place to help insure that it doesn't happen again. The repercussions of what it means is that another gaping hole in our privacy was closed and that "bad guys" may have stolen data, rollout the fix ASAP. Your guess is as good as mine as to what was stolen is a matter of research and conjecture at this point. I doubt that the bad guys will tell us what they gained by exploiting it. Let's also be sure that until the systems with the bug are patched, they're vulnerable so cleanup on aisle 5.

To be honest it's a bit naive if we all assume that FOSS software that handles security doesn't have potential vulnerabilities. Likewise it's also naive to assume that proprietary code has it licked as well given the revelations of NSA spying for the past year. Given that there are numerous nefarious companies that sell vulnerabilities to anybody who can pay for it, that means unless you're buying them you probably will never know what is exposed until somebody trips over it. What this means for everybody that you can depend on is when those vulnerability-selling companies are out of business can assume that your software is free of the easier to exploit vulnerabilities; governments will always use all their tools to get intelligence including subverting standards and paying off companies who can give them access to what they want.

Comment: It may be easier.. (Score 1) 1447

by Virtucon (#46771679) Attached to: Retired SCOTUS Justice Wants To 'Fix' the Second Amendment

It will be easier to fix SCOTUS than the constitution. Considering the 27th amendment is the most recently ratified in 1992. It also holds the distinction of taking 202 years to become ratified after being submitted in 1789. Of course it deals with congressional pay and not anything of real import to average citizens.

Comment: Re:Oh, it is completely surprising ... (Score 1) 762

by Virtucon (#46767811) Attached to: Study Finds US Is an Oligarchy, Not a Democracy

What you haven't seen the trend in this ridiculous studies that point out what's already common knowledge? Every week there's a new study that just fosters a "Duh!" comment from me about the results and this is no different. Yesterday however the news leaked "new knowledge" of a study that casual smoking pot changes brain chemistry, altering those areas dealing with motivation and emotion. Duh! I guess the researchers never watched the movie "Ted?"

Comment: Re:FOSS is still safer... (Score 1) 569

by Virtucon (#46762195) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

We don't but that goes with any product out there. The difference is software has things like License Agreements and Terms of Service most of which give the software vendor no liability whatsoever for their product if it fails to perform. Imagine if you bought a car with a License Agreement that said "you have a license to use this vehicle however we assume no liability for it's use or damages caused by or within the vehicle." In the case of software vendors when problems are found they shrug their shoulders and introduce a patch or fix. If the software is no longer supported, they'll just direct you to their professional services folks and sign you up for custom support or the sales department to get you to buy their latest offerings.

Another aspect of vulnerabilities like this isn't from a security but also a safety perspective. Bad software has killed people. Read "Fatal Defect." It's an older book but it's a fascinating study of bad software design that's actually killed people.

Comment: Re:Overstating the case (Score 1) 569

by Virtucon (#46762127) Attached to: How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

There are companies that sell vulnerabilities to anybody with deep enough pockets. They're looking at software constantly to find exploits and I wouldn't be surprised if open source wasn't on the menu for them as well. I think open source does lead to quicker fixes once they're discovered by white hats out there unlike closed source models where a company has a vested interest in not disclosing exposures while either muddling through a fix. Case in point, the fact that Oracle knew about the zero day vulnerabilities in Java for months before addressing them. The problem is that businesses and developers seem to shrug that off rather than saying it's not acceptable and other companies just follow the same pattern. In the case of Oracle it didn't hurt them much at all and validates their lousy business practice on addressing vulnerabilities. Just looking now, in early summer 2012 when the news hit, their stock sank to $25.61/share and it just hit $42 on 4/2. So in under two years that's an almost 64% increase in their stock price.

Comment: Re:Nuclear is obvious, an energy surplus is desire (Score 1) 428

by Virtucon (#46756145) Attached to: UN: Renewables, Nuclear Must Triple To Save Climate

Well you had to live during the whole TMI episode to understand the panic it created. Sadly it was a turning point for nuclear power in this country. After that Jimmy Carter pulled the permits for all proposed nuclear plants and stopped the TVA for example in their tracks on 4 plants that were in progress. He and his buds in congress the bureaucratic nightmare that is now the DOE. That kind of knee-jerk reaction pushed investors away and you have to look around and see that. Until 2013 there has been no ground-breaking on new plants since 1977, the same year as TMI. So if you want to see how one administration can doom an industry in this country, look at TMI and the ripple effects. TMI was minor but the public became afraid and movies like the "The China Syndrome" didn't help either. These plants were built on investments mostly through bonds or by the Federal Government in the case of the TVA and investors want safe returns on their money and because of TMI, nuclear became a pariah in the US. Look at the whole Yucca Mountain situation if you need a refresher course on how jammed up things can become.

I won't argue that nuclear power is cheaper overall, in most cases it isn't. It is efficient given the size/complexity of the plant and the output it produces. It's cleaner than coal or burning gas on many levels. It is a political football and if you look at the closing of San Onofre you can see that everybody including DC based ass-clowns want to get into the act. I used to surf at San Onofre beach right next to the plant and it was always great because the water was warmer from the cooling water released back into the ocean near offshore. It was fine then, it'd be fine now but politics is politics as they say.

That's why authoritarian/autocratic societies will be able to expand the use of nuclear power faster than democracies and while we may push for solar nuclear is in the same boat as to why we don't consider large hydro projects either in this country because a) we've pretty much exhausted most of aquifer systems necessary for large scale hydro b) environmental impact studies take decades and we might hurt the fish (see snail darter for a reference) c) tree-hugging morons who are the same idiots against nuclear power. These folks still tool around in pre-1980s VW vans for example and vacation at Burning Man. Sure we can do more wind power but now we kill bald eagles, hawks and other birds so that's bad oh wait, what about more solar? Yeah, with nearly 100% imported technology we give away our engineering skills, money and competitive advantage to nations ultimately selling us out now and for future generations.

One thing I can agree with with the IPCC is that human activity is fucking up the planet but we live here and in order to live in the confines of our modern society that requires energy. Ultimately energy choices will dictate, as they always have, what nations/regions of the planet will be successful and thrive while others will either wither into pre-industrial decay or keep being places where they mine conflict diamonds and other resources for those successful nations who take an aggressive approach to energy production.

Man is the best computer we can put aboard a spacecraft ... and the only one that can be mass produced with unskilled labor. -- Wernher von Braun