Forgot your password?

Comment: Re:What about recursion? (Score 1) 115

> Another technique would be leaking a fake script, claiming to have read a draft manuscript, etc.

Of course, the interesting thing about this techinique is you can only tell it if it fails to work, because the case where it works, and the case where it fails but the desired result was going to happen anyway are indistinguishable unless the author actually pipes up and comments on it.

This reminds me of a friend of mine who used to flash his high beams erratically as he came up to red lights because he knew thats how the fire trucks signal to give them a green. I tried to tell him that there was no way this was going to work, but he was convinced it did because....of course.... fairly often he would flash his lights and the light would turn green for him....

I do the same thing with my hand pretending I have the "works" pretty well too. Which is to say....the light always changes.

Comment: Re: Hodor (Score 1) 115

I really have to say, deus ex machina endings are one of my personal pet peeves across literature, its the hallmark of lazy uninteresting story telling. In fact, about the only place I was amused to see one was at the end of the one Deus Ex game I played to the end.... and not because I thought it was even particularly good, it wasn't, its just.... its the name of the game, so its at least amusing in that one context.

Comment: Re:Ironically, blame HIPAA (Score 2) 70

by TheCarp (#48022149) Attached to: Medical Records Worth More To Hackers Than Credit Cards

Then please explain why the single most common reason for a person to be fired from the entire network of hospitals I worked for was inappropriate records access? Perhaps you would like to tell me why one of the major projects then was to move from offline records access auditing to real time auditing and flagging?

Perhaps you might have some insight into how it failed by causing us to start encrypting all of our laptops? \

The problem with healthcare is momentum. Its huge, there is a lot of it, and its highly federated and highly disorganized.In fact its often less a case of "we don't care" and more a case that they tend to be in over their heads keeping up with the infrastructure they have and the way its growing, and balk at allocating more resources to IT, since it already has eaten up more than they naively expected.

I have had to watch entire presentations that boil down to "we want to generate terabytes of data at an alarming rate and we don't see why it should cost very much based on just ignoring any other costs and looking at hard drive prices"

Seriously, the disconnect in healthcare is serious, and I agree the law is only somewhat helping but.... fact is the institutions really are scared of the penalties and those penalties really do trump their other considerations many times.

Its not perfect, but, on the security front, I have to say, I really think nearly all forward progress on security in healthcare can be directly attributed to it. I mean, I can think of a few minor exceptions like.... general concern about certain rare but frightening events like baby swaps or thefts that caused a good bit of increased security around birthing areas, but aside from that, I can't think of much that wasn't directly HIPAA requirement driven.

Comment: Re:Who enters stupid headlines? (Score 2) 24

by TWX (#48021991) Attached to: Court Rules Nokia Must Pay Damages To Buyers of Faulty Phones In Mexico
People don't even read the article before submitting the story in the first place.

If it's any consolation that's one of the things that's bothered me about Slashdot from the beginning- it often takes awhile for one's submitted article to be rejected or occasionally approved for the main page, but it seems like the moderators or admins don't actually research the summary before posting it.

Comment: Re:Only CGI scripts affected? (Score 1) 399

by TheCarp (#48020507) Attached to: Remote Exploit Vulnerability Found In Bash

Why, yes it would, that is a good point. That was hardly the only real issue.

To add insult to injury, it would change the password by generating ldiff files, and storing them in /tmp, then running command line ldap utils on them. So in addition to that, you could likely arbitrarily set someone else's password with a little finagling.

Which, is pretty much why I just verified it could be exploited to touch a file in tmp and immediately began re-writing it.

Comment: Re:Ironically, blame HIPAA (Score 2) 70

by TheCarp (#48020365) Attached to: Medical Records Worth More To Hackers Than Credit Cards

I don't disagree that it has problems but, lets not pretend that things were better without it. I worked for several years in healthcare IT. I was there when we started encrypting our laptops by policy.... it was because of HIPAA. Prior to that, there were no exceptions.

A good part of the problem is that hospitals grew up doing their own systems support for medical devices and tried to grow IT out of that, and they tend to be non-profits that budget their departments like universities do. Its a huge mess.

They just never cared about security because they built up their entire system for a single purpose of providing medical care, they were so focused on that the idea that they were exposing themselves was an afterthought, security has always been an afterthought in the the industry that brought us the word "triage"

Comment: Re:Boeing bought more politicians. (Score 1) 125

by TWX (#48014143) Attached to: Sierra Nevada Corp. Files Legal Challenge Against NASA Commercial Contracts

How could companies justify plowing money into oil wells, semiconductor plants, toy factories, apple orchards, etc. if they don't have assurances in place that the cash will be recouped? Yet people invest in those things everyday. What makes launch services any different?

Because all of those things were able to start small, relatively speaking, where only a handful of people were necessary to get the initial ball rolling. Even semiconductors; We looked at a house for its detached garage and the previous owner apparently had a small semiconductor fab set up in there at one point.

By contrast there's no real option for someone without already established financial means to launch things into space.

Comment: Re:Boeing bought more politicians. (Score 1) 125

by TWX (#48014135) Attached to: Sierra Nevada Corp. Files Legal Challenge Against NASA Commercial Contracts

No one should be left out because there should be no contract. Instead, NASA should be fostering a spot market for launches. They should have a separate bid for each launch: "We want X satellite in Y orbit, and insured for Z dollars." Then give the launch to the lowest bidder. That way each company can work continuously to cut costs and improve services, knowing that if they leapfrog the competition, they can win the next launch, instead of being locked out for years.

This won't happen either; it's very expensive to develop the tech to do the launches, let alone to build production. No one will take the risk to develop unless they have so much guaranteed production as to amortize the cost of development over those units.

This isn't like the beginning of civil aviation or even how companies that want to design planes get into civil aviation now, building small planes until their success with small planes gets them the revenue stream to let them build bigger ones, etc, this would be like coming into the market and jumping straight to long-range widebodies. To my knowledge, the only companies that have even come close to that have all been government-sponsored.

The only way that you're going to get someone to pay for the development costs themselves is to give them enough production to justify those development costs, and the only way to do that is to guarantee them so many launches. It applies to both SpaceX and to Boeing.

...when fits of creativity run strong, more than one programmer or writer has been known to abandon the desktop for the more spacious floor. - Fred Brooks, Jr.