Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment: Incorrect (Score 5, Interesting) 159

It is easier with something simpler, not something smaller. When you start doing extreme optimization for size, as in this case, you are going to do it at the expense of many things, checks being one of them. If you want to have good security, particularly for something that can be hit with completely arbitrary and hostile input like something on the network, you want to do good data checking and sanitization. Well guess what? That takes code, takes memory, takes cycles. You start stripping everything down to basics, stuff like that may go away.

What's more, with really tiny code sizes, particularly for complex items like an OS, what you are often doing is using assembly, or at best C, which means that you'd better be really careful, but there is a lot of room to fuck up. You mess up one pointer and you can have a major vulnerability. Now you go and use a managed language or the like and the size goes up drastically... but of course that management framework can deal with a lot of issues.

Comment: Well, perhaps you should look at features (Score 1) 159

And also other tradeoffs. It is fashionable for some geeks to cry about the amount of disk space that stuff takes, but it always seems devoid of context and consideration, as though you could have the exact same performance/setup in a tiny amount of space if only programmers "tried harder" or something. However you do some research, and it turns out to all be tradeoffs, and often times the tradeoff to use more system resources is a good one. Never mind just capabilities/features, but there can be reasons to have abstractions, managed environments, and so on.

Comment: Re:Tolls? (Score 4, Insightful) 803

by hey! (#49736133) Attached to: Oregon Testing Pay-Per-Mile Driving Fee To Replace Gas Tax

Well, with electronic toll-paying that could work, but it would still shift the burden from low MPG to high MPG cars.

The great thing about a gas tax is that it's a simple way to kill two birds with one stone: encouraging higher mileage and paying for infrastructure. The problem is that not everyone agrees that both birds are important. Two-birders think that high mileage vehicles should be discouraged because of externalized costs -- pollution mainly, but also space required in parking lots, greater risk to other road users etc. One-birders don't care about externalities but understand that the roads and bridges need to be repaired. Zero-birders are just idiots.

I'm a two-birder myself, so raising the gas tax is a no-brainer. I'd also issue everyone a flat rebate per driver, because in fact I'm a three-birder: I'm concerned about the effect of a regressive tax on the working poor who have no options but to drive to their jobs.

But I'm also a realist. There are a lot of one-birders out there and the roads need repair. It's also politically easier in one-birder territory to sell something as a fee rather than as a tax, even though from my perspective that's an irrelevant difference if you're raising the same revenue either way.

Comment: Re:I wonder how long... (Score 3, Insightful) 49

Well, they're already opting to have damaged natural joints like hips and knees replaced. That's a case of upgrading from natural to artificial to gain function. As the performance of artificial limbs increase, it might become an increasingly commonplace treatment for older people, just like knee or hip replacement.

If we project that trend forward for twenty or thirty years I wouldn't be surprised at all to see artificial legs that outperform natural legs for the purposes of walking or even running. But I don't think people with normal abilities will be trading in their limbs just to be able walk a little longer, run a little faster, or carry more weight. That won't happen until the replacement is subjectively indistinguishable from the real thing; until you can feel the grass under your toes.

I'm comfortable predicting locomotion parity in the next fifty years, but I wouldn't care to speculate on when we'll see sensory parity.

Comment: Re:all of that can be fixed (Score 1) 150

It is about politics.
In the public sector it isn't about your wins, but how bad your losses are.
If you report a problem, it gets escalated all the way to the top, where you get your elected officials who got there because they talk. Where then it goes back down to find the person to fire because of the issue. The general public will not be happy until they fire someone for the issue. Granted the person who made the mistake are probably the one who will not cause it again. But you fire them, shame them, make sure they will not work in that field ever again.

So yes if you see a problem you are better off to claim ignorance, then have fingers pointed at you.

Comment: Once more into the breech, dear friends. (Score 3, Insightful) 99

by hey! (#49735075) Attached to: US Levels Espionage Charges Against 6 Chinese Nationals

I have no problem with going after people who steal trade secrets, anything more than I have a problem with going after people who steal nuclear secrets. The only thing is that the FBI has a long history of racist paranoia about Chinese scientists, from Quan Xuesen in the early 50s to Wen Ho Lee in the 90s.

Rhwew may well of a legitimate case against these guys and if they do I hope they nail the bastards. But I'm not jumping to any conclusions based on FBI say-so.

Comment: Re:beat that straw man, beat it hard (Score 1) 150

by hey! (#49735011) Attached to: Survey: 2/3 of Public Sector Workers Wouldn't Report a Security Breach

You're the one worried about passwords that can be broken in 25 years; that's a non-issue. The issue is security that works well enough for long enough and is workable for the users. Impressive sounding, inflated requirements means something else has to give: price, performance, or usability.

Comment: Re:Password updating (Score 1) 150

by hey! (#49734339) Attached to: Survey: 2/3 of Public Sector Workers Wouldn't Report a Security Breach

Well, once you've cracked the VPN traffic the password is almost a secondary concern, isn't it?

This is the wrong way to think about security, e.g. for a hypothetical world where users adhere to anything you demand of them no matter how intrusive or onerous that is. In reality if you decide that usability and convenience aren't factors in your planning then that's actually an oversight which will come back to bite you on the ass someday. The only thing you can say for that approach of wishing usability away is that when disaster comes you'll be able to point the finger of blame at the users -- even though their non-adherence is a predictable result of your poor understanding of system requirements.

The world is no nursery. - Sigmund Freud

Working...