Forgot your password?

Comment: Re:Arrest the Credit Card Issuers? (Score 1) 292

by gstoddart (#47557905) Attached to: A 24-Year-Old Scammed Apple 42 Times In 16 Different States

No kidding, any system which comes down to "I have a number, trust me" is pretty flawed.

Obviously, Apple was doing something wrong since they're on the hook for it, but you'd really think there would have to be some validation inherent to this.

This sounds like it boiled down to "declined, declined, declined, OK, go ahead". That's crazy.

Comment: Wow ... (Score 5, Interesting) 292

by gstoddart (#47557649) Attached to: A 24-Year-Old Scammed Apple 42 Times In 16 Different States

But that's the problem with this system: as long as the number of digits is correct, the override code itself doesn't matter.

Who the hell came up with that idea?

That's no security in any meaningful sense of the word.

I'm betting some lobbyist made it so that the banks didn't really need to do anything concrete, just look like they were.

If that's all that's required, the banks deserve to be getting ripped off.


Put Your Code in the SWAMP: DHS Sponsors Online Open Source Code Testing 55

Posted by timothy
from the they'll-take-a-look-see dept.
cold fjord (826450) writes with an excerpt from ZDNet At OSCon, The Department of Homeland Security (DHS) ... quietly announced that they're now offering a service for checking out your open-source code for security holes and bugs: the Software Assurance Marketplace (SWAMP). ... Patrick Beyer, SWAMP's Project Manager at Morgridge Institute for Research, the project's prime contractor, explained, "With open source's popularity, more and more government branches are using open-source code. Some are grabbing code from here, there, and everywhere." Understandably, "there's more and more concern about the safety and quality of this code. We're the one place you can go to check into the code" ... funded by a $23.4 million grant from the Department of Homeland Security Science & Technology Directorate (DHS S&T), SWAMP is designed by researchers from the Morgridge Institute, the University of Illinois-Champaign/Urbana, Indiana University, and the University of Wisconsin-Madison. Each brings broad experience in software assurance, security, open source software development, national distributed facilities and identity management to the project. ... SWAMP opened its services to the community in February of 2014 offering five open-source static analysis tools that analyze source code for possible security defects without having to execute the program. ... In addition, SWAMP hosts almost 400 open source software packages to enable tool developers to add enhancements in both the precision and scope of their tools. On top of that the SWAMP provides developers with software packages from the National Institute for Standards and Technology's (NIST) Juliet Test Suite. I got a chance to talk with Beyer at OSCON, and he emphasized that anyone's code is eligible — and that there's no cost to participants, while the center is covered by a grant.

Comment: No, it isn't and they don't (Score 1) 143

by jd (#47556521) Attached to: OKCupid Experiments on Users Too

The Internet is not powered by experiments on humans. Not even in the DARPA days.

No, websites do NOT experiment on users. Users may experiment on websites, if there's customization, but the rules for good design have not changed either in the past 30 years or the past 3,000. And, to judge from how humans organized carvings and paintings, not the past 30,000 either.

To say that websites experiment on people is tripe. Mouldy tripe. Websites may offer experimental views, surveys on what works, log analysis, etc, but these are statistical experiments on depersonalized aggregate data. Not people.

Experiments on people, especially without consent, is vulgar and wrong. It also doesn't help the website, because knowing what happens doesn't tell you why. Early experiments in AI are littered with extraordinarily bad results for this reason. Assuming you know why, assuming you can casually sketch in the cause merely by knowing one specific effect, is insanity.

Look, I will spell it out to these guys. Stop playing Sherlock Holmes, you only end up looking like Lestrade. Sir Conan Doyle's fictional hero used recursive subdivision, a technique Real Geeks use all the time for everything from decision trees to searching lists. Isolating single factors isn't subdivision because there isn't a single ordered space to subdivide. Scientists mask, yes, but only when dealing with single ordered spaces, and only AFTER producing a hypothesis. And if it involves research on humans, also after filling out a bloody great load of paperwork.

I flat-out refuse to use any website tainted with such puerile nonsense, insofar as I know it to have occurred. No matter how valuable that site may have been, it cannot remain valuable if it is driven by pseudoscience. There's also the matter of respect. If you don't respect me, why should I store any data with you? I can probably do better than most sites out there over a coffee break, so what's in it for me? What's so valuable that I should tolerate being second-class? It had better be damn good.

I'll take a temporary hit on what I can do, if it safeguards my absolute, unconditional control over my virtual persona. And temporary is all it would ever be. There's very little that's truly exclusive and even less that's exclusive and interesting.

The same is true of all users. We don't need any specific website, websites need us. We dictate our own limits, we dictate what safeguards are minimal, we dictate how far a site owner can go. Websites serve their users. They exist only to serve. And unlike with a certain elite class in the Dune series, that's actually true and enforceable.

Comment: Re:So what? (Score 3, Insightful) 214

by gstoddart (#47556105) Attached to: Free Copy of the Sims 2 Contains SecuROM

You know, after the Sony rootkit issue, I do kind of expect vendors to be up front about this.

Because, "hey, here's our software, oh, it might wreck your computer" is kind of a big deal.

These companies feel entitled to install all sorts of crap on your machine. But, this being EA, it's already crap.

They really should be required to tell you the extra crap they're installing, because it has the potential to really fsck up your computer.

Comment: Re:How to regulate something that is unregulateabl (Score 1) 152

by gstoddart (#47551609) Attached to: US States Edge Toward Cryptocoin Regulation

Being a cryptocurrency rather than a physical one also means that they can vanish your money with the click of a button instead of having to personally visit you.

So, tell me again, how is this different from most money these days?

Anything you have on deposit is pretty much just electrons. The vast majority of 'real' money is pretty much just as virtual these days.

fortune: cannot execute. Out of cookies.