Forgot your password?
typodupeerror

Comment: We protected 1 billion people by notifying trusted (Score 1) 104

by raymorris (#46787719) Attached to: Heartbleed Sparks 'Responsible' Disclosure Debate

This was handled similarly to a flaw I discovered, and I think it makes sense. Facebook, for example, has about a billion users. If you have a colleague you trust at Facebook, informing that one colleague can protect Facebook's billion users.

The risk is of a leak before a fix is widely deployed is dependent on a) the number of people you inform and b) how trustworthy those people are to keep quiet for a couple of days. It's quite reasonable to minimize the risk of a leak by keeping it low profile for a few days, while minimizing the damage by protecting as many people as possible.

For CVE-2012-0206 , developers knew that wikimedia was the largest user. Wikipedia and related properties account for over half the the end-users that could be affected. So by letting just one person know about it ahead of time, we could protect millions of wikipedia users. That seems like a good trade, so we let wikipedia have the patch 24 hours before the main distros like Red Hat put the patch out publicly and the vulnerability became well known. Nobody was harmed by hearing about it on Tuesday rather than on Monday, and all of wikipedia's users were protected from being affected by keeping it secret for a day while wikipedia's servers were patched.

Comment: Why free and fun? I review FOSS for a living. (Score 2) 104

by raymorris (#46787519) Attached to: Heartbleed Sparks 'Responsible' Disclosure Debate

> Indeed, who would review other people's code for free or for fun?

Some people do, of course. I have, specifically for security issues, because that's a major resume point in the security world - having actually found and fixed real-world security issues.

99% of the time, I'm being paid to review and improve open source code. All of those companies that use open source, including Google, have a vested interest in making sure that the code they use is good. Since it's open source, the Google techs can actually dig into the code and find issues like this, then fix it, just like they did in this case. They didn't do it for free and for fun, they did it because Google relies on OpenSSL.

My employer also relies on OSS. My job is to administer, maintain, and improve the OSS software we use. I've found and fixed security issues. Not for free and for fun, but because we want our systems to be secure, and having the source allows me to do that.

When I craft an improvement, at LEAST three people have to look at it before it's committed upstream. Typically, five or six people will comment on it and suggest improvements or state their approval before it's finalized.

Comment: How so? What creates that constraint? (Score 1) 82

by raymorris (#46787287) Attached to: NASA Proposes "Water World" Theory For Origin of Life

> Although evolution isn't an explanation of how life began, it does introduce some constrictions on what that explanation can include.
> For instance, all life on earth today is descended from a single common ancestor. Plants, animals and humans were not created apart from each other, one at a time.

We know that the iPhone "evolved" from early cell phones via natural selection aka market selection.
We know that the latest cars similarly "evolved" via a process analogous to biological evolution.
We also know that cars and phones don't share a common ancestor - they evolved separately.
We know that one type of bird evolves into another, while on the other side of the planet one type of rodent evolves into another, separately.

How does biological evolution introduce the constraint that there must be a single common ancestor?
I see you have the belief that there may have been a single common ancestor, but I don't see how that's required for evolution to occur.

> Humans are descended from Apes. Without explaining how that process began,
> the evolutionary evidence about this constraint is emphatic and undeniable.
> This flies in the face of one obvious prominent creation myth.

One very narrow interpretation, perhaps, one that few people hold. Most people, I think, realize that the ancient wisdom in Genesis says things happened in this order:

0. There was nothing - the universe was without form.
1. Space (the stars and the heavens)
2. Earth.
3. Oceans and land masses
4. Sea life
5. Animals of the land and air
6. Lastly, humans

For hundreds of years, scientists said that was wrong. Today, we know that Genesis has the sequence correct, and has been correct for thousands of years. Yeah, if you assume that the "yom" between land animals and humans was 24 hours, that's not consistent with evolution. That's not the only meaning of yom, though.

Comment: Re:McArdle is astute (Score 1) 14

by mcgrew (#46787089) Attached to: Obamacare is Not a Single-Payer Conspiracy [Bloomberg]

What worries me about her is that she was in charge of Clinton's single-payer plan, and screwed it up royally. So far I don't like any of the candidates from either major party.

Either way I'll probably vote either Libertarian or Green. I cannot support a candidate who wants me in prison. The only way she'll get my vote is if the Republicans screw up in their Presidential nominations like they did with Illinois' Governor's race. They had one excellent candidate, two acceptable and a tea party billionaire who hates unions and middle class people. They chose the only candidate who could get me to vote for Quinn.

Morons. They'll probably nominate another tea party stinker who only cares about the 1%. If they do I'll have to vote for Clinton.

User Journal

Journal: Mars, Ho! Chapter Sixteen 1

Journal by mcgrew

Pressure
When I woke up, all my muscles were on fire. We would have had to turn the ship around today, and in fact that's what was scheduled, except for the meteors and the drama that followed.
Destiny was sleeping peacefully. I got up, thankful that we weren't at Earth gravity but wishing we had turned around for deceleration then, because they have it plotted so that you start the journey close to the planet you're leavi

Comment: Re:I switched from sitting to standing. (Score 1) 282

by swillden (#46786967) Attached to: Switching From Sitting To Standing At Your Desk
The desk I have is motorized. Push a button, takes about five seconds. Another option is to get a desk that is always positioned at standing level and a tall chair. That seems cheaper and more convenient but there are some downsides. One is that you have far fewer options in chairs than if you're getting normal-height chairs. Another is that changing the level of the desk is difficult, which is particularly problematic if the seating gets rearranged regularly.

Comment: Re:Shame this happened (Score 2) 95

by plover (#46786807) Attached to: Plant Breeders Release 'Open Source Seeds'

A lot of the animosity towards Monsanto comes from their overall behavior. Creating the terminator gene is first to mind. Next are the numerous allegations about misconduct: complaints that they do inadequate studies, they hire certain researchers expecting certain study outcomes, that they tamper with study results, and that they have bribed government officials. However, most of those reports come from the wacko anti-GMO crowd (who are really a bunch of anti-anything idiots), so it's hard to know if there's a shred of truth to any of the complaints.

The biggest gripe I have is their drive to produce pest- and herbicide-resistant crops. Every one of these is putting other farmers' crops at risk, because they're creating pesticide-resistant super-bugs and herbicide-resistant super-weeds. Those bugs and weeds don't limit themselves to Monsanto-seeded fields, they're natural organisms that spread, and those bugs are now attacking non-Monsanto crops, and the weeds are infesting non-Monsanto fields. Monsanto knew this was going to happen from the start of the program, they estimated it would take about 20 years for it to happen (it actually took less than 10 for the corn rootworm to evolve Bt resistance), yet they went ahead and did it anyway.

Had they focused their modifications only on creating high yield and high nutrition crops, instead of trying to fight the resistance battle, their overall agricultural activities would have been a lot more responsible.

Comment: Re:So much nonsense in terms (Score 2) 182

by plover (#46785689) Attached to: Criminals Using Drones To Find Cannabis Farms and Steal Crops

LED lamps do not put out nearly as much heat as High Pressure Sodium (HPS) lamps. I have a (disconnected) 400W HPS that I could easily have cooked on the top of the reflector, and probably broiled meat directly beneath it. I replaced it with a 144W LED floodlamp, and now I can hold the operating heat sink in my hand; the glass lens pane on the bottom is at room temperature. I am no longer concerned about fire safety in my house.

One major difference, though, is I'm growing orchids, which require far less light than cannabis. I need only two 144W LED floodlamps to illuminate a 72 square foot area. The pot growers will cram as many 400 W lamps in a grow operation as they can, sometimes a dozen or more in a single small room, whatever they can draw from the circuit breaker panel. They'll keep a large external vent fan running year round, including the dead of winter, to keep the room from igniting.

If I were to grow pot, I'm sure I'd need a lot more light fixtures, but even a dozen LED lamps in the same room probably wouldn't risk burning my house down.

Comment: Re:Enh as much as I dislike Oracle... (Score 2) 131

by plover (#46785595) Attached to: Oracle Deflects Blame For Troubled Oregon Health Care Site

Oracle consultants were in the midst of the mess, they saw the failings, they repeatedly reported to the state that the project was going off the rails, and yet they still managed to cash their paychecks.

Had the consultants actually threatened them with "either you hire a professional to do the systems integration or we're off the job," and had they then removed themselves from the failing project, they'd be 100% blameless. But they didn't walk away, they just wrote some CYA memos and collected their money.

Oracle gets to take as much blame as anyone for their mess.

Comment: indeed. nor why (Score 2) 82

by raymorris (#46784517) Attached to: NASA Proposes "Water World" Theory For Origin of Life

+1

Evolution doesn't try to explain how life began.
It is therefore funny to me thatsome people think there's a contradiction between evolution and ancient stories about how it began. Even more odd, some people assume the HOW is incompatible with ideas about WHY life exists. Those are three separate questions.
   

Comment: Re:Nonsense (Score 1) 281

by plover (#46783623) Attached to: Ask Slashdot: System Administrator Vs Change Advisory Board

Hes not saying "dont do that", hes saying "dont be an obnoxious obstacle when this stuff comes up." Tell them theyre doing it wrong, if they insist, fulfill the request to the best of your ability, and make sure you have records of where you told them they were doing it wrong.

That would be fine if it were true, and if it were the end of it. But it's not. The enablers take over. If the bad ideas aren't stopped early by facts, their owners proceed down whatever path they've concocted, and the further they get without objection the more convinced they are that it's the correct path. An enabler will not tell them they're on the wrong path; or they'll say it once, but never correct them again for fear of losing their job (only a blocker says "you're still on the wrong path".) Without honest feedback about the mistakes being made, you can go a long way before realizing that you've led yourself astray.

One big problem is the belief that all problems can be stopped by governance processes. Therefore, all these processes are designed to be a form of change prevention. The idea is that by preventing incorrect changes, you avoid risk. But a process cannot distinguish between an incorrect change and a valuable change until after it has executed, so it must slow them all down equally. A process also handles the unknown poorly - it is designed to handle only certain changes, and everything else is awkward or not streamlined.

Change approval processes also encourage lies. When someone has to get a change through a process, they will tick whichever checkboxes will get them through the process with the least amount of effort, struggle, or paperwork; they will not voluntarily tick the box that ensures a microscopic review of their change, even when it may be appropriate.

Worse than all of the above, governance processes are hugely inefficient in that they're after the fact: create a large pile of changes, try to deploy it, then wait around days, or weeks to learn only then that the changes aren't approved. The feedback from governance is so late that the developer has long moved on to other tasks. Stakeholders get their changes in months instead of minutes.

Another sign the process is off the rails is if the disapproval is issued due to failure to follow the process, not with problems in the task being attempted. Too many failing processes leads further around the vicious cycle of process 'improvement', that then creates a process to follow the process, inserting delays into the delays. (Yo, dawg, I heard you like process, so I put process in your process...)

If you ever want to read a story about how bad process can get in the real world, read Red Plenty by Francis Spufford. He tells an interesting tale of just how far the Soviet Union's bureaucracy went, including goofiness such as one process that valued a machine by weight. The more modern machine that doubled production weighed less than the older machine it replaced, therefore the older machine was more valuable, and the budget rules that ensured progress did not permit replacing a more expensive machine with a cheaper machine.

Instead of after-the fact governance process, strive for continual, automated testing, starting with Test Driven Development. Have a repeatable method for delivering products that have quality built in from their very design. Once you've established the trust, you can minimize the processes. Something else valuable is a fail-forward philosophy: if you acknowledge that bugs will happen no matter what ("Failure is always an option"), you can often survive by putting in place the ability to recover from defects within minutes by being able to push out new patches. So instead of trying to avoid all risk by using a big process, you can get away with minimal process by accepting a little risk. This is a great approach because everything moves fast, especially the delivery of benefits.

Comment: Re:Hypocrisy abounds (Score 1) 778

by argStyopa (#46782167) Attached to: Study Finds US Is an Oligarchy, Not a Democracy

To the Left, yes.

My favorite question to Democrats is: Quick, tell me 5 things that George W Bush said that were commendable.

I can easily find 5 banal positive things that Obama, or Kerry, or Clinton said that I agree with, despite disagreeing with them politically. I don't find them evil, just ignorant or misprioritizing things, so it's simple to find basic human statements I agree with.

If you can't find 5 positive things to say about your opponent, you're a zealot, and any discussion you enter is a waste of time.

Comment: Re:Voluntary? (Score 4, Interesting) 365

Getting from Hong Kong to Ecuador (or wherever he was going) without flying over any US or allied territory requires strange routes - just go to a flight booking flight and notice that the returned results mostly involve changes in the USA.

Taking such a route was wise - look at how US allies forced down the presidential jet of a LatAm leader just to search for Snowden.

But I'm really not sure why you're arguing with me about this. What happened to Snowden is a matter of public record, it's not something that's up for debate. He got stuck in Russia because the USA revoked his passport and he then wasn't allowed to board his onward flight. But once it became clear that no plane was safe, not even those with diplomatic immunity, if it flew over any US allied territory, he would have been an idiot to leave anyway because that would have been a direct flight into a lifetime of solitary confinement.

The moon is a planet just like the Earth, only it is even deader.

Working...