Forgot your password?

Comment: Re:Wat? (Score 1) 580

You seriously think that black hats bother with reading millions of lines of code in the hope of finding an exploit when all they have to do is play with the data sent to services/applications and see if it misbehaves. Which is why exploits are equally found among closed and open softwares.

Generally I still think that open source projects have an advantage over closed source because there are more eyes on the code in a FOSS project. That being said shit does and will happen and unfortunately even in open source projects sometimes a whole lot of shit manages to pile up before it finally hits the fan which of course then results in a particularly big and very stinky mess like Heartbleed. What the OpenSSL team seems to have failed to do is to perform a really serious amount of destructive testing on their library which, as you pointed out is essentially what black hats do to find these kinds of vulnerabilities anyway. This is not surprising since quality assurance and testing seems to be a bit of a poor relations many FOSS projects just like it is in the closed source community. Another thing I'd try if I was a black hat is to run some kind of static code analyser on the codebase that can identify this kind of problem so that might be another thing the OpenSSL team can try if they aren't doing it already. Finally, when something is as widely used and fundamental to the workings of the internet and online commerce as OpenSSL is one would expect that perhaps some of the big beneficiaries of the OpenSSL project like Google, Apple, Amazon, Facebook etc. could foot the bill to do some suitably paranoid amount of quality assurance on it and other such FOSS projects. After all it's not like any of them is short of cash now is it and maybe these corporations could invest some of that cash they avoid paying in taxes to make everybody's digital lives a little safer by offering bounties for OpenSSL bugs? (...and yes, I know that expecting corporations to show communal responsibility is a long shot but hope springs eternal)

Comment: Re:Well, yeah (Score 4, Insightful) 134

Spy agency's job is to spy. It'd be remiss of them not to use such a security hole.

The question is, would he allow the NSA to exploit a similar vulnerability against Americans. And I think we already know the answer to that one too.

No, the role of the NSA is not just to gather SIGINT, the NSA iis also tasked with preventing unfriendly entities from gathering SIGINT which is why the NSA initiated and open sourced SE Linux just to cite one example. So the question here is should the NSA put every single American SSL using business at risk for years on end to protect a single source of SIGINT? After all, foreign intelligence services may not have to budget of the NSA but they are not stupid either, they can discover bugs like Heartbleed just as easily as the NSA can and might well use it sufficiently stealthily for the NSA not to notice that they aren't the only ones sitting on this vulnerability. When do the costs of spying outweigh the benefits?

Comment: Re:Audit time (Score 1) 322

by Savage-Rabbit (#46736673) Attached to: IRS Misses XP Deadline, Pays Microsoft Millions For Patches

So the IRS missed a deadline they knew was coming... I wonder what they would do to any of us in a similar but different situation?

he IRS isn't the only SNAFU out there by any stretch of the imagination. They are in good company along with many members of the much vaunted and ever efficient private sector when it comes to missing this particular deadline.

Comment: Re:Especially solar cells and carbon fiber windmil (Score 2) 214

The average person's ability to "invest tomorrow" is piss poor, that's why they need a push sometimes. Investing in the short term now in renewable energy is going to result in significant price decreases in the future, especially when you consider the likely future path of oil prices.

The people who made a killing on Google/Apple stocks were the ones who got in early and took a risk. Is it any different with renewables? The ones who get in early are the ones who reap the most benefits. Whoever invests in renewables research and development now, when it is painful and expensive, will be the one who comes out on top later when everybody else is forced to make that transition in a third of the time and with much more pain than you can do it now because these early adopters will be sitting on mature technology and the means to mass produce it and everybody else will either be doing lots of business with them or frantically playing catch-up.

Case in point:

Renewables also have a political dimension. If anybody in Germany thought the Energiewende was expensive (and a lot of people do), they have now had cause to reconsider as they watch Vlad Putin sitting in Moscow with his hand on the gas valve threatening to shut it off unless the NATO powers feed him the Ukraine on a plate.

Comment: Re:IANA Physicist, So... (Score 5, Funny) 630

by Savage-Rabbit (#46708813) Attached to: Navy Debuts New Railgun That Launches Shells at Mach 7

Oxygen, it's in the air...

fine vaporized particles of metal...


And that, ladies and gentlemen, is a demonstration of what we science nerds like to call 'simple science for senators". The amazing thing about it is that you can actually get billions of dollars in funding using this simplified approach when brilliantly researched and written scientific papers fail miserably. Go figure!?!?

Comment: Re:No. (Score 2) 226

by Blakey Rat (#46683593) Attached to: Should Microsoft Give Kids Programmable Versions of Office?

I agree that Visual Basic .NET is a lot less "learnable" (for lack of a better word) than old-school Visual Basic.

But what feature do you think the Express version of Visual Studio lacks for this use? (Ignoring for a moment that students generally can get a full version of VS for very cheap or free through their school.) Why the all-caps on the word "FULL"?

Hell, from my experience, most actual dev shops don't even use the FULL ("Ultimate") version of Visual Studio, the standard edition is fine for 99.9% of use-cases.

Comment: Should Microsoft X? Should Microsoft Y? (Score 4, Funny) 226

by Blakey Rat (#46683523) Attached to: Should Microsoft Give Kids Programmable Versions of Office?

Should Microsoft be forced to support XP? Should Microsoft give kids Office? Should Microsoft start making hybrid cars out of farm waste?

Maybe a better question should be: does any decision-maker at Microsoft give a tenth of a fuck about what any Slashdot poster has to say? I'm wagering the answer to that one is: no.

Comment: Re:adware is malware (Score 2, Insightful) 177

I've never heard of "crapware" before, but charging money for something that has no monetary value (as it's offered for free by another entity) sounds to me like fraud.

That's complete nonsense; if true, it would mean nearly every piece of commercial software was fraud, from office software to image editing software to antivirus software.

Comment: Re:Tracking` (Score 4, Insightful) 233

And yet, people stated that "it would be soooo expensive" to add proper tracking to planes.

It is. As a manufacturer you have to machete your way through a jungle of red tape, get all manner of safety assessments etc. to even be allowed to install the ADSC-B/C equipment on the aircraft. This is very time consuming and expensive, which is one reason why all aircraft avionics and generally anything that goes into an aircraft is by definition obscenely expensive to buy (right down to LCD screens and coffee makers) and why old airliner designs get reworked (it's a smaller bureaucratic workload to get a new variant of an existing design flying than a totally new design). If this seems like dumb bureaucracy keep in mind that aircraft have been lost to crappy installation of retrofitted electronics (a good example being Swissair Flight 111). To install the equipment your airline has to ground the aircraft for at least a week (installation costs and lost revenue). Depending on the type of aircraft you operate and its age there may not even have been provision for the ADSC-B/C equipment which means airframe modifications and more downtime (yet more lost revenue and expenses) followed by more certifications and inspections. On top of that different ATC areas sometimes require you to have different equipment. Even simple stuff like software upgrades only happen at a glacial pace so if you think that fixing a simple software bug on an airliner is as simple as downloading an install package from the support section of the Boeing/Airbus website, uploading it to your USB stick, plugging it into a USB socket in the dashboard of your Boeing 777 airliner and selecting "Update firmware" on the FMS screen you have another thing coming. Airliners are one of the safest modes of transportation but that comes at a cost in time and money.

Comment: Re:Android Body Needed (Score 2) 40

> a new division that aims to 'merge biology, engineering, and computer science to harness the power of natural systems for national security

In other words, Dick Cheney needs an android body urgently.

Is that a good idea? He was dangerous enough with a shotgun, he will be a walking disaster when he can shoot laser beams form his eyes.

Comment: Re:Just to be clear (Score 4, Interesting) 66

by Savage-Rabbit (#46647081) Attached to: Fukushima Photo Essay: a Drone's Eye View

Just to be clear here: the devastation is all due to the tsunami, not to the reactor failure. Foreign media seem to often forget or ignore that the disaster was the earthquake and tsunami. That's what killed almost 20k people dead and destroyed the homes of many hundreds of thousands of people.

It seems to me that the root of the Fukushima disaster was the decision to build a nuclear power plant in a place where there was even the remotest chance of Tsunami damage. The government of a country whose history is littered with Tsunami disasters should have known better. The design basis for tsunamis at Fukushima was 5.7 meters, it should have been: "Don't build a nuclear plant within 20-30km of the coast and even then put it on high ground" and keep in mind that this restriction does not account for earthquakes although the Fukushima plant survived a magnitude 7.7 quake rather well so at least in that regard it was better designed..

Never say you know a man until you have divided an inheritance with him.