Forgot your password?
typodupeerror

Comment: Re:Wikipedia is unreliable (Score 1) 108

by plover (#47567767) Attached to: An Accidental Wikipedia Hoax

My point is there are not enough searchers working on our behalf, primarily because there is not enough incentive. (The NSA and Chinese may have found the bug years ago, for all we know, but they have a strong incentive to find vulnerabilities. Not enough people are paying White Hats to find these bugs and get them fixed.) Linus' Observation uses the clause "given enough eyeballs", which implies to the reader that someone is actually providing the appropriate number of eyeballs required. That implied assumption is made every time someone says "Open Source software is more secure than proprietary software, because of Linus' Law." But it simply hasn't proven to be a realistic assessment, or a very effective guarantor of security.

There's an unwritten corollary at play here: "given enough code, you won't have enough eyeballs." And that's something else keeping Linus' Observation from becoming a valid hypothesis. It even applies to this story, as well. "Given enough Wikipedia articles, there aren't enough fact checkers."

Comment: Re:Fire(wall) and forget (Score 2) 182

It doesn't matter if it's a rational argument backed up by facts or not, or if he's done a risk assessment, or if it's a free, cheap, or expensive firewall. The Payment Card Industry's Data Security Standard (PCI DSS) has as their very first requirement 1: "Install and maintain a firewall configuration to protect cardholder data." It's not an optional requirement, and you can't justify not having one.

If you're going to handle credit cards on the system, it has to be protected with a firewall.

If your POS vendor isn't requiring a firewall, either they are not selling a system that takes credit cards, or they are selling shoddy, insecure systems that are in violation of PCI DSS. Fixing these problems will cost you dearly; worst case, they are setting you up for a breach.

Comment: Firewall != Windows Firewall (Score 1) 181

You said they disabled the local firewall. That's how I'd run most Windows servers on a network of any size, because the local firewall just eats up resources on the server that could be better used for the server's actual job. The firewalls should be proper hardware firewalls built into the networking infrastructure located a) between the outside world and the client networks to control access to the network in general, b) between the POS terminal segment and the server segment to control what access the terminals have to the servers and to block the servers from unnecessary access back to the POS terminals, and c) between the two client networks you mention to control what access each client has to the other's network.

The Windows Firewall itself is fairly useless in a large network because as far as incoming connections go it can't control things any better than a hardware firewall can, and for outgoing connections it's pointless because any malware that might try making unwanted outbound connections has to be assumed to have enough access to disable or bypass the Windows Firewall.

Comment: Re:Wikipedia is unreliable (Score 2) 108

by plover (#47566779) Attached to: An Accidental Wikipedia Hoax

'Heartbleed'.

It took 4 years before it was discovered, and even then, it was only found because it was a security-related bug. Shallow bugs don't cause the Internet to break.

"Linus's Law" is a failed hypothesis; it is not a theory, and certainly not a law. The distinction is important. At best, it could be rewritten as "Linus's Oft-Repeated Wish."

Comment: Re: Citing Wikipedia (Score 1) 108

by plover (#47566667) Attached to: An Accidental Wikipedia Hoax

So you read the history and discussion pages for that Wikipedia topic. Then you get all sides of the argument (for popular topics).

I would do this kind of research if I were referencing a hot-button topic, or a political figure, etc. I expect multiple viewpoints, vandalism, and trolls are all intertwined when the topic is controversial or widely publicised. I do not expect such nonsense on a page for a children's book, or on satellite orbital mechanics, and would not necessarily think to dig in there.

Comment: What I've got against Israel ... (Score 1) 765

by jandersen (#47566565) Attached to: Gaza's Only Power Plant Knocked Offline

Now, why do I put such a subject header on my comment, when I know it will have me branded as 'anti-Semit' before I even start? Well, because it doesn't actually make much difference - as soon as anybody voices any concern over what Israel does to the Palestinians, they are stamped that way, no matter how carefully and well-intended their put their words. But maybe, just maybe, if I start out being provocative, I can get at least somebody in the automatically responding, pro-Israel faction to at least think and try to see the issue in a more nuanced way.

I am not against Israel's right to exist as a nation; I am pragmatic about it. The state that calls itself Israel is no doubt founded on a historically dubious justification, but it is a current reality and that is what we have to consider. But on the other hand, I don't think what Israel is doing is right, not by many miles. It is not right to annex palestinian territory - if it wasn't right of the European nations to establish colonies all over the world in the 18th and 19th centuries, then it isn't right for Israel to do this now.

And how can it be right for Israel to smash up Gaza's infrastructure, hospitals and schools, killing 10 - 100 Palestinians for every Israeli? The answer is of course, that it isn't. And the outcome in the long run is inevitably that Israel will erode the support it has in the rest of the world. The West has been far too permissive with Israel, because of a long, bad conscience for the Holocaust; but the power of Europe and America is on the wane, and the new powers don't have that historical background. At some point you guys will lose all your allies - what will you do then?

Most of us criticise Israel because we care, and because we expect that you can do so much better - if only you would try. But arguing with you is like arguing with Scientology or Jehovah's Witnesses; there is no honest dialogue taking place. All you do is look for ways to mishear or misinterpret any criticism, and find ways to twist it around as a weapon. Sometimes I don't think you guys want friends in the world; sometimes I think you are addicted to this never ending conflict, because if it ends, you have to look at yourselves and see what miserable creatures you have become; caricatures of the evil bullies that broke you during the Holocaust.

Comment: Re:Car analogy? (Score 2) 213

by plover (#47566033) Attached to: Ford, GM Sued Over Vehicles' Ability To Rip CD Music To Hard Drive

Could someone explain this to me with a car analogy?

Imagine you have an iPhone, and you rip CDs in iTunes to fill it up with copies of your music. Now, you want to go down to that place on the corner where they serve really good lunch. You put in your earbuds, crank up the ripped music, and start walking to lunch. As you proceed down the street, a lonely old man staggers and falls. You rush over to help him, and realize he's having a heart attack. You use your iPhone to call for emergency services, and wait with the man for help to arrive. While you are sitting on the sidewalk, and a greasy man in a cheap suit walks up and says "I'm a lawyer, and I'm going to sue you for not saving this man's life." Just then, a cop driving a Ford screeches to a halt, running over the lawyer, backing up, and hitting him again.

It's the opposite of that.

HTH. HAND.

Comment: Re:What's the point? (Score 1) 169

by meta-monkey (#47565435) Attached to: Senate Bill Would Ban Most Bulk Surveillance

We haven't had an election since the spying scandal broke. We haven't seen what kind of impact candidates' stances on spying will have on their electability. We also haven't seen the resolution of the EFF and ACLU lawsuits now that the leaks have provided standing.

There are four boxes to use in defense of liberty: soap, ballot, jury, ammo. Use in that order. Right now we're still on soap. That's what we're doing right now. Bitching about it on the internet is our duty. We'll find out how well ballot works with regards to this legislation and the 2014 and 2016 elections. Jury is just getting ramped up. Patience. The system is supposed to work slowly.

Comment: As a general comment... (Score 1) 168

by tlambert (#47563727) Attached to: Ask Slashdot: Where Can I Find Resources On Programming For Palm OS 5?

As a general comment... it's pretty funny that this wouldn't be an issue, since they complied with the GPL as they were required to do, and published their sources.

Only the politics of Open Source is such that the projects that they published the changes for were not updated to include the changes, because they felt that it was not their responsibility to update their projects to include someone else's changes to their projects. They felt, instead, that it was the responsibility of the people making the changes to join their projects, and then make the changes with the editorial oversight of the community.

This is somewhat ironic, since they wouldn't have published the sources in the first place, if it hadn't been for the license.

So it's interesting to me that you can more or less not comply with the license by complying with it, and that the license is only effective for however long your product and company are around, and, if not picked up by the community to be carried forward, get lost after a short period of time, even if the company continues to exist.

I guess I wonder if it's legal to sell remaindered product (or used product) without offering the sources, per the terms of the license, or if, after that period of time, the products become illegal to transfer the binary licenses, since the originators are no longer around, and you cant appeal to them in order to get around your personal obligation, as the seller/reseller, to make the sources available any more (but you, as the middleman, failed to take advantage of the offer while it was possible to do so).

Probably, projects need to be a little less pissy about integrating third party changes, fixes, and extensions back into their main line.

Comment: Re:The Hobbit didn't take the material seriously (Score 1) 131

by jafac (#47563593) Attached to: The Hobbit: the Battle of Five Armies Trailer Released

What's funny, is that I remember for DECADES, fans bemoaned the lack of a good LOTR/Hobbit adaptation, because the special effects weren't good enough. We had the Ralph Bakshi atrocity, then the Rankin-Bass embarrassment. (and for the hipsters, the little-known black-and-white Russian adaptation). Then. . . Nothing. No studio was going to invest their good money into such a farce. Then Peter Jackson came along, with some contacts who had a CGI technique that could maybe make human actors look like Hobbits - then, we finally got LOTR.

And there was great rejoicing among the FANS. But if you really want to look at LOTR with a critical eye, step back and take a look at it, and yeah, it was pretty stretched-out (and at the same time, weirdly had the feeling of being tightly compressed; like months of road-travel and hiking crammed into a 30-minute TV episode compressed.) (I hike. And I don't know how you make a long hike "interesting" to a cinema audience. But that experience, of long day-after-day exposure to nature, that absolute breathless awestruck feeling when you behold the spectacle of pristine wilderness, the deafening silence, the overwhelming feeling of "letting-go" of your personal safety in the face of insects, weather, predators, rough terrain, homesickness, isolation, struggle, confusion, physical exhaustion, was all very deftly conveyed in Tolkein's prose, and totally absent from the movies). But, overall, still better than the Bakshi version of the movie.

Hobbit takes that to the next extreme. I think it's obvious that the Studio wasn't going to fund Hobbit unless they could milk it to the same profitable extent that LOTR was milked. Only, it's like 1/10th the literary material to work with. I think it's also apparent that the creative team had a difficult time making that requirement work. My guess is that everybody was all geared up to accept this new whizbang 48 fps 3d technology, and that they were hoping that this would make these movies so visually engaging that the audience wouldn't care about the pacing and story and plot problems. I think that they almost certainly fell into the groupthink trap, and bought into their own bullshit, and somehow, anybody who had any nagging doubts was just never in a position to say; "fuck, this is awful, we need to back up and fix this shit." because, by that time, it was probably too late, and the only impact of speaking-up would be to end one's career in the industry. I've been on projects like that. I know that feel.

Comment: Re:SDK available here: (Score 1) 168

by tlambert (#47563461) Attached to: Ask Slashdot: Where Can I Find Resources On Programming For Palm OS 5?

Following the link to the SDK gives a 404. Palm development tools were never readily available even when the platform was popular. Now they're almost impossible to find. Obstructing access to development tools is one sure-fire way to kill off a platform.

Pretty sure they want it dead.

Comment: Re:SDK available here: (Score 1) 168

by tlambert (#47563457) Attached to: Ask Slashdot: Where Can I Find Resources On Programming For Palm OS 5?

Perhaps next time you should do a little searching around for the fille PODS_1_2_OpenSrc_Orig_Mods.zip which can no longer legally be distributed before you ask me to distribute it, rather than merely giving you enough information that you could find it if you were smart enough to be able to do the type of programming that the OP is asking to be able to do in the first place, since it's going to be pretty useless to you otherwise.

Comment: $1000, not $300 (Score 1) 40

by Animats (#47563223) Attached to: A Look At the Firepick Delta Circuit Board Assembler (Video)

Their presentation for investors quotes a sale price of $1000, not $300. At that price they might be able to do it. How well they'll do it remains to be seen.

Their presentation is all about their XY positioning mechanism. But that's not the problem. The hard problem is dispensing solder paste reliably and precisely, sticking the component down, and using hot air to solder it into place. As with low-end 3D printers, most of the problems are where the weld/soldering action takes place. They don't say much about how that's done.

The important thing is doing a consistently good soldering job. Nobody needs a machine that produces lots of reject boards.

+ - Is running mission-critical servers without a firewall a "thing"?

Submitted by Anonymous Coward
An anonymous reader writes "I do some contract work on the side (as many folks do), and am helping a client set up a new point of sale system. For the time being, it's pretty simple: selling products, keeping track of employee time, managing inventory and the like. However, it requires a small network because there are two clients, and one of the clients feeds off of a small SQL Express database from the first. During the setup the vendor disabled the local firewall, and in a number of emails back and forth since (with me getting more and more aggravated) they went from suggesting that there's no NEED for a firewall, to outright telling me that's just how they do it and the contract dictates that's how we need to run it. This isn't a tremendous deal today, but with how things are going odds are there will be e-Commerce worked into it, and probably credit card transactions.. which worries the bejesus out of me.

So my question to the Slashdot masses: is this common? In my admittedly limited networking experience, it's been drilled into my head fairly well that not running a firewall is lazy (if not simply negligent), and to open the appropriate ports and call it a day. However, I've seen forum posts here and there with people admitting they run their clients without firewalls, believing that the firewall on their incoming internet connection is good enough, and that their client security will pick up the pieces. I'm curious how many real professionals do this, or if the forum posts I'm seeing (along with the vendor in question) are just a bunch of clowns."

We have a equal opportunity Calculus class -- it's fully integrated.

Working...