Forgot your password?

Comment: Re:The power of EULAs only goes so far (Score 3, Interesting) 212

by davecb (#46784093) Attached to: Click Like? You May Have Given Up the Right To Sue

The intention is to convince the reader that they can't sue for the dead rat they found in their canned corn, so they won' t try.

A former employer shipped rat-enhanced corn once, and was both sued and fined for doing so. They became very thorough about warning the employees to watch out for furry critters in the plant (;-))

Comment: Solving the wrong problem (Score 1) 285

by davecb (#46778069) Attached to: Ask Slashdot: System Administrator Vs Change Advisory Board

In a previous life, we passed around virtual machines rather than doing paperwork. Paperwork is to be sure you have a plan to solve the explosion-and-revert problem.Managing machines instead of paper allowed us to include a process for doing an immediate revert on explosion (;-))

The VMs we passed around were Solaris zones, so they were very lightweight. If I wanted to apply an emergency patch to production, I first applied it to an image, put an instance on pre-prod, a physical machine, and varied it into test. After the smoke-test, I varied it into the pool on the load-balancer, and watched it closely. If it fixed the problem and didn't explode, I put lots of instances on the production physical servers and put them into the load-balancer, quiescing the un-patched instances but not erasing them. If the patch blew up after all, I could revert to the previous buggy release as fast as the load-balancer could disconnect people. Not quite as fast as doing an atomic change on a single server, but fast.

This is a minor variant on some old unix norms: 1) you aren't prohibited from doing even silly things, as prohibitions will keep you from doing something brilliant. 2) You can do anything, but you can't hide what you did, 3) you can change things atomically while running, and 4) if you do something dumb, you can revert it immediately.

The process is a variant/predecessor of ITIL, with pre-set apply and revert steps for emergency changes, which are the high-value part of the whole ITIL change process. Non-emergency changes were a little more heavy-weight, as we tested the patch in an instance in QA, then did a simulated UAT overnight (it was automated, but exceedingly slow), reviewed the results and then the de-facto board decided if we could release the image to production, QA and dev. Your paper-oriented CAB does approve all patches to QA and dev, right? I'll bet they missed that part (:-))

I did once have a customer where I had to do paper-based CAB approvals, but that was because we weren't funded to have a proper dev, and had no QA at all. As you might guess, we still had at least one fiasco. I shortened the contract as much as I could without doing a no-bid in the middle.

Comment: 52 million pictures, >= 2,421 false positives (Score 2) 108

by davecb (#46763067) Attached to: 52 Million Photos In FBI's Face Recognition Database By Next Year

According the wikipedia, the number of pictures being seen as the same with probability p is =sqrt(2d * ln(1/1-p)) If d is 52,000,000 and we use a 99% probability, then for each 21,884.6 pictures we get a false positive with a perfectly accurate matcher. And there are no perfect matchers.

This is a variant of the birthday paradox, where it only takes 100 people to get a 99.9% chance of them having the same birthday, and a mere 23 people to get a 50% chance [wikipedia].

The German Federal Security Service rejected facial matching years ago, for exactly this reason, when I was working for Siemens. The Americans did not, and supposedly stopped someone's grandma for being a (younger, male) terrorist.

If they use this, expect a week or so of everyone's grandma being arrested (;-))

Mathematicians, please feel free to check me on the numbers: I suspect I'm rather low...

+ - Civil Liberties Association files class action for all Canadians, against spies->

Submitted by davecb
davecb (6526) writes "The British Columbia CLA filed a class action on behalf of all Canadians, against our security services' collecting of metadata, because it allows for a profile to be created of the individuals involved. It's a tough class for a court to certify, but to qualify, the BCCLA needed a class that they knew contained people who were spied upon."
Link to Original Source

+ - Apple's Spotty Record Of Giving Back To The Tech Industry->

Submitted by chicksdaddy
chicksdaddy (814965) writes "One of the meta-stories to come out of the Heartbleed ( debacle is the degree to which large and wealthy companies have come to rely on third party code ( — specifically, open source software maintained by volunteers on a shoestring budget. Adding insult to injury is the phenomenon of large, incredibly wealthy companies that gladly pick the fruit of open source software, but refusing to peel off a tiny fraction of their profits to financially support those same groups.

Exhibit 1: Apple Computer. On Friday, IT World ran a story that looks at Apple's long history of not giving back to the technology and open source community. The article cites three glaring examples: Apple's non-support of the Apache Software Foundation (despite bundling Apache with OS X), as well as its non-support of OASIS and refusal to participate in the Trusted Computing Group (despite leveraging TCG-inspired concepts, like AMDs Secure Enclave in iPhone 5s).

Given Apple's status as the world's most valuable company and its enormous cash hoard, the refusal to offer even meager support to open source and industry groups is puzzling. From the article:

"Apple bundles software from the Apache Software Foundation with its OS X operating system, but does not financially support the Apache Software Foundation (ASF) in any way. That is in contrast to Google and Microsoft, Apple's two chief competitors, which are both Platinum sponsors of ASF — signifying a contribution of $100,000 annually to the Foundation. Sponsorships range as low as $5,000 a year (Bronze), said Sally Khudairi, ASF's Director of Marketing and Public Relations. The ASF is vendor-neutral and all code contributions to the Foundation are done on an individual basis. Apple employees are frequent, individual contributors to Apache. However, their employer is not, Khudairi noted.

The company has been a sponsor of ApacheCon, a for-profit conference that runs separately from the Foundation — but not in the last 10 years. "We were told they didn't have the budget," she said of efforts to get Apple's support for ApacheCon in 2004, a year in which the company reported net income of $276 million on revenue of $8.28 billion."

Carol Geyer at OASIS is quoted saying her organization has done "lots of outreach" to Apple and other firms over the years, and regularly contacts Apple about becoming a member. "Whenever we're spinning up a new working group where we think they could contribute we will reach out and encourage them to join," she said. But those communications always go in one direction, Geyer said, with Apple declining the entreaties.

Today, the company has no presence on any of the Organization's 100-odd active committees, which are developing cross-industry technology standards such as The Key Management Interoperability Protocol (KMIP) and the Public-Key Cryptography Standard (PKCS)."

Link to Original Source

+ - Glenn Greenwald and Laura Poitras Return to U.S. Soil->

Submitted by rmdingler
rmdingler (1955220) writes "After remaining abroad since the Snowden revelations broke in June of last year, the two were in New York Friday to accept a Polk Award for national security reporting. Though they cleared customs without a hitch, they are traveling with an ACLU lawyer and a German journalist who are to "document any unpleasant surprises." According to Ms. Poitras, the risks of subpoena are very real.

What, if anything, do you expect the American government to do considering Snowden's case has been officially cited as violating the Espionage Act? nytimes"

Link to Original Source

+ - Do backups on Linux no longer matter?-> 5

Submitted by cogcritter
cogcritter (3614357) writes "In June of 2009, the dump/restore utilities version 0.4b42 for Linux's ext3 filesystem were released. This was the last version where incremental dumps could actually be used. A bug introduced in 0.4b43, one year later, causes restore to fail when processing an incremental backup unless, basically, no directory deletions occurred since the level 0 part of the backup set was taken.

The bug is certainly present in Debian Wheezy, and comments in Debian's defect tracking system suggest that the bug has permeated out into other distros as well.

How can Linux's backup/restore tools for its popular ext2/ext3 filesystem be broken for 3+ years, and nobody seems to care? Does nobody take backups? Or do they not use incremental backups? How many people are going to find themselves scrambling when they next NEED to restore a filesystem, and find themselves in possession of long-broken tools?

Just in case this article is where some hapless sysadmin ends up, the workaround is to go to, go to the files section, pull down the 0.4b42 version and build it for yourself. For me, I think going forward I'm going to switch to filesystem mirroring using rsync."

Link to Original Source

+ - The Comcast merger isn't about lines on a map,it's about controlling information->

Submitted by Anonymous Coward
An anonymous reader writes "Comcast and proposed merger partner Time Warner Cable claim they donâ(TM)t compete because their service areas donâ(TM)t overlap, and that a combined company would happily divest itself of a few million customers to keeps its pay-TV market share below 30%, allowing other companies that donâ(TM)t currently compete with Comcast to keep not competing with Comcast. This narrow, shortsighted view fails to take into account the full breadth of whatâ(TM)s involved in this merger â" broadcast TV, cable TV, network technology, in-home technology, access to the Internet, and much more. In addition to asking whether or not regulators should permit Comcast to add 10-12 million customers, there is a more important question at the core of this deal: Should Comcast be allowed to control both what content you consume and how you get to consume it?"
Link to Original Source

If a subordinate asks you a pertinent question, look at him as if he had lost his senses. When he looks down, paraphrase the question back at him.