Become a fan of Slashdot on Facebook


Forgot your password?

Comment: 90 days is really long (Score 5, Informative) 263

by dwheeler (#48830951) Attached to: Google Releases More Windows Bugs
90 days is really long. The US CERT vulnerability disclosure policy is 45 days as described in (see that more more details). The problem is that you have to balance two conflicting needs; in the words of the CERT, "the need of the public to be informed of security vulnerabilities with vendors' need for time to respond effectively."

Comment: Leap seconds work just fine (Score 1) 289

by dwheeler (#48749037) Attached to: Extra Leap Second To Be Added To Clocks On June 30
Leap seconds work perfectly well for most situations. If you need precision monotonically-increasing seconds, use TAI time (or "GPS time", which is at a fixed offset from TAI). Leap seconds keep atomic clocks and the real world reasonably synchronized; any other approach will have its own problems.

Comment: Do anthromorphise! (Score 3, Insightful) 303

by dwheeler (#48727553) Attached to: Anthropomorphism and Object Oriented Programming

Don’t anthropomorphize computers, they hate that notes that most developers do use anthropomorphic language. I think there are probably a variety of good reasons for it, too. Here's one speculation: When we communicate with a human, we must use some language that will be more-or-less understood by the other human. Over the years people have developed a variety of human languages that do this pretty well (again, more-or-less). Human languages were not particularly designed to deal with computers, but languages have been honed over long periods of time to discuss human behaviors and their mental states (thoughts, beliefs, goals, and so on). In any case, the problem isn't anthropomorphic language, it's the use of a bad analogy.


Fraud, Not Hackers, Took Most of Mt. Gox's Missing Bitcoins 108

Posted by timothy
from the shocked-simply-shocked dept.
itwbennett writes Nearly all of the roughly $370 million in bitcoin that disappeared in the February 2014 collapse of Mt. Gox probably vanished due to fraudulent transactions, with only 1 percent taken by yet-to-be-identified hackers, according to a report in Japan's Yomiuri Shimbun newspaper, citing sources close to a Tokyo police probe. The disclosure follows months of investigations by police and others into the tangled mess surrounding the disappearance of the 650,000 bit coins.

Comment: Case sensitivity is a good idea (Score 1) 148

by dwheeler (#48660373) Attached to: Critical Git Security Vulnerability Announced

Case sensitivity is a good idea. The problem is that trying to do "case insensitive" matching depends on the locale. If you send your files to someone else, whether or not they are the "same" depends on your locale if you're serious. For Turkish users, 'i' and dotted 'I' are the same if you're considering them as case-sensitive; for many other languages and users, the dots create DIFFERENT characters. And if you're trying to make this "easy" it doesn't go far enough; Latin "a" usually looks the same as Cyrillic "". So please don't say "users can't tell the difference" - they ALREADY can't tell the difference visually, and naive solutions do not begin to address it. At least you can visually see the difference betweeen "Picture" and "picture", and in any case, users typically just click on the item and move on.

I think it would be a GOOD idea to require that Unix-like filenames be legal UTF-8 sequences (since you then know how to display them), and then reject filenames that are not UTF-8. But that's much less intrusive than filename mangling.

That said, it's too late to fix Windows, so if you're going to run on Windows you have to deal with the problem as it is.

Comment: Excellent! Finally, standard formats (Score 1) 40

by dwheeler (#48618153) Attached to: ODF Support In Google Drive
This is excellent news. It's absurd that so many typical documents are stuck in proprietary formats. As stuff changes we should be able to read older documents using any tool we'd like. This is a major step along the way; there are now even more systems that support open document format. Congrats to Google!

Comment: Parentheses (Score 1) 62

by dwheeler (#48593373) Attached to: Kawa 2.0 Supports Scheme R7RS

Most software developers will take one look at the excessive parentheses required for Kawa and Scheme and say "nuke it from orbit". Even Lisp advocates like Paul Graham admits that syntax like "(* (+ 1 2) (- 5 4))" is painful to deal with.

Thankfully, there *are* solutions for Scheme: SRFI-105 and SRFI-110 (which I co-authored). These are extensions to Scheme that let you keep meta programming (and syntax tree editing in an editor) with readable syntax. To my knowledge Kawa doesn't implement them, but they could be added.

Comment: Because patent still applies (Score 1) 266

by dwheeler (#48593257) Attached to: Judge Rules Drug Maker Cannot Halt Sales of Alzheimer's Medicine
My understanding is that currently a patent is still valid EVEN IF the drug is taken off the market. But I think that's the right solution: Change the rules so that if you take a drug off the market, the patent is immediately declared abandoned, and anyone else can make it.

Comment: "Stop making" should equal "patent expired" (Score 5, Interesting) 266

by dwheeler (#48593241) Attached to: Judge Rules Drug Maker Cannot Halt Sales of Alzheimer's Medicine

Stopping to make the original drug should cause immediate expiration of its patent. A patent is a government-created monopoly to encourage people to make the stuff. Clearly, if the company won't make it, there's no need for the patent. Requiring a company to make something they don't want to make is absurd; instead, just let others make it. And if they raise the prices substantially, perhaps require patent licensing in those cases (just as we did for music).

Comment: Anonymity is HARD (Score 1) 136

by dwheeler (#48391459) Attached to: 81% of Tor Users Can Be De-anonymized By Analysing Router Information

I'm not surprised. I wrote a paper back in 2003, Techniques for Cyber Attack Attribution, that listed a LONG list of ways to do attribution. This sounds a like a variant combining "modify transmitted messages" and "matching streams" via timing (see the paper).

Real anonymity is HARD. If someone wants to attribute you, it's hard to prevent.

Comment: Re:We NEED more public discussions at universities (Score 1) 1007

by dwheeler (#48244773) Attached to: Creationism Conference at Michigan State University Stirs Unease

noun: censorship: the practice of officially examining books, movies, etc., and suppressing unacceptable parts. So if MSU, a public university, officially examines and suppresses the speech of certain ideas, then (by definition) that is censorship. If MSU censors ideas because they receive a lot of grant money in opposition to the ideas, that is even worse. No one is asking for MSU to endorse these ideas, merely for space to present them to a willing audience. I agree that MSU should not be required to endorse every speech made on its campus, but that is not what is happening here.

I agree that you can't just do an emergency broadcast at the White House. But that is irrelevant. No one has to show up at their event, or listen to it. They're being allowed to present a point of view, and those who WISH to hear their point of view may listen to it. That's nothing like an emergency broadcast.

The university sees this as a free speech issue too. The article says: "University officials say they have no plans to interfere with the event. “Free speech is at the heart of academic freedom and is something we take very seriously,” said Kent Cassella, MSU’s associate vice president for communications, in a statement. “Any group, regardless of viewpoint, has the right to assemble in public areas of campus or petition for space to host an event so long as it does not engage in disorderly conduct or violate rules. While MSU is not a sponsor of the creation summit, MSU is a marketplace of free ideas.”

Comment: Disagree (Score 1) 1007

by dwheeler (#48243447) Attached to: Creationism Conference at Michigan State University Stirs Unease

I disagree. There may not be any discussion in that room, at that time. But that does not prevent discussion, which will continue in many venues. I suspect there will be many other presentations, where opposing points of view will be aired. Debating over valid sources of evidence is nothing new, either.

Preventing the airing of unpopular ideas is its own problem.

Comment: We NEED more public discussions at universities (Score 4, Insightful) 1007

by dwheeler (#48242527) Attached to: Creationism Conference at Michigan State University Stirs Unease

I am saddened by these sudden cries for censorship. I should note that I believe in evolution. I believe that most Christians do, too; for example, the Catholic church in the 1950 stated that there was "no intrinsic conflict between Christianity and the theory of evolution". But if someone has a belief that is different from the mainstream, let them present it. If it's convincing, others will believe if. If it's not convincing, they will convince no one else.

Seen on a button at an SF Convention: Veteran of the Bermuda Triangle Expeditionary Force. 1990-1951.