Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Weak reporting (Score 1) 236 236

TFA quotes this estimate to Information Technology and Innovation Foundation (ITIF). This is not a source that I would trust to give estimates on the amount of US business lost due to public knowledge of NSA industrial espionage.

Another publicly available and reliable source of attributing business losses to external factors already exists: public company 10-K reports, including the Risk Factors section and the MD&A section.

Although there may be a bandwagon effect, or a "bath" effect which may cause overstatement, this will provide a great upper bound for the actual business lost due to these reasons. Companies CYA by disclosing all kinds of risks, including even some of these obvious items:

> ENTRANCE INTO NEW OR DEVELOPING MARKETS EXPOSES US TO ADDITIONAL COMPETITION
> Difficulties in staffing and managing international operations

So, when we start seeing real companies blaming their missed results on this reason, then I will see the reason as credible.

Comment: Re:Full Disclosure is the only way... (Score 1) 94 94

Thank you, this is the discussion I hoped would come out of this article. Fact is, people on Slashdot are definitely going to stumble onto this type of stuff over and over. I'm glad to run into other people to compare scruples with.

Hackers (good word) have an instinct. If they run into an awesome API, the first thought is: how do I maximize this across all the limits and make something amazing? But with vulnerabilities, and unintended code paths, you need to step back and understand the consequences of what you are doing as well as the appearance of what you are doing. A comment from Greyfox below illustrates perfectly, "so why don't we take the dick-detection algorithm from Chat Roulette and then plug that into a batch Curl against this Artisan State, and then...". Obviously that was facetious, but you need to avoid certain lines of thinking... "well I know this thing, and I could tell everyone, but they wouldn't want that, and then they have lots of money...".

At the end of the day, you need to have clear intentions and don't inflate your ego by thinking they are more interested in fixing the problem than you are.

Excessive login or logout messages are a sure sign of senility.

Working...