Forgot your password?

Comment: Re:Why do these people always have something to hi (Score 2, Interesting) 114

by lgw (#46790023) Attached to: VA Supreme Court: Michael Mann Needn't Turn Over All His Email

This is the problem at the heart of climate science. The key details for models are not published, and (despite being largely paid for by our money), not even available apparently under FOIA to "avoid competitive harm".

That sounds very much like commercial software development and very little like reproducible science, or even open source! WTF, guys? You wonder why so much of the public has a hard time taking climate science seriously? This shit is why.

Good science defeats skeptics through openness. "Look, here's the experiment, do it yourself if you don't trust me." Heck, even experiments on vastly expensive particle accelerators eventually become reproducible through cleverness or technological advance at other universities.

Openness, and beyond openness: the willingness to explain clearly, in detail, and in layman's terms led to the FAQ, which takes seriously and answers seriously every common popular question and dispute about evolution, and likely led to the shift from old-school creationism to ID (which at least is progress). This is severely lacking in climate science.

Comment: Re:Commodore Amiga 3000T (Score 1) 337

by lgw (#46789675) Attached to: Ask Slashdot: What Tech Products Were Built To Last?

Comment: Re:No Good Solution. (Score 1) 138

by lgw (#46789091) Attached to: Heartbleed Sparks 'Responsible' Disclosure Debate

Therefore the best solution is to public release so everyone has the information at the same time. Let them compete for the patch; Awful software publisher will be the one caught with bugs. Good one will be patch and secure while everyone else suffer their bad choice.

Over time the best software will prevail and only idiots will still be using Microsoft products... that the theory. In practice there is corruption and bad software will linger for decades.

It's not about how fast you patch, it's about how fast you can get patches to your customers. And for the OpenSSL flaw, there were devices where the patch process is "throw it away and buy a new one".

Anyhow, Microsoft is far and away the worlds leading expert at distributing security patches - no one really has more experience or such a well-tuned corporate ecosystem. MS pushed a critical security patch out to WU, and every major corporation knows just what to do, and understand the urgency, and has a well-travelled path for it. The more modern players are good at patching consumer endpoints, but haven't really addressed corporate customers.

Comment: Re:Shareholders know less than nothing (Score 1) 125

by lgw (#46789045) Attached to: Investors Value Yahoo's Core Business At Less Than $0

Yahoo's directors MUST (not "should") do whatever maximizes profit for shareholders. This isn't an opinion, nor what's socially correct, but those are the rules when you issue shares to the public on U.S. stock markets.

That's wrong in a couple of ways. What's legally required is that the board member put the shareholders interests above their own personal interests (fiduciary responsibility). But those interests are defined by the corporate charter, and to a large extent by the board itself. It's perfectly legal to create a publically traded corporation that sets social responsibility, or green blah blah blah, or some other such hippie nonsense above profit, and then that's what the board must pursue. You might struggle to get investors, or you might find a welcome market, but in any case it's allowed (and rarely happens).

More commonly, there's no requirement at all for the board to chase short term profit. That's where most the corporate infighting comes. Some corporations have firm 20 and 50 year growth plans, and sacrifice the short term for those plans, and sometimes those companies have a shareholder revolt because the owners lose patience and want everything monetized now. Sucks when that happens, but the downside of being a publically traded corporation is that you're ultimately controlled by your owners, and that can end up being anyone.

Comment: Re:Yeah? (Score 1) 311

by lgw (#46788855) Attached to: Mercedes Pooh-Poohs Tesla, Says It Has "Limited Potential"

That's changing though (except for Government Motors, which retains that build quality of say a Trabant). Ford has made huge strides in reliability, they're really pretty good now. And Tesla is, after all, an American car. We were too corrupt to let GM and Chrysler die, but had market forces actually done their thing, Ford and Tesla would be the surviving American brands (well, Tesla is heavily subsidized, but in a quite different way).

Comment: Re:Metaphor (Score 4, Insightful) 167

by lgw (#46788753) Attached to: Bug Bounties Don't Help If Bugs Never Run Out

The notion that you can't have code without these flaws (buffer overruns, dangling pointers, etc) is just asinine. I've worked on significant codebases without any such flaws. You just have to adopt a programming style that doesn't rely on being mistake-free to avoid the issues.

Want to end the danger of buffer overruns? Stop using types where it's even possible.

Want to end the danger of dangling pointers? Managed code doesn't do anything to solve this problem, and is often the worst offender since coders often stop thinking about how memory is recycled, and well-formed objects can hang around in memory for quite some time waiting on the garbage man. So you have to write code where every time you use an object you check that it hasn't been freed, and importantly hasn't been freed and then re-used for the same object! (That happens on purpose in appliance code, where slab allocation is common.)

Heck, for embedded code I simply wouldn't use dynamic allocation at all. All objects created at boot, nothing malloced, nothing freed. Everything fixed sized and only written to with macros that ensure no overruns. I wrote code that way for 5 years - we didn't even use a stack, which is just one more thing that can overflow. That style is too costly for most work, but it's possible, and for life-safety applications it's irresponsible to cheap out.


Bug Bounties Don't Help If Bugs Never Run Out 167

Posted by Soulskill
from the trying-to-bail-the-ocean dept.
Bennett Haselton writes: "I was an early advocate of companies offering cash prizes to researchers who found security holes in their products, so that the vulnerabilities can be fixed before the bad guys exploited them. I still believe that prize programs can make a product safer under certain conditions. But I had naively overlooked that under an alternate set of assumptions, you might find that not only do cash prizes not make the product any safer, but that nothing makes the product any safer — you might as well not bother fixing certain security holes at all, whether they were found through a prize program or not." Read on for the rest of Bennett's thoughts.

Comment: Re:McArdle is astute (Score 1) 20

by mcgrew (#46787089) Attached to: Obamacare is Not a Single-Payer Conspiracy [Bloomberg]

What worries me about her is that she was in charge of Clinton's single-payer plan, and screwed it up royally. So far I don't like any of the candidates from either major party.

Either way I'll probably vote either Libertarian or Green. I cannot support a candidate who wants me in prison. The only way she'll get my vote is if the Republicans screw up in their Presidential nominations like they did with Illinois' Governor's race. They had one excellent candidate, two acceptable and a tea party billionaire who hates unions and middle class people. They chose the only candidate who could get me to vote for Quinn.

Morons. They'll probably nominate another tea party stinker who only cares about the 1%. If they do I'll have to vote for Clinton.

Comment: Re:Yeah? (Score 1) 311

by lgw (#46787023) Attached to: Mercedes Pooh-Poohs Tesla, Says It Has "Limited Potential"

I expect to save enough in my life to afford such things, but then my tastes in other areas are cheap. We probably all have something we'd spend too much on, given the resources.

But yeah, the complexity is starting to bite car makers in the ass. However, luxury car makers learned in the 80s that "reliability" was a really important feature. I remember a great Toyota add with a golf quartet where the first 3 each bragged about their luxury cars and the last just said "my Camry's not in the shop". Hopefully the luxury car makers will remember this, too.

User Journal

Journal: Mars, Ho! Chapter Sixteen 2

Journal by mcgrew

When I woke up, all my muscles were on fire. We would have had to turn the ship around today, and in fact that's what was scheduled, except for the meteors and the drama that followed.
Destiny was sleeping peacefully. I got up, thankful that we weren't at Earth gravity but wishing we had turned around for deceleration then, because they have it plotted so that you start the journey close to the planet you're leavi

Comment: Re:You can probably thank Microsoft for this... (Score 1) 272

by MightyYar (#46786915) Attached to: Apache OpenOffice Reaches 100 Million Downloads. Now What?

Anyway Seraphim_72 is giving you the same answer. Your problem isn't SharePoint but admins that don't know how to admin SharePoint.

Actually, there are three problems:

  • It's probably true that my admin is not the best. Oh well.
  • The Office integration is terrible. It's an obviously bolted-on hack. Failing silently on the client is NOT alright.
  • Sharepoint is oversold as a solution.

It is an expensive Wiki with marginally better Office integration than competing products. Other than the integration, it has little competitive advantage. I'm sure the ability to version control Powerpoint is useful to someone, but for me they are typically one-offs. Anything more complicated than that is best on a shared drive or in a proper version control system. Once you have all your real engineering data out of Sharepoint, it becomes a required hassle and not a tool for day-to-day work. At that point, you are depending on your engineers to document everything and be careful with metadata - which they suck at or you wouldn't have been lured by something like Sharepoint in the first place. I have trouble searching for documents that I created with known contents, let alone using it as some sort of knowledge base.

Lend money to a bad debtor and he will hate you.