Forgot your password?
typodupeerror

Comment: Re:Arrest the Credit Card Issuers? (Score 1) 309

by gstoddart (#47557905) Attached to: A 24-Year-Old Scammed Apple 42 Times In 16 Different States

No kidding, any system which comes down to "I have a number, trust me" is pretty flawed.

Obviously, Apple was doing something wrong since they're on the hook for it, but you'd really think there would have to be some validation inherent to this.

This sounds like it boiled down to "declined, declined, declined, OK, go ahead". That's crazy.

Comment: Wow ... (Score 5, Interesting) 309

by gstoddart (#47557649) Attached to: A 24-Year-Old Scammed Apple 42 Times In 16 Different States

But that's the problem with this system: as long as the number of digits is correct, the override code itself doesn't matter.

Who the hell came up with that idea?

That's no security in any meaningful sense of the word.

I'm betting some lobbyist made it so that the banks didn't really need to do anything concrete, just look like they were.

If that's all that's required, the banks deserve to be getting ripped off.

Security

Put Your Code in the SWAMP: DHS Sponsors Online Open Source Code Testing 55

Posted by timothy
from the they'll-take-a-look-see dept.
cold fjord (826450) writes with an excerpt from ZDNet At OSCon, The Department of Homeland Security (DHS) ... quietly announced that they're now offering a service for checking out your open-source code for security holes and bugs: the Software Assurance Marketplace (SWAMP). ... Patrick Beyer, SWAMP's Project Manager at Morgridge Institute for Research, the project's prime contractor, explained, "With open source's popularity, more and more government branches are using open-source code. Some are grabbing code from here, there, and everywhere." Understandably, "there's more and more concern about the safety and quality of this code. We're the one place you can go to check into the code" ... funded by a $23.4 million grant from the Department of Homeland Security Science & Technology Directorate (DHS S&T), SWAMP is designed by researchers from the Morgridge Institute, the University of Illinois-Champaign/Urbana, Indiana University, and the University of Wisconsin-Madison. Each brings broad experience in software assurance, security, open source software development, national distributed facilities and identity management to the project. ... SWAMP opened its services to the community in February of 2014 offering five open-source static analysis tools that analyze source code for possible security defects without having to execute the program. ... In addition, SWAMP hosts almost 400 open source software packages to enable tool developers to add enhancements in both the precision and scope of their tools. On top of that the SWAMP provides developers with software packages from the National Institute for Standards and Technology's (NIST) Juliet Test Suite. I got a chance to talk with Beyer at OSCON, and he emphasized that anyone's code is eligible — and that there's no cost to participants, while the center is covered by a grant.

Comment: Re:So what? (Score 3, Insightful) 219

by gstoddart (#47556105) Attached to: Free Copy of the Sims 2 Contains SecuROM

You know, after the Sony rootkit issue, I do kind of expect vendors to be up front about this.

Because, "hey, here's our software, oh, it might wreck your computer" is kind of a big deal.

These companies feel entitled to install all sorts of crap on your machine. But, this being EA, it's already crap.

They really should be required to tell you the extra crap they're installing, because it has the potential to really fsck up your computer.

Comment: Re:How to regulate something that is unregulateabl (Score 1) 153

by gstoddart (#47551609) Attached to: US States Edge Toward Cryptocoin Regulation

Being a cryptocurrency rather than a physical one also means that they can vanish your money with the click of a button instead of having to personally visit you.

So, tell me again, how is this different from most money these days?

Anything you have on deposit is pretty much just electrons. The vast majority of 'real' money is pretty much just as virtual these days.

Comment: Re:How to regulate something that is unregulateabl (Score 2, Insightful) 153

by gstoddart (#47551369) Attached to: US States Edge Toward Cryptocoin Regulation

By treating it like currency and passing laws about what you can do it?

They make not be able to regulate the entire currency, but they can certainly pass laws regarding their own people and what they are required to do.

Did anybody really think that you could simply say you have a form of currency which isn't regulated and expect governments to just say "well, they've beaten us"?

That would be a neat trick.

Comment: Re:Every month a new battery breakthrough, but.. (Score 1) 117

by gstoddart (#47550581) Attached to: Stanford Team Creates Stable Lithium Anode Using Honeycomb Film

Nowhere did they say they had a battery ready for market. Moron.

No, but the GPs point remains valid -- we keep hearing about all of these breakthroughs in batteries, but they don't ever actually ever seem to materialize.

It certainly seems like all of this research never actually turns into anything you can actually buy.

So either these advances aren't trickling down to consumer stuff, or companies are doing a lousy job of telling us about it. If they're not trickling down to consumers, why?

You can do more with a kind word and a gun than with just a kind word. - Al Capone

Working...