Forgot your password?

Comment: Re:Probably going to get flamed for this (Score 4, Insightful) 342

by gstoddart (#47569235) Attached to: Jesse Jackson: Tech Diversity Is Next Civil Rights Step

Absolutely. And if only 1% of your staff is black you've got to suspect that something else is already in play...

Starting with "how many African Americans have an education in tech?".

When I went to university, I do not remember a single black person in my courses. Since then, I've known only a handful in tech.

I've known and worked with Chinese, Vietnamese, Korean, Indian, Sri Lankan, Nepalese, Czech, Russian, Australian, Egyptian, Pakistani, Turkish and pretty much every other nationality I can think of -- which makes for awesome company pot lucks.

And, for reasons I cannot even begin to explain, the only blacks/African Americans I've met have been what I'd call "recently African" (ie. first generation immigrants).

I have never known anybody who refused to hire a qualified black candidate. But, in my experience (which admittedly doesn't cover everything), there's simply not many applicants.

So, the question to ask is: do blacks, as a group, even go into tech? Are they self excluding from the profession? Is the education system failing to get them into it?

I don't think it's so much that people are excluding anybody, it's that you can only include people who come to the game.

Comment: Re:Have they solved liability? (Score 1) 149

by gstoddart (#47568941) Attached to: UK To Allow Driverless Cars By January

The liability thing isn't an issue if you think about it. If the accident was caused by lack of maintenance, then its the owners fault. Otherwise its the manufactures fault.

Sure, that sounds great. It's a nice simplistic response, all neatly tied up in a bow.

But, until there is case law (or laws explicitly passed) to address this, the reality is ... you have no basis on which to make that statement.

The law is much more complex than what we here on Slashdot like to reduce it to. And until someone has passed a law, and the courts have had a chance to rule on it, I'm going on the assumption this is FAR from a resolved question.

Comment: Have they solved liability? (Score 5, Insightful) 149

by gstoddart (#47567897) Attached to: UK To Allow Driverless Cars By January

Or is this not an issue in the UK?

Because, if it's a driverless car, I'm not taking any control or responsibility for the vehicle other than telling it my destination.

If the car can suddenly say "Oh, crap, you take over I don't know what to do" then it defeats the purpose.

If you're going to have truly driverless cars, then you need to determine who takes liability if it runs over a person. Because I'm going to be sleeping in the back seat or reading a book.

Somehow, I doubt the companies making these cars have stepped up and said they're so confident in their technology that they'll take responsibility. And someone who has disengaged themselves from the act of driving (like reading a book) can't immediately switch to being in control of the vehicle. If I have to keep tabs on it and be responsible at a moments notice, then what is the benefit at all?

Every time this comes up, it just seems like nobody has actually addressed this yet.

You want a driverless car? Make sure I can crawl into the backseat after a night at the pub and not have to worry about it. Until then, this is really advanced cruise control, but you still need to be aware the whole time.

Comment: Re:whoosh! (Score 1) 306

by gstoddart (#47567631) Attached to: Programming Languages You'll Need Next Year (and Beyond)

Oh, in that case, HTML5 +CSS3 qualifies. The more you know.

No, really. If you can implement a Turing Machine in HTML5 and CSS3 (and I mean a real one, not something which mimics it but actually doesn't do the computations) -- then what you would have would be a programming language.

I have no idea if you actually can or not with those technologies, but Turing Completensss is the measure.

If it aint Turing Complete, it's not really a programming language (or a computer).

That definition is decades old.

Comment: Re:Repeat after me... (Score 1) 306

by gstoddart (#47567549) Attached to: Programming Languages You'll Need Next Year (and Beyond)

The ML in HTML is for markup language. I think you splitting hairs if you think programming language does not include markup langauge.

If you could implement a Turing machine in it, it's a programming language. If you can't, it isn't.

SGML, the precursor to HTML and eventually XML, was written by a lawyer to allow people to mark up documents for printing and layout.

HTML most certainly is NOT a programming language in and of itself.

There are variables, no control flow, no logical operators, and nothing which is actually programming in it. It's had a bunch of other things grafted onto it (Javascript, DOM, Ajax etc) which give you the ability to program against the HTML.

But HTML is not, and never has been, a programming language.

Could they extend it to make it a programming language? Sure they could. Is it currently a programming language? Nope, it isn't.

Comment: Re:Fire(wall) and forget (Score 3, Insightful) 312

If ports are unused, then the hosts themselves will reject any traffic sent to them without the need of a firewall...

Unless someone figures out how to glean information from your system, or exploit something you don't know about in the operating system. If I can figure out what ports you have stuff listening on, I can work on exploiting the things that I can determine are listening.

Without a firewall, you're allowing external entities to map the system, when they shouldn't even be able to reach the system.

if you're going to try for security, assume nothing, trust nothing, and act as if it was really important stuff.

If you're not going to try for security, well, the Ostrich Algorithm is a strategy, but one whose consequences you might need to live with.

I'm more of the school that says packet requests from sources you don't trust should simply be dropped, and not provide them with any more information than necessary.

Comment: It may be common ... (Score 1) 312

But it's a terrible idea.

During the setup, the vendor disabled the local firewall, and in a number of emails back and forth since (with me getting more and more aggravated) they went from suggesting that there's no need for a firewall, to outright telling me that's just how they do it and the contract dictates that's how we need to run it.

If this is what your vendor is telling you, they're either lazy or incompetent when it comes to security.

My advise, you need to get management to sign off on it to do a little CYA, otherwise someone is going to blame you for this when you get hacked (assume there is no 'if' in this situation).

If they've signed a contract with this vendor saying it "needs" to be ran without a firewall, then the person who signed that contract wasn't reading carefully, or didn't understand what they were signing.

Telling you that you don't need a firewall is like telling you that your car doesn't need brakes -- it should be a giant warning that someone is either lying to you, clueless, or doesn't give a damn.

"Real professionals" are paranoid about security, and don't take stupid risks. Me, I'd go with your assessment of "bunch of clowns".

Yes, this might be a small shop, and with a limited budget -- but hanging your production database outside of a firewall is just asking to get pwned. You can safely assume someone is trying to hack into you right now, because there's a good chance they are.

The Courts

Ford, GM Sued Over Vehicles' Ability To Rip CD Music To Hard Drive 268

Posted by Soulskill
from the i-buy-a-car-every-time-i-want-to-steal-some-music dept.
Lucas123 writes: The Alliance of Artists and Recording Companies is suing Ford and General Motors for millions of dollars over alleged copyrights infringement violations because their vehicles' CD players can rip music to infotainment center hard drives. The AARC claims in its filing (PDF) that the CD player's ability to copy music violates the Audio Home Recording Act of 1992. The Act protects against distributing digital audio recording devices whose primary purpose is to rip copyrighted material. For example, Ford's owner's manual explains, "Your mobile media navigation system has a Jukebox which allows you to save desired tracks or CDs to the hard drive for later access. The hard drive can store up to 10GB (164 hours; approximately 2,472 tracks) of music." The AARC wants $2,500 for each digital audio recording device installed in a vehicle, the amount it says should have been paid in royalties.

Comment: Re:Arrest the Credit Card Issuers? (Score 1) 392

by gstoddart (#47557905) Attached to: A 24-Year-Old Scammed Apple 42 Times In 16 Different States

No kidding, any system which comes down to "I have a number, trust me" is pretty flawed.

Obviously, Apple was doing something wrong since they're on the hook for it, but you'd really think there would have to be some validation inherent to this.

This sounds like it boiled down to "declined, declined, declined, OK, go ahead". That's crazy.

Comment: Wow ... (Score 3, Interesting) 392

by gstoddart (#47557649) Attached to: A 24-Year-Old Scammed Apple 42 Times In 16 Different States

But that's the problem with this system: as long as the number of digits is correct, the override code itself doesn't matter.

Who the hell came up with that idea?

That's no security in any meaningful sense of the word.

I'm betting some lobbyist made it so that the banks didn't really need to do anything concrete, just look like they were.

If that's all that's required, the banks deserve to be getting ripped off.


Put Your Code in the SWAMP: DHS Sponsors Online Open Source Code Testing 61

Posted by timothy
from the they'll-take-a-look-see dept.
cold fjord (826450) writes with an excerpt from ZDNet At OSCon, The Department of Homeland Security (DHS) ... quietly announced that they're now offering a service for checking out your open-source code for security holes and bugs: the Software Assurance Marketplace (SWAMP). ... Patrick Beyer, SWAMP's Project Manager at Morgridge Institute for Research, the project's prime contractor, explained, "With open source's popularity, more and more government branches are using open-source code. Some are grabbing code from here, there, and everywhere." Understandably, "there's more and more concern about the safety and quality of this code. We're the one place you can go to check into the code" ... funded by a $23.4 million grant from the Department of Homeland Security Science & Technology Directorate (DHS S&T), SWAMP is designed by researchers from the Morgridge Institute, the University of Illinois-Champaign/Urbana, Indiana University, and the University of Wisconsin-Madison. Each brings broad experience in software assurance, security, open source software development, national distributed facilities and identity management to the project. ... SWAMP opened its services to the community in February of 2014 offering five open-source static analysis tools that analyze source code for possible security defects without having to execute the program. ... In addition, SWAMP hosts almost 400 open source software packages to enable tool developers to add enhancements in both the precision and scope of their tools. On top of that the SWAMP provides developers with software packages from the National Institute for Standards and Technology's (NIST) Juliet Test Suite. I got a chance to talk with Beyer at OSCON, and he emphasized that anyone's code is eligible — and that there's no cost to participants, while the center is covered by a grant.

"I have not the slightest confidence in 'spiritual manifestations.'" -- Robert G. Ingersoll