Please create an account to participate in the Slashdot moderation system


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Can someone explain this? (Score 4, Informative) 59

by hey! (#49156569) Attached to: Oracle Sues 5 Oregon Officials For 'Improper Influence'

What they're alleging is that political staffers interfered with the project to help the governor's election chances.

As much as I believe Oracle is the spawn of Satan, if the governor's aides and staffers did that Oracle would have a reasonable complaint. When you sign a system development contract you agree to deliver a system and the client agrees to pay you. If you someone induces your client not to accept a system that meets the criteria, that's what lawyers call a "tort". It's something you can justifiably sue over.

Likewise there are many ways political operatives could potentially sabotage a project, and that'd be actionable too. Any non-trivial development project is dependent upon the client acting in good faith. They have to act as if they want the system. It's extremely easy for a client to cause a project to fail, by raising an endless stream of trivial complaints or by dragging its feet in its responsibilities like acceptance testing or giving feedback. It'd be all to easy for well-placed political operatives to undermine the bureaucracy's willingness to cooperate.

That said, in *this* particular instance the suit sounds like business as usual for Oracle, in other words acting like bastards.

Comment: Re:Where the economic system breaks down (Score 1) 254

by hey! (#49155959) Attached to: 5 White Collar Jobs Robots Already Have Taken

Here's the thing about technology prognostication. Timing is everything. Take predicting tablets being a big market success. People were making tablets back in the early 90s and people were predicting that it would take off. But the timing was wrong. It's clear to anyone who saw 2001 that tablets would someday be a big deal, but it took more knowledge than most people have to understand the prerequisites that could make that vision come true (display technology, battery weight and volume, processor performance and consumption, memory density).

This caution applies to dystopian predictions as well. People have been predicting that automation would destroy the economy for hundreds of years by now. Instead automation has increased productivity and raised wages. So it seems sensible to dismiss future predictions of an automation apocalypse. Except we can't.

Reasoning from historical experience is for most people reasoning by vague analogy. But each moment in history has to be looked at on its own terms, because sometimes things have to be just right for a certain scenario to unfold. The devil is in the details. So the idea that automation is going to produce mass unemployment is not certain either way. We have to look at conditions in *this* moment of history and reason specifically. That's hard to do.

Comment: Re:just FYI (Score 1) 76

by hey! (#49155893) Attached to: Banned Weight-loss Drug Could Combat Liver Disease, Diabetes

Well, like Paracelsus said, the dose makes the poison. Or in this case the release mechanism.

Blood concentrations of drugs usually peak an hour or two after ingestion and then taper off depending on the mechanisms the body uses to either break the drug down or excrete it directly (when you're an old Geek, you begin to pick up a lot of this stuff). So it's entirely plausible that the same amount of drug which would be dangerous in an ordinary pill would be acceptably safe in a timed release formulation, particularly if it is quickly eliminated from the body. The concentration in the patients' tissues would never reach dangerous levels. You can think of it as a lower "instantaneous" dose.

Comment: Re:Corporation != People (Score 1) 362

by hey! (#49155827) Attached to: Verizon Posts Message In Morse Code To Mock FCC's Net Neutrality Ruling

Corporations are a peaceable assembly of board members and/or shareholders.

This is an interesting, but not quite valid argument. The reason is that corporations are *not* an assemblage of individuals. Associations are. The laws and privileges entailed in being a corporation are different. If associations, partnerships and corporations were the same thing, the rules would be the same. But thery're not. Stockholders aren't financially responsible for the debts of a corporation, nor are they legally responsible for the deeds of the corporation.

I hold stock in a number of companies. Were I a *partner* in the corporations I could walk onto any of the company's properties, because it's *my* property. If I own stock in Target I can't just have a shufti around the back room of the store; it's not my store. It belongs to the corporation.

Also as a stockholder in a number of corporations, when those corporations engage in political activity they are not exercising *my* rights. They don't represent me in any way, nor do I have veto power when I disagree with them. When the Sierra Club speaks out on environmental issues, you can presume they speak for me as a member, because they exist for that purpose, and I joined on that basis. When JP Morgan Chase buys a congressman, they are not speaking for me, even though I hold stock. I'd rather they don't. I bought JP Morgan stock many years ago as an investment. Insofar as they participate in politics they're usually working against my interests.

Comment: Re: I should think so! (Score 3, Insightful) 78

by fuzzyfuzzyfungus (#49155807) Attached to: Blu-Ray Players Hackable Via Malicious Discs
I think that the apps are supposed to be signed(at least to get useful elevated priviliges, like access to the network or to the player local storage); but if a signed, legitimate, app makes a network request to a server that is no longer friendly, then it becomes a question of input validation, even if the application signing scheme is 100% in order and nobody screwed any part of that up.

Call me a pessimist; but I'd bet nontrivial money that a lot of the 'interactive' cruft that is pumped out to bulk up 'special edition' releases is barely up to the challenge of presenting a helpful error message if it gets a 404 from the remote host, much less not falling over and wagging its tail against moderately clever malice. In that case, it'd be a fully signed and approved app doing the work, but taking action based on (ill-founded) trust in content it downloaded.

Comment: Re:White balance and contrast in camera. (Score 1) 337

by hey! (#49155729) Attached to: Is That Dress White and Gold Or Blue and Black?

I've sat right next to people who see the dress differently than me. It's *the same image* on *the same monitor* at *the same time*. So it's not a case of the monitor calibration or the camera white balance that creates the discrepancy, although obviously manipulating those things will change our individual perceptions of the dress. What's interesting here is the differences between people presented with an identical image.

Color doesn't exist in the external world. "Purple" isn't a wavelength of light, it's a kind of "additional data" tag which our brains add to parts of an image that allows us to extract more information from it. Consider the famous "Rubik's Cube" optical illusion where the same square looks either orange or brown based on whether contextual cues make us think it is in shadow or not. There's an illustration here.

The only difference between the Rubik's Cube illusion and The Dress That Broke The Internet is that practically *everyone* experiences the paradoxical sensations of the Rubik's Cube Illusion; in the case of the dress the paradox is in how sensations *differ between people*. The dress image is a kind of borderline case where our brains can "tag" the "pixels" of the image in one of two possible ways depending on what it thinks the context is. Different brains are trained by different experiences to expect different contexts. If we saw the dress being worn and in person, chances are with all that context there'd be less disagreement.

Comment: Re:Best defense is not to care (Score 1) 78

by fuzzyfuzzyfungus (#49155565) Attached to: Blu-Ray Players Hackable Via Malicious Discs
I'd not be terribly interested in the capabilities of the players themselves(routers make better zombies and are way more internet facing and unlikely to be turned off, and generally atrocious on security); but I would be very, very, nervous about anything that serves as a nice, subtle, persistent implant on a LAN.

Even enterprises have a nasty habit of pretending that they can get away with a little sloppiness 'inside the firewall', and consumer gear often can't be persuaded not be absurdly trusting of anything that happens to share a subnet with, in the interests of ease-of-use, 'autodiscovery', and similar. If you can get an implant on one device, especially one that nobody is going to suspect(and may have few options, short of replacing, if they do), you can reinfect other devices as they pop up more or less at your leisure.

Comment: Re:Ha ha they used JAVA; morons! (Score 1) 78

by fuzzyfuzzyfungus (#49155521) Attached to: Blu-Ray Players Hackable Via Malicious Discs
Unfortunately, it's not just blu ray: 'BD-J' is their specific variant; but it is based on the so-called 'Globally Executable MHP', a truly horrifying acronym-standard-soup constructed to enable vaguely interoperable java-based UI atrocities for various flavors of set top box associated with DVB-T, DVB-S, and DVB-C(Basically, all digital broadcast and cable activity that isn't ATSC, ISDB, DTMB, or some fully proprietary oddball).

BD-J is North America's main point of contact with this delightful substance; but it enjoys near-total ubiquity in the parts of the world that also use DVB.

Comment: Re:I should think so! (Score 2) 78

by fuzzyfuzzyfungus (#49155441) Attached to: Blu-Ray Players Hackable Via Malicious Discs
It doesn't rank terribly high on the list of choices, given that it would be a pain in the ass to get your malware pressed into a reasonable number of disks(without suitable insider access to the later stages of disk manufacture process, in which case you might have some real room for fun); but there is one little detail that might get rather ugly:

With 'BD Live', disks can be authored to include access to network resources, as well as locally stored assets, in their Java-driven interactive content stuff. Now, there is no way for an attacker to change the URLs a disk requests; but nor is there a way for anyone else to do so. Whatever was stamped into the disk at production will remain until the disk leaves use.

Given that companies come and go, and company interest in specific products tends to wane even faster, I would be very, very, very, surprised if the various companies releasing 'BD Live' disks have managed to always retain control of the domain names that their disks will attempt to access. It wouldn't be a terribly high value exploit; but since a disk will attempt to access exactly the same URLs until it dies, you might be able to score a steady trickle of reliable re-infections by snapping up any lapsed domains associated with BD Live disks and adding a little 'bonus content'.

Comment: Re:I should think so! (Score 4, Insightful) 78

by fuzzyfuzzyfungus (#49155343) Attached to: Blu-Ray Players Hackable Via Malicious Discs
I suspect that there are a number of ways in, given the usual attention given to firmware quality; but blu-ray isn't helped by having a security model marked by absolute paranoia about the precious 'content' escaping, combined with some amount of incompetence and a lot of pure apathy about any other security concern.

With both the BD+ vm and the BD-J stuff, there is a lot of attention paid to 'ooh, the an unauthorized player attempting to do unauthorized things with the content on the disk?!'; but the contents of the disk are largely treated as trusted and the playback device is treated almost entirely as a potential adversary, not as a potential target, either from the disk side or the network side.

Comment: Re:Simple methodology (Score 1) 341

by lgw (#49155025) Attached to: The Programmers Who Want To Get Rid of Software Estimates

How could it have "passed all its tests" if it wasn't connected to the rest of the system? It's hard to do agile without continuous integration; doesn't surprise me it was a mess. But integration blowups are the norm in my experience on waterfall projects - they're the main thing that leads to "the first 90% of the project, then the second 90% of the project".

But the primary win from agile is in avoiding throw-away work. You always work next on what's the most likely to survive unchanged, you only do the design work you need to write the code that you're going to work on (which often includes the entire high-level architecture for the first line of code, but still), you only document what you've actually done, and so on. Bridge specifications are unlikely to change after the project was funded. I've done sever 18-month waterfall software projects, and never seen one where more than half of what we thought the project was at the beginning was what we delivered at the end. Make it cheap and easy to change the requirements, because the requirement are going to change, and there's no holding back the tide.

Comment: (Score 4, Informative) 165

by lgw (#49154923) Attached to: Google Taking Over New TLDs

I think .dev should be like not able to register so DEVELOPERS (re: NOT GOOGLE) can use like, [mydomain].dev to develop, and not have to create wonky local host names.

RFC 2606 reserves 4 TLDs for this purpose: .test .example .invalid .localhost

I've always used .test for domains for QA/test deployments. It also reserves the example.* second level domain name across all TLDs.

I think there are some other reserved TLDs, including ".xy" and some 63-character name that was something like "sixtythreecharacterdomainnamefortestingpurposes" , but I can't find the RFC. Anyone?

Avoid strange women and temporary variables.