Forgot your password?

Comment: Re:Yeah? (Score 1) 351

by lgw (#46791633) Attached to: Mercedes Pooh-Poohs Tesla, Says It Has "Limited Potential"

I disagree: the Model S was the right car to do first. All electric cars before it were simply crap. Worthless, horrible rides that only a hippie would drive. Yech. The Tesla is fine for many uses, and the main thing is: it's overpriced in a market where it's normal to be overpriced; it's overweight in a market where it's fine to be overweight (the S class was 3 tons not that long ago). It's a nice car, nicer than a Camry, where instead of the refinement of a luxury car for the price difference, you get the novelty of an electric car. And at that price range, you probably also have a gas car (or if not, you can rent one as needed).

Electric car tech simply isn't ready yet for low-margin vehicles. High margin cars, where intangible value is a big part of price, they work fine. It makes perfect sense to me to start there, and gradually come downmarket as they get the hang of it.

Also, most US families have 2+ cars, so one short range car isn't a problem I don't, so I'm skipping the Model S for now, but I'd love a similar car with a 50 HP gas generator under the hood. It doesn't need to provide enough power to run on, just enough to recharge given a few hours in the parking lot. None of this fancy, sure-to-break, parallel hybrid nonsense, but the great "fixie" Tesla drivetrain with a purely separate generator so I can recharge using gasoline as needed.

Comment: Re:Metaphor (Score 1) 234

by lgw (#46791571) Attached to: Bug Bounties Don't Help If Bugs Never Run Out

Any language except C has classes that prevent buffer overruns. Heck, I did assembly programming for 5 years, and the natural way to move data around avoided buffer overruns (mainframe assembly). The tools are right there, people just don't pick them up.

It's not about the language, and it's certainly not about "don't screw up", it's about a coding style that's not amenable to the mistake, and that's practical is most any language except C, really.

(Really, C and Managed aren't the only choices out there.)

Comment: Re:Why do these people always have something to hi (Score 3, Insightful) 334

by lgw (#46790023) Attached to: VA Supreme Court: Michael Mann Needn't Turn Over All His Email

This is the problem at the heart of climate science. The key details for models are not published, and (despite being largely paid for by our money), not even available apparently under FOIA to "avoid competitive harm".

That sounds very much like commercial software development and very little like reproducible science, or even open source! WTF, guys? You wonder why so much of the public has a hard time taking climate science seriously? This shit is why.

Good science defeats skeptics through openness. "Look, here's the experiment, do it yourself if you don't trust me." Heck, even experiments on vastly expensive particle accelerators eventually become reproducible through cleverness or technological advance at other universities.

Openness, and beyond openness: the willingness to explain clearly, in detail, and in layman's terms led to the FAQ, which takes seriously and answers seriously every common popular question and dispute about evolution, and likely led to the shift from old-school creationism to ID (which at least is progress). This is severely lacking in climate science.

Comment: Re:Commodore Amiga 3000T (Score 1) 667

by lgw (#46789675) Attached to: Ask Slashdot: What Tech Products Were Built To Last?

Comment: Re:No Good Solution. (Score 1) 176

by lgw (#46789091) Attached to: Heartbleed Sparks 'Responsible' Disclosure Debate

Therefore the best solution is to public release so everyone has the information at the same time. Let them compete for the patch; Awful software publisher will be the one caught with bugs. Good one will be patch and secure while everyone else suffer their bad choice.

Over time the best software will prevail and only idiots will still be using Microsoft products... that the theory. In practice there is corruption and bad software will linger for decades.

It's not about how fast you patch, it's about how fast you can get patches to your customers. And for the OpenSSL flaw, there were devices where the patch process is "throw it away and buy a new one".

Anyhow, Microsoft is far and away the worlds leading expert at distributing security patches - no one really has more experience or such a well-tuned corporate ecosystem. MS pushed a critical security patch out to WU, and every major corporation knows just what to do, and understand the urgency, and has a well-travelled path for it. The more modern players are good at patching consumer endpoints, but haven't really addressed corporate customers.

Comment: Re:Shareholders know less than nothing (Score 3, Insightful) 149

by lgw (#46789045) Attached to: Investors Value Yahoo's Core Business At Less Than $0

Yahoo's directors MUST (not "should") do whatever maximizes profit for shareholders. This isn't an opinion, nor what's socially correct, but those are the rules when you issue shares to the public on U.S. stock markets.

That's wrong in a couple of ways. What's legally required is that the board member put the shareholders interests above their own personal interests (fiduciary responsibility). But those interests are defined by the corporate charter, and to a large extent by the board itself. It's perfectly legal to create a publically traded corporation that sets social responsibility, or green blah blah blah, or some other such hippie nonsense above profit, and then that's what the board must pursue. You might struggle to get investors, or you might find a welcome market, but in any case it's allowed (and rarely happens).

More commonly, there's no requirement at all for the board to chase short term profit. That's where most the corporate infighting comes. Some corporations have firm 20 and 50 year growth plans, and sacrifice the short term for those plans, and sometimes those companies have a shareholder revolt because the owners lose patience and want everything monetized now. Sucks when that happens, but the downside of being a publically traded corporation is that you're ultimately controlled by your owners, and that can end up being anyone.

Comment: Re:Yeah? (Score 1) 351

by lgw (#46788855) Attached to: Mercedes Pooh-Poohs Tesla, Says It Has "Limited Potential"

That's changing though (except for Government Motors, which retains that build quality of say a Trabant). Ford has made huge strides in reliability, they're really pretty good now. And Tesla is, after all, an American car. We were too corrupt to let GM and Chrysler die, but had market forces actually done their thing, Ford and Tesla would be the surviving American brands (well, Tesla is heavily subsidized, but in a quite different way).

Comment: Re:Metaphor (Score 4, Insightful) 234

by lgw (#46788753) Attached to: Bug Bounties Don't Help If Bugs Never Run Out

The notion that you can't have code without these flaws (buffer overruns, dangling pointers, etc) is just asinine. I've worked on significant codebases without any such flaws. You just have to adopt a programming style that doesn't rely on being mistake-free to avoid the issues.

Want to end the danger of buffer overruns? Stop using types where it's even possible.

Want to end the danger of dangling pointers? Managed code doesn't do anything to solve this problem, and is often the worst offender since coders often stop thinking about how memory is recycled, and well-formed objects can hang around in memory for quite some time waiting on the garbage man. So you have to write code where every time you use an object you check that it hasn't been freed, and importantly hasn't been freed and then re-used for the same object! (That happens on purpose in appliance code, where slab allocation is common.)

Heck, for embedded code I simply wouldn't use dynamic allocation at all. All objects created at boot, nothing malloced, nothing freed. Everything fixed sized and only written to with macros that ensure no overruns. I wrote code that way for 5 years - we didn't even use a stack, which is just one more thing that can overflow. That style is too costly for most work, but it's possible, and for life-safety applications it's irresponsible to cheap out.


Bug Bounties Don't Help If Bugs Never Run Out 234

Posted by Soulskill
from the trying-to-bail-the-ocean dept.
Bennett Haselton writes: "I was an early advocate of companies offering cash prizes to researchers who found security holes in their products, so that the vulnerabilities can be fixed before the bad guys exploited them. I still believe that prize programs can make a product safer under certain conditions. But I had naively overlooked that under an alternate set of assumptions, you might find that not only do cash prizes not make the product any safer, but that nothing makes the product any safer — you might as well not bother fixing certain security holes at all, whether they were found through a prize program or not." Read on for the rest of Bennett's thoughts.

Comment: Re:Yeah? (Score 1) 351

by lgw (#46787023) Attached to: Mercedes Pooh-Poohs Tesla, Says It Has "Limited Potential"

I expect to save enough in my life to afford such things, but then my tastes in other areas are cheap. We probably all have something we'd spend too much on, given the resources.

But yeah, the complexity is starting to bite car makers in the ass. However, luxury car makers learned in the 80s that "reliability" was a really important feature. I remember a great Toyota add with a golf quartet where the first 3 each bragged about their luxury cars and the last just said "my Camry's not in the shop". Hopefully the luxury car makers will remember this, too.

Comment: Re:Yeah? (Score 2) 351

by lgw (#46785087) Attached to: Mercedes Pooh-Poohs Tesla, Says It Has "Limited Potential"

Enlighten me - some things aren't obvious from a quick ride. Does the Model S have:

* A night vision hud with pedestrian highlighting
* Automatic lane departure detection with options to warn or steer back into the lane
* Radar in the blind spots and a warning light near the side view mirrors?
* Distance-calibrated path guides on the backup camera view (I heard this is coming w/ a F/W upgrade)
* A button that jacks up the front end a couple extra inches so that you can pull up to the parking curb without scraping anything? (I know it has some ride heght adjustment, maybe that works here?)
* Airline-style fold-out tables for the back seats so you have a desk to work at if you like
* Automatic detection of interior air quality with auto flip between exterior and recycled interior air for ventilation (recycle the air through the carbon filters till any smell is gone, but not so long that CO2 builds up inside).
* Vent fans that vary in speed a bit over time, like a breeze gusting a bit, so that the air feels less stale without a constant in-your-face blower?
* Two sun visors for the driver for roads that wind back and forth?
* A motor to open/close the trunk remotely when your hands are full?
* An umbrella slot in the door?

That's just a few features off the top of my head. And dammit, my car needs that umbrella slot more than anything - get on it mid-tier luxury car makers!

Comment: Re:Yeah? (Score 5, Insightful) 351

by lgw (#46783437) Attached to: Mercedes Pooh-Poohs Tesla, Says It Has "Limited Potential"

The simple fact is, for the moment Tesla is an expensive car but not a luxury car. It gets the smooth ride part right, thanks to the non-reciprocating motor and no gearshifts to manage, and that's great, but compared to a similarly piced Merc or Lexus it's lacking (and at the unsubsidized price, where the S-Class lives, it's embarrassing).

But that being said, Tesla company-wise is like nothing the industry has ever seen. They keep improving cars they've already sold. No one does that. Many of the "luxury features" on a luxury car aren't actually very expensive, they're just a matter of seeking every possible improvement, from better window laminates to keep the car cool in the sun, to a slightly better feel to the sun visor when you swing it thanks to not using the cheapest possible part. I'd bet that Tesla will catch up fast - I've never seen such rapid incremental improvement in a model line in my life.

While some features do add a bunch to the cost of the car, I think Tesla, thanks to it's top-notch ride, could be fine alongside the E-Class / GS / Dozen or so other cars in it's price range in just a few years, of Tesla's rate of improvement continues. Unsurprisingly I guess to us geeks, they take a software-company view of "1000 incremental improvements? no problem, here's how we'll roll em out" that may leave the execs at Mercedes et al wondering what hit them.

While money can't buy happiness, it certainly lets you choose your own form of misery.