Please create an account to participate in the Slashdot moderation system


Forgot your password?
Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×

Comment Re:More Details (Score 1) 309

But this basically shows why Lessig will never be able to win, and even if he did win, would never be able to accomplish anything. Politics is about working the system, having one-to-one conversations to influence people. Obviously he doesn't have buy-in at the DNC level. If the party he wants to run with are changing the rules at the very beginning of his campaign to thwart his plans, what would the party who opposes him do all the way through his tenure?

Comment Bugs happen, even in hypervisors (Score 2) 61

Go do LWN's search page, uncheck all the boxes except for "security vulnerabilities", and then search for "KVM". Or Qemu, or Linux or Xen.

You'll find that all hypervisors have privilege escalation bugs discovered. However, this is the first one discovered in the Xen PV interface in a long time.

Comment Re:Not very serious (Score 3, Insightful) 95 unrelated bug causes the vulnerable FDC code to remain active and exploitable by attackers.

Which is why the PV mode in Xen is such a killer security feature -- the more stuff you have just lying around, even if unused in theory, the higher the probability that there will be a bug somewhere that can be exploited.

Comment Re:Black hat (Score 1) 81

What if someone who privately knows about the vulnerability gets the idea to exploit various installations of competitors (or even common users!) during the embargo period? Do you trust large enterprises not to misuse their knowledge to their own advantage?

Of course that's a risk. But again, is it worse to have a handful of people who are trying to be secretive know about the vulnerability while vendors update and carefully test their software, or for for the entire world to know about the vulnerability while vendors scramble to get something out the door as soon as possible?

Comment Re:Black hat (Score 3, Informative) 81

Since Open Source projects communicate in the open (even if just version control commits), I find it quite likely that all major security-related projects are monitored by black hat hackers. The few weeks waiting period gives them ample time to use the security hole.

That's why the Xen Project doesn't put the fix into version control until after the embargo period is over. Only people on the predisclosure list (or those able to listen in) would be able to learn about the vulnerability without doing their own audit of the code to find the bug themselves (which is very expensive).

There's basically a balance to be struck. All users not on the predisclosure list (and thus who cannot update their systems until the embargo period is over) will continue to be privately vulnerable during the embargo period: anyone who happens to have dug deep enough and found the bug can still exploit it. But as soon as the announcement is made, everyone who hasn't yet updated is publicly vulnerable: Nobody has to search to find the bug, they just have to write an exploit for it. Being privately vulnerable is certainly bad, but being publicly vulnerable is far worse. The goal of the embargo period is to try to reduce the time that users are publicly vulnerable by extending the time they are privately vulnerable. Two weeks has been found to be a reasonable cost/benefit trade-off in our experience.

Comment Re:Gender neutral? (Score 1) 462

Regarding "they", English speakers have been using "they" as an ungendered third person singular for hundreds of years.

Language is defined by its speakers, not by some committee somewhere; each of us gets a vote. In some cases I persistently vote against change if I think it's a bad idea (for example, I will make fun of people who use the word "literally" when speaking figuratively as long as I can get away with it); but in this case, I think it's a perfectly reasonable thing to do, and I have purposely chosen to use "they" in this way.

Comment Re:Gender neutral? (Score 1) 462

English is perhaps the most gender neutral language currently in use.

I cannot tell you how ignorant that sounds to me. Of the four languages I know to various degrees (English, French, Turkish, Mandarin), two of them are far less gendered than English. In both Turkish and Chinese, there is no "he/she" distinction -- there is a single pronoun which can be used for any person. Additionally, in the base for "person" and for "child" is ungendered, and to specify "man/woman" or "boy/girl" you have to add a gender tag. Chinese: rén = person, nánrén = man, nrén = woman. háizi = child, nánháizi = boy, nháizi = girl. (Turkish was too long ago for me to remember the actual words.) Turkish is the same for brother/sister. (Chinese have cutesy reduplicatives for sibling relationships -- gge, dìdi, mèimei, jijie -- so the "add a gender" thing wouldn't fit.) I never got to actor/actress, waiter/waitress, &c in Turkish, but in Chinese they're all ungendered as well. (And nouns are genderless in both languages too.)

Seriously dude -- if you don't know Chinese or Turkish, that's fine; but then don't make a claim about all languages "currently in use".

Comment Re:So can I sue my college? (Score 1) 206

Indeed: if you look at m-w or any other dictionary then you may notice that the modern use have two opposite meanings. That belongs to the richness and sophistication of modern language.

No, that's because most dictionaries are descriptive rather than prescriptive: they're trying to help people understand what someone might be saying, not trying to tell you what the right answer is. And in general, I agree with them -- language is defined by its speakers and develops over time.

But the fact is that using "literally" when you actually mean "figuratively" is stupid. It's not only evidence of sloppy thinking, but it actively degrades the language. The fact that it's in M-W reflects the fact that a significant minority of people use it this way; but the fact remains that the majority of speakers oppose this change and think that it's stupid and wrong. By making fun of people who use the word "literally", I am "voting" to keep the old definition and keep the new definition from becoming accepted, and I will do so as long as it is practical.

Comment Re:So can I sue my college? (Score 1) 206

There were two answers common to all of us: project management and English writing. We are all in management now, not practical engineering, and need words more than we need numbers and formulae. An English writing course should be required for all pure and applied science majors, in my opinion.

I represented computer science at an elementary-school tech fair a few months ago. Many of the students had been given papers they were supposed to fill out by asking us questions; one of the questions was, "How often do you use writing in your job?" And they were all surprised when I answered, "Every day". I need to discuss design, bugs, performance, releases, strategy, &c &c, and all over e-mail. Writing (and typing) is a core skill for me.

Comment Re:supplementing the diet of well-nourished adults (Score 1) 554

Note that the studies do not say multivitamins are worthless, nor does it address any other health areas except those three. That is just the headline sensationalism.

Did you miss the part where the TFA's title said "Stop wasting money on supplements"? The article itself is trying to make the argument that it's a waste for most people to take multivitamins. But the reason given is that it doesn't prevent death, heart attacks, cancer, or dementia.

Guess what? Hiring policemen don't prevent natural death, heart attacks, cancer or dementia either. Neither does wearing a seatbelt. Neither do all those safety regulations on cars and aircraft. Are they going to write an editorial next saying that we should "Stop wasting money on police, seatbelts, safety regulation", and cite studies showing that they don't prevent natural death, heart attacks, cancer, or dementia?

Vitamin deficiency causes all kinds of random problems that are often not quickly diagnosed. Do a cost-benefits analisys. It's a low probability that I'll have a vitamin deficiency, but if I do, vitamins will help a lot. Given how little they cost, it seems like a no-brainer.

Comment Re:Licensees should be able to recover their payme (Score 3, Interesting) 192

What would be better is if the US patent office had to repay the royalties (or perhaps a percentage of them). Then there would actually be incentive for them to be careful about the patents they approved. As it is, they get money for any patent they approve, and no negative consequences for approving patents which are later overturned.

Comment Re:terrorism! ha! (Score 0) 453

Cuts and scrapes get soap and bandages.

Of course, and that's the right thing to do -- until such time as you discover that your leg has actually been infected, and that you need antibiotics. It doesn't happen very often, but when it does, it can be incredibly dangerous. I don't know what the rate of bacterial infection is for falling out of a tree, but let's say it was 1 in 1,000. No antibiotics means that goes from "1 in 1000 children who scrape their knee hospitalized" to "1 in 1000 children who scrape their knee die", which is pretty bad.

You don't have to know how the computer works, just how to work the computer.