Forgot your password?

Comment: Re:Blame them, not Heartbleed (Score 1) 85

by plover (#47724497) Attached to: Heartbleed To Blame For Community Health Systems Breach

Heartbleed may be a huge IT problem, but you seem to have forgotten that health care system decisions are not made by IT security managers. They are run by demi-gods that we mere mortals are instructed to refer to as "doctors." And the doctor's prioritized view of IT is this:

#1. Be Available. I may need this system right this second in order to save a life. I don't care if it's my kid's Nintendo DS, I'm telling you it might save a life.
#2. Stay The Hell Out Of My Way. Don't interrupt me when I'm saving someone's life. And you don't know when that is; just that if you're interrupting me, it probably is now.
#3. Give Me Exactly What I Want. For I am the giver of life and death, and you must respect me.

So unless a problem is currently causing them an outage (so not just any old problem, it has to be causing an actual outage), it won't rise to the level of severity that says "skip all quality control processes and immediately patch this."

It doesn't matter if the router is vulnerable to hacking. It doesn't matter if a hacker who pwns the router could brick it. It doesn't matter if he is stealing patient records. Those things aren't interfering with #1, 2, or 3. So follow procedures, deploy it in a lab, go through testing and QA, and install it only on Wednesday afternoons when the hospital admins are all on the back nine.

Comment: Counter argument. (Score 0) 44

by khasim (#47721017) Attached to: Couchsurfing Hacked, Sends Airbnb Prank Spam

Because it wasn't 1,000 words long.

But the counter argument is that he clicks on links sent to him via email prior to verifying their origin (who sent them) or destination (where do they link to).

Next episode - If only there was some way to inform people that they should not click on links in email. Even if they think they're from someone they know. How will the bitter rivalry between MySpace and Friendster play out?

Comment: Economic risk (Score 1, Flamebait) 139

by Michael Woodhams (#47717771) Attached to: How Argonne National Lab Will Make Electric Cars Cheaper

Some new game changing battery/supercapacitor breakthrough might be just around the corner. If so, all that investment in the battery megafactory could get wiped out. Ditto with investing in lithium mining.

So the megafactory might be still happily minting money 25 years from now, or it might be nearly worthless 5 years from now. Presumably this means we'll be paying a risk premium on lithium and lithium batteries. It seems to me that it would be smart for Tesla to be investing in the very technologies that might disrupt their factory, as an insurance policy. That way, if the fortune you've invested in the factory evaporates, hopefully you'll have a new replacement fortune due to having a stake in the new technology. However, this strategy requires that you have the funds for this speculative investment, and has you encouraging the very research which will ruin your factory investment. (Also, maybe you won't have invested in the right places and won't have a stake in the new technology.) In the case of Tesla, they are major consumers as well as (soon to be) major manufacturers of batteries, so there is an additional up-side to investing in the hypothetical tech breakthrough.

Is lithium mining expanding fast enough to feed this factory when it comes online?

Comment: Re:Blame them, not Heartbleed (Score 1) 85

by plover (#47714693) Attached to: Heartbleed To Blame For Community Health Systems Breach

Given our track record with Juniper, "drop everything and patch now" is a foolhardy approach, especially with something as important as a border router or firewall. I wouldn't apply any of their patches without seeing a long track record of safety. With heartbleed there was an unknown level of risk that they would be attacked; with any given Juniper patch there is a known risk the network would just go down.

Of course, given the choice, I wouldn't select a Juniper device to route packets to a doghouse, and would never place one as a mission critical node on any network. Then again, that's not my choice to make, just one we have to live with.

Comment: Re:So? (Score 2) 96

by plover (#47711519) Attached to: Your Phone Can Be Snooped On Using Its Gyroscope

I'm going to assume most phones already have actual microphones, so how does this add any additional kind of insecurity? I'm going to assume most phones already have actual microphones, so how does this add any additional kind of insecurity?

Apparently the sound from your mic and the echo from your gyroscopes were both parsed by your speech-to-text converter. I guess it works better than we thought!

Comment: Re:not true at all (Score 1) 133

by plover (#47711485) Attached to: FarmBot: an Open Source Automated Farming Machine

When you look at the technical advancements in agriculture, they're composed of small features integrated in to (or bolted on to) existing equipment. You don't need a new tractor, you just need to mount a GPS receiver and a database onto your old one. A processor no bigger than a cell phone can do lots of that. Adding electrically operated valves to an existing fertilizer or pesticide spray system? Again, very small. It doesn't have to auto-steer, it just has to know where it is, and where it's been.

The makers don't have to build the tractors, they just want to improve them.

Comment: Re:Blame them, not Heartbleed (Score 2) 85

by plover (#47711413) Attached to: Heartbleed To Blame For Community Health Systems Breach

I realize reading the article is considered bad form, but if you read it you'd learn they think they were breached sometime between April and June. Heartbleed was announced in April. That's somewhere between zero to two months. Lots of big shops have a monthly patching cycle, and you don't just drop every patch into a mission critical system the day it arrives.

Comment: Re:It's not like they've had 5 months to fix it... (Score 5, Insightful) 85

by plover (#47711369) Attached to: Heartbleed To Blame For Community Health Systems Breach

They said they think they were breached sometime between April and June. Heartbleed was announced in April. The window was zero to two months, not five.

And it's not that data security is a low priority, it's just that it may not be as high a priority as network availability. This is health care, where problems in communication might affect patient outcomes. "Hey, sysadmin, Doctor Green couldn't respond to his page last night, and the patient died as a result." These are the kinds of arguments that are thrown at the IT departments at every health care provider. Whether or not we consider them rational or valid is irrelevant.

So in that backdrop, we might try to understand that they probably don't just slam in every patch that the vendor has to offer, at least not without a giant process circus. I would guess that they have a patch intake process, where they have to run the patch by some engineering team that evaluates the nature of the patch, and devises some kind of testing plan to execute in their lab environment. They then have to pass it to the testing team who will set up and execute the patch process in the lab, document all their findings, and then turn the patch over to the production network team. They'll put it on their list, and they'll have their own manager who says "whoa, why are you security guys rushing to slam this patch in to my border router? Let's slow down and think about this one."

I could easily see it taking a month in a big, regulated corporate environment.

Comment: Re:Pretty obvious (Score 1) 115

by plover (#47709447) Attached to: Feds: Red Light Camera Firm Paid For Chicago Official's Car, Condo

There are the ethics of the money collected, but that can be fixed. I'm more concerned about the inequity of the penalty. If I had to pay a $300.00 fine for a red light violation, it would be slightly annoying. If my unemployed neighbor had to pay $300.00, he'd fall further behind on his rent, or possibly go hungry. Conversely, if I had to unexpectedly sit in jail for a day, my projects would suffer, my employer would have no sympathy, and my job might be at stake; while my neighbor would simply wait out his days with little else of consequence. So if I know the penalty is monetary, I can afford to run the occasional red light. If we know the penalty is to serve time, my neighbor might run a red light just to get three squares.

How to best create a fair penalty is a difficult proposition.

Comment: Re:how are cops like bank executives? (Score 4, Interesting) 227

From TFA:

“Now we’re going to give you what you deserve for meddling in our business and when we finish with you, you can sue the city for $5 million and get rich, we don’t care,” Lt. Dennis Ferber said, according to the suit filed in Brooklyn Federal Court.

It appears the police followed exactly your logic. However if that statement is substantiated, Ferber's boss would be seriously derelict in their duty if they didn't fire him for this. He's publicly stated that he doesn't care about knowingly causing a multi-million dollar liability for his employer. IANAL, but I expect that should these cops not get punished and pull a similar stunt again, the city would open themselves up for greater punitive damages, as they'd let employees with a known track record of rights abuse continue working where they were likely to abuse again.

It would be good to see criminal proceedings, but I doubt it will happen.

Comment: Re:not true at all (Score 3, Insightful) 133

by plover (#47706775) Attached to: FarmBot: an Open Source Automated Farming Machine

And thus this is likely yet another solution without a problem.

No, I think the desire here is for it to be Open Source. Current agricultural tools are proprietary, where you pay a ton of money for the special GPS receiver, arrays of sensors, a database of moisture, fertilizer, and yield readings, continuously variable spray systems, auto-steering systems, and everything else.

The current systems are brilliant: they can reduce fertilizer usage by 60% or more by applying the proper amount of fertilizer on the areas that need it. This reduces cost, excess chemicals, and greatly reduces polluting runoff. They also measure how much water the crops need, and adjust irrigation accordingly. And in a greenhouse, they can even measure and control the light.

But all of that is not all that difficult to solve, apart from the hardware. Makers are getting pretty good at producing open source hardware for a lot of smaller things; and there is a desire to get open source solutions in the hands of the developing nations.

So I think there's a lot of problem out there that this could yet solve.

Comment: Re:Windows 8 app store? (Score 1) 179

by gl4ss (#47700567) Attached to: Microsoft's Windows 8 App Store Is Full of Scamware

well that exactly is the joke that windows mobile 6.5 is more full flavored operating system than windows 8 rt or windows phone 7/8.

so you have all the scamware and nothing "must have" in the appstores. heck, they initially tried to tell that you'll need to use the appstore to download 8.1 update for x86 windows 8. but guess what? you'd be a real voodoo man if you could dodge all the prompts to install the 8.1 update that get shoved to your face!!

Comment: Re:How many years could he be charged with? (Score 1) 297

by Shakrai (#47698613) Attached to: WikiLeaks' Assange Hopes To Exit London Embassy "Soon"

Because Assange has said that if Britain and Sweden would put forth a good-faith promise not to extradite him he would happily travel to Sweden to face the molestation charges.

Which Government on this planet is willing to negotiate with accused criminals in order to bring them to trial? It doesn't happen, not in Democracies or Dictatorships. The most you might get is "I'll surrender at the station tomorrow morning so you don't have to haul me out of my house in handcuffs." but even that isn't a sure thing.

I judge a religion as being good or bad based on whether its adherents become better people as a result of practicing it. - Joe Mullally, computer salesman