Become a fan of Slashdot on Facebook


Forgot your password?
Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×

Comment We Already Have A System Like This... (Score 1) 176

... It's called taxes. You pay an amount proportional to your income, plus or minus adjustments based on your personal situation.

Public universities, colleges, tech schools, etc., should be completely free to all citizens, paid for by tax dollars. This is an investment in our citizens and our culture and worth the tax money. Most students on average would pay the money back and then some in taxes over their working lifetimes anyway, so it's a net win. Plus, studies have shown that we could offer free tuition and actually SAVE money from our federal budget compared to the enormous amount of money we dump on banks to prop up the failing student loan "industry".

It's obscene what we're allowing to happen to our young people; starting life with a massive debt really puts a huge roadblock on the path to prosperity and happiness, one that is not easily overcome, even when working hard. My wife had private loans for an average cost university. They make the loans sound so simple, but by the time you graduate you have 8+ loans (at least one for each semester, but possibly more since sometimes a bank is not willing to give a loan for the complete cost of a semester, so you have to get another one from someone else to finish it out) each with a minimum of at least $50 and before you know it, your monthly minimum is a mortgage payment of $600+ a month. So we're effectively requiring students to pay a mortgage right out of school (on top of the real rent/mortgage and cost of living). But then when students ask for higher wages to pay that bill, many of the older generation scoff and call the kids "entitled". If companies and HR want to continue demanding degrees for every position, then they need to pay the cost of doing business and raise wages.

So tuition should be free to everyone, at any time, funded by taxes from individuals and businesses alike. Aside from obvious young adults age 18-22, I think we should encourage anyone of any age to attend college whenever they wish, and push the idea of microdegrees or certifications or badges, or whatever you want to call them. Why shouldn't a 30, 40, 50 year old be able to attend an engineering seminar to brush up on skills? Or a history class for fun (better use of time than sitting in front of the TV!)? We should encourage everyone to pursue life-long learning, not just the fresh-out-of-high-school crowd. We can do that when tuition is free and there is no financial risk to giving it a try and backing out later if demands of life (kids, work, etc.) prove too much that particular semester.

Bernie Sanders has called for tax-funded tuition-free universities. If you want to see this too, chip in a few bucks to his campaign.

Comment Is the operation Authentic? (Score 4, Interesting) 85

Continuing the fine tradition of not RTFA around here, I didn't read the research paper but I did skim wikipedia's entry.

Nowhere do I see any mention of authenticity. This is as important as confidentiality and integrity. I'm not saying there isn't a solution (I'm not a cryptographer) but I wonder if anyone has any insight or links to a solution if it exists.

Here's the scenario. Homomorphic encryption lets us keep the data constantly encrypted, maintaining confidentiality. Ok, that's cool for data breaches, we stay much better protected from loss of confidentiality.

But what if a malicious actor purposely performs an operation on the data? Changing genomic data in this case might mess up diagnoses/research, etc. Future applications could be stuff like medical billing -- if its easy to tack on another bill, even if you don't know previous bills because its encrypted? Is there any mechanism that checks that the operation we perform on the encrypted data was authorized, i.e., that I am a manager allowed to do the operation and I specifically consent to performing the operation? Typical integrity checks wouldn't catch this; integrity is correctness of the data, which means it will only verify the computation was performed correctly and then move on. Authenticity is a different issue.

I would suspect Microsoft Research thought of this. My question is: is there a countermeasure that can be described as part of the algorithm? Or is the countermeasure "be careful with any software that uses this algorithm, make sure it checks authenticity before applying operations!". If the solution is for developers to be careful, I'm not convinced the algorithm made anything better. Many developers do not know cryptography and may assume safety, or may not have the time and resources due to a manager driving a hard deadline; in these cases, "we use MS's algorithm!" can get advertised without any increase in safety (and possibly even a decrease, as some might look to this as a crutch and reason why they can cut corners...).

Comment Taxes are basically a bill (Score 5, Insightful) 674

Wow, where do you get such a negative attitude toward taxes?

Look the best way to look at it is the following: just by existing, you require stuff. Food, clothing, shelter, and then the slightly more luxurious things such as heating your home in winter (unless you use lumber you chopped yourself exclusively), or using internet to leave the comment. Unless you don't use the internet or electricity and don't have a job and feed yourself exclusively through farming, then you use or require something provided by the public.

Oh, but "I pay for my own internet/electricity/whatever", right? Something like $1 of every internet bill I get is a "Universal Access Fee", which gives people in the middle of nowhere access. Why? because business decided that it's not worthwhile to support you, and we as a society decided it was worthwhile to do. So, we pay a fee (tax, really) that subsidizes costs. Electricity is generated from things dug up from the ground, and that may have caused environmental issues to another region. To be fair to them, we help them clean it up. Goods are trucked in via roads that were paid for by the public. Your healthcare, even if you paid totally out of pocket for doctor and medicine, largely came about due to the US government guaranteeing student loans for doctors (otherwise, banks would not provide such a large amount of money with no collateral) and the fact that public tax money helps subsidize medical research (even if that research ends up owned by a private company, but that's an ethical issue for another day...).

Essentially, by existing, you require stuff, and some of that stuff is not something a free market will support. Too much risk, not enough reward, whatever. So, we as a society get together every once and while and say "Well this needs done anyway, so if business won't do it, how do we pay for it?". We negotiate a small amount every citizen pays into the pool to do these things, and send everyone a bill for the services. This bill from the government is called "taxes".. What, you expect everything to be for free?

Taxes is the bill you get for society to provide you with a modern lifestyle. Now the nice thing about it is that this bill is somewhat negotiable; through voting and our system of representatives, you are more than welcome to be part of the process and haggle for cost and even which services we consider important enough to do/offer. If all you do is complain online and never be involved in government affairs, you're kind of missing the point of living in a democratic society.

So, stop complaining and pay your damn bills. If you're not happy with the service/cost, feel free to get involved in government and change it. At least you have a chance with government... if you're unhappy with your private sector service, they just tell you to get lost.

Comment Re:Authors Of Textbooks Are Not Getting Rich (Score 1) 363

My wife has written many collegiate level textbooks and they are used at many different schools. She netted a whopping $600 in royalties for 2014. The authors are not getting rich on sales of textbooks. Their salaries dwarf what they earn for publications.

Next conspiracy theory ...

What course did she write a textbook for? Upperlevel books probably don't have as many students. In any case, the way to go these days is self publishing through Amazon or Lulu. Keep the profits for yourself and professors that work with you to edit the book. Pearson and other publishers rip you off. I think publishers are at this point almost obsolete. (I know, editors are good, and they may get you some publicity, but neither of those is worth how much they rip students off and how much they keep themselves)

Comment Re:conflict of interest ignored here (Score 1) 363

At a normal university, there would be conflict-of-interest policies that apply and would probably prevent a department from forming a policy to require a course purchase which benefits a faculty member financially. At Cal State Fullerton, either there aren't any strong policies, or they are being ignored, apparently.

I can agree with that. I wrote a small book for a course, back at my old university. I was not allowed to make a profit from the book in any class that I taught. It was picked up by another neighboring university though, and that was ok (though I keep the price low anyway, about $30 right now, only a small profit, because I don't believe in $100+ books, education should be more or less free).

Comment Re:If... (Score 5, Interesting) 363

As a former university and tech school mathematics instructor, I'm happy to throw in my take on it.

Most textbooks are absolutely dull, and are full of extremely contrived examples designed to "show how useful the subject is". Many subjects are extremely useful, but perhaps to only certain fields, so it's sometimes difficult to explain the utility to a first undergraduate course in the subject. This makes many students bored because they're smart enough to realize they're essentially being lied to -- the examples are obviously contrived and lame. Furthermore, it pushes this idea that unless there's a "practical way to make money" on the subject, it's worthless, which is absolutely not true. We should encourage philosophical thought for its own sake, and recognize that such thought sometimes leads to great discoveries long term, even if we don't know how its useful right this minute.

So that being said, the textbook industry knows Education is a buzz word in politics. They know getting Good Jobs (TM) is another buzzword. So they rewrite the textbooks every year now. The actual content doesn't change (or at least not for the best; I think they often just remove content!), they just swap chapters around, and most importantly, tailor the contrived examples to the buzzword industry of the year. They can then go around convincing politicians, school districts, and universities that their books "prepare students to enter the workforce" and you absolutely need the latest edition or your students won't have the advantage others' do. It's kind of a bullying -- they make the professors feel bad, and if they manage to stand up, then they go to the school board or university administration to get their book in.

To convince people of the book, they spam free copies of the book to everyone. They hand out swag at conferences, reminding them of how awesome they are for publishing. They get name recognition.

Professors then start to feel bad that maybe my students are not receiving the same advantage as everyone else, let me use what they all use. Going through graduate school, I had my share of completely awful textbooks for courses. Couldn't learn a damn thing from them. We asked the professor about it (several different ones for different classes) and the response was almost always "this is the standard textbook nationwide on this topic".

Having a standard breeds mediocrity in some sense. To me, University is meant to open your mind to new ideas. I think they should be a little different between semesters and professors. Shake it up. Cover a few new topics, especially if the students seem interested. Throw out a few topics because maybe there's little interest. Why not tailor it to what the students want, rather than university and accreditation boards? I know, losing accreditation would be bad, but that's exactly my point -- the system has damaged what it means to have a university education. You just go through an assembly line, rather than being encouraged to explore your interested. Classes like linear algebra are amazingly useful, but (1) not every applied field in the world needs it, so I can see some instances where you don't want to cover all the nuances; (2) linear algebra is a very large subject and so even if a student should learn it, the question becomes: what part of linear algebra? What should be the focus of the class? We need professors willing to change it up based on student needs and interests. We're teaching kids how to learn, not rote memory -- if we do a good job, then even if we don't cover everything, students will know how to find and learn what they need in the future!

Finally, many textbooks themselves were not written because of someone's passion to educate, but rather to fulfill a bullet point for a PhD or tenure. Check the introduction/forward of any textbook; most of them will say "This grew out of work I did for my PhD....". It is almost verbatim someone's PhD thesis, but somehow undergraduates are expected to follow a PhD thesis on a subject (remember: read the book at home before class!). Again, it's because publishing a PhD thesis as a book gets you points, and you have to jump through these hoops to survive in academia today. Writing a good book takes a lot of time and effort, and isn't as impressive as getting research grant money, so I think few tend to do it. We just reuse someone's old PhD thesis and act like it was designed for teaching. The professor took lots of time to write a book, time that wasn't spent doing research, so I'm sure getting the book sold to make up for "lost income" becomes somewhat of a priority (not everyone, but I'm sure some).

I think my summary is: very few in the whole process have students' interests in mind. Publishers are looking to make money from a field they know won't die out (don't think people are going to suddenly stop going to college, pretty constant revenue stream). Universities want to advertise they're keeping up with standards and preparing your kids for the real world, and can use publishers to back up that message. Professors want to do academic things to get tenure or make some extra money because of the low pay at some universities. I'm not sure that anyone in the process is malicious... just forgetting that students should be #1 priority, for the good of society.

Comment Don't Need Ads, Only Sponsors (Score 1) 307

It's not the advertisers you're sticking it to, though. You're taking revenue away from the content producers, so that eventually that content will go away.

Not necessarily. I've noticed a lot of the "content" I enjoy online is videos and music made by younger people that treat it as a gig. They don't throw ads in your face, they ask for you to buy stuff from their store (think funny t-shirts) or "donate" to them. Probably "sponsor" is a better word than donate. Many of them seem to be moving to using special websites like Patreon to raise income to support their creative projects. I gladly chip in a couple bucks a month on something like that if I really enjoy a particular project.

There's a lot of people that have their books hosted completely free online. (I think a lot of O'Reilly programming books are that way). I can read online, but I can also buy a paper copy. When I really enjoy a book and would like to have it for reference, I chip in and buy a copy. Considering so many authors do this, it must work for them as well. And I believe it -- why drop $50 on a book I don't know anything about? If I can preview it without being harassed, I definitely am more likely to buy it if its useful to me.

The point is, the internet allows us to directly sponsor the people/projects we want to see. I get warm fuzzies supporting someone for doing something creative I enjoy, and I know that person gets a much larger bulk of my contribution than our current ad-centric model (I know sites like Patreon have a cost, I don't have a problem with them charging a reasonable fee, but I know most marketing charges out the ass for it). We don't need middle-men advertisers annoying us and then skimming off the top before they give a meager paycheck to the creators. If advertising can't adapt, then that's their problem... I guess it become an industry that, like horse and buggy and plenty of other things, is an outdated obsolete industry we no longer have use for.

Comment Often aren't "math guys" but "arithmetic guys" (Score 4, Interesting) 616

Certainly, not every programmer with a strong background in math is like this. But I've worked with people who are proud of their math ability, and who would be the first to tell you how critical math is to programming, who write terrible code ... They pride themselves on their "uncommon" ability to keep lots and lots abstract details "in their heads," and in their "analytical" skills.

Throughout elementary, middle, high school and even into college (dependent a bit on major), we tell kids that "math" is learning your times tables, balancing a checkbook, and basically arithmetic skills. There's some algebra thrown in there in high school but for the most part, most people think of math as doing arithmetic. I'll give you an example. My mother says "You're so good at math!" whenever she's baking cookies and asks me how much flour to use if she wants to double the recipe and she typically uses 1/3 cup of flour. This isn't unusual; I heard this all through my life, from family, friends and even teachers.

Mathematics, however, is really just logical thinking. It is the art of logical reasoning about problems. Often applied to numbers, sure, but it doesn't have to be, or at least not in a concrete sense. It's more about reasoning about patterns, abstracting different types of problems (realizing that two problems you thought were different are actually the same type of problem!) There are whole college courses in mathematics I took back in the day where not a single number was written on the board. It was all symbols and functions and proving properties of things (meaning: what can I logically conclude about something based on this list of facts?). Being good at math really means being good at reasoning about problems, abstract away the difficulty, and notice patterns.

I think the disconnect is that there is a healthy population of people running around that declare themselves "good at math" because everyone they know (family friends teachers) tells them they are good at math... because they did arithmetic and basic algebra well. The end. I've met several people like that. Doing those things at a high school level is more about memorization (think: memorizing times tables, memorizing "FOIL" method for multiplying polynomials, memorizing quadratic formula, etc.) than logical reasoning. You might get a taste of that in high school geometry if you're lucky, but honestly even that seems to mostly be "memorize this proof about geometry" without really building logical reasoning skills that can be applied to other problems. You just do it for the sake of doing it, from the students' perspective.

The people that are "good at math" you meet that suck at programming are likely the people that fall into this category. They were great at K-12 math classes because they can memorize and hold a lot in their head, and they probably learned programming by the same method -- look at code (in a book, google search, whatever) and memorize the code. They memorize what functions do what, and how to throw things together, but they never really internalized that abstraction and problem solving that a true mathematical mind has. So they never really learned how the code goes together, or why one pattern is better than another. They just memorized an approach that worked in the past. I've seen a lot of that too unfortunately.

A real college level course in mathematics is really eye-opening (likewise, I think physics majors and a few others also experience this), and I think that ability to reason abstractly really does make a huge difference in how you approach problems. Even if you never directly use your math classes at your job, having gone through those classes permanently change how you think about and approach problems, and I think that is a huge benefit. It's a shame most people -- even the ones "good at math" -- never take one of those classes.

Comment Re:Space Gives Positive Economic Outlook (Score 3, Insightful) 442

The (economic) question is however are those advances better (more progress/$) than direct funding of consumer products? Analysis shows no.

I am aware of such analyses, but do not know if such analysis is the consensus opinion or more a conjecture at this point.

I would still argue that overall the other benefits I listed imply that government funding of such things would be good. If nothing else, business is sometimes very risk averse, and once government research proves something is feasible, then they will jump on it (see the various businesses that have popped out of projects started at FFRDCs, for example). So such funding would then jumpstart consumer products that wouldn't have been tried in the first place by the private sector.

Comment Space Gives Positive Economic Outlook (Score 1) 442

space exploration returns next to nothing, its basic economics

The problem with statements like this is that "basic economics" is not always correct. It is a model, and like all models, it is incredibly helpful at helping us understand things and make predictions, but it doesn't always reflect reality. Most economists didn't predict the debt bubbles and economic issues of the past decade, for example.

In any case, let me illustrate why it's actually a great thing to do space exploration, even when other things need done too (nothing is mutually exclusive):

  • Science/engineering advances from space exploration often find their way into consumer products, allowing new businesses and innovations to develop. Often advancement in science and engineering understanding seems "dumb" until someone realizes a purpose for it (see for example, computers and all of the naysayers on how practical/useful they would be).
  • A strong space exploration program will be enticing for some of the world's top minds, and allow the US to "capture" those minds thru immigration. Those people will go on to develop great scientific advances and some of them start great companies, which will be American companies rather than $country companies.
  • People need to be hired to build and test these space exploration devices (satelites, landers, rockets, etc.), so we'll employ a bunch of people for a while and pay good salaries. That will help bring down our unemployment numbers and bring down family debt. When the program is over, they'll have something cool to put in resumes as they look for other work in the private sector or even start their own businesses. Or possibly we can keep working on awesome future space projects.
  • A space program that makes people excited will encourage more of the young generation to go into the sciences, making sure we stay competitive technologically into the future. We don't want current trends to continue, where there's little excitement in science (== little funding, no big projects, government doesn't support it, etc.) and so many of our bright students go into business instead, worried about their futures if they chose science.
  • Have you ever been to the Smithsonian museums? People from all over the world go there to see the lunar module and space shuttle and other stuff. They see the moon rocks. They buy their kids a t-shirt. "See the talk by the person that went to Mars!" or "See the Mars rock" or "Climb inside the real cockpit of the Mars lander!" would attract many tourists from across the world. And tourists spend money.
  • It's just plain bad-ass. Why does everything we do absolutely need to be profitable? Why is money the only judge of whether something is worthwhile or not? How about we just have pride in ourselves and our culture and do something because its there. At the end of your life, will you be happy that you saved $5 (your share of federal taxes paying for space program is so low that $5 probably isn't that far from the truth in a back of the envelope calculation) or that you got to see a person land on Mars on live TV? I'd rather have an interesting life than a boring one with more money.

There's probably even more arguments than this but here's for starters. We absolutely need to focus on our national infrastructure, our educational system and student debt, and other issues (shameless plug for Bernie Sanders goes here, as he's the only candidate really talking about all of these things), but I don't think any of that work says you can't also spend on science at the same time. In fact, I think it's a necessity.

Comment The Law States That's The Purpose (Score 3, Insightful) 418

Clue #1: a minimum wage job isn't something you should live off of. It is expressly for teenagers and for folks who use it as a stepping stone or fallback until something better comes along.

Who says? This is misinformation/propaganda being spread. If you look at the actual bill that instituted the minimum wage in the US (the Fair Labor Standards Act of 1938), the law literally says the reasoning for setting the minimum wage is "Congress finds that ... labor conditions detrimental to the maintenance of the minimum standing of living necessary for health, efficiency, and general well-being of workers causes ..." and then goes on to list negative effects of not being paid enough to live. So yes, the law quite literally states that the minimum wage is something you're meant to live off of. (Feel free to read the law yourself on the Dept of Labor website.

This idea of "teenagers can do it" is only a ploy to make people complacent with low wages. Remember a teenager at 17/18 can easily be out living on their own and not have the support of family (for many reasons: family doesn't have ability to help, family has cancer and teenager needs to support them, family is crazy/insane/drug addicts, family is dead, etc.), and so even teenagers should make enough money to support themselves.

Clue #2: these jobs usually require little-to-no skill, and consequently do not bear the value of $15/hr at current inflation/valuation.

When the minimum wage was instituted in 1938, the many US jobs were in agriculture or simple manufacturing. I don't consider those jobs to be "high skill", but that doesn't mean they're not super important (without food, we die -- about as important as you can get! and manufacturing gave us the modern world, despite many of those jobs being just to screw the same bolt on over and over). So for one thing, skill does not equate with importance, and I think important jobs especially should be well paid.

Furthermore, have you seen secretary and human resources job these days? Also requires pretty low skill (mostly just typing and sending emails and filling out forms -- anyone who can read and write can do it, really), but look at how much these people make (in my area, you can get jobs in HR making upwards of $50k with only minimal experience, much above minimum wage). If we were going by your metric, these paper-pusher jobs should be making low pay and important jobs like farmers and restaurants that provide me food should be making more.

All of this is an aside from the real goal of minimum wage, which is that if you do ANY type of work for anyone, you're important to someone and should be able to support yourself doing that work. If you're not needed, why did the company hire you? I'm tired of this idea that companies are entitled to cheap labor; if your company requires effectively slave labor to exist, then how about we state the truth that your company is failing, not doing well, and maybe should go bankrupt due to mismanagement rather than keeping it chugging on the backs of the poor?

Clue #3: when you price human labor too high, automation becomes more attractive. There are already machines that can effectively replace fast-food cashiers, and are cheaper to operate and maintain than $15/hr people. There are also machines coming online that can operate the back-end of a fast food joint as well, which will also just come under the wire as being cheaper (but would come out ahead by being reliable, on-time, etc.)

That is going to happen no matter what because of corporate greed to always maximize profit. Even if we paid people $1/hr, at some point people would need to eat and sleep while a machine could work all night long straight, cranking out more widgets. We can't compete with technology.

What we instead need to do is have real discussion on what the future economy looks like when jobs are phased out by robots. Probably future jobs would be more creative engineering or artistic jobs that robots can't do and it will work itself out and the economy will keep moving on, but we will have a transition period before we get there and it will be different than what we have now. In this transition, we need to do the humane thing and help people transition. That means making sure people's needs are met as they go back to get training for jobs, whether they be more academic (engineering/science) or more trade level (arts and crafts, music, cooking, stuff that makes people happy and can make money). It's not anyone's fault that robots were invented and are taking over, so why do we hold it against them that they should have someone thru clairvoyance known of the impending robot takeover and planned accordingly?

Clue #4: sucks to say it, but no one owes you a living -anything, let alone a "living wage" (whatever that means). Safety nets and charity are for those unable to help themselves, and obviously for those among us in temporary desperate situations, but that's it. Meanwhile, if you are able-bodied and not mentally defective, then it is up to you to better yourself by any legal means possible.

This makes the incorrect assumption that people have control over job availability. I know plenty of people with experience in fields that are drying up (drafting is a good example) -- used to make good money and be steady pay, now with automation, there's few jobs to go around. What is someone with 20 years supposed to do? That field has no jobs left; I know a guy that is looking. He also can't get into a new field because they pigeonhole him: "Why are you applying for this? Your experience is in a different field". He's quite able-bodied and intelligent person but its not working out. He's taking evening classes to go more into computer work, but that doesn't happen overnight. What do you propose he do in the meantime?

We need more than just a simple safety net, but a system that makes sure you have the chance to get ahead (good wages help you pay for things like school for example), and when things like the economy shift, is there to help you transition to new work.

Comment Re: CVSSv2 (Score 1) 30

From what I have seen, Mitre and NIST often show inaccurate CVSS scores on the CVE pages.

Have to stop you there, sorry for perhaps being a bit pedantic, but the NIST score is more or less the "official" score of a vulnerability, given how closely they work with organizations like MITRE. The CVSS scoring rules have some nuance to them, and in some scenarios the official rules on scoring a vector is not what you'd expect. NIST tries to follow the official scoring rules as strictly as possible. You may not agree with the rules (and many people don't, I'm not trying to knock you), but technically their scores are the most accurate.

CVSS recently released v3.0 scoring in order to try to address some criticisms in scoring. It did this by upgrading its base vector to be a bit more easily comprehensible by adding obvious metrics like "user interaction required", which was previously embedded in "access complexity" in v2. I think in general I like the concepts and it makes it easier for the most part, but time will tell if the general public agrees. The sticking point I think is the idea of scope, which is not a bad idea in general, but the definition seems a little fuzzy to me. We may have only shifted where the nuance is, and so disagreement in scoring may continue into the future.

In order for the metric to be truly useful, every organization has to localize measurement to their environment and each vendor needs to measure impact against their use or non-use of the underlying code. At the end of the day, it's all about risk measurement, but with those steps you end up with a reasonably accurate assessment.

Exactly. CVSS allows for this by use of temporal and environmental scores, but unfortunately, most organizations don't use them. This means most people run around talking about the base score without a clear sense of how it applies to them. I've seen vulnerabilities with a base score of let's say 7.0 or so being knocked down to 1.5, after you factor in its temporal factors (such as a patch being available) and environmental factors (such as not very widely deployed). I wish more people would talk about the environmental factors. CERT is one of the few places that lists temporal and environmental metrics, though their database is not comprehensive.

CVSSv3.0 is weakest in the fact that they essentially threw out the environmental metrics; yeah, its technically there, but its shadow of its former self -- it doesn't include important metrics like population anymore. I hope they will put that back in for CVSSv3.1, and encourage more widespread adoption.

There is nothing wrong with the current system that wider spread adoption and education cannot fix. Part of the problem is the media hype surrounding the bugs. If every little issue wouldn't get a cute name -- Shellshock, Logjam, POODLE -- the reactions might be a little less kneejerk.

I agree, but education can sometimes take a while and be harder than you think. There's momentum -- and money -- behind the current system. You get everyone wound up, and then offer to sell a widget that "protects against it". There's a lot of snake oil for sale in the industry right now, and so far, companies and governments are eating up. It will continue as long as money is being made. The bigger question is, how do you make it more profitable to tell the truth about threats?

Organizations like CERT tend to straight talk it and provide honest feedback with their temporal and environmental scores, but they're not picked up in the media as much as these security start-ups that are out to cause a ruckuss and make money. The start-ups seem to me to be more marketing companies than security companies these days; they tend to overinflate the CVSS base score and talk it up by reaching out to media directly, when in reality, the base score itself may not be that high, nevermind that temporal and environmental factors might lower it more. Fear makes money right now.

Comment Re:If only there was a rating system for this... (Score 1) 30

Temporal and environmental factors and only be assessed by people in the know. Windows shops obviously don't care about Linux vulnerabilities and vice versa.The base ratings are strictly focused on the vulnerability. Other factors you need to determine yourself... And there's already a system for that.

Yeah that's kind of the problem, most companies don't use temporal or especially environmental factors. If you base everything on the base score only, you're not getting a really accurate feeling for the severity of the vulnerability.

The other problem is that CVEs tend to be treated in the researcher community as gold. You list CVEs on your resume, for example. CVEs are not meant to indicate severe vulnerabilities, or even all types of vulnerabilities -- many things that are important don't get CVEs, while many lame vulnerabilities do have a CVE. These systems need rethinking in general.

Comment Re:Probably GPL, but depends on Apple (Score 1) 171

It's because BSD/MIT pretty much are cool with anything as long as you attribute the code to the original author. That is the main requirement of distribution. So proprietary is ok as long as somewhere deep in the credits they add the name of the original author.

GPL meanwhile requires not just attribution, but the availability of the full source code. So you can't be a proprietary trade secret with GPL code, so any proprietary software using GPL is in violation of the license and therefore copyright law. It's illegal.

Submission + - Qt 5.5 released (

mx+b writes: The latest version of Qt, the cross platform GUI toolkit and development platform, is out for all major platforms. Highlights include better 3D, multimedia, and web support, as well as better support for the latest OS X and Windows releases (including Windows 10) and more Linux distributions.

Programmers used to batch environments may find it hard to live without giant listings; we would find it hard to use them. -- D.M. Ritchie