Forgot your password?

Comment: Re:Wikipedia is unreliable (Score 1) 146

by plover (#47567767) Attached to: An Accidental Wikipedia Hoax

My point is there are not enough searchers working on our behalf, primarily because there is not enough incentive. (The NSA and Chinese may have found the bug years ago, for all we know, but they have a strong incentive to find vulnerabilities. Not enough people are paying White Hats to find these bugs and get them fixed.) Linus' Observation uses the clause "given enough eyeballs", which implies to the reader that someone is actually providing the appropriate number of eyeballs required. That implied assumption is made every time someone says "Open Source software is more secure than proprietary software, because of Linus' Law." But it simply hasn't proven to be a realistic assessment, or a very effective guarantor of security.

There's an unwritten corollary at play here: "given enough code, you won't have enough eyeballs." And that's something else keeping Linus' Observation from becoming a valid hypothesis. It even applies to this story, as well. "Given enough Wikipedia articles, there aren't enough fact checkers."

Comment: Re:Fire(wall) and forget (Score 5, Informative) 305

It doesn't matter if it's a rational argument backed up by facts or not, or if he's done a risk assessment, or if it's a free, cheap, or expensive firewall. The Payment Card Industry's Data Security Standard (PCI DSS) has as their very first requirement 1: "Install and maintain a firewall configuration to protect cardholder data." It's not an optional requirement, and you can't justify not having one.

If you're going to handle credit cards on the system, it has to be protected with a firewall.

If your POS vendor isn't requiring a firewall, either they are not selling a system that takes credit cards, or they are selling shoddy, insecure systems that are in violation of PCI DSS. Fixing these problems will cost you dearly; worst case, they are setting you up for a breach.

Comment: Re:Wikipedia is unreliable (Score 2) 146

by plover (#47566779) Attached to: An Accidental Wikipedia Hoax


It took 4 years before it was discovered, and even then, it was only found because it was a security-related bug. Shallow bugs don't cause the Internet to break.

"Linus's Law" is a failed hypothesis; it is not a theory, and certainly not a law. The distinction is important. At best, it could be rewritten as "Linus's Oft-Repeated Wish."

Comment: Re: Citing Wikipedia (Score 1) 146

by plover (#47566667) Attached to: An Accidental Wikipedia Hoax

So you read the history and discussion pages for that Wikipedia topic. Then you get all sides of the argument (for popular topics).

I would do this kind of research if I were referencing a hot-button topic, or a political figure, etc. I expect multiple viewpoints, vandalism, and trolls are all intertwined when the topic is controversial or widely publicised. I do not expect such nonsense on a page for a children's book, or on satellite orbital mechanics, and would not necessarily think to dig in there.

Comment: Re:Car analogy? (Score 4, Funny) 262

by plover (#47566033) Attached to: Ford, GM Sued Over Vehicles' Ability To Rip CD Music To Hard Drive

Could someone explain this to me with a car analogy?

Imagine you have an iPhone, and you rip CDs in iTunes to fill it up with copies of your music. Now, you want to go down to that place on the corner where they serve really good lunch. You put in your earbuds, crank up the ripped music, and start walking to lunch. As you proceed down the street, a lonely old man staggers and falls. You rush over to help him, and realize he's having a heart attack. You use your iPhone to call for emergency services, and wait with the man for help to arrive. While you are sitting on the sidewalk, and a greasy man in a cheap suit walks up and says "I'm a lawyer, and I'm going to sue you for not saving this man's life." Just then, a cop driving a Ford screeches to a halt, running over the lawyer, backing up, and hitting him again.

It's the opposite of that.


Comment: Re:Arneson (Score 1) 177

by plover (#47562119) Attached to: How Gygax Lost Control of TSR and D&D

D&D as a system wasn't really all special; there were competing systems back in the days he was at TSR which were every bit as enjoyable and arguably easier to play. But D&D had two big things going for it. First, when the three basic manuals for AD&D were published it had by far the best organized and written materials. The Monster Manual was particularly useful. Second it had the network effect: it was the best system to learn to play because everyone else knew how to play it. You could start a campaign at a drop of a hat -- no need to bring everyone up to speed on yet another set of rules.

Actually, those two things made it remarkably special! It's the overall accessibility and organization that made the system work. While my friends and I tried to start out with Chainmail, we didn't have anyone to show us how so we never really figured it out, and it wasn't very satisfying. But when AD&D came out, we were able to read the books, grasp the concepts, and actually play the game. The game mechanics aren't important, as you can just skip over the awkward rules you don't like (psionics! Bah!) The real magic was the whole of the system didn't hinder our imaginations.

And Troy, if you're reading this, I want my White box set back, please, along with all the other supplements. You've had them for 35 years, now it's my turn.

Comment: Re:When going into business with Friends (Score 1) 177

by plover (#47556467) Attached to: How Gygax Lost Control of TSR and D&D

Going into business with friends or relatives is not a problem.

Just treat it like a business. When your cousin comes to work for you, you're under no different obligations as an employer than you would be if they weren't you cousin.

Actually, that's a real problem for most of us. A familial bond is one of care and protection. Family means that you defend other members of the family, even when they're stretching boundaries. And we have different levels of permission based on context, where the boundaries outside of the family are different than the boundaries inside the family. For example, if a kid gets into a schoolyard fight, the father might defend the kid's behavior; but if the same fight occurred between siblings, he might punish both equally.

A sociopath has no problem flipping the switch, to decide that they can ignore the family ties. For the rest of us, it's not that easy. (Please note that I'm not saying people who successfully hire and manage family members are sociopaths! I'm just saying it's hard.)

Looking at it another way, if it were "not a problem", if it was easy to treat family members equally, the phenomenon known as the 'Son of the Boss' wouldn't exist. But it exists everywhere.

Comment: Re:The human side of the story (Score 1) 124

Perhaps you don't understand how governments and large corporations structure themselves in order to save money: they use contractors instead of employees for exactly that reason.

Regardless of the disaster scenario, employee/employer rules stipulate they have to pay their employees during the time when they're normally expected to work, even if they can get no productive work from them. If they have extended downtime due to fire, construction, etc., They would have to lay off the unused workers, which means paying unemployment benefits. Contracts, on the other hand, can be written so they can be paused or terminated at will. It's up to the contracting firm to manage the pay when they're "sitting on the bench", and most of those contracts provide no compensation for periods of non-work.

On the flip side, when you are hired as a contractor, you explicitly sign up for those risks. Even though it may look like a regular job, it isn't. It's a contract.

The human side of the equation was carefully measured and surgically extracted back when the government decided to use contractors instead of employees. Employees cost too much.

Comment: Re:Earthshaking (Score 2) 124

When the Chicago loop flooded in 1991, the Marshall Field's State Street store was impacted. Being the headquarters for the Marshall Field's chain, they had their data and networking centers on the tenth floor. Their network topology was a hub and spoke affair, and the State Street store was the hub. The operators continued working in the building the entire duration of the flood. They had to wade through water on the ground floor to reach the stairs to climb the 10 stories to work. The electrical bus normally feeds from the lower levels, but when power was cut the computers and routers had to be kept running, so the generator on the roof was fired up. The generator was not dedicated to the computer systems, and powered the entire building. The operators said they saw the water boiling around the electrified bus.

I don't know if all that was actually true, but I do know that throughout the entire flood and recovery, the chain experienced no network outages. The fiber optic cables carrying the data had no problems being immersed, and all the terminations and transceivers were in the data center on the tenth floor.

Comment: Re:Stability (Score 2) 86

by plover (#47539733) Attached to: Nightfall: Can Kalgash Exist?

Couldn't an already evolved planet be orbiting a star that is traveling, and is then captured by a multi-star system?

Assuming that evolution has produced other forms of life in many systems around the universe, it makes sense that it's done so on stars that have then had their travels altered. And yes, there are all kinds of problems. During the transition, would the evolved planet remain a safe distance from the other stars in the cluster? Would any of the life on it survive as it changes to the new orbit? I don't imagine much life would survive on Earth if we had to make a pass as close to the sun as Mercury, but it's possible a few microbes would make it and evolve again in another billion years.

"We learn from history that we learn nothing from history." -- George Bernard Shaw