Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Bad move (Score 4, Insightful) 201

by hey! (#49161319) Attached to: Google Wants To Rank Websites Based On Facts Not Links

It is seldom the veracity of facts that the debate is over; it is their significance. But that happens to be where this falls idea falls short, because misinterpretation of facts is where the most potent misinformation comes from.

Case in point, "vaccine injury" -- which is a real thing, albeit very rare. Anti-vaccine activists point to the growing volume of awards made by the US "Vaccine Court" (more accurately called "The Office of Special Masters of the U.S. Court of Federal Claims") as proof that vaccine injuries are on the rise.

It is a verifiable fact that the volume of awards has grown since the early years of the program. That is absolutely and unquestionably true. However, that this is proof vaccine injuries is gross misinterpretation, because the "Vaccine Court" program is no fault. You don't actually have to show the defendant *caused* an "injury", you only have to (a) show the child got sick after being vaccinated and (b) find a doctor to sign off on a medical theory by which the child's illness *might* have been caused by the vaccination.

Since you don't have to actually prove injury in "Vaccine Court", the rise in cases and awards doesn't know vaccine injuries are on the rise. All that is necessary is that more people think that their child's illness was caused by vaccinations, and the low burden of proof will automatically ensure more awards.

And so there you have it. A perfectly factual claim can be cited in a way that leads people to preposterous conclusions.

Comment: Re:Thrilling (Score 1) 20

by hey! (#49160063) Attached to: Spacewalking Astronauts Finish Extensive, Tricky Cable Job

Yeah, cause Mars Exploration Rover, GRAIL, Dawn, New Frontiers, Solar Dynamics Observatory, the Spitzer and Kepler telescopes, all those things are boring science. Only nerds find things like discovering Earthlike exoplanets or determining the origin of the Moon thrilling. They should get their own news site so the rest of us don't have listen to stuff that only matters to them.

Comment: Re:Hashes not useful (Score 1) 284

by hey! (#49159733) Attached to: Ask Slashdot: How Does One Verify Hard Drive Firmware?

Again not necessarily. For example the web page and the download server might not be the same, in which case it is not true that being able to modify the download necessarily means you can also modify the webpage checksum.

Another example is when people download and stage a large file on their local network, which is very common practice. If the server on their local network, in a sense the file is modified "in transit", but the malware needn't be anything special or exotic. I'd go so far as to say if you stage anything on your own servers you ought to check its hash religiously before using it.

Yet another example of "not necessarily" is monitoring. It wouldn't be hard to automatically monitor the download page for unauthorized modifications. Of course you should monitor the downloads themselves for modifications, but that takes more time. You can monitor the hashes on the download page continuously from another computer, automatically shutting the page down if anything changes. That wouldn't prevent your download page from unauthorized modifications but it would contain the consequences and it's very easy to do.

This is what I mean by it's the stuff that goes *around* a security measure that makes it work. A hash doesn't do anything unless people check the hash. That includes people who are hosting the file. I often think of this as a kind of diminishing returns exercise; since people often have spent *no* effort on preparing to respond to being hacked, often the best marginal expenditure is in that direction.

Comment: Re:The law makes no allowances for irony. (Score 2) 96

by hey! (#49159617) Attached to: Craig Brittain (Revenge Porn King) Sues For Use of Image

It's well established that a person may become an "involuntary public figure" -- someone who does not intentionally thrust himself into the public sphere, but whose actions (or inactions) a reasonable person would expect to draw public scrutiny.

So the question is whether becoming a "revenge-porn" impressario is something a reasonable person would expect to draw public scrutiny. You be the judge.

Comment: Re:The law makes no allowances for irony. (Score 2) 96

by hey! (#49159313) Attached to: Craig Brittain (Revenge Porn King) Sues For Use of Image

Copyright is not necessarily the only law which applies here. It is possible, for example, to have copyright on works you have no right to distribute. If I write a libelous story about you, I *own* that story, but I can't publish it because it is libelous -- unless I alter the story so you aren't obviously recognizable.

IANAL, but I suspect that what matters here is the subject's "expectation of privacy". Even if you got her permission to take her photo with the understanding it's for your *personal* use, she probably has a reasonable expectation that you won't post it on a public website. In that case after a breakup you would retain copyright and the right to use the image for your personal use (although really how pathetic is that?), but you don't suddenly gain the right to share it with the world if that's not the terms under which she agreed to let you take her picture.

Comment: The law makes no allowances for irony. (Score 2) 96

by hey! (#49158485) Attached to: Craig Brittain (Revenge Porn King) Sues For Use of Image

Nor should it.

So this guy has *exactly* the same privacy rights as any other public figure has, neither more nor less. These rights are fewer than those enjoyed by non-public figures, but they are not zero. He can't stop people from using his image and name, any more than Kim Kardashian can. While in a sense she owns her public persona, she doesn't own every image of her that is taken in public. In other words people can't use her image to sell things as if she endorsed them, but they can use and even sell the image itself.

If this guy owns the copyright to an image, he can reasonably file a DMCA takedown. If the image is taken in a situation in which a public figure would have a reasonable expectation of privacy (e.g. inside his house), then he can take other legal steps, even though allowing that to happen would be poetic justice. The law doesn't deal in poetic justice, and judges aren't allowed to stop enforcing the law just because it would be cool.

Comment: Re:We need hardware write-protect for firmware (Score 2) 284

by hey! (#49158449) Attached to: Ask Slashdot: How Does One Verify Hard Drive Firmware?

That's a bit like saying that having a portcullis in the castle gate doesn't help you if the enemy is already inside the walls, which is unquestionably true, but misses the point that having the portcullis makes it harder (although not impossible) for the enemy to do that.

I agree that a more secure way to update firmware, but we have to be realistic in that this would also tend to create new targets for malware writers (e.g. stealing signing keys).

I suspect what we really need is stuff that will occur *outside the box*, such as better vendor of firmware downloads and some kind of police agency tasked with discovering and investigating dodgy firmware. But of course the objection remains -- such an agency itself would be a potential source of problems.

Comment: Re:Hashes not useful (Score 1) 284

by hey! (#49158411) Attached to: Ask Slashdot: How Does One Verify Hard Drive Firmware?

Seagate is correct. Putting a hash on the website doesn't improve security at all because anyone who can change the download can also change the web page containing the hash.

While I agree just slapping a hashtag on a webpage doesn't necessarily improve security, it doesn't follow that it can't.

Security is a holistic property; it's a property of a system as a whole. An important part of that is detecting when you've been hacked and knowing in advance what you're going to do. There are many scenarios under which publishing the hash codes of downloads improves security, but that *always* depends on people doing certain things, many of which can be automated on the vendor end.

Comment: Re:Can someone explain this? (Score 4, Informative) 79

by hey! (#49156569) Attached to: Oracle Sues 5 Oregon Officials For 'Improper Influence'

What they're alleging is that political staffers interfered with the project to help the governor's election chances.

As much as I believe Oracle is the spawn of Satan, if the governor's aides and staffers did that Oracle would have a reasonable complaint. When you sign a system development contract you agree to deliver a system and the client agrees to pay you. If you someone induces your client not to accept a system that meets the criteria, that's what lawyers call a "tort". It's something you can justifiably sue over.

Likewise there are many ways political operatives could potentially sabotage a project, and that'd be actionable too. Any non-trivial development project is dependent upon the client acting in good faith. They have to act as if they want the system. It's extremely easy for a client to cause a project to fail, by raising an endless stream of trivial complaints or by dragging its feet in its responsibilities like acceptance testing or giving feedback. It'd be all to easy for well-placed political operatives to undermine the bureaucracy's willingness to cooperate.

That said, in *this* particular instance the suit sounds like business as usual for Oracle, in other words acting like bastards.

Comment: Re:Where the economic system breaks down (Score 1) 254

by hey! (#49155959) Attached to: 5 White Collar Jobs Robots Already Have Taken

Here's the thing about technology prognostication. Timing is everything. Take predicting tablets being a big market success. People were making tablets back in the early 90s and people were predicting that it would take off. But the timing was wrong. It's clear to anyone who saw 2001 that tablets would someday be a big deal, but it took more knowledge than most people have to understand the prerequisites that could make that vision come true (display technology, battery weight and volume, processor performance and consumption, memory density).

This caution applies to dystopian predictions as well. People have been predicting that automation would destroy the economy for hundreds of years by now. Instead automation has increased productivity and raised wages. So it seems sensible to dismiss future predictions of an automation apocalypse. Except we can't.

Reasoning from historical experience is for most people reasoning by vague analogy. But each moment in history has to be looked at on its own terms, because sometimes things have to be just right for a certain scenario to unfold. The devil is in the details. So the idea that automation is going to produce mass unemployment is not certain either way. We have to look at conditions in *this* moment of history and reason specifically. That's hard to do.

Comment: Re:just FYI (Score 1) 77

by hey! (#49155893) Attached to: Banned Weight-loss Drug Could Combat Liver Disease, Diabetes

Well, like Paracelsus said, the dose makes the poison. Or in this case the release mechanism.

Blood concentrations of drugs usually peak an hour or two after ingestion and then taper off depending on the mechanisms the body uses to either break the drug down or excrete it directly (when you're an old Geek, you begin to pick up a lot of this stuff). So it's entirely plausible that the same amount of drug which would be dangerous in an ordinary pill would be acceptably safe in a timed release formulation, particularly if it is quickly eliminated from the body. The concentration in the patients' tissues would never reach dangerous levels. You can think of it as a lower "instantaneous" dose.

Comment: Re:Corporation != People (Score 1) 382

by hey! (#49155827) Attached to: Verizon Posts Message In Morse Code To Mock FCC's Net Neutrality Ruling

Corporations are a peaceable assembly of board members and/or shareholders.

This is an interesting, but not quite valid argument. The reason is that corporations are *not* an assemblage of individuals. Associations are. The laws and privileges entailed in being a corporation are different. If associations, partnerships and corporations were the same thing, the rules would be the same. But thery're not. Stockholders aren't financially responsible for the debts of a corporation, nor are they legally responsible for the deeds of the corporation.

I hold stock in a number of companies. Were I a *partner* in the corporations I could walk onto any of the company's properties, because it's *my* property. If I own stock in Target I can't just have a shufti around the back room of the store; it's not my store. It belongs to the corporation.

Also as a stockholder in a number of corporations, when those corporations engage in political activity they are not exercising *my* rights. They don't represent me in any way, nor do I have veto power when I disagree with them. When the Sierra Club speaks out on environmental issues, you can presume they speak for me as a member, because they exist for that purpose, and I joined on that basis. When JP Morgan Chase buys a congressman, they are not speaking for me, even though I hold stock. I'd rather they don't. I bought JP Morgan stock many years ago as an investment. Insofar as they participate in politics they're usually working against my interests.

"It's when they say 2 + 2 = 5 that I begin to argue." -- Eric Pepke

Working...