Please create an account to participate in the Slashdot moderation system


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Comment Re:.NET 5 is just what we need. (Score 2) 158

I'd be interested in learning more about the compatibility problems you're having with real apps and .net framework versions.

We know that there are ocassionally compat issues because we have large customers we work with to try and mitigate them.

There are already mechanisms built into .net for rebinding apps to use specific framework and assembly versions, e.g. the .exe.config file that you can modify without access to the application's source code.

In general, .NET 2.0 and .NET 4.0 are the two separate runtimes that you would currently need to have installed. .NET 3.5 is the newest iteration of the .net 2.0 runtime, and .NET 4.6.x is the newest iteration of the 4.0 runtime.

If you're trying to install an app and it says "i need .net 4", and you don't have .net 4 yet, I think that's working as intended. If updates to .net are breaking your apps, that's something we'd like to know about and help with.

If you have problems of the latter sort - .net updates are breaking your apps, feel free to contact me at this address and I'll see about putting you in touch with someone who can help.


Could a Change In Wording Attract More Women To Infosec? ( 291

itwbennett writes: "Information security is an endeavor that is frequently described in terms of war," writes Lysa Myers. "But what would the gender balance of this industry be like if we used more terms from other disciplines?" Just 14 percent of U.S. federal government personnel in cybersecurity specialties are women, a number startlingly close to the 14.5 percent of active duty military members who are women (at least as of 2013). By comparison, women are well represented in other STEM fields: "As of 2011, women earn 60 percent of bachelor-level biology degrees. Women also earn between 40 and 50 percent of chemistry, mathematics and statistics, and Earth sciences undergraduate degrees," writes Myers. Why the difference? Myers points to a comment from someone who taught a GenCyber camp for girls: "He found that one effective way to get girls to feel passionate about security was to create an emotional connection with the subject: e.g. the shock and distress of seeing your drone hacked or your password exposed," writes Myers.

Comment Long Time Runner Here... (Score 5, Informative) 169

I have been running for 30+ years at this point.

Some points:
* There is not going to be a perfect device. As the saying goes, a Swiss Army Knife is no replacement for a well stocked toolbox. A few dedicated devices will do the trick much better than an all-in-one device will.

* While listening to music while running can make the time go a little faster, a running partner will be a much better addition. When it is dark and snowing outside and you are warm and in your bed, knowing that someone is going to be meeting you in 30 minutes is better motivation than anything else. Training should also always allow you to talk while you run (otherwise you are going too fast). Having someone there to talk to makes sure you are going at the right pace.

* Once you have some experience with them, a heart rate monitor can really guide training. Pace can be affected by ambient temperature, wind, inclines, and other factors. Your heart rate is a better indicator of effort.

* I have not had the Forerunner 15. I have had the FR60, the ForeRunner 405, and the ForeRunner 220. All of them have been able to get 3+ hours. The 405 was the worst of the bunch, but that was a relatively early GPS watch. Even then, it got 3+ hours for the first year or so. The 220 gets 6+ hours - I have honestly never gotten the battery down very low. Even after 3+ hour runs, it is showing more than 50% left. I generally use the 220 for 3-4 runs before I consider charging it back up.

* I never run with my phone. It is partly because of bulk, and mostly because I go running to get outside and get away from the always-on world we live in. I only listen to music on my long runs, and for that I have an older iPod Shuffle.

* As others have mentioned, is the best review site out there.

* Based on your needs, I would consider Garmin's newest watches, the 230 or the 235: I would also purchase an iPod Shuffle. If wireless is a big requirement, I would look at the iPod Nano and BlueTooth headphones.

Comment Re:I think the most ironic part is that... (Score 2) 43

I'm not in any way involved with this specific program, but I do work on VisualStudio.

It's pretty common for all kinds of software projects to take bug reports - even very detailed and thorough ones - from people who ultimately don't end up fixing the bug.

The interesting thing about finding a security bug - especially with the constraints described here - a working exploit and a white paper - it's pretty unambiguous that you've found one. You either have or you haven't.

Now, how to actually fix that bug might be a lot more nuanced.

This statement isn't made to in any way imply that a researcher who could find such a bug _couldn't_ also fix it.

Rather, some bug fixes may be preferable to others, from Microsoft's point of view. And so, my impression is - we're not looking for patches that we'd end up re-writing. We're looking for the really nasty bugs, and then we'll go off and come up with fixes that satisfy the big pile of requirements that we have [for example, performance impact]

A valid observation would be, "if these were really open source projects, anyone in the community would be able to run the same regression and performance tests that Microsoft would run, and thus be able to make perfectly valid fixes themselves"

Well, to a point. Long long ago, I found an IDE driver bug in OpenBSD and submitted a fix for it. The fix was substantially re-written by the maintainer, and, ultimately the whole subsystem was replaced in the next version anyhow.

My fix met the functional requirements, so near as I can tell. But there are things like coding style, or maybe even the personal preferences by the project maintainer(s), that can still impact how a particular patch gets rejected or modified prior to being committed.

Furthermore, I think we would hate for there to be a vuln out there that somebody knows about, but is sitting on until they can come up with a fix that they like.

So, yes, I think we really just want the vulnerability reports, well substantiated and with demonstrated exploits. Finding those things is still very much a niche skill.

Fixing them, once they are understood, and balancing those fixes with the other requirements in the system, is more bread-and-butter Microsoft engineer stuff.

fwiw, I've been at Microsoft 15 years, much of it in VisualStudio. Before that, I worked only with UNIX systems, and I've stayed up to date as a hobby.

The way we are trying to engage with Apple, Linux, and F/OSS in general is completely unlike anything we did up until just the last year or so. People I've worked with for years are suddenly diving headlong into Linux development. Arguments that I tried to make a decade ago are now being made by other people.

It's a really interesting time at the company.

Comment Re:No real place for it (Score 1) 311

I'm always on the hunt for ideal archival formats for digital media.

The ideal archival format has a few properties, ranging from most theoretical to most practical:

- a completely unencumbered specification and a completely unencumbered implementation
- a highly portable, f/oss reference implementation
- excellent quality vs. usability (e.g. lossless quality, but small to store and fast to decode)
- support in popular general purpose computing environments
- supported in popular dedicated hardware devices

FLAC gets the first few of those, but not the last one -- plenty of dedicated hardware audio players don't deal with FLAC.

Because of this, I use MP3 for audio - which theoretically gives up the first few points, but as a practical matter, those points are irrelevant, and MP3 completely dominates the industry on the last few points.

If Vorbis or FLAC or any of the things that get the first few points correct had ubiqoutous device support, I might be willing to re-rip everything into those formats for a great blend of long-term archival and easy-to-consume on any device convenience. But nothing is like that for audio.

Similarly, if I thought there was going to be a fantastic lossless image format that did everything well and was going to be massively supported and was completely unencumbered, i'd want to move everything over to it. I'd want my future digital cameras to start shooting it. I'd want my whole tool stream and whole life to just be about that format.

Comment Re:It's easy to make it unhackable (Score 5, Funny) 253

I think people are missing this company's solution.

The machine boots to Windows, and then this company's product randomizes everything in RAM. Even Windows has no idea where anything is in memory anymore. Every single bit is in a completely random location, with no relation to the bits it was next to previously.

Granted, the machine crashes at this point, but it has successfully booted and been rendered unhackable.

For long-term security, their follow-up product will randomize all data on a hard drive. It is completely un-hackable, even with physical access. Of course the data is also irretrievable, but there are prices to security.

Comment Another thought... (Score 3, Informative) 280

A lot of people are complaining that they do not like the idea of sharing vehicles.

What about thinking about it this way - suddenly proximity of your parking spot to where you are is a lot less important. Your personal autonomous vehicle drops you off at your destination and then goes to find a parking spot. Then, when your waiter brings you the check (for example), you let your vehicle know to come pick you up in ten minutes. The vehicle checks current traffic levels and leaves for a just-in-time pickup.

Before you go to bed you let your autonomous vehicle know what time you want to get to work. Your vehicle looks at the average commute time for that time of day and lets you know when it will pick you up. It leaves its parking spot with enough time to get you.

The drawback to this that you are spending money to pay for gas or electricity while your vehicle drives (empty) to a parking spot. I would say this is the price you pay for wanting your own vehicle. The alternative is a taxi-style service.

For everyone complaining that other people will make the car unusable, you might not have taken a cab recently. More often than not it seems like you are video recorded. In addition, the cab company (which I assume would be the same ones putting autonomous cabs on the street) would have a vested interest in keeping vehicles clean.

I used ZipCar for several years and reporting damage or a messy car was easy for the company to follow up on. The previous user had to have reserved the vehicle and paid for its use. The company has credit card on file already, it is easy enough to go after the user for damages.

Comment My experience (Score 5, Interesting) 163

I live in Denver, and just moved. My previous commute was about 3.9 miles via bicycle, with about 2.5 miles of it on bike lanes. My new commute is 4.5 miles, with about 3.5 miles of it on a dedicate recreational path (Denver's Cherry Creek Trail), and the other 1 mile almost all on bike lanes.

My new commute, while having a longer distance, takes me less time. In addition, it is a lot less stressful. The recreational path makes all the difference. It is limited access - there are ramps to the trail about every .2 miles - no motorized vehicles, and goes from my neighborhood (an urban residential-heavy area) to downtown.

I have commuted via bicycle in a wide variety of cities on the East Coast and can say that this new commute is about as ideal as it could be. I dread the days I have to drive into work. Even without traffic (which doubles the time needed), it takes me longer to drive.

A lot of US cities I have lived in see separated paths for recreational use only. They never seem to see that a trail going from residential areas to business areas can be a great encouragement for bicycle commuting.

Make it right before you make it faster.