Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment It is code; the clue is in the name. (Score 2) 158

I program by writing in text files too, but that's just important for interoperability with other tools, it's not the definition of coding. Everyone knows that our CPUs don't execute ASCII, right? If it's Turing-complete, then it can be interpreted or compiled (i.e. "decoded") to do anything you want to execute.

Submission + - Is OpenAI Solving the Wrong Problem? (hbr.org)

hype7 writes: The Harvard Business Review is running an article looking at the recently announced OpenAI initiative, and its decision to structure the venture as a non-profit. It goes on to ask some pretty provocative questions: why are the 21st century's greatest tech luminaries opting out of the system that made them so successful in order to tackle one of humanity's thorniest problems? And, if the underlying system that we all operate in is broken, is creating a vehicle without the profit motive inside of it going to be enough?

Comment Re:.NET 5 is just what we need. (Score 2) 160

I'd be interested in learning more about the compatibility problems you're having with real apps and .net framework versions.

We know that there are ocassionally compat issues because we have large customers we work with to try and mitigate them.

There are already mechanisms built into .net for rebinding apps to use specific framework and assembly versions, e.g. the .exe.config file that you can modify without access to the application's source code.

In general, .NET 2.0 and .NET 4.0 are the two separate runtimes that you would currently need to have installed. .NET 3.5 is the newest iteration of the .net 2.0 runtime, and .NET 4.6.x is the newest iteration of the 4.0 runtime.

If you're trying to install an app and it says "i need .net 4", and you don't have .net 4 yet, I think that's working as intended. If updates to .net are breaking your apps, that's something we'd like to know about and help with.

If you have problems of the latter sort - .net updates are breaking your apps, feel free to contact me at this address and I'll see about putting you in touch with someone who can help.


Could a Change In Wording Attract More Women To Infosec? (csoonline.com) 291

itwbennett writes: "Information security is an endeavor that is frequently described in terms of war," writes Lysa Myers. "But what would the gender balance of this industry be like if we used more terms from other disciplines?" Just 14 percent of U.S. federal government personnel in cybersecurity specialties are women, a number startlingly close to the 14.5 percent of active duty military members who are women (at least as of 2013). By comparison, women are well represented in other STEM fields: "As of 2011, women earn 60 percent of bachelor-level biology degrees. Women also earn between 40 and 50 percent of chemistry, mathematics and statistics, and Earth sciences undergraduate degrees," writes Myers. Why the difference? Myers points to a comment from someone who taught a GenCyber camp for girls: "He found that one effective way to get girls to feel passionate about security was to create an emotional connection with the subject: e.g. the shock and distress of seeing your drone hacked or your password exposed," writes Myers.

Comment Long Time Runner Here... (Score 5, Informative) 169

I have been running for 30+ years at this point.

Some points:
* There is not going to be a perfect device. As the saying goes, a Swiss Army Knife is no replacement for a well stocked toolbox. A few dedicated devices will do the trick much better than an all-in-one device will.

* While listening to music while running can make the time go a little faster, a running partner will be a much better addition. When it is dark and snowing outside and you are warm and in your bed, knowing that someone is going to be meeting you in 30 minutes is better motivation than anything else. Training should also always allow you to talk while you run (otherwise you are going too fast). Having someone there to talk to makes sure you are going at the right pace.

* Once you have some experience with them, a heart rate monitor can really guide training. Pace can be affected by ambient temperature, wind, inclines, and other factors. Your heart rate is a better indicator of effort.

* I have not had the Forerunner 15. I have had the FR60, the ForeRunner 405, and the ForeRunner 220. All of them have been able to get 3+ hours. The 405 was the worst of the bunch, but that was a relatively early GPS watch. Even then, it got 3+ hours for the first year or so. The 220 gets 6+ hours - I have honestly never gotten the battery down very low. Even after 3+ hour runs, it is showing more than 50% left. I generally use the 220 for 3-4 runs before I consider charging it back up.

* I never run with my phone. It is partly because of bulk, and mostly because I go running to get outside and get away from the always-on world we live in. I only listen to music on my long runs, and for that I have an older iPod Shuffle.

* As others have mentioned, http://www.dcrainmaker.com/pro... is the best review site out there.

* Based on your needs, I would consider Garmin's newest watches, the 230 or the 235: http://www.dcrainmaker.com/201... I would also purchase an iPod Shuffle. If wireless is a big requirement, I would look at the iPod Nano and BlueTooth headphones.

Comment Re:I think the most ironic part is that... (Score 2) 43

I'm not in any way involved with this specific program, but I do work on VisualStudio.

It's pretty common for all kinds of software projects to take bug reports - even very detailed and thorough ones - from people who ultimately don't end up fixing the bug.

The interesting thing about finding a security bug - especially with the constraints described here - a working exploit and a white paper - it's pretty unambiguous that you've found one. You either have or you haven't.

Now, how to actually fix that bug might be a lot more nuanced.

This statement isn't made to in any way imply that a researcher who could find such a bug _couldn't_ also fix it.

Rather, some bug fixes may be preferable to others, from Microsoft's point of view. And so, my impression is - we're not looking for patches that we'd end up re-writing. We're looking for the really nasty bugs, and then we'll go off and come up with fixes that satisfy the big pile of requirements that we have [for example, performance impact]

A valid observation would be, "if these were really open source projects, anyone in the community would be able to run the same regression and performance tests that Microsoft would run, and thus be able to make perfectly valid fixes themselves"

Well, to a point. Long long ago, I found an IDE driver bug in OpenBSD and submitted a fix for it. The fix was substantially re-written by the maintainer, and, ultimately the whole subsystem was replaced in the next version anyhow.

My fix met the functional requirements, so near as I can tell. But there are things like coding style, or maybe even the personal preferences by the project maintainer(s), that can still impact how a particular patch gets rejected or modified prior to being committed.

Furthermore, I think we would hate for there to be a vuln out there that somebody knows about, but is sitting on until they can come up with a fix that they like.

So, yes, I think we really just want the vulnerability reports, well substantiated and with demonstrated exploits. Finding those things is still very much a niche skill.

Fixing them, once they are understood, and balancing those fixes with the other requirements in the system, is more bread-and-butter Microsoft engineer stuff.

fwiw, I've been at Microsoft 15 years, much of it in VisualStudio. Before that, I worked only with UNIX systems, and I've stayed up to date as a hobby.

The way we are trying to engage with Apple, Linux, and F/OSS in general is completely unlike anything we did up until just the last year or so. People I've worked with for years are suddenly diving headlong into Linux development. Arguments that I tried to make a decade ago are now being made by other people.

It's a really interesting time at the company.

Comment Re:No real place for it (Score 1) 311

I'm always on the hunt for ideal archival formats for digital media.

The ideal archival format has a few properties, ranging from most theoretical to most practical:

- a completely unencumbered specification and a completely unencumbered implementation
- a highly portable, f/oss reference implementation
- excellent quality vs. usability (e.g. lossless quality, but small to store and fast to decode)
- support in popular general purpose computing environments
- supported in popular dedicated hardware devices

FLAC gets the first few of those, but not the last one -- plenty of dedicated hardware audio players don't deal with FLAC.

Because of this, I use MP3 for audio - which theoretically gives up the first few points, but as a practical matter, those points are irrelevant, and MP3 completely dominates the industry on the last few points.

If Vorbis or FLAC or any of the things that get the first few points correct had ubiqoutous device support, I might be willing to re-rip everything into those formats for a great blend of long-term archival and easy-to-consume on any device convenience. But nothing is like that for audio.

Similarly, if I thought there was going to be a fantastic lossless image format that did everything well and was going to be massively supported and was completely unencumbered, i'd want to move everything over to it. I'd want my future digital cameras to start shooting it. I'd want my whole tool stream and whole life to just be about that format.

Comment Re:It's easy to make it unhackable (Score 5, Funny) 253

I think people are missing this company's solution.

The machine boots to Windows, and then this company's product randomizes everything in RAM. Even Windows has no idea where anything is in memory anymore. Every single bit is in a completely random location, with no relation to the bits it was next to previously.

Granted, the machine crashes at this point, but it has successfully booted and been rendered unhackable.

For long-term security, their follow-up product will randomize all data on a hard drive. It is completely un-hackable, even with physical access. Of course the data is also irretrievable, but there are prices to security.

Slashdot Top Deals

"It ain't over until it's over." -- Casey Stengel