Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment Re:I'm nervous about this (Score 1) 194

I'm not saying that the code shouldn't be released. I'm saying there should be some remediation prior to it being released. Cisco should have to release a new version of their firmware that is completely closed source, or they should offer new routers running open software. I'm saying that everyone is so concerned about getting the code out there NOW and I'm of the opinion that's not necessarily the responsible thing. If I was a major Cisco client, I'd be furious about this. But no one's talking about that.

I'm not defending Cisco, I'm not saying the FSF is wrong. I'm saying there's a big part of the story that seems to be missing and should be discussed.

Comment Re:Yeah, thank god Windows is closed source. I (Score 2, Insightful) 194

You misunderstand. Just because you release the code, it doesn't magically become as secure because it's "open source". Open Source is secure because it goes through a process. A process this code didn't see. That process allows for corrections when errors are made. This process takes time. And what I said in my original post is that there is going to be a window between when we, the community, improve the quality of product up to other open source standards, and when the source code is released, during which time there is an elevated threat.

Nearly all software products have vulnerabilities. With open source products, those vulnerabilities get fixed faster, making them more secure. They get developed in ways that are security conscience because the community is watching. With closed source vulnerabilities get discovered slower, but get fixed slower so there's no gain. Additionally, they don't go through the same focus and scrutiny during development, so they tend to have more vulnerabilities at release. Taking something that was developed in secret, widely implemented and then divulging the source doesn't get you any of the benefits of either. Vulnerabilities and exploits are near instantly apparent and discovered, and you don't have the benefit of open development.

If just having the source open to everyone is more secure, then don't ever bother to update firefox or whatever browser your running ever again. Keep doing your banking online with it. Knowing something has security holes is one thing. Telling the world what those security holes are is another thing, especially since there's not development process ready to respond to the vulnerabilities yet. This is like taking a browser that hasn't been patched for two years and pushing it to every third computer in the US. There's going to be a race to patch the system to make it secure and exploit the vulnerabilities and I'm not sure that's something I like.

Comment I'm nervous about this (Score 5, Insightful) 194

Cisco releasing the source code for thousands of routers doesn't strike me as being a good thing. I mean it's one thing to develop in an open environment and being open from the start, and I agree security though obscurity is bound to fail but as someone running Linksys routers on my network, I would expect there to be some stepped process, as I don't trust Cisco was totally competent in their development. Imagine if windows source was suddenly made available to the masses, the time it would take to identify, patch, and distribute a fix vs the time it takes to just identify and exploit is a significant window of vulnerability. Security through obscurity doesn't work because it assumes no one will ever find out and people will. But dissemination of that information takes time. Discovery of defect takes time. Opening the source of a previously closed product greatly reduces that time and therefore intensifies the threat. Overall this will lead for a much stronger product but I fear what is going to happen in the first few weeks.

Comment Re:Summary of Story (Score 1) 240

I wouldn't worry about being taken to trail for this, I'd be worried about search warrants being issued based on this data. In other words, if you fall into a community downloading mixed materials, some public domain, some copyrighted, a conviction on one member of the community would be used to subpoena the other members. The idea of "Because you are part of a community illegally distributing protected works, we want to search your hard drive for illegal obtained data" doesn't seem like it would be too far of a leap for the courts. By that time they're done, you've lost productivity and probably hired a lawyer... so just the accusation is a big enough pain that it'd be a hassle.

Of course I don't see how this program protects you from that. It simply obscures which data and connections are important to you, but it doesn't hide the connections. I would imagine that you'd want to identify a person by "his connections contain this subset" and that answer would still be true with or without the program.

Comment No, I think the converse is true (Score 2, Insightful) 693

That a lot of times people (judges) simply DON'T UNDERSTAND THE IMPLICATIONS OF A TECHNICAL ARGUMENT and rule the way they want anyways. This is why patent suits were always held in west texas and this is why the RIAA will withdraw losing cases only to forum shop in an effort to push the suit again.

The fact that all the evidence the RIAA offers shows a link to the computer AND NOT THE USER seems to be something that people (lawyers, judges) IGNORE shows they don't actually care about the FACTS. Until you start taking photos of people through their webcams as they do naughty things, or come up with a way to show exclusive use of a devise or connection, then this still happens to be evidence wrongly taken into consideration.

Cellphones

Keeping in Contact With Family, From Afghanistan? 176

LiNKz writes "Within a short while I will be heading to Afghanistan and in the interest of keeping in communication with my wife and family I've been looking at different means of it, from VoIP to cellular services. I'm not sure how well connected or how stable of a connection the base I'm deploying to has, which means VoIP might simply not be an option. I have, however, noticed in my searches that Afghanistan has recently boomed with cellular coverage though that too seems to be difficult to ascertain. I'm curious if the Slashdot community has any information or experience regarding international cellular services offered in this country and the means of obtaining it."

Comment I'm questioning the value (Score 2) 57

Unless the concern is about freak high winds that exceed the capacity of the farm and pose a threat to the systems operating there, I don't see the point. Couldn't they be better served by surveying locations? Shouldn't their model be based on average output, and wouldn't historical data be a much better indicator for that? I mean it's not like there's a lot you can do to control how the wind will be blowing and the systems are hopefully already actively synced with the direction of the wind. The tie in to the grid has to be an active process anyways, in case of failure, and is produced as a byproduct of a conditioning system anyhow. Is there something I'm missing here? Is this really cheaper than sending out a guy with a weather balloon?

Slashdot Top Deals

Unix soit qui mal y pense [Unix to him who evil thinks?]

Working...