Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:ONE THING I agree with Chomsky on (Score 5, Insightful) 530

The normal rule of gunnery is to shoot, and then whatever you happen to hit: call that the target. ;-) With terrorism, whoever you missed is the target. And whoever you hit, is your weapon against that target. But in order to work, it requires the cooperation of the target. If the target does not choose to react fearfully, then the terrorism does not accomplish its objective.

Does the same thing apply to carjacking? Armed robbery?

No. The goal of carjacking is to get a ride; the goal of robbery is to obtain value. Deciding to not fear it, does not deny your adversary his goal.

But terrorism is about persuading the survivors, the technically-not-victims. Nobody ever carjacks in order to get the next car to lock their doors. Nobody commits armed robbery in order to manipulate a third party (movie script counter-example: Die Hard, but the FBI was manipulated as part of a "Briar Patch" strategy, rather than terrorism(*)).

e.g. Not Terrorism: "Your tank factory and its workers are gone. This gains me a numeric advantage in next month's tank battle." Terrorism: "Your tank factory and its workers are gone. Surrender or else I'll wreck more of your expensive factories and kill more of your workers."

(*) Does this happen in real life? What believed acts of terrorism were actually not?

Comment Constitutional basis for compulsory terroree-ism (Score 1) 530

The president has constitutionally-granted authority over of the armed forces. We have a legal draft. Combine those two things, and ergo, it is within generally-accepted powers for the president to be able to label you a Designated Terroree, such that you're required to be afraid whenever told to, if people being afraid is believed to be militarily advantageous.

OTOH, the Third Amendment means that you don't have to be afraid whenever you're at home. So the president's legal powers over your emotions are limited, somewhat.

Comment Depending upon what market the GP wants to be in.. (Score 1) 280

..I don't know that I would recommend Javascript myself. It's finally cracked the top 10 at Tiobe and it's definitely growing. However, it's still not exactly mainstream. It's also inherently limited to a narrow development niche. The GP could choose to dive into some sort of mix of C, C++, ObjectiveC, Perl, and/or Python instead. S/he would probably have more success out of the gate because all of those languages have a broad applicability to a much larger set of use cases.

However, I think the larger point you're trying to make is a valid one. The rate of change isn't slowing down for anyone. These days nobody in IT can afford to be a one trick pony. In order to stay relevant in the market, developers need to have more than a passing familiarity in several languages and environments. At minimum they should be competent in at least a couple and reviewing one or two others. (What? You thought you were done studying when you got out of college?)

Comment Re:GNU/Linux is made in the USA (Score 1) 332


Not really, most of each of thousands of projects have at most a few core developers and extraneous people who occasionally submit patches to fix specific itches. There is no "A team" scouring all open source for vulnerabilities from the simple fact such vulnerabilities most certainly do exist as innocent bugs and have not been reported by such teams.

To illustrate this point the linux kernel is developed by armies of smart people yet an automated tool found a laundry list of shit that has been around for years nobody noticed.


First, from the very report that you linked to:

The results show that the number of defects detected by the Coverity analysis system has decreased from over 2000 to less than 1000 while, during the same period of time, the source code has quadrupled in size and the power of Coverity's detection capabilities has increased markedly. We conclude using this data that the Linux kernel is a robust, secure system that has matured significantly.

You want a real eye opener? Check out Coverity's current press release:

Code quality for open source software continues to mirror that of proprietary softwareâ"and both continue to surpass the accepted industry standard for good software quality. Defect density (defects per 1,000 lines of software code) is a commonly used measurement for software quality. Coverityâ(TM)s analysis found an average defect density of .69 for open source software projects that leverage the Coverity Scan service, and an average defect density of .68 for proprietary code developed by Coverity enterprise customers. Both have better quality as compared to the accepted industry standard defect density for good quality software of 1.0. This marks the second, consecutive year that both open source code and proprietary code scanned by Coverity have achieved defect density below 1.0.


Linux remains a benchmark for quality. Since the original Coverity Scan report in 2008, scanned versions of Linux have consistently achieved a defect density of less than 1.0, and versions scanned in 2011 and 2012 demonstrated a defect density below .7. In 2011, Coverity scanned more than 6.8 million lines of Linux code and found a defect density of .62. In 2012, Coverity scanned more than 7.4 million lines of Linux code and found a defect density of .66. At the time of this report, Coverity scanned 7.6 million lines of code in Linux 3.8 and found a defect density of .59.


While static analysis has long been cited for its potential to improve code quality, there have been two significant barriers to its adoption by development organizations: high false positive rates and a lack of actionable guidance to help developers easily fix defects. Coverity has eliminated both of these obstacles. The 2012 Scan Report demonstrated a false positive rate for Coverity static analysis of just 9.7 percent in open source projects. Additionally, the 2012 report noted more than 21,000 defects were fixed in open source codeâ"more than the combined total of defects fixed from 2008-2011.

The real conclusion that you should draw is twofold. First, if you're relying on software that isn't doing static code analysis, you're probably relying upon insecure code.

Second, Every. Single. App. Has. Bugs. The difference is that open source lets anyone do the analysis and fix the bugs. The same can't be said when of any closed source package.

So, which is safer? The OSS app where everything is publicly discussed and bug fixes generally get acted upon fast, or the closed source app where the vendor may be handing the known vulnerabilities off to the NSA or its equivalent in the country of your choice? I know which way I choose. :-)

Comment Re:Yes (Score 4, Insightful) 533

Killing 3 people and maiming 234 using explosives and shrapnel counts as mass destruction in my book.

It definitely doesn't count, in my book. You post-cold-war kids are so cute. Did you know the band Megadeth got their name from something that was believed to be reasonably likely could happen? 237 casualties isn't even a blip on the WMD scale. WMDs are for serious scale murder.

Exaggeration sounds like good idea when you're going after a specific bad guy, but it reminds me of how "registered sex offender" used to mean "rapist" and now, for all you know, it can mean some kid who sext-messaged his girlfriend or maybe even got drunk and peed on a parking meter.

Overbroad terminology abuse will remove stigma. Now the next time someone wants to start a hideously expensive war over alleged WMDs, the public will say "why should I care if Saddam II has a hand grenade?"

Hmm... now that I think of it, this could save us a shitload of money. Ok, you've convinced m-- wait, what if Saddam II actually has (oldschool definition) WMDs? Are we going to need a new term that means the same as WMD used to mean, like "WMDs, no I mean for real, 'Threads' and 'The Day After' style, dude!"?

Comment Re:Not really HTML5 (Score 1) 337

In the UK, the content was so abysmal that "leave it" is what I did.

90% of everything is shit, and the grass is always greener on the other side of the fence.

I'm sure 90% of your TV is shit, but so is ours. What you're doing is concentrating on our 10% and your 100%. Over here on the other side of the pond, I do the same thing but from opposite perspective: "Damn, so there's much great stuff we're watching from the BBC."

Comment Resume bug or "overqualified" (Score 2) 472

Traditional hiring processes seem to revolve around.. not one's track record and accomplishments.

I'm surprised. First guess is that you've misdiagnosed it being about formal education.

You might have something horribly wrong on the resume. Maybe have a friend look at it and figure out why no one should ever hire that awful person. Then remove the part about how you made the Nazi Party's website 100x faster, or whatever it is. ;-)

Other idea is that people are seeing it and thinking "this guy wants a real job, not our job; there's no way we can afford him." You have to address that in the cover letter, hopefully without throwing away too much money. Think about whom you're approaching. They shouldn't all necessarily get the same spiel.

Good luck, buddy.

Comment Re: Backlash (Score 1) 148

This is like saying "you were hit by a car but we left you to bleed to death by the side of the road because you didn't express your preference to be scooped up and taken to hospital"

Yes, and?

When we're talking about what someone else's computer internally does with the information you choose to send to it, they liter-- uh -- analogously do have the right (and more importantly: the POWER, even if you disagree about the right) to get away with away with the attitude that you just described. If it helps, think of them as Powerful Assholes Who Have The Law On Their Side.

Sure, PAWHTLOTS are going to let most people bleed to death. The weird strange thing that happened, though, is that while they're all always free to let everyone bleed to death (whether they want to go to the hospital or not), a few of the .. shall we say.. evil-yet-honorable PAWHTLOTS said they'd take people to the hospital if those people said "I thought about it and decided I would prefer to go to the hospital" as opposed to two other choices (the other choices were "I don't care" and "I thought about it and would prefer to die").

Microsoft came out with a medical bracelet, where the "I'd rather go to the hospital" and "I don't care" part was smudged, so that people trying to read the card can't tell the difference.

If you are trying to read such a bracelet, I think you're going to say "well, they clearly don't say they'd prefer to die" and I think you're going to take that person to the hospital. But what do you predict an evil-yet-honorable PAWHTLOTS will do?

The people who invented the DNT medical bracelet thought about that last question and were very explicit that people who make bracelets should use care in making sure the bracelets don't display ambiguous information, but Microsoft blew it.

Look at it another way: we all want this bullshit to be opt-in. But we send information to trackers, where they get to decide how it works. And they want it to be opt-out. It's their computer, so they win, period. If we work within opt-out, some of us can get some of what we want. If we defy it, then we haven't opted out.

This, BTW, is half of the tracking issue. The other half of the issue is that we leak so much damn information, which is what has put so much power into the adversaries hands. And FWIW, this actual Firefox story is about that. So there's at least something to be cheerful about. I prefer technical means to dealing with the problem, but DNT was a brilliant social prong of the action too, and MS has spoiled it.

Slashdot Top Deals

I judge a religion as being good or bad based on whether its adherents become better people as a result of practicing it. - Joe Mullally, computer salesman