Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:Researchers use responsible disclosure (Score 1) 76

The first rule of software is that all software beyond the barest of trivial examples will have bugs. Compilers are software, and have the same long and sordid history of bugs. Since compilers have been mentioned specifically, you might be interested in the classic work Reflections on Trusting Trust (it was apparently written by a guy who knows a thing or two about the topic, some Ken Thompson fellow).The same goes for test suites. In many cases, bugs translate to security vulnerabilities. In some cases, perfectly rational behavior demonstrated by entities known as programs results in unexpected behavior when they are made to exchange data. This phenomenon is referred to as "novel outcomes" in some circles, and "wow, that's some fucked up shit" in others. There is a reason the field of information security is as broad as it always has been, is, and always will be.

Your post proves you have never worked as a professional developer, or for an organization where your role was deeply connected to systems or development work. Heck, it proves you've never worked on any major open source project either, for that matter. I suppose we should all stop using anything resembling software immediately to prevent the planet from caving in under the weight of its own failure. Or perhaps you should take your obviously extremely advanced software engineering skills and produce the one true invulnerable platform for everyone, one layer and application at a time.

As Bruce Schneier famously said, "security is a process, not a product." That process never ends, and involves complexities I believe could be delicately framed as things that aren't exactly your area of expertise. That's okay, though; you can always start educating yourself immediately. We're all looking forward to your next batch of brilliant revelations on infosec strategy.

Comment Re:Why is McAfee's affair on Slashdot? (Score 1) 148

Man, I must be using my MacBook wrong, too. About a third of my active desktop real estate is perpetually occupied by a terminal window, and I've even got an icon for it in two places. It's almost like some people use Unix-based operating systems for, well, things that Unix-based operating systems are historically used for. Crazy.

Comment Re:Don't sell your kidneys! (Score 1) 100

Is it better to have a visible kidney in the hand, or an invisible hand in the market?

You appear to presume the creation of some mystical system whereby the automatic availability of the former is assured, which would be a miraculous medical and social development even in the western world. In other words, without the latter, you may find yourself lacking the former. Yes Virginia, organ availability is primarily a social problem. It's a problem that isn't solvable in the political context, as the core of the issue deals with aspects of human rights and human nature that can't by any stretch of the imagination be forced or otherwise ethically regulated.

Depending upon the severity of your need, this may be of grave concern to you, and you may find yourself willing to rethink your personal system of ethics accordingly.

Comment Re:Death becomes acceptable, doesn't it? (Score 1) 170

Which branch of service do you hail from? There are a great many highly effective and honorable service members who have done their duty as ordered, and not only loathe the act of killing but also suffer from issues related to it for the rest of their lives. Ask their husbands, wives, or children about it.

There is a distinct difference between innate clinical psychopathy and behavior drilled into soldiers through military training. Perhaps you're a mental health professional; would you care to explain your background a bit more?

Comment One might say... (Score 2) 35

One might say the entire TLD is PhuKed. The teachable moment here is that security rolls downhill, and depending on any single layer of public infrastructure, at least for authentication of who you're talking to without giving serious consideration to cryptographic concerns, is asking for trouble. This is still something that the world is failing at on, well, a global scale.

Well, that and taking perimeter security seriously in terms of access to critical components, and having short order failover to components with completely different codebases ready to roll into production for select services in the event of something nasty happening. These days, virtualization on multiple platforms running in parallel makes that easier, although it does have the effect of acting as a cost multiplier (sliding scale factor-wise) depending on what you're trying to make as bulletproof as possible.

TLDR = Security is hard. Be prepared to be compromised. Have alternate plans in place that assume at least one $major_thing is already silently compromised. Yeah, it's tough. Life is tough.

Comment Re:Yeah, but Tulsa (Score 2) 118

As with any position in federal service, you do what is asked of you. This isn't meant to sound trite; speaking as someone who has drawn paychecks from the military and has worked in the private sector in various information technology roles both before and after the DoD (and some gray in between), it's a reality that should be given serious thought. Take it for what it's worth, the primary point being that regardless of your job title, your first priority is your orders.

This has advantages and disadvantages, which measured against one another may invoke the urge the urge to seriously consider your personal value system, i.e. the value system you expressly agree to largely discount on the basis of placing your faith in your particular chain of command. If anything, it's a fun ride.

Slashdot Top Deals