Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment Re:Hysterical hyperbole. (Score 1, Insightful) 134

You can always do better, especially with the advantage of hindsight. Worrying about Fukushima's failure in retrospect is however the equivalent of picking faults in the security of a garden gate when there is no fence around the property at all.

If it was irresponsible to build a power plant without higher flood protection and keep the old design running for as long as they did, how much more irresponsible was neglecting tsunami protection for the half million people in the area that resulted in more than 15k deaths and 340k people getting displaced?. The parliamentary inquiry should have been focused on that, not driven by the people's irrational and overblown fear of the word "nuclear".

Comment Hysterical hyperbole. (Score 1, Insightful) 134

There has been a tsunami that killed over 10000 people and demolished multiple cities and dozens of chemical plants and factories. If this was a man-made disaster where the fuck was the planning to prevent it? Why are we still talking about the nuclear plant, where at most a couple of dozen people will die in the next hundred years?

Sure, we could have done more to prevent the damage in Fukushima, like build units from a newer generation (fukushima daichi's sister plant survived the same tsunami, but was slightly younger and thus had much less problems), have better oversight, regulation, emergency response etc. However, that is like asking what could have been done better about shark deaths in Nevada ("noone expected it to happen", "zomg, sharks!"), and totally ignoring deaths by drugs abuse, cancer, transportation accidents and cardiovascular causes in the meantime.

The point is, reinforcing Fukushima would have been a waste of money and effort, money and effort that would have been better spent on building better flood barriers to protect places where people actually live.

Comment Tweaks to the cultural problem (Score 5, Insightful) 178

All the IBM engineers will do is decrease the issue of traffic by a couple of percent, maybe raise efficiency by 10-20% here and there, but the real issue is cultural. Cars suck for a dense urban environment, you need people on bikes, carpooling and the most important thing: good public transportation.

Good public transportation means though forcing cars out from city centers by creating bus lanes, creating tram lines on previously car-only roads, building enough parking space at the edge of the city where people could switch over to public transport, etc.

Comment Training wheels without the bike (Score 5, Informative) 240

I think this short snippet from Rasmus is priceless:

The point of the question here is if anybody remembers why we decided not
to parse command line args for the cgi version? I could easily see it
being useful to be able to write a cgi script like:

    #!/usr/local/bin/php-cgi -d include_path=/path

and have it work both from the command line and from a web context.

As far as I can tell this wouldn't conflict with anything, but somebody at
some point must have had a reason for disallowing this.

Yeah, passing arguments with full shell expansion to the bloody binary from the unsecure web sounds like a brilliant idea! Who would want to disallow that?!

It was pretty funny so far, but then I've seen this:

13-01: Vulnerability discovered, used to pwn Nullcon Hackim 2012 scoreboard
13-01: We discuss the issue with Nullcon admins, find out it is a php 0day
17-01: We contact with a full report and a suggested patch
01-02: We ask PHP to confirm receipt, state our intent to hand off the vulnerability to CERT if progress is not made
01-02: PHP forwards vulnerability report to PHP CGI maintainer
23-02: CERT acknowledges receipt of vulnerability and attempts to contact PHP.
05-04: We ask CERT for a status update
05-04: CERT responds saying that PHP is still working on a fix
20-04: We ask CERT to proceed with disclosure unless a patch is imminent
26-04: CERT prepares draft advisory.
02-05: CERT notifies us that PHP is testing a patch and would like more time. we agree.
03-05: Someone posts a mirror of the internal PHP bug to reddit /r/netsec /r/opensource and /r/technology. It was apparently accidentaly marked public.

The PHP security people sat on this 0day remote code exploit for four months, ignoring multiple attempts to get them to fix this serious vulnerability. That makes me feel angry, sometimes incompetence is just not funny anymore.

Comment Re:Obligatory Dijkstra (Score 2) 467

I giggled like a schoolchild when I've read the next paragraph from that lecture:

And now we have the multimedia/communication hype: the best bits are those that just arrived from far away, and if you are not "on line", "on the Net", you just don't count, you are not of this world (which is virtual anyhow...). Apart from a change in vocabulary, it is the same hype, the same snake oil over and over again, and you can do me a favour by not getting excited by all the time you are supposed to save by switching to "home banking".

Sometimes very smart people can be mostly insightful, but very spectacularly wrong on some points.

Comment Re:No, you gave it away (Score 1) 222

I would love to subscribe to Google, if they would promise not to track me or mandate UI constraints for me in return.

Google makes a fairly low amount of revenue per user, almost everyone on the internet would have no trouble paying it, if the micropayment and subscriber infrastructure were in place for that to happen.

Comment We need to stop being the product (Score 1) 222

It's not only a problem from the privacy standpoint, but also in terms of what kind of behaviour it encourages, from online services to journalism.

The paywalled model is utterly ridiculous for the internet and the ad/privacy supported model is utterly destructive. What we need is a honors system like paying for deadtree newspapers (except with user selectable amounts). It does not eliminate ads, but generates enough revenue to act as a counterweight, that makes it easier for the business owner to care about the readers / users of it's product.

The honors system needs to consist of fine grained enough micropayments so that different aspects of a service / product can be rewarded, I want to click a button on the page of a Guardian / Economist article if I thought it was any good, to create an incentive to write further good articles.

There are some micropayment providers that accomplish something similar already, but not nearly in a wide enough scope yet. One that I'm using (and won't name apart from this link) allows micropayments to almost any url, github projects, twitter users, individual tweets and other stuff, that is a good first step. It is still in infancy, but I'm using it because I want to vote with my wallet.

"If you're not paying for something, you're the product" is the mantra, but the often forgotten corollary to this statement is that whoever pays has the influence. I want to actively push the worldview of an open, honors system based internet so that we can have good content and freedom at the same time.

Comment The real problem (Score 2) 130

The real problem is that common applications request almost all of the permissions from the phone when the user installs them, to provide full functionality (importing contacts, etc.). The user's choice is between not installing the app and giving it those permissions.

What should be happening instead is: make the permissions user selectable, to be able to install the facebook app, but to prevent it from accessing anything I don't want. The app store / market rules should mandate that applications cope with the degradation of priviledges gracefully. The OS/app should display a popup when the user tries to do something that requires priviledges the app doesn't have, along the lines of "do you want to grant permission x to this application? [just this once] / [yes] / [no] / [don't ask again]"

Slashdot Top Deals

Executive ability is deciding quickly and getting somebody else to do the work. -- John G. Pollard