Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Artificial Gullibility (Score 2) 41

>> Their goal was to make a system capable of mimicking the knowledge and intuition of human security analysts so that attacks can be detected in real time.

Did they manage to avoid mimicking all the foolishness and gullibility of human security analysts, too?

>> The platform can go through millions of events per day and can make an increasingly better evaluation of whether they are anomalous, malicious or benign.

So, based on this, it sounds like the 'quality' of the service depends on parsing data supplied by (hostile) outside sources. If the system cannot tell when people are deliberately poisoning its knowledge base with feints and false messages, then what? Human supervision? If it needs human security analysts anyways, how much does it gain?

Comment May not act as expected (Score 2) 79

A system needs to be able to remember what it is supposed to forget in order to make sure it is forgotten.

Imagine a waiter robot that is supposed to go into a room and make sure it gets everyone's order:
a) Enters room, goes from person to person, asks drink preferences.
b) John Doe tells robot: "I don't want you to track my preferences. Forget everything about me!"
c) Robot obeys and continues on.
d) Prior to exiting the room, the robot verifies it has gotten everyone's preferences.
e) Robot sees John Doe. Robot has no record of John Doe because it has forgotten everything about John Doe. The robot must get the preferences of everyone in the room.
f) Robot asks John Doe for his drink preferences.
g) Goto b).

The systems have to remember that they aren't allowed to (re)learn the data that they are supposed to have forgotten, which means they cannot completely forget things - the information is always there.

Comment Installed a task force? (Score 3, Funny) 59

> Meanwhile the W3C has installed a task force to rapidly ...

Whoa whoa... hold on there. What version of the task force did they install? It is compatible with the current W3C? (It runs on Linux, right?) Is the source for the task force available? Is it running in the cloud somewhere as a virtual task force?

Comment BGP4 (Score 1) 377

During an acquisition, the company being acquired helpfully passed along the list of AS they used in their BGP4 configurations in their core routers.

They helpfully had included the ones from other networks they provided connectivity to as well, but just had sent the AS numbers over in one big list, unlabeled, along with the AS their network originated: "Do these."

So during the network integration I dutifully entered the entire list of AS into the core routers as AS to be originated. Needless to say, hilarity ensued.

So perhaps not entirely my fault - though I should, in hindsight, have asked for more clarification or done more investigation rather than blindly trusting the information I had been given. This was a couple decades ago, and I was not cynical enough yet.

Comment Okay, a really, really silly question - (Score 1) 193

Has anyone found out *why* Intel is doing this?

What springs to mind maybe they're using code from a third party (i.e. video codecs, HDMI/DRM management, etc.) and *that* third party is not open source (for whatever definition of 'open' you prefer.)

If, (let me stress again, if) that's the case, then providing Intel with an open source solution that works better *might* resolve the issue.

Comment Corporate Liability Insurance, etc. (Score 1) 247

With regards to the actual posted question, you should find out if the company has any sort of insurance policy relating to data/security breaches that might be dictating things like the password policy. If the company has insurance to cover problems from insurance company X, and insurance company X is saying "You must do passwords, and like this, or else no insurance!", then you have a monumental task ahead of you because you have to convince your workplace to address the insurance policy/company - as well as an internal political/technical/budgetary issues.

Beyond that, the field of the business was not specified. It is possible that, depending on the country, industry, business contracts, and local regulations, there might be some specific clause dictating this corporate policy. (There can be no end to the insanity when you have a situation where, in order to do business with government and/or company Y, your own business must get certified to follow practices according to standard Z, be audited, etc.) If something like a password policy change requires a (re)audit of to verify your company's power level is still over ISO 9000, or Sigma Mane Six or whatever, well... good luck.

Comment Because dead people don't view ads... yet. (Score 2) 186

Given that people are essentially Google's product, or the source of it in terms of information, it makes business sense the Google would be interested in protecting the flock so the company can continue to shear the sheep regularly.

It would be more worrisome if Google found a way to have the dead be more profitable than the living and decided it should go into the mutton business.

Comment Akin to product releases (Score 1) 497

People come up with theories, they get refined, debugged, and eventually tagged as a release candidate.

If the theories seem solid enough, there is a major/product release as something which is solid enough for other people to use in production environments.

As people keep using it, it gets minor patches/revisions. If people find a serious enough flaw/bug, then people start working on creating another major version release (or competing product.)

And, just as in software, if the new version of the theory/science is not backwards compatible to the previous one, there is much wailing and gnashing of teeth.

Comment Wrong question: The answer is: don't publish crap (Score 1) 162

The change log is a product. It needs to be reviewed, readable to the target customers, and compliant to any necessary contractual, legal, or regulatory disclosures with the appropriate disclaimers. It should not reveal any trade secrets, third party confidential information, violate any vendor NDAs, have any unprofessional remarks about the customers, etc.

It sounds like the problem is you're putting out crap change logs using an automated system to copy things from the issue management system. Do you have policies in place to make sure people don't put crap into the issue management system? Are things being reviewed before the change logs are being put out? Is it being vetted by the necessary product/legal/regulatory folks to make sure nothing is in there that is going to bite you?

If a company published a crap product, then it will get bitten. When a company gets bitten, it's instinctive reaction is to stop putting out change logs to stop getting bitten, because that's the easy, lazy, doesn't take more effort answer. Asking "Whether or not change logs are a good idea?" is the wrong question. The right question is more "Okay, we got bitten because we put out crap change logs. How do we stop putting out crap?"

The answer to that question is generally something called 'Hard Work'. If the company isn't willing to put in the effort to make a good change log (appropriate policies to capture the relevant changes, tech writer/tech doc support to clean it up, manager-level review to vet it for compliance, etc.) Then, yes, it may make more business sense to not publish anything rather than to publish garbage. It's not a matter of whether or not change logs are good or bad -- good change logs are good, bad change logs are bad. The question is: How do you generate good change logs?

Slashdot Top Deals

Any programming language is at its best before it is implemented and used.