Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re: permissions (Score 3, Insightful) 313

so now you have two coders looking at every line of code?

Yeah...because this is how it's done when it's done professionally. You have one coder...the guy who wrote the change...and then another coder...the one who tests it.

This happens in non-code places too, like journalism. One person writes the article, and another proofreads it. (Due to the acceleration of the news cycle, this has been going away...with predictably-bad results.) Consulting? Yes, you have quality control (another person reading and checking the deliverable..every line of it) before it goes to the client. Engineering? One engineer builds the spec, and another has to approve it; this is actually mandated by law for a lot of things, in fact, where permitting is involved (like construction).

Fundamentally, the question is "how to you keep code from being pushed to the public before it's tested." You seemed to miss that in your reply, because the very point of the question requires two people...people who must understand what their reading (and thus, are coders)...to look at the code. Also, your reply seems to imply that a code change requires reading ALL of the code, not just the new or changed code, and this is simply not true.

Comment Well, at least they're keeping up with tech... (Score 1) 191

Burger King's ad campaigns have been the laughing stock of the advertising world forever. I was studying marketing back in the 80s, in college, and had a subscription to Advertising Age (the leading trade publication of the industry). At that time, Burger King's campaign revolved around the phrase, "Burger King. Sometimes you just gotta break the rules." It was considered so ridiculous that Advertising Age held a contest to see if anyone could come up with anything even more insane. Finalists in the top-5 included "Long John Silver's, for the seafood lover that is Allah"...and, of course because someone submitted it, "Burger King. Sometimes you just gotta break the rules." This was about three decades ago.

Then there was their whole "chicken fries" campaign, back in the...was that the 90s? I have no idea what the fuck that was all about, though the "band" that was prominently featured there openly admitted that they did the ads because they realized they weren't going to make it as real musicians so they may as well sell out. And this admission wasn't on some interview or a website off to the side...it was featured front-and-center on the official website that Burger King stood up for the ad campaign.

So, at least Burger King is keeping up with the times, finding new and innovative ways to blow dead goats with their ad campaigns.

Comment Re:Test for Quacks (Score 1) 374

In real production code you pretty much have to check the type "manually" of every argument to every function. And document the type in the comments. This is much more work that just using a strongly typed language in the first place. Python's a fine scripting language, a tier above the likes of Perl and PHP. But it's not for real code.

Yes, of course...because we all know that in "real" production code, the comments are ubiquitous, diligent, and comprehensive :)

Comment Jesus, people... (Score 1) 126

You know, it only seems to take one line in a Slashdot post, out of context, to drive people batty here. I'm seeing a long stream of posts that seem to believe that GM just took all of these robots and plugged them directly into a cablemodem without any firewalling or other security, making it effortless for some dork to simply go fuck with the production lines.

Okay. So, there's "connected to the Internet" as in you have a connection to the Internet...like I am using to post this. I'm behind a firewall, with both ingress and egress filtering. But if I weren't connected, I wouldn't be able to send/receive email, I wouldn't be able to browse the web...you get the picture. I am connected, but it doesn't mean that people can just lay into my computer with wild abandon and hack me. Then there's "CONNECTED to tha' motherfucking INTERNET," without security, without security monitoring, etc. That's bad...and yes, if GM had done that then all kinds of bad things would happen because few automation systems are particularly robust from a security perspective. But that's not what GM has done. Connected securely or connected insecurely...both are actually a state of being 'connected to the Internet.'

Comment Re: What can Berners-Lee do here, really? (Score 1) 126

They can't override criminal law, but they can certainly put language in like "DRM providers SHALL give a written statement to not sue as precondition for inclusion".
Or like the letsencrypt API require agreement via the API itself. The people behind letsencrypt are not lawmakers either.
I don't know of any country where criminal copyright charges are brought without someone asking that to happen, so contracts are quite efficient at that.

The protections needed are more than just civil in nature.

So, let's look at it this way...overlook the fact that W3C has no power to enforce a contract simply with a standard, or that someone can use most of the standard and leave a few bits out so as to avoid being bound by your proposed language. (While you're at it, overlook the fact that this would cause massive fracturing of exactly the sort that W3C is really trying to reverse, not make worse.)

So now you have no option for anyone to sue security researchers over copyright infringement when all they are doing is security testing. Okay. What will happen is that large industry groups will instead push for criminal law to come to bear instead, and you'll get what happened in Germany years ago. Under that situation, not only will security researchers testing DRM come under fire...ALL security research becomes dangerous to do without the express permission of the organization whose solution is being tested.

When you have an angry neanderthal waving a medium-sized stick around at you, and you break his stick...he picks up a bigger one. He doesn't just sit down and call it a day, and he doesn't reach for a twig.

Comment Job Security (Score 4, Interesting) 89

Actual quote:
"We believe this is a devastating blow to manatees," Patrick Rose, Executive Director for Save the Manatee Club, said in a statement. "A federal reclassification at this time will seriously undermine the chances of securing the manatee's long- term survival."

Translated for clarity and accuracy:
"We believe this is a devastating blow to my career," Patrick Rose, Executive Director for Save the Manatee Club, said in a statement. "A federal reclassification at this time will seriously undermine my chances of maintaining long-term employment."

Comment Re:What can Berners-Lee do here, really? (Score 1) 126

Seriously, he's not a god. He can't stop Google and so on pushing DRM if they want to (which they did, regardless of whether he accepted that he was powerless in this case).

I really don't understand the FSF anymore. "Let's go after the symptoms instead of the disease! Let's divide our own supporters! Let's act like if we just pretend that if DRM isn't an official web-spec, it won't still be a de-facto web-spec!" What difference will any of that make, really? It's a pathetic waste of everyone's time and donation money.

An excellent point, and there's another one as well that relates to the limits of what he can do.

What W3C is working on are "technical standards," which is within their realm. The OP speaks of "protection" for security researchers...this is a legal matter, not a technical one. The reason that W3C isn't putting any kind of protection in place for people who find vulnerabilities is that they have no power to do so. You can't say "by using http version 4, you legally agree to not prosecute security researchers," for a whole lot of different reasons...the most basic of which is that laws simply don't work that way in most countries. Then there's the fact that W3C has literally zero authority to promulgate policy of law in any nation on Earth...and I could keep going, but that would just open up the door for someone to nitpick on the details of a minor reason while ignoring any of the other deal-breakers for such a proposition.

TL;DR: W3C are engineers producing technical standards, not legislators, so they can't override criminal law as it stands in nations to protect vulnerability researchers.

Comment Re:Every military man's worst nightmare (Score 3, Insightful) 82

Some kill-crazy sonofabitch off the chain and looking for body count.

How does one PROJECT this sort of thing without actually getting lost in it?

In essence, making the other dumb sonofabitch crap themselves for their country and not want to actually fight and die?

Scary naming conventions.

I don't know that I'd assign government-wide significance to this. At most, it was a small handful of people who gave it the name...it's not like the name went before Congress for ratification, after all. And as far as the "violence" aspect...for fuck's sake, it's a grenade launcher. It's a pretty violent device to begin with. :)

I think of it a bit more humorously, like this:

Maria Hill: What does S.H.I.E.L.D. stand for, Agent Ward?
        Grant Ward: Strategic Homeland Intervention, Enforcement and Logistics Division.
        Hill: And what does that mean to you?
        Ward: It means someone really wanted our initials to spell out "shield."

Comment Re:I call bullshit (Score 1) 73

"Decentralization" is the idea that a database works like a network "that's shared with everybody in the world, where anyone and anything can connect to it," writes Vinay Gupta for Harvard Business Review. "Decentralization offers the promise of nearly friction-free cooperation between members of complex networks that can add value to each other by enabling collaboration without central authorities and middle men."

And this wonderful decentralization, where anyone and anything can connect to "the database," is why Bitcoin transactions take hours to confirm, the network is only capable of supporting a handful of transactions per second, etc. Don't even get me started on the laughs involved if "everybody in the world, anyone and anything" is keeping local copies of "the database," or enough of it to verify transactional integrity to a level necessary for shit like inventory management at Wal-Mart scale.

I can see it...it's happened before, on a smaller level and with the removal of a different choke point that required centralization of a different kind.

Anyone here remember "The Sharper Image"? They were stores...and a catalog...of incredibly cool stuff. This was before there was public access to the Internet or such a thing as a .com TLD; back then, you had to go to stores or catalogs to find things. As a result, for lack of a better way to put it, it was "harder to find stuff."

Today, if I wanted to buy...gird your loins...a "Slave Leia outfit in purple, size X-large," I would have to do research just to find out what kind of a store might carry something like that, and then find one such store within my physical reach. If I was really stretching, I could make a phone call to some other place and perhaps get them to ship it to me...sight unseen. (And hopefully, something like a Slave Leia outfit in size X-large would forever remain sight unseen, but I digress.)

Now, I simply go to Google, or some other search engine, and...gah! But yeah, I found it, in less time than it would have taken me to go grab my copy of the Yellow Pages.

As a result, The Sharper Image found themselves as a solution for which the problem no longer existed. Their shelves drew customers because it was the best way to get introduced to clever, interesting, or quirky high-end items that solved interesting problems or had unique appeal for some other reason. Before you could got into a Target and buy a Dyson vacuum cleaner (and before you could buy one online), they carried them, for example. They had the capital, business model and logistics to do this. But then, websites popped up (like ThinkGeek) which did what they did, but at an even more targeted scale...which was made possible because you no longer needed physical stores or a catalog to be accessible to your customers. The mass which made them successful was now a pair of cement shoes as they sank in the ocean of options.

So what exists now, as far as centralization? Amazon comes to mind. But note that Amazon is about logistics as much as anything else; hell, they don't even make sure that half of their "Apple" products actually came from Apple. And the hardest part of that logistics value proposition is payment handling. A lot of their products aren't shipped or handled by them, they just do the payment processing for the vendor. Anyone can go to a FedEx or UPS to ship something; heck, if you have a return to Amazon, that's what you end up doing. The main thing that Amazon, as a vendor, provides is the payment processing.

And yes, AWS is a real thing...I get that. But it's separate, and can exist outside of this concept of where the value proposition lies today vs. where it would lie in a blockchain-based economy. Indeed, it is the infrastructure that supports their payment processing, their shipping, their logistics, inventory, etc. But you could open up a blockchain-based vendor that competes with them...and run it on AWS, too. Amazon's main nemesis in the video content streaming space, for example, runs on AWS. It's called Netflix. :)

Comment Re:Overturned 160,000 parking fines? (Score 2) 90

Evidence please? And not "it's been used 160,000 times".

Also if you think the asylum process is as simple as appealing a parking fine, you're fucking high. This guy appears to have more hubris than experience, and it reminds me of the $1 laptop programmes where somehow people without shelter and electricity and maintenance shops were somehow going to benefit from Wikipedia to tell them how to re-build the civilisation that the same cultures that delivered their laptop had destroyed.

While I agree that evidence of the claim would be useful, I also see no evidence of the implied accusation that his system has been unhelpful to anyone.

I can absolutely imagine how this kind of system would be useful to an asylum seeker. Some of the biggest challenges aren't about nuance of law or understanding of precedent. Imagine showing up in an industrialized country, not able to speak the language very well (or at all). You don't know what government agencies you're about to interact with, nor do you know what their roles and responsibilities are. You don't know what processes you're expected to follow, what they are called, what they do, or how they work. You don't know what you're going to be asked to do, produce as evidence, or answer as questions. The specifics of what you'll need to know vary based upon things like where you're from, what kind of danger you're worried about, and whether you are alone or with a family. The process is long and byzantine (despite what Trump thinks) and when you throw in the cultural and language differences in combination with simply just being scared about the future...yeah, wow.

Look at it from another perspective related to something that has to be about one one-hundredth as scary and intense. Say you're going to the DMV for the first time to take a driving test and get a license, and have never had any aspect of the process explained to you before. What would be easier...a sheet of paper explaining all the different things at the DMV and how they work, or a person that you could interactively ask questions of, so that you can find out what you, specifically, need to know and need to do?

Comment Re:"Are you in danger" (Score 4, Insightful) 90

From what I understand of the current asylum interview process, the key question is "is your life in danger" followed by variations on "prove it." (Sometimes the proof is as simple as pointing to death threats on Facebook.) Does anyone know if coaching this process is what this bot is doing?

Yes...but using that reductive approach, you can say that this is how almost any compliance/vetting process works.

PCI DSS: "Do you handle payment card information securely," followed by variations on "prove it." Yet, accomplishing this is expensive and challenging.

Tax audit: "Have you paid what you owe for taxes," followed by variations on "prove it." The visceral reaction of anyone who has been through a tax audit makes my point here.

Security clearance interview: "Can we trust you with state secrets," followed by variation on "prove it." This gets even more interesting if you get a polygraph exam...which is essentially nothing more than a twisted, mind-fucky variation of the same.

The trick is in the "prove it" part...or more specifically, the overlap between what actual means are feasible for providing proof combined with what the questioning entity defines as acceptable proof. In different situations, this overlap may be subject to negotiation as well (or not), and that is its own area of expertise unto itself in some cases. Almost all of these processes also involve setting legal precedents during their early days as well.

In short: sure, you can use a verbal metaphor to represent the process in an oversimplified manner. But that doesn't make the actual process...as required by anyone who engages with it...simple or easy.

Comment Re:Editors, you stripped the original title (Score 1) 642

Original submission: Brianna Wu Is a Harsh Mistress.

You stripped this brilliant title and wrote in your blurb that spans two lines!

Objection! "Mistress" is a gender-definitive word created by the Patriarchy and favored by cis-gend...*chuckle*...CIS-gender...*laughing*

I couldn't get through it with a straight face. How do these SJWs manage to say all this stuff without laughing their asses off?

Comment Re:Admin? (Score 1) 238

Context here:

There are two different scenarios that have to be discussed, and they are very different.

One is enterprise users...that's people at work, using Windows. For them, Admin rights are really not usually necessary, and there is someone else (the admins, obviously) who can serve in the admin role when needed. This is where the biggest bang for the buck of reducing user rights comes in. Yes, there's software that requires admin rights...but in the enterprise market that is becoming increasingly rare, and there are often ways to hit a middle ground where that software will run without giving full local admin rights to a user.

The other group is home users. This is the sticky wicket. Yes, there's UAC...but as home users aren't really that technically savvy. So, when something asks them to click (assuming Windows 10 here) "Yes" or "No," they will often just choose "Yes" because it's what they've had to do a hundred times before to make something valid work correctly. And that 101th time...it's malware. And sure, you could have them using an account with no admin rights at all, but then who would be their admin?

So, as you debate TFA and its message, keep these two scenarios in mind. They both have a lot of users in them, even the same users when you think about it...but they work in very, very different ways.

Comment Re: I do (Score 1) 172

Byuu has more detailed knowledge of the hardware quirks and is able to get more accurate dumps because he understands how the memory is mapped at a low level. His custom rig has already found several bad dumps that previously thought to be good.

And yet...he was okay with these being shipped by US Postal Service? I guess intelligence, experience and common sense can be compartmentalized.

Comment Re:Toys, toys, toys... (Score 1) 119

local administrative rights are needed by some software.

Well if need to have 2 laptops then I need 2 data cards with world wide data. Or is to ok use an hot spot for both?

This is less- and less-frequently true these days. More importantly, it's less-frequently true because companies are taking away admin rights, at which point they then notice which software is written this way. And in turn, that software often gets replaced by something that's better-written since it represents a security risk by confounding the business' need to properly control user access rights.

Slashdot Top Deals

He who steps on others to reach the top has good balance.

Working...