Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Conflating several issues here (Score 3, Informative) 340

Arguably "the same drug" will be the same everywhere, but if you're ordering online drugs from somewhere outside the FDA inspection regime, you don't know what your chances are that it's in fact actually "the same drug". Really, you don't know what you're getting.

That's still a possibility here, of course, but when a US producer commits fraud you'd better believe you'll have an army of lawyers beating down your door to help sue them into oblivion for it. Random Joe Bob's Discount Drug Shack operating in Singapore? Good luck.

Secondly, the FDA approval process itself. For better or for worse, having a complex medical trial and many layers of approval is probably better that not having it, in terms of protecting US consumers from unsafe foods and drugs. There's a fast-track process for promising drugs and devices to prevent dangerous conditions, and there registered experimental treatments, but all other things being equal, I'd prefer to know that some basic level of testing was done.

Drug IP process. People in other countries like to point out that they can purchase drugs for $20 that are charged higher processes here. You can thank us (the American Consumer) for that. Not everyone gets to be a marginal consumer.. and part of the reason we're paying full price for drugs is so that the market incentive allows those drugs to be developed in the first place. Without market incentive, you're only going to proceed in research as fast as centrally-planned authorities dictate you will. Or you're a charity, funded by donations.

None of those things directly deal with device IP, but to be honest cases like this (where someone is being an abject douchebag) are rare, and tend to get discovered, highlighted, and corrected through social pressure. (EMT's have been talking about the cost of EpiPens for years, and there were already initiatives under way to allow EMT's to inject Epi directly: http://thesouthern.com/news/local/govt-and-politics/new-state-law-will-allow-emts-to-inject-epinephrine/article_42dbddd9-a035-509b-b99a-7f720c7411b0.html

The measure, sponsored by state Sen. Chapin Rose, R-Mahomet, and signed into law by Gov. Bruce Rauner late last week, comes as the maker of the EpiPen is facing increased scrutiny from the federal government over dramatic price increases for the lifesaving drug. The cost of a two-dose package of EpiPens, made by pharmaceutical company Mylan, jumped from less than $100 nine years ago to more than $600 in May, The Associated Press reported Wednesday.

While the timing is a coincidence, Rose said recent attention from Congress has attracted the public eye to an issue that was first brought to him by a rural fire protection district he represents.

If there's a justifiable reason for a price hike, it'll become public as well. Often there is. E.g., a critical component has restricted availability.

Comment Re:Too secure for insecure? (Score 1) 528

Unless they were retroactively classified for political reasons?

I'd say the chances are pretty slim on that, with all of the attention this is getting. There are dozens, if not hundreds of FBI and intelligence folks working on this, and surely any decision to classify (or re-classify) is getting multiple layers of review as a result of the fallout everyone knows it would be getting.

Comment Re:Too secure for insecure? (Score 4, Insightful) 528

It does not count if Congress declares any one of these emails classified after the fact for political effect.

You're begging the question here. Information is classified based on the content, markings are irrelevant. There's explicitly statutory language that indicates that someone who Should Know that data involved Should Be classified should be treating it as classified, *regardless* of any markings or lack thereof.

Joe Blow on the street may not know that certain info is classified and might pass it along. The Secretary of State is expected to know that something is classified information and has a duty to take care of it responsible. That's something you're "read into" before you ever receive any clearance at all.

If the emails are considered classified retroactively, then someone in her position should have realized they contained sensitive data. Nothing is being classified "for political effect"... and if something is, then that's a scandal in and of itself.

Comment Cloud spoils the dream (Score 1) 153

I'm fine with a smart home. I'm old enough to remember the DAK Catalog and more-or-less drooling over the advanced dreams that the 80s could sell me. But I'm not fine any of this data leaving my property line, or with intelligence or non-aggregated usage telemetry resulting in internal details going over the wire for evaluation. Even if Alphabet "Did No Evil" (which it probably does), transmission to control on the outside opens me up for spying and makes me vulnerable to hack.

If a company wants to provide a means for me to control and automate my life, that's great. Do it with local control.

Comment Re:Here's the problem with stereo Bluetooth: (Score 1) 385

Agreed. I've used various Bluetooth headsets and car adapters and *none* of them seem to hold a candle to a regular audio cable.

For in-home speakers, I have a set (actually, more than a set... almost 5) old XtremeMac TangoAir speakers that use Apple's AirPlay for transmission, and the encoding that's done there is oodles better than even the best Bluetooth speaker quality I've heard.

And yeah, anyone who cared about audio quality enough to care about this was probably ripping at 320kbps 15 years ago. I've been slowly going through my CD collection upgrading them to ALAC lossless simply because disk space is beyond not an issue any more. I can't say I can hear the difference on most tracks, but definitely can't on a Bluetooth device.

Comment Re:RHEL - CentOS - Docker (Score 1) 538

We've had that discussion at work, with the pro-RHEL arguing that since prod machines would be RHEL, dev and test machines should be too in order to avoid bad surprises down the road. We even considered having the full-blown hardening done already in dev to make sure our friends the developers didn't do something that wouldn't work in prod. Turns out this approach causes a huge dip in productivity, especially when chasing those mysterious selinux denials. Exciting the first few times because you feel like you're "doing the rigth thing" but soon enough you get a nosebleed just by typing semanage. Ansible helps a lot, but only once you've got the right recipe.

Have you considered SELinux permissive everywhere in dev, with sign-off on QA? Depending on your app, of course, SELinux really does get easier once you get more and more used to it. audit2allow really is your friend... A day of letting your app run in permissive mode, then pipe the audit log for it through the policy maker and factor its needs into a coherent (and meaningful) policy, then just bump that as needed.

semanage can be a pain for booleans, but again it's mostly up-front work and then catching what breaks going forward.

Going back to the topic though, is there a significant difference between RHEL and CentOS in this regard? The vast majority of boxes I run on have been CentOS, but I typically dev on a RHEL in full SELinux enforcing and I haven't really noticed an issue except when there's a delay in a policy making it to the CentOS repos.

Comment Re:Linux is far worse than Microsoft (Score 1) 538

and run systemd as Just Another Daemon, akin to xinetd, supervise, or your cluster management software

This is dangerous, as systemd expects to be PID 1. If it expects to be the root of userspace and isn't, there will probably be complications.

It's better to build a distro without systemd entirely than to try to hack it into pieces without careful planning.

I'm not saying it's impossible, but it will be damn hard if it can be done. Already, the first attempt (by uselessd) has been abandoned.

Among the many other issues with systemd, this sticks out.

Literally the only thing unique about PID 1 as such (besides obviously being the first process launched) is that it gets ownership of double-forked / parentless processes and related signaling. There should be no reason that systemd couldn't function as a standard sub-process, albeit with the reduced functionality of not being able to track processes that intentionally escape.

The general unwillingness to gracefully fall back to reduced functionality when not all the Kool-Aid has been drunken is a fine example of EEE principles in action.

Comment Re:Systemd the distro (Score 1) 538

I think you summarize the problem pretty well. Systemd is a desktop solution for people who essentially want a Macbook.

What would be great? Having systemd only in specialized desktop distributions. Not on servers and not on desktop for power users. Even better: systemd should be a distribution itself, not be a part of other distributions. And it would also have the exclusivity of pulseaudio.

That's exactly it. If this were a GNOME or *DE toolkit focused on providing low level services for desktop environments, it'd be totally fine; well -- more accurately -- I wouldn't care. The problem is that by taking over PID 1 and forcing a paradigm shift or replacement of any number of other utilities, it's in the "core" instead of the desktop. It didn't need to be that way, and shouldn't have been. And if it *had* to, then it should have been a component of a new, forked, modern desktop distribution.

Instead it sucked up Fedora under subterfuge ("It'll be just like the upstart switch except 5.6% awesomer!") and Debian thanks to the bandwagon effect breaking a tie.

Comment Re:Linux is far worse than Microsoft (Score 1) 538

CentOS and RHEL are functionally identical, except for the 12-36h delay in updates and the specifics of update channel management.

That was one of the points I (GP) was trying to make... Looking at just official RHEL subscription numbers doesn't take into account the broader "RedHat-led ecosystem" of releases which are broadly (if not ABI) compatible.

Many orgs pay for RHEL licenses on mission-critical boxes and a sample of their own servers, then run CentOS on fleet boxes. OTOH, people working in densely virtualized environments might consider the hypervisors the critical ones and be willing to pay for them, getting unlimited VM guest licenses for free with it.

Comment Wither LG? Good phones, no market share? (Score 1) 161

They are both scummy companies and shouldn't be trusted. It's Nexus or nothing.

Not sure why you're trusting Google here. Are you disassembling the binaries in your Android operating system*? If not, then you have no idea what Google's doing there to use the sensors you've got strapped to your body 24/7. The only safe smartphone is one that doesn't have sensors at all, and has a physically removable antenna and battery or physical off switches for both.

(*And face it, no body is. Even if, in principle, it's possible, no one is *actually* doing it before use except security researchers.)

Going back to the article, though... I'm surprised LG doesn't have a larger share of the market -- and isn't making more in the way of profit. I've been a fan of their phones since the EnV chiclet keyboard days, up through the touch feature phones, and have had the G2, G3, and G5. They've all for the most part been extremely reliable phones with good feature sets and a camera that's second-to-none at the price point for low light conditions.

Comment Re:Linux is far worse than Microsoft (Score 5, Interesting) 538

There are systemd-free distros of Linux, you know. I can pretty confidently state that it will remain that way unless systemd should start to integrate itself into the kernel.

Well, yes... Most importantly RHEL6 / CentOS6. Those of us using Linux in business/enterprise settings are mostly running that, and that's mostly what we care about. The time limit on that is what we're sweating.

RedHat (Inc.) seems to be undervaluing its Good Will in terms of building an enterprise platform that goes well beyond RHEL subscriptions. EL users don't care about most of the systemd "feature" set (with the possible exception of easy(-ier) cgroup management), since most of the rest either doesn't apply or attempts to re-solve and already mostly-solved problem (eg, service monitoring and restart scripts). The cost is using less mature, less modular, less tested code with more common failure points, which might cover 80% of your needs but makes the other 20% of system customization really, really difficult, because apparently shell scripting is a Sin now.

Oh, and most of your config management that worked pretty similarly between EL5 and EL6 has a *lot* more of a delta to work with EL7.

"Forking Fedora" doesn't seem like it will happen, even though there are fewer and fewer non Kool-Aid drinkers there who think keeping your options open is a good thing.

Do you know what I'd like for EL8? Fork EL6, update all the non-daemon RPM versions to their current Fedora level, and run systemd as Just Another Daemon, akin to xinetd, supervise, or your cluster management software.

We get more reliable and more deterministic startup and shutdown process using the previous initscripts toolset and regular /sbin/init, and those who want the management capabilities of systemd for services can still use it, albeit with it not functioning as PID 1. I'd pay for that.

Comment Re:Denormalize (Score 1) 671

I'd rather have to join 5 tables then parse one UUID made up of 5 pieces on information concatenated together.

Why? (Assuming you're not searching for it in a way that requires discrete indexes.)

God created perl for a reason, and sometimes it's a hell of a lot easier to make your DB simple rather than normalized to hell and back. Flattening tables can be a good thing.

Comment High-speed bandwidth requires a conduit (Score 2) 95

If you're providing only wireless service, that means cell towers and crowded radio spectrum. The phone companies are already doing this, so expanding from 3G to 4G to 5G is basically a hardware upgrade at designated points (unless someone tries WiMax 2.0).

Cable companies spent *decades* building out coax networks, and then 20 more years upgrading to digital cable (ie, fiber to area). Most fiber in use nowadays still goes over fiber that was laid down (or over paths that were originally built out) during the dot com era, the creation of which led to many of those companies' bankruptcy. Speaking of dot com, we tried the ILEC sells circuits to CO-provider which is resold by an ISP to provide consumer competition market and it collapsed along with everything else back then. (Thanks, COVAD.)

So aside from wireless upgrades, everything else requires a last mile physical path to homes. New homes can be built with whatever in an urban or suburban area, but existing homes outside of downtown cores, and rural homes of any type, don't justify additional, non-unified wireline build-outs for the cost. If you're hitting 25Mbps, you should ask yourself how much more you're willing to pay to go up to 50 or 100Mbps. Then, add in all of your neighbors and divide by the cost of the build-out. If the math doesn't work, you won't get it. If the math does work, a local provider should step in. If no one steps in, go to a bank and do it yourself and make a profit.

Comment Re:Firmware? (Score 2) 59

For an organization capable of doing all this, using BadUSB or some other attack would certainly be in the realm of plausibility.

I love how people think that "air gaped" means "successfully isolated" though. Not only do you have the obvious vector of floppy^H^H^H^H^H^H USB transmission, but there are plenty of other esoteric methods that have been demonstrated in labs and could be used to infiltrate commands to a listener and exfiltrate data back out. If you're walking to an air-gapped system with a laptop in hand, then it's not just WiFi transmissions you need to worry about... modem signals over browser pages being listened to by mics has been demonstrated easily.

Comment Re:The age of subscription services (Score 1) 534

That'd probably be the death of facebook if they try that. Believe it or not, there's not nearly enough people out there that would pay a subscription fee every month to use facebook - certainly not enough to replace their advertising income. (Otherwise they would have done it already.)

The only reason Facebook works at all is because it's free, which encourages people to use it to connect to their friends and family. You require subscriptions and 70% of their userbase simply leave, making the remaining 30% wonder why they stay if 70% of the people they know aren't on it. This is why most other social sites aren't able to get off the ground - they can't get enough people to join because everyone else is already using facebook and few people want to sign up for multiple services.

I think you're underestimating the fact that there's already a critical mass here. They don't have to get everyone to switch over to a subscription model; in fact it's probably worthy as a premium feature in and of itself.

There are two major issues, however:

1) Ads on the side of the page are easy to remove, but a "sponsored page" post you see in your feed is itself an ad. A FB page is paying to have more visibility in timelines than it otherwise would be allowed. FB makes a great deal of money from ad campaigns, even ones by pages to simply ensure that their own page followers actually do see their content. This model goes away for someone paying to remove ads. One could expect that FB would give a completely neutral (ie, algorithm-based) ranking to page posts for those users, but it's been quite a while since they've done that and we don't know what that really looks like.
2) Being presented with advertising (or not) only covers a small portion of the privacy-concerning and tracking aspects of Facebook. Not seeing ads may make it a little cleaner, but it's not solving the underlying issue for someone who's paying for the experience.

I can see them providing two levels of payment:
Facebook for everyone! - $0.00/mo
Don't see ads on Facebook - $6.99/mo
Don't see ads and don't have Facebook's AI tracking you + premium support - $13.99/mo

Would those be worth it to you?

Honestly, it probably would to me. I have hundreds of people scattered all across the world. In 2016, it would be impossible to proactively communicate with all of them and still have time in the day. FB provides a service, and -- counting mobile -- I spend more time on the site than I do using the Netflix or Hulu subscriptions I'm paying for. I'd trade dollars for decreased tracking (and lack of long term storage once identity is confirmed enough to note that) and decreased ads. I'm sure with the billions of people who *won't* go that route, their machine-learning initiatives will not be materially affected.

Slashdot Top Deals

If you would know the value of money, go try to borrow some. -- Ben Franklin

Working...