Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Not that hard in principle to fix this (Score 1) 74

Most IoT devices don't need to talk to the entire Internet. At most, they need to phone home to a few servers made by the device manufacturer. So build a protocol in which devices identify themselves, and after authorization the home router then downloads a signed ruleset. If the device is later compromised, the DDoS traffic is blocked and reported somewhere.

Yes, there are quite a few details to work through to reduce the risk of this being spoofed, and dealing with legacy devices, but in principle this could work and wouldn't be too difficult for manufacturers to implement.

Comment Formal verification is a niche tool (Score 1) 531

...and it always will be IMO.

Writing formal specs, and proving your code meets that formal specs, is very hard, very slow work. Data61 proved that their microkernel implements a formal spec. It took them 25 person-years to implement a 7500 line kernel. Very very few software projects justify that level of expenditure.

I agree that system programming should be moving to languages/environments that make safer programming easier though. Why we're still writing non-performance critical code with buffer overflows in 2016 is beyond me.

Comment Android Studio not for beginners (Score 2) 98

I teach Android programming at an Australian university.

For various reasons, it was decided that all engineering students had to learn mobile app development in their first year of the degree. Every single person in the faculty who had any experience with Android told them it was a terrible idea.

They ultimately ended up getting them to write web apps instead; Javascript web programming is horrible but you can at least have a relatively gentle introduction to programming in it.

Comment Primary vs. General Election (Score 3, Insightful) 421

Being extremely popular with 30% of the Republican primary electorate in a divided and frankly weak field got him the nomination, but that's not enough to win him a general election.

Your guy is disliked by a far bigger proportion of the population than the proportion that like him. He is disliked far more than Hillary Clinton, according to the polls.

Your guy has little acquaintance with facts in his public rhetoric, but that doesn't make them go away. Trump will lose the general election to Hillary. The remaining question is whether his negative impact on the Republican vote will cost the GOP the House and Senate as well.

Comment Scratch doesn't help (Score 2) 342

...or, more to the point, Scratch and its ilk help certain very specific skills.

Scratch largely removes the barrier of remembering syntax and dealing with syntax errors. This gets people who might have otherwise been put off over a significant hump.

However, there are two other barriers to becoming an effective programmer that Scratch doesn't help with at all.

  • Coming up with a correct and moderately efficient algorithm to solve a nontrivial problem - even when that problem is just implementing business rules correctly - is a difficult, multifaceted skill.
  • putting bite-size pieces of code together into a larger system that works is hard. Putting it together into a larger system that keeps on working, can be debugged when it's not working, and can be extended when needs change is even harder.

Scratch doesn't help one iota with any of the above.

Comment Re:100 times as long as the kernel, I wonder why (Score 1) 184


My interest is prompted because I plan to do some testing related research that requires building the code many times. My working assumption was that systems are fast enough these days that you could build pretty much anything in a short reasonable amount of time by throwing a big enough set of compute nodes at the problem. Worth knowing that isn't always the case.

Comment Actually, no (Score 1) 216

Official statistics for road deaths in Australia, and air crashes in Australia.

In 2012, there were 0.55 deaths per 100 million road vehicle kilometres travelled. For business and private flying in GA aircraft, (which is mostly A to B, but does include a few riskier activities such as cattle mustering) the death rate is about 40 deaths per million flying hours, and if you assume that the average speed is something like 200 km/h, that comes out to 20 deaths per 100 million aircraft kilometres travelled.

GA aviation is much riskier than driving a car, and comparable to riding a motorcycle.

Comment Re:How to spoof a wireless insulin pump? (Score 1) 67

Because it's not a matter of hacking together a patch, running the unit tests, uploading to production and waiting to see if it crashes.

This stuff has to run the gauntlet of companies, regulators, and customers who have NFI about infosec, but do have some idea of the consequences of rushing untested changes into devices which quite literally keep people alive from minute to minute.

Comment Re:Solution found, needs to be adopted... (Score 1) 67

Have you ever met a surgeon?

To indulge in some gross stereotyping here, they have huge egos that exceed their (very considerable) talents, and little appreciation that anything that doesn't involve medicine, or indeed surgery, is important.

They also tend to end up running hospitals.

If you tell a surgeon running a hospital that you need to inconvenience him (and it's usually a him) and his fellow surgeons to solve a "problem with the computers", they will ignore you. They are also right - anything that interferes with their ability to do surgery is a huge waste of resources.

An infosec person implementing the "principle of least privilege" is almost certainly going to grossly inconvenience surgeons in the process, to ends that are not at all obvious to most of them. Along the way they will, at the very least, inconvenience patients. Therefore, the infosec person will get told precisely where to stick their principle of least privilege.

Slashdot Top Deals

"If you can, help others. If you can't, at least don't hurt others." -- the Dalai Lama