Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Re:Blaming the People is Dangerous (Score 1) 252

When you vote, you are expected to be an adult.

Agreed but I think that the average adult is far less capable that you think. If you want a good scare look at the average level of education that people achieve, it is much lower than you think. This makes them more susceptible to charismatic individuals offering plausible (to them) sounding solutions. It's worth remembering that Hitler was democratically elected because people thought he could solve the serious problems that Germany was facing at the time.

Comment Re:Shocked (Score 1) 32

Yeah, as if we needed any more reason to consider this bloated "security" software to be malware. I really don't understand why anyone in their right minds would install it or allow it to be installed on their systems. Giving some third-party company complete control over what software can run on your machines basically screams "I don't understand anything about security" better any almost anything else you could possibly do as a system administrator, IMO, short of posting the shared-across-all-machines root password on USENET.

For most IT administrators, having complete control over what users can run is the idea. There's no need for your work PC to be able to run anything and everything - most work can be done using a limited set of applications. If your job involves doing nothing but paperwork and filing stuff all day, you generally only need access to an office package and a web browser for the online components. You don't need them running things like music players or chat apps beyond the company required one.

Having control is very different from allowing a third-party company to send down arbitrary definitions at any time that suddenly render arbitrary software nonfunctional. The whole concept of Crowdstrike can be summarized as "McAfee Antivirus on steroids". I mean, this sums it up.

Comment Re:Do it yourself (Score 1) 82

Cppcheck apparently knows "hundreds of other rules covering a multitude of language aspects" so you don't "have to mentally apply against every single line of code you write."

Cppcheck doesn't flag anything in Waffle Iron's example.

It also doesn't find anything wrong with:

std::vector<int> vec = {1, 2, 3, 4, 5};
auto it = vec.begin();
vec.push_back(6);
std::cout << *it << std::endl;

Which is another common example of how you can write memory errors without using C++ pointers.

Comment Re:Of course... (Score 1) 67

The 'explanation' is that the demo triggered all the devices within earshot because apparently a device designed to perform possibly-sensitive actions on your behalf was assigned a model line wide, public audio trigger in order to make it feel more 'natural' or something; rather than some prosaic but functional solution like a trigger button/capacitive touch point/whatever; and that the device just silently fails stupid, no even informative feedback, in the even of server unresponsiveness or network issues. Both of these seem...less than totally fine...for something explicitly marketed for public use in crowded environments on what we euphemistically refer to as 'edge' network connectivity.

This. The "someone says 'Hey Siri/Okay Google' on TV/radio/loudspeaker" problem is a well-known failure mode, and if they don't have reasonable mitigation in place by now, they don't know what they're doing, and their product shouldn't be taken seriously. Whether that mitigation is blocking it during meetings, doing handshaking to limit commands to the nearest device when multiple nearby devices detect the hot word at exactly the same time, making it recognize your voice and not other random people's voices, or any of dozens of other strategies for coping, having some mechanism in place to handle this should be considered a base requirement for any voice-based assistant.

Comment Re:There is already a safe subset of C++ (Score 1) 82

In the sort of places where MISRA and similar coding guides apply, yes, never allocating memory is expected, because once dynamic allocation exists you can't guarantee that you won't die with an out-of-memory error and similarly can't guarantee any time bounds on how long an alloc and dealloc will take.

Sure, so C++ is safe as long as it's used in a way that makes it incredibly painful. Sounds good. Let's just require all C++ code everywhere to be written that way. Rust usage will skyrocket overnight.

Comment Re: Is there anyone here that voted for Trump (Score 1) 252

It is hard to have fair democracy with winners take it all.

For a really rigorous definition of "fair", it's impossible to have fair democracy at all. Arrow's Theorem demonstrates this to a large degree, although many have argued that some of his fairness axioms are excessive. More recent research has concluded that fairness is the wrong standard, because there's no way for an electorate's "will" to really be fairly represented by any electoral system, not in all cases. Some systems can do better most of the time (and "winner take all" is particularly bad), but all systems fail in some cases.

What we need to aim for instead of fairness is "legitimacy", which is more about building broad acceptance of the system than about fixing the system itself, though it's easier to build acceptance for better-designed systems.

Having the country's top politicians continually claiming the system is unfair and rigged is, of course, the worst possible thing to do if you want to build support for the legitimacy of the system.

Comment Re:Jokes on you (Score 1) 252

Precisely none of those books were ever banned.

I decided to check :-)

According to the Book Censorship Database from the Every Library Institute, both "Of Mice and Men" and "Adventures of Huckleberry Finn" have been challenged, but only "Of Mice and Men" was removed, though "restricted" is more accurate. The Birdville Independent School District in Texas removed the book from general access, allowing access only to the AP English class, and the Indian River County Schools in Florida restricted it to high school students.

No Doctor Suess books were banned, although Suess Enterprises voluntarily ceased publication of six books.

Comment Re:Nope (Score 1) 141

It's perfectly reasonable a new OS version has higher system requirements. It's just in this case MS is pushing them to ensure manufacturers create PCs that can support certain security features. For example I understand TPM can help enforce boot security and disk encryption key storage. Good stuff to keep secure.

It is possible for Microsoft to do both, you know.

  • OEM version: Requires a higher minimum level of hardware support for a premium experience
  • Retail version (more expensive): Supports a wider range of hardware to the extent that it can

Then they just have to make sure the price difference is high enough to destroy any profit benefit from cutting corners on the hardware.

Comment Re:Shocked (Score 1) 32

Yeah, as if we needed any more reason to consider this bloated "security" software to be malware. I really don't understand why anyone in their right minds would install it or allow it to be installed on their systems. Giving some third-party company complete control over what software can run on your machines basically screams "I don't understand anything about security" better any almost anything else you could possibly do as a system administrator, IMO, short of posting the shared-across-all-machines root password on USENET.

Comment Re:There is already a safe subset of C++ (Score 1) 82

Ish.

I would not trust C++ for safety-critical work as MISRA can only limit features, it can't add support for contracts.

There have been other dialects of C++ - Aspect-Oriented C++ and Feature-Oriented C++ being the two that I monitored closely. You can't really do either by using subsetting, regardless of mechanism.

IMHO, it might be easier to reverse the problem. Instead of having specific subsets for specific tasks, where you drill down to the subset you want, have specific subsets for specific mechanisms where you build up to the feature set you need.

Slashdot Top Deals

How many NASA managers does it take to screw in a lightbulb? "That's a known problem... don't worry about it."

Working...