Please create an account to participate in the Slashdot moderation system


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:If the point was ... (Score 2) 226

There's no proof that it has anything to do with Wikileaks, but in a world of IoT devices with no thought toward security, anyone who cares to do so can mount DDOS with the power of a national entity.

What's the point of doing what Assange and Wikileaks have been doing without any moral position? He isn't helping his own case.

Comment Re:Legal? (Score 2) 128

No, of course it is not legal to set a trap to intentionally hurt someone, even if you expect that the trap could only be activated by the person committing property theft or vandalism. Otherwise, you'd see shotguns built into burglar alarms.

Fire alarm stations sometimes shoot a blue dye which is difficult to remove or one which only shows under UV. Never stand in front of one when pulling the lever! But they are not supposed to hurt you.

And of course these booby traps generally are not as reliable as the so-called "inventor" thinks and tend to hurt the innocent.

Comment Re:Snake oil salesman (Score 1) 49

Ha ha. That's a common joke about the security industry. There is some truth to it.

What's great with bug bounty programs is that customers pay for results. You pay for valid and useful vulnerability reports. You don't pay for reports that are not useful. For hackers to make money (and the best ones make a lot of money), they must produce useful and relevant vulnerability reports.

That's a HUGE difference compared to traditional security products and services and it explains why bug bounty programs are becoming so popular. They are much more effective than any other method of finding vulns in live software.

Comment Re:70,000 white hat hackers? (Score 1) 49

Yep, 70,000 is a lot! The number keeps growing, and we hope to get to a million. To serve all companies and government organizations worldwide who will be needing bug bounty programs, we need a lot of excellent hackers.

It should also be noted that it takes a lot of hacking to find even a simple vulnerability. Of the 70,000 hacker accounts we have, about 1 in 6 have filed an actual vulnerability report. To help them get going, we have an ebook on hacking that we give to new hackers. Once new hackers get the hang of bug hunting they can advance fast, earning more and more reputation points. When you sign up at HackerOne, you start at 100 points. Our most prolific hackers have reached 10,000 points. You can do it, too!

Comment Re:Second coming of teams of ethical hackers (Score 1) 49

Yep this is true. It is also a common situation that humanity has dealt with successfully many times. To keep a ship afloat, you must find and fix every hole. Even one hole might sink it. To keep an aircraft safely flying, similarly every safety aspect must be in shape. Shipping and airlines have great safety track record these days.

To keep software secure, you must attempt to fix all serious vulnerabilities. You may never get to 100% vuln-free software, but the closer you get and the faster you can asymptotically move towards that goal, the more you reduce your cybersecurity risk.

Comment Re:Second coming of teams of ethical hackers (Score 2) 49

It has taken decades for the industry to get used to bug bounties. The first one was in 1981. Now it is starting to be very real. HackerOne has already paid out over $10,000 to hackers and researchers around the world. One hacker has made over half a million dollars. Another recently bought an apartment for his mother with the bounty money he had made. Still lots of work and education to do, but it is very much moving in the right direction. An example: the US DoD now committing $7m to vulnerability disclosure programs.

- Marten (HackerOne CEO)

Comment Re:Is that all (Score 1) 506

It's inevitable that a certain fraction of people go off the deep edge. People are irrational, even (or perhaps mostly) people who are convinced they are entirely rational. Rationality is a fragile thing because emotion and confirmation bias are deeply woven into everyone's thinking.

For normal people are few more powerful emotional impulses than the urge to protect children. It should hardly be surprising that children come to harm from it.

Comment Live by the media hype die by the media hype. (Score 5, Insightful) 258

So Elon's panties are all up in a bunch over supposedly overblown negative media coverage?

How about all the overblown positive media coverage he's been lapping up for years while running an unprofitable business that caters to wealthy customers getting taxpayer funded bonuses to buy his cars?

Isn't it fair that all of that media coverage should be withdrawn too?

Comment Re:DCMA Fair Use / Parody (Score 1) 215

Ah, but is it a parody of the copyrighted elements? That's the tack I'd take if I were Samsung's lawyer: this is not parodying Samsung's IP, it is quoting Samsung's IP in a literal, non-transformative way that is not actually parody.

Of course in my heart I'd hope to lose, but that argument is no more ridiculous than many others that have become established case law. Issues like privacy and IP are where fundamental values we have as a society cut against each other and generate innumerable weird corner cases.

Comment Re:So it appears . . . (Score 1) 179

It's not just how hard you check, but how incisively. It's easy to satisfy yourself that software's anticipated failure modes won't happen. What's tough is discovering ways of screwing up that have never happened before.

That's why there's no substitute for experience. This gets back to the very roots of rocket science: the path to success passes through many, many failures.

Comment Re:Not to Sound iIke a Snowflake... (Score 4, Insightful) 227

It's not only that. The problem with most theories of eugenics is that they draw from experience with agricultural breeding of domesticated species. Humans are not domesticated; we're a wild species with massive genetic diversity compared to, say, purebred Arabian horses.

This means that with us sexual reproduction still does what it is supposed to do: generate genetic diversity in offspring. Look at large families. You get some who are tall and some who are short; some who have Grandpa Joe's nose and others that have Grandpa John's jaw, others who get both or neither. Even with litter of pedigreed puppies you'll get one total loser and if you're lucky one champion; and pedigreed dog litters are much more alike than any set of human siblings. And that's just physical traits; in terms of interests, talents, and success there is massive variability among siblings, although there is some correlation, in part due to economic circumstances, upbringing and education.

Nature works this way because variability is good for the species, and that variability comes from combinations of genes being shuffled. Add to that the massive behavioral plasticity of our gigantic brains, and the idea that you can sample some of, say, Steve Jobs DNA for successful CEO markers is ludicrous. If you'd raised Jobs in a different family and sent him to a different set of schools, and didn't get him luck out by ending up close friends with Woz, then while he may well have been quite successful in some other way, he wouldn't have been the Steve Jobs we knew.

Of course, willingness to go along with the DNA test is a good test for one phenotypical trait: the willingness to put up with pseudo-scientific baloney.

Slashdot Top Deals

Consider the postage stamp: its usefulness consists in the ability to stick to one thing till it gets there. -- Josh Billings