Follow Slashdot stories on Twitter


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Neither true nor meaningful (Score 1) 91

Your statement of "fact" is utterly false, and would be meaningless if it were true.

Mac OS X, Mac iOS, several versions of Windows, several Linux distributions each have more CVEs than Android. Android is in fact #17 on the list of most vulnerabilities (in other words, it's among the most secure popular operating systems, by CVE count).

However, counting the number of reported vulnerabilities is utterly bogus. One day we got a CVE for Linux which was essentially "by running 'ls /*/*/*/*/*/*' a local user can use up a chunk of their resource allotment. By doing so in a hundred shells at once, they can DOS themselves". That's a pretty stupid, CVE, IMHO, but okay, we put it in our database as an informational. The same day, there was a CVE for Windows remote code execution - an attacker can run whatever code they want, over the network.

So each of these is one vulnerability:

On my own Linux machine, I can use the CPU time allotted to me.

From here, I can connect to your Windows machine over the internet and delete all your stuff.

Counting those as equal would be just stupid, so "number of vulnerabilities reported" doesn't at all mean a lower count is safer. In fact, there is a significant element that is the opposite: where some software is closely inspected and any behavior that's at all interesting is documented, that system is likely safer than one where only the most egregious security holes are documented. If "omg a local user can choose to waste the resources assigned to them" is considered a vulnerability worth documenting by Linux standards, that may mean Linux is pretty safe - people are documenting even the most minor non-issues because they aren't finding b significant issues.

Comment Backwards, POST can't be cached, GET can (Score 1) 30

Probably a typo, you listed it backwards. GET is cacheable, POST is not, by definition.

GET puts the parameters in the URL specifically so that a cache can return the proper resource based on the URL - users.doc?page=2 will return the second page of users.

POST *creates* something on the server or otherwise alters it, so just returning a cached response without sending the post to the origin isn't the same at all. You can't cache, you actually have to send the command to the server each time you want to create a user.

Comment Yeah, unless engineers point out the interest (Score 1) 390

The scenario you describe is something I fear, so just last night I worked to avoid it. Management is very concerned about some problems we had and they want to know what went wrong. Without going into detail, we had some bad code which caused a problem they noticed, problems that could affect revenue. I told them I would find the problem and report on how we can prevent a recurrence.

  So this weekend I identified the problems in the code. I didn't start by telling top management the details of the bug; I my message to management starts with "last week, we paid some interest on our technical debt, previously known quality issues caused the situation. Recurrence of similar problems can be avoided by investing in correcting known issues in the code, rather than deferring this work as 'not high priority'. Specifically, the following known issues were involved in causing the problem, other issues may have also played a part. ..."

Management from the president down really want to make sure that problems like we had last week don't happen again. After hearing that the cause is various forms of technical debt, I expect management will decide we need to get rid of this nasty technical debt, to the extent that we can.

You insightfully identified the issue as "there is no one holding you accountable for paying back the former", part of my job, therefore, is to honestly inform them about the costs, so that the president of company holds middle managers responsible for addressing the issue. Another, similar, issue with tech debt is that it's normally not measured and doesn't appear on reports. Wise management, when they decide to incur tech debt (rush systems development) could write down a number for how much engineers estimate it will cost to a) maintain the less-robust system and b) eventually clean it up, making it more robust.

Comment Best of luck (Score 3, Informative) 243

> I think I'm gonna increase my MSFT position just in case.

Best of luck with that. I've always done mutual funds instead of trying to pick. I often discussed this with my best friend, who would always pick stocks. One day, in early 2008, he told me that rather than picking one company he had made a can't-lose buy: both Intel and AMD. Being the only two processor manufacturers with any significant market share, one of them would have to do well! Of course that was just about the time Android was released and most processor sales started to be ARM devices, neither Intel nor AMD.

Comment Re:Or just go back to the way things were before (Score 1) 5

This is personal to me. A friend I knew in high school, went into the service with, and kept in touch with couldn't afford insurance and caught appendicitis. It ruined his credit and nearly his family. In 1992 when he had a heart attack, he just laid down and died rather than calling 911.

That's what happens in the US when you work full time and can't afford insurance.

Comment Yes, StatCounter, not Netcraft (Score 1) 243

Had I been more clever, I would have worked in a Netcraft joke and made it funny. Instead, I just accidentally typed Netcraft when I meant to type Statcounter.

I'm sure others have come up with slightly different numbers, but the point stands regardless. MS has gone from complete monopoly, what everyone used, to a minority - their market share of current *sales* is even less than the 38% statcounter shows. Yet they've managed to maintain and even grow revenue. Of course some of that is the fact that they actually make money on every Android device sold. :)

Comment Amazing since market share dropped from 98% to 38% (Score 4, Insightful) 243

Which is amazing considering that a few years ago, 98% of people used their flagship product, Windows, while now only 38% of people do (Netcraft, 2016). They've done a really good job pivoting to maintain revenue while customers have dumped their traditional products en masse.

Comment Once, we used Windows for Linux stuff (Score 1) 243

In 20 years, I've had exactly one occasion to run Linux stuff on Windows. I've had one other program I ran on Windows, that I can recall.

We have a framework on Linux, written mostly in Perl, which runs hundreds of small tools. We wanted to add a specific Windows-only tool to our system. So the g framework is installed under Cygwin on a few machines to run that one Windows tool.

Comment No interpretation, direct quote from FBI (Score 1) 132

No interpretation required. The FBI announced that she was without a doubt "very careless with classified information." That's a fact. The relevant crime is being "negligent" with classified information. That's a fact, no interpretation.

It's also a fact that in the same announcement, FBI director Comey, appointed by Obama, stated that other people would be prosecuted if they were similarly negligent. I'm not interpreting anything, that's what the FBI announced.

Slashdot Top Deals

"If you own a machine, you are in turn owned by it, and spend your time serving it..." -- Marion Zimmer Bradley, _The Forbidden Tower_