Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Misleading use of statistics (Score 1) 374

The article starts with a claim "women have higher levels of education than men," which might be true, but it has nothing to do with underrepresentation of women in Information Security. The relevant information would be the percent graduates in computer science. When I googled for that, I found that only 18% of CS graduates were women. (Source: http://www.aauw.org/research/s...). So though there are more women with degrees, most of those degrees have nothing to do with CS.

Then there was a claim that "women make up only 11 percent of the cyber security workforce". I don't know where this number came from. Based on statistics provided by US Department of Labor, there are 18.1 percent of women in Information security analysts. Source: https://www.dol.gov/wb/stats/C...

Comment Correlation does not imply causation (Score 1) 142

Where is the link to the original study? The only valuable piece of information in the whole article is: "We do not yet know which came first - the social media use or the perceived social isolation". As to correlation between social isolation and active use of "social media", it is neither new nor particularly surprising.

Comment Garbage In, Garbage Out (Score 1) 183

Google search is not a magic tool to learn the truth. If you feed some nonsense in the algorithm, you should not be to surprise of getting some nonsense back. The Google's Snippets feature says nothing about accuracy of the presented information. So you should not be surprise of getting some nonsense if you search for it. To be able to use Google correctly means being able to validate different online source, and not to rely on what came up in Google search first. What is really surprising is how many university students are incapable to work with online sources and blindly believe in whatever Google says. IMHO, that is a much bigger problem than any imperfection of Google's algorithms.

Comment Re:Only as safe as the sandbox (Score 1) 167

Rust does not aim to provide you a sandbox to run untrusted code. Its goal is to provide type safety. It means that code written in Rust is as safe as written in Python or in another high-level language, but it runs as fast as if it were written C++.

Obviously, it could be bugs in the Rust compiler or an unsafe library that you use, but the attack surface is much smaller in this way. Take a look at programs written in high-level languages, you do not hear about buffer overflow and other low-level attacks against them very often, though they also rely on some unsafe code and may have implementation bugs.

Most attacks against applications written in high-level languages focus on the application logic. For example, attackers may try to force the application to overwrite some configuration file, which enables them a remote access, or create an executable file, which can be then run remotely, etc.

So for most practical purposes, Rust eliminates certain classes of attacks. This does not mean that applications written in Rust are truly safe, but they are likely to be much safer than written in C/C++.

Comment Re:Not saying I disagree with Torvalds (Score 1) 576

Apparently, you have never managed any software project for many years. Because if you did, you would realize that people are different, and some far more sensitive to criticism than others. Also a lot depends on the overall culture in your organization. So without any specific context, all those generalizations about what "a wise manager" is supposed to do is UTTER nonsense.

Now if we speak about the Linux kernel, the fact is the success of the Linux kernel is largely due to Linus ability to keep many talented people involved, and he works with same people for many years. So whatever words he chooses to express himself, it does not seem to affect his working relationship with those people. Also I do not remember that he has ever criticized newbies, who are still learning, or anyone like that. Practically, all his harsh words were directed at his lieutenants, who were entrusted to keep the source code to a certain standard, but failed to do so.

Finally, I will never trust you (or anyone else) just because you are willing to work on some stuff. I can trust you only if I know that you can deliver the result that meets certain requirements. I had a developer who tried to be nice and willing to work on almost anything, but his code was nearly always crappy, so giving him nearly any task (aside the most trivial stuff) was completely useless. So we had to part with him. So the question is not what you are willing to do, but what you can deliver in practical terms.

Comment Re:Not saying I disagree with Torvalds (Score 1) 576

Professional and effective managers always reprimand in private, and praise in public. DON'T work for someone who doesn't follow that rule, life is too short.

First of all, Linus does not do any hiring and does not pay anyone's salaries. So anyone is free to choose whether to work with him or not. Many top developers started to work with him because it's fun, and only later they were able to find a job related to the kernel development.

Second, I do not see anything wrong with public reprimand if the person is clearly wrong, because it is a matter of honesty and trust. This can be a problem only if the person cannot respond to the criticism, because he is afraid to lose his job or something like that. Clearly this is not the case with Linux development. I have never seen Linus harshly criticizing anyone who would be afraid to respond.

The only thing that I do not like is that he uses profanities a bit too much, but if it helps to keep crybabies away then it is not too high price to pay...

Comment Re:They're bums, why keep them around (Score 1) 743

No one forced the Greece government to take so much debt. In fact, the Greece government tried to hide how much debt it accumulated until it became impossible to hide.

Now the problem is not just a huge debt that Greece accumulated, but low productivity, aging population, prevailing corruption on all levels. I think investors could agree to some compromises if Greece had any real strategy to repay a substantial part of the debt. The current "balanced" budget comes at enormous social cost, and that is simply unsustainable in the long run. There have not been any real economical reforms that would make Greece more competitive in the world market. So it looks like Greece just wants the old debt to be forgotten, so it can start borrowing again...

Comment New fuel (Score 1) 445

It appears that the accident is linked to the use of new fuel and related modification to the engine. Unfortunately, no amount ground testing can guarantee safety in the air. This is true for jet-engines as well. However, a jet-engine failure rarely leads to a deadly outcome for the testing crew. In most cases, the pilot can land the plane safely even with a severely damaged engine. Failure of a rocket-engine leads to a large uncontained explosion with little chance for the crew to survive. In the age of drones, we should not use human beings during such tests.

Comment Re:Hmmm (Score 1) 230

Any sysadmin who is thinking about it, would put a web server and all it's components in a chroot jail and force it to run in user space and set up to refuse interactive logins for this user.. That way any "escalations" of privilege won't get you much more than the web server. It's easy, quick and effective.

If an attacker find a way to escalate privileges to "root" within the chroot jail, he can take over the whole system. So, a chroot jail does not help much except by limiting the surface of the attack to escalate privilege. For example, you can eliminate all suid programs within the jail environment. However, such manual installation can be difficult to maintain as automatic updates may not work. So, the chroot jail is not any better than properly configured AppArmour or SELinux, which also allows significantly to restrict what the web user can access.

Usually a more secure and simpler solution is to use OpenVZ (or another paravirtualization) to isolate the virtual machine that run the web server.

Linux is BY DEFAULT more secure than Windows, mainly by design.

I am not sure I can fully agree with you here. A lot depends on application installed, the system configuration, and how the system is used, and other things that have nothing to do with design. The only thing where Linux clearly wins is when you want to harden security accordingly to your needs. Linux is far more transparent, so it is easy to configure it properly, while Windows does a lot of things behind your back and some of them may unintentenly can compromise security.

Comment Re:Gcc 4.9.0 very new (Score 2) 739

Why would anyone use a new gcc release three months old for critical components?

The bug was introduced in gcc 4.5.0 (which was released in April 2010), so it took 4 years with active use of gcc before kernel developers could pintpoint the cause of some strange kernel crashes.

So how long are we supposed to wait before using a new GCC release?

Comment Re:one question (Score 1) 256

From what I've read cultists also seriously kludged their deployment resulting in a good bit of the gas ending up in the ventilation shafts rather than in the subway tunnels.

Though deployment of Sarin was far from perfect, the gas was released mostly inside of trains, so I am not sure why ventilation shafts playing any important role in that. In any case, despite a huge number of people who were exposed to the sarin, only very few of them died, because of impurity.

There was another attacked conducted by Aum Shinrikyo just 9 months prior to the attack on the Tokyo subway. In that attack sarin was released in one neighbourhood on unsuspected people late in the vening, which caused seven deaths (plus one more victim, who suffered severe brain damage, died 14 years later). So, this is a scale that a well orgganized terrorirst group can achieve.

The death toll in the Ghouta attacks in Syria clearly indicates that military-grade gas and delivery systems were used. I think there will be more evidences when the UN report will be released.

Comment Re:one question (Score 1) 256

Heck some cults have done it in the past, and used them, I just can't for the life of me remember their name(s) at the moment.

I guess you mean Aum Shinrikyo. They released sarin in five coordinated attacks on the Tokyo subway at the peak of the rush hour. As result, 13 people died and about 50 people were severly injured. The death toll was not as high as one might expect because of impurity, which caused its quick degradation.

To kill over 1400 people over a large area of open air requires completely different expertise in chemical weaponry and much larger amount of the nerve gas.

Slashdot Top Deals

The bogosity meter just pegged.

Working...