Become a fan of Slashdot on Facebook


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Disclosure is a tool to get the problem fixed. (Score 1) 52

Actually following through with the threat to disclose in 90 days (which is far too long in my opinion) is the only way to get corporations to take vulnerability reports seriously.

Microsoft made a choice - to push their big marketing and style changes to all their users by bundling them with necessary security updates. This bad decision means that they can't push out small security-only, no-reboot-required updates on an as-needed basis. It is this profit-driven motive that makes a short disclosure period hard for them. The right way for the world deal with this is keep up the pressure, so they switch back to pushing out small security-only updates as needed when needed; to rebuild their customer's trust that Microsoft's updates won't break people's systems, won't suddenly uninstall legacy software, that sysadmins don't have to put updates through verification because they'll probably break something. This way, vulnerabilities in windows are fixed within days of them being reported.

There is zero excuse for not fixing a vulnerability for 90 days. If something makes it hard for a corporation to fix vulnerabilities quickly, then it is that something that needs to change. Responsible disclosure like this pushes corporations to make such changes.

Comment Re:1 hour ? (Score 1) 141

That's how BASIC programs started out. You'd get a magazine in the mail and copy word for word what they printed and tada, you had a "program". It was nothing more than straight copy and paste. Then you went and changed all the print statements to PENIS. Or changed the color of the output. Eventually parts of the copy paste started to click and people went on to writing their own code.

Comment Journey o miles starts with (Score 2) 141

"An hour of Math is definitely going to be effective in teaching math. Why in the world have I spent my entire life perfecting my PhD level math?"

"An hour of English is definitely going to be effective in teaching how to write a novel. Why in the world have I spent my entire life perfecting my art"?

"An hour of Shop class is definitely going to be effective in teaching how to build a house. Why in the world have I spent my entire life perfecting house building"?

The point is to expose you to what is out there. Most slashdotters seem to have been lucky enough to have been exposed through other means. I learned to code because I just happened to find HyperCard and a HyperCard book at the library then learned to code TI-BASIC because I was bored in Math class and read my TI-89 manual. It was constant exposure that started

Without those two bits of happenstance I wouldn't make my living writing code as a Mechanical Engineer. The point of adding this is to expose kids to it so that if it piques their interest they can take a second hour. Or a 3rd hour. Or make a career out of it.

Comment Re:reactions were mixed (Score 1) 144

I've read a story somewhere about the manager of an engineering department dealing with critical systems at NASA during the space race. He imposed 9 to 5 work days, as part of his plan to promote a healthy routine. He noticed that overwork leads to mistakes and that nullifies any productivity gain made during extra hours.

It is absolutely true. For work in the trades (machinists, welders, etc), we see the majority of accidents occurring in the final 2 hours of a 12 hour shift. It is naive to think that white collar people don't suffer from fatigue too. The CDC even hosts a study titled "Overtime and Extended Work Shifts: Recent (not so recent now) Findings on Illnesses, Injuries, and Health Behaviors" showing that there may be profound effects on the long-term health of workers as well.

Comment Re:Only? (Score 3, Interesting) 144

The Japanese put in a lot of hours, but not much of that is "working". Japan's productivity is only 60% of America's. There is a social taboo to leave work before your boss, so people stay late and surf the web. The bosses are promoted based on seniority rather than ability, and are often incompetent with no incentive to take the initiative on more enlightened working conditions. It is better to just stick to prevailing social conventions and keep a low profile.

America: The squeaky wheel gets the grease. Japan: The nail that sticks up will be hammered back down.

I have worked in Japanese companies for almost 8 years in total, 7 months of which was in Japan. Everything in your post is true except "so people stay late and surf the web". This is not my experience. In my experience, people stay late and do NOT surf the web. The open floor plan in most Japanese offices makes goofing off unnoticed nearly impossible.

Some people are doing productive work, but slowly. Others were doing unproductive work (again, slowly). Others take frequent visits to other people in different departments. Meetings which require 2-3 people but 8 people are invited also help run up the man hours. Surfing the web for non-work reasons was strictly during lunch hours and breaks, I never saw it.

Comment Re:Less Power?? (Score 1) 39

Not really. You can easily get 5-6 hours of screen-on time if your not processing much. Put it into game mode where you're driving the CPU/GPU at the edge of its thermal envelope and you'll be lucky to get 90 minutes.

In fact, for amoled screens, that on-time can be pushed to 9+ hours if you use a dark theme. After reading online using a dark background and light screen font, with ~20-25% brightness, my Note 7 (God rest it's fiery soul) showed a predicted 16 hours of remaining battery life after three hours of reading (after starting nearly fully charged). Pop that baby into a GearVR, though, and 2 hours was more than you would likely get before having to recharge.

Comment Re:Practical? (Score 1) 140

The cheapest EC2 node has one CPU at a reserve pricing as low as $0.003 for a t2.nano instance. The exact math I used is:

(6500 * 365 * 24) * 0.003 = $170,820

I realize that a nano instances don't really have much CPU power available (they're intended to be used for bursty tasks), but Google didn't define what a "CPU hour" was, so neither did I.

Comment Re:Practical? (Score 1) 140

Assuming Amazon has sufficient capacity, it could be completed in an arbitrarily short amount of time by spinning up enough instances. Amazon bills by aggregate time, so the cost of one node for two days is the same as the cost of two nodes for one day.

My point was more to show that it's potentially achievable without Google or NSA sized budgets, and that the cost would only shrink from there over time.

Slashdot Top Deals

"There... I've run rings 'round you logically" -- Monty Python's Flying Circus