Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Or they know that long term habits are important (Score 2) 133

Some people try to cleverly figure out what to say to each person about each situation, coming up with different lies and half-truths. Sometimes that works well for them, sometimes it blows up in their face. It's a bit of a crap shoot.

Other people figure honesty is the best *policy*, a long-term principle you stick to in almost all situations, knowing that in the long term, it works well. *Being* a liar doesn't work as well as being an honest person, they figure (and they're not wrong).

In my particular case, I have two additional reasons to *try* to be honest all the time. One, I tend to do things in the extreme. If I decide to be a liar and a thief, I'm probably going to be a big fat liar and steal well over the felony threshold. Secondly, my career is in security. 40 hours a week, I show banks and other institutions how hackers can exploit theirb systems. I study multi-million dollar hacks and thefts, because that's my job. I *know* how to steal a million dollars, I *tend* to go big in everything I do - if I decide to become a thief I might well end up in Leavenworth, not in county jail.

Comment Probably true conclusion, horrible example (Score 1) 133

Trump likes to brag about his wealth and his deals, no doubt doubt about that, and his "co-author" (who did all the writing) knows that spinning it even bigger than what Trump said sells more books. So yeah the numbers in book, written in 2007 based on what Trump said in 2006, were likely exaggerated, or at least "best case" gross margin.

Seven years later, when appealing a tax assessment in 2014, his accountant would have done the opposite - figured every possible deduction, including travel costs for Trump (in his 737). Taxable net income and gross margin are two very, very different things.

Comment Someone lied to you. I know two cases in a year (Score 1) 138

Off the top of my head, I know of two cases prosecuted in the 12 months before the Clinton announcement. One Navy sailor was prosecuted for taking a selfie aboard ship, and is currently incarcerated. US Navy ships are classified.

Brian Nishimura didn't instruct others to unlawfully remove classification markings in order to obscure his action of carrying classified information on a personal device, but he too was prosecuted.

Keep in mind when you hear Hillary or one of her team defend her illegal actions by saying "X never", or "always Y", or "I didn't Z", she's not a reliable source. She's an attorney defending someome, and she's the accused - her claims that "nobody is ever prosecuted", or any other claims, can't be taken at face value.

Comment 4GB is 20 copies of Red Hat Linux (Score 1) 49

Red Hat Linux and CentOS require at least 200MB of disk space. The smaller Pi option has 20 times that. It can hold 20 separate installations of Linux. Often, that's enough. When it's not, use an SD card.

Looking at it another way, for some projects I choose between an Arduino and a Pi. If it's too big for the Arduino, I use a Pi. Some projects are borderline, things that *could* be done with an Arduino, but it would be a stretch. The Arduino 32K-256K of storage. So the Pi has several thousand times as much.

Comment Here you go, I've had it memorized for 20 years (Score 1) 138

I've had the Black's definition and various cases on what constitutes negligence memorized for 25 years now, so let me just recite it for you.

failure to exercise the degree of care expected of a person of ordinary prudence in like circumstances

"Extremely careless" is roughly equivalent to "gross negligence", defined as " a conscious, voluntary act or omission in reckless disregard of a legal duty". By instructing subordinates to remove the "classified" markings before sending her the documents, Mrs. Clinton demonstrated her conduct was not a mere error, but a "conscious, voluntary disregard of a legal duty" to protect the information.

Comment Neither true nor meaningful (Score 2) 108

Your statement of "fact" is utterly false, and would be meaningless if it were true.

Mac OS X, Mac iOS, several versions of Windows, several Linux distributions each have more CVEs than Android. Android is in fact #17 on the list of most vulnerabilities (in other words, it's among the most secure popular operating systems, by CVE count).

However, counting the number of reported vulnerabilities is utterly bogus. One day we got a CVE for Linux which was essentially "by running 'ls /*/*/*/*/*/*' a local user can use up a chunk of their resource allotment. By doing so in a hundred shells at once, they can DOS themselves". That's a pretty stupid, CVE, IMHO, but okay, we put it in our database as an informational. The same day, there was a CVE for Windows remote code execution - an attacker can run whatever code they want, over the network.

So each of these is one vulnerability:

On my own Linux machine, I can use the CPU time allotted to me.

From here, I can connect to your Windows machine over the internet and delete all your stuff.

Counting those as equal would be just stupid, so "number of vulnerabilities reported" doesn't at all mean a lower count is safer. In fact, there is a significant element that is the opposite: where some software is closely inspected and any behavior that's at all interesting is documented, that system is likely safer than one where only the most egregious security holes are documented. If "omg a local user can choose to waste the resources assigned to them" is considered a vulnerability worth documenting by Linux standards, that may mean Linux is pretty safe - people are documenting even the most minor non-issues because they aren't finding b significant issues.

Comment Backwards, POST can't be cached, GET can (Score 2) 34

Probably a typo, you listed it backwards. GET is cacheable, POST is not, by definition.

GET puts the parameters in the URL specifically so that a cache can return the proper resource based on the URL - users.doc?page=2 will return the second page of users.

POST *creates* something on the server or otherwise alters it, so just returning a cached response without sending the post to the origin isn't the same at all. You can't cache create_user.do, you actually have to send the command to the server each time you want to create a user.

Comment Yeah, unless engineers point out the interest (Score 1) 396

The scenario you describe is something I fear, so just last night I worked to avoid it. Management is very concerned about some problems we had and they want to know what went wrong. Without going into detail, we had some bad code which caused a problem they noticed, problems that could affect revenue. I told them I would find the problem and report on how we can prevent a recurrence.

  So this weekend I identified the problems in the code. I didn't start by telling top management the details of the bug; I my message to management starts with "last week, we paid some interest on our technical debt, previously known quality issues caused the situation. Recurrence of similar problems can be avoided by investing in correcting known issues in the code, rather than deferring this work as 'not high priority'. Specifically, the following known issues were involved in causing the problem, other issues may have also played a part. ..."

Management from the president down really want to make sure that problems like we had last week don't happen again. After hearing that the cause is various forms of technical debt, I expect management will decide we need to get rid of this nasty technical debt, to the extent that we can.

You insightfully identified the issue as "there is no one holding you accountable for paying back the former", part of my job, therefore, is to honestly inform them about the costs, so that the president of company holds middle managers responsible for addressing the issue. Another, similar, issue with tech debt is that it's normally not measured and doesn't appear on reports. Wise management, when they decide to incur tech debt (rush systems development) could write down a number for how much engineers estimate it will cost to a) maintain the less-robust system and b) eventually clean it up, making it more robust.

Comment Best of luck (Score 3, Informative) 272

> I think I'm gonna increase my MSFT position just in case.

Best of luck with that. I've always done mutual funds instead of trying to pick. I often discussed this with my best friend, who would always pick stocks. One day, in early 2008, he told me that rather than picking one company he had made a can't-lose buy: both Intel and AMD. Being the only two processor manufacturers with any significant market share, one of them would have to do well! Of course that was just about the time Android was released and most processor sales started to be ARM devices, neither Intel nor AMD.

Comment Yes, StatCounter, not Netcraft (Score 1) 272

Had I been more clever, I would have worked in a Netcraft joke and made it funny. Instead, I just accidentally typed Netcraft when I meant to type Statcounter.

I'm sure others have come up with slightly different numbers, but the point stands regardless. MS has gone from complete monopoly, what everyone used, to a minority - their market share of current *sales* is even less than the 38% statcounter shows. Yet they've managed to maintain and even grow revenue. Of course some of that is the fact that they actually make money on every Android device sold. :)

Slashdot Top Deals

"Be *excellent* to each other." -- Bill, or Ted, in Bill and Ted's Excellent Adventure