Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:What do you people expect? (Score 1) 63

Where I used to work, we called this the "Stack Overflow Effect" because so much bad code written by well-meaning people was floating around Stack Overflow that did things in dangerous, security-risky ways, such as telling people to disable TLS chain validation so they could use a self-signed cert for their test environment, then wondering why so many apps shipped with chain validation turned off in the production versions of the app.

I've actually written security documentation whose primary purpose was to provide a single set of code snippets that were known to do things in the right way so that we could plaster Stack Overflow with links to the doc. Then, when people say, "but can't I just...", we can say, "No", and point them atdocumentation explaining why so that at least when they do something stupid anyway, we can say, "Dude, what part of 'no, that is incredibly dangerous' didn't you understand?"

Comment Re:Glad (Score 2) 160

If I worked there, I'd, as their computer guy, would be like, let's build an incorruptible and un-bypassable logging system of all access to all data, and exactly what was accessed, along with a physical process whereby the elected officials in Congress on the security committees would review it all. In this way, there could be no G. Gordon Liddy type "special" agents who misuse the data to advantage this or that political faction...

And I'd be quickly shown the door.

Comment Re: Patriot (Score 1) 160

I am really puzzled why publicly they would say one thing, while privately they believe something else.

In the last election, Republicans were orders of magnitude quieter (and less violent) than Democrats. Because they didn't fancy their cars being keyed, etc.

The control systems are maintained not because people don't understand them, but because they are afraid to speak out against them.

Comment Do not do this, please. (Score 1) 246

Science is advancing so rapidly, none of this matters. You should not ameliorate the global warming because if you overdo it, you will induce an ice age, which can start in as little as a year or two (all you need is a summer where the snow doesn't quite melt) and then you will kill billions in less than a year.

We can less predict the tech in 100 years than the people in 1900 could predict today's. We are the people in 1900 trying to fix the problem using their info and their tech. Decimating their own industry would just have slowed getting to today's tech level, benefiting nobody and killing probably a few hundred million due to delayed innovation.

So, even amelioration can be bad, and the downside is magnitudes worse than warming.

Comment Re:Irony of ironies (Score 1) 167

Which is worthless if the payment terminal is compromised, because the card can't know it the payment terminal is sending out messages on its own behalf or on behalf of another hacked payment terminal on the other side of the country.

Transaction log:

  • Terminal 1 gets a chipped card that it recognizes as "special". It contacts a C&C server and finds Terminal 2.
  • Terminal 2 reads the card number from some poor sucker's card and sends it to Terminal 1.
  • Terminal 1 relays the response to the card provider.
  • The bank sends back transaction info.
  • Terminal 1 relays that to Terminal 2.
  • Terminal 2 sends it to that same poor sucker's card for signing, gets the response, and sends it to Terminal 1.
  • Terminal 1 relays the signed response to the card provider.

As far as the card provider is concerned, the card physically present in Terminal 1 was actually used in Terminal 2.

Comment Re: Becaue you aren't offering to do the work. (Score 2) 366

That's unfair. Blender did undergo some big changes, but they were more than justified. It's not like they're just continuously changing it, or that the changes weren't warranted. I think Blender is a better tool today because of their changes.

I have much more of an issue with GIMP. Pushing forth changes that the vast majority of the userbase hated (and railed against on the forum), and got a big "FU, if you don't like it, use another tool" response from the developers. Comments on the "can only save XCF through the save menu, changes to other formats pester you about "unsaved changes" even if you do export" design change were over 10:1 against. The brush size slider is a mess. Text editing is broken in about ten different ways, from it forgetting what font size you're typing in to not rendering full text deletion in some cases. The general quality has gone way downhill. Meanwhile, things that have supposedly been "in the works" for years, like higher bit-depth colour, seem further away than ever. Even if I didn't want to export to a higher bit depth, if I want to do a gaussian blur on a high-res image I need to do a combination of dithers and blurs because of the loss of precision at 8 bits per channel.

Facebook is the classic example of terrible product evolution (particularly Messenger... have these people never heard of the concept of screen real estate?). I'd also like to zing Google for Google Maps. Today it's way slower, they took the very convenient full-length zoom bar out (and only put the tiny one in after user complaints), buttons with similar functionality are scattered out (e.g. satellite is on the bottom left, but landscape hidden in the menu top left), photo integration is terrible (no longer shows photos where they actually are, but in a giant "bar" on the bottom of the screen, opened by an ambiguous icon that looks like three different buttons, with lines that point to the map seemingly at random), make you zoom in twice as far to see the same amount of map information (ex. road labels), added icons to the upper right that have no connection to Maps at all just for "product consistency", and so on. And it's 2017, why is their landscape option still so terrible? Even little local companies' map services have vastly superior landscapes.

Comment Re:This is meaningless..... (Score 1) 356

Seriously, that's the best you have, a case from over a decade and a half ago? No country is perfect, but when you have to reach back sixteen years to find something to damn them for., you're really stretching.

World Justice Project (which uses a peer-reviewed methodology to rank judicial systems from around the world; there are over 17 experts just for Sweden alone) ranks Sweden the best in the world in terms of fundamental rights. Their biggest weakness in the rankings? Letting criminals off too easily. But never mind that, because there was a single incident sixteen years ago involving two people who had no legal right to be in the country (versus Assange who has no legal right to *not* be in the country) and who had been misidentified as convicted terrorists being extradited, that means that the whole country is evil and corrupt and just loves to extradite people, right?

Comment Re:There's a saying in the software industry~ (Score 2) 366

It is a good saying, but could use some elaboration.

Most change is bad. Because most have not thought through all the ramifications, and/or have not implemented the change well.

Most change is bad, because most of us have major weaknesses and blindspots. Adding someone else to the design team usually doesn't help, because what you gain with a second pair of eyes and second brain is countered by a second set of major weaknesses and blindspots. Get a group involved, and your project is totally doomed.

I think "insanely great" was a good phrase. To do something great was insanely difficult, took insane amounts of thought and effort and will. And when it all came together, it was ...insanely great.

A bridge is constrained. It rarely gets changed. It just works. Software is only partially constrained and so how we choose to work around/with constraints varies by person, by company, by decade, etc. The tyranny of choice works against good design. Hence my saying "An engineer is an artist with constraints."

The software industry has a conflict of interest. If they helped us all implement great stuff everywhere, we wouldn't come around every year with a fresh stack of money. So they implement code monstrosities, standards clusterfzcks, organizing bodies designed to bury bodies, and all while aspiring to Comcastic levels of monopoly, rather than succeeding on their merits. Embrace, extend, extinguish doesn't go down well with end users. Embrace, extend, improve forever (i.e. kaizen) would...but is rarely done. And when it is done, it becomes invisible.

Invisible software gets so good, that there are few if any bugs. It automates everything involved, so no one curses it. It saves time and manpower so management is happy. But the overall effect of all three of these effects is for people to stop thinking about it. It dies, as a "project", from working too well.

Change, i.e. churn, or turns, or flips, is necessary to people who want to get paid steadily. Solving problems is thankless work. End users are usually not sophisticated enough to appreciate it, and managers hate it because it makes them look bad (or not needed).

Life sucks, because we are all, for the most part, unenlightened. Selfish. Out for ourselves. Dog eat dog.

Yet find a place where you can do great things...and then do them...and you will be back on the unemployment line.

So ignorance is bliss. Ignorance of our own weaknesses will increase ourhappiness.

So, do you want happiness, or better stuff?

Comment Re:Oops (Score 2) 215

Indeed. There's a lot of skepticism here. When you factor in confounding factors:

Crucially, the association with stroke and dementia disappeared after adjusting for diabetes and vascular risk factors, such as high blood pressure and prior heart attack

The study appears to be an excellent example of the reverse causality effect. For example, let's say I was doing a study on on the effects of taking a heart medication on heart attacks. So I randomly collect thousands of people and study their incidence of heart attacks, and compare which people who had heart attacks were taking a heart medication and which weren't. Lo and behold, the people taking heart medication are far more likely to have a heart attack! Does that mean the medication is to blame? Not at all; it means that the people who are on heart medication are already more likely to be taking heart medication. It's the risk of a heart attack that's causing the taking of heart medication, not the heart medication that's causing the risk of heart attack.

Comment Re:Oops (Score 1) 215

But the diet soda drinkers were more likely to have diabetes (9% diabetes among the people drinking 0 diet soda, and 26% among those drinking 1+/day)

Most likely, these people were drinking regular soda, got diabetes, and then switched to diet soda. The diabetes was damaging the blood vessels and leading to stroke and dementia.

As you allude to, those cited statistics are meaningless. We would at least need to know how the percentage compares to those drinking 1+ non-diet sodas. Of course even more importantly we would need to see the figures when adjusted for eating habits, exercise levels, and prior drinking habits.

Comment Re:Oops (Score 1) 215

Perhaps it is just a semantic argument, because when I hear someone is a soda drinker I assume at least a few sodas a week, if not an average of at least one per day. I guess that should be called a regular soda drinker instead of just a soda drinker.

And to the OP's point, every regular soda drinker I know that I can think of who is not obese almost exclusively drinks diet sodas. It is just too hard to consume an extra 150-300 calories per day via drinks and still be in good shape.

It does seem as though overweight people tend to *always* be drinking diet soda, though.

Certainly most people drinking diet sodas are overweight, but most people who like the color blue are also overweight (hint: because most people are overweight, at least in the US). I would be surprised if you know many regular soda drinkers (about one drink per day) who are both in good shape and primarily drink non-diet sodas.

Comment Re:This is meaningless..... (Score 1) 356

Not even the women who are the victims say it was rape.

1) According to the witness statements, SW told several people that she was raped.
2) AA did not, and denied that she was raped.
3) There were only rape charges concerning SW, not AA.

And this isn't an arrest, it's asking questions

Only if you play word games between "anklagad" and "åtalad". The Swedish judicial system, shock of all shock, isn't exactly the same as the US judicial system, and does not break down the concept of charging in exactly the same manner. Regardless, the British court system - at every level - ruled him as considered "charged", under the guidelines of an EAW.

Beyond that, from the sworn statement of the prosecutor herself:

10. Once the interrogation is complete it may be that further questions need to be put to witnesses or the forensic scientists. Subject to any matters said by him, which undermine my present view that he should be indicted, an indictment will be launched with the court thereafter. It can therefore be seen that Assange is sought for the purpose of conducting criminal proceedings and that he is not sought merely to assist with our

Comment Re:Irony of ironies (Score 1) 167

The chip doesn't do that much, really. Most attacks on credit cards for the past decade have been attacks on the payment terminals themselves, and there's nothing fundamentally preventing someone who has already compromised a bunch of payment terminals from setting up a C&C server, and using it to let them make purchases for free by making the payment terminals recognize their chip in some way and relay the request through a different payment terminal to somebody else's card.

The only thing that would truly increase security would be having a screen on the individual card that shows the purchase info and a button on the individual card that lets you authorize it. As long as the information display and the authorization keystroke are handled by a potentially insecure, Internet-connected device, the biggest security problem with these systems cannot be solved.

Comment Re:As opposed to Amazon Prime? (Score 1) 81

I have a rather different view, as the change happened soon after the Fire phone debacle, Bezos's pet project. Seemed like the bigger investors were getting nervous about him, and moved him to a more honorary position.

In any case, the only long-term contracts I've ever seen for any AWS product is the long-term discounts for servers. Everything else seems to be hourly (or by the millisecond for Lambda, but I've yet to find a use for that). Pretty much the opposite of Oracle.

Slashdot Top Deals

"It's the best thing since professional golfers on 'ludes." -- Rick Obidiah