thehossman - Slashdot User

Comment Re:In "normal person speak" (Score 4, Informative) 18

by thehossman on Friday April 17, 2026 @08:36PM (#66099448) Attached to: NIST Limits CVE Enrichment After 263% Surge In Vulnerability Submissions

In the slashdot post, the words automatically enrich are a hyperlink that point to a guide from NIST explaining the overall CVE process. It has a very prominent section that explains exactly what "enrichment" has historically done for CVE's once they are in the NVD...

The following is a general overview of the enrichment process for a given CVE:

Enrichment efforts begin with reviewing any reference material provided with the CVE record and assigns appropriate reference tags. This helps organize the various data sources to help researchers find the relevant information for their needs. Enrichment efforts also include manual searches of the internet to ensure that any other available and relevant information is used for the enrichment process. NVD enrichment efforts only use publicly available materials in the enrichment process.
A common weakness enumeration (CWE) identifier is assigned that categorizes the vulnerability. NVD enrichment efforts use a subset of the full list of CWEs that best represents the distribution of specific types of vulnerabilities. This subset is known as the CWE-1003 view and was created through coordination with the MITRE CWE team.
CVSS V3.1 exploitability and impact metrics are assigned based on publicly available information and the guidelines of the specification if a CVSS score has not already been assigned. If an existing score is noticed to not be supported by CVSS guidelines or publicly available information while performing other enrichment activities, an enrichment team member may choose to provide a score. Users of NVD data may also request the NVD to provide a score.
A Common Platform Enumeration (CPE) Applicability Statement is associated with the vulnerability. The CPE match criteria are generated to identify potentially vulnerable software and/or hardware for the vulnerability. For example, an application may have several versions affected or must be running on a specific operating system to be vulnerable. Automated processes can reference match criteria within the applicability statements against the CPE dictionary to assist in identifying vulnerable products within an organizationâ(TM)s information system. Every effort is made to identify all vulnerable software, but gaps may exist and feedback is encouraged to improve this information.
Enrichment effort results are given a quality assurance check by another experienced team member prior to being published to the website and data feeds.

Comment "positive impacts" vs "concerns" (Score 3, Insightful) 64

by thehossman on Tuesday April 14, 2026 @02:35PM (#66093604) Attached to: Stanford Report Highlights Growing Disconnect Between AI Insiders and Everyone Else

People who sell Face Eating Leopards: "Face Eating Leopards going to have a massive positive impact on society! Everyone should start integrating Face Eating Leopards into every aspect of their daily lives as soon as possible"

People with faces: "I have some concerns about how Face Eating Leopards will impact my life."

Comment Precision and Recall - not that fucking hard (Score 1) 90

by thehossman on Wednesday September 17, 2025 @03:25PM (#65666642) Attached to: OpenAI Says Models Programmed To Make Stuff Up Instead of Admitting Ignorance

How many billions of dollars and thousands of man hours have AI "researchers" cost humanity, just because they evidently forgot to remember a core principle of machine learning?

https://en.wikipedia.org/wiki/...

Comment How long is long enough? (Score 1) 177

by thehossman on Tuesday July 30, 2024 @05:50PM (#64668058) Attached to: Logitech Mulls Subscription Model for 'Forever' Mouse

... a long-lasting mouse that could potentially serve customers "forever," ...

I got a Logitech M-BA47 from my work around 1999/2000. I used that mouse continuously, with 10+ different computers, and a new job, until ~2022 when one of the micro switches stopped responding. I could have repaired it, but for only a little more then the cost of the replacement switch I was able to find a "new" (still sealed in box) M-BA47 on e-bay. I kept the old one for parts, but I expect this "new" one to last longer then me. WTF would I need a mouse that lasts longer then that?

Submission + - Facebook subpeona'd for information on a teen's abortion leads to arrest (vice.com)

Submitted by Anonymous Coward on Tuesday August 09, 2022 @09:02PM

An anonymous reader writes: In this post-Roe world, the effects of the decision are being felt far and wide. A recent Facebook subpeona reveals that Facebook provided information on private chats regarding abortion. That evidence was then used to seize the girl's computer and phone and the evidence from that used to charge the girl and her mom for performing an abortion, now illegal in Nebraska.

Submission + - Copyright Troll's Property Seized to Pay Bankruptcy Debts (ktetch.co.uk)

Submitted by ktetch-pirate on Friday December 04, 2015 @03:24PM

ktetch-pirate writes: Copyright troll firm Prenda may be gone, but one of it's principles — Paul Hansmeier — is starting to feel Karma's burn. In a bankruptcy hearing on the 3rd, Judge Sanberg ordered it converted to Chapter 7, requiring assets be seized and liquidated to pay the 2.5M+ in debts including judgements from courts around the country, as well as proceeds from the sale of Hansmeier's 1.2M condo in Minnesota. She justified it saying he had a practice of deceiving the courts with his extortionate schemes.

Comment Actual Article about it Actually being a hoax (Score 1) 135

by thehossman on Monday November 09, 2015 @09:25PM (#50897975) Attached to: The Internet Falls For Rumblr, a Fake "Tinder For Fighting" App

This was posted to slashdot after the "go live" time of the app/website, but only links to articles posted prior to the launch that speculated it was a hoax.

One of the authors (Alfred Ng) of one of those articles wrote a follow up piece *after* the launch, with the actual details of what the hoax actually was (A marketing stunt) and what registered users saw when they used the app at launch...

When the website went live at 5 p.m. on Monday, the app asked users to sign in using their Tinder, LinkedIn or create a new account. It matched all users up with a fighter named Dudecati. The user wouldn't be able to do anything but type back at the automated response. At the end of it, the bot tells users:
"ok in all seriousness though you're wasting your time here," and then redirects you to the group's website.

Submission + - This App Lets You Piggyback Facebook's Free Internet to Access Any Site (vice.com)

Submitted by sarahnaomi on Monday March 16, 2015 @04:38PM

sarahnaomi writes: In countries like Zambia, Tanzania, or Kenya, where very few have access to the Internet, Facebook is bringing its own version of the net: Internet.org, an app that gives mobile users free access to certain sites such as Google, Wikipedia and, of course, Facebook.

While the initiative has clearly positive goals, it’s also been criticized as an “imperialistic” push for Facebook colonies, where novice Internet.org users will grow up thinking their restricted version of the web is the real internet.

To fight against that possibility, a 20-year-old developer from Paraguay is working on an app that tunnels the “regular” internet through Facebook Messenger, one of the services free to use on Internet.org’s app. This allows Internet.org users to establish a link to the outside, unrestricted internet, circumventing restrictions.

Submission + - Terrorists used false DMCA claims to get personal data of anti-islamic youtuber

Submitted by Anonymous Coward on Wednesday November 05, 2014 @07:01PM

An anonymous reader writes: German newspaper FAZ reports (google translated version) that, after facing false DMCA claims by "FirstCrist, Copyright" and threatened by youtube with takedown, a youtuber running the german version of islam-critic Al Hayat TV had to disclose their identity in order to get the channel back online, in accordance with youtube policy. Later, the channel staff got a mail containing a death threat by "FirstCrist, Copyright", containing: "thank you for your personal data. [...] take care your house gets police protection!". As the staff had already suspected that "FirstCrist, Copyright" were in fact islamists, they had tried to convince youtube youtube to find another way, but in vain.

Submission + - 'Police detector' monitors emergency radio transmissions (driving.co.uk) 1

Submitted by schwit1 on Sunday October 26, 2014 @03:35PM

schwit1 writes: Now it’s law enforcement that has nowhere to hide, and that may or may not be a good thing. A Dutch company has introduced a detection system that can alert you if a police officer or other emergency services official is using a two-way radio nearby.

Blu Eye monitors frequencies used by the encrypted TETRA encrypted communications networks used by government agencies in Europe. It doesn’t allow the user to listen in to transmissions, but can detect a radio in operation up to one kilometer away.

Even if a message isn’t being sent, these radios send pulses out to the network every four seconds and Blu Eye can also pick these up, according to The Sunday Times. A dashboard-mounted monitor uses lights and sounds to alert the driver to the proximity of the source, similar to a radar detector interface.

Submission + - Solar plant sets birds on fire as they fly overhead (www.cbc.ca)

Submitted by Elledan on Tuesday August 19, 2014 @12:49PM

Elledan writes: Federal investigators in California have requested that BrightSource — owner of thermal solar plants — halt the construction of more, even bigger plants until the impact of these plants on wildlife has been further investigated. The BrightSource solar plant in the Mojave Desert which was investigated reportedly kills between 1,000 and 28,000 birds a year with the concentrated solar energy from its 300,000 mirrors, charring and incinerating feathers of passing birds. This isn't the first report of negative environmental impact by this type of solar plant either.

Submission + - Oracle's attempt to copyright its Java APIs (groklaw.net)

Submitted by Anonymous Coward on Saturday June 01, 2013 @10:47AM

An anonymous reader writes: The remarkable outpouring of support for Google in the Oracle v. Google appeal continues, with a group of well-known innovators, start-ups, and those who fund them — innovators like Ray Ozzie, Tim O'Reilly, Mitch Kapor, Dan Bricklin, and Esther Dyson — standing with yesterday's group of leading computer scientists in telling the court that Oracle's attempt to copyright its Java APIs would be damaging to innovation.

Submission + - Facebook 'Trusted Contacts' lets you pester friends to recover account access (networkworld.com)

Submitted by alphadogg on Thursday May 02, 2013 @03:58PM

alphadogg writes: Facebook Thursday said it’s making available globally a feature called "Trusted Contacts" that lets users select three to five friends who can help users recover account access such as if they forget their password. Facebook said the idea is that once these friends are identified as “trusted contacts” through the user’s security settings, Facebook will provide each of them with a special code. “Enter the codes from [at least 3 of] your trusted contacts, and you’ll be able to access your account,” Facebook says. “After you set your trusted contacts, we’ll notify them so that they can be ready to help you if you ever need it.”

Emscripten and New Javascript Engine Bring Unreal Engine To Firefox 124

Posted by Unknown Lamer on Thursday March 28, 2013 @05:52PM from the cycle-is-nearly-complete dept.

MojoKid writes "There's no doubt that gaming on the Web has improved dramatically in recent years, but Mozilla believes it has developed new technology that will deliver a big leap in what browser-based gaming can become. The company developed a highly-optimized version of Javascript that's designed to 'supercharge' a game's code to deliver near-native performance. And now that innovation has enabled Mozilla to bring Epic's Unreal Engine 3 to the browser. As a sort of proof of concept, Mozilla debuted this BananaBread game demo that was built using WebGL, Emscripten, and the new JavaScript version called 'asm.js.' Mozilla says that it's working with the likes of EA, Disney, and ZeptoLab to optimize games for the mobile Web, as well." Emscripten was previously used to port Doom to the browser.

Comment Re:God,talk about Sensitizing (Score 4, Insightful) 180

by thehossman on Friday July 29, 2011 @02:20PM (#36924794) Attached to: Java 7 Ships With Severe Bug

a) some of these bugs where filed months ago, and yet those hotspot "optimizations" are still on by default

b) it's true that some problems can be avoided by deliberately disabling these optimizations, but w/o raising big warning alarms to users, people aren't going to know they need to go out of their way to do that. For crash bugs, it may not be so bad -- they see the crash and google to find out why it crashed. For miss-evaluation of loops that can lead to silent data corruption it's a different story -- how would users ever know that they need to disable those options if developers don't yell and holler from the roof tops?

Slashdot Top Deals