top Greenwald Advises Market-Based Solution To Mass Surveillance
A market-based approach cannot work for cyber-security any more than a Government-led approach can, when the Government feels it has a vested interest in being able to monitor its own or other countries' citizens.
The market-based approach fails because the market-based philosophy is to maximize profit while minimizing cost, so the end result is a risk analysis of: 1. The odds of being hacked. 2. The odds of that hack being detected by someone outside the company, and that being published. 3. The odds of that hack being detected by someone inside the company who cannot be kept from releasing that information to the press. 4. The financial damage associated with the occurrence of 1 and either 2 or 3. 5. The potential damage to the company's reputation from being hacked and found out - this is the most valuable resource most companies have, but in the modern world the average person in the street has the attention span of a lobotomized goldfish, and Marketing/PR firms have had a LOT of practice at managing scandals in the political and corporate world, so while the damage to a company's reputation should be massive, in reality it will be relatively minor and very short-lived.
If the odds of being hacked and found out are 10%, and the financial damage is rated at $100 million, then the typical baseline risk analysis suggests that spending on cybersecurity should be around $10 million. Bean-counters and professional buyers will then swoop in and hire a consulting company to implement something that costs $1 million with $9 million in consulting fees, which then balloons to $29 million in fees due to project over-runs... but fundamentally you still end up with a $1 million solution to a $100 million problem, and the computer users will spend a lot of effort getting around that solution so that they can see their Facebook and lolcat websites.
top Is a Moral Compass a Hindrance Or a Help For Startups?
Suppose I and my friends have all the money, all the property, and all the food, and you don't have any of it. What exactly are you free to do?
That is closer to communism than capitalism, with individual owners replacing the overall State as the owner of All Things.
However, if we assume that you are operating in a capitalist environment, then "you and your friends" would have to agree on policies about the control of, and access to, the resources you own. If "you and your friends" happens to be you and a couple of friends, it is not too hard, because then you should be able to find sufficient common ground to reach unanimous agreement - specifically in a "yes/no" vote you at most need to persuade 1 person to change their vote in order to achieve unanimity. But how do 3 people get to own absolutely everything in the first place? If "you and your friends" is, let's say, you and your Facebook friends, and for argument's sake let's assume you have 200 Facebook friends, then it is practically impossible for you to reach a unanimous agreement about anything unless you have a system where the majority form blocs and vote as proxies for a smaller number of individuals (in which case you simplify the model so that "you and your friends" becomes you plus those proxy representatives).
Plus, how does the "owner" of a given resource maintain ownership of said resource? A real-world example, albeit not within recent living memory, is France in the 1780's under King Louis XVI. The nobility and the clergy (less than 0.1% of the population) owned 99.9% of the land, resources and wealth. Certain elements in the 99.9% then decided that they had better ideas, and started using Madame Guillotine to separate the Nobility's heads from their necks. Co-incidentally, the quality of life for the vast majority in France improved very little if at all, and in many cases all that happened was that new despots arose from the bloody masses to fill the void left by the Nobility.
In general terms, if all of the resources are owned and controlled by a very small minority, then there will at some point be a forceful redistribution of resources led by elements of the downtrodden majority. In order to prevent that happening, the small minority need a force multiplier - namely either an army or justice system to keep the majority in line, or a way to keep the majority pacified and content. As the army is usually drawn from the majority, it would not be a wise idea to expect them to uniformly enforce order over a rebelling majority (some would, but some would join the rebellion, reducing or nullifying the effectiveness of the army for keeping order).
The end result is that the most useful tool for keeping the majority in line is to use the collective inertia of a large group and the inherent laziness of the vast majority of individuals in a large group against the majority, giving them just enough of whatever they need to keep them satisfied and passive. If you deny them access to everything and therefore threaten their individual and collective survival, you will find that the majority can come up with a surprisingly inventive list of things to do with the bloody corpses of those in power.
top Data Center Study Reveals Top 5 SMART Stats That Correlate To Drive Failures
I generally use HD Tune (www.hdtune.com) which is free unless you want to buy the Pro version with a bunch of features that are irrelevant if all you want is SMART reporting.If I was going to spend actual money on a checker though, I would tend toward the LSoft Hard Disk Monitor (www.lsoft.net).
top PC Cooling Specialist Zalman Goes Bankrupt Due To Fraud
I wonder how their IP will be sold once this is all finalized with the banks. I'm unclear of the process.
The books (the real ones) will be independently audited; profitable divisions will be sold off with some insanely clever financial jiggery-pokery making sure that they exit the current Zalman corporate structure with a minimum of debt; probably the IP will be sold off to the highest bidder separately to those successful divisions; the remainder - the unprofitable elements and as much of the debt as possible, will be wound up in a bankruptcy proceding.
In cases like this, the component parts of the company are far more valuable when broken up, so that is what will end up happening.
top The Great IT Hiring He-Said / She-Said
Some of the more profoundly afflicted people on the ASD scale really have to work alone or in groups with similar diagnoses - as long as you keep their environment constant (even to plastic plants and unchanging canteen menus), they can be awesomely productive in monotonously repetitive tasks that require a higher degree of cognitive ability than a robot or AI can manage. Interfaces between those teams and the "outside world" (i.e. the rest of the company) is through 1 or 2 specifically trained "normals" who have been integrated into the team, usually over the course of several months. For those liaisons, sick time and vacations are almost impossible though. Change anything however, and those teams grind to a halt... I have seen productivity drop to zero and arguments break out simply because somebody ordered the wrong kind of biscuits for a break room, or because a blown light bulb was replaced with one that had a slightly warmer colour.
At the milder end of the spectrum, HFAs generally can be a useful compliment to any team - we are not the panacea that creates a perfect team... we can be jerks and idiots just as much as anyone else, and often HFAs have real problems dealing with people who do not conform to an "office norm". But typically, better communication and process documentation within the team, intended to help the HFAs find and visualize the structure in a situation, also help the other team members work together.
top The Great IT Hiring He-Said / She-Said
I wonder how many of these people have an autism spectrum disorder. An interviewer might get so put off by a candidate's lack of superficial social skills that he or she cannot adequately judge the candidate's competency for the job itself.
Aspberger/HFA "sufferer" here, who also happens to be the team leader of a consulting group.
Probably quite a few of the "brilliant" coders fall into the HFA category (High Functioning Autism, the "other name" for Aspergers now that it is a number on the ASD scale, or is it a different condition? Great question for starting a fight in a room full of cognitive psychologists...), and we can be a nightmare to integrate into a team - the lack of social skills hampers the ability to communicate and co-ordinate with other team members. There are some things that are hard to teach effectively - team-working and critical thinking skills being the two most relevant in the environments I work in. If a candidate has those two and if I can see that from a CV and interview and a bonus of self-discipline and motivation, then I almost ignore what functional experience they have with systems, they have the job. It will take weeks or at most months to train them in the systems and applications, but getting the world's best coder in, who can write Tetris in a single line of Basic code or solve NP hard problems in their head is useless if they cannot work with the rest of their colleagues.
top Solving the Mystery of Declining Female CS Enrollment
I have seen quite a few hand-wringing and postulative articles about why there are not more women in programming or general IT disciplines, and why the ratios of men to women in CS courses widen so much as they progress.
One thing I have not seen in any of those articles is a report on any attempts to reach out to those girls/women and the boys/men who dropped out of CS courses to switch to other options, about why they chose to switch. It seems such an obvious choice that I am sure it must have been done at some point, except that nobody seems to want to mention the results.
top The Man With the Golden Blood
The question of the GP was probably not so outlandish. I, for one, was wondering the same. Ok, it's interesting that he's got some oddity in his blood. But
... what does that mean? Can it be used to find out something about our blood in general? Is he something like the "perfect donor"? Does it somehow express itself in his being or behaviour? Does it affect his life?
In a nutshell, his blood is the universal blood for people with rare Rh blood types (but not truly universal blood that can be given to absolutely anyone, as I understand it). It makes his blood a backup for quite a few rare blood types, but perversely his blood type is so much rarer than those others that supplies of his blood type are more tightly controlled than other rare types.
There is a hint in the article that people with his blood type are expected to be short-tempered (probably not just because of the constant requests to give blood), but there are no proven links between blood type and personality traits, afaik.
One interesting point is that this guy's blood is incredibly rare (and therefore also potentially valuable for both research and direct medical use), but it actually costs him money - when he is asked to donate blood, usually by going to the center that needs the blood instead of his local donation center (helps keep the blood fresh, but mainly to avoid the bureaucratic headaches of transporting blood across borders), he has to take time off work and arrange his own transport unless something unofficial is provided - the blood donors in most Eurpoean countries receive no financial compensation at all, even to out-of-pocket expenses.
top Federal Government Removes 7 Americans From No-Fly List
It has been several years since I flew domestically within the US, but I personally have never been allowed to board any aircraft larger than a Cessna that I was piloting myself without the holy trinity of passport or acceptable photo ID, ticket, and boarding pass (only issued after presenting ticket plus passport/photoID).
A few weeks ago, I was at the gate in Frankfurt when a very Aryan-looking German gentleman was refused leave to board a flight to London Heathrow because he could only find his boarding pass, having lost/misplaced his passport at some point after passing through security. (Co-incidentally, there was a spare German passport lying on the ground next to the chair he had been sitting in, and luckily it had his picture and name in it, so he was able to board the flight after stressing for 15 minutes... but the "No ID, no flight" thing is a pretty hard and fast rule in Europe, it seems) about a month and a half ago
top Ask Slashdot: Dealing With an Unresponsive Manufacturer Who Doesn't Fix Bugs?
Most vendor contracts in my experience have long, obtuse and legally dense clauses in them that seek to prevent customers from discussing publicly issues with the product, and setting maximum compensatory relief for lost business and costs as the initial purchase cost of the solution.
However, many of those clauses are also not enforceable under the specific state/federal (or in the case of Europe, EU) laws. The only real way to know what you recourse is within the terms of the contract is to get advice from a contract lawyer first of all, about which legal jurisdiction would be available or need to be used when seeking redress, and second from a contract law expert in that specific jurisdiction about what your legal options are.
The only way the vendor is going to give a damn about you as a client is if they are facing some kind of legal action for not addressing the problems. Their EULA ? Vendor Supply Contract will include a clause that problems with the system are not grounds for legal action or compensation, but those are almost always worth less than the ink used to print the text. If the threat of legal action does not work, and the cost of pursuing actual action and compensation is worth more than the cost of the solution, then probably the only courses open to you will be to you are junking the system and paying up the remainder of the contract/early exit termination fees, or living with it for another 12 months.
Either way, more thorough and extensive pre-acceptance testing next time might be in order. Learn where your client went wrong with the evaluation of the existing solution, and correct those mistakes when evaluating the next.
about a month and a half ago
top Why the FCC Will Probably Ignore the Public On Network Neutrality
Network Neutrality is a great concept for the consumer, but not for the provider. So given that there are millions of comments broadly in favour of NN in the "Public Consultation" phase and a small group of lobbyists/back-room power brokers against NN, we get to see where the power lies - with the public who vote into power the politicians who set direction for the FCC, or the corporate interests behind the scenes.
The biggest part of the problem, though, is that there is no real choice in the domestic internet provider markets in the US. There is certainly the illusion of choice, but in each market, the vast majority of consumers have access to a single incumbent backbone provider who also provide "last mile" connectivity, or one of a small number of alternatives which are either themselves clients of the backbone provider re-using and reselling that provider's last-mile capability or alternative access methods which offer a service which is either inferior or significantly more expensive. The traditional capitalist approach to this is for a smaller, hungrier, competitor to the incumbent to set up shop and offer a better service for lower cost, thus enticing customers away from the incumbent and providing the new competitor with the revenue to expand services. In this scenario, centrally enforced Network Neutrality is not required - if one provider chooses to prioritize traffic in a way that its' customers do not like, they can leave in favour of the alternative. However, the massive initial infrastructure costs associated with setting up as a backbone ISP with last-mile connectivity, so that the new competitor is not dependent on the existing incumbent breaks the model, and you need high-value independent actors, such as Google, going in and setting up their own networks, because they can absorb the huge initial capital outlay. The alternative to having several "backbone plus last-mile" providers with broad or total coverage in each region (which would be eye-wateringly expensive) would be for the backbone elements to be treated as utilities/managed by independent Not For Profit entities, and for all ISPs to be resellers of bandwidth competing on services and price.
Once you have genuine competition, Net Neutrality becomes something that individual providers (resellers) can offer to their customers or not (although verifying that a provider actually IS offering Net Neutrality would probably be beyond Joe Public and most of them would not know or care, anyway). A customer can choose to sign up to a service provider who guarantees low latency for online gaming, or one with high video streaming bandwidth, or the odd one who offer a life-size Lara Croft blowup doll, if they choose to. Because the free market with a low barrier to entry encourages providers to provide the services that the customer wants and is willing to pay for.
about a month and a half ago
top Anonymous Peer-review Comments May Spark Legal Battle
Except he can't defend himself against someone who can continue to make post whether or not they are accurate.
He could spend every day., all day trying to defend each time a comment is made. That would be pretty wasteful.
The person making the comment could actually go through normal peer review channels. BTW AC comment aren't actually peer review.
Have you ever tried to defend yourself against one or more people making AC comments? It is not possible.
As I mentioned in the post, I have some sympathy for him regarding defending against the AC comments, but he does not appear to have made any attempt to defend the papers' data against any comments, AC or named. Making a cover-all defensive post to engage the named reviews and encourage the AC reviewers to post under their own names would, in my opinion, be a good middle ground between defending against all negative posts or defending against none.
It would also have given him some discussion points with the faculty recruitment people from UoM, which may or may not have helped. But the "I am going to ignore criticism, head in the sand, and then threaten to sue when that criticism causes or plays a part in me not getting a new job" approach is really not good for a researcher in the publish-or-perish world they live in.
top Anonymous Peer-review Comments May Spark Legal Battle
Sorry for the wall of text... summary and comments
:P From the Science article and PubPeer discussion on the topic, but not the comments on the papers by the aggrieved scientist (Dr Fazlul Sarkar), a broad summary would be that he was a tenured researcher at Wayne State University, who was offered a tenured position at University of Mississippi. He resigned from Wayne State, then was informed by UoM that the offer was revoked. Dr Sarkur's lawyer comments that the retraction makes it "crystal clear" the retraction is because of the PubPeer comments on approximately 10% of Dr Sarkur's published and peer reviewed papers (more than 50 papers out of more than 500 he is listed as authoring), where the comments indicate that images used in specific papers look remarkably similar to images used in other papers relating to different experiments. Wayne State agreed to take him back but did not offer him a tenured position. But how many other employees who resign and then say "I changed my mind, can I come back?" would be welcomed back? Some of the negative comments on those papers then allegedly (I cannot comment directly as I have not read the comments, many of which have apparently been removed by PubPeer moderators) veered into insinuations of deliberate misconduct. Dr. Sarkur's lawyers are, of course, going to claim malice/intent in posts, and their removal is likely legal expedience, not an admission that the posts are inappropriate. It seems to me that the logical approach would have been for Dr. Sarkur to engage in a process of defending his work against negative comments. Granted, that defense process may take some time - time that is better spend researching cancer cures, or figuring out how he will spend that huge salary he isn't going to get any more (trying not to laugh at this point...). But according to his lawyer, "his client has no responsibility to critics who refuse to put a name to their accusations" - in other words, anonymous cowards will be ignored. I can sympathize with that approach, but at a time when scientific papers have taken a battering over experimental repeat-ability and interpretation of results, I would assume that anyone publishing a paper who is confident in their work would be willing to defend it, especially in an area with such life-changing possibilities as cancer research. It is akin to a social media consultant smartening up their LinkedIn profile and then wondering why they do not get a job interview when their Facebook profile is a constant boast about their party lifestyle and their Twitter feed is a racist/homophobic diatribe.
As Dr. Sarkur has a Ph.D., I would assume that he is familiar with the process of authoring a paper or a thesis and then having to defend that work against examination, in a "viva voce" examination where multiple subject matter experts basically poke holes in the work and try to uncover any areas where the preparation and execution is sub-standard. It is just a shame that Dr. Sarkur feels that process need not apply now that he has his Ph.D.
top I think next winter will be:
The winter here in Sweden was, for most of it, non-existent. By the time the snow started coming down properly, it was almost into Spring.
This, by the way, is a country where in Stockholm (about 173rd of the way up the country, not talking the far north) it can and does snow from the start of November through to the end of March. If you go up to the far North - Kiruna, or even further if you want to make a point, you can have snow for 10-11 months a year.
top The Growing Illusion of Single Player Gaming
Granted there are outliers with my argument - MMOs have "content" in them, and they are a pretty good definition for the current logical extent of multiplayer gaming. But in many cases, the current design trend seems to be to have huge open worlds where the majority of space is filled with nothing or procedurally generated content (thinking of Diablo III), where the goal of that content seems to be just to add hours to the time it takes you to get through the story portions of the game.
Bioware/EA's MMO Star Wars The Old Republic is a counter to that - 8 huge personal (single player, in a multiplayer world) storylines, one for each basic character class, with minimal and entirely optional multiplayer content until you get to the endgame, at which point it becomes almost totally about multiplayer in a traditional MMO grind-fest for gear. World of Warcraft has a similar setup. Those "theme-park" games are typically a linear exploration of content that the developers have implemented. At the other end of the scale, the sandbox MMOs (EVE Online, or reaching back in time to the pre-"New Game Enhancements" Star Wars Galaxies, and even titles like Minecraft) can be played alone but are much more entertaining when experienced as part of a group or larger community, because there is typically little or no story-driven content designed for solo play. Sandbox versus theme-park is not in itself a good/bad argument - I spent an insane amount of time in Star Wars Galaxies and EVE Online, and loved the completely open freedom to "write my own story" they offered. I also enjoy the theme park games and the chance to experience a well-crafted story.
However with the sandbox, the developer does not need to spend as much time creating content as for the theme park, because the sandbox players' creative tendencies will generate more stories than the developer ever could, and those stories will be personal to the player and therefore more compelling. It means that the developer can be lazy if they want to, or free them up to refine other areas without having to devote time and effort to developing content.
top To Really Cut Emissions, We Need Electric Buses, Not Just Electric Cars
The problem is the manpower to operate it just doesn't scale well to something as small as a ship.
Why is it then possible and viable to have nuclear powered submarines but not ships?
Economically, it should not be. Because the value metrics and usage requirements for a submarine are vastly different to those for a ship. Both go on water, but when a submarine is underwater it needs a controlled non-toxic emission propulsion and power system - older and smaller subs use electric batteries, which are charged when on the surface by a diesel engine which exhausts out into the air, so they have very limited underwater endurance. A sub with a nuclear reactor does away with the electric battery element, has no need of diesel engines, so it can stay underwater for months at a time - even to the point where they can if necessary complete an entire tour of duty without breaking the surface of the water.
That ability to stay underwater and (probably) undetected gives the ability to project power into areas and in ways where highly visible surface ships just would not work. The reason it works is that submarines are not used for economic activity - their value to the Navies that have them falls into the "money is no object" category and profit is irrelevant in the face of security and force projection.
top What Do You Do When Your Mind-Numbing IT Job Should Be Automated?
Most of the IT jobs (emphasis on the "jobs" part) that I see, cannot be automated - or if they can be automated, the automation needs a level of oversight and constant tweaking that it is not economically viable to automate the process.
Almost without exception, an IT "job" can be split into discrete "tasks", where some of the tasks can be and should be automated for various reasons, but in terms of the W.W.W.W.H. (What, Where, When, Why, How) aspects, the reason for automating (Why) has a significant bearing on whether it would be a good idea to even try automating. Automating the tasks which can be automated within a job makes sense in many cases - relieving the employee of the trivial and repetitive tasks to tackle the more high-value elements of the job. From a commercial perspective, if you are spending most of your time on the high value tasks, you are probably earning more money for your company or providing better value. As long as the boss recognizes that fact, your job should be more secure and your pay packet should, at some point, see an increase to recognize the higher value that you represent. ok, you might need to leave the company and parlay that higher value experience at a new employer to see the increase in your salary, but if your CV can show a successful sequence of task automation leading to higher productivity, then you will probably be more in demand.
If you have either a role that can be automated to the point where you are irrelevant, or a manager who thinks that your role can be automated to the point where you are irrelevant, then my advice would be to start looking for a new job where either you are more stretched or your manager appreciates your contributions more.
top Verizon Throttles Data To "Provide Incentive To Limit Usage"
I cannot decide on the best response to that:
"You will never find a more wretched hive of scum and villainy. We must be cautious.”
“Who’s the more foolish; the fool, or the fool who follows him?”
"If they follow standard Imperial procedure, they’ll dump their garbage before they go to light-speed. Then we just float away.” “With the rest of the garbage.”
However, whatever the response is, Verizon will come back with one of these:
“So what I told you was true from a certain point of view.”
“Only at the end do you realize the power of the Dark Side.”
top UK Spy Agency Certifies Master's Degrees In Cyber Security
So the spy agency that admit s to (a) sharing data with the NSA, and (b) has pretty much admitted that it wants to be able to hack into any systems it wants in search of information, is now certifying information security courses that would, in theory, make their jobs harder...
What can possibly go wrong?
top Passport Database Outage Leaves Thousands Stranded
...in case my other article did not make it clear, we always ask if they have a backout plan, and they always say they do.
I used to deal with a lot of Indian outsourced IT groups, and the only way to handle this is to either follow up the "Yes, we have a backout plan" response with "Tell me what your backout plan is" or just to skip straight to that without bothering to ask the "Do you have a plan?" question.
Things still got screwed up, but after the first occurrence we completely cut their access to the servers and re-enabled them on demand, so we forced their people to update a specific server first to show that they could do it on a system which is not mission-critical. However, that approach really only works when the client does not turn into a whining tub of lard when the vendor starts putting pressure on.