×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Bug Bounties Don't Help If Bugs Never Run Out

Thruen Re:When did slashdot become a blog for Bennett? (226 comments)

I know he isn't, that's one of the reasons I was asking, his opinion on everything is about as worthwhile to hear as my own, and I know very little about the topic.
Given these answers, even though they're not from Bennett, it seems his argument is an impossible one to make, as it supposes money spent on research won't turn up multiple bugs (or the benefits of research can't be measured by any individual bug), that vulnerabilities are the only bugs worth fixing (otherwise black market value would have no effect on whether they continue looking for bugs) and that people are motivated only by the money. Your answers are roughly what I expected, and I'd imagine Bennett's answer for #3 would be the same which is what I was really aiming for. So what I gather is that people will spend time finding flaws in software because it's something to do, what the bug bounty program does is provide motivation to hand it over to the people who can fix it for everyone. That being the case, it's a safe bet the value of the efforts that go toward finding these flaws varies widely, some folks will get lucky and stumble across bugs quickly and some may not find anything for years. One major benefit of a bug bounty program is that, since there's no guarantee any given approach will yield worthwhile results, the company gets more results without a much larger investment. By paying out based on the severity of the bug and not the effort that goes into finding it, they're ensuring they never go over budget in finding any of those bugs, where as investigating themselves there is no guarantee they'll find anything after spending any amount of money.

How about some straight answers now, Bennett? What's your affiliation with Slashdot and why are you able to blog on their front page?

21 minutes ago
top

Bug Bounties Don't Help If Bugs Never Run Out

Thruen Re:When did slashdot become a blog for Bennett? (226 comments)

Okay, I'm obviously missing some important details not being a security expert. Clear a couple things up for me.
1. Do security researchers spend their efforts actively searching for one particular bug using one particular method, or do they try a lot of different things and expect to find a lot of different bugs of varying levels of importance?
2. Do companies looking at their own code for bugs only concern themselves with bugs that would be worth selling on the black market, or is every bug a concern for them?
3. Bit of an opinion question, how much would you consider spending to find a bug to sell for $100k considering the potential failure of the endeavor?
4. Do you think bug bounties are the primary motivation for white hats to research bugs, and if not what effect do they have?

10 hours ago
top

Bug Bounties Don't Help If Bugs Never Run Out

Thruen Re:When did slashdot become a blog for numbnuts? (226 comments)

How about I just call you numbnuts instead?

Alright firstly, your posts are not to a news aggregate what chicken burgers are to McDonalds, especially considering McD's has never been a "beef hamburger joint" or anything so limited. Your posts are not some small deviation from the usual, they're not even always particularly "nerdy" in nature. A more apt comparison would be if McDonalds started selling coffee tables, it's completely unrelated and not what anyone goes to McDonalds for. In fact, it's like Slashdot selling coffee tables, except I bet they'd gain more visitors than they drive away with that one. As for this being the direction Slashdot wants to go in, are you affiliated with Slashdot and can you speak officially to this? Otherwise, I think even you need to admit it's very far out of place from everything else Slashdot consists of and arguably does not belong.

I think it's clear from the responses you receive here that the worth of your posts is debated about as much as the topics themselves. You'd get as much interesting discussion were the topic, "Should Numbnuts be allowed to blog on Slashdot's front page?" Beyond that, you may find your individual reasoning steps hard to argue against, but the rest of us don't. That's not to say you're not smart enough, but you probably already know that it's far easier to pick apart an argument coming from someone else than see the holes in your own. I still don't see why your opinion deserves to be on Slashdot any more than any other fool's opinion.

Now here's an easy question to give me a straight answer to: What's the process you follow for submitting these? Are you just filling out the submission form like anyone else and for some mysterious reason the editors post it?

11 hours ago
top

Bug Bounties Don't Help If Bugs Never Run Out

Thruen Re:When did slashdot become a blog for Bennett? (226 comments)

Firstly, not infinite, stop using that word, nothing in this BS argument is infinite. There is a limited number of bugs, and a limited amount of time for anyone to find them. Second, you can not act as if the optimum black market price of an exploit is how much someone will spend to find it, nobody smart enough to find anything is dumb enough to ignore the high potential for failure. It's possible that someone else will have found it first, they might go over budget, there's even a chance they'll never find anything. You're also ignoring the possibility that many people don't care about the black market value because they have morals, but knowing there's a legitimate bug bounty program is enough motivation to keep chipping away in their spare time because it's more interesting than television and has the potential to yield a cash bonus sometimes. You make too many assumptions, your entire argument is based on them.

11 hours ago
top

Bug Bounties Don't Help If Bugs Never Run Out

Thruen Re:When did slashdot become a blog for Bennett? (226 comments)

There you go spouting nonsense and not actually answering my question. I'd bet most of us who post on Slashdot could come up with an interesting post a week, something that will be interesting to a number of other people on the site. I think you'd have a hard time disagreeing with that, you'd have to have an ego the size of the moon to think you're the only one of us with anything interesting to say. Actually, given the size of the Slashdot audience, I'd wager anything that doesn't amount to mere gibberish will spark some discussion. So, if you accept your previous reasoning that articles which can potentially start an interesting discussion are beneficial with no cost, and you accept that many (any) of us could write something that would do the same, then you believe we should all be allowed to post on Slashdot's front page. After all, you can't disagree with the conclusion if you agree with the reasoning, right Bennet?

So why can't we all post our rants on the front page, Bennet?

The fact is your reasoning is BS, and you know it, because the same could be said about any junk you want to plaster on the front page. It's an opinion, Bennett, they're like assholes, and while I'm sure there's someone who could make the case that a picture of your asshole could spark an interesting discussion, I don't think we need to put one up, let alone a new one every week.

Slashdot is not a blog, yet you are able to use it as such when you think you have something interesting to say. Slashdot is a news aggregate, as I said before. Now please stop dodging this and give me straight answers to my questions:

What makes you think Slashdot, a technology news aggregate, is the place for you to plaster your obviously unpopular opinions and argue that you're right? And why is it that you get this special treatment, being allowed to post all your rants on the front page of Slashdot, while the rest of us are stuck in the comments section unless we write some popular, interesting article on our own site?

Come on, Bennet, prove to me (and maybe yourself) that you deserve your spot on the front page and the rest of us don't. Convince me you deserve so much as the time it takes to realize it's one of your posts and keep scrolling from everyone who reads Slashdot, and convince me I don't.

12 hours ago
top

Bug Bounties Don't Help If Bugs Never Run Out

Thruen Re:When did slashdot become a blog for Bennett? (226 comments)

I'll get this. There's nothing to suggest anyone would ever pay so much for a vulnerability, and no guarantee you would find one first spending any amount of money. The "dubious premises" are that anyone would ever pay that much for a vulnerability, or spend that much on the assumption it will yield one. Your real world where there isn't infinite amount of time to scrutinize the code goes both ways, as long as you believe it would take devs to find a bug is how long it's reasonable to believe it would take malicious outsiders to find them. You can not pick and choose unrealistic conditions to make your case.

12 hours ago
top

Bug Bounties Don't Help If Bugs Never Run Out

Thruen Re:When did slashdot become a blog for Bennett? (226 comments)

No, the problem is you didn't answer either of my questions at all. I'm not interested in knowing why you think this makes an interesting topic to debate, I'm interested in why you think this deserves to be on the front page of Slashdot, and why you are allowed to post it there.

As to your largely irrelevant post above, you yourself are arguing based on how you "feel." This is not some logically infallible argument, it's your opinion, and you need to get that through your skull. Your post is full of assumptions and estimations. I don't believe you have the expertise to fully analyze Microsoft's best decision from either a profit-motive standpoint or a security standpoint, certainly not without understanding the details of the bug first. I do believe Microsoft has employees with the expertise to determine such a thing, and I imagine they put them to use, so I'll trust they're already doing what's in their best interests. You are free to disagree, but that will only be how you "feel."

Moreover, your basic argument assumes that because another vulnerability will eventually be found, it isn't worth fixing what's known about today. This is an opinion, one I don't agree with and I don't see how you can reasonably feel this way either. If given a choice between stalling criminals at every turn, and letting them do as they please because they might eventually be able to anyway, I will always choose to stall them. Individual cases of identity theft can be far more costly than $50,000, and that's just the tip of the iceberg when it comes to security. I know you said "bug" and I said "vulnerability," but I don't imagine there's much of a black market value for any bug that can't be exploited.

Now that I've address your senseless ranting you can answer my questions, Bennett, no need to dodge.

What makes you think Slashdot, a technology news aggregate, is the place for you to plaster your obviously unpopular opinions and argue that you're right? And why is it that you get this special treatment, being allowed to post all your rants on the front page of Slashdot, while the rest of us are stuck in the comments section unless we write some popular, interesting article on our own site?

12 hours ago
top

Bug Bounties Don't Help If Bugs Never Run Out

Thruen Re:When did slashdot become a blog for Bennett? (226 comments)

Is this really your response to people who don't agree with you? It's all going to come down to a matter of opinion, even if most of us don't share yours it's impossible to say any are right or wrong. This is the problem with the BS rants you post, it's all like that, you take some stance you KNOW will be unpopular, and you try to insist that you're right, when it's an impossible thing to prove. You are trolling, you are always trolling, you know it even if you don't want to admit it. This is why every time you post something there is an increasing number of complaints in the comments below. I'll admit, Slashdot is a great place to troll because most everyone will take the bait, but you're still only trolling.

It's time for you to respond to us, Bennett. What makes you think Slashdot, a technology news aggregate, is the place for you to plaster your obviously unpopular opinions and argue that you're right? And why is it that you get this special treatment, being allowed to post all your rants on the front page of Slashdot, while the rest of us are stuck in the comments section unless we write some popular, interesting article on our own site?

If you opt not to respond, I'll take it as an admission you know you don't deserve your front page spots on Slashdot and can't justify any of it, which I suspect to be the case.

yesterday
top

Bug Bounties Don't Help If Bugs Never Run Out

Thruen Re:tldr (226 comments)

I did read far enough to realize that this person is an idiot.

So you only got to "Bennett Haselton writes:" then?

yesterday
top

Retired SCOTUS Justice Wants To 'Fix' the Second Amendment

Thruen Re:Militia, then vs now (1570 comments)

It's time to put this idea to rest. The US military forces are not going to mindlessly follow orders that consist of deploying in their home country and shooting at the people they signed up to protect. This is not some oppressive regime that's been raising propaganda-fed zombies for generations. The US military consists almost entirely of good people, there may be some bad eggs (as with any group) but we do not need to fear our military the way you seem to. The same goes for the police, the FBI, anyone you can think of. There is no scenario I can imagine that would cause my brother in law, my cousins, and my friends to assist in herding my family and theirs into railroad cars or anything else as outlandish, nor would they stand idly by while someone else does it. There would surely be some who would follow, but the rest would stop them.

2 days ago
top

Retired SCOTUS Justice Wants To 'Fix' the Second Amendment

Thruen Re:Militia, then vs now (1570 comments)

Most of the time, they don't, and generally when they do it's because they're not just trying to survive, they're trying to apprehend criminals. You can afford to let someone go if they don't intend to cause you bodily harm, they can not. And even police carry pepper spray and tasers, and they are trained to use them first in any case other than facing a suspect armed with a firearm and appearing intent on using it. Also, I didn't say you would never need a firearm, I said for anything short of killing. Officers are trained to fire only when it's necessary, when lives are on the line, they are ready to kill even if it isn't the preferred outcome. It's also worth noting that even officers make mistakes, I don't think anyone hasn't heard of at least one case of questionable use of force by an officer, if they're not 100% reliable then how can we argue the general population would be anything but worse?

2 days ago
top

Retired SCOTUS Justice Wants To 'Fix' the Second Amendment

Thruen Re:Militia, then vs now (1570 comments)

Intent is hard to prove before committing a crime, you can't read peoples' minds which is why you can't reliably determine who will only use a firearm responsibly in the future, even if you could circumstances change. You regulate the means to cause harm, because you can't regulate the desire to.

2 days ago
top

Retired SCOTUS Justice Wants To 'Fix' the Second Amendment

Thruen Re:Militia, then vs now (1570 comments)

Do you really need to ask why someone has a problem with strangers carrying automatic weapons? There are very few situations where one would need such a weapon in self defense. The question shouldn't be what's wrong with carrying an automatic weapon, the answers to that are obvious and plentiful. The question should always be, why does he need it?

And before you say I didn't answer you, here you go: he's only human. Even well trained soldiers who use their firearms on a regular basis make mistakes, it's documented, even if you rule out times where someone "snaps" and uses the weapon nobody saw a problem with them having with unjustifiable malicious intent, accidents happen that get innocent people killed. Putting those weapons in the hands of people that aren't well trained (the safety courses here in Mass where I live only serve to familiarize owners with firearms and are not adequate training for anyone who might actually need to use a one, for that you need to look further than what's required, a feeling that's quite common among local gun owners I speak with) will lead to more accidents. Beyond just accidents, every offender had a first arrest, and until then they may pass the background check just the same. Who's to say Average Joe doesn't intend to use that firearm to hold up a liquor store? You can't say it wouldn't happen because people have used guns they legally purchased in crimes, generally speaking criminals are not the brightest of folks. People are not all necessarily good, I'm not saying we're all bad or even the majority but there's no mechanism for determining if someone will do something terrible in the future, the best way to mitigate potential damage it is to regulate the tools that can be used to cause such damage. Average Joe might never use his automatic weapon, or he might use it to injure a criminal who would've harmed him, or he might use it in self defense but accidentally shoot three kids that were playing outside behind the guy trying to steal his VCR, the fact is we don't know what'll happen, some of us would rather play it safe. I don't expect everyone to agree, it really comes down to what you feel safest with. I wouldn't feel any safer with an assault rifle than I do with my dinky little .22, there aren't many people that are going to shake off a shot even from something so small.

2 days ago
top

Retired SCOTUS Justice Wants To 'Fix' the Second Amendment

Thruen Re:Militia, then vs now (1570 comments)

In other words, the second amendment was always intended to be limited, regulated by other laws? What shocking news...
As for nitpicking about using the nuke as an example, it really doesn't matter what the example is, there's plenty of options, We regulate arms, that's just how it is, and as you pointed out, how it's been since before the constitution.

2 days ago
top

Retired SCOTUS Justice Wants To 'Fix' the Second Amendment

Thruen Re:Militia, then vs now (1570 comments)

I've never seen anyone agree that the two mean different things, I'm searching now and can only find people saying there's a difference in relation to gun control, no actual definition I can find suggests there's any difference in meaning, although the view isn't uncommon. The problem is, it's still just an interpretation, and as I've said before, once you choose to interpret it with anything but the definition you're narrowing the scope based on your own assumptions. If there were some universal agreement on this, it would be different, but there isn't.

2 days ago
top

Retired SCOTUS Justice Wants To 'Fix' the Second Amendment

Thruen Re:Militia, then vs now (1570 comments)

Stating over and over that words can motivate people to bear arms does nothing to suggest arms should not be regulated, please understand that. If anything, it shows that we should regulate arms, because in any case where you're motivated by words to use a gun and not by the need to defend yourself, you should be looking at an alternative first. Hell, even in many defense cases, a gun is not necessary and you'd be fine with something far less likely to be lethal.

2 days ago
top

Retired SCOTUS Justice Wants To 'Fix' the Second Amendment

Thruen Re:Militia, then vs now (1570 comments)

Not at all, given nuclear weapons were one of the examples given in the post he's replying to. It's just following the same logic, if you say they didn't intend to limit what guns we should have you should understand how far that logic goes. Nobody really believes that, so it's important for people to realize it's not a question of whether or not we have gun control laws, it's what we want to accomplish with them. Now, if you're really hung up about the nuke, swap it with a hand grenade. If you're going to say, "That's not a gun!" then go ahead a re-read the second amendment, it's the right to bear arms, a category both the nuke and hand grenade definitely fall under. Once you debate the intent of that statement, you're not interpreting it literally, instead you're narrowing the definition and throwing the main argument against gun control out the window. Nobody really believes in a literal interpretation of the second amendment, they just say they do when it suits them.

2 days ago
top

Retired SCOTUS Justice Wants To 'Fix' the Second Amendment

Thruen Re:Militia, then vs now (1570 comments)

Are you even trying to make a serious argument? I think it's you that should find something better to do with your time, whenever people present arguments like yours (you know, the complete lack of any argument because there's no argument to make, just saying "You can't take our guns!") you do nothing but destroy the credibility of others doing a better job of making your case. Child-like stubbornness only makes me believe that much more that you should not be allowed to own a firearm.

As for disarming the United States, you obviously didn't even read the whole post if you think I feel we should all be disarmed, like I said I'm a gun owner myself, I'm just one of the responsible ones that ashamed to be grouped with you action-star wanna-be fools that think you need a machine gun to keep someone from stealing your TV.

2 days ago
top

Retired SCOTUS Justice Wants To 'Fix' the Second Amendment

Thruen Re:Militia, then vs now (1570 comments)

Please do, it continues the same old logic-fail that says words are as dangerous as guns because they can be used to convince people to use guns...

2 days ago
top

Retired SCOTUS Justice Wants To 'Fix' the Second Amendment

Thruen Re:Militia, then vs now (1570 comments)

You are reaching pretty far, and not making much sense. Zyklon B was a chemical weapon and a fine example of something that should be controlled but wouldn't if you had no limits on the right to bear arms, I think you're making my point. And even in a riot, is it not easier to kill with a gun than with your hands?

You are failing miserably at either comprehending what I said or making your own case. Nothing you've said suggests the Nazis would've been able to do as much damage without guns and (as you pointed out) chemical weapons. Nobody is saying "Nazi propaganda is A-OK," or that it's safe to incite a riot or anything else you seem to be implying. The point, which you've failed to do anything to refute, is that guns make it all that much more dangerous.

This is why the gun debate will never go anywhere, people get too emotional and illogical with it all. I pointed this out in another post but I'll say it again here:

I am a gun owner. I do not support the government taking all guns from all people, but I do support gun control, we need to stop acting like there is no middle ground.

2 days ago

Submissions

top

Insane DMCA-Violating Attorney Drinks, Drives, & Texts; Injures 2

Thruen Thruen writes  |  about 2 years ago

Thruen (753567) writes "Remember Candice Schwager? First made famous for her insane reaction to a DMCA takedown and the stories that followed, this attorney's shameful spiral down seems to have hit bottom when she seriously injured two people. Candice was allegedly intoxicated and texting when she hit the motorcycle and then fled the scene. While this may not qualify as news for nerds, the victims need help, and after the attention we gave Mrs. Schwager it's only right we do the same for her recent victims, Shannon and Victor."

Journals

Thruen has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...