×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

GoPro Project Claims Technology Is Making People Lose Empathy For Homeless

TsuruchiBrian Re:perception (311 comments)

Some people are not capable of being self sufficient and some people are. Obviously the people who are not capable of being self sufficient are going to stay in a position of need by definition. In the other camp, I have seen numerous examples of the government helping people in times of need and empowering them to become self sufficient.

I've had many friends that have lost their jobs during the financial crisis. The unemployment benefits they collected helped them survive through that time.

I know lots of people that are helped by medical and medicare. My wife works in a hospital and sees this everyday.

I have a cousin who works for the state department in a program to build schools in Afghanistan.

Also, I've never really seen anyone's government aid being contingent on worshiping anybody. I can not say the same about religious charities I've seen.

9 hours ago
top

GoPro Project Claims Technology Is Making People Lose Empathy For Homeless

TsuruchiBrian Re:perception (311 comments)

Ok, I'm convinced. We should go back to anarchy.

9 hours ago
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

TsuruchiBrian Re:we don't know what happened AT ALL (569 comments)

It's not just a bug, it's this bug. Clearly a bug this severe is a much more shocking revelation than say an issue with toolbar location persistence in libre office.

There are bits of software where bugs tend to be more likely to have security implications. Things like the kernel, encryption libraries, etc. It is still not shocking that these bits of software contain bugs.

And it has dubious value given that this bug was committed, reviewed and accepted then extremely widely circulated despite many eyes being on it

Having the software be widely circulated is *how* there are many eyes on it. If hardly anyone used this software then far fewer people would be looking at it, and this bug would likely never have been caught.

It's not about having heaps of people look at it, it's about having a few people with the right knowledge and understanding of the system looking at it.

That's like how winning the lottery is not about buying lots of tickets, it's about picking the right numbers on a single ticket.

So what's the argument? That you have many eyes on it so this is less likely to happen than...what? Closed source software? Lower profile Open Source software?

My argument is that the more eyes you have on the software, the more bugs you find and at a fester rate. One way to increase the eyes is to have software be open source, another is to have it be higher profile, another is to pay thousands of programmers to look at at. My point is that open source can only help the situation and often does. It makes your software more accessible to more eyes, and typically increases it's profile, and none of this precludes other people from being paid to hunt down bugs.

This is why it has dubious value, yes you might happen to fluke it but you're just as likely to have many eyes that completely miss it.

Even if you are just as likely to miss the bug as find it, you've increased your odds of finding a bug due to the source code's openness from 0% to 50%.

Touting it as an advantage (even if it is in some circumstances) does it a disservice because you end up with people trusting that "it's open source so many other people are looking at it"

Whats the alternative? Not using software? Using it while being very nervous? You should already be assuming that bugs pose a constant risk to computer security.

The advantage is the ability to find and fix issues yourself, not that many other people may or may not be doing it for you.

So if I find and fix the issue myself, you have just had the issue fixed for you. If you find and fix an issue yourself, then I have had the issue fixed for me. We all benefit from bugs found and fixed by other people.

Do you ever notice how software versions keep incrementing? That's because people are adding new features and fixing bugs. The fact that you aren't helping doesn't mean other people aren't.

yesterday
top

Survey: 56 Percent of US Developers Expect To Become Millionaires

TsuruchiBrian Re:I will be a millionaire. (446 comments)

If you had read what I said, you would have noticed that I did not mention anything about interest rates staying low. The only economic factor I actually cited was inflation.

I never said my house was going to appreciate in value. I said it would be worth at least $1 million US dollars in 27 years.

Furthermore, I wasn't saying that my house is *the reason* I will be a millionaire. This was just a reference point. I would be a millionaire just from putting my paychecks into a bank account with no interest. Buying the house has helped a bit because I bought near the recent bottom (a year early actually) and have a pretty low interest rate locked in, but that's just a bonus.

A lot of my colleagues got raped when the housing bubble burst. They will also still probably become millionaires, it will just take them a little longer due to bad luck.

The only thing that could prevent me from being a millionaire is a catastrophic event (e.g. death, illness) or if somehow the dollar is prevented from depreciating in value.

yesterday
top

GoPro Project Claims Technology Is Making People Lose Empathy For Homeless

TsuruchiBrian Re:perception (311 comments)

I think the government is certainly in the best position to help the poor.

yesterday
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

TsuruchiBrian Re:Why is Raymond's claim theoretically sound? (569 comments)

The problem isn't even with C. Sometimes it's nice to be able to shoot between your toes. We use C++ at my company but we only use frameworks and data structures that do proper bounds checking (e.g. Qt). We don't really ever do raw memcpy. We use QByteArray methods. This doesn't mean memcpy is bad. QbyteArray is surely using memcpy or something exactly like it under the hood.

I personally like the versatility of C++. You can do memcpy if you really need the speed for some reason, or you can build something safer on top of memcpy and use that.

yesterday
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

TsuruchiBrian Re:we don't know what happened AT ALL (569 comments)

I didn't say anyone did, in fact such a thing is demonstrably false so I'm not quite sure what you say that.

I don't understand how else it could be shocking to find a bug in a piece of software unless it didn't contain any bugs.

No but when a bug this severe is discovered in something so widely deployed it certainly does damage the "many eyes" claim, it has about as many eyes on it as any open source program is likely to get so clearly that isn't the answer.

It's not as if "severe" bugs are easier to find. Why does it damage the many eyes claim? It had many eyes on it, and it eventually got found by a few of those many eyes. Nothing is *the* answer. Open source is one of many ways to *improve* the quality of code.

Having "many eyes" doesn't necessarily diminish the quality, but obviously it doesn't necessarily improve it either so saying it's better because it has "many eyes" looking over it is disingenuous at best.

I think it quite clearly does improve the quality. Even if 1 bug was found by someone looking through open source code this is an improvement over not finding this bug. The question is how much is the code improved by it being open source.

Better doesn't mean good. Better means better.

Spell checking your English paper makes it better if you find even one spelling mistake, it doesn't make it good.

yesterday
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

TsuruchiBrian Re:we don't know what happened AT ALL (569 comments)

The whole point of wanting to have many eyes on open source code is *because* there are bugs in it, and every software.

I am not aware of any claims made by anyone remotely reputable that open source software doesn't contain bugs.

Even if the claim is that open source software contains fewer bugs, finding one bug does not disprove that sort of claim.

yesterday
top

Survey: 56 Percent of US Developers Expect To Become Millionaires

TsuruchiBrian Re:Definition of Millionaire doesn't include your (446 comments)

I really don't even hear people use the term millionaire anymore. Plus I could just sell my home and I would have $1 million not including my home. Do I really need a million dollar home AND a $1 million in a bank account for this weird new age definition? Why not just require $2 million net worth? Or better yet how about a relative term like "the 1%". I assume that the richest 1% of people will always be considered rich.

yesterday
top

Survey: 56 Percent of US Developers Expect To Become Millionaires

TsuruchiBrian Re:I will be a millionaire. (446 comments)

Well if you say you used "mathematics", it must be true....
/s

yesterday
top

Retired SCOTUS Justice Wants To 'Fix' the Second Amendment

TsuruchiBrian Re:Militia, then vs now (1448 comments)

If you don't think people should have the right to bear arms, then at least have the balls to advocate repealing the 2nd amendment, rather than just reowrding it to make it useless. The last thing we need is do nothing laws creating more opportunities for our nations wealth to be wasted on lawyers.

I personally think the 2nd amendment should be changed, *because* it's clear to me that the 2nd amendment refers to the individuals right to own weapons. I think we should have laws that control ownership of weapons, but I don't see how this is constitutional.

I feel like democrats and republicans can agree that we shouldn't allow anybody to have a nuclear weapon.

Once changing the 2nd amendment is on the table, all this BS about miltias is irrelevant. We don't need a constitutional amendment protecting the right of states to arm their own national guard, or to protect the right of national guard members to own guns. Obviously the national guard is going to have guns. If all the government needs to do to seize their gun is discharge them from the national guard, military, or fire them from being a police officer, etc, then there is no right to bear arms.

This would be the equivalent of changing the first amendment to protect the freedom of speech that was approved by the government. If you were going to do that, you may as well just remove it.

yesterday
top

Survey: 56 Percent of US Developers Expect To Become Millionaires

TsuruchiBrian Re:Holy shit (446 comments)

Having +$10,000 while in school (i.e. rather than debt) is actually pretty good.

yesterday
top

Survey: 56 Percent of US Developers Expect To Become Millionaires

TsuruchiBrian Re:I will be a millionaire. (446 comments)

Yeah that makes a lot of sense. Lend someone hundreds of thousands of dollars for the golden opportunity of making a whopping $100. Good luck convincing anybody, much less banks, to go along with this.

But that's the kind of logic I expect from someone who thinks gay marriage and legal sex between adults and children (i.e. what NAMBLA wants) are comparable.

yesterday
top

Survey: 56 Percent of US Developers Expect To Become Millionaires

TsuruchiBrian Re:Holy shit (446 comments)

From wikipedia:

A millionaire (originally and sometimes still millionnaire) is an individual whose net worth or wealth is equal to or exceeds one million units of currency.

yesterday
top

Survey: 56 Percent of US Developers Expect To Become Millionaires

TsuruchiBrian I will be a millionaire. (446 comments)

I am a software developer with 9+ years experience. I bought a house at the end of 2011 for $570K and zillow says it's worth $695K now. In 27 years, I think it's pretty likely I will be a millionaire due to inflation and paying off my house.

yesterday
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

TsuruchiBrian Re:Why is Raymond's claim theoretically sound? (569 comments)

And a million monkeys will eventually type out the complete works of Shakespeare

If you had enough monkeys (or more suitably random typers), enough time, and enough energy, you would eventually get the complete works of Shakespeare.

As Dan Dennett said about philosopher's syndrome:

mistaking a failure of imagination for an insight into necessity.

Open source is no more (or less) perfect that closed source at a fundamental level. Bugs are introduced in both. The difference is that once found, open source has more eyes looking to try to fix it.

If that was the only benefit, then open source would be pretty useless. Once you find a bug, fixing it is usually pretty trivial. Heartbleed for example was just a simple buffer overflow and pretty much everyone came up with the same immediate solution.

yesterday
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

TsuruchiBrian Re:Access to lib source does not require FOSS ... (569 comments)

OK fine. It would not be possible if you did not have access to the source code. It is true that you can buy access to the source from some closed source software. But the fact that you are choosing software based on whether you are able to access the source code, I would argue is a point in favor of open source software rather than closed source proprietary software (the vast majority of which you can not buy source code access).

yesterday
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

TsuruchiBrian Re:Pedantic Man to the rescue! (569 comments)

My point is that we cannot say something is (or has been) compromised unless we have concrete evidence of the compromise in hand. We can't just say, in the abstract, "everything's compromised" simply on the basis of the assumption that all software is fatally flawed.

I certainly don't think so either, but I don't use the definition of "compromised" that almitydave suggested.

2 days ago
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

TsuruchiBrian Re:Even a bestselling novel can have a typo (569 comments)

Even if you didn't know anything about the architecture of openssl, you'd probably be able to spot heartbleed if you knew a about buffer overflow bugs. Even if you didn't know about buffer overflow bugs, a static code analysis tool would have probably caught this bug as buffer overflows are very fairly easily caught in this way.

2 days ago
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

TsuruchiBrian Re:Original premise is false (569 comments)

7 billion * 0.001% = 70,000. There I just did it.

2 days ago

Submissions

TsuruchiBrian hasn't submitted any stories.

Journals

TsuruchiBrian has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...