×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Retired SCOTUS Justice Wants To 'Fix' the Second Amendment

dnavid Re:Militia, then vs now (1608 comments)

I'm sorry, but with a concluding sentence that literally insults the intelligence of those opposed while claiming to take the high road, an argument such as yours earns little but eye-rolling.

I don't see how it does that at all. So much of the argument, beyond advocacy, surrounding the Second Amendment revolves around whether its starting phrase "A well regulated militia being necessary to the security of a free state" should be interpreted to be preamble (in other words, not really part of the amendment's statement) or context (intended to specify intent), not to mention other semantic arguments about the meaning of the sentence.

Plus, I'm not even sure what you mean by "those opposed." Those opposed to the Second Amendment? Those opposed to altering the wording of the Second Amendment? I personally know of no one, pro-gun ownership rights or pro-gun control advocate, who believes the Second Amendment is phrased well or couldn't be phrased better. Even if you are in favor of expansive Constitutionally protected gun ownership rights, clarifying that in the actual text of the Bill of RIghts would certainly be a better outcome than a judicial interpretation of the current wording. Remember: that judicial interpretation has changed over time, and can easily change in the future precisely because the wording is sufficiently ambiguous. If you only rely on Supreme Court decisions to enforce your opinion of the meaning of the text, history shows its not just possible but very likely the day will come when that interpretation reverts to its nineteenth and early twentieth century version.

Any move to amend the text of the second amendment would open the door to a dialog on what those rights should actually be, and what the best way to articulate them is. Justice Stevens suggests one option consistent with *most* of the history of judicial review. Its not an absurd place to start. But it doesn't have to end there: it wouldn't, without approval by at least 38 of 50 states (the minimum necessary to ratify a constitutional amendment).

In either event, I stand by my statement that in my opinion the proper interpretation of the Second Amendment should use the same methodology that has been historically and even recently used to interpret the rights articulated by the First Amendment, and much of the legal debate surrounding the Second Amendment revolves around what it actually says which people can't even seem to agree on. I don't see how that's insulting to anyone's intelligence, particularly the latter because its an objective fact that people cannot agree on what the text means. That makes it almost impossible to discuss the issue of firearm ownership rights when there's no consensus agreement on what rights are actually granted by the US Constitution. Even Supreme Court Justices cannot consistently agree on what the text of the Second Amendment means, which means they are generating rulings based, in essence, on differing versions of the Constitution itself. That's not a good place to be by any measure.

about a week ago
top

Retired SCOTUS Justice Wants To 'Fix' the Second Amendment

dnavid Re:Militia, then vs now (1608 comments)

It's not a "re-examination". It's a butchering.

Justice Stevens points out in his article that his current interpretation of the meaning of the Second Amendment explicitly comports with how its meaning was interpreted by the courts for about two hundred years after the Constitution was drafted, and wasn't significantly challenged until very recently in history. If you believe Stevens is "butchering" the meaning of the Second Amendment, what you're saying is that basically everyone from the founding fathers until about 1975 butchered its meaning from the moment it was drafted. That's not a reasonable assertion.

Stevens also argues, in my opinion correctly, that the legal context of the Second Amendment is so different from when it was drafted that it bears reexamination but isn't because of its political nature. Even the First Amendment to the Constitution has been reexamined more than the Second in modern history. In particular, Stevens points out that when the Constitution and the Bill of Rights were drafted, the legal context at the time was that the Constitution primarily governed the legal limits of the Federal government except where it explicitly says otherwise. As a result, when it was first written the Second Amendment was construed to presume that it limited the right of the Federal government to control gun ownership but not States rights to regulate firearms because that's how most Constitutional provisions were interpreted. Today, there's a different legal interpretation that suggests its the responsibility of the Federal government to *protect* gun ownership rights rather than limit restrictions upon them.

In my opinion, the common opinion that the Second Amendment to the Constitution was intended to explicitly protect individual firearm ownership is comparable to the belief by many that the First Amendment to the Constitution guarantees the right of free expression. It does not: it prohibits the government from restricting expression without an overriding state interest. I think the Second Amendment should be interpreted in the same way as the First, but because the Second is worded more clumsily than the First, it allows semantic arguments to block any attempts to discuss the issue intelligently.

about a week ago
top

How 'DevOps' Is Killing the Developer

dnavid Re:Oh please... (225 comments)

The problem that others are having with DevOps is that they seem to be defining it differently than you are. What you wrote makes sense but the scenarios people are complaining about don't sound at all like your definition.

That's part of the problem, yes. DevOps started off with reasonably laudable goals: to promote a methodology whereby development teams and operational teams were tightly integrated in a way that made operational and deployment issues part of the development process: development would be driven by the need to deploy useful functionality, not just create it. That way, you didn't have a discontinuity where things were programmed, then someone would have to figure out how to actually deliver that bunch of code.

The problem which the author of the article references is that this often gets perverted from the original laudable idea of teams of developers and operations people working together, to requiring every single DevOps person being equally qualified to do everything, and then from there pushed even further to many companies creating DevOps positions where those DevOps people are literally doing everything, and not just knowledgeable at those things.

There is no question that a programmer that understands SQL or database architecture or storage systems or high performance networking or internetworking or virtual hypervisors is a more valuable programmer. They can use that knowledge to guide their development, write better code, and communicate better with the actual DBAs and network engineers and sysops and hypervisor admins. But when management types start to think that the best way to do things is to hire DevOps qualified people to just randomly do everything without any focus or specialization, that's when the myth of DevOps overtakes the reality of DevOps and begins to create real problems.

I don't honestly know to what degree that is pervasive in the industry: I haven't seen too many examples of it myself outside of certain high profile ones (the author mentions Facebook). If it is trending upward, I think its a bad trend. But to the extent that I see companies use DevOps correctly, as the glue-people to interconnect individual development, operational/deployment, and quality assurance teams, I think its a positive. But I agree with the article author that actually *replacing* developers, QA people, and operational people with DevOps people universally would be a Bad Thing. I just don't know if its actually really happening

about a week ago
top

The New 'One Microsoft' Is Finally Poised For the Future

dnavid Re:A possum playing possum (270 comments)

Then why are they really trying to block other smartphones from being sold? What you mention is only part of the puzzle. They don't want to make phones everyone wants, but they want to be the only ones people can buy at the same time. They're not mutually exclusive things.

Everyone tries to damage their competitors in some way. But I'm not sure why this is something that actually has to be pointed out, repeatedly. To demonstrate wanting to become the only or even the dominant market share smart phone supplier it is mandatory to actually be willing to sell products in that entire space . Coke would probably be more than happy to own the entire soft drink industry and they actually make actual products that address the majority of that space. But until Taco Bell opens a steak house, attempting to convince me Yum foods wants to own the entire food service industry is futile.

If you believe suing a competitor is sufficient to prove a desire to construct a market monopoly, you're entitled to that opinion. Since it isn't, I'm unlikely to find it persuasive.

about a week ago
top

The New 'One Microsoft' Is Finally Poised For the Future

dnavid Re:A possum playing possum (270 comments)

No matter how powerful Apple becomes, they have not shown an interest in parlaying that power into becoming a market monopolizer.

I think their lawsuits show that this is not the case.

In what way? Does everyone that sues anyone over patent infringement demonstrate a willingness to completely take over the space? Even if Apple won every single lawsuit it filed, it makes phones too expensive for many people to own, and Apple has no intention of making a product to fill that large space. *Someone* would have it, and Apple has proven that even when people think they want it or even that they *must try* to get it, they don't. cf: iPhone 5c. All the stories about how Apple wanted to make a low cost iPhone, and all the stories that said Apple *had to* make a low cost iPhone or its future was in jeopardy, and Apple chose to continue their boutique strategy of making the most expensive "low-end" smartphone in history.

Whatever your feeling about patent lawsuits, they do not come close to demonstrating the thesis that Apple even wants most of the smartphone market, much less is willing to make a phone a large percentage of that market is capable of owning. That's not true for Microsoft, where Microsoft forced almost everyone to buy Windows whether they wanted to or not, by co-opting the major PC manufacturers. I don't think Apple even *wants* OSX running on non-Apple hardware.

So no, I don't think Apple lawsuits come anywhere near demonstrating they are willing to take the steps necessary to gain the kind of market control of a platform the way Microsoft once did. It isn't even in the same zip code, much less nearby

about two weeks ago
top

The New 'One Microsoft' Is Finally Poised For the Future

dnavid Re:A possum playing possum (270 comments)

This would happen to any group that gains market control. IBM, Microsoft, Apple...

Maybe, but not all companies are actually trying to gain monopolistic control of a major chunk of the computing market like Microsoft has always tried to do and has actually had in the past. Apple, for example, would love to own everything everywhere, but they clearly have not even the desire to do what would be necessary to gain the same control over the PC space as Microsoft once had, and has shown no willingness to compete head-on with Android for the entire smartphone space. Apple wants to make a ton of money being a boutique supplier of consumer computing for the most part. No matter how powerful Apple becomes, they have not shown an interest in parlaying that power into becoming a market monopolizer.

But Microsoft has that desire *and* willingness written in their DNA. And its unclear to me if they have really changed that overall stance, or are just making concessions in the spaces they know they've permanently lost the ability to gain that market control and are trying to refocus on regaining it elsewhere, such as in Azure and their other cloud endeavors where its still up for grabs. The article says Microsoft recognizes that consumers "hate ecosystems" yet most of their efforts have been to try to replicate the ecosystems that Apple and Google/Android have created. Their unified kernel work has only re-solidified their long-time "Windows everywhere" strategy which hurt them over the last fifteen years.

Microsoft's history compels people to be skeptical of any public appearance of compromise or capitulation to outside forces. Apple has no glory-days of market dominance to reminisce about and strive to recapture. Few people left alive can remember when that was true for IBM. But for Microsoft that happened during the watch of its current chief technology advisor and continued under its previous chairman. The bad old days of Microsoft were almost literally yesterday. Microsoft is going to have to do a lot more for a lot longer before it convinces even its moderate skeptics its a changed company.

Quite recently a Microsoft engineer did an interview where he stated that the reason why Windows 8 took the Win7 start bar and other conventions away was NOT because the Win8 interface was objectively better - which was Microsoft's previous story - but because they wanted to compel its customers to learn to use it to break the cycle of dependence people had for Win7, and the intention was ALWAYS to add those features back. It says more about Microsoft that they believed anyone would believe that, than it says about what Microsoft's actual internal strategy was.

The day Microsoft says, about any significant decision they've made, that they made a choice that was best for their strategic vision and that decision was wrong because it turned out to be not in the best interests of their customers and they are reversing it in the interests of their customers, then I might start to soften up on Microsoft. Other companies have done that: Intel eventually admitted they were wrong to downplay the Pentium round off bug and offered customers a no-questions asked return option. Tim Cook actually suggested to Apple customers in his formal apology for the poor performance of Maps that they could use competitors in place of Maps until Maps' issues were addressed, which for Apple is the equivalent of falling on your sword onto another sword. Microsoft never really apologizes for anything: not even when Vista being a disaster was a foregone conclusion did they ever admit they did anything wrong. The closest to that we ever got was after Balmer retired, when he admitted that Vista was one of his biggest mistakes, and even then he seemed more regretful about the Microsoft resources developing Vista tied up than the impact on customers. They still won't admit removing the Win7 interface was a mistake, even though it was obviously a huge mistake.

about two weeks ago
top

Theo De Raadt's Small Rant On OpenSSL

dnavid Re:not developed by a responsible team? (301 comments)

This bug would have been utterly trivial to detect when introduced had the OpenSSL developers bothered testing with a normal malloc (not even a security

This is simply not true, stop spinning it.

Even if OpenSSL is using system's malloc, with all its mitigation features, the bug still works. The attacker just has to be more careful, lest he should read freed() and unmapped memory, and so cause a crash and (supposedly) leave some kind of meaningful trail.

The bug would have been easily detected had proper testing been done with the LIFO allocator turned off, because in the absence of OpenSSL's own allocator a normal malloc would have been releasing and reusing memory rather than preserving their data in a stack structure, almost guaranteeing that OpenSSL connections would be at least occasionally crashing out. That would have alerted the developers to the fact that sometimes a freed block pointer is reused after freeing, which would have compelled them to fix that error. You can reuse that freed pointer in OpenSSLs allocator because even when "freed" that memory is not available to be reused by anything else, so its data contents continue to be preserved.

about two weeks ago
top

Mozilla CEO Firestorm Likely Violated California Law

dnavid Re:The Re-Hate Campaign (1116 comments)

> However, I do not, nor do I think most people, support everyone's *legal* rights.

Are you sure most people support let's polyamoric marriages? I wouldn't be so sure and all these marriages would do is to remove yet another arbitrary constraint, this time not on sex of people involved but on a number.

That's an interesting way to put it. All these marriages would do is form the basis of a slippery slope. Because its not as if they have any overriding beneficial purpose, like, say, allowing couples to get married.

Either way, by harassing people like Eich who always kept a strict separation between private and proffesional life, perpetually offended busybodies legitimize the opposite, like hounding gay rights supporters in backwards places. Long story short, if your stance on how to conduct business between 2 sides of the issue doesn't survive multiplying by -1, it fucking sucks and is hypocritical. Half the progressive state of California VOTED for it, ffs.

And it's not like you will change people's minds when your politically correct zeal pushes them underground. They feel wronged and the persecution only fossilizes their worldview.

There's no hypocrisy here. Eich spent money to support the cause of blocking a group from exercising their civil rights. A different group of people exercised their right to free speech to object to his running a company whose corporate mission statement is at odds with that act. The notion that one of those acts is more fair than the other is what makes you think there's hypocrisy involved. However, both are legitimate advocacy positions to take.

I'm not terribly ashamed to admit I'm not unhappy about who ultimately won and who ultimately lost. As I said, this is not a logical puzzle, these are real people's lives at issue, and I'm not going to hide behind a fabricated sense of fair play. I value expression of ideas. I do not have an obligation to support all actions that are a consequence of belief. If you believe someone is wrong, that's your prerogative. If you act against them in support of that belief, then you force people to take sides. I picked a side.

about two weeks ago
top

Mozilla CEO Firestorm Likely Violated California Law

dnavid Re:The Re-Hate Campaign (1116 comments)

How did he attempt to limit the rights of others? Oh, right - by exercising his rights.

That's completely uninteresting semantic bullshit. Was he legally within his rights to donate to that particular cause? Yes. However, I do not, nor do I think most people, support everyone's *legal* rights. There was a time it was legal to own slaves. There are lots of legal rights I don't support. I support people's right to free expression, but just because the legal system defines free expression to include donating money to people who's sole goal is suppressing the civil rights of other people, doesn't mean I support anyone who chooses to exercise their legal rights in that fashion. This is not a Raymond Smullyan puzzle, this is the real world with real problems that have real consequences. Given the pragmatic choice of supporting someone who chooses to exercise a legal option to support activists trying to prevent other people from having the same civil rights as everyone else, or support people who choose to exercise their legal option to protest such an individual, I choose to support those to have no tolerance for intolerance. I don't find that to be a logical contradiction, and I don't particularly care if anyone does.

about two weeks ago
top

U.S. Court: Chinese Search Engine's Censorship Is 'Free Speech'

dnavid Re:Slippery Slope.. or is it? (284 comments)

Also, the text of the 1st amendment starts "Congress shall make no law". Nothing in there applies to private entity. The first amendment has *nothing* to do with this case.

Correct. There is no right to free expression guaranteed in the US Constitution, despite the many people who seem to think its penciled in there somewhere. The right explicitly guaranteed in the US Constitution is the right to expression that is free from government interference. The Constitution bars the government from restricting expression unless it has an overriding state interest to do so (i.e. the canonical yelling Fire in a crowded theater). But the Constitution does not allow the government to compel a private person or institution to regulate its speech in general; in fact that is precisely what the First Amendment bars the government from doing. Absent an overriding state interest to do so, the government cannot force Baidu to provide a specific kind of speech, or prevent them from eliminating certain kinds of speech from its output.

about three weeks ago
top

Is Weev Still In Jail Because the Government Doesn't Understand What Hacking Is?

dnavid Re: No. (246 comments)

Any public URL that is unencrypted is not a secret. Snooping on plaintext is not snooping at all. And he had no legal requirement to notify AT&T first. Besides, even if he had, they don't care about security until it goes viral. I notified them of a information leak on their iOS translation app that allowed other apps access to your translations and location data. Not only were they unable to figure out who was responsible for the app, they ultimately told me to call Apple. I tried the support for the app as well as customer service. I email their PR rep too. Zero response.

I'm really uncomfortable with that logic. First of all saying that if all it takes is typing in a URL, then of course its public belies a level of ignorance just as high as the government in this case. "Just a URL" in the modern internet could be anything. SQL-injection is programmatic hijacking of a database server, but it often requires "just a URL." Buffer overflow attacks require just a URL, many apache worms required just a URL to propagate because of the way URL content can be processed. Just a URL is like saying all programs are just notepad documents. It cannot be the case that "if I can get there, then I get to take whatever I want" is the rule of the internet. I read in another article the analogy that AT&T basically put the material on a library bookshelf for anyone to read. That's not a good analogy: a better analogy is weev went to a public library, found that someone forgot to lock the door to the reserve stacks, and decided to go there and take a bunch of books home with him just because he could.

That is not the person I want to be the flag-bearer for my sense of fairness.

Second, giving anyone who points out a failing in others a free pass to point it out by any means is also something I'm really uncomfortable with. If its okay when done to big companies like AT&T and Apple, then its just as okay to do to smaller organizations like your neighborhood grocery store, or your house.

about a month ago
top

Survey Finds Nearly 50% In US Believe In Medical Conspiracy Theories

dnavid Re:Jenny McCarthy (395 comments)

Or cynicism. Just because a lot of crackpots believe something, that is no guarantee that it is not true. There was a conspiracy theory, dismissed by most rational people, that the government was monitoring our email and phone calls. Then it turned out to be true.

Since there's a million conspiracy theories, some will end up being at least partially true by random chance. Even here its hard to give credit to the conspiracy nuts, because very few of them believed the government monitoring was specifically of the character revealed by the Snowden leaks.

I'm pretty sure if you try hard enough, you can find a Nostradamus quatrain that predicts the NSA monitoring. That doesn't add credibility to Nostradamus, it just means when that many monkeys bang on keyboards, eventually some of it will start to rhyme.

No amount of conspiracy nuts believing in something makes it true, and no amount makes it false. If they were always exactly wrong, we could use them as bizarro truth meters. What they are is nuts, and contain as much useful information as atmospheric noise.

about a month ago
top

Author Says It's Time To Stop Glorifying Hackers

dnavid Re:You keep using that word (479 comments)

> The difference between "idiot" and "at fault" is huge.

It depends on the environment. In some environments, you will be punished for leaving your valuables unsecured. It is considered bad policy to tolerate idiots that invite thieves.

The meat space equivalent of what this idiot journalist does is illegal in some jurisdictions.

But that would make the person who stole the information no less culpable. Criminals are criminals no matter how easy their victims were to exploit.

On the subject of the author having no credibility because of her insecure practices, she certainly has no credibility as a security expert, but the article isn't a security primer. Its an advocacy piece from the perspective of being a victim of a computer crime, which requires no competency in security. I think her points are valid. In spite of a few high-profile prosecutions, the tech community at large tends to over-romanticize criminal activity in certain areas, and I think that encourages others to participate and perform those kinds of activities. I think there's a vicarious thrill we get when computer criminals demonstrate what we tend to believe: that most computer users are idiots, that most IT departments are inept, that security isn't taken seriously enough, that computer skills tend to be underappreciated, and news organizations are completely oblivious.

It gives all hackers and IT professionals in general a bad name, its just that most of us don't care.

about a month and a half ago
top

Author Says It's Time To Stop Glorifying Hackers

dnavid Re:Also time to stop (479 comments)

glorifying actors, sports figures, politicians, generals, soldiers, writers, artists, architects, Canadians, cooks, race car drivers, the old, children, dogs, accountants, spies, computer programmers, cowboys, drug smugglers, and the disabled.

I don't mind glorifying actors and dogs. The problem isn't glorifying hackers, the problem is giving criminals a pass when they are using hacking techniques. In much the same way we shouldn't give actors and other famous people a pass when they commit crimes, a someone who uses a computer to steal information from other people or cause them harm is a criminal and should be treated as such.

There should be recognition of proportionality. Someone who pokes around on Facebook or Instagram and finds a major security hole, reports it to the companies, and takes no action for personal gain or which harms their uses should be treated far differently from someone who steals user information and blames the target for having insufficient security measures. That's like shooting someone and blaming them for being insufficiently bullet proof.

about a month and a half ago
top

Firefox OS Will Become the Mobile OS To Beat

dnavid Re:Firefox OS Will Become the Mobile OS To Beat (205 comments)

Firefox OS Will Become the Mobile OS To Beat

Flamebait and hopelessly wrong.

I wouldn't go that far. Its entirely possible that Firefox OS could become a major player in the market segment the article indicates. The problem is that saying "...will become the Mobile OS to Beat" implies the major players like Android, iOS, and Windows even want to win that game in the first place. Absolutely there are lots of people who cannot afford the top of the line smartphones out there, and it would be nice if someone serviced their needs, but the problem is time. In time, technology will improve and costs will continue to drop relative to computing power. Its very dangerous to target a market Moore's Law is scheduled to destroy.

For Firefox OS to be the mobile OS "to beat" requires a lot of things to happen that aren't trivial exercises. First, Firefox OS has to become the dominant player in the low end market. Second, it has to achieve a level of brand loyalty comparable to iOS and significantly higher than Android itself (Android users are typically more loyal to their smartphone manufacturer than the operating system itself in my experience). It then has to be able to parlay that brand loyalty into a way to maintain their hold on those users as the smartphone industry advances to the point where the $20 phone of tomorrow is the $600 phone of today. And it must do this in a way that doesn't give the major players an easy way to encompass Firefox's feature set: if FirefoxOS's major innovations are based on open standards and HTML5 applications, anything it can do today Android and iOS could easily do tomorrow if they wanted to.

So much has to go right besides "sell a lot of low end feature phones" that to me it would be like predicting that the company that supplies most of the paper to print air travel tickets in kiosks was a threat to take over the entire travel industry in a decade.

about a month and a half ago
top

Can Science Ever Be "Settled?"

dnavid Re:i interpret it to mean (497 comments)

all attempts to disprove it have failed and until evidence can be presented to disprove or bring the results into question it is settled

I take the more nuanced stance that a scientific matter is "settled" when all reasonable avenues of refutation have been performed and failed, and when sufficient independent avenues of confirmation have been achieved where "sufficient" is judged relative to the complexity and the range of the scientific theory. in other words, its not enough that it hasn't been disproved, but that sufficient attempts to do so have failed. General Relativity, for example, has obviously never been refuted, but I wouldn't consider it to have been a reasonably settled matter until relatively recently. Fifty or a hundred years ago, the tools and observational power didn't exist to make enough of an attempt to disprove it.

Newtonian gravitation is settled in the sense that in the areas we deem it to make valid predictions all the different ways it can be confirmed have netted confirmation and all reasonable avenues of refutation within its ability to make predictions have failed. Where Newtonian gravity fails are the areas that are described by special and general relativity and those theories place limits upon the range of behavior we accept Newtonian gravity will generate reasonably correct results.

I also make a distinction between scientific statements and scientific theories being settled. Its often the case that there's an intermediate step between "observation" and "theory" when a point of scientific fact cannot be determined by simple observation. For example, whether the universe is expanding is more a statement of reality than a scientific theory. However its not a fact that is directly easy to observe. Often Science has to combine large numbers of observations and analysis to determine whether a statement of fact is true or false. I believe the statement that the universe is expanding is considered settled due to the large number of independent confirming observations and a lack of any other reasonable explanation for those observations. *Why* the universe is expanding and the mechanisms for that expansion is more the realm of scientific theory. Cosmological expansion and inflation are the theories used to explain observed expansion and I think those theories are not completely settled. Its more precise to say they are "settled for now" insofar as if they are false, we currently don't have the tools to refute them.

about a month and a half ago
top

Oregon Withholding $25.6M From Oracle Over Health Website Woes

dnavid Re:Good if they succeed. (132 comments)

Totally agree, but I should note that it happens the exact same thing in the private sector. Ive seen salesmen threatening customers to with dropping support for, say, the ERP, if they did not push a competitor out in an altogether unrelated section of the business like hardware, OS or even collaboration tools.

Indeed. The problem is the power lies generally with those with the technical expertise, and those people overwhelmingly end up with vendors and not customers. Of course, if they had a sense of professional ethics, that would also act to solve the problem. I'm not hopeful.

about a month and a half ago
top

Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees?

dnavid Re:Yes they did. (572 comments)

1. Generic porn sites tend to also have a far higher frequency of adware and malware content than normal.

Then they should also block relegious sites because they seem to contain more malware

Perhaps they should. However, in general in the real world people make these decisions based on a combination of all the relevant factors, and the act of blocking all religious sites has other potential issues besides malware filtering.

about a month and a half ago
top

Mozilla Is Investigating Why Dell Is Charging To Install Firefox

dnavid Re:Is that legal in the UK? (306 comments)

Oops, just reread. Yeah, they can charge for the service of installing Firefox - they're not selling the browser, they're selling the effort to install it.

Dell is skating on thin ice, because they aren't installing Firefox. They themselves admit that "the fee would cover the time and labour involved for factory personnel to load a different image than is provided on the system’s standard configuration." In effect, Dell is charging customers to have their PC loaded with image A rather than image B, and that seems much more like "software distribution" than "installation." If a dude was actually sitting in a factory installing Firefox on that machine, Dell could legitimately charge for that service. But that's not what's happening.

In fact, its common practice for bundled software to be loaded in a pre-installation state, so that the software actually installs and is configured when the user first logs in. If that's the case, then the actual act of installation occurs when the customer first powers the system on. Dell would only be copying the software binaries onto the PC as part of the factory build. And if that's the case here, Dell isn't "installing Firefox" by any reasonable definition of the words.

about a month and a half ago
top

Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees?

dnavid Re:Yes they did. (572 comments)

It's legal because the computer isn't the employee's. The company owns the computer sending the transmission, the copper from the computer to the inspection hardware, pays for Internet access, and writes policies that computer and Internet usage is for work-related purposes only and all usage is subject to security measures including traffic inspection.

Careful: the first part of that statement is false in the US its only the last part that I've highlighted that makes it legal. The US has wiretapping laws that prevent unauthorized tapping of communications. Nothing in the law refers to ownership: otherwise the phone company could listen to anyone's phone calls whenever they wanted to because they own all the gear. Even in the workplace, when you use the company computer and the company network, there are still protections in place for private communications and businesses can be sued for violating those rights. There are exceptions, and it would be wise for IT professionals to know what they are. For example, there is an explicit exemption for business-related email. However, there isn't the same clear-cut exception for private email. There is an exemption for traffic intercept that is necessary to provide fundamental services, which is why corporate firewalls aren't violating the law every time they inspect a packet. However, if I, a network admin, Wireshark a bunch of packets to troubleshoot a network issue and happen to capture some employee's private chat traffic, so long as I don't deliberately read it more than necessary I'm in the clear. If the boss of the company takes those traces off my computer and uses them to read everyone's chat logs, he could be in violation of the law if he has no specific need to do that as a fundamental part of keeping the network functional. The fact that he's "the boss" means exactly jack-squat.

The big exception is party-consent. If an employee is required as a part of their job to read and sign an AUP, and that AUP states that the employee must consent to monitoring when corporate assets are used, if the employee consents to that then the law prohibiting wiretapping their traffic would no longer apply. Which is why you should never monitor employees network traffic in secret. You're safer video taping (but not audio recording) them in secret than tapping their network traffic, because one of those is a potential Federal crime.

about a month and a half ago

Submissions

dnavid hasn't submitted any stories.

Journals

dnavid has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...