Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Social Security Administration Joins Other Agencies With $300M "IT Boondoggle"

jcochran Re:Missing Key Information (142 comments)

Oh good god...

I was a LM employee a few years back. Brought in on a project that was failing. And the main issue with the failure was their process.
For instance, LM was using Common Criteria and they were trying to get the system to EAL4. And frankly, getting there is quite doable. Unfortunately, management and the customers for the project didn't bother to actually understand anything about requirements.

For instance, in Common Criteria, your need to tailor the documents. An example would be this template being tailored to the system requirement:
FPT_FLS.1.1 The TSF shall preserve a secure state when the following types of
failures occur: [assignment: list of types of failures in the TSF].

The above template is obviously intended to be tailored to include a list of possible or predictable failures upon which the system will still remain secure. But this is how LM tailored that little beauty:
FPT_FLS.1.1 The TSF shall preserve a secure state upon a partial system failure.

Notice how the tailoring totally removed anything concrete about the requirement? What kind of partial failure? How do you test it? When is it violated? etc, etc, etc, ad nasium.

And that kind of bullshit "tailoring" was done EVERYWHERE. There would be multi-hour meetings just change, tailor, and interpret specifications tailored that way. And any suggestion by anyone working in the trenches stating that the requirements were badly done and needed to be redone properly in order to actually get a functional system was met by "We can't do that, it would be too costly."

If the above paradigm was used on the Social Security project, I can definitely see why progress has been snail slow and over budget. They're most likely still attempting to get their specifications correct.

4 days ago
top

Google Offers a Million Bucks For a Better Inverter

jcochran Re:110 or 240v (260 comments)

The 240V 60Hz is so that it can handle both North American and UK voltage levels. If you look at the technical specifications document, you'll see that there are 2 different grounding configurations that the contestants may specify. In both configurations the inverter output is fed into an isolation transformer. One specification has the input of the isolation transformer center tapped and grounded which makes the AC outputs from the inverter swing +/- 120V from ground like you would expect in the USA. The other configuration doesn't have a center tapped transformer, but one leg of the input is grounded making one of the AC outputs swing +/- 240 V in referenced to ground and the other output is tied to ground. I suspect the 60Hz specification is due to the way transformers work. A transformer designed to operate at 50Hz using minimal materials will operate fine at 60Hz. However a transformer designed to operate at 60Hz using minimal materials will saturate magnetically at 50Hz causing it to overheat and eventually fail.

about a week ago
top

Researchers Test Developer Biometrics To Predict Buggy Code

jcochran Re:uh huh (89 comments)

And you've still avoided naming any metrics....

Number of lines of code? As mentioned earlier, one can easily inflate LOC with trash.
Also how do you evaluate a programmer who actually reduces the lines of code in a program? By the LOC metric, said programmer is counter productive. Then again you get the beautiful quote by Ken Thompson... "One of my most productive days was throwing away 1000 lines of code."

Code quality? Once again, how do you judge it?

about a week ago
top

Researchers Test Developer Biometrics To Predict Buggy Code

jcochran Re:uh huh (89 comments)

And what stats do you apply to code development?
Because quite frankly, that is the gist of the problem.

about a week ago
top

Comcast Customer Service Rep Just Won't Take No For an Answer

jcochran Not 8 minutes (401 comments)

This same article was recently posted on Techdirt. The call wasn't 8 minutes. The RECORDING was 8 minutes. There was 10 minutes of call prior to the recording even starting.

about two weeks ago
top

Obama Administration Says the World's Servers Are Ours

jcochran Subpoena vs Warrent (749 comments)

The real issue at hand is the difference between a warrent and a subpoena.
The legal requirements to obtain a warrent are rather trivial and obtaining a warrent is rather easy. But a warrent doesn't extend past the boundaries on the United States. A subpoena on the other hand has far stricter oversight and requirements to obtain. But a subpoena requires the one served to provide the information requested regardless of where in the world that information resides.

What's happening is the government is attempting to get the best of both worlds. The trivial requirements of obtaining a warrent, combined with the expanse of a subpoena. And that frankly is wrong and needs to be stopped.

about two weeks ago
top

New Class of Stars Are Totally Metal, Says Astrophysicist

jcochran Using a different definition of "metal" (119 comments)

What astronomers mean for the word "metal" isn't what the rest of us mean.

As mentioned in the link to Metallicity, the all metal stars could be composed of carbon, nitrogen, oxygen, etc. Basically anything other than hydrogen and helium.

about three weeks ago
top

NSA Considers Linux Journal Readers, Tor (And Linux?) Users "Extremists"

jcochran Give 'em something to worry about... (361 comments)

Just download tails yourself and start using it. Increase the amount of encrypted traffic that they don't know the contents of.

about three weeks ago
top

Goldman Sachs Demands Google Unsend One of Its E-mails

jcochran Re:why? (346 comments)

Ah, but by definition, the email that the unmentioned gmail.com user has is addressed to him or her. GS may have made a mistake in the address they sent it to, but it IS addressed to that gmail.com user.

about three weeks ago
top

New Chemical Process Could Make Ammonia a Practical Car Fuel

jcochran Re:Now I'm confused ... (380 comments)

Unfortunately, it needs to be anhydrous ammonia.
Looking at the paper, what they're doing is

1. Convert sodium amide into metallic sodium, hydrogen, and nitrogen.
2. Convert ammonia and metallic sodium into sodium amide and hydrogen.

They can easily balance those two reactions.
However, if there's any water in the system, there will be a 3rd reaction going on as well.
3. Convert water and metallic sodium into sodium hydroxide and hydrogen.
That 3rd reaction would effectively consume the sodium prevent it from making more sodium amide.

Given how nasty anhydrous ammonia is, I definitely know I wouldn't want to be anywhere near an accident involving it.

about a month ago
top

Mass. Supreme Court Says Defendant Can Be Compelled To Decrypt Data

jcochran Re:Except, of course, they have to prove you can (560 comments)

As all the other posters have already mentioned, your plan won't work. But way back when anon.penet.fi was finally forced to reveal through the legal system, the real email address of a user, I did a bit of a mental exercise.

How could someone create a pseudonymous remailer that would be extremely hard if not impossible to break through the legal system?

The scheme I thought up was as follows.
      1. Maintain an encrypted database of email addresses and pseudonyms.
      2. Have the key to the above mentioned database stored only in RAM and never written to any persistent storage.

The above scheme would work, but power failures and reboots would effectively destroy the database so it's not a complete solution. But to work around the power issues, add the following.
      3. A UPS to minimize power issues (not really required, but will reduce the down time)
      4. Have the key split into multiple parts and have those parts sent to multiple trusted parties in multiple legal jurisdictions. There's plenty of secret splitting techniques out there to do this. And if your escrow parties happen to be in the USA, Finland, Italy, Switzerland, etc., it would be rather difficult to have enough of them divulge the key portion that they've been entrusted with. And of course, have those parties instructed to destroy their key portion if they ever discover that legal proceedings have been engaged against you. And of course, have your lawyer instructed to inform those parties as well.

So in the above situation if you lose power, or need to reboot, the system will be in an unusable state, but will contact the escrow parties to retrieve the key parts and reconstruct the encryption key. Once this happens, it resumes normal operation. But most other governmental attacks would have a very slight chance of success.

Of course, other refinements could be added such as a periodic "ping" to the escrows informing them that things are still OK. If a sufficiently long time elapses without such a keep alive ping being received, the escrow would delete the key portion entrusted to it.

To break such a system would be extremely difficult.

about a month ago
top

Mass. Supreme Court Says Defendant Can Be Compelled To Decrypt Data

jcochran Re:Except, of course, they have to prove you can (560 comments)

Or perhaps go one further....

Have your password be "I admit guilt to all crimes and charges" and then use the 5th Amendment against self incrimination.

about a month ago
top

Mass. Supreme Court Says Defendant Can Be Compelled To Decrypt Data

jcochran Re:Except, of course, they have to prove you can (560 comments)

Wouldn't work.

Reason?

It's standard forensic practice to make bit level copies of media and examine the copies, not the original material. Your software can do anything it wants to with the USB stick and an overwrite simply means that a new copy is made from the original (using software and hardware under the investigators control) and they get to try again.

about a month ago
top

Wikipedia Editors Hit With $10 Million Defamation Suit

jcochran Re:Well, this won't backfire! (268 comments)

You just might want to take a look at the comment on the edit made to Yank Barry's wikipedia entry at 9:21 25 Jun 2014... The URL is http://en.wikipedia.org/w/inde... and to save you time, here's the comment

  (Court cases: I expect we'll have better sources than TechEye sooner rather than later. And shortly after that, we can update Streisand effect.)

Unless you're willing to claim that all the editors of Wikipedia are geeks, then it looks like the Streisand effect is gonna have another edit in the near future.

about a month ago
top

Federal Judge Rules US No-fly List Violates Constitution

jcochran Doesn't really say much (276 comments)

The ruling doesn't ban the no fly list, it merely requires the government to make a suitable appeal process for those who are on the list. So you may expect the list to still be in use for quite a while. Additionally, Judge Brown is only on the Oregon district. So her ruling only applies to Oregon (however, it will be used as a precedent in other districts). All in all, it's still a very good ruling, but there's still a long ways to go.

about a month ago
top

3-D Printing with Molten Steel (Video)

jcochran Mostly a repeat. (104 comments)

Interesting article, however, I suspect the editors are a bit mistaken. I strongly suspect that Mr Delaire is NOT using TIG welding in his machine, but instead is using MIG welding. Also I have to wonder if Mr Delaire is aware of http://hardware.slashdot.org/s...
If not, he may be able to save a bit of effort and time by building upon the work someone else has already done.

about a month ago
top

Endurance Experiment Writes One Petabyte To Six Consumer SSDs

jcochran Re:And the winners are... (164 comments)

You might want to do a bit of math before making such a statement. 700TB is a very large amount of data. And in order to do that in a week, would require quite a bit of data transfer bandwidth. To wit:

700,000,000,000,000 / 7 days = 100,000,000,000,000 / 24 hours = 4,166,666,666,666 / 3600 seconds = 1,157,407,407 bytes per second.

Do you really write 1.157GB/second every second for a week? And if so, what data interface are you using? I'd really like to know since SATA 3.0 can only handle 600MB/second. Perhaps you're using SATA 3.2 which does have the required speed?

Now in an environment using multiple drives, you can get to the 700TB mark much more rapidly with much lower per drive bandwidth. But then again, that's not the test criteria. They are testing how much endurance individual SSDs have.

about a month and a half ago
top

Artificial Pancreas Shows Promise In Diabetes Test

jcochran Re:Measure blood directly (75 comments)

Do you make it something that attaches to the outside of the skin for power (ie: a small battery)? Or cut the person open whenever the battery starts flaking out? If the latter, we have new members of the zipper club instantly.

Seems that such a device would be an ideal candidate for inductive coupling. Both for charging and data transmission. The device would consist of two parts. One part implanted into the body, and a second part held on the skin over the implant. That would avoid a semi-permanent skin penetration acting as an infection risk.

about a month and a half ago

Submissions

jcochran hasn't submitted any stories.

Journals

jcochran has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...