×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Criminals Using Drones To Find Cannabis Farms and Steal Crops

perpenso Re:Just one more reason (218 comments)

It may be to a lesser degree but legal businesses are the victims of theft and extortion too.

yesterday
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

perpenso Re:Eyeballs did not find bug ... (579 comments)

A second and more important fact is that the bug was not discovered by eyeballs on source code. The techniques used seem to be the same applied to proprietary closed source code. "âoeWe developed a product called Safeguard, which automatically tests things like encryption and authentication,â Chartier said. âoeWe started testing the product on our own infrastructure, which uses Open SSL. And thatâ(TM)s how we found the bug.â"

So you're say that when I, as a (professional ;-) programmer, create a chunk of code that tests for something, you don't think I should get any credit for what it discovers, because it's the code that discovered it, not me. ...

You are offering a strange misinterpretation of what I have said. I am saying that this bug was not found by someone examining source code. That if you fuzz or otherwise test the binary then whether the code is proprietary or FOSS is irrelevant.

2 days ago
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

perpenso Re:Access to lib source does not require FOSS ... (579 comments)

OK fine. It would not be possible if you did not have access to the source code. It is true that you can buy access to the source from some closed source software. But the fact that you are choosing software based on whether you are able to access the source code, I would argue is a point in favor of open source software rather than closed source proprietary software (the vast majority of which you can not buy source code access).

I never said I was against FOSS. I'm merely pointing out that access to source code is hardly unique to FOSS.

As far as how common access to source is in proprietary software, I think it is far more common than most FOSS advocates are aware of. For some of what we had used in the past there was no public offering of a source license. Yet when we specifically asked about it a deal was made. Many things that appear set are in fact negotiable. FWIW, we were a small company with no particular leverage.

2 days ago
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

perpenso Re:Proprietary or open seems irrelevant to discove (579 comments)

Proprietary or open seems irrelevant to this discovery.

You can't make such conclusions from one bug.

Good thing I was commenting on only this one bug. That said, one can absolutely make the statement that fuzzing and other penetration testing works equally well on proprietary and FOSS code. The binary being tested doesn't care about the nature of it license.

Bugs will happen, and bugs will go unnoticed. The question is about whether the open source nature of a piece of software decreases the frequency of those events.

No one is arguing whether bugs will occur and go unnoticed. What is being argued is that the value of the "many eyeballs" concept is often exaggerated. Few users are developers. Few developers are qualified readers.

2 days ago
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

perpenso Access to lib source does not require FOSS ... (579 comments)

At my company we use open source software libraries for our commercial products. When we find anomalies, we are actually able to figure out if bugs are in our own software or in the open source libraries we use. In fact, we actually run static analysis tools on every piece of open source software that we use because we care about the security of our own applications. We don't use openSSL, but if we did, we may have actually found this bug. That wouldn't be possible if the source was closed.

That is not true. At past jobs where we used proprietary libraries in our commercial products, I always advocated for buying the more expensive source licenses rather than the less expensive binary only licenses. We even chose vendor A over vendor B due to A have a source option and B not having one. Fortunately all the libraries we used had source options, obviously YMMV. Management was always reluctant until we found and resolved problems in these proprietary libraries just as you describe doing in open source. Management quickly became believers in buying the source licenses so that our fate was not in a 3rd party's hands.

2 days ago
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

perpenso Re:Proprietary or open seems irrelevant to discove (579 comments)

Why are you so adamant that it was not "eyeballs". So they fizzed their own infrastructure and found the issue. The article you posted is scant on the details if the tool and a google search did not turn up any salient details on the tool. From the description it appears to be black box testing SSL/TLS for obvious overruns.

And such testing would find such a bug equally well in proprietary or open source code. It seems fairly clear that the bug was not discovered by someone reading the source code, despite the code being available for two years and the code being absolutely critical to networking.

The value of many eyeballs is often exaggerated. Few users are developers. Few developers are qualified readers.

2 days ago
top

San Francisco's Housing Crisis Explained

perpenso Isn't prop 13 irrelevant to buyers? (352 comments)

All property owners pay based on their date of purchase, which is entirely fair.

I pay five times what my neighbor pays in property tax for the same model simply because my neighbor bought in 1977 and I bought in 2010. Prop 13 is good for older people who have been here a while but not so good for people trying to buy their first home.

How is it not so good for buyers? It seems buyers would be paying taxes based on a current assessment with or without prop 13? In other words prop 13 seems irrelevant to that initial assessment and tax rate, that it only affects increases not the initial rate.

2 days ago
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

perpenso Proprietary or open seems irrelevant to discovery (579 comments)

The visibility doesn't make it so bugs don't exist. It makes them more likely to be found. This one existed and was found.

After two years in the wild. And apparently *not* by eyeballs on source code. Proprietary or open seems irrelevant to this discovery.

"“We developed a product called Safeguard, which automatically tests things like encryption and authentication,” Chartier said. “We started testing the product on our own infrastructure, which uses Open SSL. And that’s how we found the bug.”"
http://readwrite.com/2014/04/1...

2 days ago
top

How Does Heartbleed Alter the 'Open Source Is Safer' Discussion?

perpenso Eyeballs did not find bug ... (579 comments)

The quote is "given enough eyeballs, all bugs are shallow." That's a clear admission that open software, like all other software, contains bugs; that's why you want the many eyeballs. Any claim otherwise is a symptom of not understanding plain English. Eric's whole point was that the bugs in open software will be found and fixed faster than the bugs in other software, due to the population of interested people who will study it, looking for the bugs.

Perhaps it is not being stated clearly but the point that you are missing is the fact that this bug in some of the most critical network software in use had been around for 2 years. This fact demonstrates the hyperbole of the quote. Its a well crafted quote, illustrates a concept well, but people read way too much into it. Few FOSS users are developers, few developers are qualified readers. Eyeballs are a plus, but not a panacea. The gap between proprietary and open exists but it is exaggerated.

A second and more important fact is that the bug was not discovered by eyeballs on source code. The techniques used seem to be the same applied to proprietary closed source code.
"“We developed a product called Safeguard, which automatically tests things like encryption and authentication,” Chartier said. “We started testing the product on our own infrastructure, which uses Open SSL. And that’s how we found the bug.”"
http://readwrite.com/2014/04/1...

Nothing in that quote implies (to anyone with reasonable understanding of English and basic logic) that open software doesn't have bugs.

Straw man.

2 days ago
top

Seagate Releases 6TB Hard Drive Sans Helium

perpenso My bad ... (147 comments)

Ah, I missed WD. I thought the summary was describing the Seagate drive as being filled with He. Gotta stop that skimming through torrents of information ... oh wait, that's a different article.

about two weeks ago
top

Seagate Releases 6TB Hard Drive Sans Helium

perpenso Oops in title - "sans" ? (147 comments)

Whoa, the summary is orders magnitude off on the density. (or the drive is way bigger than an aircraft carrier.)

I think that you can't get past the title without an oops: "Seagate Releases 6TB Hard Drive Sans Helium"

Doesn't "sans" mean without?

about two weeks ago
top

New Service Lets You Hitch a Ride With Private Planes For Cost of Tank of Gas

perpenso Passenger can not influence destination ... (269 comments)

My understanding is that this is treading on very dangerous grounds with respect to FAA guidelines.

A "share" of the cost includes all expenses of the flight. Rental, fuel, etc. The pilot and passenger must each pay half of total expenses.

The passenger can have no influence on the destination. If the pilot is flying from A to B and the passenger tags along, OK. But if the pilot just wants hours and goes to B because the passenger needs to go there then I think there is an FAA regulations problem and the FAA will consider the flight commercial.

That said I am not a lawyer nor a FAA guidelines expert. All I know is what my instructor told me many years ago in ground school. "The person showing you their FAA ID is never ever there to help you. Never hand your license to the FAA official to help them read / inspect it, that can be considered surrendering your license if the FAA official wishes to interpret the act as such. Keep the license in your hand and move it closer to their face if they are having a hard time reading it, pull it away if they reach for it. If they ask for it tell them you will be handing it to your attorney and they can speak with him/her."

about two weeks ago
top

How the Internet Is Taking Away America's Religion

perpenso The anti-vaccine movement grew with the internet (1037 comments)

access to unfiltered information will make people THINK! who would have thought? :)

Unfiltered information is not necessarily correct information. A peer reviewed scientific journal is an example of filtering. Filtering is not necessarily a bad thing, it depends on the who and why of the filtering.

People sometimes think more emotionally than critically, are easy to deceive. The anti-vaccine movement grew with the internet too.

about two weeks ago
top

Illustrating the Socioeconomic Divide With iOS and Android

perpenso Re:Av rev per app, Android $1,125 and iOS $4,000 . (161 comments)

While the number of apps downloaded is coming from 3rd parties we are still left with Google's financial reports indicating $900M paid to developers compared to Apple's claim of $5,000M paid to developers.

Plus its not just Forbes indicating a huge disparity.
http://www.businessinsider.com...
http://techland.time.com/2013/...
http://venturebeat.com/2013/07...
http://www.forbes.com/sites/ay...

about two weeks ago
top

Illustrating the Socioeconomic Divide With iOS and Android

perpenso Av rev per app, Android $1,125 and iOS $4,000 ... (161 comments)

You make it up in volume. This is a false dilemma.

Actually you do not get enough volume to make it up, at least as of August 2013. According to http://www.forbes.com/sites/tr...

Number of downloads per app, Android 60,000 and iOS 40,000.
Average revenue per download, Android $0.01875 and iOS $0.10.
Average revenue per app, Android $1,125 and iOS $4,000.

about two weeks ago
top

London Council Dumping Windows For Chromebooks To Save £400,000

perpenso Can always install Linux on the chromebooks ... (193 comments)

Putting Linux on the existing hardware would also make more sense ...

Perhaps for PC desktops but for PC laptops you are much more likely to have glitchy or unsupported hardware of some sort, ex. wifi.

And if Chrome doesn't work out you can install a full Linux on the chromebooks and you will have a complete and working set of drivers, there is a Linux under that Chrome.

about two weeks ago
top

London Council Dumping Windows For Chromebooks To Save £400,000

perpenso Re:This is the year of Linux on the desktop! Final (193 comments)

Chrombook is Linux rite?

Yes and no. All you see is the chrome browser, however there is Linux underneath.

If you disable OS verification you can install a full Linux on it, ChrUbuntu.

about two weeks ago
top

London Council Dumping Windows For Chromebooks To Save £400,000

perpenso Chromebooks are decent Linux laptops ... (193 comments)

Or they could just hire some kids to load Linux -- I could load Linux on a lot of old computers with a locked down linux and browser. The Chromebooks will be $200 per.

A year ago I bought an Acer C7 Chromebook and installed Linux on it. Its my first Linux laptop that has a complete and working set of drivers. Of all the previous PC laptops that I have had and converted to Linux upon their retirement, they were always glitchy in one way or another, or lacked drivers.

I have had much better luck with desktops but I tended to build my own and tended to go with well regarded parts.

That said, for US$200 the Acer C7 is a pretty good Linux laptop for the money. The screen and trackpad may be nothing special but thats acceptable given the price IMHO.

about two weeks ago
top

Mt. Gox Questioned By Employees For At Least 2 Years Before Crisis

perpenso IRS notice not applicable ... (134 comments)

i wonder if us customers can sue and use these laws.

Remember, though, the IRS considers Bitcoin "property" not "money".

So sue/press charges on Mt. Gox for loss/theft of property?

US IRS notices don't have much weight in Japan. :-)

about three weeks ago
top

Mt. Gox Questioned By Employees For At Least 2 Years Before Crisis

perpenso Underbody LEDs ... (134 comments)

What the hell is a "racing version" of a Honda Civic.

For many, one with underbody LEDs. :-)

about three weeks ago

Submissions

perpenso hasn't submitted any stories.

Journals

perpenso has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...