Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

NY Doctor Recently Back From West Africa Tests Positive For Ebola

ray-auch Re:my thoughts (340 comments)

> Indeed, where you're wrong is thinking that's a BAD thing -that's exactly what we, as the humans, WANT.

yes, to a point.

Y Pestis was once much scarier than it is now, which is good news.
Bad news is it killed 30-60% of population (in Europe at least) to get there.

Might be interesting to try and work out what 30% population loss does to the world economy - might depend which 30%, if it's all the old people it might not be too bad, if it's all the medics (likely)... If it knocks us right back to subsistence farming, how many more would we lose to starvation in 1st world ?

yesterday
top

NY Doctor Recently Back From West Africa Tests Positive For Ebola

ray-auch Re:my thoughts (340 comments)

Some types of mutation are fantastically unlikely

Yep, that's all true, but there are other options, possibly no less scary.

This virus is well established in humans now in this outbreak, whereas before it was mostly a zoonosis (caught from animals). Mutations will now be being selected by their efficacy in prospering in us, not in the original host(s).

Some scientists believe this is already happening, we know it is mutating and there is evidence that it is mutating to become more infectious, to us: http://www.businessinsider.in/...

If it is true that viral loads are coming up earlier and higher than before, then it could be shedding before symptoms. Wouldn't be entirely surprising - containing it through hazmat-after-symptoms will probably select for strains that infect before symptoms. That would screw up all our containment measures rather well. Even if it just accelerates symptoms it could get a lot harder to contain - if first symptoms are a fever _and_ the infected is monitoring and gets themselves straight into care, further infection can be limited, but if first symptoms are fever and projectile vomiting you have much more of a problem.

All that said, scariest thing to me is that this is an African zoonosis that hasn't been out of Africa before except in the lab. We have no idea what hosts it may find in the non-African animal population, should it get the opportunity. If it finds an easy first-world reservoir host (maybe it likes our bats, or our foxes, or our rats) then it will become endemic, rapidly. Endemic ebola (in the absence of vaccine or cure) will be a game changer for 1st world medicine - think about every fever case to be isolated and treated using hazmat until tested negative (probably twice X days apart). Africa's health system, such as it is, is already feeling that pain - Ebola may well kill (already) more people via malaria than it does directly: http://www.reuters.com/article...

yesterday
top

Ask Slashdot: Aging and Orphan Open Source Projects?

ray-auch Re:software (154 comments)

It's: Project who must not be named.

[probably Bash :-)]

3 days ago
top

Ebola Does Not Require an "Ebola Czar," Nor Calling Up the National Guard

ray-auch Re:American Exceptionalism Strikes Again (383 comments)

Thomas Duncan, the ebola patient, wasn't sent home because as you put it, "poor Nigger, not gonna pay his bills." He was misdiagnosed. That isn't hard to understand. It isn't hard to get right.

Timeline details missteps with Ebola patient who died

From WSJ: “Princess Duo, a niece of Ms. Troh who lives in Dallas and spoke with her following the ER visit, said Ms. Troh recounted being specific in the information she gave nurses that night. “They asked him for ID, and whether he had insurance. And she told them he did not because he had just come from Liberia,” Ms. Duo said."

Sure he was "misdiagnosed" (or more realistically, not diagnosed, unless you have information as to what he was positively diagnosed with) , but only because they did not take the travel history properly or act on it.

3 days ago
top

Ebola Does Not Require an "Ebola Czar," Nor Calling Up the National Guard

ray-auch Re:Politics (383 comments)

Nigeria overall has less resources than US, sure, but compare the what they actually did and the resources they actually _used_.

First, in Nigeria patient zero hit a good observant doctor with a clue, and instead of being sent home with antibiotics, was kept in hospital and restrained to prevent him leaving - all (I believe) before any official quarantine order or similar. The doctor that did that paid with her life. That action probably prevented an epidemic across Lagos, nothing to do with amount of resources and everything to do with one doctor being on the ball and prepared to fight the system to do the right thing.

The official response included tracing close to 1000 primary and secondary contacts, 18,500 personal visits and 100s in isolation / quarantine. They had emergency presidential decrees, overriding the rights people would normally have (probably a lot less than in the US to start with) and extensive use of law enforcement agencies. Widespread advertising campaigns, banning shaking hands, kissing etc., Changing holy communion practices in churches. Closure of _all_ schools.

The US doesn't appear to have done anything like that, despite its greater resources. Maybe Nigeria over-reacted, maybe US under-reacted and got lucky.

3 days ago
top

NPR: '80s Ads Are Responsible For the Lack of Women Coders

ray-auch Re:Can we stop trying to come up with a reason? (766 comments)

It is because women are smarter than men, and are making more informed career choices.

Back in the days of punched cards and computers the size of a whole data centre now, and memory that didn't got away when the power went off (yeah, I know, that one's come around again now), programming was a 9-5 family friendly (as much as any job was) day job. Programmers and operators were often women (my mother was one), if not mostly women - seriously, just do a google images search for "mainframe operator 1960s" (just for one example), those images reflect the number of women working with computers that you'll see in printed material from that era too.

Somewhere around the 80's - 90's with the personal computer revolution, and gaming, and continuing with the dotcom boom, programming turned into an aggressive deadline-driven first-to-market ship-it-yesterday career, with a long-hours work-till-it's-done culture that spread from startups out to entire parts of the industry (see gaming...). And the women stopped coming.

To pick a couple of other industries / careers I have some (UK based) knowledge of: in roughly the same time scale, in medical and veterinary, professionals went from being on-call all-hours (junior doctors infamously worked a standard 120hr week) to having out-of-hours contracted out and on-call hours counted into the limits under EU working time directive. Every programming job I've had has required me to opt out of the working time directive, but doctors don't. Now take a guess on two professional careers in the UK which are (or soon will be) majority female... medical (doctors) and veterinary. That is where all the smart women went, and if you want to know why just look at the culture changes in those professions and in programming.

3 days ago
top

Apple Doesn't Design For Yesterday

ray-auch Re:Apple's take on Windows 8 (369 comments)

least you had rocks. You have no idea how hard it was to get the women back to the cave when all you had to hit em over the head with was grass...

about a week ago
top

Apple Doesn't Design For Yesterday

ray-auch Re:Apple's take on Windows 8 (369 comments)

If hyperbole is your argument, you have no argument.

Hyperbole ? We didn't have hyperbole, we were lucky to get kilobole let alone megabole.

Oh yeah, get off my lawn.

about a week ago
top

Despite Patent Settlement, Apple Pulls Bose Merchandise From Its Stores

ray-auch Re:Bose is overpriced crap and always has been (328 comments)

But mainly, as I clearly stated above, what you are missing with other products is that you don't have the option of dual-booting AND, at the same time, running the SAME foreign OS install in VMWare or the like. If you want to do that you are stuck with 2 different foreign OS installs, and your files won't be in sync.

I didn't say dual-booting was unique to Mac. Read it again. What I wrote was that it's BETTER. Especially if you have VMWare. While that's a third-party product, it enables you to do what other OSes won't do, even with VMWare.

Without specifying which VMWare product it is a bit difficult to see what you are getting at - workstation or full ring-0 hypervisor like ESX ?

If you mean just the option of booting a virtual disk (vhd) which you can also use in an emulator, Windows has had that for 5 years (since 7) without needing a third party emulator (VirtualPC from MS).

If you mean having the option of booting a vhd and having also a full hypervisor that can run that vhd as a virtual machine, built into the OS, Windows has had that for six years on the server OS versions, and two on client (Windows 8) - Hyper-V is built in along with native-boot-from-vhd.

There are also Linux options for both boot-native-from-vhd and built in hypervisors.

So, struggling a bit to see what it is you think other OSes can't do ?

about a week ago
top

BBC Takes a Stand For the Public's Right To Remember Redacted Links

ray-auch Re:Article or link (113 comments)

The whole article is de-indexed. That is the only way it can work - the required form of complaint is that the information is inaccurate / irrelevant / etc., i.e. the complaint is that the information should be "forgotten", not that any particular search term should not lead to it.

about a week ago
top

BBC Takes a Stand For the Public's Right To Remember Redacted Links

ray-auch Re:Incomplete information (113 comments)

Wrong. Already there have been cases where the main subject of a removed article was publicly accused of having it removed, only for it to turn out to be a commenter on the article that wanted their comment forgotten. Since the ruling only affects the search index and not the actual page, the whole article will have to be de-indexed just to forget one comment. There could be a lot of different commenters on one page.

about a week ago
top

Ask Slashdot: Stop PulseAudio From Changing Sound Settings?

ray-auch Re:Bring Back the Soundblaster (285 comments)

Yeah, but the fact that you have to mess with and configure each component individually and manage all the dependencies yourself means you know what is going on rather than have some magic uber-daemon figure out what it thinks you want and then do something, but you have no idea what it actually did when it goes wrong.

[or is that systemd, i forget...]

about a week ago
top

First Demonstration of Artificial Intelligence On a Quantum Computer

ray-auch Re:A small vat of organic liquid? (98 comments)

we already have those - look at all the 'bots posting on here for starters...

about two weeks ago
top

Positive Ebola Test In Second Texas Health Worker

ray-auch Re:Just tell me (463 comments)

The rationale was probably to rack up charges, if the machine was not in use at the time, might as well use it.

CT _scanners_ of course are pretty expensive, be interesting to know how they decontaminated it, if they did.

about two weeks ago
top

Confidence Shaken In Open Source Security Idealism

ray-auch Re:I don't buy it (265 comments)

If the numerous people reviewing Bash, from multiple companies, and disciplines didn't find the issue with the first patch, then how would Microsoft with a far more limited set of people looking at the code be able to get the same kind of patch correct the first time and get all the corner cases figured out and fixed before releasing the first patch?

Because they have a "far more limited" team full of security specialists. Some (maybe all) of the later bugs were found using standard fuzzing tools, which should have been part of the test process the first time, as soon as the parser was found to be broken once on non-standard input. In fact it should have been picked up, whilst under embargo, that the whole idea of parsing code out of untrusted input was a security hole that would need to be patched (as it eventually was), even not-security-experts with some idea about security could have predicted that (as I did - http://slashdot.org/comments.p...)

I'm not saying the Bash devs had 1 million eyes on this; but they certainly had a few hundred if not a thousand or so in total.

During the embargo, really ?

Agreed - kinda. The main point of the origin of this thread (article?) was that F/LOSS software could not deal as well as proprietary software; that somehow the proprietary vendors could do better with these kinds of bugs - both catching them and responding to them.

Actually the article doesn't say that proprietary is any better, just that FOSS hasn't turned out to be as good at it as people were assuming (many eyes bugs shallow etc.).

But here's the kicker - there is a similar exploit for cmd.exe. It's yet to be patched. ;-)

cmd.exe parser has a bug, or maybe a feature. bash parser had a bug, or several, or maybe a feature.

Big big big difference is that cmd.exe doesn't execute, or echo, or parse, all its environment variables at startup - that is the actual bash shellshock vulnerability (not the various parser bugs), and cmd doesn't have it. No one has yet found an exploit for this cmd.exe bug, let alone a remote one.

about two weeks ago
top

Confidence Shaken In Open Source Security Idealism

ray-auch Re:I don't buy it (265 comments)

I didn't say MS was better, I said the bash response was poor, and the poster I replied to couldn't possibly have had fixes in place within minutes as claimed.

Oh, and in your argument "up to 30 days" suddenly becomes "taken 30 days" - actually if bugs come in uniformly distributed in the 30 day cycle then average would be 15 days, or lower since sometimes they do go out-of-band.

Plus, the second (and third and fourth and so on) patches are only needed if the first (and second and third.,.) one is inadequate and not properly tested. Maybe MS are just as bad at that too, but the developers of Bash were certainly not good at it.

about two weeks ago
top

Confidence Shaken In Open Source Security Idealism

ray-auch Re:somebody else's job (265 comments)

There aren't because:

1. no one is paying for them (or at least not enough to make a difference and catch stuff like heartbleed and shellshock)
2. auditing existing code doesn't "scratch an itch" for anyone on the hobbyist side

Closed source companies like MS have to weigh up costs of security auditing vs. cost of reputational damage of getting it wrong (i.e. if you think safety is expensive try having an accident). For a long time, MS was so secure as a monopoly that the reputational damage wasn't worth them worrying about - that isn't the case now, and they are better at security than they were, but they have a very large legacy mess still to clear up.

For open source companies, the reputational damage is spread or lands elsewhere (shellshock is a GNU bug not a Linux bug or a RedHat or Debian or...), so there is even less incentive. Your competition benefits equally from your auditing but you take the whole cost. Therefore it will need collective funding by competing companies - which is always a lot harder to organise.

about two weeks ago
top

Confidence Shaken In Open Source Security Idealism

ray-auch Re:I don't buy it (265 comments)

How did you fix them in minutes when it took several days for correct patches to come out, for entirely predictable reasons (laughable approach of trying to find and fix all bugs at once in a parser never designed to be secure, when the real issue is that it should never be being fed untrusted input) ?

To my mind, that is the biggest failure of open source / free software in this case
- 20+ yr old bug / insecure-feature in an obscure corner of a system never designed for today's threat environment - forgiveable
- responsible disclosure, working with maintainers under embargo - good
- publication along with a patch that was broken again within hours if not minutes - fail
- everyone and his dog then panic-issuing further patches for one parser vulnerability after another before eventually someone (actually more than one different approach) fixes it properly the way it should have been done in the first place - spectacular fail

about two weeks ago

Submissions

ray-auch hasn't submitted any stories.

Journals

ray-auch has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?