Honestly, it's more interesting to discuss why this topic keeps getting brought up than the actual topic itself. Re the original topic, it's pretty much a dead horse at this point: Linux is objectively bad for people who want something which just works (especially for the last 10% cases). That's the main issue, it's always been the main issue, it hasn't gotten any better over the last 15 years, it's unlikely to ever get better, end of story.
So why does this horse keep getting dug up and beaten again every few years? Are the hardcore Linux supporters simply delusional? Is there some marketing push to get more people onto Linux? Is it just a Slashdot thing (ie: keeping the dream alive, even though it's been dead for decades)? Is there any new reason to think the status quo will ever change? Why is this "news"?
Politics in the US is a mess; divisiveness is up, discourse is down, and partisan fighting takes priority over any improvement. Swapping one side for the other won't fix this, and people are too focused on the symptoms to address the underlying problem. There are plenty of people in the country with plenty of reasonable ideas for improvement in government, but no practical way to affect any actual improvement.
If we want to fix the underlying problem, we have to solve for the meta-problem: how to get better quality people in office, preferably not politicians, and certainly not just people on "the other side". This is a solvable problem, and possibly the most important problem for modern society, yet we're making minimal progress on it. Hopefully sometime soon we can start trying to solve the actual problem.
This argument works just as well for other professions; allow me to demonstrate.
People have been building airplanes for roughly twice as long as their have been computers, but yet we are still paying hundreds of millions of dollars for top-end fighter jets. Why is that? Why have we not yet advanced to the point where building fighter jets is commoditized, and can be done with minimum wage workers with high school educations? Why do we still have to pay exorbitant salaries for so-called "experts", in this nerd-driven culture of exclusivity? #RocketScienceForAll
See, the answer is pretty simple, when you are enough of a "rock star nerd" to apply some simple logic. Making complex computer programs is "hard", and thus requires people with "intelligence" and "experience". It's the same in pretty much every specialized profession; programming is sorta the outlier because for some reason (media, outreach, or otherwise), people seem to have the misguided notion that if we were better at dumbing it down, we could make it accessible to everyone. The reality, though, is that for the same reasons that we don't have many high school only educated doctors, or lawyers, or physicists, or rocket scientists, etc., we also don't have (and it's not really possible to have) a plethora of minimally educated/experienced good software developers.
TL;DR: Don't be an idiot, good science/engineering is hard, and that's why "normal" people cannot magically be good engineers. Try to remember that good engineering is hard, even if ignorant people say programming should be easy.
Not sure if this should even be "news", per se. Google's total lack of care for qualify and usability of their software is sorta ubiquitously understood at this point.
I mean, this is the company which produces a phone operating system which unlocks the display for a device (in your pocket, for example) when answering via Bluetooth, a significant usability flaw which has been reported, acknowledged, and complained about for 6+ YEARS. Based on experience, there's no reason to suspect that ANYONE at Google cares AT ALL about usability of their software, and/or fixing bugs, and/or customer experiences.
But to be fair to Google, this has been the case since day one, and this is not new or news. If you want something you can tinker with, Google has [plenty of] products for you; if you want something which works, try elsewhere (eg: Apple, Microsoft, etc.).
I don't miss anything about Windows Mobile in particular (and I detest how it was allowed to influence the desktop OS in some weird, genetic abortion of design failure), but I do miss the time before it was released, when the ecosystem was full of promise. I miss the idea of a mobile OS which wasn't a walled garden, but also wasn't a cluster-f of unpatched, vendor "optimized" garbage, with tons of bloatware and more persistent bugs and usability issues than anyone would have thought possible. I miss the promise of something better than iOS, like the Microsoft of old, taking the solid foundation that Apple has built (in contrast to the garbage heap that is the Android ecosystem), copying it, and extending it to generic hardware, so the price would go down, and people would no longer have to choose between affordability and usability.
But then, it was not that Microsoft... it was the new Microsoft, the one which wasn't even intelligent enough to grasp why people on the desktop didn't want a phone UI, much less what might constitute a "better" mobile experience. So much promise, so much failure.
People who can code all aspects of an application exist. They are typically older, more experienced, more rounded, and the good ones can get paid a considerable amount of money, precisely because they can understand and effectively code all aspects of the "stack".
What most companies are looking for are more unicorns: people who are young (ie: less external life, so they can/will work more), can code for all aspects of the stack well, single-handedly take projects to completion and/or coordinate between different groups, and don't know their actual market worth. Those people also exist, but they are much harder to find (and hard to retain, if/when they figure out their actual value).
What companies want doesn't always match what companies will take, if they cannot find their unicorns. Success is about making it work with what you have, not lamenting your inability to find the exact right candidate you think is out there.
In my old company (smaller), the company modified the IT policy to make it easier for employees to access email and company data on personal devices. This made it more likely that I would check email off hours, and possibly respond if necessary (which was not uncommon).
In my new (bigger) company, the IT policy is more rigid, and you cannot access company info (including email) without jumping through several hoops (corporate device, multi-factor auth, etc.). So I no longer check email/phone off hours, or feel any obligation to answer anything (if they wanted off hours interaction, they are either idiots, or should not have erected so many barriers).
The morale, I suppose, is that if you want to encourage good employee work/life balance, you should implement more security policies. Or not, I guess, depending on your corporate goals.
In addition to the totally obvious and "duh" ideas (which would already be done if we actually had any ability to improve the election procedure, such as eliminating gerrymandering, ranked voting with instant runoffs, open source software with cryptographic security and a verified paper trail, etc.), I have another thought.
It would be cool if you could arbitrarily proxy your vote to someone else (and/or multiple people). That is, to paraphrase a hypothetical, "I don't want to learn everything about this contest in order to make an informed decision, but I know someone who does, and that person thinks like I do; just count my vote toward his/her choice(s)." I don't think we're ever going to be able to get the average person to vote in an intelligent and informed manner for the best qualified candidate (see: Trump/Oprah), but we _might_ be able to get voters to proxy their vote to people whom they judge to be intelligent, well informed on political topic, and like-minded (eg: Jon Stewart, Bill O'Reilly, etc.). In turn, that just _might_ be able to get the country away from electing the least hated of bad options.
... one could implore the software vendors to make the update process less arduous, cumbersome, error prone, and OBNOXIOUS AS ALL HOLY HELL.
As someone who has, on multiple occasions/systems, got frustrated enough with Windows Update to disable the service (hint: that's the ONLY way to prevent it from randomly rebooting your system when you are trying to use it, whether you like it or not), I can say with some certainty that I would have no issue with leaving updates enabled, if the process wasn't so GODDAMN TERRIBLE. Suggestion to vendors and prognosticators: the vendors are as much, if not more, to blame as the users who respond to the INFURIATING behavior of their devices. Instead of blaming the users, I'd suggest perhaps it might be more productive to blame the vendors for the poor quality software which drives the users to disable it.
Not that I wouldn't necessarily want it, but since I have the Windows Update service permanently disabled because it's so incredibly and ridiculously obnoxious and "poorly designed" (for which that phrase alone in this context gives the idea of software design a bad name), I don't think I'll ever get prompted for it.
I'm still holding out for the day when MS manages to extract their metaphorical head from their ass for just long enough to comprehend that being as obtrusive as humanly possible with pushing updates is a MONUMENTALLY STUPID business decision, if you want people to actually take updates. Gotta stop drooling on the floor before you can walk, gotta walk before you can run, gotta run before you can pitch an "upgrade" as an actual upgrade, etc.
It's interesting that the editor chose to call out the assumption of the continued existence of the closed-source software businesses, without calling out similar precepts (eg: the continued existence of money, or countries). I mean, if money ceases to exist, then doesn't the question of pricing become moot? What about an asteroid wiping out life on the planet: that would also, presumably, substantially alter the economic dynamics of software pricing.
If you're going to call out exceedingly low probability future events to exclude from consideration, why stop with just one? Alternatively, why call those out at all?
As has already been stated, you generally want to prefer to use a third-party library over a custom implementation, for most security-related code. This is doubly true for well-defined algorithms, which are implemented in well-tested (and preferably open source) libraries.
However... there's an inherent danger in adopting third-party libraries based on uninformed assumptions about quality, as I'm personally well acquainted with. If you have a manager who is prone to making baseless assumptions, and downloading random packages off the internet which purport to be semi-related to the current problem development is experiencing, and insisting they be integrated as the "easy" solution for that problem, you're going to end up with bad quality software (or worse).
As the saying goes: garbage in, garbage out. If you're doing software integrations based on garbage processes, you're still going to get garbage out, no matter what the quality of each third-party module.
I can't speak for all of "tech" as an industrial area, but in software development at least, there are also substantial indirect affects from the quality of work, some of which can be difficult to measure (without someone knowledgeable auditing work). Just because something compiles and produces the expected output, does not mean it handles corner cases well, or works every time, or doesn't have undesirable side-effects, or is easy to maintain, or that the design scales, or is forward-thinking in terms of technology choices, etc., etc. Getting all of those latter things might not be important in a few specific cases (eg: creating strictly throw-away demo-ware for marketing purposes), but in most business cases, each of them has a monetary value attached, and you could certainly be justified in paying more to get them.
Also, the point about competent foreign workers is well taken as well. To re-use my analogy, it's not as if there are not skilled foreign contractors also... but those people don't hang out at Home Depot, waiting to do day labor for under-market wages, they have higher paying jobs closer to home. The people who are being rented out as "cheap" foreign labor are, in most cases, "cheap" foreign labor, and you get what you pay for. It's just that in tech, more than other industrial areas, you generally get less productive value out of rote labor (in my experience).
This is very true. In the software industry, especially, there is a vast difference between people who are good developers, and people who are "just able to write code". For the organizations who employ a lot of the latter (either though legitimate need, or simply inability to attract and/or hire the former), outsourcing can be economically viable... as long as you are able to still stay in business, that is.
I know, anecdotally, that several "smarter" organizations who experimented with outsourcing software development for cost reduction have since "in-sourced" it back for quality purposes. I know others who would not have made that error in the first place. For those organizations, ability can still have value.
Obviously this is not applicable to all tech workers, but...
In many cases, there's a fairly substantial difference in expectation of work product, both in terms of quality of work produced, and in ability to execute anything more than rote work. While it's true that those qualities may not matter for those organizations who choose to outsource tech labor, there can be a very quantifiable increase in product quality from workers who are more vested in and capable of producing a higher quality product, which can be translated into demand for higher compensation.
It's kinda the same as the difference between a certified general contractor, and a guy you pick up at Home Depot to do some work for you. You don't expect to pay the general contractor a small amount of cash under the table, and he doesn't have any need to make his rate "competitive", because he'll be able to find people willing to pay for a higher quality of skill, knowledge, and ultimately work product. There's a reason that most tech companies who outsource their high-skill labor to inexpensive countries don't stay competitive long...
As with other instances where the ROI for implementing good computer security is not there, with potentially disastrous societal consequences...
Make manufacturers liable for damages if their devices are compromised for malicious purposes (DDOS, PII extraction, etc.). Make anyone collecting PII or selling a network-connected device have insurance to cover liability for losses due to security. Bam, problem solved: the insurance market will create the implied ROI (vis-a-vis reduced insurance costs), and businesses will either modify their products or behavior accordingly. The solution also side-steps most of the traditional and vexing issues with government oversight (eg: since there's no government-specified "security standard" or anything, there's no potential to make a gigantic mess of that).
It seems so obvious, but I suppose that's why it's seemingly entirely inscrutable to the people in government...
This is only really bad if the remote connectivity portion is physically connected to the CAN bus, so as to affect vehicle control through remote commands, and be effectively impossible to secure well enough to prevent exploitation.
... except this is what every manufacturer does with their telematics systems, on purpose.
I guess it's only monumentally stupid if you write the software such that it can rewrite it's firmware and whole control system via remote update.
... which is what Tesla does, for "customer convenience".
Gosh, yeah, I guess this whole "remote connected car" thing is pretty monumentally idiotic. I wonder if there is some ulterior motive for the government to push such an obviously stupid system, which allows someone with access to completely remote control a vehicle with no trace of evidence or accountability...
This is one of the rare technology advances where the government's interests align with getting the technology to be pervasive (typically, you'd have to fight and/or circumvent the government to push disruptive technology... see SpaceX, for example). That will virtually guarantee government approval for mainstream use, and probably slightly before the technology is actually safe.
It's hard to imagine a better technology for the government, though. Track everyone driving, set speeds to whatever you want, stop any car at any time for any reason (goodbye high speed chases, hello stop-and-frisk on the highway), manipulate traffic arbitrarily (you want people to not drive through your neighborhood at all? just a $100M political donation, and it's done!)... the list of benefits for the government goes on and on. If I'm the government, the quicker and more pervasively I can push automation technology which I implicitly control into every aspect of people's lives, the better.
This would be an excellent opportunity for the government to establish a policy to improve information security for vital systems (if the government were at all inclined to establish beneficial policy... but just go with it for the hypothetical).
The FDA could offer an open, public bounty for any demonstrable vulnerability in any medical device, with a sufficiently motivational amount (say, 2x the going black market rate for desirable vulnerabilities in other areas). Then they could establish a policy of fines levied in a multiple of that amount (say, 5x) against any vendor producing or marketing a product which had the vulnerability. At current going rates, that would be maybe a $100k bounty, and a $500k fine per vulnerability. Totally legal (FDA has existing jurisdiction to do so), and a great policy.
You'd see a sea change in the industry, as it would no longer be profitable to ignore info-sec entirely. Moreover, it would be a great precedent, monetarily scales up automatically, drives research which makes everyone safer, and it could be easily applied to other industries for the same goal and effect (eg: airlines, automobiles, smart grid, vital infrastructure, etc.).
Man, things like this make me REALLY wish we had a government which wanted to do beneficial things for the people...
Google results are literally the definition of not racist: they are not modifying their results or algorithm on the basis of race. The results are a reflection of prevalence and linkage of content online, which may reflect a societal racism, but even that is pretty tenuous based on the data presented. A more straightforward example is that online content is representative of statistical data, and/or societal perceptions, neither of which would indicate racism per se.
Moreover, the suggested "fix" to have Google bias search results on the basis of race IS LITERALLY RACISM. The people calling for Google to "fix" their results to be an inaccurate representation of online data are literally calling for Google to employ racism in generating their search results. *boggle*
I expect the twitter-verse to be stupid... but please at least try to not reflect their stupidity on Slashdot, kthanks.
I'd agree with the "dozen qualifiers" analysis, FWIW. The main reason to "update" to Windows 10, such as it is, is that the support period will be longer than that of Windows 7.
(I'm assuming OP is considering an update from Windows 7, the last good version of Windows... if you have Windows 8.x for some reason, the by all means, go ahead and go to 10.)
Be ware that virtually everything new in Windows 10 is a downgrade from Windows 7, though, and you'll need to do a lot of unchecking defaults and turning off things to get it into a reasonable state. You may also find yourself annoyed, as I was, with the extra click-throughs and confusing UI with control panel items before you can get to the actual controls, the non-intuitive and frustrating behavior of UAC, and the extra advertising spam in the OS. Also, most of the touted new features will be inaccessible without giving all your data to MS (eg: no MS account login, no integrated anything).
The abstract mentions the potential for job loss and security vulnerabilities, but neglects to mention the inherent problem with ubiquitous government surveillance and control, which is inherent with a system of network-connected self driving vehicles. It may not be a concern to the majority of drivers, but since nobody has anything remotely approaching a solution to the problem of the government, that problem is not declining any time soon. Whenever the news picks up on, say, politically motivated assassinations using self-driving vehicles, there's going to be a backlash which might be hard to mitigate, even with the level of media control the government currently has. That's not to mention, of course, the non-idiotic people who will simply refuse to put themselves in that situation in the first place.
Self-driving cars might be ready for sale sooner rather than later, but there are some pretty significant challenges to wide-scale adoptions which the developers of such have not yet begun to address.
I'm sure this won't get much visibility, but for what it's worth...
Apple has smart lawyers, which made it odd for me to read when they were basing their primary objection on first amendment grounds, rather than the more obvious undue burden defense (and/or reference to this law, and the lack of statute which would compel them to rewrite the OS). But more recently, the government made their real strategy more clear (ie: rewrite it, or give us the code), which made Apple's strategy make more sense. Although the government cannot necessarily compel Apple to rewrite the OS code, they have much better legal footing to compel Apple to give them the OS code, and presumably could write GovOS themselves fairly trivially.
That's where the freedom of speech argument comes in: although the government can, in effect, steal Apple's code (legally), it's much more clearly established that they cannot compel Apple to "say" that it's coming from Apple (in technical terms, sign the code). Without the code signature, GovOS cannot be pushed onto, or run on, iOS devices. In essence, Apple was countering the more legally persuasive argument that the DOJ was holding back as their would-be trump card, if Apple fought the initial ruling. Well played, indeed.
For the sake of everyone in the US (and not to mention all the principles the country is founded on), I sincerely hope Apple prevails. Their forethought in legal argument gives me some hope that all is not lost, privacy-wise.
Common... that would take far too long. You need to issue the NSL right away, and compel the backdoor RAT to be deployed immediately. That way as soon as you identify a dissonant... uh, "terrorist", you can immediately take any and all actions through the vehicle's systems to help protect the children. Who knows, the terrorist might be in his car, driving by a school, and you had to accelerate it into that tree to protect the kids. It's national security, so you can't do anything about it.
The second paragraph where I specify what the "study" does and doesn't indicate, based on the actual study methodology, is rank with hyperbole... how?
Perhaps you meant the third paragraph, where I speculated on an alternative explanation (in which case you might want to look up "hyperbole"). Admittedly, though, the statement that vulnerability control is laughable in Oracle products is somewhat unsubstantiated, although I assumed it was common knowledge (among the knowledgeable in the field) at this point. If not, perhaps this would be an eye-opener [into the absurdity of their culture with respect to "secure" products]: http://arstechnica.com/informa...
Slashdot Mirror
Honestly, it's more interesting to discuss why this topic keeps getting brought up than the actual topic itself. Re the original topic, it's pretty much a dead horse at this point: Linux is objectively bad for people who want something which just works (especially for the last 10% cases). That's the main issue, it's always been the main issue, it hasn't gotten any better over the last 15 years, it's unlikely to ever get better, end of story.
So why does this horse keep getting dug up and beaten again every few years? Are the hardcore Linux supporters simply delusional? Is there some marketing push to get more people onto Linux? Is it just a Slashdot thing (ie: keeping the dream alive, even though it's been dead for decades)? Is there any new reason to think the status quo will ever change? Why is this "news"?
Politics in the US is a mess; divisiveness is up, discourse is down, and partisan fighting takes priority over any improvement. Swapping one side for the other won't fix this, and people are too focused on the symptoms to address the underlying problem. There are plenty of people in the country with plenty of reasonable ideas for improvement in government, but no practical way to affect any actual improvement.
If we want to fix the underlying problem, we have to solve for the meta-problem: how to get better quality people in office, preferably not politicians, and certainly not just people on "the other side". This is a solvable problem, and possibly the most important problem for modern society, yet we're making minimal progress on it. Hopefully sometime soon we can start trying to solve the actual problem.
This argument works just as well for other professions; allow me to demonstrate.
People have been building airplanes for roughly twice as long as their have been computers, but yet we are still paying hundreds of millions of dollars for top-end fighter jets. Why is that? Why have we not yet advanced to the point where building fighter jets is commoditized, and can be done with minimum wage workers with high school educations? Why do we still have to pay exorbitant salaries for so-called "experts", in this nerd-driven culture of exclusivity? #RocketScienceForAll
See, the answer is pretty simple, when you are enough of a "rock star nerd" to apply some simple logic. Making complex computer programs is "hard", and thus requires people with "intelligence" and "experience". It's the same in pretty much every specialized profession; programming is sorta the outlier because for some reason (media, outreach, or otherwise), people seem to have the misguided notion that if we were better at dumbing it down, we could make it accessible to everyone. The reality, though, is that for the same reasons that we don't have many high school only educated doctors, or lawyers, or physicists, or rocket scientists, etc., we also don't have (and it's not really possible to have) a plethora of minimally educated/experienced good software developers.
TL;DR: Don't be an idiot, good science/engineering is hard, and that's why "normal" people cannot magically be good engineers. Try to remember that good engineering is hard, even if ignorant people say programming should be easy.
Not sure if this should even be "news", per se. Google's total lack of care for qualify and usability of their software is sorta ubiquitously understood at this point.
I mean, this is the company which produces a phone operating system which unlocks the display for a device (in your pocket, for example) when answering via Bluetooth, a significant usability flaw which has been reported, acknowledged, and complained about for 6+ YEARS. Based on experience, there's no reason to suspect that ANYONE at Google cares AT ALL about usability of their software, and/or fixing bugs, and/or customer experiences.
But to be fair to Google, this has been the case since day one, and this is not new or news. If you want something you can tinker with, Google has [plenty of] products for you; if you want something which works, try elsewhere (eg: Apple, Microsoft, etc.).
I don't miss anything about Windows Mobile in particular (and I detest how it was allowed to influence the desktop OS in some weird, genetic abortion of design failure), but I do miss the time before it was released, when the ecosystem was full of promise. I miss the idea of a mobile OS which wasn't a walled garden, but also wasn't a cluster-f of unpatched, vendor "optimized" garbage, with tons of bloatware and more persistent bugs and usability issues than anyone would have thought possible. I miss the promise of something better than iOS, like the Microsoft of old, taking the solid foundation that Apple has built (in contrast to the garbage heap that is the Android ecosystem), copying it, and extending it to generic hardware, so the price would go down, and people would no longer have to choose between affordability and usability.
But then, it was not that Microsoft... it was the new Microsoft, the one which wasn't even intelligent enough to grasp why people on the desktop didn't want a phone UI, much less what might constitute a "better" mobile experience. So much promise, so much failure.
People who can code all aspects of an application exist. They are typically older, more experienced, more rounded, and the good ones can get paid a considerable amount of money, precisely because they can understand and effectively code all aspects of the "stack".
What most companies are looking for are more unicorns: people who are young (ie: less external life, so they can/will work more), can code for all aspects of the stack well, single-handedly take projects to completion and/or coordinate between different groups, and don't know their actual market worth. Those people also exist, but they are much harder to find (and hard to retain, if/when they figure out their actual value).
What companies want doesn't always match what companies will take, if they cannot find their unicorns. Success is about making it work with what you have, not lamenting your inability to find the exact right candidate you think is out there.
Funny story:
In my old company (smaller), the company modified the IT policy to make it easier for employees to access email and company data on personal devices. This made it more likely that I would check email off hours, and possibly respond if necessary (which was not uncommon).
In my new (bigger) company, the IT policy is more rigid, and you cannot access company info (including email) without jumping through several hoops (corporate device, multi-factor auth, etc.). So I no longer check email/phone off hours, or feel any obligation to answer anything (if they wanted off hours interaction, they are either idiots, or should not have erected so many barriers).
The morale, I suppose, is that if you want to encourage good employee work/life balance, you should implement more security policies. Or not, I guess, depending on your corporate goals.
In addition to the totally obvious and "duh" ideas (which would already be done if we actually had any ability to improve the election procedure, such as eliminating gerrymandering, ranked voting with instant runoffs, open source software with cryptographic security and a verified paper trail, etc.), I have another thought.
It would be cool if you could arbitrarily proxy your vote to someone else (and/or multiple people). That is, to paraphrase a hypothetical, "I don't want to learn everything about this contest in order to make an informed decision, but I know someone who does, and that person thinks like I do; just count my vote toward his/her choice(s)." I don't think we're ever going to be able to get the average person to vote in an intelligent and informed manner for the best qualified candidate (see: Trump/Oprah), but we _might_ be able to get voters to proxy their vote to people whom they judge to be intelligent, well informed on political topic, and like-minded (eg: Jon Stewart, Bill O'Reilly, etc.). In turn, that just _might_ be able to get the country away from electing the least hated of bad options.
My 2c.
... one could implore the software vendors to make the update process less arduous, cumbersome, error prone, and OBNOXIOUS AS ALL HOLY HELL.
As someone who has, on multiple occasions/systems, got frustrated enough with Windows Update to disable the service (hint: that's the ONLY way to prevent it from randomly rebooting your system when you are trying to use it, whether you like it or not), I can say with some certainty that I would have no issue with leaving updates enabled, if the process wasn't so GODDAMN TERRIBLE. Suggestion to vendors and prognosticators: the vendors are as much, if not more, to blame as the users who respond to the INFURIATING behavior of their devices. Instead of blaming the users, I'd suggest perhaps it might be more productive to blame the vendors for the poor quality software which drives the users to disable it.
Not that I wouldn't necessarily want it, but since I have the Windows Update service permanently disabled because it's so incredibly and ridiculously obnoxious and "poorly designed" (for which that phrase alone in this context gives the idea of software design a bad name), I don't think I'll ever get prompted for it.
I'm still holding out for the day when MS manages to extract their metaphorical head from their ass for just long enough to comprehend that being as obtrusive as humanly possible with pushing updates is a MONUMENTALLY STUPID business decision, if you want people to actually take updates. Gotta stop drooling on the floor before you can walk, gotta walk before you can run, gotta run before you can pitch an "upgrade" as an actual upgrade, etc.
It's sorta off-topic, admittedly, but...
It's interesting that the editor chose to call out the assumption of the continued existence of the closed-source software businesses, without calling out similar precepts (eg: the continued existence of money, or countries). I mean, if money ceases to exist, then doesn't the question of pricing become moot? What about an asteroid wiping out life on the planet: that would also, presumably, substantially alter the economic dynamics of software pricing.
If you're going to call out exceedingly low probability future events to exclude from consideration, why stop with just one? Alternatively, why call those out at all?
As has already been stated, you generally want to prefer to use a third-party library over a custom implementation, for most security-related code. This is doubly true for well-defined algorithms, which are implemented in well-tested (and preferably open source) libraries.
However... there's an inherent danger in adopting third-party libraries based on uninformed assumptions about quality, as I'm personally well acquainted with. If you have a manager who is prone to making baseless assumptions, and downloading random packages off the internet which purport to be semi-related to the current problem development is experiencing, and insisting they be integrated as the "easy" solution for that problem, you're going to end up with bad quality software (or worse).
As the saying goes: garbage in, garbage out. If you're doing software integrations based on garbage processes, you're still going to get garbage out, no matter what the quality of each third-party module.
I was going to emphasize this too.
I can't speak for all of "tech" as an industrial area, but in software development at least, there are also substantial indirect affects from the quality of work, some of which can be difficult to measure (without someone knowledgeable auditing work). Just because something compiles and produces the expected output, does not mean it handles corner cases well, or works every time, or doesn't have undesirable side-effects, or is easy to maintain, or that the design scales, or is forward-thinking in terms of technology choices, etc., etc. Getting all of those latter things might not be important in a few specific cases (eg: creating strictly throw-away demo-ware for marketing purposes), but in most business cases, each of them has a monetary value attached, and you could certainly be justified in paying more to get them.
Also, the point about competent foreign workers is well taken as well. To re-use my analogy, it's not as if there are not skilled foreign contractors also... but those people don't hang out at Home Depot, waiting to do day labor for under-market wages, they have higher paying jobs closer to home. The people who are being rented out as "cheap" foreign labor are, in most cases, "cheap" foreign labor, and you get what you pay for. It's just that in tech, more than other industrial areas, you generally get less productive value out of rote labor (in my experience).
This is very true. In the software industry, especially, there is a vast difference between people who are good developers, and people who are "just able to write code". For the organizations who employ a lot of the latter (either though legitimate need, or simply inability to attract and/or hire the former), outsourcing can be economically viable... as long as you are able to still stay in business, that is.
I know, anecdotally, that several "smarter" organizations who experimented with outsourcing software development for cost reduction have since "in-sourced" it back for quality purposes. I know others who would not have made that error in the first place. For those organizations, ability can still have value.
Obviously this is not applicable to all tech workers, but...
In many cases, there's a fairly substantial difference in expectation of work product, both in terms of quality of work produced, and in ability to execute anything more than rote work. While it's true that those qualities may not matter for those organizations who choose to outsource tech labor, there can be a very quantifiable increase in product quality from workers who are more vested in and capable of producing a higher quality product, which can be translated into demand for higher compensation.
It's kinda the same as the difference between a certified general contractor, and a guy you pick up at Home Depot to do some work for you. You don't expect to pay the general contractor a small amount of cash under the table, and he doesn't have any need to make his rate "competitive", because he'll be able to find people willing to pay for a higher quality of skill, knowledge, and ultimately work product. There's a reason that most tech companies who outsource their high-skill labor to inexpensive countries don't stay competitive long...
That's my experience, anyway.
As with other instances where the ROI for implementing good computer security is not there, with potentially disastrous societal consequences...
Make manufacturers liable for damages if their devices are compromised for malicious purposes (DDOS, PII extraction, etc.). Make anyone collecting PII or selling a network-connected device have insurance to cover liability for losses due to security. Bam, problem solved: the insurance market will create the implied ROI (vis-a-vis reduced insurance costs), and businesses will either modify their products or behavior accordingly. The solution also side-steps most of the traditional and vexing issues with government oversight (eg: since there's no government-specified "security standard" or anything, there's no potential to make a gigantic mess of that).
It seems so obvious, but I suppose that's why it's seemingly entirely inscrutable to the people in government...
This is only really bad if the remote connectivity portion is physically connected to the CAN bus, so as to affect vehicle control through remote commands, and be effectively impossible to secure well enough to prevent exploitation.
... except this is what every manufacturer does with their telematics systems, on purpose.
I guess it's only monumentally stupid if you write the software such that it can rewrite it's firmware and whole control system via remote update.
... which is what Tesla does, for "customer convenience".
Gosh, yeah, I guess this whole "remote connected car" thing is pretty monumentally idiotic. I wonder if there is some ulterior motive for the government to push such an obviously stupid system, which allows someone with access to completely remote control a vehicle with no trace of evidence or accountability...
... oh, wait, never mind, nothing to see here.
This is one of the rare technology advances where the government's interests align with getting the technology to be pervasive (typically, you'd have to fight and/or circumvent the government to push disruptive technology... see SpaceX, for example). That will virtually guarantee government approval for mainstream use, and probably slightly before the technology is actually safe.
It's hard to imagine a better technology for the government, though. Track everyone driving, set speeds to whatever you want, stop any car at any time for any reason (goodbye high speed chases, hello stop-and-frisk on the highway), manipulate traffic arbitrarily (you want people to not drive through your neighborhood at all? just a $100M political donation, and it's done!)... the list of benefits for the government goes on and on. If I'm the government, the quicker and more pervasively I can push automation technology which I implicitly control into every aspect of people's lives, the better.
This would be an excellent opportunity for the government to establish a policy to improve information security for vital systems (if the government were at all inclined to establish beneficial policy... but just go with it for the hypothetical).
The FDA could offer an open, public bounty for any demonstrable vulnerability in any medical device, with a sufficiently motivational amount (say, 2x the going black market rate for desirable vulnerabilities in other areas). Then they could establish a policy of fines levied in a multiple of that amount (say, 5x) against any vendor producing or marketing a product which had the vulnerability. At current going rates, that would be maybe a $100k bounty, and a $500k fine per vulnerability. Totally legal (FDA has existing jurisdiction to do so), and a great policy.
You'd see a sea change in the industry, as it would no longer be profitable to ignore info-sec entirely. Moreover, it would be a great precedent, monetarily scales up automatically, drives research which makes everyone safer, and it could be easily applied to other industries for the same goal and effect (eg: airlines, automobiles, smart grid, vital infrastructure, etc.).
Man, things like this make me REALLY wish we had a government which wanted to do beneficial things for the people...
Google results are literally the definition of not racist: they are not modifying their results or algorithm on the basis of race. The results are a reflection of prevalence and linkage of content online, which may reflect a societal racism, but even that is pretty tenuous based on the data presented. A more straightforward example is that online content is representative of statistical data, and/or societal perceptions, neither of which would indicate racism per se.
Moreover, the suggested "fix" to have Google bias search results on the basis of race IS LITERALLY RACISM. The people calling for Google to "fix" their results to be an inaccurate representation of online data are literally calling for Google to employ racism in generating their search results. *boggle*
I expect the twitter-verse to be stupid... but please at least try to not reflect their stupidity on Slashdot, kthanks.
I'd agree with the "dozen qualifiers" analysis, FWIW. The main reason to "update" to Windows 10, such as it is, is that the support period will be longer than that of Windows 7.
(I'm assuming OP is considering an update from Windows 7, the last good version of Windows... if you have Windows 8.x for some reason, the by all means, go ahead and go to 10.)
Be ware that virtually everything new in Windows 10 is a downgrade from Windows 7, though, and you'll need to do a lot of unchecking defaults and turning off things to get it into a reasonable state. You may also find yourself annoyed, as I was, with the extra click-throughs and confusing UI with control panel items before you can get to the actual controls, the non-intuitive and frustrating behavior of UAC, and the extra advertising spam in the OS. Also, most of the touted new features will be inaccessible without giving all your data to MS (eg: no MS account login, no integrated anything).
The abstract mentions the potential for job loss and security vulnerabilities, but neglects to mention the inherent problem with ubiquitous government surveillance and control, which is inherent with a system of network-connected self driving vehicles. It may not be a concern to the majority of drivers, but since nobody has anything remotely approaching a solution to the problem of the government, that problem is not declining any time soon. Whenever the news picks up on, say, politically motivated assassinations using self-driving vehicles, there's going to be a backlash which might be hard to mitigate, even with the level of media control the government currently has. That's not to mention, of course, the non-idiotic people who will simply refuse to put themselves in that situation in the first place.
Self-driving cars might be ready for sale sooner rather than later, but there are some pretty significant challenges to wide-scale adoptions which the developers of such have not yet begun to address.
I'm sure this won't get much visibility, but for what it's worth...
Apple has smart lawyers, which made it odd for me to read when they were basing their primary objection on first amendment grounds, rather than the more obvious undue burden defense (and/or reference to this law, and the lack of statute which would compel them to rewrite the OS). But more recently, the government made their real strategy more clear (ie: rewrite it, or give us the code), which made Apple's strategy make more sense. Although the government cannot necessarily compel Apple to rewrite the OS code, they have much better legal footing to compel Apple to give them the OS code, and presumably could write GovOS themselves fairly trivially.
That's where the freedom of speech argument comes in: although the government can, in effect, steal Apple's code (legally), it's much more clearly established that they cannot compel Apple to "say" that it's coming from Apple (in technical terms, sign the code). Without the code signature, GovOS cannot be pushed onto, or run on, iOS devices. In essence, Apple was countering the more legally persuasive argument that the DOJ was holding back as their would-be trump card, if Apple fought the initial ruling. Well played, indeed.
For the sake of everyone in the US (and not to mention all the principles the country is founded on), I sincerely hope Apple prevails. Their forethought in legal argument gives me some hope that all is not lost, privacy-wise.
Common... that would take far too long. You need to issue the NSL right away, and compel the backdoor RAT to be deployed immediately. That way as soon as you identify a dissonant... uh, "terrorist", you can immediately take any and all actions through the vehicle's systems to help protect the children. Who knows, the terrorist might be in his car, driving by a school, and you had to accelerate it into that tree to protect the kids. It's national security, so you can't do anything about it.
The second paragraph where I specify what the "study" does and doesn't indicate, based on the actual study methodology, is rank with hyperbole... how?
Perhaps you meant the third paragraph, where I speculated on an alternative explanation (in which case you might want to look up "hyperbole"). Admittedly, though, the statement that vulnerability control is laughable in Oracle products is somewhat unsubstantiated, although I assumed it was common knowledge (among the knowledgeable in the field) at this point. If not, perhaps this would be an eye-opener [into the absurdity of their culture with respect to "secure" products]: http://arstechnica.com/informa...