Slashdot Mirror


User: fuzzyfuzzyfungus

fuzzyfuzzyfungus's activity in the archive.

Stories
0
Comments
15,204
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 15,204

  1. Re:And when they get bitten in the ass? on Google Advocates 7-Day Deadline For Vulnerability Disclosure · · Score: 4, Interesting

    Seem like they recommending it only for "critical vulnerabilities under active exploitation".

    Honestly, I'm a bit surprised that they offer even seven days of cover for vulnerabilities with detected exploits. I can certainly see the wisdom of the "Please, don't release 'proof of concept exploit toolkit, not for use for evil' ten minutes after emailing the vendor about the problem..." appeal; but I'd be inclined to report the discovery of an active exploit immediately, as being a noteworthy event in itself.

  2. Re:And when they get bitten in the ass? on Google Advocates 7-Day Deadline For Vulnerability Disclosure · · Score: 4, Insightful

    The big kicker is "under active exploitation". If no exploits are known in the wild, it's still necessary to light a fire under the vendor's ass(you can't assume that the flaw isn't just sitting in somebody's high-value-zero-day arsenal, or that it won't be discovered and exploited in the future); but there is a real argument in favor of trying to work with the vendor to get a proper fix in place before releasing the details, and more or less assuring that every dumb script kiddie can implement the attack if they want.

    If something is already 'under active exploitation', though, the cat is already out of the bag, and the choice isn't really in your hands anymore. The clock already started ticking. Whether you like it or not, every hour it goes unfixed is more room for more attacks. Keeping quiet about it harms the ability of end users to take protective action, and really only helps the vendor save face, which isn't a terribly valuable feature.

    Now, I don't doubt that Google's 'webapps and silent autoupdaters' style gives them a certain self-interested enthusiasm(compared to vendors who cater to much more sedate patch cycles) for fast disclosure; but, again, 'under active exploitation' is the phrase that makes their position(however self-interested) merely realistic. If you know that team black hat already knows about it, you don't really get to choose when it is disclosed, since that has already happened. You only get to choose how slow you make the vendor look.

  3. It's always been rather striking.. on First Looks At Windows 8.1, Complete With 'Start' Button · · Score: 4, Insightful

    I can never quite shake the dissonance associated with the fact that the OS called 'Windows' has always had fairly shit window management and now seems hellbent on making it worse(Gosh, why wouldn't a UI designed for 10' or smaller touch-tablets be a bad idea on a dual-head desktop? I sure can't think of any reasons...)

  4. Re:Objection to the formal objection. on EFF Makes Formal Objection to DRM In HTML5 · · Score: 3, Informative

    This standard doesn't standardize the DRM, it just standardizes the interface for interacting with the DRM module...

    The 'Content Decryption Module' itself is not part of the standard, and there are no requirements as to it being cross platform, consistent, transferable, or anything else except that it provide a few javascript interfaces to twiddle. That's it.

    It's "Standardized" in the sense that Silverlight, Flash, and Java are "standardized" because they can all be embedded with the 'object' tag...

  5. Re:Objection to the formal objection. on EFF Makes Formal Objection to DRM In HTML5 · · Score: 5, Informative

    I don't want to be slave of plugins.

    I don't want to be slave of browsers.

    I don't want anymore to be slave of ECOSYSTEMS making me have three or four platforms just to be able to access content.

    I prefer if HTML includes provisions to allow optional cross-platform DRM instead of having to rely on plugins/stores/apps.

    This proposal doesn't free you from plugins, or provide 'cross-platform DRM'. It just renames 'plugins' to 'content decryption modules' and provides absolutely no requirement as to how cross platform they are or aren't(indeed, they explicitly state 'CDM may use or defer to platform capabilities' and may handle all steps from decryption to actually drawing on the display).

  6. Re:Content moving to apps more of an impediment on EFF Makes Formal Objection to DRM In HTML5 · · Score: 5, Informative

    The problem is that the "Web" DRM doesn't actually solve the problem of 'content' being moved to nasty proprietary little silos, it just offers a way of embedding your locked-down platform of choice into a web page.

    Because the only thing standardized is a few javascript hooks for interacting with the 'Content Decryption Module'(there is a single, toy, javascript-based CDM; but it fails even lax robustness requirements and is somewhere between a 'hello world' example and red herring), and the CDM is free to do whatever it likes for everything from the decryption step to actually painting the frames on the screen, the CDM doesn't replace the 'un-web' proprietary stack, it is that stack.

    If, by some magic, this proposal actually were magic-interoperable-web-based-DRM, it'd at least have pragmatic virtues going for it; but it isn't. It's as 'web based' as a site that consists of nothing but a java applet inside an Object tag, or a site that wraps a win32 program in an activex control.

  7. Re:Groan on Hospital Resorts To Cameras To Ensure Employees Wash Hands · · Score: 1

    It was an issue 20 years ago; the literature on this goes back decades, and none of the attempts to fix it have worked. This is one of the main causes of deaths in hospitals, and it's high time hospitals do something about it.

    I assume that it's an issue that gets slightly more play now because we are(unfortunately) on the downswing in terms of antibiotic efficacy.

    Sanitation has always been better(and probably cheaper and less risky, in terms of morbidity/mortality and extended hospital stays); but the golden age of antibiotics was probably the high point for being able to fix sanitary fuck-ups after you've already committed them. Alas, we appear to be leaving that golden age, at least until somebody comes up with a clever new strategy, so the emphasis is back on sanitation.

  8. Re:BIOS on Taking Action For Free JavaScript · · Score: 1

    Or, you know, you can go OpenSPARC or OpenRISC. Or is freedom #1 until it costs cash?

    Are you proposing that the FSF come up with the funds to become a fabless semiconductor company, or would they be joining the notoriously inexpensive and OSS-friendly world of reasonably high performance FPGAs?

  9. Re:BIOS on Taking Action For Free JavaScript · · Score: 3, Insightful

    Ah yes, nothing says "freedom" like buying a product from the Chinese government.

    When your options are a Chinese-OEMed shitbox whose guts are guarded by American lawyers, or a Chinese-OEMed shitbox whose guts aren't guarded by American lawyers...

  10. Re:Gosh!!! on Taking Action For Free JavaScript · · Score: 3, Informative

    Minified JavaScript is for convenience of transport. It's no different from compiled code, which GNU software happily produces.

    And, you'll notice that GNU software is licensed so as to ensure that you have access to the uncompiled stuff, specifically because compiled code is dubiously fit for anything except execution.

    If there is an option to get at the un-minified stuff, I'd be astonished if you heard another word on the matter from the FSF about the use of the minified form for the sake of bandwidth use and efficiency.

  11. Re:Gosh!!! on Taking Action For Free JavaScript · · Score: 3, Insightful

    It's also worth remembering to evaluate 'fananticism', and decide whether or not 'pragmatic' or 'realistic' are actually good things, in the context of all the players:

    If Stallman were, by some cosmic quirk, made omnipotent dictator for life, the question of whether he is 'too fanatical' would start to matter a bit more. As it is, though, Stallman has zero coercive power over just about anybody, and isn't likely to obtain any more(if anything, the SFLC is pretty chill about litigating against even people who voluntarily placed themselves under the terms of the GPL by using GPLed code for some purpose or other, they could turn the screws harder than they do, and I'd take them over the BSA any day...) Be he ever so fanatical, his power is so limited(and so counter-balanced by deep pocketed and well-lawyered proprietary vendors) that his influence on you cannot be greater than, and may be less, than attempts at persuasion and voluntary offers.

    Then there's the fact that, given the more or less continual pressure from people who see copyright maximalism and DRM as good for their bottom lines, 'pragmatic' compromising is likely to result in outcomes that converge, more or less swiftly, with those they originally stood against. If one side stands firm, and the other agree's to split the difference, you Zeno your way toward agreement within just a few rounds.

  12. Re:Gosh!!! on Taking Action For Free JavaScript · · Score: 3, Insightful

    The FSF's position on javascript is perfectly consistent with their position on other software; because javascript is just software. It hardly seems surprising that they would be displeased that government-backed, your-tax-dollars-at-work sites would be relying on proprietary javascript.

  13. News flash... on Why Everyone Gets It Wrong About BYOD · · Score: 2

    In case our good buddy Brian missed the past couple of decades, nothing is simple about 'ownership' in our delightful brave new world of digital devices...(even if we might want it to be)

    "Licensed not sold", DRM in all its myriad permutations, encrypted bootloaders, SIM-locked cell modems, systems that phone home faster(and in much greater detail), than ET, activesync policies that give IT the ability to nuke your phone if you want to connect to your email, all the good stuff.

    Even in his article, purporting to be all progressive and whatnot about recognizing 'ownership, he says "The good news is that plenty of tools allow you to isolate all your business data from employees' personal data. Those tools can let you wipe business data from their devices without touching their photos and private emails." This is, in effect, a polite way of saying that "There are plenty of tools that allow you to gain control over a slice of somebody else's device in a way sufficiently robust to keep them from messing with that slice'.

    Above and beyond all the usual amusements of negotiations between dubiously equal parties, contemporary computers offer ample power to enforce restrictions of virtually arbitrary complexity over what we quaintly pretend that you 'own'.

  14. Re:Um, excuse me on Planetary Resources To Build Crowdfunded Public Space Telescope · · Score: 2

    ... you might be a troll but...

    They've always said step 1 was creating all of these small cameras to send into space to look for asteroids. This way they can catalog all the asteroids first and what they're made of. Then they can go get the ones they are interested in. We apparently only know of a fraction of asteroids currently in our solar system and only know what a few of them are made of.

    Apparently, the device they are kick-starting is a tech demo/prototype of the ones they want to hunt asteroids with. Whether you think of the offer to pay for slices of it as a 'win-win proposition' or 'why am I subsidizing your R&D again?' is up to you.

  15. Re:Pocket Change on Planetary Resources To Build Crowdfunded Public Space Telescope · · Score: 1

    Couldn't Branson just kick in the $1M out of pocket change?

    I'm pretty sure that you don't get to the position where you can do that by doing that if you could get somebody else to do it instead...

  16. Re:Really you need our money on Planetary Resources To Build Crowdfunded Public Space Telescope · · Score: 1

    Kickstarter is a slightly awkward fit for some of the uses it has been put to.

    For purely charitable purposes, having a 'the cash gets returned, not dumped into a black hole, if the project never gets off the ground' mechanism is really quite sensible. If Project X simply can't be done for less than Y dollars, it's extremely useful to have some way of asking for Y dollars; but freeing each potential contributor from the concern of 'Well, I'd give if I knew it were going somewhere; but if you raise less than Y I might as well have just given it to some bloated and dubiously efficient; but known-functional, outift..."

    And, (as much as they try to deny it, to avoid customer service happy fun time), it also works reasonably well as a store for niche toys. In exchange for loaning you the purchase price, I get a (not perfect; but so far reasonably decent) shot at getting whatever toy I want that nobody could necessarily get a bank or a VC to look twice at. Ok, fair enough.

    Things start to get increasingly awkward as you move toward overtly commercial products asking for more money (or longer time to delivery) than is justified as a purchase price. They have no method(I assume that this is because they don't want to become a stock exchange), for a kick-started entity to offer anything that isn't a more or less fixed-value item(and, since the payoff is uncertain, realistic kickstart projects can only offer you something of fixed value on the low end of the possible payoffs).

  17. Out of curiosity... on Planetary Resources To Build Crowdfunded Public Space Telescope · · Score: 2

    How much of a penalty, relative to the penalties incurred for things like small size, subpar optics, etc. does putting up with the atmosphere impose? (I understand that for certain wavelengths it's basically 100%, but this isn't an extreme UV instrument or anything).

    I'm told, by people more closely involved with amateur astronomy than I, that a 200mm aperture is a pretty small instrument, especially for reflector-based designs. How well would you expect it to perform compared to, say, a ~$10,000 device in some reasonably-non-light-polluted rural area(nothing heroic; but not necessarily within spitting distance of a major population center). A $50k? $100k?

    Obviously, 'in space' is sort of its own reward; but(because space telescopes have historically been built only when somebody with relatively deep pockets wants to attack a problem that they can't build a ground telescope for), I really don't have a sense of how much advantage 'in space' gets you compared to a much less design constrained piece of hardware that has to look through the atmosphere; but also didn't have to be launched into space.

  18. Re:How do you value a "FaceBook"? on Nasdaq Fined $10M Over Facebook IPO Failures · · Score: 4, Insightful

    Just remember: An 'analyst' is somebody who can make more money by selling advice on investing than he can by investing according to his own advice...

  19. Re:Cause and effect on Blizzard's Unannounced 'Titan' MMO Rebooted, Development Team Reduced · · Score: 1

    I'd be curious to know what, if any, shift in the makeup of the dev team occurred during the 'drastic reduction'. Was it roughly proportionate, just the hive tyrants at Vivendi responding to bad numbers by reflexivel cutting costs?

    Was it the project getting more or less thrown away and rebooted? Was it the entire art team busy modelling pet zergling DLC for 'World of Starcraft' being sacked and the remaining developers told that they'll have to actually develop a new game, not a WoW mod?

  20. Re:as opposed to the 300 trillion on Internet Payment Processor Liberty Reserve Accused of Laundering $6 Billion · · Score: 1

    that HSBC may have laundered..

    Blue collar crime does not pay...

  21. From playing with the demo last time it was mentioned, their implementation simulates the optical effects of varying the speed of light(getting massive doppler shifts at walking pace made me want to puke); but doesn't simulate(beyond a very rudimentary 'running and jumping on a plane with some scattered scenery) changes in mass, deformation of either objects or space or both. The new release may be more comprehensive, haven't had a chance to look at it yet.

  22. Re:this thing is terrible on WeVideo Helps You Edit Your Videos Online (Video) · · Score: 4, Informative

    It gets better: Apparently, there is a 500MB upload limit, so if you want to trim the fat on a long take(only one of the ridiculously common use cases for a basic video editing tool, and the one most likely to save 'my-insufferably-drawn-out-shakycam-footage-of-some-tourist-bullshit-you've-all-seen-shot-by-professionals-a-dozen-times.m4v'), you are SOL...

    Also... encouraging... is the little tidbit on their 'business' page. Down near the bottom, "Usage rights". Apparently, kids, what you can do with the video you create is determined by what tier of video editor you purchased. Welcome to the glorious future!

  23. Skeptical fungus is very skeptical indeed... on WeVideo Helps You Edit Your Videos Online (Video) · · Score: 4, Interesting

    Unless their capabilities are god's gift to amateur video editing or something, I don't get it. The pricing is (while probably necessarily so, to handle the bandwidth and compute) dangerously close to basic video-editing shovelware that doesn't require you to twiddle your thumbs while the source video gets uploaded, or put up with a 720p(extra per-export fee for 1080!) resolution cap. And the storage and export-length limits should be fairly easy to hit unless you are really just looking for something that is the video equivalent of the 'crop' tool.

    Mac users, of course, have something out of the box that is dangerously likely to be competitive(and even more recent WMM, while a bit of a joke, is at least unhindered by bandwidth constraints and nickle-and-dime pricing).

    Heck, if it simply must be 'cloud', let's see your 60-second elevator speech about why this isn't the sound of Google curb-stomping your company and spitting on its corpse. Surely you have one, right?

  24. Re:What exactly is their business plan? on Opera Releases Its First Chromium-Based Browser · · Score: 4, Insightful

    FF also seems to still have the edge in plugins. Google has been pushing their 'apps' hard; but those still seem to mostly focus on 'here's a neat thing that you can implement in HTML/CSS/JS' rather than 'here's something that changes the browser's behavior in useful and powerful ways'.

  25. Re:The problem with the "old" Opera was JS on Opera Releases Its First Chromium-Based Browser · · Score: 1

    V8(the Chrome/Chromium javascript engine) is BSD, so there wouldn't have been a license issue with continuing to use Presto; but swapping out Carakan for V8.

    That sort of thing probably isn't minor surgery, though, so you'd really want some kind of cool feature in Presto to go to all the trouble instead of just going more-or-less-stock-Chromium with UI tweaks...