Slashdot Mirror


User: TheLink

TheLink's activity in the archive.

Stories
0
Comments
12,789
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,789

  1. Perspective on Yale Law Student Wants Government To Have Everybody's DNA · · Score: 1

    Yeah, barring a few crazies, the average street criminal just wants your wallet and other valuables you happen to be carrying (he may rough you up a bit, but cops here might beat you up too if they suspect you of stuff).

    I'm not sure about how it is for the rest of you elsewhere, but my corrupt government (Malaysia) has misspent far more of my tax money than the average street criminal has robbed from me.

    Just look at various bank robbery stats too for perspective. Compare how many bank robbers take per year with a bunch of wallstreet bonuses.

    And how many do robbers kill? "don't drive while on the phone" and better driver training might save far more lives.

  2. Re:Refuting the imaginary article in your head on How To Guarantee Malware Detection · · Score: 1

    > Trojans and infected binaries cannot really be solved by sandboxing either because somebody has to set the permissions,
    > and that somebody is either the OS, the malware writer, or worse, you.

    I have actually suggested that the malware writer _request_ the permissions.

    I'm serious. See: https://bugs.launchpad.net/ubuntu/+bug/156693

    It is easier to check the requested permissions for "badness" than to figure out the program.

    If the permissions are from a known set of templates provided by the O/S, it is even easier for the normal user to figure out whether the program is up to no good or not, since the O/S can provide some hints.

    If the permissions are custom, a 3rd party can audit them and sign them, and an administrator could allow ANY program to be run by the user, _as_long_as_ it uses certain sandbox templates, or if it uses a custom sandbox, the sandbox is signed by a set of trusted parties.

    Furthermore it is easier to automate the checking of the requested sandbox for "badness", than it is to automate the checking of new unknown programs for "badness".

    This scenario is analogous to solving the halting problem by having the program writer request up front how much time the program wants, and the user or O/S or "AV software" deciding whether to approve it, and if approved the O/S enforcing the approved sandbox.

  3. Re:Refuting the imaginary article in your head on How To Guarantee Malware Detection · · Score: 4, Insightful

    > have to scan and know what to look for?

    If Dr. Markus Jakobsson has solved that, it is strange he hasn't also announced that he has solved the halting problem ;).

    Figuring out whether a bunch of bits is or isn't malware is going to be as hard (or harder[1]) to figure out whether a program given a particular input will halt or not.

    [1] Especially when that bunch of bits might later on download a new bunch of bits. Yes I know in theory it is impossible to solve the halting problem (no general solution), but in practice some special cases can be solved.

    In contrast it's harder to solve the malware problem when you assume they can fetch new instructions and data, and from an active hostile party.

    Sandboxing is the way to go. Sandboxing is analogous to avoiding the halting problem by having a time limit on the program.

    No need to figure out whether the program is malware or not. Just make sure it can't do what you don't want it to do. Let the OS sandbox it.

  4. Re:Theory and hand-waving on How To Guarantee Malware Detection · · Score: 1

    > It is only to detect that there is some malware present,

    No, he claimed in the article that:

    > This tells us a few interesting things. We can guarantee detection of malware.
    > And that includes zero-day attacks and rootkits. We can even guarantee that we will
    > detect malware that infected a device before we installed our detection program.

    To me _guaranteeing_ detection of malware (especially zero-day ) is similar to solving the halting problem (without having the source code and knowing all the possible inputs).

    I am not a Computer Scientist but to me getting an external verifier to figure out "is this bunch of bits malware or not" is going to be as hard or harder than getting an external verifier to figure out "does this program halt or not" given the program and its inputs. Since with the former you do NOT know its full inputs - it could download new instructions from the Internet.

    A better way to defend against malware is sandboxing. Sandboxing is _analogous_ to avoiding the requirement of solving the halting problem by actually setting a time limit on how long a program can run.

  5. Re:Hey guise on In Israel, Potential Organ Donors Could Jump the Queue · · Score: 1

    I somewhat concede your point "Well - there is evidence that they had engineering skills in Egypt that we can't equal today.", assuming you mean we can't do things exactly the way they did, or don't know how they did some things.

    But that doesn't mean we can't build a pyramid. We just can't do it using the exact same methods the Egyptians did (since we don't know exactly what they did thousands of years ago).

    There are some interesting theories though: http://www.livescience.com/history/070518_bts_barsoum_pyramids.html
    And some arguments against it (of course :) ): http://www.cmc-concrete.com/CMC%20Publications/2007,%20The%20Great%20Pyramid%20Debate,%2029th%20ICMA.pdf

    Building a pyramid is a fairly parallelizable problem. Once you are willing and able to throw enough resources at the problem the issues become more of project management and logistics, than technology.

    To me building a nuclear powered aircraft carrier is a far more difficult problem. It involves relatively high level mastery of far more different technologies, sciences and methods (in addition to project management etc).

    > Can YOU come up with a method of moving those tons of rock, that doesn't require electricity, or gasoline or diesel power?

    A modern construction firm would prefer to use electricity, gasoline or diesel.

    That said, there are lots of Bangladeshis breaking up ships using human power (google for it ). So if you give me enough money (upfront) and reasonable time, perhaps I can convince them and others to build a pyramid. Then with your generosity, I can provide them with far better living and working conditions than what they are experiencing daily, and a better salary too.

    I assume one would be allowed to initially transport the workers from Bangladesh, India etc to the building area using modern tech ;).

  6. Re:15-stories? on SpaceX Conducts First On-Pad Test-Fire of Falcon 9 · · Score: 1

    Unless there are dupes.

  7. Re:Hey guise on In Israel, Potential Organ Donors Could Jump the Queue · · Score: 2, Informative

    > Well - there is evidence that they had engineering skills in Egypt that we can't equal today.
    > Try hiring a construction firm to build some of those pyramids. Go for it.

    They'll laugh at you, not because they can't build them. But because you're not going to be able to afford it.

    You're not the Pharaoh after all - the supreme absolute ruler of the nation.

    Or Bill Gates or any of those extremely rich billionaires (who'd have the $$$ for it, but they clearly have different priorities).

    A Nimitz class aircraft carrier is pretty much in the same order of magnitude in size, and far more complicated and sophisticated.

  8. Re:Exactly backwards on Final Decision Deferred On ".xxx" Domains · · Score: 1

    Yes we can workaround crap. But a) it's still suboptimal, b) the ICANN isn't doing a good job, c) it makes it harder to create a standard foundation to build local services from.

    Why should it be considered OK that everyone have to pay a few bucks extra/year and put up with unnecessary crappiness just because of ICANN?

    And have you even tried to register a short non-totally nonsensical domain recently?

    How much does it cost ICANN to just reserve one or two TLDs for everyone's private use?

    I know it does make the ICANN and friends more money if we had to pay to register domains for internal use, or pay the ICANN USD180000 (can't remember the latest rate) just to apply for a TLD.

    From a technical and efficiency ($$$ and time) POV it would just be better overall if a few TLDs were reserved for private/local use.

  9. Re:Highly sensitive data? on UK Intel Agency's Missing Laptops Might Contain Sensitive Data · · Score: 1

    Yeah, nowadays the GCHQ bunch would probably post it on Twitter.

  10. Re:Exactly backwards on Final Decision Deferred On ".xxx" Domains · · Score: 1

    I'm talking about doing things properly. What if the ICANN later approves the TLD you are using locally, for "yet another .com"?

    You then need to spend resources to migrate your stuff to a new domain. All because the ICANN isn't doing a good job.

    In my eyes the ICANN are a parasite. They allowed crap like domain front running and tasting.

  11. Re:You may be a victim of botnet counterfeiting on Malware Authors Learn Market Segmentation From the Best · · Score: 1

    Does cracking the malware copy protection violate the DMCA?

  12. Re:Toyota: on Toyota Acceleration and Embedded System Bugs · · Score: 1

    The car in front is a Toyota. And guess why ;).

  13. Re:Exactly backwards on Final Decision Deferred On ".xxx" Domains · · Score: 1

    Yeah. Having a .xxx domain is a good idea technically. It will make it easier to search for porn without getting too many false positives.

    It certainly is a better idea than those stupid .biz and .info domains which are just "yet another dot com to milk".

    The fact that the ICANN approves crap like .biz and .info and is taking so long to decide over .xxx just shows they aren't a technical organization ;).

    Note: I am still a bit sore with the ICANN since they ignored my proposal years ago to reserve a .here (or similar TLD) so that everyone can have a domain to address "physically" local stuff - just like everyone can use the RFC1918 IP addresses without clashing with the rest of the Internet.

    To me both .local and .here should be reserved for local/private usage (just like 10.x.x.x and the other two ranges are for RFC1918).

    The .local TLD is currently used for stuff like Bonjour, but it still has not been formally reserved.

    The ICANN can't even get stuff like that right.

  14. Re:Why? on Digg Says Yes To NoSQL Cassandra DB, Bye To MySQL · · Score: 1

    Yes, but how fast are they growing?

    If they aren't growing that fast, they don't need to scale that fast. Then they could just switch to Postgresql, and then ride comfortably behind the cutting edge of Intel and friends. Lots of companies aren't growing faster than the hardware performance increases. If you're a widget maker, you may grow fast, but not that fast, and maybe only fast in the initial stages.

    I can see lots of scenarios where MySQL would be hitting limits, but where Postgresql would be OK.

    In my opinion, MySQL never worked well, at best it worked OK. So many MySQL features were mutually exclusive - you want read speed, you can't have transactions, you want concurrent write speed you can't have full text search.

  15. Re:Oh really? on China Warns Google To Obey Or Leave · · Score: 1

    Yes they have a choice, and I think they've already chosen.

    Most of the citizens in China accept the situation, because things appear to be getting better (and by many measurements they are).

    They can look across the Pacific and see that the USA with all their democracy and freedoms isn't improving that much faster (in terms of the general welfare of its citizens).

    So why should they force a change _now_? They could still do that later right?

    Do people actually think that a switch from One Party to Two Parties will bring such a big improvement to China at this point of time?

    More and more Chinese people including top scientists are returning from the USA to China, because more and more think China is not so bad (despite them having experienced the greatness of the USA). See: http://www.nytimes.com/2010/01/07/world/asia/07scholar.html

    Maybe these people will be the seeds of change in China.

    To me a peaceful gradual evolution will be a better way of changing things in China than a violent revolution as you all seem to be proposing.

    Violent revolutions tend to lead to dictatorships. The person capable and willing of exerting the most violence tends to rise to the top (eliminating the others). And too often this sort of person doesn't let go of the power. That is why those "Communist" revolutions tend to end up with Dictatorships. The Communist Manifesto is fatally flawed since it has violence as part of its "design".

    There will be exceptions of course (some say the American Revolution is one of them), but they are rare.

    Even if they still end up only having One Party, so what? As long as the citizens are content with it what is the problem? Singapore has only One Party. Most Singaporeans don't really care that much. The US people appear content with their Two Parties, who combined get >95% of all the votes, if they are not content they sure have a strange way of showing their discontent.

  16. Re:Ass on China Warns Google To Obey Or Leave · · Score: 1

    Being an actual pioneer is overrated. Didn't Google capture the market from incumbents? Didn't Facebook take over from MySpace, Friendster etc?

    Yes, appearing to be a "pioneer" has some advantages. But you don't even need to be first to look like one :).

    Paying a big premium to be a pioneer is stupid.

  17. Re:Which DB is better? on Digg Says Yes To NoSQL Cassandra DB, Bye To MySQL · · Score: 1

    You have to figure out whether your company and user base are the sort that might grow fast or not.

    If you're only at the "brim" now with MySQL and you are only growing 10-30% every year, just switch to a better RDBMS product and your needs might be well taken care of by Intel, AMD, Broadcom, Cisco and the SSD/storage manufacturers for the next 5-10 years.

    If you are growing really fast, then sure you need something that really scales well horizontally. Horizontal scaling comes at a cost though.

    Just look at facebook, google, amazon, ebay etc. There seem to be about as many different custom solutions as there are these sort of "internet companies" (if not more :) ). So what works for Google might not work as well for Ebay.

    However the concepts of scaling out, dealing and processing lots of data are common, so you might just poach a few good people from those companies so that they can set up a system that works well for your requirements. If you are growing that fast, they'll be worth the investment.

  18. Re:The world. on Apple Loses Aussie Trademark Complaint Over "i" Name · · Score: 1

    The Chinese or Japanese may take over then...

  19. Re:Litigious society on Court Rules Against Vaccine-Autism Claims Again · · Score: 1

    The thing about some of these vaccines is that they are given to "everybody", unlike other medical treatments which are given only to those who have a problem.

    With the latter even serious side effects and risks to the individual may be acceptable when compared to the existing problem the individual is experiencing. The patient may accept the risk of kidney damage in order to have a better chance of surviving.

    In contrast the safety requirements for mass vaccines may have to be much higher, because you are applying it to a diverse range of people, many who are otherwise healthy. Thus it is not inconceivable to me that a few of these diverse range of people respond very badly to the vaccines (whether to the thimerosal or whatever).

    After all there are a few unfortunate people who have severe problems with foods ((e.g. peanuts) that 90% of the population have no problems with at all, or just have minor problems with.

    What to do about this? Perhaps nothing.

    Who is going to conduct tests to prove that the vaccines (including the preservatives etc) don't cause problems with "nearly all" children, and what sort of testing would actually prove it conclusively enough?

    And in event you do find that the vaccines do actually cause problems, you now have to find a way to cheaply and safely test everyone before you administer the vaccine, what if that test also has problems? :).

    Perhaps in the future once we learn more about the immune system and other stuff we might be able to make things safer. Meanwhile we might just have to say, "it's unlikely to be a problem and even if there are problems, the long term needs of the many outweigh the needs of the few". Too socialist a concept for some people? Oh well...

  20. Re:The only cognitive dissonance is your own on IBM Stops Disclosing US Headcount Data · · Score: 2, Interesting

    > but people will always band together into groups to protect their interests

    The US politicians are doing a good job of it.
    The CEOs and other elite are doing a good job of it (bonuses for screw ups etc).
    But the US voters in general aren't doing a good job of it.

    The "Republicans and Democrats" voters are like those pro-wrestling fans - their team can do no wrong at least in comparison with the other team (even if they do the same bad thing as the other team).

    The Libertarians don't seem to understand that it's not whether a government is small or big that matters so much. It's about quality not quantity! Getting fixated on quantity means that even if you get what you ask for, you don't necessarily get what is good. A small corrupt government is just as likely as a big corrupt one to work with corrupt corporations to screw the voters.

    The voters who don't bother to vote at all. The politicians can safely ignore these - they do not count.

    No surprise then that the elected Government isn't taking as good care of voter interests, since the voters themselves aren't clear on what to do to protect their interests.

    Lastly: voting to "send a message" in many ways is easier than buying/boycotting consistently enough to "send a message", especially if a company or country you are boycotting produces so many of the goods you use.

  21. Re:Open Source is also a driver on IBM Stops Disclosing US Headcount Data · · Score: 1

    Where/how do you so easily find your competent open source staff? Using grep on commit logs? :)

    From what I see the top coders can still command high pay and live comfortably in the "first world".

    However, the average and crap coders have stiff competition. If you're going to risk getting dailywtf coders, you might as well pay 3rd world rates.

    As for communication problems, there are clearly plenty of US people who have difficulty spelling or reading, even on Slashdot...

    I'm definitely not one of those top talents, but I live in a 3rd world country so I am cheaper ;).

  22. Re:Open Source is also a driver on IBM Stops Disclosing US Headcount Data · · Score: 1

    Lots of the top coders don't live and work in third-world countries. They don't appear to have big problems getting high first-world salaries.

    But if you're just an average or crap developer, bosses can get that elsewhere for far cheaper, so why pay more[1]? Unlike hairstylists, nurses, kindergarten teachers, doctors, lawyers (certain fields anyway), software developers can be easily "off-shored".

    That's why I find it rather strange and stupid that in the USA there are regularly calls to encourage more women to go into IT or some other field where they can more easily lose their jobs.

    [1] Free market and all that.

  23. Re:Fitting... on Dead Pigs Used To Investigate Ocean's "Dead Zones" · · Score: 1

    I read an account of a soldier who said the smell of roast pork made him feel sick since it reminded him of burning human flesh.

    Can't remember where though.

  24. Re:Dead pigs are useful to study scavengers becaus on Dead Pigs Used To Investigate Ocean's "Dead Zones" · · Score: 1

    Is "original research" accepted on Slashdot? ;)

  25. Re:This just in! on Bill To Ban All Salt In Restaurant Cooking · · Score: 1

    They are the people's representatives after all.