Slashdot Mirror


User: plover

plover's activity in the archive.

Stories
0
Comments
7,233
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,233

  1. Re:Do not try to sue IBM on Coder Accuses IBM of Patenting His Work · · Score: 3, Interesting

    Hey, sue IBM! No, bad idea.

    +5 Insightful.

    I've worked with our corporate lawyers on various issues over the years. These are some of the nicest people I deal with. Off work they're soccer moms, volunteers, pilots, geocachers, just ordinary people.

    On the clock, though, they are seriously unnerving. When I'm having that conversation about the real topic, they listen to me with such intensity that it's frightening.

    I'm a bit slow to pick up on stuff like this, but eventually came to understand that they work 100% for the company, and are defending only the company's interests. That leaves 0% for concern over what happens to me. If they hear just one word that sounds like I acted without corporate approval, the tone in the room drops by 25 degrees, and the questions get a lot more personal until they satisfy themselves that there's nothing further to pursue; or at least they leave me with the impression that it's over.

    After the interviews I feel like someone's going to slip in behind me like a buttered ninja, and end it all without my saying another word.

    In contrast, I've worked with external lawyers brought in to work specific tasks. There's definitely a different dynamic. External lawyers seem to be more interested in completing the paperwork, and less interested in what I'm saying. Or maybe they're just that much better at staying on task and not pursuing side issues unless they hear something that sounds actionable. Perhaps I'm not as scared as I should be!

  2. Re:We should thank Israel, or whoever on Stuxnet Virus Now Biggest Threat To Industry · · Score: 1

    We also could have foreseen these vulnerabilities.

    I used to work in industrial automation - in its pre-windows era, and people did put effort into isolation, access control and validation.

    After having made the bad decision to deploy on Windows, when years of evidence that it had a horrendous lack of access control, how did Siemens just continue on? What were they thinking?

    For security reasons, many industrial control systems are deployed completely isolated from any other network. It's one of the core security best practices. With an air gap in place, the system owners probably believed that they were secure from all ordinary "Windows threats." For that reason, they probably felt they could let their guard down. Why risk putting security patches on a machine that's never actually connected to a network where it's exposed?

    This also means that updated SCADA software is never sent to these isolated control systems, because it can't be. A technician has to carry software updates physically from the development environment to the production plant, and typically does so on removable media like a USB stick.

    The thing stuxnet did was find a way to infect a machine using a bug in the Windows code that reads AUTORUNS.INF, a convenience feature for CD-ROMs that is disabled by default for USB drives. Note that the victim machine does NOT to be configured to automatically AUTORUN software from a removable drive, simply inserting it was enough to exploit the bug, installing the virus.

    What this shows is that you still need good security throughout, which needs to be done in many layers.

  3. Re:Provisioning support... on When Your Company Remote-Wipes Your Personal Phone · · Score: 1

    We've been told our company has a very specific list of X policies that a mobile Exchange client must follow, and if a phone doesn't support all of them, they don't permit it on the network. Apple made sure that iPhone's Exchange client is compliant with as many Exchange policies as possible, but Google hasn't done the same. Every time a new version of Android comes out, the early adopters all cross their fingers hoping "this'll be the one, I can finally use Android for email." And every release they're still disappointed when the security people say "sorry, no, the Android 2.2 client still doesn't respect the 'foo' policy yet." I wish I knew more details about the policies they want vs. the policies the phone implements, but that's not my area.

  4. Re:One More Reason... on When Your Company Remote-Wipes Your Personal Phone · · Score: 1

    Any iPhone that is synced in iTunes (the large majority I would think), automatically makes a backup when it syncs, meaning any new device could get a total restore of all apps, data, music, notes, etc, at the time it was plugged into the users PC that contained the backup.

    But I don't think this extends to include jailbreaking itself, nor any jailbroken apps. And what about jailbroken app data?

  5. Re:One More Reason... on When Your Company Remote-Wipes Your Personal Phone · · Score: 1

    We had the IMEI blacklisted so the phone was basically useless. Hopefully the thief didn't manage to sell it.

    I suspect the thief traded it for one or two hits of their drug of choice, but not much more than that. Cell phone blacklisting may keep it from being reused in America, but that's ineffective in the countries where that phone was likely to end up.

    So I've heard.

  6. Re:Dumb Question on LHC Scientists Create and Capture Antimatter · · Score: 4, Funny

    How do you trap a neutral antiparticle?

    Tell him that his neutral anti-girlfriend is pregnant.

  7. Re:The source of the problem on Shadow Scholar Details Student Cheating · · Score: 1

    The piece of paper at the end is the important part, the classes leading to that piece of paper are failing to provide sufficient benefit to the students.

    College: You're doing it wrong.

    No, the college is doing it wrong if they're not holding up their end of the tuition deal by providing sub-standard classes.

    What is a college? It's not bricks and trees and streets named after long-dead benefactors. It's a group of people with a good reputation for passing on valuable knowledge. In other words, it's branding. If Harvard Law School graduates end up with a reputation for losing 100% of their cases, a degree from Harvard Law School would be worthless. But they don't - Harvard Law graduates have a high reputation amongst the legal community. Other lawyers believe these students worked very hard to graduate. The brand has a high reputation.

    So if these colleges get a poor reputation for grinding out ill-prepared idiots, their brand will be devalued as nobody will respect their graduates' degrees. That's a quick path to destruction for a school.

  8. Re:Close, but still not pratical on Replacing Sports Bloggers With an Algorithm · · Score: 1

    I was just thinking: yeah the writing is dry and disjointed, much like my scientific articles. I wouldn't mind a robo writing assistant to help me put out journal articles. Much of it is, in fact, dry and formulaic.

    That's because facts are generally dry and formulaic.

    Related, I've heard that the "TV Sportscaster" is the single most truthful person on the evening news. He outputs facts: scores, stats, etc. When he shows highlights, it's footage from an event that actually happened, and usually includes appropriate context such as "and the Vikings went on to lose it, 24-10."

    Meteorologists try to show us the future, and while they have a measurable accuracy rating, what they say is certainly not fact.

    News reporters are bad. They find stuff that they think is interesting, and present it. They claim to present "both sides" of each story, as if truth is a coin that has two sides. They never accurately judge the difference between the importance of one side or another. ("Frank claimed their car crashed in the desert. Joe claimed the aliens carried him to the desert and beat him up. Back to you, Cindy Staccato.")

    And the anchors are the worst of all. Not only do they regurgitate the poorly reported stories, but have no first-hand knowledge of them at all.

    Figures the robots would take the easy job, but not the one we need them to take.

  9. Oblig. Futurama reference on US Army Develops Tooth Cleaning Gum · · Score: 1

    If the army is handing it out, is it ham-flavored?

  10. Think about what a college really is on College Application Inflation — Marketing Meets Admissions · · Score: 1

    A college is a name and a reputation. That's it.

    With that name comes the assumption that they have a rigorous process for hiring a certain quality of educator. That they have a Dean who makes sure the professors he hires tomorrow turn out students that are at least as well educated as the professors that teach there today.

    A college degree is the reputation of that school backing your assertion that you are educated. Again, that's it.

    Things like the number of applicants, the percentage of applications accepted, minimum GPAs, the percent graduated, right or wrong all those attributes weigh in to how people perceive the school and its graduates. The schools hope these add to their reputations, which in turn makes their degrees more valuable, which in turn means they can charge higher tuition.

  11. Re:queue the lawsuit on Tesla Roadster Data Logging Format Reverse Engineered · · Score: 1

    My point was that all other things being equal, higher RPMs can yield more power. But you're right, if you can cut cylinders, you can get back to the original amount of power while saving on friction and reciprocating mass.

    Cutting cylinders also saves on overall mass. Ford's V6 3.5L Ecoboost produces 365 HP and weighs 449 pounds. A Mustang GT's 315 HP V8 weighs over 525 pounds. Getting rid of two cylinders shaved 75 pounds off the engine block while using other technology (twin turbochargers, etc.) and modern materials to produce more power reliably. I emphasize that last word because these are in consumer vehicles that are expected to last for hundreds of thousands of miles.

  12. Re:queue the lawsuit on Tesla Roadster Data Logging Format Reverse Engineered · · Score: 2, Informative

    Now days with tight clearances, improved metallurgy, oils, and computer controlled injection; running high RPMs will not have that much of an effect on its life.

    These days they're using the tight tolerances to build torque via intentionally higher RPMs instead of bigger pistons or increasing compression. It saves on fuel and engine size. But the higher RPMs create higher forces on the moving parts, "taking up" the slack the tighter tolerances and better materials gave them. Revving the engine over the manufacturer's published spec still risks damaging it.

  13. Re:Oh, they meant the NEW Battlestar Galactica. on The Science of Battlestar Galactica · · Score: 1

    Wow, I bow to your supreme uber-geekiness! All hail WCLPeter! :-)

    (And here I thought I was being awful just for remembering the word!)

  14. Re:I don't think that word means what you think .. on The Science of Battlestar Galactica · · Score: 1
  15. Re:Doesn't matter what he did on The Science of Battlestar Galactica · · Score: -1, Flamebait

    Wow, downmodded because I made a Firefly fanboi cry? That's so sad and pathetic. You should go upstairs and ask your mommy for a hug, it'll make you feel better.

  16. Re:Oh, they meant the NEW Battlestar Galactica. on The Science of Battlestar Galactica · · Score: 2, Funny

    I was confused there for a centon.

    You still remember that show? It didn't even last a yarin.

  17. Re:I don't think that word means what you think .. on The Science of Battlestar Galactica · · Score: 2, Funny

    But I don't think "evolved" is applicable in this situation.

    Correct - the term they are looking for is "robo-evolved".

    Nonsense. Robots were created, not evolved!

  18. Re:Doesn't matter what he did on The Science of Battlestar Galactica · · Score: 3, Insightful

    The series ran until the story ended, then it ended. May god grant that happens more often.

    Amen, brother!

    Too many people are still overwrought about cancellations of great shows, like Firefly. The thing is, if they kept riding that horse, it'd just have ended up becoming another Star Trek Voyager.

    Could they have filmed another season's worth of episodes? I'm pretty sure they could have written some really excellent ones. But there likely would have been a few stinker episodes. Season 3? Not so much. By season 4, it'd still be a good show, but showing wear around the edges.

    As it was, they went out in a blaze of fandom glory, shining all the brighter for having done so. Enjoy the memories, rewatch the DVDs if you're bored, but move on.

  19. Re:Tool to neuter Flash exploits - Blitzableiter on Adobe Warns of Critical Flash Bug, Already Being Exploited · · Score: 1

    True; but since it's open source, if it has bugs you can fix them! ;-)

  20. Tool to neuter Flash exploits - Blitzableiter on Adobe Warns of Critical Flash Bug, Already Being Exploited · · Score: 5, Informative

    Here's an embarrassment for Adobe. An external researcher has created a tool called Blitzableiter, which is simply a Flash parser written in .Net. Its only job is to verify that any Flash you load is fully compliant with the Flash file format, and to hurl an exception if anything fails to parse correctly. I saw FX's presentation at DefCon and was suitably impressed.

    The cool thing is that he claims it's caught every exploit, past and present, that he's been able to find to test it with.

    Think about it. Someone external to Adobe is keeping Adobe's products safe simply by enforcing Adobe's own rules. Way to go, Adobe, you're completely awesome.

    Configuring Blitzableiter to work in Firefox takes a little bit of work. He asked the NoScript guy to provide an external plugin mechanism, which launches Blitzableiter to check out the SWFs before they're permitted into the Shockwave player. So you have to load the NoScript extension, then configure it to run Blitzableiter. I look at it as a fairly small price to pay for safety.

    I will say that it's pretty damn picky, and there's a lot of probably-safe-but-badly-written Flash out there that it won't let you load. Since there's actually very little Flash content I want to see anyway, it's not been a real problem for me. For expediency I put youtube.com in the exception list, just because I do trust the youtube player and don't feel I need to wait the extra two seconds to have it scanned every time I watch a video clip. Otherwise, it just rocks!

  21. Re:It only addresses on aspect of the whole on New Programming Language Weaves Security Into Code · · Score: 1

    But I may at least be sure that that bug in the TCP socket library is not exposed to the part of the code that verifies user input, or badly written code in library X.

    You may be sure of nothing. You may have increased confidence in resistance of your software to flaws, but there's always a set of very clever attackers who are constantly defeating these kinds of security measures: discovering new, untapped flaws in old software; or discovering new, untapped flaws in the users pushing buttons on your systems.

    For an example of why you still need to worry even if your OS supports the NX bit, see Return Oriented Programming. And ROP can be coded to use an application vulnerability, or even scan for the locations of libraries hidden via ASLR.

  22. Re:rest assured on FCC Approves Changes To Cable Box Rules · · Score: 1

    Good point. Comcast and GemStar-TV Guide jointly developed the GuideWorks application that is currently running on my cable boxes. Motorola probably only delivered the OS. Cox has their own app (which looks a bit nicer.)

    So far Comcast has made only one serious attempt to replace the crappy application. In a much-trumpeted 2004 pilot, Comcast deployed Microsoft TV Foundation Edition, Microsoft's cable box suite, to cable boxes in the Washington cable market. And in a not-very-publicized 2007 announcement Comcast ended the test and reinstalled GuideWorks nationwide.

    I'm not aware of any major U.S. providers that have rolled out Microsoft Mediaroom, the newest incarnation of their cable box software. I think AT&T might be using a client on some of their mobile phones; I'm guessing it's installed in a few hotels here and there; and Telus, a Canadian provider, is deploying it in western Canada, but for the most part nothing major is happening in this country. And from what I've seen of the Microsoft Mediaroom, it's a whole lot nicer looking than the Comcast guide.

    And no, my Toshiba laptop is not a piece of shit because it's running Vista, Toshiba is cool because I'm running Ubuntu! :-)

  23. Re:rest assured on FCC Approves Changes To Cable Box Rules · · Score: 3, Insightful

    Well, they should be scared that people are going to abandon their lucrative set-top box rental scam. I'm shelling out a lot of money per month just to have HD DVRs from Comcast. These are buggy, buggy pieces of Motorola crap that I just can't wait to get rid of.

    The worst part is the abuse of their monopoly position. With 1080 lines of resolution at their disposal, they manage to squeeze five (5!) whole channel listings at a time onto the program guide screen. They reserve the bottom 20% of the guide for inane advertisements. They refuse to allow me to remove the shitty channels I will never watch from the lineup. They do not let me reorder the channels in a fashion that makes logical sense to me. There's a whole pile of annoyances that grate every time I touch the remote. We even have a list of activities we don't dare do, lest we send the cable box into some kind of tailspin while it's recording. And for this crap software, I pay them continually.

    I always liked my ReplayTVs much better than any Tivo I ever used, but anything else has got to be a damn site better than these awful things.

  24. Re:I'm Shocked! on Home WiFi Network Security Failings Exposed · · Score: 1

    It's a risk, but without a lot more data regarding the density of hackers per square km in his area, I'd hardly call it stupid.

  25. Re:"Pay us more money and we won't screw you"? on FCC Will Tackle Cell Phone 'Bill Shock' · · Score: 1

    I'm old, like your parents, and didn't want to discard the number we've had for over 25 years. Once our cell phone plans included free long distance, I canceled long distance with Quest.

    That was a couple years ago, and recently a fee like this showed up on my bill. So I called Comcast and had them transfer my number to their digital voice system. It was not a big savings in money, but it was a huge flip-of-the-bird to Quest. I'm not sure why they thought they could add fees-for-nothing just because they wanted extra money. Hell, if that worked I'd charge my boss a sitting-in-my-chair fee, and a typing-on-my-keyboard fee. I'm equally sure he'd send me out to collect a standing-on-the-sidewalk fee.