Slashdot Mirror


User: Lord+Ender

Lord+Ender's activity in the archive.

Stories
0
Comments
5,191
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,191

  1. Re:2 months on Hackers Disagree On How, When To Disclose Bugs · · Score: 1

    I initially intended to use the analogy to show why extraordinary claims require extraordinary evidence. It had enough parallels with the topic at hand, though, that I used it to further clarify my argument. I did this not because I don't understand the realities of computer security (in fact, my livelihood depends on my expertise on the subject), but because the person I was addressing seemed to be having trouble grasping the subject.

    Avoiding all analogies, the best mathematical model I can come up with is that the damage inflicted due to a vulnerability is proportional to the number of people who have the knowledge required to exploit it multiplied by the amount of time each person has knowledge required to exploit it.

    So... more people knowing = more damage. More time unpatched (while at least 1 person has the knowledge) = more damage. 0-day disclosure increases the #ofPeople factor dramatically. So dramatically that it dwarfs the risk exposure caused by a few weeks of increased time.

  2. Re:2 months on Hackers Disagree On How, When To Disclose Bugs · · Score: 1

    What a charming oversimplification!

    A security bug is only a problem when someone knows how to exploit it. While no person knows how to exploit it, it is not a problem, and no problem is persisting.

  3. Re:2 months on Hackers Disagree On How, When To Disclose Bugs · · Score: 1

    Bzzt. Wrong. Bugs are not at all like pathogens. The exploitation of bugs is like a pathogen. Exploitation only occurs with knowledge. If you can't see that, you're far too simple to be worth talking to. Of course, you probably realize your mental limitations, which is why you are too cowardly to put a name to your statements.

  4. Re:2 months on Hackers Disagree On How, When To Disclose Bugs · · Score: 1

    Yes, I don't give evidence to back up my claim because it is... obvious. You made an outrageous claim that flies in the face of common sense and reason. No one would take such an unlikely claim seriously unless there was evidence to back it up.

    Here's an example:
    Which is going to cause more damage:
    a) releasing a contagious pathogen into a population before a vaccine has been developed and distributed
    b) releasing a contagious pathogen into a population after a vaccine has been developed and distributed

    I don't need to provide evidence for b). It's self-evident. I would consider the possibility that a) is true only with strong evidence.

    The pathogen is similar to the situation in discussion here. "public knowledge of a security vulnerability" is analogous to the distributed pathogen.

    Even though it is possible that the pathogen exists somewhere, it obviously isn't doing much damage or else it would have been noticed. If you're going to start spreading it around to everyone, it's best to wait for the vaccine.

    So yeah, I don't care what your intent was. The part of your message I quoted flies in the face of common sense, yet you state it confidently as if it were a fact.

  5. Re:2 months on Hackers Disagree On How, When To Disclose Bugs · · Score: 2, Insightful
    The problem with setting any reasonably lengthy period of time is that it results in that much more infection and use.

    Wow. Do you have any evidence whatsoever to back that claim up? Or did you just see it on IRC somewhere?

    Back in reality, it is almost universally assumed that published exploit for which no patch exists will lead to much more damage than a published exploit for which a patch is widely available. In fact, it is so obvious (to almost everyone but you) that such a study has never even been performed.

    The security community shuns researchers who publish exploits without allowing vendors a chance to patch. Security researchers who practice "full disclosure" instead of "responsible disclosure" are widely considered malicious and immoral.
  6. Re:Just ask on Do Electric Sheep Dream of Civil Rights? · · Score: 1

    "Sentient" computers are likely to arise from emergent intelligence--not direct programming. Think genetic algorithms. Most likely, nobody will really totally understand just what "it's programmed to want."

  7. Re:News For Nerds How??!! on Starbucks Responds In Kind To Oxfam YouTube Video · · Score: 1

    Yes, calling someone "macho" for wearing a shirt which expresses his interests demonstrates an stunning logical sophistication. Good for you!

    I have studied formal logic and discrete math. They were may favorite classes, actually.

  8. Re:Three words...... on When Celebrities Speak on Science · · Score: 1
    Stars think that because of the fact that they are famous and are seen by millions of people, they have the right to have an opinion about anything.

    They do have that right.
  9. Re:Ask a scientist on When Celebrities Speak on Science · · Score: 1

    Some good scientists want to be celebrities for the sake of making the world a better place and freeing people from ignorance. See Richard Dawkins for an example. Look at his scientific publications. You can't say he is a bad scientist, yet he certainly is a celebrity.

  10. Re:Ask a scientist on When Celebrities Speak on Science · · Score: 1

    Can you please list one method for discovering the truth about the natural universe that is better than the scientific method?

    I didn't think so. Do you want your public policy to be based on the best approximation of truth about the natural universe we have, or do you want it to be based on something else? If you think it should be based on something else, will you please do the world a favor stop voting? And breeding?

  11. Re:Brighter CFLs would attract more buyers on Wal-Mart Is Pushing Compact Fluorescent Bulbs · · Score: 1

    Nope. You're wrong on both counts. See "GE Reveal" incandescent lights to see why you are wrong on the first one, and see "sunlight" to see why you are wrong on the second.

  12. Re:Brilliant! on Wal-Mart Is Pushing Compact Fluorescent Bulbs · · Score: 1

    They must teach neither physics nor logic in Finland.

    I have a very small apartment, and when I have the computers turned on, they keep my room so warm I don't need to use the gas heater. In fact, even in winter, I sometimes have to open the window because the computers are so good at heating. The truth is, many electrical devices provide the benefit of heating for free. Ignoring this fact is a bit silly.

  13. Re:Brilliant! on Wal-Mart Is Pushing Compact Fluorescent Bulbs · · Score: 1

    Please explain Brownian motion to us then, Mr. Clever.

  14. Re:Brighter CFLs would attract more buyers on Wal-Mart Is Pushing Compact Fluorescent Bulbs · · Score: 1

    CFLs have a different spectrum from incandescents. You can't directly compare the brightness.

    Personally, I would rather spend more energy to have a wider spectrum. Light from CFLs makes a lot of things look uglier to me. My own skin seems to look pale and sickly under CFL, but well and healthy under sunlight or incandescent light. You won't see me buying CFLs for my home.

  15. Re:Same as always on Cameras Help Cops Catch a Killer · · Score: 1

    Is privacy in a public place considered an "essential liberty?" I don't think your quote applies here.

  16. Re:the so-called "inventor's rights" are in fact . on Researchers Work Around Hepatitis Drug Patent · · Score: 1

    I'm glad to see you decided to respect my patent on the tag. If you are interested in using this tag in the future, contact me for licensing rights.

  17. Re:It Left a Hole in the Clouds on UFOs In the News · · Score: 1

    My grandfather was in the US air force. One of his many many stories involves himself and several friends distracting a guard and stealing a plane to take for a joyride. They landed it at a different base and made their way back via other methods. They were never even busted for it. He says he's always wondered what happened to the poor sap who was supposed to be guarding the plane.

    Anyway, I'm not saying it's likely that some test pilot ran off with a research craft. But it is possible, and much more likely than the appearance of an interstellar spacecraft.

  18. Re:News For Nerds How??!! on Starbucks Responds In Kind To Oxfam YouTube Video · · Score: 0

    And rowing websites don't have coder shirts. So what?

    Yep, I'm missing the point I guess, but I doubt I'm missing out on much.

  19. Re:News For Nerds How??!! on Starbucks Responds In Kind To Oxfam YouTube Video · · Score: 0

    It sounds to me like you work with an annoying guy who is obsessed with coffee, but instead of complaining to him about it, you bitch on the Internet about nerds. Who's being macho, now?

    People often wear clothing to express themselves. If I like rowing, I might wear a rowing t-shirt. If I like new york, I might wear an I 3 NY t-shirt. If I like both programming and coffee, I might wear a "coffee into code" shirt. "Macho" doesn't enter in to it. It's just expression.

  20. Re:Boss == work?? on Study Says 2 In 5 Bosses Lie · · Score: 1

    Do people still maintain the facade of loyalty? In a capitalist economy, a worker provides his services to whichever employer provides him the best compensation (however he defines it). The worker who turns down jobs with significantly better compensation due to "loyalty" is failing to play by the rules of capitalism, and will limit his success in our capitalist economy.

    When I buy shares in a company, I expect its management to fire employees who are not profitable. If management were to operate a division at a loss--with no or little projected future profitability--because of loyalty, I would consider them inept and keep that in mind when voting. Loyalty doesn't enter in to management decisions. The perception of loyalty may be an issue if that is one of the tricks being used to keep people working for less than they are worth, but that is entirely different.

    It is not the responsibility of for-profit companies to provide a social safety net. Whether it is the responsibility of the individual or the government is up for debate, though :-)

  21. Re:grievance committees on Study Says 2 In 5 Bosses Lie · · Score: 3, Funny
    I had a boss that was verbally abusive. Sometimes he would yell, but mostly he would just quietly berate you. After a couple of years of working for him he had convinced me that I was of no worth to any other company and that I was lucky to have the job.

    Did your manager also have a feathered hat, wear a long, purple fur coat, and carry a cane?
  22. Re:A better idea on Creating Prion-Free Cows · · Score: 1

    I first heard of calorific restriction as the result of a study on monkeys. It was publicized so much that there were follow-up articles about people who intended to follow such a diet. I'm surprised you missed all that publicity.

    Your "appeal to authority" bit made me laugh. It is obvious to the intelligent person that if compelling information existed which demonstrates that a meatless diet significantly extended human lifespan, then a noticeable number of persons whose careers are dedicated to extending human lifespan (physicians) would practice such a diet.

    I know several physicians. They all eat meat. They feed meat to their children. They recommend others eat meat.

    If you think expert opinions regarding extremely complex subjects, such as human metabolism, are meaningless, you must have a hard time functioning in the world. I admire your sense of skepticism, but scoff at your lack of pragmatism.

  23. Re:New study! on Creating Prion-Free Cows · · Score: 1

    You assume being natural implies being better. That is a false statement for which anyone can provide numerous counterexamples. Your reasoning based on this false assumption is, therefore, absurd.

    I encourage you not to spread this errant meme to other people. Popular misconceptions, like yours, hinder social progress, especially in democracies.

  24. Re:A better idea on Creating Prion-Free Cows · · Score: 2, Informative

    Primates (tested on monkeys, very likely true for humans) who subsist at near-starvation levels of calorie intake life significantly longer than those that eat "normal" amounts of calories. Why aren't you starving yourself?

    Also, if meatless diets are so obviously better for your health, why do so few health experts choose meatless diets for themselves? Perhaps the evidence is not as clear as you think it is.

  25. Re:D is surprisingly good. on The D Programming Language, Version 1.0 · · Score: 0
    If you don't know pointers, then you don't know how the machine works. I would never use a doctor that didn't know how my body worked.

    Have you ever asked a GP physician about microbiology? They know surprisingly little. Doctors work at a higher level and get a lot done without knowing the lower level details.