Here the bit from the article that I find most interesting. To have security flaws is one thing. To not fix them even after you know about them is another.
'But Douglas W. Jones, an associate professor of computer science at the University of Iowa, said he was shocked to discover flaws cited in Mr. Rubin's paper that he had mentioned to the system's developers about five years ago as a state elections official.
'"To find that such flaws have not been corrected in half a decade is awful," Professor Jones said.'
The parent post brings up an interesting question:
Are there *any* instances in which the EULA for a licensed product comes into play in your investigation and prosecution?
I would suspect that these guys will say they are not in the business of enforcing EULA's, as those are contracts between private entities, not criminal laws, and therefore in the millieu of the civil court. But I'd love to hear them answer this.
I'm totally stoked about the possibilities of Digital Cinema, but my one big gripe is that there is no discussion of going to a higher framerate. Watching film movies the framerate really is annoying, especially in panning shots, everything is just a blurry mess. Now, at the cusp of change, when they are defining a new standard, is one of the few chances to change that. But I don't see diddly about it in the article, and haven't heard anything anywhere about anyone even considering it. What's up with that? Give us quality!!
I think they were going for a record here on number of links. Does cramming the links in there actually make it better? Should I submit a story that's a page long and all links? Did they actually break the record? We must know these things. Inquiring minds want to know.
It seems that somehow the geniuses at SCO have been scheming and managed to come up with the following strategy:
1) Piss off every person and company in your industry - really make them hate you
2) ???
3) Profit!!!
This article is fairly content-free. It doesn't really match with the title blurb, and I don't think it really falls in the "news" category. The only part that seemed to be about something actually happening was this:
"Sun Microsystems said this week it plans to roll out new software to protect copyrighted content stored on mobile phones and smart cards. "
That was a bit vauge. And didn't have anything to do with CDs or DVDs. The rest was pretty much fluff. And the winner for most amusing paragraph was this:
"Ravaged by piracy, movie studios and recording labels have been fitting new CD and DVD releases with layers of computer code with the aim of preventing or limiting users' ability to copy, or "rip," them onto a blank disc and trade online."
OOoo! Layers of computer code! Sounds so mysterious! And someone was Ravaged!!
Summary: Unfortunately I read the whole article, but maybe I can save you the trouble.
I'm going to start a Deleware corporation that will rent your Oregonians a car. In the contract you will be required to handle all maintenance, insurance, etc., costs, and pay me the loan pmt plus five dollars (or just $5 if the vehicle is paid for). Title will be held by the corp, and the vehicle will be registered in Deleware. When the vehicle is sold you get all proceeds, minus a small administrative fee. You can rent any car you want, just do a contract and we'll purchase it for you.
Let's see, the story was
"Posted by CmdrTaco on Thu May 29, '03 06:55 AM"
and the site says, "Contestants must register on or before 9:00 PM EDT on Thursday, May 29". That gives us 2 hours and 5 minutes to respond.
Assuming of course that you read it the instant it was posted, at 6:55. But of course I read it at 10:00.
Re:SAIC is Employee-Owned - Employee-Ownership Roc
on
Inside SAIC
·
· Score: 2, Funny
heh.:-)
I bet at least 20% of/. readers are in the gov't and defense industry. 'Course, they don't have nearly as much time to write comments as all the unemployed dot-commers.
(ok, before you flame me, I can make fun of unemployed dot-commers because I was one back in the day. An awful lot of us landed in the defense world.)
my email addr, for those who don't want to go searching my info...
kryzx@jeh.net
SAIC is Employee-Owned - Employee-Ownership Rocks
on
Inside SAIC
·
· Score: 5, Interesting
One of the coolest things about SAIC is that it's employee owned.
The structure of the company was truly revolutionary, and has a lot to do with its success.
I work for an employee-owned company that is modeled after SAIC, and it is pretty cool.
You can clearly see that your work is contributing to the success of the company, which is
driving the growth of the stock value, which is putting money in your pocket. And we attract
a lot of top-notch people because of that.
If you didn't read too far into the article you might get the wrong impression, though.
Twice on the first page they say that it's privately held, and it's only on the second page where
employee ownership is discussed.
The "invisible company" angle of this article cracks me up. Seems like you can't swing a
dead cat without hitting an SAIC employee. Everyone knows about them. They're everywhere.
Finding a person who hadn't heard of SAIC would about as easy as finding someone who hasn't heard of Microsoft.
But I guess that's just my world.
Good article, tho.
BTW, if you are a java programmer in the DC area interested in doing defense work with a
great company, send me your resume.
You make good points, but are a little off on specifics. Firstly, you highlighted the ambiguity about the term "Open Source", which is a good thing to bring up. I think most readers in this forum equate "Open Source" to "Released under the GPL" or some equivalent, but it is an inherently vague term, which one would need to clearly defined before any discussion of mandating it would be meaningful.
I like your second point, too, that gov't orgs should not put their data into formats or software that could restrict use in the future. But, just having the source code does not insure that this won't happen. It's a licensing issue: if a software license is terminated, for whatever reason, you cannot use the software, even if you have the source code. As a individual you might decide to use it anyway, without licensing, if you have a working version, but gov't agencies have to be very careful about such things.
Also, on the flip side, using a proprietary format does not necessarily mean that access could be restricted in the future. Again it's all about licensing. If the license you have for the current version is perpetual, you may not decide to buy future versions, but you are guaranteed to be able use that proprietary software to access your data indefinitely.
Paul,
What advice do you have for people trying to find the balance
between security and convenience? When is it worthwhile to protect something?
Should a person try to protect all of their info and communications just for
privacy purposes, or make a determination about which things are valuable enough to
be worth the effort and/or processing power?
Along these lines, of your own personal communications and data storage, what do you
encrypt and what do you leave unencrypted?
Re:is this really a privacy concern?
on
NYT on RFID Tags
·
· Score: 1
Exactly.
Also, they already tracked what's on the shelves, and what is purchased at the register, so the only new information is
1) more timely info on what's on the shelves, and
2) where you go in the store with their merchandise before you take it to the register.
The XP practices dictate how you capture and prioritize your user requirements and how you test your code, and they encourage simple and immediately neccesary design, but they do not dicatate anything about how you actually code your application.
The practices try to make it easier to produce good code design, but they could be applied to any design methodology. You could do XP Object-Oriented or not, with Java, COBOL, perl, basic, or assembler. There is nothing to make your software design good or bad except your skillz and the developer sitting next to you.
So, I'd say XP doesn't enforce any coding methodology, but tries to create an environment that encourages good habits.
Maybe we are having semantic issues. I was talking about the methods for designing at a fairly low implementation level the actual code that makes an application work - the parent comment here expressed concern about code made under XP being sloppy. That's what I meant by design. If you talk about RUP or Waterfall as a design methodology then obviously they are incompatible with XP.
Your points are good. By designing well you prevent errors now and in the future.
I guess my issue is that the XP approach does not dictate anything about design. You can and should design well even when doing XP. In fact, in the original book there is a lot of talk about continually reworking the design to simplify and clarify it, and avoiding the temptation to add complexity that is not necessary at the moment, just in case it's needed in the future.
So, I think of XP as a set of tools, none of which restricts or prevents good design.
It would be interesting to collect stats on projects are compare reliability produced by different design methologies, platforms, languages, tools, etc., looking for correlations, but XP is just one piece, and does not equate to a design methodology.
This comment shows a lack of understanding of the most basic principal of XP: your requirements are defined by your tests, if it passes the tests it passes the requirements.
If a program passes all the tests, but doesn't work the way you want it to, your tests are not good, i.e. you requirements are wrong or incomplete.
The main argument against XP is that some systems are so complex that you cannot build tests to cover all the functionality. Take for example a Quake engine. The combinations of objects, positions, orientations and actions are virtually infinite, so it is impossible to write tests to cover everything. For a system like this XP is not the right approach, and the creators of XP would tell you that.
I've had this in the back of my mind to submit as an "Ask Slashdot", but this is as good a place as any for it.
XP was all the rage for a little while there. There was talk of it everywhere, especially here. I read about it some and became very interested in it. I think many of the core ideas are valid, and it seems like it would be a fun way to develop.
Now that the hype has died down, my question is this: How many people out there are really doing XP? How much has this really caught on? Is it just a bunch of talk?
If you are actually doing XP, tell me a little about:
* the industry you are in
* the kind of project
* how it was done before
* what prompted you to make the switch to XP
* how that switch work and how long it took
* and how things have been since moving to XP
* do you know others doing XP, if so how many
Slashdot Mirror
> Best interview ever....
/. community phenomenon to date.
I absolutely agree.
I think this is the pinnacle of the
Here the bit from the article that I find most interesting. To have security flaws is one thing. To not fix them even after you know about them is another.
'But Douglas W. Jones, an associate professor of computer science at the University of Iowa, said he was shocked to discover flaws cited in Mr. Rubin's paper that he had mentioned to the system's developers about five years ago as a state elections official.
'"To find that such flaws have not been corrected in half a decade is awful," Professor Jones said.'
The parent post brings up an interesting question:
Are there *any* instances in which the EULA for a licensed product comes into play in your investigation and prosecution?
I would suspect that these guys will say they are not in the business of enforcing EULA's, as those are contracts between private entities, not criminal laws, and therefore in the millieu of the civil court. But I'd love to hear them answer this.
Bill, is that you? /.
I just knew you read
I can understand why you have to be an AC though, considering the environment.
I'm totally stoked about the possibilities of Digital Cinema, but my one big gripe is that there is no discussion of going to a higher framerate. Watching film movies the framerate really is annoying, especially in panning shots, everything is just a blurry mess. Now, at the cusp of change, when they are defining a new standard, is one of the few chances to change that. But I don't see diddly about it in the article, and haven't heard anything anywhere about anyone even considering it. What's up with that? Give us quality!!
I think they were going for a record here on number of links. Does cramming the links in there actually make it better? Should I submit a story that's a page long and all links?
Did they actually break the record? We must know these things. Inquiring minds want to know.
You might also enjoy
this.
It seems that somehow the geniuses at SCO have been scheming and managed to come up with the following strategy:
1) Piss off every person and company in your industry - really make them hate you
2) ???
3) Profit!!!
"Sun Microsystems said this week it plans to roll out new software to protect copyrighted content stored on mobile phones and smart cards. "
That was a bit vauge. And didn't have anything to do with CDs or DVDs. The rest was pretty much fluff. And the winner for most amusing paragraph was this:
"Ravaged by piracy, movie studios and recording labels have been fitting new CD and DVD releases with layers of computer code with the aim of preventing or limiting users' ability to copy, or "rip," them onto a blank disc and trade online."
OOoo! Layers of computer code! Sounds so mysterious! And someone was Ravaged!!
Summary: Unfortunately I read the whole article, but maybe I can save you the trouble.
In adversity there is opportunity!
I'm going to start a Deleware corporation that will rent your Oregonians a car. In the contract you will be required to handle all maintenance, insurance, etc., costs, and pay me the loan pmt plus five dollars (or just $5 if the vehicle is paid for). Title will be held by the corp, and the vehicle will be registered in Deleware. When the vehicle is sold you get all proceeds, minus a small administrative fee. You can rent any car you want, just do a contract and we'll purchase it for you.
(ok, lets see, $5 * #_Oregon_residents * 12_months_per_year = I'm freaking rich!!! )
Doh!
Let's see, the story was "Posted by CmdrTaco on Thu May 29, '03 06:55 AM" and the site says, "Contestants must register on or before 9:00 PM EDT on Thursday, May 29". That gives us 2 hours and 5 minutes to respond. Assuming of course that you read it the instant it was posted, at 6:55. But of course I read it at 10:00.
I bet at least 20% of /. readers are in the gov't and defense industry. 'Course, they don't have nearly as much time to write comments as all the unemployed dot-commers.
(ok, before you flame me, I can make fun of unemployed dot-commers because I was one back in the day. An awful lot of us landed in the defense world.)
kryzx@jeh.net
I work for an employee-owned company that is modeled after SAIC, and it is pretty cool. You can clearly see that your work is contributing to the success of the company, which is driving the growth of the stock value, which is putting money in your pocket. And we attract a lot of top-notch people because of that.
If you didn't read too far into the article you might get the wrong impression, though. Twice on the first page they say that it's privately held, and it's only on the second page where employee ownership is discussed.
The "invisible company" angle of this article cracks me up. Seems like you can't swing a dead cat without hitting an SAIC employee. Everyone knows about them. They're everywhere. Finding a person who hadn't heard of SAIC would about as easy as finding someone who hasn't heard of Microsoft. But I guess that's just my world. Good article, tho.
BTW, if you are a java programmer in the DC area interested in doing defense work with a great company, send me your resume.
You make good points, but are a little off on specifics. Firstly, you highlighted the ambiguity about the term "Open Source", which is a good thing to bring up. I think most readers in this forum equate "Open Source" to "Released under the GPL" or some equivalent, but it is an inherently vague term, which one would need to clearly defined before any discussion of mandating it would be meaningful.
I like your second point, too, that gov't orgs should not put their data into formats or software that could restrict use in the future. But, just having the source code does not insure that this won't happen. It's a licensing issue: if a software license is terminated, for whatever reason, you cannot use the software, even if you have the source code. As a individual you might decide to use it anyway, without licensing, if you have a working version, but gov't agencies have to be very careful about such things.
Also, on the flip side, using a proprietary format does not necessarily mean that access could be restricted in the future. Again it's all about licensing. If the license you have for the current version is perpetual, you may not decide to buy future versions, but you are guaranteed to be able use that proprietary software to access your data indefinitely.
Along these lines, of your own personal communications and data storage, what do you encrypt and what do you leave unencrypted?
this looks familiar.
Exactly. Also, they already tracked what's on the shelves, and what is purchased at the register, so the only new information is
1) more timely info on what's on the shelves, and
2) where you go in the store with their merchandise before you take it to the register.
The practices try to make it easier to produce good code design, but they could be applied to any design methodology. You could do XP Object-Oriented or not, with Java, COBOL, perl, basic, or assembler. There is nothing to make your software design good or bad except your skillz and the developer sitting next to you.
So, I'd say XP doesn't enforce any coding methodology, but tries to create an environment that encourages good habits.
Maybe we are having semantic issues. I was talking about the methods for designing at a fairly low implementation level the actual code that makes an application work - the parent comment here expressed concern about code made under XP being sloppy. That's what I meant by design. If you talk about RUP or Waterfall as a design methodology then obviously they are incompatible with XP.
With the help of Google I found the article here:
http://www.informationweek.com/story/IWK20020111S0 046
Your points are good. By designing well you prevent errors now and in the future.
I guess my issue is that the XP approach does not dictate anything about design. You can and should design well even when doing XP. In fact, in the original book there is a lot of talk about continually reworking the design to simplify and clarify it, and avoiding the temptation to add complexity that is not necessary at the moment, just in case it's needed in the future.
So, I think of XP as a set of tools, none of which restricts or prevents good design.
It would be interesting to collect stats on projects are compare reliability produced by different design methologies, platforms, languages, tools, etc., looking for correlations, but XP is just one piece, and does not equate to a design methodology.
Russians definitely have to be in the running here. Now, a gay Russian marine engineer - that would be something.
This comment shows a lack of understanding of the most basic principal of XP: your requirements are defined by your tests, if it passes the tests it passes the requirements.
If a program passes all the tests, but doesn't work the way you want it to, your tests are not good, i.e. you requirements are wrong or incomplete.
The main argument against XP is that some systems are so complex that you cannot build tests to cover all the functionality. Take for example a Quake engine. The combinations of objects, positions, orientations and actions are virtually infinite, so it is impossible to write tests to cover everything. For a system like this XP is not the right approach, and the creators of XP would tell you that.
I've had this in the back of my mind to submit as an "Ask Slashdot", but this is as good a place as any for it.
XP was all the rage for a little while there. There was talk of it everywhere, especially here. I read about it some and became very interested in it. I think many of the core ideas are valid, and it seems like it would be a fun way to develop.
Now that the hype has died down, my question is this: How many people out there are really doing XP? How much has this really caught on? Is it just a bunch of talk?
If you are actually doing XP, tell me a little about:
* the industry you are in
* the kind of project
* how it was done before
* what prompted you to make the switch to XP
* how that switch work and how long it took
* and how things have been since moving to XP
* do you know others doing XP, if so how many
Thanks for sharing your experience.