If I was the manufacturer of the device, she'd sign an NDA and get the code. Worst case, she spreads the code and gets sued. Best case, she improves the reliability or security of the code.
I'm doubtful a lawyer would be able to do a useful code review. The company probably already has senior software engineers doing code reviews.
Any code review madam lawyer would do would be to gauge the code's lawsuit potential.
They are not really counseled on what degrees will lead to what opportunities. Therefore, they get to pick what they like to do. Sorry, I'm not a believer of the adage "do what you love", unless what you love is a salable skill, or you've made enough money to not worry if you get paid pathetically for it.
The goal of the college is to grow and bring more revenue in, despite being labeled "non-profit." A college's desire for money is never satiated, just like any profit-making enterprise.
So, this is why colleges try to have full enrollment in all of their departments, from basket-weaving and women's studies to computer science and civil engineering. It's for their own organizational purposes, not some selfless desire to help the student.
"Lanier stressed that new mobile technologies like scanner apps for phones made the move even more vital, and cited a number of cases where police suspected that criminals used scanners to stay ahead of police. A rash of carjackings in Capitol Hill in 2010 was facilitated by mobile scanners, she said, as was an alleged drug operation run out of a laundromat in the Seventh District, which covers Ward 8.
"When a potential criminal can ask how they can evade capture and there's an app for that, it's time to change our practices," she told Councilmember Phil Mendelson (D-At Large), who chaired the hearing."
My wild, completely uninformed guess is that life originated multiple times, and each subsequent new instance got immediately eaten by the (by then more evolved) first one.
And perhaps with the universe occasionally hurling a massive rock at the earth, destroying much of the more evolved life on it in an epochal extinction event, allowing life to evolve in yet another direction. The impact point may have had some of the attributes of the ancient earth.
Do the mechanisms which originally created life still occur? Or is "The Genesis Event" so rare that it was a one-time occurrence billions of years ago?
They'll try to sneak it in later
on
House Kills SOPA
·
· Score: 1
There's big money behind this bill. The politicians are funded (heavily influenced) by that big money. Rest assured that SOPA is not dead, but will in fact come back surreptitiously in some other form.
You never really "win" in politics. You only win for a while. Like many things in life.
The sight of soldiers urinating on dead enemy is a propaganda blow. If we are pinning our hopes on propaganda to "win" Afghanistan for us, we've already lost.
I know that Afghanistan was the staging area for the 9/11 hijackers. I don't want the Taliban to come back. We don't want it to become a failed state, a playground for terrorists. But are we expected to go into every failed state out there and create a functioning state? That policy is doomed to failure. If that's the policy, we need a new one. One that doesn't bleed us of blood and treasure (we don't have), and has a very very low probability of success.
It's like saying, "Mosquitos cause malaria. So we're going to have to drain every swamp in the world, so we can stop the threat of malaria." Here's a crazy thought: how about we stay out of the swamps, unless they're actually IN the US.
Just put the books you want to check out on a platform, press the Check Out button on the touch screen, and that's it. Wirelessly checked out in about 10 seconds. Every book scanned and a receipt printed.
That is why I think we really need to stop encouraging and supporting these criminal hackers and put more consolidated effort into finding them and stopping them.
What they are doing is about the same as saying. I don't like the rich so I will steel from the poor who has to pay him.
It's not even that complicated. There's no sophisticated motive behind Anonymous other than simple vandalism. You see the behavior in small children who like to knock things down just to see them fall. People are looking for political, economic, social, etc reasons. There's no consistent thread. It's just vandalism.
I'm using an internet-facing LAMP server. Here's what I do:
1) Make sure remote root logins are disabled on your box.
2) Use complex usernames and passwords. I look at my log files and realized they need a username and password match. A lot of the ssh attacker usernames are pretty simple. Don't use common usernames. A lot of times they spin their wheels trying to log in as root. You should only be able to su to root once logged in as another user.
3) I use MySQL. Don't allow non-localhost logins. Applicable to any database probably. The user would need a successful login to touch your database outside of the interface.
4) Use iptables, the linux firewall. Close all ports that you don't need. Leave open only port 22 and 443 and 80 (ssh, https, http respectively).
5) Use a brute-force attack limiter like fail2ban. It works through iptables which is a packet inspection program. Fail2ban is a python program. It won't allow the connection to get to the password authentication module once an IP is banned.
6) Every piece of input you get on the server must be sanitized. "Stripslashes", "htmlentities", "strip_tags", "mysql_real_escape_string" protect against SQL injection attacks and cross site scripting attacks.
7) Set up file and directory permissions correctly.
8) Use established, commonly used security programs. Don't try to roll your own. The established ones have been out there and have been looked at.
9) Implement https. With Apache, you need to add 2-3 lines to a config file. Get a book on Apache. There's info on the web. Doing this prevents usernames and passwords from being transmitted in clear text. Very important.
10) Check your log files routinely. auth.log, error.log, other_vhosts_access_log. Great fun. Plus you can see if there's any odd activity.
11) Use unusual names for your directories. Typical port 80 scanners just test for like 100 or so common directory names.
12) Turn off the ability to list directory contents.
13) I use PHP sessions. Additionally, I store data about the user (ip address, username), and check it every time they start to execute a script. If what's in the session cache on the server doesn't match what I've stored on their machines, I give them an error page. They can't execute any of my scripts without valid, non-stale login credentials.
14) Use POST instead of GET. Avoids session hijacking that way.
15) Turn off error reporting in PHP on your production server. Fail without comment, unless it's a foreseen failure path.
16) Only allow cookie-only sessions.
17) Encrypt important stored information like passwords. Salt them. I don't know the passwords on my system. That's because they've been run through MD5 with salts.
18) Enforce minimum password lengths for your web interface. Learn about that with regular expressions.
19) Prevent listing of PHP files.
So that leaves... the ughknown. I see in my logfiles where attackers are constantly trying to test different directories on my website. Like I said above, unusually named directories. A custom naming structure perhaps. Read technical websites for talk of new security breaches. That's a big one. There was one recently where big POST strings could bog down a server. I set the right settings in my php.ini file and now it's no longer an issue. Things like that.
What about things like buffer overruns and... what else? Aye there's the rub. The "what else." Make a point of reading about security as much as you can. Complex items like buffer overruns are pretty much scrubbed from the popular tools. If you roll your own security you could be vulnerable.
So, I talked about a LAMP server but the concepts are probably pretty portable to other systems.
"From its very beginnings, the software industry has suffered from having too many engineers," says David Gelertner, a professor of computer science at Yale University. "There are too many people who love computers and too few who are impatient with them." -- The Economist, December 3rd 2011, Technology Quarter, p. 27.
The average person doesn't want to futz with details of hardware and software. They just want to use it. They seem like mouth breathers and morons to hobbyists and professionals, reminiscent of the person who gets a car and when asked when they last changed the oil, they respond with a blank stare and "Change the oil?"
BUT - they are the market. They help keep us in the manner to which we are accustomed. Jobs understood it. That's why Apple devices are so locked down. The average person wants the functionality of the device so he can relay details of his proctosigmoidoscopy to his closest 137 friends. He doesn't care about the details of how the device operates. He just wants to hold it behind him, take a picture ("Smile, doc"), and get that shot on the social media.
Even programmers are the same way. You want to minimize the details you don't care about so you can focus on the details you do care about. C++: I just want to know the methods of an object I need without having to learn the implementation details. So, it seems to me that the average person needs to be given devices which support his use patterns and desires without. That means secure devices out of the box, devices which can be plugged in and are ready to use. Devices that even the "uninterested" can turn on and use. Because there's a lot of them out there. And their money's legal tender. They're going to get involved one way or another. Best to do it in a way that doesn't allow them to become walking malware portals.
Re:This is what's wrong with private healthcare.
on
How Doctors Die
·
· Score: 1
If your doctor went into medicine to make money, do you really want that guy to be your doctor? I'd rather have one that wants to be a doctor and doesn't give a damn about the money.
In my experience, about a quarter of the doctors I've seen treated me like an assembly line object ("Get em in, get em out, next!"). The remainder seemed a bit more casual.
Remember - doctors are people too, just like you and me. With bills to pay, mouths to feed and house. And desires to satisfy. Just like every other human. To expect the best people to do a difficult job like doctoring without demanding high compensation is not consistent with reality.
Yes, one will find the occasional altruist or someone who really cares little for material trappings. But I submit they are very few and very far between and trying to build a system that works for everyone, patient and doctor, on a such an improbable individual, is doomed to fail.
"A policy based on illusion will crash on the shoals of reality."
I actually once went cold turkey off of caffeine once. After surgery for a traumatic injury. After about a week on Percocets, I realized, hey! I haven't had any caffeine! I'd broken the habit! I didn't think I'd ever be able to get off of it.
Fast forward a few years, and I once again fell prey to its siren song. Going to sleep late, needing to get up early, seriously dragging, have some caffeine and voila! I'm on top of the world. A few more cycles of this and I'm back to being hooked. I fought it but after a while, I thought, "Why am I torturing myself?"
If I ever decide to get off of it again, I'll probably take several days off, clear my schedule, get a new bottle of ibuprofen and go for it.
So, as an atheist, I fear that when it comes time for me to face death, the experience will be emotionally terrifying even though I believe that death being the final end is the best explanation.
You don't have to believe anything. You can just accept that you don't know. If consciousness continues, you'll find out. If not - well, these are the bodies the universe has organized itself into and thus it didn't allow us to know.
Fear of the unknown is perfectly understandable. We never experience non-existence while we're alive. I'm not talking sleep or anaesthesia, I'm talking actual non-existence. What it was like before we were born.
But also realize it's utter inevitability. Fearing death is like fearing the rising and setting of the sun. There are plenty of things I'm afraid of. But this body was born to die. The universe organized itself into this body and it's decreed that it's only going to last for several decades or so.
I have no idea what happens after death. Does the consciousness continue or does it dissipate? I have no idea. I do realize there's a lot more to this universe than meets our eye. Pascal said we are between infinity (of the small) and infinity (of the large). Suggesting that we can see all that there is is factually false. But regardless of what happens, that it is going to happen is utterly inevitable. And when faced with that unavoidable doorway, I'd prefer to cross it comfortably and with as much dignity as I can muster.
As the orcs promised Gollum when they put him on the rack, "Before it is over, you will be begging for death."
We're not talking euthanasia for a paper cut here. We're talking destroyed, useless, still-living bodies with no realistic hope of recovery.
Re:Had a personal experience on this one
on
How Doctors Die
·
· Score: 1
With people who do things claiming it's God's will, it's an amazing coincidence that God's will so often coincides with their own.
Re:This is where western medicine has failed...
on
How Doctors Die
·
· Score: 1
We don't put cherished dying pets through the suffering we force on humans. Death is as natural as birth. And inevitable with our current technology. I agree in staving it off as long as possible while the person has a decent quality of life. But once the event horizon of poor quality of life plus inevitability has passed, it's just inflicting suffering because we're too selfish to let go.
There was a talk show host in the Baltimore area who just died of pancreatic cancer. 2 months from diagnosis to death. He made it clear he didn't want prolonged suffering just as he made it clear he knew he was not going to have a miracle. He went through one round of chemo, no improvement, then immediately went into home hospice. IMHO he almost certainly died from de facto assisted suicide, an overdose of pain meds.
Slashdot Mirror
You can do anything you set your mind to when you have vision, determination and an endless supply of expendable labor.
I'm doubtful a lawyer would be able to do a useful code review. The company probably already has senior software engineers doing code reviews.
Any code review madam lawyer would do would be to gauge the code's lawsuit potential.
Journalism has a lower unemployment rate than engineering? Wow.
1) Sorted by Unemployment rate, lowest to highest:
Major -- Unemployment Rate -- Starting Salary
Education -- 5.4 -- 33000
Health -- 5.4 -- 43000
Agricultural and Nat. Res -- 7 -- 32000
Comm. and Journalism -- 7.3 -- 33000
Business -- 7.4 -- 39000
Engineering -- 7.5 -- 55000
Science - life/physical -- 7.7 -- 32000
Law and Public Policy -- 8.1 -- 34000
Computers and Math. -- 8.2 -- 46000
Recreation -- 8.3 -- 30000
Social Science -- 8.9 -- 37000
Humanities and Liberal Arts -- 9.4 -- 31000>
Arts -- 11.1 -- 30000
2) Sorted by starting salary, lowest to highest:
Major -- Unemployment Rate -- Starting Salary
Recreation -- 8.3 -- 30000
Arts -- 11.1 -- 30000
Humanities and Liberal Arts -- 9.4 -- 31000
Agricultural and Nat. Res -- 7 -- 32000
Science - life/physical -- 7.7 -- 32000
Education -- 5.4 -- 33000
Comm. And Journalism -- 7.3 -- 33000
Law and Public Policy -- 8.1 -- 34000
Social Science -- 8.9 -- 37000
Business -- 7.4 -- 39000
Health -- 5.4 -- 43000
Computers and Math. -- 8.2 -- 46000
Engineering -- 7.5 -- 55000
The goal of the college is to grow and bring more revenue in, despite being labeled "non-profit." A college's desire for money is never satiated, just like any profit-making enterprise.
So, this is why colleges try to have full enrollment in all of their departments, from basket-weaving and women's studies to computer science and civil engineering. It's for their own organizational purposes, not some selfless desire to help the student.
It's unlikely burglars carry scanners on their rounds. Maybe before and after, but during might get kind of cumbersome and noisy.
The DC police chief had this to say about it:
"Lanier stressed that new mobile technologies like scanner apps for phones made the move even more vital, and cited a number of cases where police suspected that criminals used scanners to stay ahead of police. A rash of carjackings in Capitol Hill in 2010 was facilitated by mobile scanners, she said, as was an alleged drug operation run out of a laundromat in the Seventh District, which covers Ward 8.
"When a potential criminal can ask how they can evade capture and there's an app for that, it's time to change our practices," she told Councilmember Phil Mendelson (D-At Large), who chaired the hearing."
And perhaps with the universe occasionally hurling a massive rock at the earth, destroying much of the more evolved life on it in an epochal extinction event, allowing life to evolve in yet another direction. The impact point may have had some of the attributes of the ancient earth.
Do the mechanisms which originally created life still occur? Or is "The Genesis Event" so rare that it was a one-time occurrence billions of years ago?
"When the US farts, the rest of the world's eyes water." -- anon
Which is why the rest of the world should be concerned with SOPA/PIPA
Unfortunate name for the Prince's sister in law.
There's big money behind this bill. The politicians are funded (heavily influenced) by that big money. Rest assured that SOPA is not dead, but will in fact come back surreptitiously in some other form.
You never really "win" in politics. You only win for a while. Like many things in life.
The sight of soldiers urinating on dead enemy is a propaganda blow. If we are pinning our hopes on propaganda to "win" Afghanistan for us, we've already lost.
I know that Afghanistan was the staging area for the 9/11 hijackers. I don't want the Taliban to come back. We don't want it to become a failed state, a playground for terrorists. But are we expected to go into every failed state out there and create a functioning state? That policy is doomed to failure. If that's the policy, we need a new one. One that doesn't bleed us of blood and treasure (we don't have), and has a very very low probability of success.
It's like saying, "Mosquitos cause malaria. So we're going to have to drain every swamp in the world, so we can stop the threat of malaria." Here's a crazy thought: how about we stay out of the swamps, unless they're actually IN the US.
Government of the highest bidder, by the highest bidder, for the highest bidder.
When I first got on the Internet in the early 90s, it was the height of folly to put your personal information online.
Nothing I've seen in the intervening years has changed my opinion about that.
I saw a self checkout system from these guys at my local library and was amazed: http://www.gisinfosystems.com/
Just put the books you want to check out on a platform, press the Check Out button on the touch screen, and that's it. Wirelessly checked out in about 10 seconds. Every book scanned and a receipt printed.
It's not even that complicated. There's no sophisticated motive behind Anonymous other than simple vandalism. You see the behavior in small children who like to knock things down just to see them fall. People are looking for political, economic, social, etc reasons. There's no consistent thread. It's just vandalism.
I'm using an internet-facing LAMP server. Here's what I do:
1) Make sure remote root logins are disabled on your box.
2) Use complex usernames and passwords. I look at my log files and realized they need a username and password match. A lot of the ssh attacker usernames are pretty simple. Don't use common usernames. A lot of times they spin their wheels trying to log in as root. You should only be able to su to root once logged in as another user.
3) I use MySQL. Don't allow non-localhost logins. Applicable to any database probably. The user would need a successful login to touch your database outside of the interface.
4) Use iptables, the linux firewall. Close all ports that you don't need. Leave open only port 22 and 443 and 80 (ssh, https, http respectively).
5) Use a brute-force attack limiter like fail2ban. It works through iptables which is a packet inspection program. Fail2ban is a python program. It won't allow the connection to get to the password authentication module once an IP is banned.
6) Every piece of input you get on the server must be sanitized. "Stripslashes", "htmlentities", "strip_tags", "mysql_real_escape_string" protect against SQL injection attacks and cross site scripting attacks.
7) Set up file and directory permissions correctly.
8) Use established, commonly used security programs. Don't try to roll your own. The established ones have been out there and have been looked at.
9) Implement https. With Apache, you need to add 2-3 lines to a config file. Get a book on Apache. There's info on the web. Doing this prevents usernames and passwords from being transmitted in clear text. Very important.
10) Check your log files routinely. auth.log, error.log, other_vhosts_access_log. Great fun. Plus you can see if there's any odd activity.
11) Use unusual names for your directories. Typical port 80 scanners just test for like 100 or so common directory names.
12) Turn off the ability to list directory contents.
13) I use PHP sessions. Additionally, I store data about the user (ip address, username), and check it every time they start to execute a script. If what's in the session cache on the server doesn't match what I've stored on their machines, I give them an error page. They can't execute any of my scripts without valid, non-stale login credentials.
14) Use POST instead of GET. Avoids session hijacking that way.
15) Turn off error reporting in PHP on your production server. Fail without comment, unless it's a foreseen failure path.
16) Only allow cookie-only sessions.
17) Encrypt important stored information like passwords. Salt them. I don't know the passwords on my system. That's because they've been run through MD5 with salts.
18) Enforce minimum password lengths for your web interface. Learn about that with regular expressions.
19) Prevent listing of PHP files.
So that leaves... the ughknown. I see in my logfiles where attackers are constantly trying to test different directories on my website. Like I said above, unusually named directories. A custom naming structure perhaps. Read technical websites for talk of new security breaches. That's a big one. There was one recently where big POST strings could bog down a server. I set the right settings in my php.ini file and now it's no longer an issue. Things like that.
What about things like buffer overruns and... what else? Aye there's the rub. The "what else." Make a point of reading about security as much as you can. Complex items like buffer overruns are pretty much scrubbed from the popular tools. If you roll your own security you could be vulnerable.
So, I talked about a LAMP server but the concepts are probably pretty portable to other systems.
So, there's my $0.02.
"From its very beginnings, the software industry has suffered from having too many engineers," says David Gelertner, a professor of computer science at Yale University. "There are too many people who love computers and too few who are impatient with them." -- The Economist, December 3rd 2011, Technology Quarter, p. 27.
The average person doesn't want to futz with details of hardware and software. They just want to use it. They seem like mouth breathers and morons to hobbyists and professionals, reminiscent of the person who gets a car and when asked when they last changed the oil, they respond with a blank stare and "Change the oil?"
BUT - they are the market. They help keep us in the manner to which we are accustomed. Jobs understood it. That's why Apple devices are so locked down. The average person wants the functionality of the device so he can relay details of his proctosigmoidoscopy to his closest 137 friends. He doesn't care about the details of how the device operates. He just wants to hold it behind him, take a picture ("Smile, doc"), and get that shot on the social media.
Even programmers are the same way. You want to minimize the details you don't care about so you can focus on the details you do care about. C++: I just want to know the methods of an object I need without having to learn the implementation details. So, it seems to me that the average person needs to be given devices which support his use patterns and desires without. That means secure devices out of the box, devices which can be plugged in and are ready to use. Devices that even the "uninterested" can turn on and use. Because there's a lot of them out there. And their money's legal tender. They're going to get involved one way or another. Best to do it in a way that doesn't allow them to become walking malware portals.
In my experience, about a quarter of the doctors I've seen treated me like an assembly line object ("Get em in, get em out, next!"). The remainder seemed a bit more casual.
Remember - doctors are people too, just like you and me. With bills to pay, mouths to feed and house. And desires to satisfy. Just like every other human. To expect the best people to do a difficult job like doctoring without demanding high compensation is not consistent with reality.
Yes, one will find the occasional altruist or someone who really cares little for material trappings. But I submit they are very few and very far between and trying to build a system that works for everyone, patient and doctor, on a such an improbable individual, is doomed to fail.
"A policy based on illusion will crash on the shoals of reality."
I actually once went cold turkey off of caffeine once. After surgery for a traumatic injury. After about a week on Percocets, I realized, hey! I haven't had any caffeine! I'd broken the habit! I didn't think I'd ever be able to get off of it.
Fast forward a few years, and I once again fell prey to its siren song. Going to sleep late, needing to get up early, seriously dragging, have some caffeine and voila! I'm on top of the world. A few more cycles of this and I'm back to being hooked. I fought it but after a while, I thought, "Why am I torturing myself?"
If I ever decide to get off of it again, I'll probably take several days off, clear my schedule, get a new bottle of ibuprofen and go for it.
You don't have to believe anything. You can just accept that you don't know. If consciousness continues, you'll find out. If not - well, these are the bodies the universe has organized itself into and thus it didn't allow us to know.
Fear of the unknown is perfectly understandable. We never experience non-existence while we're alive. I'm not talking sleep or anaesthesia, I'm talking actual non-existence. What it was like before we were born.
But also realize it's utter inevitability. Fearing death is like fearing the rising and setting of the sun. There are plenty of things I'm afraid of. But this body was born to die. The universe organized itself into this body and it's decreed that it's only going to last for several decades or so.
I have no idea what happens after death. Does the consciousness continue or does it dissipate? I have no idea. I do realize there's a lot more to this universe than meets our eye. Pascal said we are between infinity (of the small) and infinity (of the large). Suggesting that we can see all that there is is factually false. But regardless of what happens, that it is going to happen is utterly inevitable. And when faced with that unavoidable doorway, I'd prefer to cross it comfortably and with as much dignity as I can muster.
As the orcs promised Gollum when they put him on the rack, "Before it is over, you will be begging for death."
We're not talking euthanasia for a paper cut here. We're talking destroyed, useless, still-living bodies with no realistic hope of recovery.
With people who do things claiming it's God's will, it's an amazing coincidence that God's will so often coincides with their own.
We don't put cherished dying pets through the suffering we force on humans. Death is as natural as birth. And inevitable with our current technology. I agree in staving it off as long as possible while the person has a decent quality of life. But once the event horizon of poor quality of life plus inevitability has passed, it's just inflicting suffering because we're too selfish to let go.
There was a talk show host in the Baltimore area who just died of pancreatic cancer. 2 months from diagnosis to death. He made it clear he didn't want prolonged suffering just as he made it clear he knew he was not going to have a miracle. He went through one round of chemo, no improvement, then immediately went into home hospice. IMHO he almost certainly died from de facto assisted suicide, an overdose of pain meds.
IEEE Spectrum Magazine: A highly accessible magazine for the lay person and well in front of technology issues: http://spectrum.ieee.org/
Machine Design Magazine: http://machinedesign.com/?p=1 (and coincidentally, first story is about 3D printers)