Hardly. I think the distinction here is that someone paid someone money to look at a code and tell us if it was safe. They said yes, turns out the answer is no.
Finding software that is free of defects is like finding a unicorn.
They are exactly right in that professional audits can miss serious bugs, and with that concept we can now not guarantee that even after Google apparently has been looking at the code that it's all safe.
You can't guarantee that *any* code is safe.
In fact it is probably safer now that this bug has been found than before it was found.
There are bugs in nearly every piece of software. Finding a bug isn't necessarily an indication of poor quality relative to other software, but it is usually an indication that that software will be better shortly.
Google locating a single bug isn't the same as a comprehensive examination of the entire codebase.
I think you are pretty much guaranteed that any examination of a large codebase will not be comprehensive.
The problem here is supposedly someone else has done that entire review and not found an issue someone else located with what was likely testing on only a small portion of the "reviewed" code (the driver). This calls into question the quality of the rest of the review.
Can you call something into question if it is already in question?
That's like saying finding a corrupt politician calls into question the integrity of the political system.
1. I think you can be in possession of even living people (e.g. captives). Also, it is possible to deny being in possession of specific documents (e.g. like denying being in possession of a dead body), where compelling the production of that document would incriminate you by showing that you in fact were in possession of that document.
2. What happens if you say "I don't have the email you speak of". I think the only time the lat/lon of the buried hard drive becomes important is if they know you have it or know where it is.
I agree that it *is* (or seems to be) treated differently, but I don't understand why it *should* be treated differently, because they seem like the same thing to me.
How is this different than compelling a murder suspect to provide the body of the person he killed and buried in the desert? The location of the documents is itself incriminating evidence of your obstruction of justice, just like the location of a body is incriminating evidence that you murdered someone.
If the wipe is done properly, I would hope that the evidence that the information was intentionally wiped would also be wiped. Rather than displaying a message "Now wiping data as requested", it would just appear as if there was data corruption.
Or even better than a wipe, the deice could be populated by some non incriminating data, hiding the fact that anything other than decryption was performed.
I think the balance should be that you have no obligation to turn over any documents, but law enforcement can, with a court issued warrant can seize whatever is appropriate. It seems silly to me to expect corporations to cooperate anyway (e.g. turning over documents when ordered to).
The way I see it, we have 2 options. We can give the government the power to compel people to produce information (i.e. punish people for not producing information), and hope that this power is not abused, or we can not give the government this power, forcing them to exert a lot of energy in order to get the information they really want (e.g. brute force decryption), and hope they actually go to the trouble in only those cases where it is justified.
In a more perfect world (e.g. Denmark) I think the 1st option is good, but for the United States I think we need the second option to keep us honest, even if it is less efficient.
What if you hide the documents by burying them at a particular Latitude/longitude? Can the court still compel you to produce them? You know longer have them, but you know where to find them.
Often when people are threatened with jail time, they will have no problem ratting out the person is is truly at fault. That's not proof, but that's a good starting point for an investigation into a person one ladder rung higher. And you just repeat the process until you find the person ultimately responsible.
I actually would not be surprised if they just find a bunch of incriminating emails at the highest level. It's pretty clear that (for some reason), they did not plan on getting caught, or maybe they didn't think it would be such a big deal if they were caught. It's really hard at these big bureaucratic companies to get anything done, even when you are super organized. Shrowding the development process in secrecy just seems like a perfect recipe for disaster.
Even classified information (while considered secret), has incredibly good paper trails. In order to keep something a secret, it is imperative that the mandate to keep the secret is well documented. It only takes one dummy to accidentally leak the information that he didn't know was a secret because he wasn't explicitly informed of that.
Yes, it's 100% required that cameras accept IR and record it. If not, then they won't work.
Absolutely false
Though by "work" you mean won't do one specific thing, and by "work" I mean do everything listed in the manual.
My point is that when you say shit like "By "rely on" I mean "rely on"" (implying that there is only one thing it could mean), you are not only being a pretentious asshole. Not only that but you are also just wrong.
Though by "work" you mean won't do one specific thing, and by "work" I mean do everything listed in the manual. If it doesn't do what the manual says it will, then it's broken.
And without IR light, the camera will still do what it is supposed to do in the absence of IR light, even if that's not what you want. Just like how taking pictures of flowers in "fireworks mode" may not do what you want, but it is still doing what it is supposed to do.
What I am saying is that examples of different teachers in different schools punishing different kids for doing different things, does not provide any evidence for non-racism in this instance.
YOu could use this logic to prove their was no racism in the south. Afterall, lots of white people were also punished in the south, maybe it was because they were white too.
I am not saying that I am sure racism was involved with Ahmed. What I am saying is that your test for excluding racism is seriously flawed.
But it's not "required" that there be any IR light for the camera to work. Just like how cameras don't "require" fireworks or "rely on" fireworks even though some features only work on fireworks.
I understand the incentive to watch a movie online but what is the incentive for someone to risk prison time to illegally record a movie and upload it to pirate bay? What is the uploader getting out of it? Back in the BBS there was a barter system where you could get credit by uploading something wanted that didn't exist yet but what incentive is there today?
Altruism?
Why do people volunteer to do anything? Maybe it's because they get some kind of satisfaction by helping people. Maybe they like the prestige of being a notable pirate. Maybe they think the media industry is evil, and they feel like they are making the world a better place by denying profits to them.
I suppose it doesn't make sense if you think the only compelling reason to do something is for personal monetary gain.
But there are lots of other motivations people can have other than money.
All it takes is for one lapse in security, not necessarily in your theater or even your country, and all the time and money spent trying to prevent that movie from leaking is wasted.
This would be like buying a car alarm that self destructs if any car in the entire world is stolen.
I have not only looked at compiler output, but actually write assembly for things like atomic reference counting.
I value correctness more than speed. I know can probably beat the compiler at *some* tasks. I'm saying that on average the compiler generates way better assembly. It's usually faster, and it's almost without exception more likely to be correct.
There are indeed lots of areas where compiler optimization can be improved, but the single example you gave isn't one of them. That's just an example of a programming error.
That's not a problem with the compiler. That source code, as written, is supposed to check the length of s before each loop iteration. If you want the length of s to be checked only once, then you need to change the C code.
Imagine replacing strlen() with foo(). You don't even know if foo is deterministic or not. It might return a different output for the same input each time it is called.
Slashdot Mirror
Hardly. I think the distinction here is that someone paid someone money to look at a code and tell us if it was safe. They said yes, turns out the answer is no.
Finding software that is free of defects is like finding a unicorn.
They are exactly right in that professional audits can miss serious bugs, and with that concept we can now not guarantee that even after Google apparently has been looking at the code that it's all safe.
You can't guarantee that *any* code is safe.
In fact it is probably safer now that this bug has been found than before it was found.
There are bugs in nearly every piece of software. Finding a bug isn't necessarily an indication of poor quality relative to other software, but it is usually an indication that that software will be better shortly.
Google locating a single bug isn't the same as a comprehensive examination of the entire codebase.
I think you are pretty much guaranteed that any examination of a large codebase will not be comprehensive.
The problem here is supposedly someone else has done that entire review and not found an issue someone else located with what was likely testing on only a small portion of the "reviewed" code (the driver). This calls into question the quality of the rest of the review.
Can you call something into question if it is already in question?
That's like saying finding a corrupt politician calls into question the integrity of the political system.
despite professional code audits, serious bugs can remain undiscovered
Doesn't google finding this bug count as on more professional code audit successfully discovering a bug?
When a scientist discovers a new theory do we lament the fact that we've proven that we didn't know everything beforehand?
Did anyone really think that we could possibly ever have a large piece of software with no bugs?
1. I think you can be in possession of even living people (e.g. captives). Also, it is possible to deny being in possession of specific documents (e.g. like denying being in possession of a dead body), where compelling the production of that document would incriminate you by showing that you in fact were in possession of that document.
2. What happens if you say "I don't have the email you speak of". I think the only time the lat/lon of the buried hard drive becomes important is if they know you have it or know where it is.
I agree that it *is* (or seems to be) treated differently, but I don't understand why it *should* be treated differently, because they seem like the same thing to me.
How is this different than compelling a murder suspect to provide the body of the person he killed and buried in the desert? The location of the documents is itself incriminating evidence of your obstruction of justice, just like the location of a body is incriminating evidence that you murdered someone.
If the wipe is done properly, I would hope that the evidence that the information was intentionally wiped would also be wiped. Rather than displaying a message "Now wiping data as requested", it would just appear as if there was data corruption.
Or even better than a wipe, the deice could be populated by some non incriminating data, hiding the fact that anything other than decryption was performed.
https://en.wikipedia.org/wiki/Deniable_encryption
I think the balance should be that you have no obligation to turn over any documents, but law enforcement can, with a court issued warrant can seize whatever is appropriate. It seems silly to me to expect corporations to cooperate anyway (e.g. turning over documents when ordered to).
The way I see it, we have 2 options. We can give the government the power to compel people to produce information (i.e. punish people for not producing information), and hope that this power is not abused, or we can not give the government this power, forcing them to exert a lot of energy in order to get the information they really want (e.g. brute force decryption), and hope they actually go to the trouble in only those cases where it is justified.
In a more perfect world (e.g. Denmark) I think the 1st option is good, but for the United States I think we need the second option to keep us honest, even if it is less efficient.
What if you hide the documents by burying them at a particular Latitude/longitude? Can the court still compel you to produce them? You know longer have them, but you know where to find them.
What if you hid the key to a safe in a different combination safe?
They could market a different drug that is a generic version of the same drug that they already produce.
Often when people are threatened with jail time, they will have no problem ratting out the person is is truly at fault. That's not proof, but that's a good starting point for an investigation into a person one ladder rung higher. And you just repeat the process until you find the person ultimately responsible.
I actually would not be surprised if they just find a bunch of incriminating emails at the highest level. It's pretty clear that (for some reason), they did not plan on getting caught, or maybe they didn't think it would be such a big deal if they were caught. It's really hard at these big bureaucratic companies to get anything done, even when you are super organized. Shrowding the development process in secrecy just seems like a perfect recipe for disaster.
Even classified information (while considered secret), has incredibly good paper trails. In order to keep something a secret, it is imperative that the mandate to keep the secret is well documented. It only takes one dummy to accidentally leak the information that he didn't know was a secret because he wasn't explicitly informed of that.
Yes, it's 100% required that cameras accept IR and record it. If not, then they won't work.
Absolutely false
Though by "work" you mean won't do one specific thing, and by "work" I mean do everything listed in the manual.
My point is that when you say shit like "By "rely on" I mean "rely on"" (implying that there is only one thing it could mean), you are not only being a pretentious asshole. Not only that but you are also just wrong.
Though by "work" you mean won't do one specific thing, and by "work" I mean do everything listed in the manual. If it doesn't do what the manual says it will, then it's broken.
And without IR light, the camera will still do what it is supposed to do in the absence of IR light, even if that's not what you want. Just like how taking pictures of flowers in "fireworks mode" may not do what you want, but it is still doing what it is supposed to do.
In sumamry:
1. You're an asshole
2. You're wrong
And if both parties get their dream choice in the primaries, it's America that's fucked.
What I am saying is that examples of different teachers in different schools punishing different kids for doing different things, does not provide any evidence for non-racism in this instance.
YOu could use this logic to prove their was no racism in the south. Afterall, lots of white people were also punished in the south, maybe it was because they were white too.
I am not saying that I am sure racism was involved with Ahmed. What I am saying is that your test for excluding racism is seriously flawed.
But it's not "required" that there be any IR light for the camera to work. Just like how cameras don't "require" fireworks or "rely on" fireworks even though some features only work on fireworks.
I understand the incentive to watch a movie online but what is the incentive for someone to risk prison time to illegally record a movie and upload it to pirate bay? What is the uploader getting out of it? Back in the BBS there was a barter system where you could get credit by uploading something wanted that didn't exist yet but what incentive is there today?
Altruism?
Why do people volunteer to do anything? Maybe it's because they get some kind of satisfaction by helping people. Maybe they like the prestige of being a notable pirate. Maybe they think the media industry is evil, and they feel like they are making the world a better place by denying profits to them.
I suppose it doesn't make sense if you think the only compelling reason to do something is for personal monetary gain.
But there are lots of other motivations people can have other than money.
So you are saying that the cameras don't work in the absence of infrared light?
All it takes is for one lapse in security, not necessarily in your theater or even your country, and all the time and money spent trying to prevent that movie from leaking is wasted.
This would be like buying a car alarm that self destructs if any car in the entire world is stolen.
Here's what you've given me:
1. One terrible example.
2. Evidence that you have a reading comprehension deficit or some kind of inferiority complex or both.
I can see you're getting all defensive, and are not really interested in doing anything but desperately trying to save face. Good luck with that.
I have not only looked at compiler output, but actually write assembly for things like atomic reference counting.
I value correctness more than speed. I know can probably beat the compiler at *some* tasks. I'm saying that on average the compiler generates way better assembly. It's usually faster, and it's almost without exception more likely to be correct.
There are indeed lots of areas where compiler optimization can be improved, but the single example you gave isn't one of them. That's just an example of a programming error.
No I am listing a reason why if the compiler did what you say it should do, it would result in different behavior than what the source code indicates.
That's not a problem with the compiler. That source code, as written, is supposed to check the length of s before each loop iteration. If you want the length of s to be checked only once, then you need to change the C code.
Imagine replacing strlen() with foo(). You don't even know if foo is deterministic or not. It might return a different output for the same input each time it is called.
A new study shows that more people died while sleeping than from drunk driving. This proves that sleeping is more dangerous than drunk driving.