Shipping a large project with 1,000 bugs might be a perfectly valid decision
Why don't we just change that to Shipping a large project with 1,000 bugs might be a perfectly valid business decision
I don't ship crap.
And if I had a really large project, I still wouldn't ship crap. Too many pinheads cutting corners to save a buck, particularly on large projects, because they count that an an excuse and want to rush it out the door ASAP to start generating revenue. Not me thank you very much. Just because there's a fair number of vendors that play that game doesn't mean it's the rule.
I still can remember back to the days when "version one-point-oh" didn't always have to mean "train wreck, we'll start seriously fixing bugs around 2.5". Today's translation works as follows: Today's 1.0 is yesterday's early beta. Today's 2.0 is yesterday's Still Beta. Today's 3.0 is yesterday's 1.0.
Software should work out of the box. You shouldn't have to wait for an update or two for it to become stable enough to use.
Dan Kaminsky, a well-known security expert who also provides consulting services to Microsoft, hailed the release a 'game changer' because it provides a reliable way for developers to sort through thousands of bugs to identify the several dozen that pose the greatest risk."
Maybe I'm just totally out of touch here, but for my development, finding the bugs is the time consuming part, fixing them usually goes pretty quick. I welcome anything that helps find my bugs, that saves so much time. If your code is so decrepit that this tool is going to find "thousands" of bugs, you need to go back to school for awhile.
Given a tool like that, I'd be running it regularly and not just addressing the "important" bugs. Making that thing pass clean would be one of the steps in my development cycle.
Or maybe he's just speaking more about a common windows programming philosophy? (I certainly hope not)
I know the first thing I think of when I hear nigeria is "phish". Not genocide or anything else. Which is funny I think, not sure why nigeria was such a popular phishing site awhile ago, maybe their bank structure etc and lack of policing locally made it safer for them? Nowadays when I do see the random phish it's from a random location - I think their rep has gotten so bad that way that even the suckers realize random email from nigeria is a phish.
Microsoft said it was reviewing TomTom's filing and that it remains committed to a licensing solution and has been for more than a year.
Am I reading this right, "tomtom notified us we are infringing on and profiting from their patent, and we've been trying a combination of ignoring them and trying to make a token payoff to them to make them go away, and now they've had the nerve to sue us over it?"
Assuming you're using an ungrounded soldering iron tip (I sure do!) and assuming the "ON" switch for your panel is in the "OFF" position, there's no complete circuit, whether or not you are soldering on it. (unless you fumble the soldering iron anyway) Now I'd expect some sort of spark when throwing the main switch (internally IN the switch where it belongs) or perhaps a bit of a snap if your idea of a master switch on such a thing is one final large quick disconnect plug. (the thing you were soldering onto the array)
Not disagreeing with those that say covering the panels while working on them is a good idea, it is, but it's not gong to explode, spontaneously ignite, spark heavily, or shock anyone unless they're HV panels. (getting your "expertise" by watching hollywood maybe?) Electricity is a lot safer than many realize. Electricity is also a lot more dangerous than many realize. This is a case of the former. People that don't understand it shouldn't be scaremongering, this is not the time.
The article specifically discusses the virus downloading and hiding this stuff in the SMM, although they don't discuss the payloads running in the SMM. I suppose it could download and stash it in the SMM and drop it back into windows whenever it detected it had been removed. And give your antivirus programs continuous harassment.
Point being, such a payload would either be detectable (when copied into normal memory) or harmless (cannot do much when isolated inside the SMM) It's a bit like a virus in a glass capsule in your body. Sure, it's safe from the antibodies, but it can't do much of anything useful because it requires the resources of the body.
So is there any way to exploit this on a mac? It doesn't look like they've actually released information on how the attack gets the foot in the door yet.
Also, things get a lot more difficult when you are running on such a low level, not interacting with the OS or even the hypervisor. (it's like the difference between coding in VB versus assembly) They talk about it phoning home and downloading nasties, but really, even being able to use the NIC card could be quite an undertaking if you're doing it "by hand" instead of using drivers and OS calls. (so you're going to code a TCP/IP stack in the SMM are you? have fun with that...) Even if they do demo a howto, actually coding something useful may take an equal level of skill as the actual exploit itself required to create. This would at least limit its application.
Imagine the poor thing getting itself all moved into the SMM and then finding out it's on a mac. Um... what now?
My suggestion: An AI should be coded as a bot, within the constraints given to the player. If the player can only see a part of the battlefield (like in Starcraft) then the AI should have the same limit and need adjust its own viewport to gain awareness of an area. It should also be limited by the fog of war, and lack the ability to see out of the back of its head. To put in another way, a fair Starcraft AI would be one implemented with a camera pointed at the screen, controlling only the keyboard and mouse inputs.
While this is a very good idea, it's very difficult to implement well, and it's been tried plenty of times. I've played games that attempted that, but as a result were very easy to beat. For example, you could start an attack on three fronts, and the AI would ignore all but the top two threats, and the third front would just walk all over them. Every single time.
The fog of war is usually done by a simple radius check. if you are running from something and you are faster, once you get more than 1.5 screens away, you can see on your radar they immediately break off the attack and go regroup. Or you know the exact limit of how far away you can build your forward base that they won't "see" it and come maul you while you're digging in.
Though I 100% agree that the computer's unlimited ability to micromanage is the one reason I can't stand playing RTS against computers. I can't micromanage anyway, so I still get tooled by real players, but against the computer it's totally futile. I think the computer should be limited in where it can make changes. As in, it can change its "focus" every 20 seconds, and during that time can only make changes within that screen-size area. That's how humans are restricted for the most part. If they want to know where other units are, they have two choices: rely on memory of thins they've seen or they need to invest one of their 20 second slots in "reviewing" things before they can pick a new area to focus on.
I think it may be more a case of where you KNOW what isn't a good idea even if you can't see far enough ahead to judge it for certain.
For example, in chess, you see very new (young in particular) players take out their queen soon and try to run around with it, expecting the most powerful piece to be a sure weapon to wreck havoc with. This quickly leads to a 'queen hunt' on behalf of the opponent, who while harassing the queen, develops a dozen pieces on the board before cornering or chasing away the queen, leaving the hunter in a tactically very superior position.
A computer can't see why this is a folly without looking many moves in advance. So they have "book openings" to pick from to start with a strong position, and have special exceptions coded in that protect them from attempting things like hauling out the queen early that are known to be a bad idea. But beyond that it's very hard for the computer to see "that's probably not a good idea" without researching it thoroughly. So if you cripple its lookahead, it has little foresight, and limited "common sense".
Chess is just an example here (tho an oft used one in this thread I see) but apples well to many other games.
he computer *always* knows exactly where you are and can make a perfect shot if it wants to
Not all games behave this way. It's certainly the easiest way to do it, but some games will look at each mob and try to determine what actions they will take based on realistically available conditions. This is tricky to do well because it's hard to code in the ability to act sensibly when searching for you, or to try to guess where you are based on previous information. (he ran around that corner. Maybe he's waiting just around the corner, or maybe he's flanking me, or maybe he's heading toward the objective while trying to stay out of my sight?
it's annoying to be playing a game and see on the radar all the mobs are taking the most direct route to your position. And then when something happens that blocks their route, (you hit a switch to close a door, or climb a ladder they can't climb, etc) they all as a group instantly head in a new direction, the new shortest possible path to get to you, without having any chance of seeing what happened to block their prior path.
This can make for very boring gameplay though. Even though real players will tend to make moves that are close to their average skill level consistently, occasionally they make accidentally brilliant or blunderous moves. Such an ai as you describe would never do either.
It'd be like playing in baseball against a pitcher, that throws a fastball anywhere from 65-85 mph, but averages around 78. (think Bell Curve) But the ai in your case may ALWAYS throw a 77-79. That gets boring.
I think the problem they were discussing is that if you use that probability model, then there is a 2% chance that the computer will make such a totally boneheaded move that goes way beyond what any normal player would commit as a mistake. Like in chess swooping in with the queen to take a pawn and immediately be captured by the adjacent pawn, for no tactical advantage. If you are relying on pure probability to determine what mistake the computer makes, it will occasionally produce grossly unlikely mistakes.
most game mobs have infinite ammunition, because they are not smart enough to pick their shots. really good AIs will track ammo and will switch into 'conservation mode' when they run low.
And sometimes it's bad when Bob says he's out of ammo....
That may have been true until they 'upgraded' ATMs from OS/2 and moved communications from dedicated lines to the Internet.
The ATMs run on their own encrypted (VPN) network, a bit like a darknet. Just because they're using the internet doesn't make that an easy vector. It's like saying your company's internal network isn't secure if your offices are connected with a VPN. As long as the exterior doors are secure, internal security is irrelevant.
That worm was probably due to the fault of some ATM engineer using an infected flash drive while servicing the machines.
over 99.9% of the vulnerabilities you are counting require physical access. You can't insert a flash drive, jack in a keyboard, put in a floppy, or even get TCP/IP access to an ATM normally, so those security problems don't count.
If a system has a vulnerability that cannot be exploited, it doesn't make it any less secure.
My daughter is using phrases like 'hot guys,' and soon will have a chat about the birds and the bees
Since there isn't always a clear red flag to let you know the absolute last minute you can put that conversation off, you should get it out of the way when the time is approaching. Procrastination here is not a good thing.
By the time my parents worked up the nerve, my school had already provided me with good sex-ed. I think in some respects I knew more than they did, which was kinda funny. Correcting your parents during this chat just makes them turn different shades of red and purple. Not many schools do that though, but if you wait too long you too may get to experience that.
Sounds like you'd have a very strong leg to stand on, being charged for a service never provided? $99 buys at least a few hours of my yelling on a phone.
agreed, they do well when snugly supported in the chamber, and when their back is being supported as well, but don't do nearly so well when unsupported. Reminds me of the occasional mention of morons that throw.22's into bonfires... but really, A HAMMER? Makes one wonder what he expected.
The famed 'numbered accounts' that do not bear the owner's name will still be available for clients willing to pay for added anonymity
Anyone that needs one of those accounts is going to be willing to pay that added fee. So besides the Swiss making a little more money off their money hiding, what changes?
"Joe deprived me of my right to (do some random act)" is not illegal unless there's a law. You're depriving me of my right to browse pr0n right now because I'm responding to your post. Surrender immediately!
Slashdot Mirror
Shipping a large project with 1,000 bugs might be a perfectly valid decision
Why don't we just change that to Shipping a large project with 1,000 bugs might be a perfectly valid business decision
I don't ship crap.
And if I had a really large project, I still wouldn't ship crap. Too many pinheads cutting corners to save a buck, particularly on large projects, because they count that an an excuse and want to rush it out the door ASAP to start generating revenue. Not me thank you very much. Just because there's a fair number of vendors that play that game doesn't mean it's the rule.
I still can remember back to the days when "version one-point-oh" didn't always have to mean "train wreck, we'll start seriously fixing bugs around 2.5". Today's translation works as follows: Today's 1.0 is yesterday's early beta. Today's 2.0 is yesterday's Still Beta. Today's 3.0 is yesterday's 1.0.
Software should work out of the box. You shouldn't have to wait for an update or two for it to become stable enough to use.
Microsoft Unveils Open Source Exploit Finder
Kind of makes one wonder why they don't oh I don't know... say... Run it on their Windows source???
Dan Kaminsky, a well-known security expert who also provides consulting services to Microsoft, hailed the release a 'game changer' because it provides a reliable way for developers to sort through thousands of bugs to identify the several dozen that pose the greatest risk."
Maybe I'm just totally out of touch here, but for my development, finding the bugs is the time consuming part, fixing them usually goes pretty quick. I welcome anything that helps find my bugs, that saves so much time. If your code is so decrepit that this tool is going to find "thousands" of bugs, you need to go back to school for awhile.
Given a tool like that, I'd be running it regularly and not just addressing the "important" bugs. Making that thing pass clean would be one of the steps in my development cycle.
Or maybe he's just speaking more about a common windows programming philosophy? (I certainly hope not)
I don't know, I think I'd have to try that at least once if it were that way here. Wouldn't you?
I know the first thing I think of when I hear nigeria is "phish". Not genocide or anything else. Which is funny I think, not sure why nigeria was such a popular phishing site awhile ago, maybe their bank structure etc and lack of policing locally made it safer for them? Nowadays when I do see the random phish it's from a random location - I think their rep has gotten so bad that way that even the suckers realize random email from nigeria is a phish.
10k Too expensive for the average Joe
But was that due to the cost of R&D, the materials and construction, or the inventors wanting too high of a profit margin?
Can it do any sweet jumps?
Looks a little heavy to do a good Ollie
Microsoft said it was reviewing TomTom's filing and that it remains committed to a licensing solution and has been for more than a year.
Am I reading this right, "tomtom notified us we are infringing on and profiting from their patent, and we've been trying a combination of ignoring them and trying to make a token payoff to them to make them go away, and now they've had the nerve to sue us over it?"
Assuming you're using an ungrounded soldering iron tip (I sure do!) and assuming the "ON" switch for your panel is in the "OFF" position, there's no complete circuit, whether or not you are soldering on it. (unless you fumble the soldering iron anyway) Now I'd expect some sort of spark when throwing the main switch (internally IN the switch where it belongs) or perhaps a bit of a snap if your idea of a master switch on such a thing is one final large quick disconnect plug. (the thing you were soldering onto the array)
Not disagreeing with those that say covering the panels while working on them is a good idea, it is, but it's not gong to explode, spontaneously ignite, spark heavily, or shock anyone unless they're HV panels. (getting your "expertise" by watching hollywood maybe?) Electricity is a lot safer than many realize. Electricity is also a lot more dangerous than many realize. This is a case of the former. People that don't understand it shouldn't be scaremongering, this is not the time.
The article specifically discusses the virus downloading and hiding this stuff in the SMM, although they don't discuss the payloads running in the SMM. I suppose it could download and stash it in the SMM and drop it back into windows whenever it detected it had been removed. And give your antivirus programs continuous harassment.
Point being, such a payload would either be detectable (when copied into normal memory) or harmless (cannot do much when isolated inside the SMM) It's a bit like a virus in a glass capsule in your body. Sure, it's safe from the antibodies, but it can't do much of anything useful because it requires the resources of the body.
So is there any way to exploit this on a mac? It doesn't look like they've actually released information on how the attack gets the foot in the door yet.
Also, things get a lot more difficult when you are running on such a low level, not interacting with the OS or even the hypervisor. (it's like the difference between coding in VB versus assembly) They talk about it phoning home and downloading nasties, but really, even being able to use the NIC card could be quite an undertaking if you're doing it "by hand" instead of using drivers and OS calls. (so you're going to code a TCP/IP stack in the SMM are you? have fun with that...) Even if they do demo a howto, actually coding something useful may take an equal level of skill as the actual exploit itself required to create. This would at least limit its application.
Imagine the poor thing getting itself all moved into the SMM and then finding out it's on a mac. Um... what now?
The flaws, built into the system for more than a decade, are in serious violation of federal voting system certification standards.
Sure, you and I care, but who's the them that's going to DO anything?
Besides the obvious "toss them out on their arse", I'd like to see them heavily fined. And I mean like "we want a refund"
My suggestion: An AI should be coded as a bot, within the constraints given to the player. If the player can only see a part of the battlefield (like in Starcraft) then the AI should have the same limit and need adjust its own viewport to gain awareness of an area. It should also be limited by the fog of war, and lack the ability to see out of the back of its head. To put in another way, a fair Starcraft AI would be one implemented with a camera pointed at the screen, controlling only the keyboard and mouse inputs.
While this is a very good idea, it's very difficult to implement well, and it's been tried plenty of times. I've played games that attempted that, but as a result were very easy to beat. For example, you could start an attack on three fronts, and the AI would ignore all but the top two threats, and the third front would just walk all over them. Every single time.
The fog of war is usually done by a simple radius check. if you are running from something and you are faster, once you get more than 1.5 screens away, you can see on your radar they immediately break off the attack and go regroup. Or you know the exact limit of how far away you can build your forward base that they won't "see" it and come maul you while you're digging in.
Though I 100% agree that the computer's unlimited ability to micromanage is the one reason I can't stand playing RTS against computers. I can't micromanage anyway, so I still get tooled by real players, but against the computer it's totally futile. I think the computer should be limited in where it can make changes. As in, it can change its "focus" every 20 seconds, and during that time can only make changes within that screen-size area. That's how humans are restricted for the most part. If they want to know where other units are, they have two choices: rely on memory of thins they've seen or they need to invest one of their 20 second slots in "reviewing" things before they can pick a new area to focus on.
I think it may be more a case of where you KNOW what isn't a good idea even if you can't see far enough ahead to judge it for certain.
For example, in chess, you see very new (young in particular) players take out their queen soon and try to run around with it, expecting the most powerful piece to be a sure weapon to wreck havoc with. This quickly leads to a 'queen hunt' on behalf of the opponent, who while harassing the queen, develops a dozen pieces on the board before cornering or chasing away the queen, leaving the hunter in a tactically very superior position.
A computer can't see why this is a folly without looking many moves in advance. So they have "book openings" to pick from to start with a strong position, and have special exceptions coded in that protect them from attempting things like hauling out the queen early that are known to be a bad idea. But beyond that it's very hard for the computer to see "that's probably not a good idea" without researching it thoroughly. So if you cripple its lookahead, it has little foresight, and limited "common sense".
Chess is just an example here (tho an oft used one in this thread I see) but apples well to many other games.
he computer *always* knows exactly where you are and can make a perfect shot if it wants to
Not all games behave this way. It's certainly the easiest way to do it, but some games will look at each mob and try to determine what actions they will take based on realistically available conditions. This is tricky to do well because it's hard to code in the ability to act sensibly when searching for you, or to try to guess where you are based on previous information. (he ran around that corner. Maybe he's waiting just around the corner, or maybe he's flanking me, or maybe he's heading toward the objective while trying to stay out of my sight?
it's annoying to be playing a game and see on the radar all the mobs are taking the most direct route to your position. And then when something happens that blocks their route, (you hit a switch to close a door, or climb a ladder they can't climb, etc) they all as a group instantly head in a new direction, the new shortest possible path to get to you, without having any chance of seeing what happened to block their prior path.
This can make for very boring gameplay though. Even though real players will tend to make moves that are close to their average skill level consistently, occasionally they make accidentally brilliant or blunderous moves. Such an ai as you describe would never do either.
It'd be like playing in baseball against a pitcher, that throws a fastball anywhere from 65-85 mph, but averages around 78. (think Bell Curve) But the ai in your case may ALWAYS throw a 77-79. That gets boring.
I think the problem they were discussing is that if you use that probability model, then there is a 2% chance that the computer will make such a totally boneheaded move that goes way beyond what any normal player would commit as a mistake. Like in chess swooping in with the queen to take a pawn and immediately be captured by the adjacent pawn, for no tactical advantage. If you are relying on pure probability to determine what mistake the computer makes, it will occasionally produce grossly unlikely mistakes.
most game mobs have infinite ammunition, because they are not smart enough to pick their shots. really good AIs will track ammo and will switch into 'conservation mode' when they run low.
And sometimes it's bad when Bob says he's out of ammo....
That may have been true until they 'upgraded' ATMs from OS/2 and moved communications from dedicated lines to the Internet.
The ATMs run on their own encrypted (VPN) network, a bit like a darknet. Just because they're using the internet doesn't make that an easy vector. It's like saying your company's internal network isn't secure if your offices are connected with a VPN. As long as the exterior doors are secure, internal security is irrelevant.
That worm was probably due to the fault of some ATM engineer using an infected flash drive while servicing the machines.
over 99.9% of the vulnerabilities you are counting require physical access. You can't insert a flash drive, jack in a keyboard, put in a floppy, or even get TCP/IP access to an ATM normally, so those security problems don't count.
If a system has a vulnerability that cannot be exploited, it doesn't make it any less secure.
My daughter is using phrases like 'hot guys,' and soon will have a chat about the birds and the bees
Since there isn't always a clear red flag to let you know the absolute last minute you can put that conversation off, you should get it out of the way when the time is approaching. Procrastination here is not a good thing.
By the time my parents worked up the nerve, my school had already provided me with good sex-ed. I think in some respects I knew more than they did, which was kinda funny. Correcting your parents during this chat just makes them turn different shades of red and purple. Not many schools do that though, but if you wait too long you too may get to experience that.
I agreed, as part of getting rid of them
Sounds like you'd have a very strong leg to stand on, being charged for a service never provided? $99 buys at least a few hours of my yelling on a phone.
agreed, they do well when snugly supported in the chamber, and when their back is being supported as well, but don't do nearly so well when unsupported. Reminds me of the occasional mention of morons that throw .22's into bonfires... but really, A HAMMER? Makes one wonder what he expected.
The famed 'numbered accounts' that do not bear the owner's name will still be available for clients willing to pay for added anonymity
Anyone that needs one of those accounts is going to be willing to pay that added fee. So besides the Swiss making a little more money off their money hiding, what changes?
"Joe deprived me of my right to (do some random act)" is not illegal unless there's a law. You're depriving me of my right to browse pr0n right now because I'm responding to your post. Surrender immediately!