Slashdot Mirror


User: tlambert

tlambert's activity in the archive.

Stories
0
Comments
5,097
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,097

  1. "You will be fined if you don't lock your car" on US Wants UK Hacker To Pay To Fix Holes He Exposed · · Score: 1

    "You will be fined if you don't lock your car" (I still think this is ludicrous)

    Means that if you don't lock your car, you ARE the criminal.

    Yeah, ANOTHER criminal might come along and take advantage of your criminal behaviour to commit further crimes, but really, not only are you a criminal suffering a statutory penalty for your crimes, you're actually an accessory before the fact to any subsequent crime that takes advantage of the crime you committed.

    As far as I can tell, the U.S. Government isn't claiming that subsequent to the electronic trespass that someone else took advantage of the disclosed hole to commit additional crimes.

    -- Terry

  2. Re:There is NO logic to it on US Wants UK Hacker To Pay To Fix Holes He Exposed · · Score: 1

    "If I didn't lock my doors, I'd be fined." ...
    "It's a great idea. Why should I be purchasing the locks? They certainly don't benefit me."

    How about "They keep you from being fined"? That's certainly a benefit to you.

    -- Terry

  3. You are missing the point. on US Wants UK Hacker To Pay To Fix Holes He Exposed · · Score: 1

    "That doesn't really encourage respect for the law, you know."

    You are missing the point. It is not about respect for the law, it is about respect for and fear of authority. The law really has very little to do with it.

    -- Terry

  4. So basically a "red light camera" for people. on Video Surveillance System That Reasons Like a Human · · Score: 1

    So basically a "red light camera" for people.

    And like the red light cameras, there's no way to appeal to human judgement if the camera says you're guilty, you must be guilty unless you can prove you are innocent (for red light cameras, at least in California, that means proving the amber light lasted less than 4.8 seconds).

    I love the presumption of guilt they're slowly building into the system in the name of revenue generation. "The war on terror" has been going on for 8 years now, and they finally arrested _a_ suspect with no concrete plans of timing, location, or a target. I will bet that this system will ultimately be used to automatically issue jay-walking tickets.

    -- Terry

  5. Basic game theory: *always* publish tactical code. on DragonFly 2.4 Released · · Score: 1

    Basic game theory: *always* publish tactical code.

    You cite "basic game theory" as a reason to not publish code, but in fact "basic game theory" dictates that you *always* publish non-strategic code; this accomplishes a number of things for you:

    - community good will
    - you offload ongoing maintenance costs
    - you establish your interfaces and data structures as a de-facto standard, disadvantaging your competitors

    The first some companies have decided they can live without; however, if you want a ready pool of people to hire from, then like many other companies, you won't discount the idea.

    The second is practically priceless; a lot of comapnies have done this with Linux (Microsoft just joined these ranks).

    The third is also priceless; certain SQL language constructs were published into the SQL standard because they were specifically difficult for Sybase and other Oracle competitors to implement them with the same level of performance. Bot VMWare and Parallels have also tried getting their VMM interfaces adopted by Linux, not because they want to be good guys, but because if their APIs get adopted, it makes it harder for their competitors to compete in the market.

    You also publish strategic code under some circumstances:

    - When the value of the strategic position is exceeded by the ongoing maintenance costs
    - When the value of the strategic position is less than the value of the cost to competitors of keeping up with a strategy not their own

    TiVO is one well-known company that has done the latter, keeping only those items with high strategic value back (and separate from the kernel to avoid licensing encumberment of the GPL), so it's possible to do the same thing there on Linux as it is for companies like RedBack Networks or F5 to modify the BSD networking stack for their L3/L4 switches.

    So if you are going by "basic game theory", then you get the same things not given back to Linux as are not given back to BSD, with a couple of things not being given back to BSD by unenlightened companies (and then their interfacing and reintigration costs get higher and higher over time until they release the code or they go out of business because they are non-competitive).

    -- Terry

  6. Do not do that. Stay on topic. on Security / Privacy Advice? · · Score: 0, Redundant

    Do not do that. Stay on topic.

    You are supposed to cover a topic. Cover it. If you have a hobby horse to ride, you should give a good presentation on what you've been asked to present on, and nothing else. If the issues you want to ride come up in Q/A, you can address them very briefly, but stay on topic.

    If you ever want to get asked to talk in depth about your hobby horse(s), you will do a good job on the topic you have been told to present on, and not look like some schmuck who can't keep on point in presentations by having the thing wander all over the map.

    Also, anything you add at the end will tend to push the information you were intended to communicate out of their heads entirely, and trivialize it for your audience, so you should think twice about that. If your management is there (you said everyone would be), it will do the same for them, and they aren't going to think you've covered what they told you to at all well, and that your whole talk wandered, even if it only wandered at the end.

    -- Terry

  7. Except they're here to teach you to fish on Greg Kroah-Hartman Gripes About Microsoft's Linux Contribution; MS Renews Effort · · Score: 4, Insightful

    "If you're here to build me a bridge, then tell me so and build it. If you're here to bring me a stone, then don't tell me you're here to build me a bridge."

    Except they're here to teach you to fish, not to become your unpaid fishermen/code slaves for the rest of eternity.

    I actually expect that this was an intern project for one or more interns (intern season just ended), and that there was never any expectation that the people who did the work would be around to maintain it. It was in fact a very large move for Microsoft to release this code at all, and it probably took a lot of begging internally to get management to agree to that much concession. Then they went above and beyond, and released the code patches under the GPL, which meets their requirements under the GPL to donate the code back to the Linux project. You seem to expect them to stick around and maintain that code in perpetuity, which wasn't the contract, and wasn't the license. So you're complaining and threatening to remove the drivers in the next release unless they commit resources in perpetuity to maintaing the drivers vs. *your* code base.

    This is really a stupid demand on your part;if the kernel level APIs (what Sun calls their DDI/DKI - Device Driver Interface/Device Kernel Interface) in Linux were stable and not such a moving target, you could just forget the drivers and they'd keep working indefinitely.

    As one of the people who struggles internally in a company to keep certain sources out there and available for anyone who wants them, IMO it's really ungrateful of you to look the gift horse in the mouth and demand more just because you can't maintain stable APIs.

    -- Terry

  8. The interesting part for a bioinformatics person on How Many Bits Does It Take To Kill You? · · Score: 1

    The interesting part for a bioinformatics person should be the application of reverse engineering techniques and abstraction to the problem space.

    With respect, you're not really thinking like a Craig Venter or Sam Levy, or like a reverse engineer.

    If I were attempting to reverse engineer the ability to program a computer, for example mitochondrial ribosomes, with an unknown instruction set, for example mRNA, and all I knew was how to make random sequences of mRNA, not how the equipment itself actually functioned, then I'd get a bunch of equipment (cells) together and throw random mRNA at it until I could make statistical correlations between the input (the mRNA) and the output (the proteins). And I would do this in parallel, on as much equipment as I could afford to get together, to shorten the amount of time it took me to get to the desired result. From an engineering perspective, that's the output, not how to create a cycle-accurate simulator or document the entire instruction set by sending the computer off to ChipWorks in Canada. We don't have the tools to do that right now.

    However, it turns out that I do not need to have knowledge of how the computer works to get useful work out of it. A lot of nominally computer people program in high level languages, and have absolutely no idea what a compiler is doing behind the scenes, or that there's an assembler involved at all, or a linker. If they learned on Java, they might not even understand pointers. Now I'm not claiming that their work is optimal, or even necessarily efficient, but the point is that their work can be *effective* without them understanding the steps in between the input and the output, other than what input to give it to get a desired output. And if that happens at a low enough relative cost compared to the work product, it can be good enough to be economically viable.

    This should be your take-away: We have a compiler. We do not need to understand it to create working programs. It is enough that we can do so.

    PS: Yes, I realize that this is somewhat antithetical to the bioinformatics goal of managing and analyzing the data, thereby increasing our understanding of biological processes. But we aren't actually talking so much about doing science here, as we are talking about doing engineering.

    -- Terry

  9. due to trauma or disease [...not...] genetic[s] on China Admits Use of Death-Row Organs · · Score: 1

    "In fact I would be willing to bet that more people need organ transplants due to trauma or disease than do because of any genetic problems"

    Susceptibility to disease _is_ a genetic problem. You could probably argue either way on trauma, depending on the nature of the trauma.

    -- Terry

  10. I don't know about yours; you're wrong about mine on Report That OS X Snow Leopard May Include Antivirus · · Score: 1

    I don't know about yours; you're wrong about mine:

    % ls -le@d /Applications
    drwxrwxr-x+ 31 root admin 1054 Jul 30 23:59 /Applications/
      0: group:everyone deny delete

    There's an ACL that prevents deletion even by admin users, unless you type a password. It's the application hotel: apps can check in, but they can't check out without escalated privilege to override the ACL there. That includes deleting individual files so you can replace them with Malware.

    -- Terry

  11. Wrong - not useful to prove premeditation on Scientists Find Way To Combat Forged DNA · · Score: 2, Insightful

    Wrong - not useful to prove premeditation

    "If someone tries to spoof the existing test and they don't guess right in how to spoof it ... then it sort of nails them for premeditation of the crime."

    Only if the crime you are talking about is framing someone, rather than the person being framed. Detection of fabricated evidence and contamination of evidence is useful as a defense against DNA evidence, it's not useful to law enforcement, unless the evidence was fabricated by an unrelated criminal. Even then, it only rules them out.

    First derivative: In terms of premeditation, the act would be to use the amplification technique to frame yourself, plant evidence at the scene, and then later use the detection method to prove the evidence was manufactured, thus implying you were the victim of a frame-up, rather than the real killer.

    Second derivative: A premeditated use of self-incriminating fabricated evidence could use the method as a positive assertion test to ensure that the fabrication would be caught immediately, if it was a standard cross-check, or at trial, if it wasn't. Use by law enforcement in order to manufacture a frame would be as a negative assertion test, to verify that the framing material would pass inspection at trial later, when it was attempted to be used by the defense, to create manufactured evidence which could be successfully used in a frame-up.

    So in reality, the framing technique brings into question DNA evidence, and the anti-framing technique brings into question DNA evidence.

    -- Terry

  12. "anybody could "steal" the modified source code" on Leaving the GPL Behind · · Score: 1

    "anybody could "steal" the modified source code"

    Not if it's never published after it's modified, they can't.

    Protection of a Trade Secret is not expensive, so long as it's never published to anyone other than "a select group" (the specific legal term for selective disclosure). The civil penalty for a judgement of disclosure is treble damages for the loss incurred.

    While it's true that Trade Secret was the main case point in the AT&T vs. UCB Regents lawsuit over the BSD 4.3 (Net/2) source code, the disclosure occurred under a Western Electric license which did not specifically prohibit disclosure, and the initial disclosure was in the Jeffrey Lyons book at the University of New South Wales. Once disclosed, you can not recapture a Trade Secret, so the case was lost at that point. UCB Regents additionally counter-sued for Copyright violation based on removal of the UCB license from published AT&T source code in SDKs which were not protected as a Trade Secret under license to a select group, meaning they were fair game as fodder for the court; it was likely this, more than anything else, which forced them to not try to use their money and the legal system as a bludgeon for what was in fact legal republication of already disclosed Trade Secrets.

    However, had AT&T been able to legally pursue a Trade Secret claim, they could have collected on their losses, and UCB Regents had the deep pockets necessary to make good the loss.

    The primary risk, then is disclosure by someone without deep pockets. Which is why the lawyers get to decide who is and isn't a member of the select group in the first place. So it's possible to legally cover your financial assets in such a way as you might actually prefer that disclosure happens. But that makes the Trade Secret a no less effective mechanism.

    As an example of successful use of a Trade Secret, Henry Bessemer (of the Bessemer Steel Process) had an early invention for making the machines to make the brass powder which was used in the manufacture of the first "gold" paint; the means of making the machines were a Trade Secret, which was closely held in the family for many years, which is how he made his fortune which allowed him to pursue his other inventions.

    More recent examples include the formula for the manufacture of Coca-Cola syrup, and the spice mixture used in Kentucky Fried Chicken, both of which remain trade secrets to this day. Here is the reference for the KFS recipe:

    http://en.wikipedia.org/wiki/KFC

    -- Terry

  13. "Where's the obvious profit ... mission to Mars" on NASA's Cashflow Problem Puts Moon Trip In Doubt · · Score: 1

    "Where's the obvious profit on a tripulated mission to Mars"

    After you get there, you own Mars and pretty much all the resources in the asteroid belt. If someone wants to prevent it, they have to build a comparable space presence, and you can charge them rent for basing their asteroid belt operations on Deimos (escape velocity 20 KPH) and Phobos (escape velocity 40KPH), and, hey, there are plenty of asteroids for everyone.

    -- Terry

  14. "He's here asking for advice, so give it to him." on Why Should I Trust My Network Administrator? · · Score: 1

    "He's here asking for advice, so give it to him."

    Fine.

    You know you that can trust them exactly the same way the people who hired you knew that they could trust you to be able to make the decision on who to hire.

    -- Terry

  15. No AC, that's not it. on Why Should I Trust My Network Administrator? · · Score: 1

    "So according to you you should trust the guy because before the fact you should trust the guy or because you are doing your job?"

    No AC, that's not it.

    He's the manager. He is a party to a contract in which he trades use of his ability to manage for the companies money. Part of that ability to manage is supposed include the ability to judge the character of the people he hires to do work on behalf of the company. If he doesn't have this ability, he is in breach of that contract, and at best irresponsible for having entered into the contract in the first place, or at worst, himself untrustworthy.

    So he's come to AskSlashdot, either to troll us ("Let's ask IT people how you can trust an IT person, and watch the hilarity ensue!"), or because he's not competent to be in the position he holds. Now there is a small possibility that it is the latter, and that he is clueless enough to not realize that he's unqualified for the position he holds, but it's more likely that he's either trolling, or he simply doesn't care that he's unqualified, and he's cheated the company by accepting the responsibility without being able to deliver.

    So yeah, there's a miniscule probability that I should have called the question "naive" instead of "dumb". But if I had to bet money on the reality, I know which side the probability is going to come down on.

    -- Terry

  16. That is an incredibly dumb question. on Why Should I Trust My Network Administrator? · · Score: 5, Funny

    That is an incredibly dumb question.

    You should trust him because, as the manager of the startup, it is within your area of responsibility to ensure apriori that the people you hire to do this are trustworthy, or you are simply not doing your job and you should be fired and replaced with someone who can. Since your company is already on a path for doing outsourcing, I am sure your job could be outsourced to someone more competent in Bangalore.

    -- Terry

  17. Incorrect on Leaving the GPL Behind · · Score: 2, Informative

    "If there was no concept of copyright in the world, then the GPL would not be needed to cancel this nonexistent concept out."

    Incorrect. The GPL requires copyright to keep the source code available. Without the license, one of the ways people could pretend that copyright does not exist is by making modifications, compiling a binary, and not giving out the modified source code.

    I personally happen to believe that this is largely unnecessary, since it's in a businesses long term self interest to give source changes back to the public maintainers in order to offload ongoing maintenance; otherwise, they're spending all their time playing integrate-the-changes. I typically pick the BSD license, which is as close to public domain as you can get while still avoiding the tort consequences that would otherwise attach without a hold-harmless. This is mostly because there are no civil protections for people who put things into the public domain directly.

    But make no mistake: the GPL is more dependent on copyright law than the BSD license.

    -- Terry

  18. Monetize them instead of jamming them. on School System Considers Jamming Students' Phones · · Score: 1

    Monetize them instead of jamming them.

    (1) Put one or more micro-cells in the school so that's what the phone will attach to, instead of the regular towers.

    (2) When calls go through those micro-cells, add a surcharge of $10/minute

    (3) Use the money obtained to fund the school system

    Frankly, someone under 18 can't sign a cell contract, so kids with cell phones are kids with rich parents who have enough disposable income to buy their kids a cell phone, and who can afford to pay proportionally more in order to fund the schools, and probably should be doing so, in the first place.

    -- Terry

  19. Constant small thrust could push it up on Panel Advises Longer Life For Space Station · · Score: 1

    Constant small thrust could push it up

    For example, if the Russians threw up a Topaz-2 reactor and a couple spools of copper wire, and unspooled them toward the Earth to cross the Earths magnetic field lines, by pumping energy down the wire they could raise the orbit no problem. We considered a couple spools of copper wire as a means of powering space stations, at the cost of increasing orbital drag, but you could easily run the generator in reverse as a motor, so long as you had enough power to overcome atmospheric drag.

    See also http://www.world-nuclear.org/info/inf82.html.

    -- Terry

  20. "Legally required to bring it down" on Panel Advises Longer Life For Space Station · · Score: 1

    "2. The US put it up, they're legally required to bring it down."

    What's the time limit on that?

    I.e.: when will the US be bringing the Viking landers and Mariner and Voyager probes, which the US put up, back down in order to meet their legal requirements to bring down what they put up?

    -- Terry

  21. option 4: the US quits participating on Panel Advises Longer Life For Space Station · · Score: 2, Informative

    option 4: the US quits participating, and they leave it in orbit and other countries continue to fly to it and to use it, as they currently do.

    -- Terry

  22. Especially if he wanted to work on the tty code on Alan Cox Quits As Linux TTY Maintainer — "I've Had Enough" · · Score: 4, Funny

    "If Alan Cox wanted to work at Apple, it would take 1 phone call."

    Especially if he wanted to work on the tty code.

    -- Terry

  23. You have three different problems on Cable Management To Defeat Clutter? · · Score: 1

    You have three different problems: your stereo, charging, and data transfer.

    The stereo fix is to buy a stereo with a single daisy-chanable optical interconnect. It's probably too later to tell you that, though. I'm going to concentrate on the other issues, and leave the stereo as "a problem for the student" (but see the URL at the end).

    If you can't go back in time and have better taste in connectors for the devices you buy in the first place, there are several companies that sell dongles with a proprietary connector on one end and a mini-USB connector on the other that plug into the device and stay plugged in. Some of these are just little things that look like rubber trim around the now-standard on the device, while others are full blown cases with extra batteries inside them. Here's one example for an iphone, which includes a lithium battery in the "case", and gives it a standard connector instead of Apple's proprietary "dock" connector:

            http://www.case-mate.com/iPhone-3G-Cases/Case-Mate-iPhone-3G--3GS-Fuel-Battery-Extender-Case.asp

    and then you plug everything you want to charge into the one or two mini-USB cables that you keep around for that.

    For the keyboard and mouse clutter -- get bluetooth. This also works for syncing smaller amounts data from your mobile devices with your computer, when the intent of the cable is to transfer data, rather than charging the device. If you have to have higher speed, e.g. for the video, then make sure at least one of your cables that you keep around has the other end plugged into a computer rather than into a power adapter plugged into a wall/power strip.

    For the ethernet cables, go WiFi. Your WiFi hot spot for the computer, the router, switches, and you NAS can go on a shelf in a closet. Who cares what the cables look like to someone standing on a ladder in your closet, at that point? I assume the modem is a cable modem? If so, it can go in the closet with the switches. There's enough supposedly 802.11n hardware around out there that you can expect a half a gigabit transfer speed if you get it all from one vendor.

    For the separate power connectors on the monitor and the base unit: live with it, or get an all-in-one device like an iMac.

    In the future, when you are thinking of buying a portable device, make sure it can use mini-USB for charging, to avoid adding any more cables.

    PS: If the remaining (power only) cables still bother you after getting rid of the data cables and unnecessarily local equipment, buy some of these:

            http://cableorganizer.com/richco/kurly-lock-adhesive-base.htm

    and stick them to the bottom of your desk or wherever and put the cables through them.

    -- Terry

  24. You know why he's suggesting it, right? on Valve's Newell On Community-Funded Games · · Score: 1

    You know why he's suggesting it, right?

    It's not to fund Valve games, it's to fund boutique software houses getting into the business.

    His company wants to license their "The Source" game engine and their "SteamWorks" and "SteamPublishing" technologies. In order to do that, they need new boutique game developers that can't afford to develop their own versions of the technologies in question. And right now, the funding just isn't happening from the VCs for new, untested development teams, particularly when even theoretically "safe bet" companies are failing to deliver product and cutting staff.

    -- Terry

  25. BSD forks: events and timeline: on Why OpenBSD's Release Process Works · · Score: 1

    ...sorry to correct you, but...

    BSD forks: events and timeline:

    UCB CSRG didn't want to create a bootable distribution.

    FORK1: Jolitz went off and did 386BSD because he disagreed about the bootable distribution.

    (1990) Jolitz releases 386BSD 0.0 to a smal group.

    BSDI started.

    Many of the principals in BSDI were from UCB CSRG, so there was some financial conflict of interest vs. 386BSD there.

    (1991) Linux released Linux - there is no lawsuit incentive for him to have done a different code base at this point.

    (1991 - October) Jolitz released 386BSD 0.1

    BSDI used the trademark "UNIX" in their "1-800-ITS-UNIX" phone number and their advertising.

    USL sends cease and desist use of UNIX trademark to BSDI - the lawyers are now awake.

    Jolitz promises a 386BSD 0.1 "real soon now".

    Time drags out... I write a 386BSD unofficial FAQ with a patch in it for the VM system for sytems with an option-base-0 BIOS base memory size so it'l boot.

    People start sending me patches for the FAQ. Too many patches. I create the 386BSD "patchkit", with Jolitz's blessing, on the promise of a 386BSD 1.0 "real soon"

    USL, sensing competition in the UNIX marketplace, sues BSDI, initially nominally over the trademark.

    I convinced Jolitz to trademark "386BSD" to keep BSDI from claiming "BSD" was too similar to their trademark to avoid BSDI doing to 386BSD what USL was doing to BSDI.

    The patchkit serialized application of patches rather than going for a full SCCS mechanism. As a result, only one entity could patch at a time, to maintain dependency ordering.

    A group set up a bunch of patches at a really high ordinal value because they felt their patches were not being integrated quickly enough. These patches ignored the "one entity" conflict avoidance mechanism.

    FORK2: A fight ensued over control of the "patch sequence number" integer. The patches of the first group and the second group moved to SCCS. NetBSD was born.

    Jolitz had family issues and there was a flame war between Lynne and the patchkit people, who were still waiting for a 386BSD 1.0.

    FORK3: Permission to use the 386BSD trademark was revoked. The original patchkit work moved to SCCS rather than throw away work in progress. FreeBSD was born.

    BSDI hid from USL behind UCB.

    The other BSDs got "ceases and desist" notices from USL because of that (not before we mirrored archives to non-Berne signatory countries, though).

    UCB filed countersuit.

    MIT offered to back UCB vs USL with their full patent portfolio, which would have shut down USL cold.

    UCB declined MITs offer (no reason was given).

    UCB, BSDI, and USL "settled" permitting BSDI to continue binary-only distribution of their products until they rewrote a number of critical files.

    This appeared to be a "complexity" gambit, i.e. a way to freeze out the other BSDs by diking out code that USL expected could not be rewritten by "amateurs".

    The other BSDs were not extended the same distribution offer.

    A number of Novell employees, myself included, camped out in Mike DeFazio's office on the second floor of the building in Sandy, Utah, to get the same deal for the other BSDs (Novell owned USL at that point, and Mike Defazio was the VP in charge of the "UNIX Systems Division" of Novell). We got the deal extended.

    UCB CRSG released 4.4-Lite2 (the sources for 4.4., minus the critical files).

    The other BSDs rewrote the files that BSDI and USL thought couldn't be rewritten.

    Theo, then an obnoxious know-it-all kid who had yet to prove his stones, pointed out a security hole in NetBSD.

    NetBSD ignores them.

    Theo locks the NetBSD folks out of their project systems using an exploit based on the security hole he had previously pointed out.

    FORK4: Theo is booted out of NetBSD. OpenBSD is born.

    FORK5: I was around for the DragonFly fork from FreeBSD, as well, but it had a lot to do with design philosophy, and the practical unwo