Slashdot Mirror


User: phantomfive

phantomfive's activity in the archive.

Stories
0
Comments
31,362
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 31,362

  1. Re:That was pretty stupid. on Mainstream Scientists Cashing In On Climate Wagers (reuters.com) · · Score: 1

    How did you know which article to click on?

  2. Re:Team Reviews are far superior on Code Reviews vs. Pair Programming (mavenhive.in) · · Score: 1

    That's really great, how did you find out about this stuff?

  3. Seriously though, I'm not the one that said "security depends on not having security vulnerabilities in your software to begin with."

    Yeah, it's true. A fully patched Android system is still vulnerable. Any attacker who wants to put in the effort can find a vulnerability.

  4. True, the patching system can be improved.

  5. Re:EMACS Memory Footprint? on GNU Emacs Now Has Native Support For GTK Widgets (phoronix.com) · · Score: 2

    The binary is 10 MB on disk. Kind of smallish, actually.

  6. Android had more vulnerabilities in the last month than OpenBSD has had in the last decade. If you can't see a difference here, you need to have your brain adjusted. There is some sloppy programming going on in Android that doesn't need to be.

  7. Because carriers make their own, modified distribution of Android. Which of course, git is set up to handle, but sometimes the carriers make a mess of things.

    It's not entirely the carrier's fault, because sometimes Google makes some pretty big changes in the core OS. So, for example, imagine if the carrier had to change the screenshot utility to work with their hardware (surprisingly common). Then in a later version of Android, google changed the internal screenshot system. In order to update to the latest Android, the carrier would need to figure out how to get screenshots working again.

    That's just one example, there are similar small changes throughout the Android system. So to make sure everything works with an updated version can be a lot of work for a carrier.

  8. The Android security model is actually very good....but Google has committed to a monthly patch cycle for Nexus devices,

    If you have to release security patches every month, then your security model is definitely NOT good. You have serious problems with your code.

  9. Re:Larry Ellison on Google Paid $1 Billion To Keep Search On iPhone (bloomberg.com) · · Score: 1

    Wouldn't you, if you thought you could make more than a billion dollars off it? Really?

  10. This topic has been brought up before. DJB showed with qmail that a substantial program can be written with no serious vulnerabilities.
    OpenBSD shows we can do better on security by an order of magnitude (and if you listen to the techniques they use, it's not super-hard).

    There's no excuse for the garbage, vulnerable software we are subjected to.

  11. By the way, there's a huge difference between those who call themselves programmers today and those people I hired back from 1991 to 2005. (I needed no new programmers after 2005 but sold in 2007 and finalized the sale almost exactly eight years ago, today. I don't know what the difference is and I'm going to use a favorite quote of mine - it's nearly verbatim and might be verbatim. (Consider, I was paying 120k to start for qualified people, slightly less for training - I even sent some to school.)

    I've wondered about this too.....are students really coming out worse? Or is it just my imagination? I don't know, but it worries me.

    There have been times I've wanted to disagree with you 'cause you almost certainly reached the wrong conclusion BUT I'll be damned if I can find the flaw in your logic - and I was on the MIT debate team.

    Well if you disagree, you should say so anyway; you're a reasonable person so there must be a reason for you to disagree. Maybe we can come up with a reason together: two heads are better than one, etc. The argument doesn't have to be perfect for us to come to a more nuanced understanding of a topic.

  12. Re:Why the ignorant as shit term "internet of thin on MIT To Offer Internet of Things Training For Professionals (computerworld.com) · · Score: 1

    lol looks like I need to read more carefully

  13. Re:War was not invented 10k years ago on An Ancient, Brutal Massacre May Be the Earliest Evidence of War · · Score: 1

    Indeed, by 10,000 years ago, humans were probably already writing about their wars.

  14. You're right.

    I have to say we are in total agreement.

    Some people would say that security depends on being perfect.

    Whether perfection is possible or not: that is a philosophical question.
    More practically, we can easily do better in security than we are doing now by an order of magnitude.

  15. In case anyone cares, the bug was improper deallocation. Sloppy programming.

  16. Re:Ridiculous on Google Fixes Zero-Day Kernel Flaw, Says Effect on Android Not Really That Bad (csoonline.com) · · Score: 3, Insightful

    If there's a security fix for iOS, I can download and install it right away. .... Fix your damn security model!

    Some people would say that security doesn't depend on fast updates: security depends on not having security vulnerabilities in your software to begin with.

  17. Re:Why the ignorant as shit term "internet of thin on MIT To Offer Internet of Things Training For Professionals (computerworld.com) · · Score: 1

    Hopefully this course includes a section on security. Doesn't look like it will, as a professional course, it looks more aimed at business people.

    In fact,if they made the course entirely about security, the world would be better off.

  18. Re:No more DLL hell then on Docker Moves Beyond Containers With Unikernel Systems Purchase (thenewstack.io) · · Score: 1

    That's basically what Forth applications do......

  19. Re:Works good against average people on California Bill Would Require Phone Crypto Backdoors · · Score: 1

    Is Joe the Plumber the threat here? because that's about all this regulation will stop.

    Yes, actually, the police want to be able to decrypt phones from 'average' dumb criminals. They also want terrorist phones, but that is not the only issue.

  20. Re:Only needs to be *sold* without encryption on California Bill Would Require Phone Crypto Backdoors · · Score: 2

    Even if they close that loophole (which it looks like the current proposals do) an even simpler way is to just not carry them in stores in those states.

    That's not going to happen. I admit it would be effective, though.

  21. The causes of war are three on An Ancient, Brutal Massacre May Be the Earliest Evidence of War · · Score: 1

    "This shows that two of the conditions associated with warfare among settled societies—control of territory and resources"

    Certainly plenty of wars have been fought over that, but wars have been fought over religion, or ideology, too. Wars have been fought over slavery.

    The Greek historian Thucydides pointed out that the causes of war are three: greed, fear, and ideology.

  22. The headline is a little misleading......they didn't drop their "community elected members," they dropped the associate elected members, which were those that paid $99 to be a member of the foundation. There don't seem to be many of those.

  23. Re:Watching someone code drives me insane on Code Reviews vs. Pair Programming (mavenhive.in) · · Score: 1

    There's no way in hell I could function in that close proximity to ANYBODY for 9 years.

    Somehow, based on your post history, I believe that lol

  24. Re:Huh? on Linux Foundation Quietly Drops Community Representation (dreamwidth.org) · · Score: 4, Informative

    Wait, so the Linux foundation is now entirely corporate dominated? How the hell is that even possible?

    It always was. The Linux Foundation used to be called OSDL. They give Linus a paycheck. You can see the member list here.

    By design they don't make any decisions about the Linux kernel: they just got together to fund it.

  25. Re:Linus on Linux Foundation Quietly Drops Community Representation (dreamwidth.org) · · Score: 4, Informative

    The Linux Foundation is the group that pays Linus' paycheck (used to be called OSDL). It's funded by IBM, Samsung, Intel, Oracle, Qualcomm, and others. They support other kernel related projects (like Xen Hypervisor and LSB).

    Karen Sandler is best known around here for leading Gnome when Gnome started their women/underrepresented outreach program. She is now at the Software Freedom Conservancy (which supports Inkscape, Wine, BusyBox, Samba and others), and she brought her outreach program with her (it's now a part of the SFC).

    It is unclear whether the move by the Linux Foundation has anything to do with Karen. The article doesn't clarify, and since there were only six affiliate members who lost representation, hardly anyone is affected by this change.