The few Finns I've talked to seem rattled by Russia's annexation of Ukraine. Like Crimea, Finland was once a territory of Russia. So I expected that Finns would not be happy about having a US president that doesn't support NATO and has almost forgiven Russia for their acts in the Ukraine. Finland has been moving to join NATO for over 10 years.
Surely the FBI is trying to find out the identity of the criminal who created this botnet. Why would Krebs go public with it, instead of going to the authorities? At the bottom of the article, it says "The FBI officials could not be immediately reached for comment." What does that mean? "could not be immediately reached?" Why was he doing this investigation alone? And why did the author of the botnet release the source code?
Yes, Snowden did release documents on non-domestic surveillance. That was not appropriate and he should not be pardoned for that. He could be pardoned for charges related to the domestic surveillance documents he released. But I don't agree that Snowden released "a bunch of random documents" like Manning did. Manning literally grabbed every document he/she had access to, without filtering them at all, and gave them to a foreign organization. Snowden was deliberate in taking things that he thought were necessary to expose the domestic surveillance problem. Then he released them to an agency that he thought could filter them.
Manning released a bunch of random documents, with no real political benefit to America. Snowden released targeted documents, which caused changes to the Patriot Act renewal, changes to public perception about the NSA, and changed the way the FISA courts operated. Snowden was a whistle blower, because what he did caused political and social change. Manning released private communications between ambassadors, which did nothing but embarass multiple nations. What good came from Manning's leaks?
Have charges even been filed yet against Snowden? I don't think the president can pardon him if they haven't been filed.d
Snowden is a far better candidate for pardon than Manning. Manning randomly released everything he/she could access, just for lolz. Snowden had a purpose, and laws and court cases were actually impacted by what he released. Public opinion changed. That's what makes someone a whistle blower.
There is a misunderstanding here. They aren't talking about antibiotics used to treat animals for infection. Your knowledge is out-of-date here. Let me explain:
Commercial farms buy feed with antibiotics *in the feed itself*. They aren't doing it to treat disease, they are doing it because the antibiotics make the animals grow fatter, faster. I don't think it is entirely understood why. These people aren't "farmers" in the way that you describe farmers. These are heavily mechanised factories.
There's tons of articles on this topic. Try Scientific American for a start, since they cover the whole history of it. Searches for "antibiotics chicken feed" should yield some good results.
If you load the machine down in any significant way- be it causing the GPU to kick in, or all the CPU cores to fire up- battery life drops to a measly 4-5 hours, sometimes as low as 3.
This is not a valid objection because, under full load like that, 3 hours is better than most laptops on the market right now. Most laptops with a GPU like the one on these machines, firing all cores, get an 1hr of battery life under that scenario. You just don't play games on the battery.
That's fine, so consider this: ATT & Verizon have bandwidth caps. If some sites are not subject to the cap, but others are subject to the cap, aren't they changing how traffic is treated/shaped? Once I hit my cap, the ISP is blocking some traffic, but not blocking other traffic. If there was no bandwidth cap, then there would be no need for zero-rating.
So even if this sounds like I'm splitting a hair, in practice, it has the same effect as traffic shaping. Maybe I can't stream Netflix over my 4G connection because I would hit my cap in a day or two. But if I could stream Amazon prime, then that would make me subscribe to Amazon instead of Netflix. That's exactly the kind of thing we are trying to prevent: the ISP deciding to shift the market by changing what people access.
What was the source of the data that were these workers filtering? Hotmail emails? Office 365 files? Azure storage blobs? I am more interested in this story from the surveillance angle.
The best way to reward users is to give them an award that is publicly visible, to encourage others to do the same.
Anecdote: I worked at an organization that, like many others, had a public "share drive." Sometimes I would browse the folders with pictures of coworkers at after-hours events. One time, I decided to see what was on the drive, and I found an Excel spreadsheet with a list of names, last 4 digits of social security numbers, and credit cards. Excel keeps the author's name in the file, so I contacted the author. They replied with "Oh, that file is a temporary file and it gets deleted every 30 days, so don't worry about it." I forwarded the email to the company's head of security, expecting no reply. A month later I was invited to a conference room for something random, and much too my surprise, I was presented with an award in front of 20 or so people in my department. My boss told me it was handed down to him by the head of corporate security, along with an explanation of what I had done. I was in genuinely proud. Because of that event, I was more engaged with the company, and I have taken that security mindset with me. I can only hope that other employees took it to heart as well.
I know the summary is about users reporting internal security concerns. However on a broader note, we need an industry standard fo reporting security issues. Every other day there's some story about an organization that ignored a report, or sued the researcher, or something. We need a standards body to: 1. Create a standard form for submitting vulnerabilities (especially to 3rd-parties.) 2. A standard way to deliver that form. 3. A standard amount of time to wait for a response before disclosing it. 4. A standard form to disclose it publicly, and a list of appropriate organizations to receive it. 5. An industry-accepted expectation that, if you follow these industry standard steps, then you should be safe from lawsuits.
Slashdot's front page has: 1. Lawyer Rewrites Instagram's Privacy Policy So Kids and Parents Can Have a Meaningful Talk About Privacy 2. IMDb Ignores New Law Banning It From Publishing Actors' Ages Online, Cites Free Speech Violations
So it is legal for to sell a child's personal information, but not okay for IMDB to publish the ages of grown adults. Does anyone else see this as crazy?
It is modded-up because it is both correct, and insightful.
...so C++ is technically written in C...
No, it is not "technically written in C." At best you could say "in the past it was written in C." But that statement applies to almost everything, and misses the key point. The key point is that compiler writers have moved from C to C++, even for writing C compilers. That is an important indicator of C's popularity and future.
I have a Windows 10 box. Every couple of days it displays an advertisement claiming Edge is some percentage faster or more secure than Firefox. I wonder what other programs it does this too? If I run OpenOffice will it display an ad for Microsoft Office? If I run bash will it advertise powershell?
Many die-hard fans watch the originals wearing rose-colored glasses because they saw it growing up as a kid on VHS tape. IF you take the original, move it straight to DVD, and give it to a modern audience, some parts look pretty bad. The rancor has a black border around it in some scenes. Some of the backgrounds look like they are filming a set on a ping-pong table, well, because they were. Some fans nit-pick every little inconsistency, but ignore inconsistencies that Lucas fixed, like the hologram you mention.
George Lucas simply went too far. Trek fans are just as nitpicky, but they didn't complain about the changes made to the DVD releases because they simply fixed stuff. It's not like they gave Picard a toupee or something. But Lucas went too far and pissed-off his fans.
What's instagram? Is that another photo-sharing site that lets you tag and comment, like tumblr, myspace, pinterest, facebook, flickr, deviantart, shutterfly, smugmug, snapchat, twitter, wordpress, snapfish, and blogger? Well, I am sure it is unique and valuable.
My theory is that soldner was buggy, had bad gameplay, had no single-player mode, had disappointing graphics, and server problems.
While you point out that soldner was innovative, you don't refute any of the criticisms made of the game. So it seems like you already know the answer. Perhaps, to you, those things could be overlooked because it was so innovative. That might work for geeks and indie fans, but the general public needs things to work the first time. The game is a decade old. Even if the bugs are fixed now, it is too late to change history.
One problem with smart quotes is that you can't enter source code, or anything machine-readable, into an editor that uses smart quotes. I am sure many of us here have pasted something from documentation into XML or source-code, only to have it fail because the compiler doesn't want them.
Maybe they discharge at 30%, but they charge to 130%! With some recent battery innovations, they may be able to reach 150% of charge and shut down at 50%!!!!
Every change and fix is avoided until it becomes a life/death problem, or worse, until someone dies.
Agreed, that does happen sometimes. But it usually isn't the regulatory process that keeps such fixes out, it is the companies themselves. Take a simple example: OS security patches. There seem to be a few basic arguments to not deploying them: One is that there is no funding to test the fixes. Two is that it is the customer's responsibility to secure it, or that the device shouldn't be networked at all. But the worst reason is that the companies might do the math and decide that it isn't worth the cost. They conclude that they are better off to accept the additional risk than to invest in testing the fixes. But whatever reason they choose, the regulatory paperwork for those kinds of changes is minimal by comparison to the 510k and PMA processes that are required to release the device initially. You don't have to rerun trials. But if your budget for sustaining efforts is zero, then any time spent is unacceptable. The mentality has to change from "get it out the door so I can make money" to "this is a living breathing project that will continue to require maintenance for the next 20 years."
Ooh, another reason is that some labs decide that they need to re-test the devices after each patch. That's up to the labs, but it seems like they are adding quite a bit of onerous effort just because libasound.so was updated to fix a memory corruption when playing MP3 files.
The whole regulatory charade makes businesses invest in being compliant. NOT in being secure or good or whatever.
True. The trouble is that in the absence of regulations, they didn't invest in being secure or good or whatever. This is why industries need to be proactive about such things, lest the hand of government come down upon them.
While I too lament that I can't just type a DOS command and feel like a geek god any more, it is balanced by the fact that I can build a frieking robot with a vision system out of $100 of parts I can order online, and have in my house in a few days. The challenges have moved on, and if you don't move on with it, you will feel left out.
Following FDA guidelines does not shield you from negligence or errors in the design of a medical device.
While it is not a perfect shield, following those guidelines is a pretty darned good one. This applies to many industries. Suppose a commercial boat sank and killed people. The first thing that will come-up in court is coast-guard regulation. Did the captain have a captains license? Was the boat recently coast-guard inspected? Did they have the proper number of passengers and coast-guard approved life jackets? If so, they the operator of the boat is probably not liable. Seriously: If they followed all the rules, then it *probably* wasn't their fault. But there is always room for judgement.
All of these are fairly obvious. For those of developing the firmware there are no useful guidelines. There is nothing ground breaking or even useful here.
In my first example, having the coast-guard make specific regulations made the question easier to answer. With industries that are more self-regulated, a judge would have to decide what specific guidelines apply. Suppose your medical device had a web interface with a security flaw that exposed patient data. The judge might ask: Did the device follow OWASP guidelines? While the regulations don't specifically call for OWASP by name, the judge might see that this is what the industry has accepted the regulations to mean. In 10 years, maybe OWASP will be gone and some other organization's standards might apply. But compliance to those would be a very good shield at minimizing liability.
Slashdot Mirror
The few Finns I've talked to seem rattled by Russia's annexation of Ukraine. Like Crimea, Finland was once a territory of Russia. So I expected that Finns would not be happy about having a US president that doesn't support NATO and has almost forgiven Russia for their acts in the Ukraine. Finland has been moving to join NATO for over 10 years.
Surely the FBI is trying to find out the identity of the criminal who created this botnet. Why would Krebs go public with it, instead of going to the authorities? At the bottom of the article, it says "The FBI officials could not be immediately reached for comment." What does that mean? "could not be immediately reached?" Why was he doing this investigation alone? And why did the author of the botnet release the source code?
Yes, Snowden did release documents on non-domestic surveillance. That was not appropriate and he should not be pardoned for that. He could be pardoned for charges related to the domestic surveillance documents he released. But I don't agree that Snowden released "a bunch of random documents" like Manning did. Manning literally grabbed every document he/she had access to, without filtering them at all, and gave them to a foreign organization. Snowden was deliberate in taking things that he thought were necessary to expose the domestic surveillance problem. Then he released them to an agency that he thought could filter them.
I think Obama has it wrong.
Manning released a bunch of random documents, with no real political benefit to America. Snowden released targeted documents, which caused changes to the Patriot Act renewal, changes to public perception about the NSA, and changed the way the FISA courts operated. Snowden was a whistle blower, because what he did caused political and social change. Manning released private communications between ambassadors, which did nothing but embarass multiple nations. What good came from Manning's leaks?
Have charges even been filed yet against Snowden? I don't think the president can pardon him if they haven't been filed.d
Snowden is a far better candidate for pardon than Manning. Manning randomly released everything he/she could access, just for lolz. Snowden had a purpose, and laws and court cases were actually impacted by what he released. Public opinion changed. That's what makes someone a whistle blower.
Prove it.
There is a misunderstanding here. They aren't talking about antibiotics used to treat animals for infection. Your knowledge is out-of-date here. Let me explain:
Commercial farms buy feed with antibiotics *in the feed itself*. They aren't doing it to treat disease, they are doing it because the antibiotics make the animals grow fatter, faster. I don't think it is entirely understood why. These people aren't "farmers" in the way that you describe farmers. These are heavily mechanised factories.
There's tons of articles on this topic. Try Scientific American for a start, since they cover the whole history of it. Searches for "antibiotics chicken feed" should yield some good results.
Now add in 90 minutes at the airport before and after which don't exist on trains
Don't worry: the TSA has plans to slow down rail travel too.
If you load the machine down in any significant way- be it causing the GPU to kick in, or all the CPU cores to fire up- battery life drops to a measly 4-5 hours, sometimes as low as 3.
This is not a valid objection because, under full load like that, 3 hours is better than most laptops on the market right now. Most laptops with a GPU like the one on these machines, firing all cores, get an 1hr of battery life under that scenario. You just don't play games on the battery.
That's fine, so consider this: ATT & Verizon have bandwidth caps. If some sites are not subject to the cap, but others are subject to the cap, aren't they changing how traffic is treated/shaped? Once I hit my cap, the ISP is blocking some traffic, but not blocking other traffic. If there was no bandwidth cap, then there would be no need for zero-rating.
So even if this sounds like I'm splitting a hair, in practice, it has the same effect as traffic shaping. Maybe I can't stream Netflix over my 4G connection because I would hit my cap in a day or two. But if I could stream Amazon prime, then that would make me subscribe to Amazon instead of Netflix. That's exactly the kind of thing we are trying to prevent: the ISP deciding to shift the market by changing what people access.
What was the source of the data that were these workers filtering? Hotmail emails? Office 365 files? Azure storage blobs? I am more interested in this story from the surveillance angle.
The best way to reward users is to give them an award that is publicly visible, to encourage others to do the same.
Anecdote: I worked at an organization that, like many others, had a public "share drive." Sometimes I would browse the folders with pictures of coworkers at after-hours events. One time, I decided to see what was on the drive, and I found an Excel spreadsheet with a list of names, last 4 digits of social security numbers, and credit cards. Excel keeps the author's name in the file, so I contacted the author. They replied with "Oh, that file is a temporary file and it gets deleted every 30 days, so don't worry about it." I forwarded the email to the company's head of security, expecting no reply. A month later I was invited to a conference room for something random, and much too my surprise, I was presented with an award in front of 20 or so people in my department. My boss told me it was handed down to him by the head of corporate security, along with an explanation of what I had done. I was in genuinely proud. Because of that event, I was more engaged with the company, and I have taken that security mindset with me. I can only hope that other employees took it to heart as well.
I know the summary is about users reporting internal security concerns. However on a broader note, we need an industry standard fo reporting security issues. Every other day there's some story about an organization that ignored a report, or sued the researcher, or something. We need a standards body to:
1. Create a standard form for submitting vulnerabilities (especially to 3rd-parties.)
2. A standard way to deliver that form.
3. A standard amount of time to wait for a response before disclosing it.
4. A standard form to disclose it publicly, and a list of appropriate organizations to receive it.
5. An industry-accepted expectation that, if you follow these industry standard steps, then you should be safe from lawsuits.
fair enough
good point
Slashdot's front page has:
1. Lawyer Rewrites Instagram's Privacy Policy So Kids and Parents Can Have a Meaningful Talk About Privacy
2. IMDb Ignores New Law Banning It From Publishing Actors' Ages Online, Cites Free Speech Violations
So it is legal for to sell a child's personal information, but not okay for IMDB to publish the ages of grown adults. Does anyone else see this as crazy?
It is modded-up because it is both correct, and insightful.
...so C++ is technically written in C...
No, it is not "technically written in C." At best you could say "in the past it was written in C." But that statement applies to almost everything, and misses the key point. The key point is that compiler writers have moved from C to C++, even for writing C compilers. That is an important indicator of C's popularity and future.
A document viewer had as many vulnerabilities as AN ENTIRE OPERATING SYSTEM.
I have a Windows 10 box. Every couple of days it displays an advertisement claiming Edge is some percentage faster or more secure than Firefox. I wonder what other programs it does this too? If I run OpenOffice will it display an ad for Microsoft Office? If I run bash will it advertise powershell?
Many die-hard fans watch the originals wearing rose-colored glasses because they saw it growing up as a kid on VHS tape. IF you take the original, move it straight to DVD, and give it to a modern audience, some parts look pretty bad. The rancor has a black border around it in some scenes. Some of the backgrounds look like they are filming a set on a ping-pong table, well, because they were. Some fans nit-pick every little inconsistency, but ignore inconsistencies that Lucas fixed, like the hologram you mention.
George Lucas simply went too far. Trek fans are just as nitpicky, but they didn't complain about the changes made to the DVD releases because they simply fixed stuff. It's not like they gave Picard a toupee or something. But Lucas went too far and pissed-off his fans.
What's instagram? Is that another photo-sharing site that lets you tag and comment, like tumblr, myspace, pinterest, facebook, flickr, deviantart, shutterfly, smugmug, snapchat, twitter, wordpress, snapfish, and blogger? Well, I am sure it is unique and valuable.
My theory is that soldner was buggy, had bad gameplay, had no single-player mode, had disappointing graphics, and server problems.
While you point out that soldner was innovative, you don't refute any of the criticisms made of the game. So it seems like you already know the answer. Perhaps, to you, those things could be overlooked because it was so innovative. That might work for geeks and indie fans, but the general public needs things to work the first time. The game is a decade old. Even if the bugs are fixed now, it is too late to change history.
The metacritic reviews for soldner seem to confirm the criticisms. Even the positive reviews complain it is buggy.
Here's the top user reviews:
...if people will try using the online patches then they will think "hey look Söldner isn't buggy", instead of thinking "buggy piece of s**
It's a shame there's so many negative reviews, but what you have to realize is these reviews were written over ten years ago, the game is still going
One problem with smart quotes is that you can't enter source code, or anything machine-readable, into an editor that uses smart quotes. I am sure many of us here have pasted something from documentation into XML or source-code, only to have it fail because the compiler doesn't want them.
Maybe they discharge at 30%, but they charge to 130%! With some recent battery innovations, they may be able to reach 150% of charge and shut down at 50%!!!!
Every change and fix is avoided until it becomes a life/death problem, or worse, until someone dies.
Agreed, that does happen sometimes. But it usually isn't the regulatory process that keeps such fixes out, it is the companies themselves. Take a simple example: OS security patches. There seem to be a few basic arguments to not deploying them: One is that there is no funding to test the fixes. Two is that it is the customer's responsibility to secure it, or that the device shouldn't be networked at all. But the worst reason is that the companies might do the math and decide that it isn't worth the cost. They conclude that they are better off to accept the additional risk than to invest in testing the fixes. But whatever reason they choose, the regulatory paperwork for those kinds of changes is minimal by comparison to the 510k and PMA processes that are required to release the device initially. You don't have to rerun trials. But if your budget for sustaining efforts is zero, then any time spent is unacceptable. The mentality has to change from "get it out the door so I can make money" to "this is a living breathing project that will continue to require maintenance for the next 20 years."
Ooh, another reason is that some labs decide that they need to re-test the devices after each patch. That's up to the labs, but it seems like they are adding quite a bit of onerous effort just because libasound.so was updated to fix a memory corruption when playing MP3 files.
The whole regulatory charade makes businesses invest in being compliant. NOT in being secure or good or whatever.
True. The trouble is that in the absence of regulations, they didn't invest in being secure or good or whatever. This is why industries need to be proactive about such things, lest the hand of government come down upon them.
Non-AC disclaimer: I work for the industry.
In other news, old people are old.
While I too lament that I can't just type a DOS command and feel like a geek god any more, it is balanced by the fact that I can build a frieking robot with a vision system out of $100 of parts I can order online, and have in my house in a few days. The challenges have moved on, and if you don't move on with it, you will feel left out.
Following FDA guidelines does not shield you from negligence or errors in the design of a medical device.
While it is not a perfect shield, following those guidelines is a pretty darned good one. This applies to many industries. Suppose a commercial boat sank and killed people. The first thing that will come-up in court is coast-guard regulation. Did the captain have a captains license? Was the boat recently coast-guard inspected? Did they have the proper number of passengers and coast-guard approved life jackets? If so, they the operator of the boat is probably not liable. Seriously: If they followed all the rules, then it *probably* wasn't their fault. But there is always room for judgement.
All of these are fairly obvious. For those of developing the firmware there are no useful guidelines. There is nothing ground breaking or even
useful here.
In my first example, having the coast-guard make specific regulations made the question easier to answer. With industries that are more self-regulated, a judge would have to decide what specific guidelines apply. Suppose your medical device had a web interface with a security flaw that exposed patient data. The judge might ask: Did the device follow OWASP guidelines? While the regulations don't specifically call for OWASP by name, the judge might see that this is what the industry has accepted the regulations to mean. In 10 years, maybe OWASP will be gone and some other organization's standards might apply. But compliance to those would be a very good shield at minimizing liability.