How do we know that the software running on that hardware is the exact same software as that which has been audited by experts?
Answer: you don't. (I know you were being rhetorical, and that was the answer you had in mind, too . . . but it seems you gotta say that on/. these days.)
Example. Voting machine company needs to have its code audited to comply with election standards. Company software guys realize that current code isn't auditible since it doesn't meet auditor's coding standards. (Meaningful names, no procedure side-effects, standardized procedure header comments, and other general code-readability stuff.) Company has software contractor "clean up" the code. Contractor lacks manpower and gets software temps to help, too.
This is all done on a pretty tight schedule. Audit has a deadline, and it's coming up soon. So the code was considered audit-ready when met the standards (in the opinions of the various programmers and engineers working on the units they were assigned) and it compiled with no errors. Company submits this code for audit.
So was this code the same as ran on the machines? Well, considering that the documenting/refactoring/cleaning process only just got done in time for the audit and no one had time to test that it even ran, let alone ran correctly, the answer is obvious. "No."
Could this cleaned-up code have eventually gotten back upstream, regression tested and merged with the changes the company programmers were making to the original branch while the cleanup was going on? And could this code have eventually gotten re-audited and put into production, finally actually complying with the requirements later? Maybe. Not in this temp's tenure, it wasn't. And considering that the company had a "home-grown" software version control system, not too likely for a long, long time.
I feel sorry if you live in a "civilisation" that doesn't have legal basics like this already covered.
12 years ago, I'd have probably smugly made a similar statement as yours to someone else. I'd have been secure in my knowledge that we've got a system based in law, even enshrined in our founding document. I can't quite say that anymore. Now we've just got a "goddamned piece of paper".
I'd advise keeping a close eye on what protects the legal basics in your home, too. Be particularly observant of emergency measures taken in the wake of shocking events, and don't take it all for granted.
Real mechanical pencils should only come in sizes 0.5mm, 0.35mm, 0.25mm, 0.18mm and 0.13mm...
Maybe I'm a gorilla or something, but I can't write more than a word at a time with a 0.3mm pencil without breaking the lead. I can't imagine how delicate I'd need to be to operate a 0.13mm. Where the hell do you even find such an instrument, I ask out of curiosity?
Yes, this is a good point. Should jurors be paid at minimum wage? At average per capita? At their current rate? What about child care? What about job guarantees so you don't get fired while you're on jury duty?
"government...they" - you probably meant "government....we"
Not getting fired is covered. Here's the relevant text from the Kansas courts: "(c) State law should prohibit employers from discharging, laying off, denying advancement opportunities to, or otherwise penalizing employees who miss work because of jury service." Looks like other states have similar policies.
The self-employed are kind of screwed, too, in addition to the people you mentioned, since the law wouldn't protect them from losing business because they had to close up shop.
Hardship isn't considered a reason to be excused form jury duty, but being affected by the hardship can be if the worry you're experiencing would make you unable to fulfill your duty to pay attention and be "fair and impartial".
Actual example from my one day of jury duty:
Brain surgeon asks to be excused. He has patients to operate on.
Judge: Having something else to do is not a reason to be excused.
Doc (in standard-issue neurosurgeon bow tie): I have patients scheduled tomorrow!
Judge: No, that's not a reason to be excused, as long as you can be fair and impartial. Your patients' welfare is not the question here. Can you be fair and impartial?
Doc: I would try my best to be. But my patients are scheduled for surgery.
Judge: Could your worry about your patients impair your ability to be a fair and impartial juror?
Doc: I'd try my best.
Judge: But would the anxiety from being in court and not caring for your patients impair your judgement as a juror?
Doc (finally catching on): Yes . . . I would be worried about my patients the entire time, and it could affect my ability to devote myself to jury duty.
So it doesn't take a brain surgeon to get out of serving, but the judge might need to help a little.
- Juror suspected of perjury.
- Court issues order to place that published posts which have a reasonable chance of providing evidence of said perjury, to provide the bare minimum of information to identify the poster.
- If it's not him, end of case.
- If it is him, file for mistrial, pursue conviction against him.
Why is this news?
I think it's news because it might not be him. If so, they still got the ID of someone who made an anonymous comment. Couldn't you often find something like "he could have been a juror" or similar to unmask anonymous commenters whose actions wouldn't have otherwise been illegal, just inconvenient to the authorities, for example?
On a different note, I can't help but wonder if Lucas is in poor health. He always hated Hollywood, and despised studios having any control over his creative process. So for him to sell his own film company, which he built from scratch, to a major studio goes against everything he's said and done for decades.
Let's hope that's it, and he's not just acquiring a bunch of money and free time to go retroactively ruin THX1138 and American Graffiti.
You just don't get it do you? It's exactly that all that bullcrap, favoring those who play Wikipedia The Role Playing Game over those who want to do the work, that has driven the latter away. The lunatics are now running the asylum.
Back in my younger days, I had a game called Star Fleet Battles. I had the game set, the expansion set, the Captain's Rule Book. All the add-on sets and rules addenda volumes ("this page replaces p. N of book X") plus the special issues of gaming magazines with extra ships, scenarios and what-not. I'd always want my friends to come and play out epic space battles. They did play a few times, but almost always I'd beat them by finding a special rule to defeat what they'd thought were their most brilliant moves ("All your drones hit my wild weasel - it's considered active for the entire turn now, even if it was technically destroyed already.").
The game's been on the shelf for a long time now. All my friends had other things to do when I wanted to play SFB.
I realized my "error" all these years later as tried and gave up on adding to collaborative online knowledge bases. Someone always knows the "rules" better than me, and the learning process is sufficiently irritating I'd rather not bother. ("For this album type, the composer is considered the artist, not the performer, unless the lyricist also wrote part of the tune, in which case the artist is the composer and lyricist.") I can think of plenty of other, more rewarding pursuits.
"Disorderly conduct" is what we call it when you haven't committed a crime but we want to punish you anyway because we don't like you. It's basically a bullshit charge for when nothing else sticks.
Ditto, what possible reason is there to visit the US anymore?
Anymore? The same as there always has been. How does going through a security checkpoint to get on a plane have anything to do with our tourist attractions?
Here's a car analogy: Have you ever wanted to buy, say, a bottle of milk? The nearest store is still far enough away that you have to drive. There are also stores farther away that also sell milk. Maybe those farther-away stores even sell chocolate milk, and that would be nice. But they're farther away and traffic is bad, so you decide to drive to the closest store because it's less trouble.
I was under the impression that the 100 foot radius (in California--Ianal) was created to prevent campaigners from trying to sway voters to their side and prevent the ensuing emotional chaos created from interfering with the voting process when the voters were making a decision at the polling booth. Witnesses, OTOH, can be anyone, for whatever purpose, watching and learning about the voting process in the voting area as long as it's peaceable and reasonably practical. (An example: students not of voting age.)
Same situation here: poll watchers are allowed in Kansas. Sometimes one or both parties have a poll watcher at the voting places. Usually they just count the voters coming in. Sometimes they have a checklist to look for voters they know are solid supporters to make sure they've voted (much rarer these days with advance voting and mail-in ballots). It's not considered electioneering, since they're not talking or wearing buttons or shirts or handing out pamphlets, just sitting there silently. If, on the other hand, they were "electioneering", the election judges would make sure they stayed behind the "no electioneering" signs. I assume (with no proof) that Texas also has a definition of "electioneering" on the books, and I speculate that the AG is just grandstanding a little.
Why are they storing CCs plain text on the terminals. Do they really need anything other than the last four digits...or can they store them encrypted locally or even better on a server.
The question is did they realize this threat and ignore it? Could they have forced their software vendor to fix it? Did they just not want to spend the money? If they didn't see the risk why?
CC numbers are stored in plain text on the magstripe. So the terminal has to deal with that info in unencrypted format at at least one point. And if you've compromised the card reader somehow -- the article doesn't say how -- then you can see, save or transmit that data.
And TFA doesn't say they ignored it. It says they contacted the FBI. I assume from the statement: "The company discovered the breach on September 14 but kept it quiet while the FBI attempted to track the hackers." that it was the FBI who asked BN to sit on it. And who knows, perhaps the vendor was notified in the meantime, that part isn't mentioned either way in TFA.
If they know what CVS is, and they do use it... You know you're in trouble.
I know, I've been stuck using CVS, but I think the OP meant "some kind of source control" versus "none at all" -- not "CVS" in particular. He did state "any kind of" - but as always, I could be wrong.
There is a still worse answer: "we use our own system". Unless their business is writing version control systems, they've picked a bad one.
This is probably unimportant. People just tend to leave after a period of time, no one stick around in one place as a career anymore.
Maybe not, but for a slightly different reason. The question was to identify code quality as a means to improve the chances for job satisfaction. So having the developers of the original undocumented/tedious/nightmarish mess still around means you can go and ask them what (the hell) they were thinking. It may not make the code any better, but it can mitigate the pain of figuring it out.
Depends on what would make a job more "satisfying" to the potential employee, of course. And any suggestion we come up with short of the problematic "work with the code for a while" is just an informed crap-shoot anyway.
And if 50% of companies are still running XP, Microsoft will be forced to keep updating it.
Microsoft's update to XP is Vista. What magical force do you think exists that can get MS to patch XP one more time?
Money might work, if enough customers were willing to pay to keep updates coming to avoid obsoleting old hardware and/or software that only works with XP.
Slashdot Mirror
Oh, and there is that all important question of how they hold up in a hurricane. Fisker's Karmas seem to have issues with getting wet.
Like I mentioned in the Karma-fire discussion, you need this car to meet that requirement.
In the MIdwest, I'm more interested in how well they'd survive being thrown into a tree by a tornado.
Looks like a red flower, maybe a poppy. Is it some local or national thing? Can any slashdotter not working on decoding enlighten, please?
which in turn are notionally backed by gold deposits stored in some other location that my bank doesn't know about
We abandoned the gold standard years ago, old man. No currency on Earth is backed by gold right now.
Interestingly, that makes his fundamental argument/question about "cloud money" even better, since money is really data now.
Nice move government you just destroyed pretty much all of the cloud computing industry.
Huzzah.
Yeah. Say you're a business relying on cloud storage/computing:
1. Use cloud services
2. Someone else also using cloud service suspected of doing something illegal.
3. Service provider shut down/seized by feds.
4. No profit.
There's not even room for the ambiguity of a "???" in that sequence.
How do we know that the software running on that hardware is the exact same software as that which has been audited by experts?
Answer: you don't. (I know you were being rhetorical, and that was the answer you had in mind, too . . . but it seems you gotta say that on /. these days.)
Example. Voting machine company needs to have its code audited to comply with election standards. Company software guys realize that current code isn't auditible since it doesn't meet auditor's coding standards. (Meaningful names, no procedure side-effects, standardized procedure header comments, and other general code-readability stuff.) Company has software contractor "clean up" the code. Contractor lacks manpower and gets software temps to help, too.
This is all done on a pretty tight schedule. Audit has a deadline, and it's coming up soon. So the code was considered audit-ready when met the standards (in the opinions of the various programmers and engineers working on the units they were assigned) and it compiled with no errors. Company submits this code for audit.
So was this code the same as ran on the machines? Well, considering that the documenting/refactoring/cleaning process only just got done in time for the audit and no one had time to test that it even ran, let alone ran correctly, the answer is obvious. "No."
Could this cleaned-up code have eventually gotten back upstream, regression tested and merged with the changes the company programmers were making to the original branch while the cleanup was going on? And could this code have eventually gotten re-audited and put into production, finally actually complying with the requirements later? Maybe. Not in this temp's tenure, it wasn't. And considering that the company had a "home-grown" software version control system, not too likely for a long, long time.
Electric, gas or hybrid, any car fully submerged in salt water is heading to the scrap yard.
Unless movies have lied to me, not the Lotus Turbo Esprit!
>
I feel sorry if you live in a "civilisation" that doesn't have legal basics like this already covered.
12 years ago, I'd have probably smugly made a similar statement as yours to someone else. I'd have been secure in my knowledge that we've got a system based in law, even enshrined in our founding document. I can't quite say that anymore. Now we've just got a "goddamned piece of paper".
I'd advise keeping a close eye on what protects the legal basics in your home, too. Be particularly observant of emergency measures taken in the wake of shocking events, and don't take it all for granted.
The black list can grow pretty large. Why not make a white list of people who can get through instead and just log the rest?
...
( X) Whitelists suck
...
I just quoted the KS supreme court's opinion on the matter. The actual law as written by the legislature is KSA 43-173.
Real mechanical pencils should only come in sizes 0.5mm, 0.35mm, 0.25mm, 0.18mm and 0.13mm...
Maybe I'm a gorilla or something, but I can't write more than a word at a time with a 0.3mm pencil without breaking the lead. I can't imagine how delicate I'd need to be to operate a 0.13mm. Where the hell do you even find such an instrument, I ask out of curiosity?
Yes, this is a good point. Should jurors be paid at minimum wage? At average per capita? At their current rate? What about child care? What about job guarantees so you don't get fired while you're on jury duty?
"government...they" - you probably meant "government....we"
Not getting fired is covered. Here's the relevant text from the Kansas courts: "(c) State law should prohibit employers from discharging, laying off, denying advancement opportunities to, or otherwise penalizing employees who miss work because of jury service." Looks like other states have similar policies.
The self-employed are kind of screwed, too, in addition to the people you mentioned, since the law wouldn't protect them from losing business because they had to close up shop.
Hardship isn't considered a reason to be excused form jury duty, but being affected by the hardship can be if the worry you're experiencing would make you unable to fulfill your duty to pay attention and be "fair and impartial".
Actual example from my one day of jury duty:
Brain surgeon asks to be excused. He has patients to operate on.
Judge: Having something else to do is not a reason to be excused.
Doc (in standard-issue neurosurgeon bow tie): I have patients scheduled tomorrow!
Judge: No, that's not a reason to be excused, as long as you can be fair and impartial. Your patients' welfare is not the question here. Can you be fair and impartial?
Doc: I would try my best to be. But my patients are scheduled for surgery.
Judge: Could your worry about your patients impair your ability to be a fair and impartial juror?
Doc: I'd try my best.
Judge: But would the anxiety from being in court and not caring for your patients impair your judgement as a juror?
Doc (finally catching on): Yes . . . I would be worried about my patients the entire time, and it could affect my ability to devote myself to jury duty.
So it doesn't take a brain surgeon to get out of serving, but the judge might need to help a little.
I think there's a step zero:
-Commenter suspected of being juror.
- Juror suspected of perjury. - Court issues order to place that published posts which have a reasonable chance of providing evidence of said perjury, to provide the bare minimum of information to identify the poster. - If it's not him, end of case. - If it is him, file for mistrial, pursue conviction against him.
Why is this news?
I think it's news because it might not be him. If so, they still got the ID of someone who made an anonymous comment. Couldn't you often find something like "he could have been a juror" or similar to unmask anonymous commenters whose actions wouldn't have otherwise been illegal, just inconvenient to the authorities, for example?
On a different note, I can't help but wonder if Lucas is in poor health. He always hated Hollywood, and despised studios having any control over his creative process. So for him to sell his own film company, which he built from scratch, to a major studio goes against everything he's said and done for decades.
Let's hope that's it, and he's not just acquiring a bunch of money and free time to go retroactively ruin THX1138 and American Graffiti.
.
You just don't get it do you? It's exactly that all that bullcrap, favoring those who play Wikipedia The Role Playing Game over those who want to do the work, that has driven the latter away. The lunatics are now running the asylum.
Back in my younger days, I had a game called Star Fleet Battles. I had the game set, the expansion set, the Captain's Rule Book. All the add-on sets and rules addenda volumes ("this page replaces p. N of book X") plus the special issues of gaming magazines with extra ships, scenarios and what-not. I'd always want my friends to come and play out epic space battles. They did play a few times, but almost always I'd beat them by finding a special rule to defeat what they'd thought were their most brilliant moves ("All your drones hit my wild weasel - it's considered active for the entire turn now, even if it was technically destroyed already.").
The game's been on the shelf for a long time now. All my friends had other things to do when I wanted to play SFB.
I realized my "error" all these years later as tried and gave up on adding to collaborative online knowledge bases. Someone always knows the "rules" better than me, and the learning process is sufficiently irritating I'd rather not bother. ("For this album type, the composer is considered the artist, not the performer, unless the lyricist also wrote part of the tune, in which case the artist is the composer and lyricist.") I can think of plenty of other, more rewarding pursuits.
No, "disorderly conduct" does.
"Disorderly conduct" is what we call it when you haven't committed a crime but we want to punish you anyway because we don't like you. It's basically a bullshit charge for when nothing else sticks.
Ditto, what possible reason is there to visit the US anymore?
Anymore? The same as there always has been. How does going through a security checkpoint to get on a plane have anything to do with our tourist attractions?
Here's a car analogy: Have you ever wanted to buy, say, a bottle of milk? The nearest store is still far enough away that you have to drive. There are also stores farther away that also sell milk. Maybe those farther-away stores even sell chocolate milk, and that would be nice. But they're farther away and traffic is bad, so you decide to drive to the closest store because it's less trouble.
What in the goddamned fucking hell are you smoking?
Sarcasm cigarettes, try 'em someday. They make things mean different stuff -- you know, expand your consciousness, man.
I was under the impression that the 100 foot radius (in California--Ianal) was created to prevent campaigners from trying to sway voters to their side and prevent the ensuing emotional chaos created from interfering with the voting process when the voters were making a decision at the polling booth. Witnesses, OTOH, can be anyone, for whatever purpose, watching and learning about the voting process in the voting area as long as it's peaceable and reasonably practical. (An example: students not of voting age.)
Same situation here: poll watchers are allowed in Kansas. Sometimes one or both parties have a poll watcher at the voting places. Usually they just count the voters coming in. Sometimes they have a checklist to look for voters they know are solid supporters to make sure they've voted (much rarer these days with advance voting and mail-in ballots). It's not considered electioneering, since they're not talking or wearing buttons or shirts or handing out pamphlets, just sitting there silently. If, on the other hand, they were "electioneering", the election judges would make sure they stayed behind the "no electioneering" signs. I assume (with no proof) that Texas also has a definition of "electioneering" on the books, and I speculate that the AG is just grandstanding a little.
Why are they storing CCs plain text on the terminals. Do they really need anything other than the last four digits...or can they store them encrypted locally or even better on a server.
The question is did they realize this threat and ignore it? Could they have forced their software vendor to fix it? Did they just not want to spend the money? If they didn't see the risk why?
CC numbers are stored in plain text on the magstripe. So the terminal has to deal with that info in unencrypted format at at least one point. And if you've compromised the card reader somehow -- the article doesn't say how -- then you can see, save or transmit that data.
And TFA doesn't say they ignored it. It says they contacted the FBI. I assume from the statement: "The company discovered the breach on September 14 but kept it quiet while the FBI attempted to track the hackers." that it was the FBI who asked BN to sit on it. And who knows, perhaps the vendor was notified in the meantime, that part isn't mentioned either way in TFA.
If they know what CVS is, and they do use it... You know you're in trouble.
I know, I've been stuck using CVS, but I think the OP meant "some kind of source control" versus "none at all" -- not "CVS" in particular. He did state "any kind of" - but as always, I could be wrong.
There is a still worse answer: "we use our own system". Unless their business is writing version control systems, they've picked a bad one.
This is probably unimportant. People just tend to leave after a period of time, no one stick around in one place as a career anymore.
Maybe not, but for a slightly different reason. The question was to identify code quality as a means to improve the chances for job satisfaction. So having the developers of the original undocumented/tedious/nightmarish mess still around means you can go and ask them what (the hell) they were thinking. It may not make the code any better, but it can mitigate the pain of figuring it out.
Depends on what would make a job more "satisfying" to the potential employee, of course. And any suggestion we come up with short of the problematic "work with the code for a while" is just an informed crap-shoot anyway.
Create Android phones. They have fantastic engineering talent that is being wasted by a dead platform.
Or rather, they had fantastic engineering talent before the layoffs.
. . . I guess a few people here forgot to take their humour pills...
Wouldn't that be giving them an unfair advantage?
Fully actualized humans alter their brain and body chemistry all the time.
. . .
So what are you on, and didn't your teacher tell you to bring enough for everyone?
And if 50% of companies are still running XP, Microsoft will be forced to keep updating it.
Microsoft's update to XP is Vista. What magical force do you think exists that can get MS to patch XP one more time?
Money might work, if enough customers were willing to pay to keep updates coming to avoid obsoleting old hardware and/or software that only works with XP.