Slashdot Mirror


User: Tom

Tom's activity in the archive.

Stories
0
Comments
10,601
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,601

  1. Re:Could a Meteor Have Brought Down Air France 447 on Could a Meteor Have Brought Down Air France 447? · · Score: 1

    The upshot of all this, even working with absurd (in the meteorites' favor) numbers, the odds of the Air France Flight 447 accident being caused by a meteorite are astronomical .

    Agreed, that's why I don't buy it, either.

    My point was that the fact that other factors have a vastly higher chance does not change the chances for this unlikely event.

  2. Re:Good enough is? on Motion Control To Lengthen Console Hardware Cycles · · Score: 1

    It was "larger" not in dimensions, but in content. While Daggerfall was a huge world, most of it was empty. Oblivion is all but empty, it's practically stuffed with content. If it hadn't been built to please the ADS console crowd, they could've easily blown it up by a factor of 2 in all dimensions and it would've felt filled.

  3. Re:EMP Testing on Could a Meteor Have Brought Down Air France 447? · · Score: 1

    Well, if you insist on context, allow me to point out that the topic we are talking about concerns an Air France flight on its way from Brasil to Europe. :-)

  4. Re:Good enough is? on Motion Control To Lengthen Console Hardware Cycles · · Score: 1

    Very obviously, Daggerfall was possible with Daggerfall technology, but not Oblivion. Don't you think that Bethesda would've made Oblivion if it had been possible?

    The difference is in scale and complexity. The Oblivion world is a whole lot larger and more complex than Daggerfall. Just putting the data (without graphics) down into Daggerfall would probably have exceededd hard drive capacities of the time. AI calculations would certainly have slowed down the game. The physics engine and its related points (e.g. traps) would not have been possible. And so on.

  5. Re:EMP Testing on Could a Meteor Have Brought Down Air France 447? · · Score: 1

    Most maintenance schedules for aircraft are set by the FAA, not at the airline's whim.

    And you guys are surprised so many people dislike the american arrogance?

    There are planes outside the US, if you didn't know. Where other organisations are in charge, and some are more and some are less... effective. If you're flying within the US or EU, it doesn't make a whole lot of difference, but if you fly in Russia, Africa or other such places, your choice of airline can make a huge difference.

  6. Re:EMP Testing on Could a Meteor Have Brought Down Air France 447? · · Score: 2, Interesting

    Actually, you can change your chances of survival in a plane as well. Not choosing the ultra-cheap airline that's known for skipping maintainance every now and then, for example.

    The rest is, sadly, intuition not fitting to facts if numbers are very large or small. Rationally, you would always choose a 0.1% to die in a situation with no control over a situation where, depending on your behaviour, your chance is between 0.1% and 0.2% - but if you'd set that experiment up, I'm pretty sure that a lot of people would choose the "I'm in control" situation, even though even if they play it perfect, they're no better off. But our intuitive feeling doesn't say "no matter what I do, there's still a risk". Our intuition of control is "if I do everything right, nothing bad will happen".

  7. Re:Could a Meteor Have Brought Down Air France 447 on Could a Meteor Have Brought Down Air France 447? · · Score: 4, Insightful

    While I don't buy it, either, your reasoning is too simplified.

    Let P1 be 0.1
    Let P2 be 0.0001

    Even though P1 is much greater than P2, P2 will still happen with a probability of 0.0001 - it is independent of P1.

    So while for every individual event, the probability that P1 happened will always be 1000 times larger than P2, in a large enough sample size you are still very likely to have P2 events.

  8. Re:Good enough is? on Motion Control To Lengthen Console Hardware Cycles · · Score: 3, Insightful

    The hardware is good enough for good games. It has been since the Commodore 64. The problem is, games are more and more boring.

    Actually, I disagree in part.

    Some really good games have only become possible with better hardware. Except that graphics hardware comes last in that list. But more memory and CPU speed have allowed for more complex games. A game like Oblivion or Fallout 3 would not have been technically possible on the C64, even if you would've been happy with Bards Tale style graphics.

  9. Nintendo Lessons on Motion Control To Lengthen Console Hardware Cycles · · Score: 0, Redundant

    Just their way of saying "it took us a while, but we think we realized that higher polycounts and more visual effects alone don't make good games and don' sell consoles".

  10. Re:Kind of. on Should Auditors Be Liable For Certifications? · · Score: 1

    That's correct. My SOX controls do not contain an objective that says "software must be bug-free".

    However, they do contain controls that ensure that the tech people are up to date information-wise, and the systems are up to date patch-wise. Which is the next best thing.

    Likewise, data handling is far below the scope of most audits. This is the area of software testing, pentesting, QA, etc. - the audit process's part in the game is to ensure that these things are done.

  11. Re:Kind of. on Should Auditors Be Liable For Certifications? · · Score: 1

    Sure, so the 9/11 pilots were negligent, right? Or the ground crew? Because after their checks, the planes should have been safe until the next checks.

    Which they were, troll.

    The fact that I can smash my iPhone with a brick doesn't mean there's a fault in its software.

    (for the non-trolling audience: The planes worked perfectly as expected. The passengers didn't, but they're not within the pilots area of responsibility.)

  12. Re:Kind of. on Should Auditors Be Liable For Certifications? · · Score: 1

    I advocate the model used in the airline industry, where things that are critical and important should be checked regularly and that companies should not be able to cut costs by avoiding infrequent checks whilst avoiding responsibility for this.

    Ok, I'm with you on that.

    You're right, it can work in software and auditing, but not on the cheap as most companies are trying to get away with. It's going to cost just like it does in the airline business to have their own set of technicians doing the checks round the clock, they have to accept that.

    Absolutely. It doesn't even have to be horribly expensive. One less trip to a nice cozy beachside "meeting" for upper management would probably save enough to pay for the entire thing.

  13. Re:Kind of. on Should Auditors Be Liable For Certifications? · · Score: 1

    "Things can change" is actually a pretty good excuse when it comes to IT security. Because they do change, and quickly they do.

    That's vastly overestimated. The majority of security problems are not the 0day exploits. The majority of security problems are old bugs, outdated software, bad procedures and users not trained in or unaware of security issues.

  14. Re:Kind of. on Should Auditors Be Liable For Certifications? · · Score: 2, Insightful

    It's not that it's impossible to do in auditing and software at all... it's entirely feasible. The issue is cost - those checks (by pilots, co-pilots, et al) and required maintenance cost airlines a significant amount of money, but it is paid because: regulations say they have to, and the cost of a rash of failures is terrible PR. In the IT world, companies want to be certified, only because they have to, and don't want to spend much money on that compliance. That's totally ignoring the companies (typically small to medium sized) that don't have the resources to expend on "doing the audit right". It's apples and oranges.

    No, it doesn't.

    If you are "too small" and "don't have the resources" to fly a plane safely, then you can't play in the commercial airlines market. Tough luck, but we're all better off this way, thank you.

    Now there are other markets, where quality isn't that important, and failure not half as critical. You could become a hairdresser, for example. Could still ruin someone's looks, but not their life. That's why hairdressers do not have to check all their equipment before cutting your hair.

    And I dare to claim that software in many appliances is quite capable of ruining not one life, and not hundreds, but many thousands, or whole populations. Think of the software that drives the stock markets. Same for auditing. If you audited a bank in 2008 and you didn't notice that it's all a huge house of cards that's going to come tumbling down sometime in the near future, then you didn't do your job properly.

  15. Re:Liable for what, exactly? on Should Auditors Be Liable For Certifications? · · Score: 1

    Maybe I'm mistaken, but isn't *any* auditing a check of the state? Even a check of a process (for example an audit checking the change strategy) in fact checks the *state* of the rules to be followed when applying a change. Doesn't it?

    Yes, and no.

    What usually happens is that you define your target state, and check if the current state matches. If not, you add remediation plans to make it match or reach the objective in different ways.

    So while you do check your process at time X, the actual control says something like "A change management process tracks, documents and authorizes all changes to the system." while a second control says something like "The system is checked every X days/weeks/months to verify that no unauthorized changes have occured."

    So while the actual audit is on date X, it usually does check the history. So your auditor will come in, and in addition to checking the system state today, he might as for your changelogs from January and April. As well as your documentation of testing from, say, February.

    Now: what's the job of an auditor? Is he (a) to certify that a certain system/proces/whatever meets a given standard, or (b) is he to certify that a system/proces/whatever *is* something? (Think: is "unbreakable"...).

    Depends on who you ask :-)

    Usually, the job of the auditor is to verify the effectiveness of your controls. In other words, he's the guy who "watches the watchers". Remember that you as a company are the one who should notice any anomalities in the first place. What the auditor does is verify that you have an effective infrastructure, processes, etc. in place to be able to do that.

    Which is why when Joe Dumb smuggles a change past the change management and puts it online, then Joe is the culprit. But if there's no change management process in the first place, then management is the culprit. And if there is a change management process, but it's all bullocks and doesn't do a thing, that is what the auditor should've noticed, and what he should be held responsible for if not.

  16. Re:Oh, this sounds like a good idea... on Should Auditors Be Liable For Certifications? · · Score: 1

    Well, as I see it, if every alternative but the first one would disqualify you, i.e. running up-to-date software is your only choice, then that alone would do a lot to improve security.

    And if that's too big of a change for some companies, then I say: "Good riddance!"

  17. Re:Kind of. on Should Auditors Be Liable For Certifications? · · Score: 4, Informative

    The problem is that auditors only check something at that point in time. They can't check that things are correct on an ongoing basis and they can't help it if what they're checking against isn't foolproof.

    The elevator guy has the same problem and yet it works in real life.

    That is because in any real life situation, tests are indeed done repeatedly, such as every quarter, every month - or if they are really important, every day or every event. No plane in the western world takes off without the pilot and co-pilot having run through a standardized checklist first.

    "But things can change" is a pretty bad excuse. Like the elevator (where wear and tear change the physics constantly), your system has to be resilient enough to withstand normal changes (e.g. wear and tear, different weights, etc.) at least until the next check. Unauthorized changes have to be hard to make unintentionally (that's why there's no "cut the cable" button inside the elevator).

    It really isn't that hard. It works in thousands of areas, many of whom are non-trivial and technically complex (e.g. airplanes). But for some reason, we think it's impossible to do it in auditing and software?

  18. Re:Liable for what, exactly? on Should Auditors Be Liable For Certifications? · · Score: 2, Insightful

    I think people should *very* hard try to distinguish between the two scenarios:

    I think people should try harder to understand auditing.

    Static audits are a thing of the past. Every audit and compliance proceduree AD 2009 includes not only checks of the current system state, but in fact puts more of a focus on changes. More precisely: Change management. In a properly certified and audited system, it ought to be impossible to change the system in a compliant way into a non-compliant state. Either your changes are part of the proper change procedures, or they are not. If they are not, then you (i.e. the guy doing the non-compliant change) is responsible, because you broke procedure. If the change is OK, but its effects are not, then the change process is faulty and whoever audited it didn't catch that.

    One way or the other, you very clearly find a culprit if you include change management into your processes.

    And any auditing that (2009) gets signed off without containing change management should never have been signed off in the first place, so again the auditor is clearly at fault.

  19. Re:Oh, this sounds like a good idea... on Should Auditors Be Liable For Certifications? · · Score: 5, Insightful

    If they win this lawsuit, they're setting a dangerous precedent - anyone who at any stage has certified a system as secure becomes responsible for its ongoing security, and can potentially be held liable for stupid user errors by users of that system.

    Contrary to the precedent that no matter how much you fuck up, and no matter how blatantly false your audit report is, you're not responsible for anything, including not finding problems that are there when your whole job justification is that you're there to find these problems?

    Stop worrying about the poor little techie. We're talking commercial enterprises here. The immediate effect will be that auditing companies take out insurances to cover this risk, and the price of audits goes up a little. However, the secondary effect will be that audits do, in fact, improve, because the premiums on your insurance depend on how often you fuck up and the insurance company has to pay for it.

  20. Re:Democracy is the problem on Open Government Brainstorm Defies Wisdom of Crowds · · Score: 1

    Democracy means if you have a group of a hundred people, fifty one can vote to piss in the Corn Flakes of the other forty nine and if everyone believes in Democracy there can't be any objections if the votes were counted properly.

    Even though I am an outspoken critic of our current democratic systems, that is a very simplified view.

    You have to view a democracy as an entity that exists in time, and - like a game of Nomic - can change its own rules. As such, it is likely that someone has thought of this problem before, and proposed to add a rule to the record that says something like "votes of pissing into other people's corn flakes need a 2/3 majority to pass".

    Now you'd counter that then 2/3 of the people will vote "yes" and piss into the other 1/3rds breakfast. However, then you forgot that the acting entities are human beings, and there are fairly well-established thresholds of ethical behaviour. There's a fairly good chance that more than 1/3rd of the voting people here would vote "no" for moral reasons.

    But, they can be fooled, tricked, manipulated, etc.

    The main problem of modern society is not that half the people vote to take the other half's stuff. The main problem is that over and over again, 3/4 or so of the people vote for things that they
    a) don't understand
    b) misjudge
    c) have been misinformed about

    And this happens both at the base and in the parliaments. We just had a law defeated here in Germany. It was a lucky and narrow defeat, in a case where everyone who is even remotely an expert on the topic in question strongly opposed it.

    Economic theory doesn't cover democracy because people are seldom less rational than in decision making. There's a great TED video about that.

  21. not convincing on Triangular Buttons Make On-Screen Keyboards More Usable · · Score: 1

    If it's just for the deadspace, then smaller keys should work the same, right? So what's special about the form of triangles? The article doesn't mention that. Also not how the odd layout comes about. With a triangle layout, I would've expected them to have alternating directions, because only then is is really less likely to hit the other key, because the broad end you're trying to hit would be bordering small ends, if you get what I mean.

  22. Re:Shame they can't do it for other religions on Church of Scientology On Trial In France · · Score: 1

    If a man thinks he's right, then his belief ought to withstand criticism, no?

    He should, and yet you are the exception. I usually find that atheists are more knowledgable in the bible than christians in any of the critical literature. Heck, often more than christians in the bible.

    Disclaimer: I am not entirely convinced that systematic theology actually constitutes a "proof" of God (by "not entirely", I mean "not at all"), since such proof would contradict the definition of "faith" you posted above (and I agree with). That said, it is a fascinating mental exercise, and I am thankful that at least there are people thinking intelligently about their faith (given that I also know a great many people who do not).

    I'll see if I can find that book in a library. And yes, I'm not opposed to mental exercise in the most remote topics. I've read my share of Crowley, Golden Dawn, etc. stuff and that's just like it in many places. There are elaborate theories about the deep and mysterious meanings of those enochian tablets, for example. All internally consistent and with a solid logic - as long as you accept the base assumptions as given.

    Interesting stuff, but not "true" in the sense of strict logic.

  23. Re:Seriously? on An Argument For Leaving DNS Control In US Hands · · Score: 1

    I don't know about magic, but we actually do get to keep DNS if we want to. What are you going to do about it? Typical European ingratitude.

    The rest of the world could easily band together and set up their own DNS root structure. The only problem would be that the two roots would soon be different, as with all forks. And everyone realizes that's a pretty bad idea. Who would want to have xyz.com resolve to different destinations depending on whether you're in the US or in the other 90% of the world?

    That's why the rest of the world is asking nicely.

  24. Re:Shame they can't do it for other religions on Church of Scientology On Trial In France · · Score: 1

    But who defines what is silly or not? Suppose I come to believe that your political philosophy is based on false assumptions and faulty logic, and I have the authority to tell you that you can't teach your children that particular philosophy? It's a slippery slope when we begin saying "we can give children these ideas, but we can't expose them to those. In my opinion, it's just a reverse of the fundamentalist "think of the children" argument. I'm equally against it.

    Agreed, it's a non-trivial topic. Personally, I believe education of children is left to amateurs (i.e. parents) when it should be done by professionals (i.e. parents trained for the job). Part of the process must be core abilities of reasoning and understanding, content-free.

    I don't mind telling kids about religion. I do mind teaching them religion. See the difference? I think we should make clear, from the earliest possible moment, the difference in all our teachings between "undisputed fact" and "opinion or belief". If you tell the kids "here's an odd idea that a lot of people believe in", that's a huge difference to "there's gravity, and light, and god as described in this holy book".

    Basically, teaching children how to think should take priority over teaching them what to think.

    Going from there, my definition would be that anything that you are not willing to truthfully answer any and all questions of your kids about, and give them the full sources of both pro and contra, is silly stuff.

    Actually, it is.

    Interestingly. Yes, thinking about it now it makes sense that one of the most outspoken atheists I know actually studied theology.

    While the theological proofs of such figures as Descartes have holes, the holes do not lie with the presuppositions, and modern theologians have greatly improved on them.

    I can not imagine how you can even begin to build such an argument without going - more or less obviously - the route that your teacher used. Care to point me somewhere I can read up on this?

  25. Re:Seriously? on An Argument For Leaving DNS Control In US Hands · · Score: 1

    Nobody has yet to offer a reason grounded in reality for removing US control over the DNS other than "We don't think they should have it."

    Well why not? It's one area we've done frickin stellar with internationally, why take it from us? Because you don't like our politics or something? That's pretty hypocritical. Sounds like one of the arguments for -not- relinquishing control, because then the internet will be subject to idiotic global politics.

    There's your reason, right there. If you think that global politics are "idiotic", almost by definition, then you shouldn't be in control of global matters.

    Your reason for keeping control is not an inch better: "We don't think anyone else should have it."