Party like it's 999!
35 posts • joined 11 Aug 2011
> "An ounce of prevention is worth a pound of cure?"
That's a nice cliche, but it simply isn't always true. Sometimes the band aid is an ounce of cure where a pound of prevention is needed. I mean, we could get rid of all hard surfaces outside so our kids never get a scratch. Or we can buy a box of band aids, I know which is cheaper... (Obviously, there are plenty of cases where it is true.)
It's very simple in the end, the customer is just not willing to pay for quality. That's also not a problem that's unique to software, you see that everywhere. It's a problem of a culture where we only look at initial costs and fully expect to replace things pretty quickly. To some extend it even makes sense, often software is going to be outdated way before all bugs are fixed.
But yeah, I'd rather like to see high quality software build for the long haul. But that does mean you can't jump on every latest technology bandwagon, you can't be buzzword compatible etc. Basically it will be very boring software, and maybe that's a good thing.
> This tended to cause the aircraft to nose up in some circumstances, which could cause a stall.
That's the thing that gets me. There's all this talk about sensors and software, redundancy, pilot training etc. But before all of that it seems to me that the physical characteristics of this plane are significantly worse then it's predecessors (at least in some aspects). Didn't the problem really start there?
I might be reading to much into it, but it seemed to me Boeing try to squeeze a bit to much out of the 737, which backfired pretty badly.
I guess the combination of both is the actual solution. What a distribution provides is a curated feed of packages. Right now it is the only curated feed we have for Python packages, so at the moment it is the only solution. Now I've tried doing exactly that, only use the Debian provided packages for a Python application. I failed. The solution seems to be obvious, we need a feed of Python packages which is properly curated. To me it doesn't make sense to use the feed of a OS, they have other priorities. But it does need to be managed the same way, the Debian model works and could well be applied to a Python specific repository.
Nonsensical hyperbole. There will always be a market for cheaper rental acommodation, and so there will always be landlords willing to offer it.
There will always be more margin in higher end accommodation, so a sensible landlord will always rather provide that. No conspiracy, but the net effect is the same.
Well, if the food banks work as expected you wouldn't be hungry and you indeed wouldn't have the right to complain about it. The food banks don't even have to be spiffy, they need to be functional. That still leaves enough to be said about how desirable or effective a specific solution to your hunger is, who should provide it, who actually needs it etc. But no, you can't complain about bing hungry if your not actually hungry. Just like the queen can't complain about being poor.
I once ran a mail server on a connection which explicitly prohibited this. I noticed in the log once that the ISP was actively doing relay checks, but never heard a word from them. So they knew I violated their TOS but didn't care because it wasn't causing any trouble.
Still, it's annoying because a TOS like that can be used against you at any time. When running a business you really don't want that hanging in the air. In the case of google it cynical to find clauses like that in their TOS because they are always claiming ISPs should be net-neutral and not interfere with the content of the data. If they really believe in this they shouldn't care if the traffic on their network is bittorrent upload or files served from a webserver. But google only seems to believe in net-neutrality when it's in their favor...
"I call BS."
Nope. A dutch TV program which tracks origins of consumer products to show how they are created dug into this earlier this year. And yeah, the stuff exists, is being collected from killed beavers and being sold as a natural flavor. Getting a food producer to admit they use it turned out to be a different story, but the stuff exists and is being sold.
The two episodes covering this are online here:
The program is in Dutch, but contains some stuff (the start of the second episode) which takes place in Canada which are in English (with dutch subs). It shows a Canadian trader with a shed full of dried anal glands...
Equal opportunities, fine. Moving heaven and earth to get more women into IT whether they want it or not is a totally different thing. I've seen quite a few women in IT I'd happily work with (there is one I'm still trying to hire), and quite a few who should be doing something else. But the same is true for men in IT. The only opinion I'll have on women in IT will be based on the quality of there work. And frankly, anything else (even if you wrap it in big words like 'gender equality') is sexism. Isn't getting hired 'because you're a woman' the biggest possible insult for any woman looking for a job in IT?
It's time we get over this and stop bickering about this men-women thing. When that happens it stops being about us and them (which ironically might actually do more than anything else when it comes to women in IT).
The simulator point is valid I guess, being in a real car with a real risk of getting killed if you screw up does (I'd hope) make a difference. I know that I tent to fall silent on phone conversations while driving when 'interesting' stuff happens on the road, because I get distracted from the phone call. In a simulator however, the call might well be more important, at least subconsciously. It is really hard to take a simulation just a serious as real live.
He wasn't punished for whistle-blowing, he got a slapped for excessively accessing confidential data. He was explicitly acquitted for the first time he accessed data which the judge deemed acceptably because he needed prove he could actually access the data. But once that was clear there wasn't a reason to access more files, especially not in the presence of others. A €750,- fine for reading and showing other confidential patient data doesn't seem especially harsh to me. Had he done no more then he needed to and had he reported it properly he would have gotten away with it. But he choose to make a show out of it instead of dealing with it responsibly.
And the patients fine was a suspended sentence, something the article fails to mention.
The patient got a suspended fine, so he isn't going to pay the fine unless he is stupid enough to make the same mistakes again.
The ruling (i've read it) is actually very balanced. This is, in short, what happened. The patient overheard a (weak 4 digit) password accidentally. He didn't take this up with the owner of the password, nor the organisation, nor the software builder. Instead he tried if it worked at home. The judge ruled this normally illegal but acceptable(!) in this case up to the point where it was required to prove he got access to the system. The judge fully acknowledged the bigger interest of the security of a system storing patient data there.
The patient then called Krol, and together they again tried if it worked. He was fined (again, a suspended fine) because he didn't try to contact any of the relevant parties but instead choose to show the password to somebody else. The judge explicitly acknowledged this would have acceptable if the issue wouldn't be fixed after reporting it in a relevant place.
Krol went a bit further (and got a higher fine as a result). After being told about the issue he tested it together with the patient. He downloaded a few files to prove he could actually access the system, which again was deemed acceptable by the judge. He then printed some of those files, anonymized them and called the Diagnostics for You, got a receptionist on the line who asked him to report this in writing so they could look into it. But he didn't, he also didn't push on or try calling somebody else but instead he called the local television station. They came over and filmed him logging in to the system and download patient data again, effectively showing sensible information to journalists instead of getting the issue fixed. This is what got him the fined, illegally accessing and sharing sensitive files even though there was no reason to do so.
This ruling actually provides a nice legal framework for responsible disclosure, it boils down to, it's OK to access systems when there is a bigger interest at stake, but report i at the right places, and keep the breach of privacy to a minimum. And if you go a bit out of your way there, you'll get a slap on the wrist.
Krol go fined, not for hacking but because he didn't do responsible disclosure properly. I've got no issues with that, most of it is common sense really.
This is exactly the battle which is going on at the moment. The old guys, which made mobile phone's possible in the first place don't like the fact that the new kid eats into there market share using what they created. The new kid with all the cool stuff thinks the old guys should be using his shiny ideas to create better phones as well. All I can say is something about a pot and a kettle.
Operational databases are the ones where you loose money if a single record is missing or incorrect, analytical databases are the ones where the amount of errors only has to be low enough to be statistically insignificant. Storing your invoices in mongodb is a very, very dumb idea. Using a full blown Oracle installation when you want to know how popular a topic is on twitter is equally stupid.
Tool, job etc...
I always feel get the impression everybody writing about the music industry overlooks the fact that there simply is less money to be made in music these days.
Music used to be a big thing to spend money on in the 80's and 90's, now there is a wider range of stuff music has to compete against. Kids these will simply spend less money on music because they are spending it on gadget, games and cell-phone bills. You can't discuss the music industry revenues without looking at the world around it. Music is entertainment (and perhaps fashion), and it that business a lot of new stuff has appeared. Music needs to compete with iPhones and World of Warcraft these days. A competition which didn't existed before and therefore is bound to make a dent in the revenue from music.
Adding the cellular network as a second channel does raise the bar, but cellular networks should also be considered possibly compromised. The list of effective attacks against GSM is getting longer. On top of that you have to trust the users smartphone and there is lots of logging/monitoring going on in the mobile networks which might be compromised as well.
I'm not sure how stuff works in the UK, but my Dutch bank uses a challenge/response system where users need to type numbers (along with their PIN) into there the card reader. For large transactions the challenge includes the grand total of the transactions being send and for even larger transactions it also includes the account number the money is being send to. This effectively beats MITM attacks (provided users are paying attention) because an intercepted response is only useful for the transaction the user actually requested and modifications to the challenge will be noticed.
In the end a system which is immune to MITM attacks will always be better than using multiple channels.
Xs4all has already announced the will appeal this decision. For those of you able to read dutch:
https://blog.xs4all.nl/2012/01/11/persbericht-rechter-beveelt-website-te-blokkeren-xs4all-in-hoger-beroep/ and http://tweakers.net/nieuws/79292/xs4all-gaat-in-hoger-beroep-tegen-pirate-bay-blokkade.html
Investing in thorium based nuclear power is probably the smart thing to do. It means getting rid of quite a few disadvantages of uranium while keeping the benefits. Also, thorium is more widely available, while uranium will run out at some point as well.
Having said that, in the longer term electricity needs to come from renewable sources. I'm all in favor of loosing all nuclear power when there are better alternatives. The problem is the lack of alternatives which still work on a large scale.
It does make sense. In stead of relying on just the certificate send to you by the server and your local CA list it adds an extra check on top of that. You get everything you had before, plus the additional verification that the certificate is indeed the one Google bought and not one which was illegally obtained somehow.
It is a bit of hack, and it won't scale to be usable for the internet at large, but it works. This bogus certificate was detected because of that feature and might have gone unnoticed a bit longer otherwise.
Biting the hand that feeds IT © 1998–2019