Mason Wheeler’s Techdirt Profile

masonwheeler

About Mason Wheeler




Mason Wheeler’s Comments comment rss

  • Apr 16th, 2014 @ 5:03pm

    (untitled comment)

    A Canadian study suggests that kids who start dating early (at an average age of 11.6 years old) are prone to more school and behavioral problems than their late-booming peers.


    Isn't this pretty solidly established? I first heard about this almost 20 years ago and it was considered pretty non-controversial (except among hormonal (pre-)teens, of course) even back then.

  • Apr 16th, 2014 @ 1:19pm

    Re: Whatever happened to "Malice Aforethought"????

    Are you sure you've got the right article?

  • Apr 16th, 2014 @ 10:57am

    Re: Re:

    Well she's full of crap. It's beyond Congress's authority under Article I, Section 9, Clause 3 of the Constitution, which says that congress cannot pass retroactive laws, period.

  • Apr 15th, 2014 @ 4:23pm

    Re:

    Not just boring; the ending to ME3 was outright insulting, as no matter which of the three choices you choose, they're 90% identical and all three end up literally nullifying everything you've worked to accomplish over the course of the entire trilogy.

    Even if you've taken the time and put in the hard work to peacefully resolve both of the central conflicts of the game, (Krogan vs. Salarian and Geth vs. Quarian,) which would have proven that the point being made at the end is invalid, Shepard never has the opportunity to present this line of reasoning. (You know, the sort of thing Paragon Shepard has been doing FOR THREE ENTIRE GAMES NOW?!?)

    And then when enough fans complained, they released an updated version where Shepard gets to reject this line of reasoning... for an even stupider and more pointless ending that basically says "screw you, fans, you'll accept what we're doing and like it!"

    Mass Effect 3, more than anything else they do or have done, is the reason why I'll never buy anything else from EA.

  • Apr 15th, 2014 @ 1:28pm

    (untitled comment)

    EPIC's FOIA lawsuit over similar information revealed last year that the FBI's facial recognition software (as of 2010) had an acceptable margin of error of 20%. With a 1-in-5 chance of "recognizing" the wrong person, the accuracy of the database had nowhere to go but up.


    That's actually really good. Do you ever randomly see somebody (who you don't interact with on a daily basis) and think "that looks just like so-and-so that I used to know." And how often does it turn out to actually be that person, after your brain "identified" them?

    80% is a very, very good "hit" rate.

  • Apr 15th, 2014 @ 10:52am

    (untitled comment)

    What's somewhat incredible is that the David Nimmer that Posner relies on above to highlight that a performance itself is not copyrightable is one of the few "copyright experts" to claim that Kozinski's bizarre interpretation makes sense.


    For some reason, I found this sentence difficult to parse and I had to read it several times before I got it. I would have phrased it like so:

    What's somewhat incredible is that David Nimmer, who Posner relies on above to highlight that a performance itself is not copyrightable, is one of...

  • Apr 15th, 2014 @ 10:38am

    Re: A prediction

    The problem is the ISPs are selling more bandwidth than they can really provide


    Yes, that's exactly the problem.

    When you sell something you don't have, that's usually called fraud, and is highly illegal... unless you're an ISP or an airline, apparently.

  • Apr 14th, 2014 @ 3:31pm

    Re: Come again?

    Umm, who would ever be so stupid as to point out a security vulnerability to the NSA in hopes of protecting a network?

    It worked pretty well for Cliff Stoll.

    Of course, that was back in the 80s.

  • Apr 14th, 2014 @ 10:59am

    Re: Re:

    Yes, please do. The reality is far more complicated (and far more interesting!) than the simplistic "the church persecuted Galileo for teaching heliocentrism" myth that everyone's heard since grade school.

  • Apr 11th, 2014 @ 2:55pm

    (untitled comment)

    We found that officers routinely fired their Tasers, which discharge 50,000 volts of electricity,


    I really wish people would stop sensationalizing this. I take 50,000 volt discharges on a daily basis, because of the carpet in the office where I work, and I'm fine. If you've ever touched a door handle and gotten a shock that you could feel, see and hear, that was at the very least 40,000 volts of electricity, and probably more.

    On the other hand, a 120 volt current from wall power can kill you dead, because voltage is irrelevant. Amps kill, and Tasers have a very low amperage.

  • Apr 11th, 2014 @ 11:24am

    Re: Re: Re:

    As you have said no amount of 'programming language change' can stop human errors.


    Yes, but it can mitigate the damage they do. Tony Hoare knew how to make this sort of thing impossible waaaay back in 1960: design the language so that if someone tries to go outside the bounds of an array, the program crashes instead.

  • Apr 11th, 2014 @ 11:22am

    Re: Re: Re: Re: Re: Re:

    Exactly. It's still a C buffer overrun exploit; it's just that this involves buffer reading rather than buffer writing.

  • Apr 10th, 2014 @ 4:27pm

    (untitled comment)

    A better question: when did the programming community know about the problem?

    The answer? Over a quarter-century ago. In 1988, the Morris Worm brought the Internet to its knees, taking down about 10% of all existing servers at the time. It got in through a buffer exploit in a piece of system software written in C.

    That should have put the programming community on notice. The C language should have been dead by 1990, because this class of security hole (buffer exploits) is inherent in the design of the language and can't be fixed. Some people say "you just have to be careful and get it right," but to err is human, and it's an easy mistake to make. This means that the language is at odds with reality itself. Something has to give, and it's not going to be human nature.

    They say those who don't learn from history are doomed to repeat it. Well, here we have it again, a major buffer exploit in a piece of software written in C, affecting between 10% (there's that figure again) and 66% of all servers on the Internet, depending on which estimate you listen to.

    We know better than this. We have known better than this since before the Morris Worm ever happened, and indeed for longer than most people reading this post have been alive. I quote from Tony Hoare, one of the great pioneers in computer science, talking in 1980 about work he did in 1960:

    A consequence of this principle [designing a language with checks against buffer overruns built in] is that every occurrence of every subscript of every subscripted variable was on every occasion checked at run time against both the upper and the lower declared bounds of the array. Many years later we asked our customers whether they wished us to provide an option to switch off these checks in the interest of efficiency on production runs. Unanimously, they urged us not to—they already knew how frequently subscript errors occur on production runs where failure to detect them could be disastrous. I note with fear and horror that even in 1980, language designers and users have not learned this lesson. In any respectable branch of engineering, failure to observe such elementary precautions would have long been against the law.


    Maybe now that it's happened again we'll finally wise up and give this toxic language its long-overdue funeral?

  • Apr 10th, 2014 @ 1:38pm

    (untitled comment)

    On top of the publicity rights claim, Heigl claims that this is a form of "false advertising," but one could reasonably argue that (a) it's not false and (b) it's not advertising. The latter claim may be a little trickier, but where is the line between an advertisement, and some social media jockey at Duane Reade just tweeting out a photo. That line may become... very important to the outcome of this particular lawsuit.


    I don't see how that works. This is unquestionably advertising, but the fact that it's not false, in and of itself, invalidates the "false advertising" complaint, so how does "the line between advertising and not advertising" have any relevance?

  • Apr 10th, 2014 @ 1:34pm

    (untitled comment)

    How in the world does Apple end up on the top of that list? They're about the sleaziest company in the tech world...

  • Apr 9th, 2014 @ 5:22pm

    Re: Re: Re: Re: Re:

    These guys aren't victims in the slightest. They purposefully broke the rules so that they could make a big stink.


    What rules? You can't violate a contract you didn't sign in the first place.

  • Apr 9th, 2014 @ 4:48pm

    Re:

    Behold how far we have fallen.

    Go back to 50 years ago, and tell people that someone wants to produce a new, genetically-engineered type of seeds that will:

    1) be sterile and not yield new seeds for the next year's crop
    2) contain dominant genes, such that they can be cross-pollinated into nearby fields and render that crop sterile as well
    3) be the only seeds that are not adversely affected by a special poison sold by the same person

    ...they would never believe it. They'd think you were talking about the script to the next James Bond movie or something! The fact that we are discussing whether or not a contract makes this sort of Bond-villainy legitimate, rather than whether or not Monsanto execs should be rounded up and put on trial for crimes against humanity just underscores how far down the rabbit hole we've gone in the last few decades.

  • Apr 9th, 2014 @ 4:42pm

    Re:

    Strangely, I only ever hear stuff like that from people who are from Philly. Other people just sort of... don't talk about it much. :P

  • Apr 9th, 2014 @ 2:17pm

    Re: startssl.com declares intention to commit corporate suicide

    When the Morris Worm hit, about 25 years ago, we all put aside our differences and our squabbles to patch things up, but we didn't learn our lesson.

    The Morris Worm used a buffer exploit to break into all those computers, an inherent security hole in the C language in which the language does not ensure that the space you're trying to put data into is large enough to accept the data you're putting in, and so if the programmer forgets to check this manually, the data can get written to other areas of memory and end up being used to hack the system.

    This should have put the programming community on notice, but it didn't. A quarter-century later, people are still getting hacked by buffer overruns, including Heartbleed, for one very simple reason: people are still writing C code that's vulnerable to buffer overruns.

    Make no mistake; this is inherently a problem in the C language. You don't hear about buffer overruns in Java or Pascal or Ruby or Python because the languages are designed in such a way that that's impossible. But Windows and *nix systems have to issue critical security patches on a regular basis because they're written in C, or in C++ or Objective-C, which are closely related and share C's flaws.

    We know better than this. We have known better than this for longer than most people reading this post have been alive. I quote from Tony Hoare, one of the great pioneers in computer science, talking in 1980 about work he did in 1960:

    A consequence of this principle [designing a language with checks against buffer overruns built in] is that every occurrence of every subscript of every subscripted variable was on every occasion checked at run time against both the upper and the lower declared bounds of the array. Many years later we asked our customers whether they wished us to provide an option to switch off these checks in the interest of efficiency on production runs. Unanimously, they urged us not to—they already knew how frequently subscript errors occur on production runs where failure to detect them could be disastrous. I note with fear and horror that even in 1980, language designers and users have not learned this lesson. In any respectable branch of engineering, failure to observe such elementary precautions would have long been against the law.


    And he's right; it should be. The Morris Worm put us all on notice, and the Heartbleed bug serves as a stark reminder that those who do not learn from history are doomed to repeat it. 34 years after Hoare's warning, and nearly a quarter-century after the Morris Worm, it's still not considered an act of criminal negligence by the law--or even generally considered a shameful act by one's peers in the computer programming community--to build an operating system, browser, or other network-facing software, or other software that has an inherent security requirement, in C.

    It's about time that changes.

  • Apr 9th, 2014 @ 11:36am

    Re: Re:

    One mistake: please stop calling abusive publishers "content creators." These guys creating the content are very rarely the problem; the ones distributing it are, and they're generally completely distinct from the content creators.

    That's the thing that far too many people don't understand about copyright, and it gives undeserved legitimacy to the current system: if people think it's sticking up for the rights of content creators, then it's a good thing, right? But when people understand that it's actually enabling publishers to exploit the content creators along with all the rest of us, their attitude changes fast.

More comments from Mason Wheeler >>