This is a valid argument against open source operative systems running top clearance environments such as the military / police / government agencies. If this modifications had gone undetected for a few months, it's possible that the compromised code could have made it into a lot of critical systems.I am a Linux user, but I remember this being a Microsoft argument in the past for promoting their OS to run in government agencies.
no modifications to the code appear to have been made. Like they said, that would be hard/impossible because it's all signed off by Linus in git, so ever if they compromised the server it gets them nothing. They'd then have to compromise some accounts and submit patches and still get them approved.
This argument is completely bogus. I could just as easily have happened to any one else including Microsoft, and in those cases we might not even have heard about it.
It already has happened repeatedly to some hardware vendors where an actual payload was injected into their drivers, and they weren't open source.
Between open source and git it's dramatically more likely an injected payload would be detected long before dissemination could take place.
Did you actually read the page? Because it says exactly the opposite. It says that it would be impossible to modify the source without hundreds of people noticing immediately.
No, it isn't. Imagine someone got a developer's username and password at Microsoft. Then they logged in and managed to escalate themselves to Administrative privileges on the box that manages Windows source control via a security vulnerability. They then injected some backdoor access into Window's networking code for an upcoming patch. I would argue the chances anyone at MS would have noticed this is actually lower than compared to a distributed environment (git) that is designed from the ground up to catch these kinds of things. There is nothing about a proprietary system that makes this kind of thing any less likely.
> Intruders gained root access on the server Hera. We believe they may have gained this access via a compromised user credential; how they managed to exploit that to root access is currently unknown and is being investigated.
This is more related to weak security policies than OS security flaw.
It's more related to having multiple users with system access. Your security policy now extends to the security policies of all users and user systems. Password strength, system integrity (keyloggers, etc.), token security, and the like.
How is patient's data public?
Health is such an interesting space- there is so much that can be done to make people's understanding of their health and their health costs better. The problem is the enormous amount of bureaucracy and the artificial barriers of entry (boards, professional organizations, other semi-public institutions). How do you go about dealing with that?
I don't think I was clear, but my startup allows you to see drug side effects reported to the FDA by physicians, healthcare consumers, lawyers amongst others over the last 6 years. It'll also allows you to narrow down those side effects to age and gender and make custom reports you can discuss with your doctor. The AERS data is public and has been for a long time, but it's increasingly harder to sort. We try to keep the site as clean and easy as possible.
We would love to have some front-end superstars on board. But more than anything we look for smart, competitive people that can learn fast and have the ambition to build something meaningful and disruptive.
"A truly intelligent person understands how little they actually know"
This is one of those statements that really bother me, almost as much as someone telling me I need to prove the non-existence of God if I want to be an atheist. Yes, intelligent people should have a good understanding of how big and complex the universe is and how little they know compared to the total amount of knowledge available. And given that they are aware of such, it wouldn't make sense for them to walk around claiming they are a big deal. However, people do not always act rationally, even geniuses. There is no negative-correlation between claiming to be smart and being smart, in spite of the obvious contradiction. Claiming to be smart and being cocky about it, it's just a personality trait. Think about this: you IQ is defined and practically unchangeable by the time you are a young teenager, but your personality continues to develop for many more years after that. So there is no way your personality can affect whether you are smart or not.
"Think about this: you IQ is defined and practically unchangeable by the time you are a young teenager, but your personality continues to develop for many more years after that. So there is no way your personality can affect whether you are smart or not."
I don't know whether the two claims you made are true (the one about IQ may be, the personality one probably is) but "there is no way your personality can affect whether you are smart or not" doesn't follow. It's possible that your personality may often continue to develop after your IQ is mostly set, but only in a highly restricted way dictated by what your personality was before. In fact this seems to me likely to be a common outcome.
I once met Roberto Padovani who is the CTO of Qualcomm. He is an alumni of my university, UMass Amherst, and he had come to give a talk.
We bombarded him with some really far fetched questions in information theory and signal optimization and he was able to give really good answers on the spot.
Here is a video of him:
http://www.youtube.com/watch?v=K-c6W0m_nEk
and his profile:
http://www.qualcomm.com/people/roberto-padovani
I don't think it's that simple. First of all, risk cannot be measured, so the fact that a person takes as much risk as they can bear is incorrect, it's all an illusion. I think it's easy to look back at let's say, Facebook, and say that they were a risky bet with a huge potential for growth. But the fact is that this kind of disruption cannot be predicted, in other words, no one in their right mind would have predicted Facebook to grow this big.
What I am trying to say, is that there is no point on investing in a company simply because they are risky/unpredictable and hope that they happen to be at the upper end of the tail and give back huge returns-- that would be a terrible strategy.
Facebook is a great example of a very risky bet that paid off bigtime. As you say, noone in their right mind would have predicted that facebook would grow this big - but the VC's that did and took a huge risk got an enormous paycheck out of it. The same Vc's probably invested in a lot of other companies that turned out to be losses.
Basically my premise is that risk x potential payout is a fixed number. Invest in a McDonalds franchise on your local highstreet and you will have a high probability of a low return. Invest in crazy stuff like facebook abd you have a low probability of a high return.
As you say, it's a simplicfication but I think it holds true in general.
Oh please, facebook already had 1/2 the Ivy league signed up and were growing at a fantastic exponential rate before they received an initial investment of 500k in June of 04. A real 'venture' move would have been to fund Zuckerberg _before_ he had a giant user base.
I agree. You build a tool to solve a problem, not for the building sake. And if it turns out the consumers are using your tool for a different purpose, it is in your own interest to understand this new use and optimize your tool to fulfill that previously unnoticed problem.
if it turns out the consumers are using your tool for a different purpose, it is in your own interest to understand this new use and optimize your tool to fulfill that previously unnoticed problem.
I once read a story about a Chinese company who built washing machines and found that they were getting lots of warranty claims after people had broken them trying to wash potatoes. Instead of putting a notice on the machines not to use them to clean potatoes, they successfully developed and marketed a dual purpose machine.
And yet to borrow from a commenter on the post. If you complain to a tool company about your hammer being a sucky screwdriver what exactly should the tool company to do? Make the hammer a better screwdriver? or point the user to the real screwdriver?
Sometimes the solution isn't to optimize your tool for something it can't do very well but to build a new tool that does do it well. I think turning Google the search engine into a site redirection service for keywords ala AOL falls into that category.
If you go to Home Depot with a hammer being a sucky screwdriver, they will replace it with a screwdriver--maybe the customer wasn't aware there was a better tool for that. Here google is home depot, not a hammer. Also, if your hammer is a sucky screwdriver and home depot doesn't have a screwdriver to exchange for your hammer, they better get some because otherwise the customer will go somewhere else. Finally, software is much more extensible than hardware, so the analogy is not exactly 1 to 1.
So what do you do if you're Home Depot and you try to tell your customer about screwdrivers and they stick their fingers in their ears and yell, "Nyaa nyaa I don't want to learn anything new"?
