Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×

Comment Re:Why find new jobs? (Score 1) 307

by ToasterMonkey (#49071831) Attached to: The Software Revolution

There is no Utopia anywhere in the world, never has been and never will be. Human nature prevents such a system. Sure, I think the majority would be up to share, but there is a minority of people that would take without contributing to society, and the other end of the spectrum would contain people that abused that system to get more than their share.

Wait, in YOUR utopia you have to work for stuff? In mine we all float down a river on inner tubes with endless supplies of sunblock and limeade.

Comment Entitlement (Score 1) 755

by ToasterMonkey (#49061811) Attached to: Removing Libsystemd0 From a Live-running Debian System

We aren't all "good at coding", or paid to work on Software Libre: that means that those people who are need to be much more responsible, and to start — finally — to listen to what people are saying.

When was the open source or free software spirit EVER "Have it your way", like some kind of unpaid Burger King?
You can't vote with your wallet with free software. Unless you pay for it, and my wild guess is most people don't.

If you can code, you can vote. Maybe. If someone accepts your patches. Not everyone wants to make money either.
If you can't code, can't pay, and have a problem with what you get - get a job and/or learn to code.

Comment Re:why is this even a thing??? (Score 2) 31

by ToasterMonkey (#49058809) Attached to: West Point and Marines Launch Open Cyber Conflict Journal

My understanding is that the military does have a completely isolated network for critical combat communication, but like any other global-scale organization, they're still probably reliant on the now-civilian internet because of the efficient communication it provides. For instance, communication with contractors, other countries' military forces, and so on are all vital for day to day operations, and probably can't be accomplished with a military-only system because of the sheer scale and scope it would require.

I just don't think it's as simple as saying "the military should not be on the internet". They either have to try to use it safely and securely, build a completely separate and parallel internet, or go without it. Granted, there's obviously a percentage of material that should always be air-gapped for maximum security, but the bulk of bureaucratic day to day communication and coordination only needs to be reasonably secure, and can probably safely live on the standard internet given reasonable precautions.

They have more than a few, and I seriously doubt very much reliance on the Internet because even mediumish sized businesses use private connections between themselves rather than some VPN over the public Internet for critical communications. I'm not saying they don't use the Internet, because you can get to it from their non-secure networks, but their private networks are comprehensive. Anything classified is on those air gapped networks.

Anyway, the purpose of our military is to defend US. They've got their own shit locked down better than most private organizations would tolerate. The way the Internet was designed, there isn't much the government can do for the rest of us without employing some sort of Great Firewall of China, or... TALK about the problems... like this journal.

You are right, "XYZ should not be on the Internet" is not the answer. Like abstinence in teenage sex-ed, it can't be THE answer, it's not good enough. The private sector is getting screwed right now, and even if it works for some of us, we can't keep shouting abstinence at the problem.

Comment Re:Co-Conspirators? (Score 1) 188

by ToasterMonkey (#49051787) Attached to: MegaUpload Programmer Pleads Guilty, Gets a Year In Prison

This. One thing I have never understood this sequence:

1. Cop searches car illegal.
2. Court tosses out evidence.

So far so good. No qualms there with the court....

3. Cop is NOT charged with a crime, continues working

That never made any sense. If the search was illegal, he didn't have the authority to do it...so it was....by very definition....outside the parameters of his job. He was NOT acting as a police officer if he was conducting an illegal search.

In fact, if anything he was denying a person their civil rights under color of law....which is a felony. Why should he NOT be charged? Why should a prosecutor even be allowed to know about such an event and not bring up charges?

And no, I am in now way saying such evidence should be used.... I understand fruit of a poisined treee, I just don't understand allowing trees to be poisoned and hoping nobody notices next time.

Give us a link to the law violated in 1. for starters. Is it state, federal?
Then give an example of one of us, random people on the street, breaking that law, and walk us through you bringing what charges against that person, in what court, etc. etc.

Comment Re:I understand the words (Score 4, Informative) 54

by ToasterMonkey (#49026577) Attached to: Something Resembling 'The Wheel of Time' Aired Last Night On FXX

Strangely enough, there is this concept called THE FUCKING ARTICLE which often (but not always, this is Slashdot after all) contains useful hints about WHAT THE ARTICLE IS ABOUT.

After that, it's all reading comprehension and a few minutes using your Internet-search-engine-of-choice.

Which article, there are eight links in the summary. DDOS, pilot, miniseries, TV, film, game, mobile, internal project names, failed kick starters... WTF? o.O

as fans tried to figure out just what the %&#% was going on last night, you should probably prepare yourself

So, the people who CARE about this garbage don't know what's going on either, and it's here WHY?

Comment Re:What about the banks? (Score 1) 57

>We see in case after case how all it takes is single insider at a company—in this instance, allegedly, a receptionist in a dentists' office—to set an identity theft ring in motion, which then tries to monetize the stolen information by purchasing Apple goods for resale or personal use

Those people can do that because of the horribly insecure payment methods the banks impose on everyone. If crime requires motive and opportunity, then it's the banks who are providing the opportunity.

What about them? They got screwed.

What did payment systems have to do with this, it was identity theft and credit fraud. That they bought gift cards and high value electronics are just SOP with any scam like this.

Comment Re:SSH (Score 1) 88

Sorry but as far as I'm concerned key management shouldn't be a part of the process that's handling connection authentications, etc. Why can't this be an outside protocol entirely? For decades, we've been waiting for some kind of automated decentralised, anonymised key-store and surely the effort going into securing this very dangerous piece of code would have been better put into moving the problem away from SSH and allowing multi-protocol use of such things.

If you trust a server by accepting its public key, it is by definition, trusted, for as long as its private key is secure.
Only the initial trust needs to be verified by humans, and with a chain of trust, even that can be nearly automated by adding your organization's CA key when systems are deployed (I'm in an imaginary world where SSH key management has caught up with the rest of the world).
The older a private key gets, the more likely it has been compromised, maybe by VM cloning, backup media leaking, etc.

To address that, you should change the keys periodically. Prompting the user is pointless, because the connection is trusted.

WHOA, let me back up a minute, you did know your session data is actually encrypted with symmetric keys right? ... and those keys are in similar fashion changed on a regular basis without your knowledge?
If you didn't know that, well.. that explains 99% of the ignorance I'm seeing on this page.

SSH's key management is an absolute joke, but this is a step in the right direction at least. The only thing I can imagine is the authors figured people would be using kerberos in all but the smallest shops... and I'm being nice assuming SSH's kerberos integration is any good.

Comment Re:Other than the obligatory security theatre... (Score 1) 110

... just what would the fighter escort hope to accomplish? Are we really ready to order fighter pilots to shoot down airliners over a phoned-in threat? I guess all it'll take now to spook passengers and completely disrupt air travel in the U.S. is a few bozos with bunch of pre-paid or stolen cellphones.

IDK, observation maybe? Or did you want to hope for cellphone videos to explain what happened?

Comment Re:I have an even better idea (Score 0) 304

by ToasterMonkey (#48893649) Attached to: Government Recommends Cars With Smarter Brakes

Let's just enforce existing laws and get dangerous drivers off the road. THERE IS NO RIGHT TO DRIVE. If you are a dangerous driver you can and should be taken off the road.

I was a safe driver for 11 years; no tickets, no accidents, no "close calls", no complaints. Then one day I was driving to the airport early in the morning, got distracted by my radio, didn't notice that the traffic light was red, and ran right into a car that was (legally) crossing the intersection.

My question: should I have been driving for those previous 11 years? If not, why not? What kind of test would you have had me take to show that I was a dangerous driver? Or, if I was a safe driver except on that one morning, how would your plan have prevented my accident?

The fact is, most people are safe drivers most of the time. Except for when they're not.

OMG! You're saying the red light camera didn't dissuade you from driving through a red light??!!!!11 /snark

Comment Re:Just give the option to turn it off... (Score 1) 823

by ToasterMonkey (#48882147) Attached to: Fake Engine Noise Is the Auto Industry's Dirty Little Secret

Honestly, most modern cars these days are already so silent, the only sound you hear from them is the cooling fan and the tire noise. It is only the 'muscle' type cars, that make noise, and like the article says, its just because people expect them to. Hell, the 'Harley Davidson' edition Ford F150 magically sounds like a motorcycle, because they can make it sound any damn way they want now. I agree, the idea of mandating 'fake engine noise' is preposterous, because its pretending this is a new problem, when cars have already been nearly dead silent at parking lot speeds for years now.

You made a very good point, all cars should have some sort of directional warning sound at parking lot speeds.

Comment Re:Hello microwave (Score 1) 181

older non-PMR drives

Those drives are now museum artifacts, so your concern is of no practical use. No mainstream 2.5/3.5 in. hard drive manufactured in the last 15 years is recoverable after a zero-out.

If it does't severely impact your wiping throughput needs, at least use some crappy PRNG instead of zeroes.

A more likely problem than using a 15+ year old hard drive today is today's hard drive being read 5/10/15 years from now with THEIR technology.

I would like to say all information about my life more than X years old is worthless, but I know that is not generally a safe assumption. All sensitive information has its own lifespan, sometimes very long.

Comment Re:How about educating your dumbfuck mother? (Score 2) 463

by ToasterMonkey (#48734065) Attached to: Writer: How My Mom Got Hacked

Oh wait I forgot - you can't blame the victim ever no matter how much of a stupid fucking idiot they are!

I blame our industry for being as you put it "stupid fucking idiots". The most common attack vector for this particular malware and many like it is email attachments.

It's 2015 anyone in the world can still send an email with file attachments to anyone using whatever FROM address they'd like without any prior trust relationship, vetting or authorization by receiver. Most mail clients let users execute it in the same security context as the user without so much as a peep.

It isn't the users fault they don't fully understand the depths to which the technology they are using is completely broken and wholly unsuitable for purposes for which it is used by countless millions on a daily basis.

It is *our* fault for installing AV software and going back to picking our noses. *MILLIONS* of people are being exploited using the same attack vectors with malware and spyware... this business of calling everyone "fucking idiots" is getting old.

You nailed it. There is some kind of blindness among geeks to how much otherwise worthless knowledge is actually needed to properly operate a computer, all in the name of convenience for the elite who feel they earned the right to look down on everybody else. General purpose computing is just filled to the brim with self-created problems. I'm always seeing this sort of attitude displayed that computers are to serve "computer users"... not pilots, accountants, doctors, lawyers, general contractors, etc. It feels like work created by computers vs. work saved is a much higher ratio than necessary.

Comment Re: Its a cost decision (Score 2) 840

Absolutely incorrect. I have an old sewing machine that was my great grandmother's. It still works perfectly. It is old enough that the sticker inside gives a 5 digit phone number for the service center.

It's construction is heavy to say the least. 'value engineering' (read planned obsolescence) hadn't been invented yet. For quite a while after it was invented it was considered a sign of a shoddy company that is not to be trusted. But the frog in much closer to boiling now.

Any idea what the inflation adjusted cost of that thing would be today? That would be very telling, and what do you get for that money today I guess.

Slashdot Top Deals

People who go to conferences are the ones who shouldn't.

Close