Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

Comment My experience is different. (Score 3, Insightful) 29

by khasim (#48927043) Attached to: Book Review: Designing and Building a Security Operations Center

The truth is that many firms simply don't have the staff and budget needed to support an internal SOC. They also don't have the budget for an MSSP. With that, Mike Rothman of Securosis noted that these firms are "trapped on the hamster wheel of pain, reacting without sufficient visibility, but without time to invest in gaining that much-needed visibility into threats without diving deep into raw log files".

In my experience it is not the budget but the politics.

Is your company's security worth the expense of an additional tech? Or are office politics the reason you cannot get an additional tech?

Does whomever is in charge of your technology have the authority to say "no" to requests from other departments? And the political capital to make it stick?

I've seen too many examples of companies "suffering" from the problems their own decisions/environment created.

Retrofitting security is not the answer.

Comment Re: just put a motor on the elevator itself (Score 1) 248

by arth1 (#48926067) Attached to: Engineers Develop 'Ultrarope' For World's Highest Elevator

Elevator brakes are one of the most elegant solutions known to man, and perhaps more crucial to the continued popularity of the cabled elevator. The brake is held open by spring tension generated by the interaction of the elevator and the cable. If the cable gets cut, the brake engages. That's it. Any other type of elevator would need a more complicated break system. Detection of fault conditions would be a separate action that triggers the brakes. That means delays, and the possibility of errors. It is practically impossible for a properly built cable elevator to plummet. You cannot say the same for any cableless concept design. One of the simplest ideas in legal liability is that if you opt to do something the more dangerous way, you're liable. You must have very good grounds to justify the risk.

You miss that in a pinion or cog driven elevator with the motors in the building, there is no need for emergency brakes - being stationary is the default state. Only if a motor moves the cart along will it actually move - up or down.
To me, that seems like far less risks than having a system where you need emergency brakes for safety, no matter how elegant.

And this system is in use in many assembly lines. The motors are stationary, and the carts won't move unless driven. And while most are horizontal systems, there are vertical ones too. Boxes with holes or pinions on the side are lifted or lowered by cogwheels, and there is no possibility of them falling. They can reach quite high speeds too, unlike the typical self-driven pinion-and-rack lifts that you see on boatyards and libraries.

Submission + - Spider spins electrically charged silk (sciencemag.org)

Submitted by sciencehabit
sciencehabit writes: In their quest to make ultrastrong yet ultrasmall fibers, the polymer industry may soon take a lesson from Uloborus spiders. Uloborids are cribellate spiders, meaning that instead of spinning wet, sticky webs to catch their prey, they produce a fluffy, charged, wool-like silk. A paper published online today in Biology Letters details the process for the first time. It all starts with the silk-producing cribellar gland. In contrast with other spiders, whose silk comes out of the gland intact, scientists were surprised to discover that uloborids’ silk is in a liquid state when it surfaces. As the spider yanks the silk from the duct, it solidifies into nanoscale filaments. This “violent hackling” has the effect of stretching and freezing the fibers into shape. It may even be responsible for increasing their strength, because filaments on the nanoscale become stronger as they are stretched. In order to endow the fibers with an electrostatic charge, the spider pulls them over a comblike plate located on its hind legs. The technique is not unlike the so-called hackling of flax stems over a metal brush in order to soften and prepare them for thread-spinning, but in the spider’s case it also gives them a charge. The electrostatic fibers are thought to attract prey to the web in the same way a towel pulled from the dryer is able to attract stray socks.

Comment Re: just put a motor on the elevator itself (Score 1) 248

by arth1 (#48920975) Attached to: Engineers Develop 'Ultrarope' For World's Highest Elevator

The motor on an elevator like Noah is suggesting would have to provide enough force to counteract the entire weight of the elevator + payload + motor + friction, which is at least an order of magnitude more than a traditional elevator.

Not necessarily, no. Put fixed motors on the shaft walls, not in the elevator, and put pinions on the outside walls or corners of the elevator. The only extra weight would be of the elevator itself, less the weight of the hanging cable which elevators today have to move, and less the weight of the braking system, which would now be in the building, not the elevator.
And the much smaller building mounted motors can recuperate some of the energy whenever the elevator is descending.
Because each motor would only have to lift the elevator for a small distance before the next motor takes over, I imagine that higher speeds can also be attained, with less energy expenditure.

Comment Re:Finaly. (Score 2) 225

by kimvette (#48919441) Attached to: YouTube Ditches Flash For HTML5 Video By Default

The problem really isn't and hasn't ever been animation sites. The problem is that Flash has often been used where it doesn't belong; forms on business sites, ENTIRE web sites built using flash so you cannot bookmark a page, and stuff like that, and Flash doesn't work particularly well on touch screens. Like BLINK, Flash has been used and abused to the point where it is an abomination.

Comment Re:Coding vs. literacy (Score 1) 212

by arth1 (#48915523) Attached to: Why Coding Is Not the New Literacy

You seem to have taken this very personal, resorting to personal insults for a post that had nothing whatsoever to do with you.
I suggest you change the relationship and automatically score mod my posts so you don't see them, because I will keep on ranting about things I feel like ranting about, out of the blue, without taking your feelings and opinions into consideration. They're worth exactly nothing to me - sorry.

Submission + - What Makes a Great Software Developer? (dice.com)

Submitted by Nerval's Lobster
Nerval's Lobster writes: What does it take to become a great—or even just a good—software developer? According to developer Michael O. Church’s posting on Quora (later posted on LifeHacker), it's a long list: great developers are unafraid to learn on the job, manage their careers aggressively, know the politics of software development (which he refers to as 'CS666'), avoid long days when feasible, and can tell fads from technologies that actually endure... and those are just a few of his points. Over at Salsita Software’s corporate blog, meanwhile, CEO and founder Matthew Gertner boils it all down to a single point: experienced programmers and developers know when to slow down. What do you think separates the great developers from the not-so-fantastic ones?

Comment Re:Coding vs. literacy (Score 1) 212

by arth1 (#48914105) Attached to: Why Coding Is Not the New Literacy

What you talking about is spending 80% of total effort on 20% of the features of the product. Often these features are not even readily visible to anyone.

Apps not freezing or crashing or becoming unusable by the customers aren't features.
They're side effects of programmers (among other things) actually understanding the underlying system and what happens when you poke the beast.

Submission + - Kim Dotcom offers up secure 'Skype Killer' voice chat (networkworld.com)

Submitted by colinneagle
colinneagle writes: Kim Dotcom, the controversial German expat living in New Zealand whose file-sharing site was busted by U.S. federal agents, has launched an end-to-end encrypted voice and video chat service that operates through the browser called MegaChat, which will now be available for free to the 15 million registered users of his file-sharing service Mega.

MegaChat aims to provide an alternative to the current voice and video chat services which Dotcom himself has accused of cooperating with government snooping. "No U.S.-based online service provider can be trusted with your data," Dotcom once claimed. "Skype has no choice. They must provide the U.S. government with backdoors."

However, Dotcom has also claimed that there are backdoors in Chrome and Firefox, so if you are using them to browse, how can he guarantee end-to-end encryption? And while Mega is great for file sharing, its track record for security is a little dubious. Right after its launch, there was criticism of the implementation of the site's security, from cross-site scripting flaws to poorly implemented encryption, and later it was found that Mega passwords could be extracted with basic hacking tools.

Submission + - Opera founder unveils feature-rich Vivaldi power browser. (gigaom.com)

Submitted by cdysthe
cdysthe writes: Almost two years ago, the Norwegian browser firm Opera ripped out the guts of its product and adopted the more standard WebKit and Chromium technologies, essentially making it more like rivals Chrome and Safari. But it wasn’t just Opera’s innards that changed; the browser also became more streamlined and perhaps less geeky.

Many Opera fans were deeply displeased at the loss of what they saw as key differentiating functionality. So now Jon von Tetzchner, the man who founded Opera and who would probably never have allowed those drastic feature changes, is back to serve this hard core with a new browser called Vivaldi.

Submission + - Why Screen Lockers On X11 Cannot Be Secure (martin-graesslin.com)

Submitted by jones_supa
jones_supa writes: One thing we all remember from Windows NT, is the security feature requiring the user to press CTRL-ALT-DEL to unlock the workstation (this can still be enabled with a policy setting). The motivation was to make it impossible for other programs to mimic a lock screen, as they couldn't react to the special key combination. Martin Gräßlin from KDE team takes a look at the lock screen security on X11. On a protocol level, X11 doesn't know anything of screen lockers. Also the X server doesn't know that the screen is locked as it doesn't understand the concept. This means the screen locker can only use the core functionality available to emulate screen locking. That in turn also means that any other client can do the same and prevent the screen locker from working (for example opening a context menu on any window prevents the screen locker from activating). That's quite a bummer: any process connected to the X server can block the screen locker, and even more it could fake your screen locker.

Submission + - CIA source of NY Times reporter James Risen convicted on circumstial evidence (nytimes.com) 2

Submitted by webanish
webanish writes: The New York Times reports:

Jeffrey A. Sterling, a former Central Intelligence Agency officer, was convicted of espionage Monday on charges that he told a reporter for The New York Times about a secret operation to disrupt Iran’s nuclear program.

The case revolved around a C.I.A. operation in which a former Russian scientist provided Iran with intentionally flawed nuclear component schematics. Mr. Risen revealed the operation in his 2006 book, “State of War,” describing it as a mismanaged, potentially reckless mission that may have inadvertently aided the Iranian nuclear program.

While this comes as no surprise given the Obama administration's record on going after whistleblowers releasing secrets in public interest, the ramifications of these building cases could be twofold.

  • Legitimate issues which should be discussed in public are withheld out of fear
  • Leakers might not always act so benevolently to go to reputed press institutions

To an outsider, it seems there is widespread support for Snowden and responsible whistleblowing laws. Why is there no momentum for this in the government?

Comment Re:First Sale (Score 1) 468

Exactly right! What a lot of people don't understand is that the First Sale Doctrine is a defense not an offense. In other words, if you buy a copyrighted item, like a book, and resell it, the First Sale Doctrine protects you from getting successfully sued by the copyright holder for doing so. In other words, it is a defense. It does not however, put any obligations on the publisher to provide any support to ensure that these later customers can use the product.

Neither does it give them a right to burn my book.

The problem here is that you don't buy a game. You buy a license to use a game. They revoke the license, which is their right, but by doing so, you are no longer bound by the license terms either, which includes the payment you made. Depending on the jurisdiction, you might have a good case for winning a small courts claim or similar, covering the purchase price and reasonable legal expenses.

Comment Re:Escaping only helps you until a war. (Score 2) 339

by khasim (#48911881) Attached to: Davos 2015: Less Innovation, More Regulation, More Unrest. Run Away!

The Army alone has about 500,000 soldiers. A lot of them are in support roles but a private military also needs support.

Where are the families of the people in the private military? Because if they have to go back to the USofA (the "enemy" in this scenario) to visit Mom and Dad then there's going to be a problem. So you'll need room on the uber rich estate for the families of your military. And your support personnel.

Which brings up the infrastructure to support those families. Schools, hospitals, etc. Which means more support personnel.

Which means more schools and hospitals, etc.

Of course you can skip that if you want to. But remember who has the guns.

Comment Re:Coding vs. literacy (Score 1) 212

by arth1 (#48911695) Attached to: Why Coding Is Not the New Literacy

I'm not talking about messing with IO requests. I'm talking about understanding what happens when they're issued, whether it's by you or a library you use, so you don't lock up a system for no good reason.
But these days, this is considered "arcane knowledge" and is ignored, in favor of blindly using magic toolkits and libs, and blaming the system for not performing when it's the app that is badly designed out of ignorance.

Slashdot Top Deals

New York... when civilization falls apart, remember, we were way ahead of you. - David Letterman

Close