Comment Documentation is King (Score 3, Interesting) 225
For better or worse, I've always given the intel compiler the benefit of the doubt. They have access to documents that the GCC folks don't.
Comment Re:No reproduction (Score 0) 327
as the case may be
Don't you mean "as the case will be"?
Comment What a prize (Score 1) 260
top prize being a trip to the sponsoring company's headquarters to interview for a job
Last time I checked (a bit over a year ago), the normal cost of that "prize" is to spend a few hours on making an updated resume. Granted, I may be on the lucky side of having the experience needed to open doors, but I suspect that as a rule skilled people find more convenient ways to get doors open.
That stated, if the potential job had a particularly impressive salary, I might change my mind.
Comment Not fooling (Score 1) 92
The worst part is that this almost sounds like a good idea.
Submission + - Yahoo! Pushing Java Version Released in 2008 (krebsonsecurity.com)
futhermocker writes: From TFA:
"At a time when Apple, Mozilla and other tech giants are taking steps to prevent users from browsing the Web with outdated versions ofJava,Yahoo!is pushing many of its users in the other direction: The free tool that it offers users to help build Web sites installs a dangerously insecYahoo! has offered SiteBuilder to its millions of users for years, but unfortunately the tool introduces a myriad of security vulnerabilities on host PCs.SiteBuilder requires Java, but the version of Java that Yahoo! bundles with it isJava 6 Update 7. It’s not clear if this is just a gross oversight or if their tool really doesn’t work with more recent versions of Java. The company has yet to respond to requests for comment.
"At a time when Apple, Mozilla and other tech giants are taking steps to prevent users from browsing the Web with outdated versions ofJava,Yahoo!is pushing many of its users in the other direction: The free tool that it offers users to help build Web sites installs a dangerously insecYahoo! has offered SiteBuilder to its millions of users for years, but unfortunately the tool introduces a myriad of security vulnerabilities on host PCs.SiteBuilder requires Java, but the version of Java that Yahoo! bundles with it isJava 6 Update 7. It’s not clear if this is just a gross oversight or if their tool really doesn’t work with more recent versions of Java. The company has yet to respond to requests for comment.
Submission + - Everything you know about password-stealing is wrong (microsoft.com) 1
isoloisti writes: An article by some Microsofties in the latest issue of Computing Now magazine claims we have got passwords all wrong.
When money is stolen consumers are reimbursed for stolen funds and it is money mules, not banks or retail customers, who end up with the loss. Stealing passwords is easy, but getting money out is very hard. Passwords are not the bottleneck in cyber-crime and replacing them with something stronger won’t reduce losses. The article concludes that banks have no interest in shifting liability to consumers, and that the switch to financially-motivated cyber-crime is good news, not bad.
Article is online at computer.org site (hard-to-read multipage format)
http://www.computer.org/portal/web/computingnow/content?g=53319&type=article&urlTitle=is-everything-we-know-about-password-stealing-wrong-
or pdf at author’s site.
http://research.microsoft.com/pubs/161829/EverythingWeKnow.pdf
When money is stolen consumers are reimbursed for stolen funds and it is money mules, not banks or retail customers, who end up with the loss. Stealing passwords is easy, but getting money out is very hard. Passwords are not the bottleneck in cyber-crime and replacing them with something stronger won’t reduce losses. The article concludes that banks have no interest in shifting liability to consumers, and that the switch to financially-motivated cyber-crime is good news, not bad.
Article is online at computer.org site (hard-to-read multipage format)
http://www.computer.org/portal/web/computingnow/content?g=53319&type=article&urlTitle=is-everything-we-know-about-password-stealing-wrong-
or pdf at author’s site.
http://research.microsoft.com/pubs/161829/EverythingWeKnow.pdf
Comment Re:Centos is awesome! (Score 2) 96
Nah, Scientific Linux is better
Comment Re:You're holding it upside down (Score 1) 38
The FDA reported that 75% of recalls did not in any way involve a software failure.
I realize you're saying this tongue-in-cheek, but frankly, it's the better way of looking at it.
Comment Re:Darwinian selection at work... (Score 1) 168
For an online community that largely values a scientific way of looking at things, I'm rather disappointed in slashdot every time the topic of airport scanners comes up. Unless my understanding of these scanners is dramatically incorrect, using the word "X-rays" is a misnomer. So far as I know, these scanners are using non-ionizing radiation. Nothing is getting 'nuked'. Even using these words in jest contribute to public fear of anything involving radiation.
Now, if you have objections to the TSA seeing you naked, that's a completely different topic. Likewise, if you think that non-ionizing radiation is more dangerous than it's generally thought to be, put down your cell phone and go live in the woods.
Comment Re:The government already has security requirement (Score 1) 77
What possible good is re-encrypting the same test data every time you load the library? Either the algorithms are correct, or they're not.
Comment Re:The government already has security requirement (Score 1) 77
What's your issue?
I have lots of issues with FIPS 140-2. Number one on the list is the fact that the list does more to constrain algorithms than to guarantee a good algorithm will be used. Number two... people are afraid to upgrade to a newer OpenSSL with security patches for fear of loosing their precious $50,000 validation. I also have issues with the self-testing requirements. It's a waste of CPU time. Why make people wait an extra half-second every time they open a program that uses encryption?
Comment The government already has security requirements (Score 1) 77
Uncle Sam already plays a heavy hand by defining standards that apply to software products that are sold to the US government. Ever hear of FIPS 140-2? The document that says exactly which encryption algorithms are allowed and not allowed? Both Microsoft and Linux vendors (RedHat, SuSE) have incorporated FIPS mode in their operating systems. Not surprisingly, these modes are generally turned off...
