danaris - Slashdot User

Comment Re:failed industry (Score 1) 67

by danaris on Tuesday April 21, 2015 @03:36PM (#49522395) Attached to: How Security Companies Peddle Snake Oil

Try this, "drivers are a threat to our road system." They clog it up and very often they crash into each other and cause serious issues to traffic. We need to protect the road system against *drivers*. Can we automate *cars* so they work without *drivers* as much as possible?"

Lo and behold, Google and any number of other entities are working on this very problem.

Except that that's not a valid analogy.

Automobile-based transportation systems (consisting of road, car, and car occupants) will, indeed, work just fine once we have made the cars run without drivers.

But if you remove the user from the equation of computer security, suddenly all you have is a bunch of perfectly secure computers that no longer have any purpose to their existence.

The reason we have computers is so that people can use them to perform a variety of tasks. It is fundamentally impossible to remove the user from the equation while still achieving the desired result—unless you have become so skewed with tunnel vision as to believe that the desired result is a perfectly secure computer.

The result we should all be aiming for is a computer that can perform the tasks required of it by its users without them running the risk of compromising security through their activities.

Dan Aris

Comment No mutually acceptable options (Score 3, Insightful) 101

by danaris on Monday April 20, 2015 @11:20AM (#49511001) Attached to: Comcast and TWC Will Negotiate With Officials To Save Their Merger

I would say it's unlikely to the point of ridiculousness that Comcast would ever accept the kinds of restrictions on the merger that would prevent things from getting worse than they are already, let alone start to reverse the merciless devastation of the public interest and regulatory capture that's already happened.

I think the most likely outcomes of this are the DoJ allowing the merger with some relatively superficial conditions (like the 5-year enforcement of net neutrality regulations that was imposed for the merger with NBC/Universal) or blocking it entirely. Much depends on how much the DoJ people in question actually value their role as regulators, versus their role as toll (aka bribe) collectors.

Dan Aris

Comment Re:Obvious (Score 1) 350

by danaris on Sunday April 19, 2015 @02:07PM (#49505515) Attached to: Does Lack of FM Support On Phones Increase Your Chances of Dying In a Disaster?

Hurricanes can strike essentially the entire southeast quarter of the country with devastating force, and can even hit further north along the Atlantic coast. They're possible on the Pacific coast, too, but much less likely, I believe.

Due to the temperature along the eastern Pacific, it is physically impossible for a hurricane to really hit the US West Coast (minor exceptions in CA, but they're mostly just strong rain by the time they hit the shore).

OK, thanks. All I was sure of was that I couldn't recall hearing of a meaningful hurricane hitting the Pacific coast.

Dan Aris

Comment Re:Obvious (Score 2) 350

by danaris on Sunday April 19, 2015 @11:18AM (#49504769) Attached to: Does Lack of FM Support On Phones Increase Your Chances of Dying In a Disaster?

Jokes aside, most of us live in areas that are not prone to hurricanes, tornadoes, earthquakes, or Godzilla. If you do choose to live in such places, it is important to be prepared, and have an emergency kit. In which you can just pack in a good ole' FM battery.

I dunno, a large fraction of America is under threat from the first three of those natural disasters.

Hurricanes can strike essentially the entire southeast quarter of the country with devastating force, and can even hit further north along the Atlantic coast. They're possible on the Pacific coast, too, but much less likely, I believe.

Tornadoes are common in more or less the middle third.

Earthquakes are only highly common in California (that I know of offhand), but can be something of a threat in other areas as well (the more so with all the fracking that's been going on).

But there are other natural disasters to watch out for, too. The one that comes most readily to mind is wildfires, which affect the entire west, particularly now that it's been in a severe drought for years.

So that leaves the inland Northeast, and some of the northern Midwest and Rockies. I don't think "most of us" live in those areas.

(I do, though, and I'm very happy that the closest thing to a natural disaster I have to deal with is the occasional—read, about once every decade or so—2-4 foot snowstorm.)

Dan Aris

Comment Re:Bashir of course! (Score 1) 191

by danaris on Wednesday March 25, 2015 @07:58AM (#49334609) Attached to: Your favorite Julian?

Good television? Today? I'll agree some of it is good but 90 percent is pure mental drivel. The wildly popular Kardashians make me want to vomit. If that was all that was on I'd have no TV. Watching grass grow or maybe watching paint dry is more interesting than most of what passes for entertainment today.

TV today is better than it was 5-10 years ago. The reality show craze has faded somewhat, and though the genre is clearly going to stick around, we still have some damn good shows on TV today—things like Mad Men, Game of Thrones, and The Walking Dead, just to name a few.

Yeah, there's crap on TV. There's going to be crap in the visual programming lineup as long as there remains a visual programming lineup, because some people will pay to see crap.

All that said, what I was mainly talking about was the television available in the '90s (when DS9 came out) as compared to what was available in the '60s (when the original Star Trek came out).

Dan Aris

Comment Re:Bashir of course! (Score 4, Insightful) 191

by danaris on Monday March 23, 2015 @11:02AM (#49320431) Attached to: Your favorite Julian?

...So you don't find that, among your club, DS9 is the runaway favourite of the various series? Because that's certainly the case among those I know.

I've encountered a few (mostly online) who rant bitterly that it was a terrible soap opera of a series, and that the only real Star Trek had Kirk and Spock, but I think most fans these days are more interested in what actually makes good stories and good television than holding onto a particular image of "what Star Trek should be" that's now nearly 50 years old. (If only because there are more people left alive who grew up with actual good television than those who grew up with what was available when the original Trek came out...)

Dan Aris

Comment Re:simple opinion (Score 1) 320

by danaris on Friday March 20, 2015 @11:04AM (#49301413) Attached to: Why I Choose PostgreSQL Over MySQL/MariaDB

I've used MySQL for almost 20 years for different projects of mine. In my professional life, I've also used ADABAS, Oracle and this and that other.

I was interested in Postgres some years ago but never went beyond reading one book. Then two years ago I decided to start a new project with Postgres from the start, because I wanted PostGIS.

I'm not looking back. Every future project I do will always use Postgres. Aside from the technical and functional and other rational arguments, the feeling you get is like graduating from BASIC to a real programming language.

Can you comment a little about some of the specifics of what makes it feel that way, for those of us who haven't had the opportunity to use it much, but are interested?

Dan Aris

Submission + - "Apple Pay Fraud" Is Mostly FUD

Submitted by danaris on Wednesday March 18, 2015 @10:45AM

danaris writes: Rene Ritchie points out in his article entitled "Banks still trying, failing to deflect fraud onto Apple Pay":

There's no "vulnerability" in Apple Pay. Apple Pay remains so secure the only way criminals can take advantage of it is though traditional social engineering attacks against banks. The "vulnerability" here is the approval process used by the banks.

The recent rash of news stories regarding fraud in Apple Pay really has very little to do with Apple Pay itself, and despite the apparent attempts to cast the new service in a bad light, there's absolutely nothing about using Apple Pay that opens a user up to more potential fraud. Rather, they are all referring to a single practice: that of taking an already-stolen credit card number and activating it on Apple Pay. This is possible primarily because the banks do not take greater steps to verify that cards activated on the service are valid.

Comment The new MS (Score 2) 317

by danaris on Tuesday March 17, 2015 @07:32PM (#49279691) Attached to: Microsoft Is Killing Off the Internet Explorer Brand

It is sort of unfair to nail MS too much for IE. The big problem was javascript and really javascript is still a big problem.

Nonsense. The big problem was the "not invented here" syndrome. I started writing HTML in about 1998 or so, maybe earlier, and IE has always been a PITA because it always had its quirks and wanted to be treated special. Everyone else was at least trying to implement the standard, MS attitude was basically to fuck it from both sides and approaching the Internet with a "you will write this stuff the way we want" attitude.

And from what I've seen of Microsoft since Nadella took over, I would be surprised (and disappointed) if they continued in that attitude with whatever they call the new browser—not just because they've been playing nicer with the civilized world, but because they seem to recognize that they have to if they don't want to just dry up and blow away over the next decade or so.

When they originally released IE, they could do that because as screwed-up and frustrating as it was for the rest of us, they were right with that attitude. Now? They're not the big dog on the browser block anymore. If they try to push random crap that neither Apple nor Google support (or refuse to support stuff that both Apple and Google are backing, that's actually in use), it's just not going to fly.

Dan Aris

Comment Re:Reality of YikYak (Score 1) 367

by danaris on Monday March 09, 2015 @10:03PM (#49221539) Attached to: Yik Yak Raises Controversy On College Campuses

> Are they credible? There's no way to know. Because we don't know who's sending them. So they have to be treated as credible

I would arge that the exact opposite it true. Because we have no way of knowing if a threat is credible, the only logical approach is to assume that *none* of them are. Furthermore, there are very few cases where an anonymous threat could possibly be credible. Threats don't work if you can't back them up, and how do you prove you can back them up if nobody knows who you are? Terrorists don't send in anonymous bomb threats, they send in videotapes in which they have actual hostages, so that people will know they are serious.

But the difference in this case is that the death threats in question were sent by people claiming to be other (unspecified) students on campus, not random people somewhere halfway across the globe.

Terrorists take responsibility for crimes because their entire reason for existing isn't killing people or doing property damage—it's spreading terror. If a specific person wanted to kill another person for a specific thing they did on campus (which was the ostensible case in the death threats issued last fall), they have every reason for wanting to remain anonymous. Their purpose is the killing of the person and the message it sends.

It's not like the anonymity makes it harder for them to kill the person, or harder to have the killing send a racist or classist message (which were both part of the threats sent in this case). Not when they have a platform like YikYak on which to anonymously declare the reason for their murders.

Dan Aris

Comment Re:Reality of YikYak (Score 1) 367

by danaris on Monday March 09, 2015 @11:10AM (#49215177) Attached to: Yik Yak Raises Controversy On College Campuses

From what I understand (and I have only sketchy information on this), the police were contacted, and YikYak was asked for an IP address.

However, either they refused to give one, or it ended up being some public computer (this is, after all, a university; there are hundreds of public computers on campus). Nothing the police can do about that. Even CSI's reality-bending tricks would have trouble figuring out which of dozens of people who sat at that computer might have sent the message.

Dan Aris

Comment Reality of YikYak (Score 5, Insightful) 367

by danaris on Monday March 09, 2015 @10:01AM (#49214659) Attached to: Yik Yak Raises Controversy On College Campuses

Here's the harsh reality:

On the campus I work for, there have been death threats posted on YikYak. Are they credible? There's no way to know. Because we don't know who's sending them. So they have to be treated as credible—and the university simply doesn't have the resources to provide even one person with 24/7 protection, let alone the half-dozen or so that the death threats were issued against.

So the administration's response was basically, "We cannot protect you if someone is determined to get at you. If you believe the threats are credible, then our best recommendation is for you to leave the campus." And some of them did. I believe they came back after winter break, but still, they missed final exams, and I have no idea how much hassle that's going to cause them in the long run.

Which all means that if you are a person who has a grudge against someone else on campus, and few scruples, you can get them more or less kicked off of campus by issuing an anonymous death threat against them on YikYak.

Is that the kind of "harsh reality" you think is appropriate? Where people who are just trying to get a decent education (and paying a pretty penny for it) can be forced to make the choice between abandoning it, and risking their lives by staying on campus, just because some asshole with an anonymous YikYak account wants them to?

I get the importance of anonymity in free speech, believe me. But free speech is a means to an end, not an end in itself. That end, broadly, is a free society. And society works because bad actors can be called to account for their bad actions. If people can do bad things without threat of consequence, the whole thing starts to fall apart.

Dan Aris

Comment Re:There is one major entity - Apple (Score 3, Insightful) 114

by danaris on Thursday February 26, 2015 @04:10PM (#49140505) Attached to: Schneier: Everyone Wants You To Have Security, But Not From Them

The fact that there is really no major entity working to keep our data safe for ourselves and ourselves alone

Apple does this. Look at HealthKit for example, all data is stored locally, Apple doesn't mine it. They allow you to control who has what access to specific parts of the data.

It's not exactly true of all data, but Apple tries to give you specific control of data where it can.

The reason why Apple does this and other companies do not is simple - Apple actually makes money selling hardware. Google and Facebook have no revenue except what they can extract from you data, so they have totally different motivations.

This is true—I tend not to think of Apple as "an entity working to keep our data safe," since I primarily think of them as a hardware/OS vendor. But yes, any data Apple does happen to hold of yours is as safe as they can make it from those who want to monetize it—and they don't care to do so themselves.

Dan Aris

Comment Did you read it? (Score 5, Insightful) 114

by danaris on Thursday February 26, 2015 @03:13PM (#49139675) Attached to: Schneier: Everyone Wants You To Have Security, But Not From Them

That's not what he said at all. I mean, I'm not disagreeing with you substantially, but that's completely separate from the actual point of the piece.

It's all about the fact that, in order to do many or most of the things we want to do today, we have no choice but to give someone access to our data—but that almost everyone we could give that access to wants to (ab)use it to make money.

More importantly, that's even true of those who actually want to help keep our data secure from others—even our governments.

The fact that there is really no major entity working to keep our data safe for ourselves and ourselves alone—and that there are so many, even those that theoretically should be trying to do so, working directly against that end—is definitely something we need to be concerned about, far beyond simply bemoaning the stupidity of all the "lusers" who will happily give away their data for free because they just don't know any better.

Dan Aris

Comment Re:Good grief... (Score 1) 681

by danaris on Monday February 23, 2015 @01:03PM (#49112631) Attached to: Bill Nye Disses "Regular" Software Writers' Science Knowledge

And if you want to learn programming, going to university is probably the worst way of doing it. You'll learn the most simply Java anyone can imagine, will be dissuaded from doing what good programmers should be doing - writing as little code as possible by yourself and using library functions wherever possible, and things like testing and frameworks you will - maybe - meet in higher semesters when your bad habits are already solid. Also, you'll learn a couple programming languages that are so obscure that your professor is one of 10 people submitting patches to the compiler and its Wikipedia page doesn't require you to scroll. On an iPad.

Broadly, I agree with this, but there is an important exception I think should be mentioned: Learning how to think like the computer. This isn't something that gets taught directly, but something that you can learn through exposure to multiple languages.

I think the best courses I took in my college CS degree were the couple that were essentially a survey of different types of programming languages. In a single semester, we learned the basics of Pascal, ML, Smalltalk, and Lisp (and probably 2-3 others I've forgotten about).

The important thing wasn't to retain the actual skill in each of the languages, though, and the professor knew that—it was to get a feel for several different types of programming. Before I took those courses, I knew how to write code in C and Javascript. After I took those courses, I had the fundamental modes of thought necessary to pick up nearly any programming language.

Dan Aris

Slashdot Top Deals