Desult - Slashdot User

Comment Re:On the other side, a bit looming problem (Score 1) 1116

by tgd on Tuesday April 08, 2014 @03:49PM (#46697751) Attached to: Mozilla CEO Firestorm Likely Violated California Law

How do you color the whole issue as him only resigning, when three board members quit over his presence there. That's a lot of pressure from the company.

It looks an awful lot like coercion...

But, isn't it up for him to sue if he feels he did not resign voluntarily? It seems like he probably would not do so.

The problem is, the CEO's job is to be the figurehead for the company. He's not the President -- he's not in an operational position, his sole job is to represent the company to the board and the public. His inability to do so effectively is absolutely grounds for removing him. Its a fine line to walk when you get arcane labor laws into the picture, but the fact is, with the uproar he wasn't capable of doing the singular thing his job exists to do. If he was the President of the company, I doubt he would've been pressured to resign. (Its very much like the laws against things like weight or sex discrimination -- when someone's job is specifically related to their fitness or gender, its been shown repeatedly that laws like these don't apply.)

Comment Re:Paranoia (Score 1) 572

by tgd on Wednesday March 05, 2014 @03:29PM (#46411539) Attached to: Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees?

It may be baseless, but it's a necessary assumption. A MITM attack means that, effectively, you are transmitting data in the clear. It is good security practice to assume that all such data is being recorded and/or logged.

Then do work at work, and non-work at home.

Comment Re:HIPAA violations? (Score 1) 572

by tgd on Wednesday March 05, 2014 @03:28PM (#46411531) Attached to: Ask Slashdot: Does Your Employer Perform HTTPS MITM Attacks On Employees?

If they do decrypt personal traffic, would they be responsible for any medical data they intercept, thus triggering HIPAA?

Note: this is a gross oversimplification, but accurate relative to this story and what you're asking ...

HIPAA has to do with patient data, not medical data. If you're not a patient of the company doing the deep inspection, then there's no issue, and there's still no issue if you signed an appropriate HIPAA waiver, even if you ARE a patient and the company in question IS a hospital. If you go to HealthVault or some other site with *your* health records in it, and they are decrypting it, that's not HIPAA in the sense you're talking about.

Hell, even if they were shuffling the SSL traffic to a cloud service hosted by a 3rd party to do the scanning, AND you were a patient, AND the 3rd party was decrypting the data, that is just fine as long as the right paperwork is in place between the two companies.

Comment Re:Cars? (Score 2) 255

by tgd on Monday February 17, 2014 @02:37PM (#46268985) Attached to: Apple Rumored To Be Exploring Medical Devices, Electric Cars To Reignite Growth

Remember when Apple was the company that came out with revolutionary new products and the rest of the industry followed them?

Apparently, now it's Google.

(Oh, and who would trust Steve Jobs' company to make their medical devices? Yes I am speaking both to his general approach to ethics, and the circumstances of his death.)

Apple:
- Not the first smartphone
- Not the first touch phone
- Not the first MP3 player
- Not the first GUI
- Not the first All-In-One
- Not the first platform for media production
- Not the first selling media

Apple's strength was, under Jobs, an impeccable sense of timing to enter the market, and marketing. They were great at making people think they were innovating, and made hundreds of billions doing it. There's nothing wrong with that except that they fundamentally weren't innovating, and they're not so good at the timing or marketing sans Jobs.

Google, on the other hand, is a train wreck of a company in desperate need of Ritalin. They throw large sums of money at ideas, other companies, and markets and pretty much nothing sticks except the things that drive more ad revenue. Things wither and die on the vine, and eventually are shed when the next shift in upper-management power comes along.

Comment Re:Sorry, it's horribly insecure, (Score 1) 731

by tgd on Wednesday February 12, 2014 @09:42AM (#46227827) Attached to: Death Hovers Politely For Americans' Swipe-and-Sign Credit Cards

The signature has never been intended to be a form of identification, which is why Visa and MC tell merchants not to require or ask for it for small purchases

Chip+PIN was never brought to the US for one simple reason -- it slows down transactions. That's why the major networks are all requiring *less* signatures, not more. They want it to be super fast to swipe your card and go.

Chip+Signature eliminates the vast majority of credit card fraud, without a change in people's behavior or experience. Skimming and cloning, or large scale theft like Target had are eliminated. There's very little real fraud that happens with people physically stealing a card.

Comment Re:Better late.... (Score 1) 731

by tgd on Tuesday February 11, 2014 @11:06AM (#46217601) Attached to: Death Hovers Politely For Americans' Swipe-and-Sign Credit Cards

The anti-counterfeiting technology implementation for currency was delayed, in part, by lobbying companies involved in vending.

Increased expenditures for new card readers and technology has been rebuffed universally because the retailers aren't typically the ones out of the cash when a fraudulent credit card is used.

The Target breach was a large enough embarrassment to light the fuel under the motivational bonfire.

Except the transition dates were laid out over a year ago. Has absolutely nothing to do with Target.

Comment Re:Sorry, it's horribly insecure, (Score 2) 731

by tgd on Tuesday February 11, 2014 @11:06AM (#46217595) Attached to: Death Hovers Politely For Americans' Swipe-and-Sign Credit Cards

In practice, it is far more secure to use a written signature than a 4-digit password that is exposed to eavesdroppers, video cameras, interception devices and a plethora of other attacks. That's secure for the person, you understand: it prevents the bank from saying "you must have lost your pin".

Which is okay, as US cards are going Chip+Signature, not Chip+PIN.

Comment Re:Very different when ... (Score 5, Funny) 303

by tgd on Tuesday February 04, 2014 @02:29PM (#46152283) Attached to: Will Microsoft IIS Overtake Apache?

It also looks very different if you sort them by name:

Apache
Google
Microsoft
nginx

Comment Re:ouch! (Score 2) 172

by tgd on Wednesday January 29, 2014 @06:53PM (#46104849) Attached to: Google Sells Motorola Mobility To Lenovo For $2.91 Billion

also, they just paid $3b for nest, wonder when they'll sell that off. seems like they're grasping at straws here.

If Nest owners could only be so lucky.

More likely they'll go a couple years, realize its not of any use, and shut it down.

Comment Re:units please (Score 1) 476

by tgd on Tuesday January 28, 2014 @03:09PM (#46093055) Attached to: Tesla's Having Issues Charging In the Cold

"below zero'

Kelvin? (is that you, Frank Herbert?)
Centigrade?
Farenheit?

Does it matter, relative to the story?

Comment Re:Occam's (Score 1) 180

by tgd on Monday January 20, 2014 @07:41PM (#46019387) Attached to: More Details About Mars Mystery Rock

Sometimes a rock is just a rock, could had ended there because winds, a chain reaction caused by the rover, even a small asteroid hitting the planet and spreading pebbles around is easier to happen than life forms moving it.

The one thing it couldn't be is wind -- air is far too thin. Dust moves, but even in massive wind, bigger rocks wont.

Comment Re:To avoid the need to wire... (Score 1) 195

by tgd on Friday January 17, 2014 @05:07PM (#45991139) Attached to: Building an Open Source Nest

Running wires is easy, and there's virtually nothing to go wrong.

When you're dealing with HVAC, simple is king.

Comment Re:The hard part (Score 2) 195

by tgd on Friday January 17, 2014 @05:06PM (#45991127) Attached to: Building an Open Source Nest

The hard part isn't building a smart thermostat. The hard part is finding somebody simultaneously dumb enough and rich enough to pay $3.2 billion for a thermostat company.

Actually, it is... and even Nest can't manage to do it right. There's quite a large number of issues with the second generation Nest units failing -- and failing "on".

A thermostat should never, under any circumstances, be able to fail "on". That's a fundamental flaw.

Comment Re:It's about time! (Score 0, Troll) 1431

by tgd on Tuesday January 14, 2014 @05:38PM (#45957379) Attached to: Man Shot To Death For Texting During Movie

I'll tell you what. I'll buy you a ticket to fly down and explain to the fatherless 3 year old how this is a win for moviegoers. Do report back on how that goes.

The kid is 3. He's not a moviegoer. The GP said its a win for moviegoers, not for the guy's family.

As a moviegoer who has no relation in any form with the victim, by any calculus if it makes people who think its okay to act like dicks think twice about being dicks, then it is, in fact, a win for me.

Comment Re:Inside job? (Score 1) 250

by tgd on Monday January 13, 2014 @04:35PM (#45943697) Attached to: Target Confirms Point-of-Sale Malware Was Used In Attack

This one is my favorite. Why any retailer is running Windows on a POS PC is beyond anyone that knows how computers work. It should be illegal.

GEtting PCI compliance certification is not cheap, and you need it if you want integrated payment. So far, not a lot of open source POS systems are lining up to pay for certification...

Once you've crossed the "root" security boundary, its just as easy to access the raw memory in Linux as it is in Windows.

And its not hard to elevate to those rights on either platform. Vulnerabilities exist on everything.

Slashdot Top Deals