Forgot your password?
typodupeerror

Comment: Re:Why? (Score 1) 213

If they come from a company retained pool, that company retained pool would be an asset on the companies balance sheet. So taking it from there lowers the company's value by 76M. The stock options are a tax dodge, but that isn't what Oracle's owners are complaining about. They are complaining about his compensation being too high. I don't think they are too worried about the exact structure of that compensation. Either way it takes from their value.

Comment: Re:Moar tin foil! (Score 2) 178

by CaymanIslandCarpedie (#45257221) Attached to: Ask Slashdot: Where Are the Complete Hosting Providers?

I have gotten incredibly sick of the tin foil hat brigade putting the NSA into every one of their conspiracy theories

If at this point, you still believe the NSA collecting private data is tin foil hat territory, I'm not sure exactly how to proceed. However, I'll assume you didn't actually mean that for purposes of the rest of the post.

Obviously you are concerned about your data being intercepted and stolen. Do you guys honestly think, for one second, that you can hide from these guys if they really want you?

OK, this statement really points that you aren't involved in information security (at least in a serious capacity anyway). Do you really guarantee you can hide from Anonymous or even script kiddies 100% of the time if they really want you? If you answer yes, then again we know you aren't involved in information security. So since the answer is no, what is your solution? Do you simply throw your hands in the air and say screw it? I cannot guarantee to stop them anyway, so lets just toss our firewall and anti-virus in the trash? No of course not. Heck even your sarcastic comment about a physically secured facility, in a faraday cage, with no internet access cannot promise the information will be secure. A simple warrant, guys with guns, breaking down your door and taking the server easily gets around that.

Information security is about risk mitigation. What can you reasonably and responsibly do to ensure the security of your client information? It isn't about guaranteeing 100% security as that is simply not possible (NSA or not). So there standard industry best practices to mitigate against risks even though that doesn't completely remove all risks. Such things include encryption, firewalls, anti-virus, IPS, DLP, etc, etc. Even if you do all of those things and more, that cannot promise 100% safety, but it does represent you doing your best to protect your clients data and not just tossing your hands in the air and saying screw it.

This NSA (I use that as they are the largest, but mean it to encompass every alphabet agency from every country) threat isn't new obviously, but the scope and visibility of it is obviously much more obvious than ever. Thus responsible IT professionals will be talking about how best to responsibly do their jobs in this regard for quite some time. I'm sorry you don't like it, but it is a good thing. New best practices on how to combat and mitigate these risks will come from such discussions. There will never be a 100% fix, but these discussions will lead to solutions that help. Those of us who take our clients information security serious obviously love these discussions. I'm sorry for you (really more for your clients) if you don't want to hear about this, but it isn't going anywhere.

Comment: Re:Your Fingerprint isn't ever stored in flash (Score 1) 303

To be clear, I don't think Apple sharing my fingerprint is the biggest problem here. I'd never use it simply because my finger print is already known or easily knowable by so many people/entities. My properly strong passwords are not.

Comment: Re:Your Fingerprint isn't ever stored in flash (Score 5, Insightful) 303

Apple touts the fact that the fingerprint is never sent over the network as a feature but in reality it can't send it over the network even if it wants to

So the data exists on the phone. The phone is connected to a network. But it is physically impossible for that data to be sent over the network? Not sure how that would work.

Comment: Re:just FUD IMHO (Score 1) 303

Certainly not FUD. A valid concern even if you personally don't think it is an issue. I personally am not worried about it != FUD.

If you want better security on your phone your best bet is stop using a 4 digit numerical passcode or incredibly simply swipe gestures and choose a properly strong/long password. My knowledge of biometrics is limited to enterprise system we had years ago which was horribly unreliable (often wouldn't allow the proper person access and would allow unauthorized people access on what seemed a random basis). I'm sure things have improved a lot since then, but still most studies you read on such systems don't leave you with much confidence.

Their best use seems to be in a 2 factor authentication scheme, but certainly not a replacement for a proper strong password.

Comment: Re:The author is either a shill or a pawn of Googl (Score 2) 332

by CaymanIslandCarpedie (#44836779) Attached to: Verizon's Plan To Turn the Web Into Pay-Per-View

An ISP's stance on net neutrality basically comes down to their view on the market. If I go to an ISP looking for access to the internet and their goal is to provide me the best internet access for my money, then they support net neutrality. Alternatively, if a customer paying you for internet access if viewed as a commodity to sell to large corporations, then net neutrality is a horrible injustice. I do applaud you for openly stating your company's position. No matter how much I hope your position fails, I do appreciate your open admission of it.

Comment: Re:Why not move? (Score 1) 182

by CaymanIslandCarpedie (#44538461) Attached to: Inside the Decision To Shut Down Silent Mail

Another thing we do as much as possible is use self-signed certs as much as possible (obviously not always possible with client facing communications). Even I thought that was paranoid until recently, but if you think about it all the NSA has to do is intercept communication to/from CAs and brute force or have some back-door into that. Brute forcing just that small subset of internet communication can give you the certs to freely read the rest of the 99.9999% of SSL/TLS communication over the web.

Comment: Re:Why not move? (Score 5, Insightful) 182

by CaymanIslandCarpedie (#44538275) Attached to: Inside the Decision To Shut Down Silent Mail

To reliably do this, they must move themselves and have a self-hosted solution. If you host your data with anyone else you need to believe they value your data more than the money to be made from it or you are worth the head-ache of annoyingly trying to protect it from government agencies.

Over the last 10 years from time to time people within my company (which highly depends on privacy) have suggested hosting our servers/services with external hosting providers/cloud solutions. Every time I refuse. Their arguments are valid. It could be cheaper. It removes the hosting burden. These large providers are experts and could have better security. Even all of that being true the overriding truth as I see it is even though they may be better, cheaper, etc I can promise you we care about our data more than they will. FBI raids a data center for someone elses server and grabs our with it? Sorry, it was the FBIs fault! Any business reality makes handing over our data a legal requirement or just more convenient legally? Sorry we had to!

The last few months revelations just confirm what I've always known. If security and privacy are your business and you take it seriously, you had better be hosting it yourself. Google may have better technical experts than you, but I promise the people who actually make decisions internally care more about your data and will fight for it more when you host internally.

Comment: Re:Uh yeah (Score 1) 501

by CaymanIslandCarpedie (#42727391) Attached to: With 128GB, iPad Hits Surface Pro, Ultrabook Territory

But according to the summary this extra memory means it isn't a tablet any more. It is now a serious device like an ultra book geared towards professionals. I'm going to go home and shove one of my 256 GB SSD in my toaster. Then that will be even more like an ultra book too than the iPad! :-)

Comment: Re:Kickstarter replaces IPO (Score 1) 70

by CaymanIslandCarpedie (#41506703) Attached to: Does Crowdfunding Work?

Are you sure you want to try and prove a negative? AFAIC Kickstarter is the proof positive that you are wrong on this. Many companies would love to be able to access the public for initial funding but they cannot.

But with Kickstarter, the owner doesn't have to give up any equity or give contributors any voice in decisions. A VERY big difference. With Kickstarter, they basically get free money to try something if people think it is a good idea.

I think though that if Kickstarter (or a competitor) comes up with the business model that allows a small investor actually to own part of the business they are investing in, there will be government intervention

Absolutely. That would already be illegal with current regulations unless done in a way to basically copy existing VC structures and thus not be public. If you want to market you company publicly you are free to do so, but that is an IPO. If you don't yet want to go public, then you do private deals. You can do a private deal with any one you choose (even private investors), just there isn't much of a market to privately approach a ton of small investors who only bring a bit of cash to the deal for hopefully obvious reasons.

Comment: Re:Kickstarter replaces IPO (Score 1) 70

by CaymanIslandCarpedie (#41506329) Attached to: Does Crowdfunding Work?

As others have said, Kickstarter has no relation to an IPO as it isn't even an investment. More confusing is reference to small investors blocked for IPOs. IPOs are by definition public to all investors. Do you mean pre-IPO? If you do mean pre-IPO what government regulation do you think stops you from investing pre-IPO? You are in fact more than free to find any private company you like and invest in it (assuming they are interested in your investment). Those are obviously risky investments, but has you say can have a lot of upside. No government restrictions however on any individual investing in any private company I'm aware of. On restriction I'm aware of is a private company cannot generally publicly market pre-IPO offerings (at that point you go IPO).

The real restriction to small investors for pre-IPO investments is the market. No company wants to take on thousands of small investors who really bring nothing to the table when they can find one (or a small number) of large investors who besides their cash also bring industry/government connections and experience in building a pre-IPO company toward IPO.

Comment: Home and Work (Score 1) 1880

by CaymanIslandCarpedie (#38022630) Attached to: What's Keeping You On Windows?

Top of the head reasons to keep windows at home and work

At home:
  - Visual Studio/.NET (do work from home)
  - SQL Server (do work from home)
  - Windows Media Center integration with XBox 360

At work:
  - Visual Studio/.NET
  - SQL Server
  - Exchange
  - Active Directory/Group Policy/etc
  - System Center

Comment: Re:Why not just wave your arm in the air... (Score 3, Interesting) 402

I'm still forced to have BB for work, but my wife has android. She has had a few voice apps and not sure which one she is currently using, but I think it may be called something like vlingo (or at least one of them was). She now does just about everything by voice. When she is in the car she turns on a setting and whenever she receives a text the phone announces who sent the text and reads it to her, etc, etc, etc.

Haven't seen Siri, but seems Android has "had some apps for that" for some time.

On the Internet, nobody knows you're a dog. -- Cartoon caption

Working...