Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:Key AND Password (Score 1) 167 167

I use Google Authenticator on my home server (and on Google itself). It's a great solution to this problem and works very well. Some ssh clients (notably on iOS) can't handle the two-factor authentication, but I just set those up with private key authentication.

Comment: Re:Not really needed (Score 4, Insightful) 504 504

I'm in exactly the same situation, with no regrets. Interviews were a little tough early on, but once you have it, experience trumps education. My lack of a degree hasn't been an issue in a long time.

And the great thing about this industry is that you can get the experience and prove yourself without anybody else's permission. Contribute to open source, release a smartphone app, etc. It's in your hands: just do it.

Comment: Re:I don't trust Wolfram Alpha (Score 1) 167 167

There is no room for approximations in a supposed 'COMPUTATIONAL ENGINE' and if YOU can't understand this then I think you should go back to the fantasy world you live in where exact numbers don't matter.

*All* non-integral math done by a computer is an approximation.

Comment: Re:The e-mail from Mt.Gox. (Score 3, Informative) 642 642

Gmail also flagged suspicious failed login attempts on my e-mail account, so I had to go through a password reset process on it. Although I used a unique password at Mt.Gox, the attacker apparently is running automated login attempts using the stolen e-mail addresses and Mt.Gox passwords, so anyone using non-unique passwords is likely in trouble.

Yep. Same story for me too. Glad I enabled two-factor authentication on my Google account (and SSH to my home server while I was at it).

Comment: Re:P.J. O'Rourke said... (Score 1) 309 309

No, everybody wouldn't need to. The threat would be enough of a deterrent in general, and in the area immediately surrounding the polluter it would not be a difficult case to make.

You're right that the devil is in the details. But this is even more true when you're trying to attack such problems head-on with direct, one-size-fits-all legislation. A legal framework based on property rights would decentralize these decisions and apply local considerations.

"I've known people who have sued over blatant property rights violations..."

Yeah, but this isn't surprising since property rights are not properly protected these days. Instead of clear lines, there are fuzzy rules fraught with exceptions and loopholes.

Comment: Re:P.J. O'Rourke said... (Score 1) 309 309

Lack of regulations wouldn't. But stronger property rights, which are another essential ingredient, would. Their neighbors should have the ability to sue when their property is polluted (read: damaged) by the nearby factory.

This requires no strong central government or anti-business regulations, and would not be prone to political manipulation by the rich and well connected. Simply apply the same rules to everybody.

Comment: Re:somewhat agree hwoever (Score 1) 309 309

As opposed to the cancer patients that are dying because they're denied access to experimental treatments? The FDA cuts both ways, and it's not at all clear to me that it's a net win, especially when you consider where health care could be if it were allowed to flourish like the computer industry.

Comment: Re:Hi, I'm Left... (Score 1) 639 639

What, are they nuts? Who would want to live in a place where barroom brawls give way to deluges of bullets? Or where would-be minor road rage incidents end up in cars full of corpses? The violent crime rate there must be through the roof!

Except that reality doesn't match left-wing fantasy, and Vermont has one of the lowest murder rates in the country.

I don't understand why people can't leave the shooting of criminals to the police

Because when seconds count, the police are only minutes away.

Comment: Re:because of the ass-hat signature authorities (Score 1) 665 665

I don't think it's realistic to expect people to check certificates before giving out sensitive data (or ever, really). And since that's the case, having encryption-but-not-really seems worse to me than encryption-only-if-it's-secure. The average person won't understand the distinction, and will assume encryption=safe. Since the user can't be expected to check the certificate's authenticity, the CA steps in to fill this role.

If you give your POP3 or FTP password over a self-signed SSL connection, you might as well send it over plain text. It's not a whole lot harder for somebody in the middle to read, unless you're checking the signature out-of-band. Which you're not.

The general consensus in the encryption community is that bad encryption is worse than no encryption, and I think they're right. On the surface, it is marginally "better" than cleartext, but in the real world it changes people's behavior and makes life much easier for the bad guys.

Your point about spoofed URLs and such is correct, but that's a different problem.

Comment: Re:because of the ass-hat signature authorities (Score 1) 665 665

But that doesn't actually protect you - it just gives you a false sense of security.

If there is no way to verify the identity of the other side, then it's dead simple to stick yourself in the middle, unbeknownst to either legitimate participant. You may think you're having an encrypted conversation with GMail, but you're really having one with me, and I'm having one with GMail pretending to be you. See the problem?

It's like putting black tape over the warning lights in your car. Sure, it makes the problem "go away", but you haven't actually fixed anything.

Use self-signed certificates if you must, but I damn well want my browser to tell me about it. The certificate authorities are far from perfect, but at least you have to create a paper trail of some sort when you want a fraudulent one.

Many people are unenthusiastic about their work.