Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:Not really needed (Score 4, Insightful) 504

I'm in exactly the same situation, with no regrets. Interviews were a little tough early on, but once you have it, experience trumps education. My lack of a degree hasn't been an issue in a long time.

And the great thing about this industry is that you can get the experience and prove yourself without anybody else's permission. Contribute to open source, release a smartphone app, etc. It's in your hands: just do it.

Comment: Re:The e-mail from Mt.Gox. (Score 3, Informative) 642

by Dr. Sp0ng (#36494638) Attached to: Bitcoin Price Crashes

Gmail also flagged suspicious failed login attempts on my e-mail account, so I had to go through a password reset process on it. Although I used a unique password at Mt.Gox, the attacker apparently is running automated login attempts using the stolen e-mail addresses and Mt.Gox passwords, so anyone using non-unique passwords is likely in trouble.

Yep. Same story for me too. Glad I enabled two-factor authentication on my Google account (and SSH to my home server while I was at it).

Comment: Re:P.J. O'Rourke said... (Score 1) 309

by Dr. Sp0ng (#36102500) Attached to: FCC Commissioner Leaves To Become Lobbyist

No, everybody wouldn't need to. The threat would be enough of a deterrent in general, and in the area immediately surrounding the polluter it would not be a difficult case to make.

You're right that the devil is in the details. But this is even more true when you're trying to attack such problems head-on with direct, one-size-fits-all legislation. A legal framework based on property rights would decentralize these decisions and apply local considerations.

"I've known people who have sued over blatant property rights violations..."

Yeah, but this isn't surprising since property rights are not properly protected these days. Instead of clear lines, there are fuzzy rules fraught with exceptions and loopholes.

Comment: Re:P.J. O'Rourke said... (Score 1) 309

by Dr. Sp0ng (#36102230) Attached to: FCC Commissioner Leaves To Become Lobbyist

Lack of regulations wouldn't. But stronger property rights, which are another essential ingredient, would. Their neighbors should have the ability to sue when their property is polluted (read: damaged) by the nearby factory.

This requires no strong central government or anti-business regulations, and would not be prone to political manipulation by the rich and well connected. Simply apply the same rules to everybody.

Comment: Re:somewhat agree hwoever (Score 1) 309

by Dr. Sp0ng (#36100824) Attached to: FCC Commissioner Leaves To Become Lobbyist

As opposed to the cancer patients that are dying because they're denied access to experimental treatments? The FDA cuts both ways, and it's not at all clear to me that it's a net win, especially when you consider where health care could be if it were allowed to flourish like the computer industry.

Comment: Re:Hi, I'm Left... (Score 1) 639

by Dr. Sp0ng (#35761018) Attached to: Obama Administration Wants Your Old Email

What, are they nuts? Who would want to live in a place where barroom brawls give way to deluges of bullets? Or where would-be minor road rage incidents end up in cars full of corpses? The violent crime rate there must be through the roof!

Except that reality doesn't match left-wing fantasy, and Vermont has one of the lowest murder rates in the country.

I don't understand why people can't leave the shooting of criminals to the police

Because when seconds count, the police are only minutes away.

Comment: Re:because of the ass-hat signature authorities (Score 1) 665

by Dr. Sp0ng (#35562664) Attached to: Why Doesn't Every Website Use HTTPS?
I don't think it's realistic to expect people to check certificates before giving out sensitive data (or ever, really). And since that's the case, having encryption-but-not-really seems worse to me than encryption-only-if-it's-secure. The average person won't understand the distinction, and will assume encryption=safe. Since the user can't be expected to check the certificate's authenticity, the CA steps in to fill this role.

If you give your POP3 or FTP password over a self-signed SSL connection, you might as well send it over plain text. It's not a whole lot harder for somebody in the middle to read, unless you're checking the signature out-of-band. Which you're not.

The general consensus in the encryption community is that bad encryption is worse than no encryption, and I think they're right. On the surface, it is marginally "better" than cleartext, but in the real world it changes people's behavior and makes life much easier for the bad guys.

Your point about spoofed URLs and such is correct, but that's a different problem.

Comment: Re:because of the ass-hat signature authorities (Score 1) 665

by Dr. Sp0ng (#35561956) Attached to: Why Doesn't Every Website Use HTTPS?
But that doesn't actually protect you - it just gives you a false sense of security.

If there is no way to verify the identity of the other side, then it's dead simple to stick yourself in the middle, unbeknownst to either legitimate participant. You may think you're having an encrypted conversation with GMail, but you're really having one with me, and I'm having one with GMail pretending to be you. See the problem?

It's like putting black tape over the warning lights in your car. Sure, it makes the problem "go away", but you haven't actually fixed anything.

Use self-signed certificates if you must, but I damn well want my browser to tell me about it. The certificate authorities are far from perfect, but at least you have to create a paper trail of some sort when you want a fraudulent one.

Humanity has the stars in its future, and that future is too important to be lost under the burden of juvenile folly and ignorant superstition. - Isaac Asimov