Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment: Re:Wah, "threatened" (Score 4, Informative) 36

1. I send you a letter saying I'm going to release security vulnerabilities about your house to your neighborhood residents and the internet in general in 30 days.

2. On day 29 with no previous contact or attempted contact, you send me a letter asking for time to fix your house's security problems, since, naturally, as a so-called "researcher" that's of equivalent interest with respect correcting future known-bad designs. You note that telling people in the neighborhood how to break into your house might have legal implications.

3. I say "fuck you, wrong law, noob" and publish because you obviously had plenty of time to contact me to discuss before and chose to not do so and instead decided best to threaten me on day 29 hoping to stall and did a poor job of threatening using laws that have nothing to do with the matter at hand trying to make your position look strong and scary when all you had to do was contact me earlier than the 29th day asking for more information on the vulnerabilities, and/or offer to hire my services as a consultant to help fix the issues your security product obviously has in place.

Fixed that for you...

Comment: Re:This seems backwards. (Score 1) 62

by Fallen Kell (#49565447) Attached to: Supreme Court To Consider Data Aggregation Suit Against Spokeo

The key feature of the lawsuit is that the individual cannot show any specific harm was done, only that their legal rights were infringed. Most aspects of civil law require that the person show some sort of injury. In this case the specific law does not require damage. Damage to consumers is assumed as automatic if the company does not comply with the law. The wording of the law is only about compliance, not about harm.

And that is great and all, but also at point, how do you prove you were passed up on a job because of this without a company coming straight out and telling you the reason? There is no law that says a company needs to tell you why you were not chosen for a position. Your resume may simply be tossed into the "do not trust due to lies" pile automatically by the automated compute checking system that performed the check of the information in the resume with the information in the automated background checks, and you would simply be filtered out without even having an interview.

THAT is the point that this lawsuit is trying to bring to the forefront. This kind of data IS being used by many places for finding potential employees, new clients/consumers, loans, and many other use cases. Things that you write in your resume are being cross-checked against other sources and if things don't match, well, lets just say your word then becomes suspect, which is not a good position to be in when trying to get a job.

Comment: Re:This seems backwards. (Score 2) 62

by Fallen Kell (#49564435) Attached to: Supreme Court To Consider Data Aggregation Suit Against Spokeo
Or as is very likely the case, a company passes up on hiring him for something like a basic data entry position because he is "over qualified" for the position and will be more likely to ask for raises or leave the company once he finds another position more at his level, making the company start the hiring process all over again (which costs the company money).

Comment: Re:if that were true (Score 1) 348

by Fallen Kell (#49222577) Attached to: Obama Administration Claims There Are 545,000 IT Job Openings
In my experience, there are always candidates out there that can fill the position. The problem is that you and/or your company doesn't want to do what it takes to get such a candidate. That may mean paying relocation costs for someone to move, signing bonuses, or (god forbid) raise the salary. Its pretty clear that the market is tight in your area. That simply means you need to pay more than the company next door...

Comment: Re:Rookie mistake... Also... (Score 3, Insightful) 230

DO NOT DISCLOSE THE INFORMATION TO ANYONE ELSE!!!! I can't state that enough. Also, DO NOT ACCESS IT EVER AGAIN!!!!!! I also can't state that enough either. Any subsequent accesses/"breach" of their security will be blamed on you, and used as evidence that you sent others the information, since you were the only one who knew. Anything anyone else does will be painted as you working in conjunction with a "group of hackers" in an attempt to defraud others, or even possibly extort the company in some way. Any continued access attempts on your part will be used to show that it wasn't a onetime mistake that let you uncover the issue, and that you continued to "hack" the site over a period of time.

Comment: Rookie mistake... (Score 4, Informative) 230

Well as others have already stated, you already made the rookie mistake of trying to report the issue and gave them your name and contact information. Now you are on the record as having breached their "security", even as pathetic as it is. When big money is possibly involved (as it would be in the case that financial information of hundreds/thousands of people are involved), you just became the "scapegoat". They will now use you as "hacking" them to attempt to make claims on their insurance to cover the cost of fixing the problem. That also means they will need to report to law enforcement, etc., to have the case brought forward.

Comment: Re:Perception has nothing to do with it... (Score 1) 420

by Fallen Kell (#49154457) Attached to: Is That Dress White and Gold Or Blue and Black?
You have a shit calibrated monitor/display. The reason why most people see white+gold is because the majority of monitors have crappy color calibration, lumen balance, contrast, and white/black levels, especially "out of the box". My monitors are calibrated at the factory and come with custom color map for each monitor from the factory, so that they have less than 0.1dE2000 from sRGB.

This is why your iPhone 5 or 6 shows the image and it looked black+blue (they have "decent" color calibration of under 2.5dE2000, but that still is not even close to the 0.1dE2000 of a really good monitor), and most probably is still pushing way to many lumens for environment, which washes out the image (making it look white+gold).

Comment: Almost... Needs a computer "literacy" placement (Score 1) 779

by Fallen Kell (#48960555) Attached to: WA Bill Takes Aim at Boys' Dominance In Computer Classes
Your solution is a good one, however, you need a computer "literacy" test first before implementing something like mandatory classes.

One of the prevailing theories on why boys dominate the field is due to the fact that they have had more exposure on their own time (in essence have done "self study" work in the field). When schools finally begin offering classes in computers, it is typically 6th grade and later. At which point, many students who have been exploring the field on their own know significant more advanced skills than ones who are only just being introduced to it for the first time. And in schools that teach for the "majority" of students, they will skip past a lot of the more "basic" things because it is below the average skill set of the majority of the students in the course, with the students who don't have the basics down getting lost and as a result discouraged from the field. The converse is also a problem when the schools try to teach to the students with the lowest skill sets in the course. The ones who know it already get bored, complain, and ridicule the students who don't know how to do it so they can speed up the classwork to get to things that meet their skill level.

The real solution is something that school officials and state legislatures will be likely to want to do. If they truly want to have more equality in computers, they need to start having computer classes in kindergarden/1st grade, with individualized progression for the students (i.e. be able to "test out" of any material being taught). Initial costs to setup a system like this would be expensive, but long-term may be relatively in-expensive. The only way for this to really work would be for a mostly automated coursework up and through programming theory, and object oriented design. Everything being most entirely based on the foundation of "online learning" principals, but on a more individual pacing. Grading would not really happen at all for the majority of the work, simply skill progression in passing and completing projects, modules, and practical exams (i.e. very little memorization of definitions, vocabulary, etc., but actual real world useful skill tests such as being able to create a proper formatted paper/document, creating spreadsheets, setting up and using the computer, basic debugging of computer problems, creating a basic program with input and output, etc., etc...). And because it is all self paced, the students don't become discouraged with both themselves or at the other students who "are slowing them down". But school systems would hate something like this because there is no scoring.

Comment: Re:Please no... (Score 1) 570

by Fallen Kell (#48872991) Attached to: Microsoft Reveals Windows 10 Will Be a Free Upgrade
I think you are reading more into the small print than actually exists.

Feature availability may vary by device.

They state this because you OBVIOUSLY won't have touch interface on non-touch devices, and thus any/all touch features available in the OS will not work on that device (that is just a single example of features that will vary, large screen UI won't make sense to use on a 4 inch smart phone, phone capabilities won't work on a desktop with no phone number, picture taking won't work on a device without a camera, etc., etc., etc., the list goes on and on).

Some editions excluded.

This is explained. They exclude upgrading Enterprise editions of the software. Those editions were purchased typically as site licenses for businesses, and are excluded. You need to arrange new site license agreements (or maintain your existing ones) in order to upgrade your windows licenses (in which you will be covered by your site licenses, and not the free upgrade license anyway).

Comment: The real fix... a recall of the socket (Score 2) 304

by Fallen Kell (#48698579) Attached to: Putting a MacBook Pro In the Oven To Fix It
This has been a problem for a long time on not just the Macbook Pro, but plenty of other laptops that used a few specific CPU/GPU sockets in their designs along with in-adequate heatsinks/fans for the thermal load. Those sockets should never have been used for those designs due to the temperature points of molten solder on a part that is specifically designed to be mobile (and thus subject to falls, movement, and other torques when the system may still be hot, especially moments after a shutdown or sleep when they are closed up and placed in a bag/backpack and slung over the shoulder).

Comment: Re:Pointless disruption and harm from Anonymous (Score 2) 149

by Fallen Kell (#48682453) Attached to: 13,000 Passwords, Usernames Leaked For Major Commerce, Porn Sites
Actually, they are simply continuing to prove the point that current security technology has gaping holes in it. And that until there is a MAJOR rework of system, software, and site security, these holes will continue to exist and continue to be exploited. The real bad guys would have simply kept, sold, or used the information themselves and no one would have really known until the credit cards were used to fill cars full of gas, or purchased gift cards which were emptied to accounts which were transferred, etc., etc., and by the time anyone could do anything the money would be out of the systems (no longer electronic) and the people gone.

Until passwords are not typed by people on keyboards, moved through accessible memory on client systems or servers, two factor confirmations, one time use payment numbers, etc., are all in place, these hacks will occur. Fundamental level changes need to occur to fix these things (including hardware interrupt handling, memory segmentation and randomization, whitelisted program execution/startup, passwords/credit card numbers with timebased key tokens required, etc...). Problem is, it will cost a lot of money to change many of these, including hardware changes. Even if the technology was available today that fixed all these things (and you couldn't buy a computer without these changes), we would still have vulnerable systems out there for 20 years or more while industry and consumers replace their hardware.

UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn

Working...