Follow Slashdot stories on Twitter


Forgot your password?

Comment Re:Unions (Score 3, Insightful) 465 465

Second, plan on having something you can offer to employers besides the threat of a revolution or strike; good workers can find good jobs.

Anything you can do can be taught to someone else willing to work for less.

Have you so soon forgotten Disney's attempt to replace their techs?

Seems that the only thing that stopped that was the publicity it got once the techs started complaining.

Comment Re:Interesting argument (Score 3, Insightful) 120 120

Even if that wasn't the case, they're arguing AGAINST being a "common carrier".

Won't this make them responsible for any of the crap (death threats, libel, etc) that they distribute as part of them being an "information service"?

Comment Mod parent up. (Score 2) 363 363

I've had similar arguments with telco people. If the DIGITAL part of the system is not dropping (or delaying) packets then there is no problem with the DIGITAL part of the system.

Swapping cables that are not causing dropped/delayed packets for other cables that won't drop/delay packets is useless.

And testing the digital portion is very easy.

If you think you hear a difference, it is probably your imagination or the analog portion on either end.

Comment Ha! (Score 1) 112 112

From their other link:

With dedicated customer support available by phone or online, and replacements and exchanges whenever Pepper is not working properly, corporate customers will be able to use Pepper with peace of mind at their businesses.

Eat your own dog food.

Staff your support division with Pepper robots. PROVE that they work.

Comment Re:Industrial network (Score 2) 76 76

IF the people in charge are asking for it, find and suggest a solution that can do it safely.

I'm with you so far.

If they are not willing to pay for your solution, find another, albeit less safe solution and present it with a list of assumed risks. Rinse and repeat until you have a solution they are willing to pay for with risks they are accepting, then do that.

In my experience, any "solution" that you present will be understood to do everything that they wanted.

Even if you say that they cannot have X at $Y. They will give you $Y and then demand X.

When you cannot do so, a contractor will be brought in to set up a flawed implementation that will reduce your security BUT will provide X at a price point that you said could not be done.

Which is why we see this story pop up over and over and over again.

Comment Re:Urg. (Score 1) 44 44

Worth adding is that the answers to someone's "security" questions often are easily obtained with just a small bit of social engineering.

Yep. Even easier if the information ("correct" answers) are available via Google.

But also, since you're already using unique passwords ... and the crackers managed to get your password ... how did they do that and would that have also yielded your "security" answers.

Their thinking seems to be:

1. So, one username / password isn't enough.

2. A second password should be enough, but it will use the same username as in #1.

3. And that second password should be SUGGESTED to be based upon something that can be researched / socially engineered / tricked out of the person.

4. And entered using the same channel as #1.

Okay, if you cannot get two factor authentication then at least use a different email address for each bank AND ONLY FOR THAT BANK. Email addresses are free. And always use completely unique passwords. Not bankname1 and bankname2.

The same for the "security" questions. Always completely unique.

If you have to write them down, do so. Just keep the paper in a secure location. It's far less likely that someone will break into your house to look for passwords than it is that someone will crack your computer.

Comment Urg. (Score 4, Informative) 44 44

Robin Miller: One thing that I think my wife and I are doing right: we don't have a bank anymore, we have a credit union, a local credit union and they do use secondary authorization on everything, you have to not just know the account number and the password, but you also need to know the answers to fairly obscure questions about our past, what year teacher was your favorite in what grade, things like that. Does that help?

NO!!! It does NOT!!!

1. It does not because that information can be collected at other sites controlled by crackers. So unless you enter incorrect information (which is, in effect just another password) then it is useless.

2. It is still on your computer. So if your computer is cracked then the crackers get your username / password / favourite-dog-food / whatever.

3. Find a bank / credit union that uses real two factor authentication.

Comment Mod parent up. (Score 2, Interesting) 594 594

Read carefully and you'll notice the government said he'd even have to accept the consequences of speaking out and engaging in constructive protest: they decree you can dissent against their rule, and that's well and good, as long as they can punish you for your dissent--which is precisely the situation in North Korea, where you may speak out against Kim Jong-Un, and, importantly, accept the consequences of speaking out against him.


If the end result of civil disobedience is the exact same in the USofA as in North Korea ... then what is the difference?

The politicians demanding martyrdom would be just as comfortable working for North Korea's government as they are working for the USofA's government.

And THAT is a very big problem.

Comment Re:Everybody List What You Think Went Wrong (Score 1) 550 550

Gamergate was ignored because gamergate is not news.

My problem with it is that even if the initial event happened EXACTLY AS CLAIMED then it is still nothing.

The "story" became the reactions to that nothing event.

And then the reactions to those reactions to that nothing event.

And now we have a post mod'ed +5 Insightful for claiming that Gamergate wasn't covered.

Comment Re:Translation (Score 3, Insightful) 594 594

And also, from TFA:

If he felt his actions were consistent with civil disobedience, then he should do what those who have taken issue with their own government do: Challenge it, speak out, engage in a constructive act of protest, and â" importantly â" accept the consequences of his actions.

He IS dealing with the consequences. That's why he left.

What Lisa Monaco is pushing for is martyrdom.

We are supposed to be a country of laws. We should not have officials demanding martyrdom of those who oppose their policies.

Comment Mod parent up. (Score 3, Insightful) 119 119

What depresses me bout software is how often we JUST DO NOT LEARN!

And not just software. Look at security as well. And so many other computer-related areas.

Software development seems to be riddled with arrogant know nothings who think they can cut corners or reinvent the wheel because doing the right way isn't "7337".

For me it's more like ... someone "learned" one way of handing it when s/he was working ALONE.

Then that person never learned that the practices need to be changed when you are part of a TEAM.

And releasing your code to the public is being part of a team.

Comment Re:As a former expert (Score 2) 112 112

... the cost of breaking corporate software with an update (they just took out our scheduling program for 4 days) is very measurable and affects everyone in the company, ...

Where are your test systems and test cases?

If you want to win these fights, you have to present defensible numbers in units that the PHB's understand: Dollars or Euro.

And the core problem with estimating losses is that you are now trying to play in the realm of the PHB. You will always lose. That is because while you are spending time on productive work they are spending time on personal relationships and politics.

Any time they do not follow your advice and a disaster does NOT strike ... well it is obvious that they were right and you were wrong. So they SAVED/EARNED the company money by being more "productive". Those IT people are all "the sky is falling". Ha ha.

Right up until the systems are cracked and then they're going to blame you any way because it was your job.

Comment Re:What Security Experts Can Learn From Non Expert (Score 3, Interesting) 112 112

NOT training users not to download suspicious executables or engage in fantastic feats of memory regarding passwords.

Don't depend upon a user's memory. Tell them that it is GOOD to write down their passwords AS LONG AS THEY STORE THEM WITH THEIR CREDIT CARDS.

The solution, which security people hate to hear, is to get better at installing and maintaining multiple levels of firewall, application sandboxing and/or streaming applications for all office applications, improving intrusion detection and dynamic virus removal in real time.

The REAL problem with security is that the VENDORS do not place a priority on it.

It isn't that we hate to hear that.

We're already DOING that. But it doesn't help much when a CxO installs some infected software on his laptop (which he can because he is so important that he NEEDS admin-level access) and then brings it into the most firewalled section of the network.

Right now I'm focusing on knowing when a site is compromised rather than trying to get EVERYONE to follow the best practices EVERY TIME on EVERY SYSTEM.

Comment Re:Seriously... (Score 1) 245 245

Actually, there is a problem. Which is why the schools with less money do worse on standardized tests than schools with more money.

And the problem is that the tests are written to a specific curriculum that is clearly identified in the text books associated with those tests.

So even if a student knows MORE about a subject than is taught in a specific text book, that student can still FAIL the standardized test because s/he does not provide the answer identified in the text book.

Such as ... what are the 3 main reasons for X.

In math it is more about how the word problems are written. If the student is familiar with the way the problems are phrased it is easier for him/her to get a higher score.

Comment Re:They're worthless. (Score 1) 213 213

Maybe. Maybe not.

In my experience the tests "test" you on your knowledge of how the VENDOR would like you to "solve" a "problem".

I haven't seen any test were there is something objectively "wrong" about any of the questions or answers.

But I have seen a lot of questions and answers that are phrased somewhat inaccurately for someone with more experience than just the vendor's training materials.

So if you know the subject, a quick read of the vendor's materials should tell you where the "tricky" areas are. But if you want to skip that step, you should be able to pass most certifications without a problem.

"Mach was the greatest intellectual fraud in the last ten years." "What about X?" "I said `intellectual'." ;login, 9/1990