Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment: Re:The good news is... (Score 3, Insightful) 209

by khasim (#49588933) Attached to: Yes, You Can Blame Your Pointy-Haired Boss On the Peter Principle

I doubt it. It's too easy NOT to be.

Just realize that you are NOT smarter than the people reporting to you. You just happened to get stuck in that management slot.

Next, learn that just because you've been TALKING since you were 2 does not mean that you are a master at COMMUNICATION. Take classes. Read books. LEARN to communicate.

Now you can give rapid feedback to your people. Instead of the once-a-year-review aim for the every-2-weeks-review. That way you will remember all the reasons why the main project was delayed. Remember your new communication skills.

Finally, decide whether you're going to fuck your people in order to make other managers look good or whether you're going to help your people get the skills to move up and onward.

Comment: Re:Talk about blaming the messenger (Score 5, Insightful) 230

by khasim (#49526265) Attached to: UK Police Chief: Some Tech Companies Are 'Friendly To Terrorists'

He's part of the "system". Therefore, his view is that anyone who isn't directly supporting the "system" is opposing it. Which means you're opposing him and the "good" work that he is doing. You are friendly to the "terrorists".

"Terrorists" in this case being defined as anyone Mark Rowley does not agree with.

Personally, I think that there are far more corrupt cops and corrupt politicians and so on who would abuse their authority than there are terrorists who can attack us.

Comment: Re:Whatsisname is...mistaken (Score 1) 289

by khasim (#49518513) Attached to: Robot Workers' Real Draw: Reducing Dependence on Human Workers

She's wrong on a few points.

1. It has ALWAYS been about "Reducing Dependence on Human Workers". A person with years of hand-crafting skill is replaced by someone with months of machine-operating skill. And so forth.

2. Machines are NOT as good as she claims at predicting HUMAN behaviour. They're just getting to be better than the average human (who sucks at it).

3.

Now machines at call centers can be used to seamlessly generate spoken responses to customer inquiries, so that a single operator can handle multiple customers all at once.

No. HUMANS can be forced to read off a script but MACHINES suck at anything more complex than "Did you say "yes"".

Comment: Re:Holistic (Score 4, Insightful) 67

by khasim (#49516103) Attached to: How Security Companies Peddle Snake Oil

It all comes down to proper design and the ability to say "NO".

Security cannot be retro-fitted to a badly designed system.

The person who can demand that you support X in Y configuration NO MATTER WHAT is the person who controls your security. No matter what his/her knowledge level is.

Next, understand that you will (eventually) be cracked. Someone somewhere will make some mistake just long enough. MONITOR for that. KNOW what the regular traffic on your network looks like. PLAN for what you are going to do WHEN that happens.

Comment: Re:If you are ABLE to be a hooker, detain you? (Score 1) 270

by khasim (#49494575) Attached to: FBI Accuses Researcher of Hacking Plane, Seizes Equipment

I hereby claim that I have hands, therefore I am able to stab someone. Should I be detained and my property seized because I am ABLE to commit a crime?

Situational.

The government does NOT do jokes about fucking with airplanes.

I guarantee you that if you were walking around an airport with a knife talking about how you COULD stab then you'd be detained. And they'd probably keep your knife.

Comment: Re: For work I use really bad passwords (Score 1, Insightful) 136

by khasim (#49476647) Attached to: Cracking Passwords With Statistics

Read to the end for a secret revelation.

One for all the various forums, social sites and other crap that is of absolutely no importance to me and if it gets leaked and you use it to log in as me on one of them, you can post comments in my name - omg, the sky is falling.

The problem there is that all it takes is one crap site and an attacker can check all of your "reset answers" (pet's name / mom's name / etc) to see if they can be used for an attack.

One is for sites that I have some stakes in, like accounts in online games and such, where you could do some damage in the sense of destroying something that took me time to create (delete my GW2 characters, I'd hate you for it, but no real damage has been done).

A different password but does it still have the same "reset answers" that the other category does?

And you are depending upon the admins of those sites to correctly secure them and keep them sites secure for THEIR ENTIRE EXISTENCE.

And one I use for sites where you could do some damage that I could probably reverse, but it would take effort and might cause me real-world inconveniences, such as shopping sites where you could order something in my name and I'd have to go and cancel the order or send it back or whatever.

Just about all of the damage can be reversed. It's just a matter of how much time and how much money is lost doing so.

This is about preventing the damage before it costs you time and money.

Your Amazon account should NOT have the same password that your eBay account has. No matter how much you trust either of them.

My PayPal and banking accounts have their own passwords, ...

And they should have their own email accounts tied to them. If someone cracks your GameYouUsedToPlay.com account that should NOT give them the email address you use at your bank.

Now, for the secret revelation!

Passwords WERE once used for security.

NOW they are mostly (99.9%+) used for MARKETING. That is why almost all the sites out there require a unique login. And those sites are very lax with their MARKETING data (your username/password/answers).

Once you understand that (and what information you are leaking when you give it to them) you can make better decisions on how much RE-USABLE information you want to give them.

Think about what the minimum information an attacker would need to access your bank account (either login or social engineering) and then look at how many sites have that information.

Comment: Re: For work I use really bad passwords (Score 4, Insightful) 136

by khasim (#49475721) Attached to: Cracking Passwords With Statistics

It doesn't matter. If someone is cracking your (end-user) password at work then they probably have some other means of attempting it.

1. keylogger
2. some reduction attack
3. pass the hash
4. fake authentication request & server
5. etc

By the time the attacker has copies of the hashes and is trying to use any of the techniques in TFA on them it's too late for you as an end-user.

For non-work websites just remember 2 things:
a. DO NOT USE THE SAME PASSWORD
b. If it is financial, don't use the same username/email-address as other sites.

Comment: Re:How many times .... (Score 2, Insightful) 33

by khasim (#49465439) Attached to: Book Review: Networking For System Administrators

Sure, the problem is probably not Machine X can't connect to Machine Y, and more likely to be VLAN 17 can't initiate a connection to VLAN 56 over port 8080, but maybe you're the only one at your company who needs to make that particular connection at that time.

And you call it in and the network engineer will ask some questions:

a1. Has this ever worked in the past? (they will always answer "yes")
a2. When was the last time you know it was working? (50% "yesterday" 50% "last week")
a3. Has anything changed on the boxes or were they moved? (100% no nothing same as always)

b1. Is this a new install? (95% of the time this will be the problem but they will only admit it 1% of the time)

But if your network has dozens of VLANs, multiple gateways and complex firewall rules, it very well could be a network issue that so far only you have experienced.

And the change control logs should IMMEDIATELY show you where the problem is, in that case.

In my example, if VLAN 17 and VLAN 56 are QA networks, there's a reasonable chance your network team won't give a shit and it'll take them a week to even take a look, so it's probably worthwhile as a sysadmin to make sure that A) Machine X is actually sending the data out the network interface and B) Machine Y isn't receiving the data and just discarding it.

That's the problem. Change control shows no changes on 17 or 56 in the last 6 months.

The alarm systems show no changes.

I can pull up the data on the ports X & Y are using in 30 seconds. No errors showing.

In another 30 seconds I can check all the stats for 17 & 56.

The network is SIMPLE! It really is. Troubleshooting a connection issue takes a few minutes at most.

In your example, the sysadmin will just say "the network is the problem" when the REAL PROBLEM is that the LATEST UPDATE of his app means it now listens on 443 instead of 8080.

And a quick Google search will bring up page after page of references to that just using the app name and the app version number.

Comment: How many times .... (Score 2, Interesting) 33

by khasim (#49464939) Attached to: Book Review: Networking For System Administrators

If there really is a "network problem" then it won't be just your machine that cannot connect to some other machine.

It would be lots of people and/or machines that would not be able to talk to lots of other machines and/or people.

And the network rarely experiences "problems" that only show up after you've applied a patch.

Bad things come from network and systems folks not understanding each other.

As a network engineer, I can quote almost EXACTLY what the sysadmin will say. Understanding them is easy.

Communicating something they do not want to hear is the issue.

Comment: Re:If you demand all your supporters be flawless.. (Score 4, Insightful) 653

by khasim (#49413465) Attached to: Carly Fiorina Calls Apple's Tim Cook a 'Hypocrite' On Gay Rights

"Hypocrisy" has a clear definition. Tim Cook is NOT a hypocrite on that issue. Fiorina is WRONG.

The worst that can be said is that Tim Cook has a "double standard" when it comes to advocating for gay rights in the USofA vs other countries.

Yet he also appears to be effective in advocating for gay rights in the USofA. Where is Fiorina's advocacy?

Fiorina is being a "concern troll" on these issues.

Even worse, she is being a concern troll for topics that she does not personally support. How much Saudi business did she turn down at HP? How much of her money has she spent on advocating for gay rights?

Comment: Review often. Review quickly. (Score 2) 261

Make sure that everyone knows what they're supposed to do, what's expected, and when it's due. It's really not that hard, except that apparently it's really hard.

The problem is that the day-to-day emergencies get in the way of the 11-month-projects.

But the day-to-day emergencies are soon forgotten and the 11-month-projects are what you are judged on.

Most people here are probably familiar with the "annual performance review" and how much they hate it. So drop it.

Instead, replace it with a LOT of shorter, more frequent reviews. Weekly if possible. Every 4 weeks at the very latest. Lasting between 10 and 15 minutes. Then the annual review for HR is simply a roll-up of 52 weekly reviews.

This helps because EVERYONE knows what the situations are AT ALL TIMES.

There will be problems and the sooner you've identified them and resolved them (or mitigated them) the better.

Comment: Re:How 'bout.. (Score 1) 212

While the semantics over what was 'authorized' can be debated, that large numbers of agency personnel had access to the data to troll at their leisure without fear of reprisal still hasn't been refuted.

And, apparently, there were no safeguards set in place to detect such activities.

It SHOULD have been easy to have a few internal people randomly checking the legality/applicability of searches.

From TFA:

Those who don't pay too close attention think the NSA is out there gathering up whatever it can without rhyme or reason. But, in fact, [collection] is in response to things called intelligence requirements, which are made through a big, formal process across the executive branch, by which different parts of the policy apparatus articulate needs for information.

If those statements were accurate than Snowden's "betrayal" would be meaningless.

You cannot have it both ways.

Comment: Re:Money (Score 1) 353

by khasim (#49366117) Attached to: Former HP CEO Carly Fiorina Near Launching Presidential Bid

And that's not all. From her Wikipedia page:

Following an August 4, 2010, federal court ruling that Proposition 8 was unconstitutional, Fiorina expressed disagreement with the ruling, saying that California voters spoke clearly against same-sex unions when a majority approved the proposition in 2008.

And she wants to lead the Executive Branch?

Majority != Constitutional.

And she's got a bit of money. So .... what's she been doing with it AS A PRIVATE INDIVIDUAL to help with any of the "problems" that she's talking about?

So far it looks like a lot of paid speaking engagements. She is paid to be "concerned" but she doesn't fund anything herself.

Comment: How is it a "rite of passage"? (Score 4, Insightful) 49

by khasim (#49361155) Attached to: Startups Increasingly Targeted With Hacks

They're getting cracked because they're not paying attention to their security.

After resetting users passwords, Twitch initially introduced longer password character requirements, but had to dial back its new 20-character password length requirement to 8 characters after users complained.

Fuck you! If you cannot detect and mitigate a brute force attack then hire someone who can.

Twitch also said it encrypted passwords, but warned that hackers might have been able to capture passwords in the clear as users were logging on.

And make sure you know the difference between encrypted and hashed.

Comment: Re:Yes, but.... (Score 3, Interesting) 267

by khasim (#49349791) Attached to: Generate Memorizable Passphrases That Even the NSA Can't Guess

Let's be a bit more specific about that.

If they're restricting the length to something like 8 or 12 or 16 instead of 128 or 256 then they are PROBABLY not hashing the passwords.

Which means that your password is PROBABLY being stored in plain text (or possibly encrypted). NEITHER of which are acceptable methods today.

"One Architecture, One OS" also translates as "One Egg, One Basket".

Working...