Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:WTF (Score 3, Informative) 119

by Minupla (#49629725) Attached to: Canadian Town Outlaws Online Insults To Police and Officials

I assume this is an honest question so here's an honest answer.

The relevant bit is:

Section 33.

(1) Parliament or the legislature of a province may expressly declare in an Act of Parliament or of the legislature, as the case may be, that the Act or a provision thereof shall operate notwithstanding a provision included in section 2 or sections 7 to 15.
(2) An Act or a provision of an Act in respect of which a declaration made under this section is in effect shall have such operation as it would have but for the provision of this Charter referred to in the declaration.
(3) A declaration made under subsection (1) shall cease to have effect five years after it comes into force or on such earlier date as may be specified in the declaration.
(4) Parliament or the legislature of a province may re-enact a declaration made under subsection (1).
(5) Subsection (3) applies in respect of a re-enactment made under subsection (4).

Contrary to popular belief it's not specific to Quebec, it can be undertaken by either the federal or provincial/territorial level by a simple majority of the applicable governing body. (note that it doesn't apply to municipalities, so is irrelevant in the particulars of this article)

It allows temporary suspension of some Charter rights for a period of time (again country to popular belief it's not a blank check, and can't be used to suspend, e.g. mobility rights, or democratic rights, and the Supreme Court has ruled its use invalid in the past.).

It was first used by the Yukon Territory in 1982, but was never brought into force.

It's also been used in Alberta (in an ill fated attempt to ban same sex marriages), Saskatchewan (to attempt to force through back to work legislation, and avoid a Charter challenge based on freedom of association), and Quebec (in the most famous instance, to allow the provinces french only sign law). There are not currently as far as I know any in-use cases of Section Thirty Three.


Comment: Re:Kind of a dup, but here's a link that explains (Score 1) 113

Yep, it's possible. There's a couple of places listed in the talk that a skilled enough attacker could maybe make inroads, but the probability is limited by the fact that the networks speak VASTLY different networking protocols. Jeff *might* be able to infect the network bridge on a couple of specific airplane models.

Of course, if it's Bruce Schneier, just let him into the cockpit and give him the flight yoke, it'll be slower :)


Comment: Re:Kind of a dup, but here's a link that explains (Score 1) 113

Mod this up - Seriously, if you're at all thinking this stuff might be possible read the paper for a good analysis of what is and isn't possible. (hint: your probably more at risk from signals outside of the plane then from someone inside it, and not all that much risk (for now) even then.)


Comment: Re:Yeah, right. (Score 2, Informative) 892

Actually, according to the latest figures I can find:
  in 2009, women were on average paid 80% of men, across a broad segment of the work spectrum.

This data is from the US Dept of Labor. If you have a more recent or competing authoritative citation I'd love to hear it, but in so far as I'm aware we still have an issue.


Comment: Re:Good! (Score 1) 326

by Minupla (#49356913) Attached to: RSA Conference Bans "Booth Babes"

I disagree - I am a professional in the security space. I go to conferences for professional reasons.

I'd like the conference vendors to behave in a professional manner too and not insult my intelligence by implying that I'm more likely to sign off on a 6 figure deal because they have women dressed in biker leathers.

If I want to find scantily clad people of either gender, I can figure out where to look, trust me. I'm at a conference on my company's dollar, doing research on products we might want to invest in, I want to talk to someone who knows the bleedn product, not the woman they hired for the week because of her looks.


Comment: Re:I guess she got tired of blaming weed... (Score 4, Interesting) 353

There's no need for corporal punishment, just bring back "punishment" in general, and make it consistent and fitting

This. My daughter knows that when Daddy starts counting down from 5 that she had better clean up her act NOW before the counter runs out. She knows this because I've consistently used that as a message to her that she has crossed the line since she was 2. Typically I only need to say 5, or hold up 5 fingers, and she changes her behavior (often she decides she needs a timeout and takes herself to her room).

That having been said, this is a technique that works with MY kid. Just like adults are different and if you interact with them assuming otherwise you're going to have issues, so are kids. Figure out what makes yours tick and use that knowledge and you'll both have an easier time of it.


Comment: Re:greedy liar (Score 1) 451

by Minupla (#49290527) Attached to: Lyft CEO: Self-Driving Cars Aren't the Future

Hey - if I had the choice to buy an iphone (I'm an android guy actually) and not have all the hassles and expenses of car ownership when I don't need them (there are days I don't drive, but my car still depreciates, gets one day closer to service, gets one day closer to breaking down, etc.). That'd be a trade I'd make.

I mentioned to my wife last night that it'd be great, I could nap with her and the kidlet, instead of being awake because they frown on napping while driving!


Comment: Re:Its Never Too Late (Score 2) 205

by Minupla (#49237619) Attached to: Ask Slashdot - Breaking Into Penetration Testing At 30

A good coverage of the technical stuff, I'll add some of my personal thoughts on "how to get there".

1) There is a community out there, find your place in it. Go to conferences, look for local meetup groups.

2) Become comfortable with PEOPLE. Many technical people are not, but you will be a LOT better at your job if you are. People build systems, people break them. A computer never wakes up in the morning and decides to hack something. If you understand people, you can guess what shortcuts they'll take and know where to start poking.

3) Go watch past defcon videos. There's gold in there. Not in the "oooh exploit" sense (although it's true that some people never get around to patching the old ones) but more importantly to understand how the people in the videos found the holes, and how the people not in the video left the holes to be found.

4) Find a mentor. Someone who's traveled your path before and can help you avoid the potholes before you get there. This is (imo) especially important if pentesting is calling you, as the legal potholes there are many and deep. Someone who's local will know what particular quirks your jurisdiction has.

5) Get a get out of jail free card. Others have covered this to death, but it's worth mentioning again. O&E insurance if you're ever doing this freelance is something I'd also consider to be mandatory underwear.

6) Find a safe playground. There are places you can practice your craft safely. Think the google bug bounty program. Look for these places, read their rules and make sure you stay inside them. https://dcdark.net/ too.

Hope that helps. Enjoy the ride, it's been good to me over the years.


Failure is more frequently from want of energy than want of capital.