Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Comment Re:Crappy engineering (Score 1) 198

So, to have an IOT thermostat I have to give it around 350 ma @ 5 v (over 1.5 watts) 24 hours a day, 7 days a week? That's roughly 13 kWh over the space of a year.

It must be nice to design devices where someone else has to pay for the sloppy engineering.

Presumably the reason you would have an IOT thermostat instead of a regular (non-IOT) thermostat is that you want to be able to remote control it and have it collect performance data about the heating and cooling of your house. Being able to remotely turn something on when it is "off" requires it not to truly be off. 1.5 watts is not an unreasonable amount of power for this, especially if you include over time monitoring of temperature and that that the device needs to maintain a network connection. Where I live electricity costs about 11 cents per kilowatt hour, so a 1.5 watt load costs me $1.45 a year.

Good engineering is determining a plan that examines and balances the costs of various build options with a set of desired features our outcomes to arrive at an acceptable solution.

I suppose you could say that the engineering was sloppy and the load should only be about a watt bringing the annual cost down to about a dollar a year. What would the saving of that half watt cost in terms of design and manufacturing? Would the product now be too expensive to sell? Would customers even notice the reduced power consumption? Do customers care about a fifty cent operational cost annually? I would argue that extra effort to save the half watt is probably not worth it.

Setting aside the potential straw man, if the engineers who designed the thing considered the above questions then it was not sloppy engineering.

Comment Re: How much of it do I have to trust? (Score 1) 73

The fact that it existed as a default for sooo long though... I mean, at what point in time did that seem like a Good Idea ?

Probably at the same point in time that it seemed like a good idea to enable SSH to a box. I mean, oh my god, with the root password (or an account that has sudo privileges) someone could remote in and access the whole computer!

The administrative shares on a Windows box really aren't all that different, you need an administrative account (root) to use them and if you have an administrative account you get full access. You could argue that they are "hidden" and not well known, but I would counter that are plenty things on the Linux side of the world that are not well known and can lead to serious security exposure (SSH port forwarding to bypass firewalls for example.)

Security in any environment requires that those using and configuring systems understand how they work and assign the appropriate access to the appropriate actors. All environments have their security strengths and weaknesses.

Comment Re:Siri? (Score 1) 144

adding to this, some things still work surprisingly poorly. "show me the nearest gas station" is especially bad. it's a shame because when you're driving, this is occasionally a very important question.

The best implementation would be this: if you're already navigating a route, siri would show you stations that are ahead of you (so you don't have to turn around) and don't cause you to deviate from the route too much.

Even better, if you've been moving at 75 mph for the last 40 minutes along the same path as say, an interstate, then maybe suggest ones on the road, not 40 miles off the road to Radiator Springs.

Of course if it did this, we would be complaining about how Siri is "tracking our movements".

Comment Re:Chip is good security theatre (Score 1) 145

I'm not the least bit sold on the security of these new cards. I had one issued to me by my bank a couple months ago, and the card was nonetheless compromised within a month. I made exactly one POS transaction with it at a chip terminal (several at non-chip terminals) and all of a sudden someone else decided to pay their cell phone bill with my card. Rather unsurprisingly said cell phone company didn't give a flying fuck about the fraud and refused to be the least bit helpful. Now I have to pay my bank to go after it.

What does the cell phone company have to do with it? Your dispute is with the bank that issued your credit card. If your bank is charging you to dispute a fraudulent credit card charge, you need to find a different bank.

Comment Re:Vote by Mail (Score 1) 263

Another problem with postal votes is what happens in a close election. In 2000 there were some attempts by the Dems to exclude Overseas Military Ballots, but it came too late and didn't have much impact. Next time there is a really close election both parites will have databases & software that based on individual voter profiles will allow then to identify postal votes that are more than X% likely to go "the wrong way" and assist in finding plausible reasons for challing these votes. That could get really ugly.

I don't see how this is a problem, not in Oregon anyway. Ballots for Overseas military (and regular citizens overseas) are the same as those for folks at home in Oregon. They are processed the same way and are not identified as "special" ballots during processing. The only difference is that they are mailed out earlier in order to give voters more time. For reference here are the details. There is an option for people to email or fax in their ballot, but you have to agree to give up your right to secrecy in advance to exercise this option. There is no extension in the voting deadline for overseas voters (or any other voter for that matter), ballots must be at the election office by 8pm on election day. Postmarks don't count.

Comment Re:So Protect your Admin passwords.... (Score 1) 168

Separate Infrastructure != separate equipment. Logical separation != Physical separation.

I'd keep ALL administrative interfaces on a separate VLAN which does not logically connect to the network used by the rest of the world except at known points which are firewalled, controlled and monitored. Access to this VLAN would be limited to network admins who presented valid up to date credentials.

If you consider firmware compromise, you have to forget about the isolation given to you by firewalls and VLANs. VLANs are only a logical separation, A VLAN is just a couple of extra bytes added to each network packet that you hope whatever is on the wire will honor. If the firmware of your network equipment is compromised, you can't depend VLAN isolation being honored.

Comment Re:Vote by Mail (Score 3, Informative) 263

One of the interesting things I've noticed is when I raise the subject with friends, the ones who are opposed almost always grew up east of the Mississippi, and are terrified that large-scale fraud will occur. There's a PhD dissertation for a sociologist or political scientist in there somewhere.

And what makes you think they are wrong?

You honestly trust the voting system as it stands? Really?

I do. Here in Oregon, the vote by mail system has reasonable checks and balances. You receive your ballot, which is a "fill in the bubble" optical scan form, in the mail. You mark your ballot and place it in a "secrecy envelope" and then inside a different "mailing envelope" that contains your voter ID. You sign the mailing envelope. You mail your ballot back, or hand deliver it to a near by drop off station. Upon receipt, one election official hand verifies your signature against the one on file when you registered to vote and adds you to the list of people that have voted. If a signature doesn't match or there is a duplicate vote, someone investigates and contacts the voter. Next the inner "secrecy envelope" is placed in a box of votes to be counted. A different set of election officials opens the secrecy envelopes and feeds the ballots into the optical scanning machine. Members of the public are welcome to personally observe both processes. If a recount is necessary the forms can be re-scanned or manually counted.

Comment Exchange (Score 3, Insightful) 889

And by "Exchange" I mean software that provides all the functionality of Exchange beyond simple email. Calendar and contact management; synchronization of mailbox folders, calendar, contacts with mobile devices; user specific server side email processing rules; replication of mailboxes (email databases) for high availability; security model that allows administrative assistant and other delegations; etc.

In short the features that cause large companies to choose Exchange and therefore Microsoft Office.

Comment What does do business mean? (Score 1) 728

if Facebook wants to do business in Germany, then it must abide by German laws.

Does "do business" mean sell advertising or does it mean allowing citizens of Germany to access it's pages. I can see how Germany could legally control allowing foreign companies from doing business in Germany (selling advertising in this case), but I don't see how Germany could prevent its citizens from accessing the whole internet (Facebook in this case), unless it wants to try to be like China or North Korea. I can see trying to restrict the monetary flow in or out of a country, but trying to restrict the information flow seems both wrong and futile.

The trouble with money is it costs too much!