Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re: I have two problems with this article. (Score 1) 287

by Outtascope (#49253621) Attached to: NTP's Fate Hinges On "Father Time"

That isn't really the type of cert expiry they are really referring to, but consider this: The mechanism you describe requires a certificate revocation list, which is just another way of doing the exact same thing - using a trusted 3rd party to ensure you all agree on the parameters used to determine if something is trustworthy or not. That's not an improvement, and in fact, it is far less tolerant to network interruptions (a network interruption could cause a client to trust a credential that it should. Using time, it doesn't matter if the network is interrupted within reason, you can still determine if the ticket is still valid).

Remember, this isn't about you tricking your own clock to trust a ticket provided to you. You could choose to do that all you want. Its about the other party choosing to trust you or not. And YOU don't get to roll back the clock on their infrastructure. If you could, you could open a security hole just as you have described, which perfectly illustrates why NTP/Time Synchronization is so important.

Comment: Re:I have two problems with this article. (Score 1) 287

by Outtascope (#49247395) Attached to: NTP's Fate Hinges On "Father Time"

I partially agree with the sentiment of point 1, but he does have fixed costs to consider. That 96K isn't just salary. Still, I'm not sure it constitutes being impoverished the way the article paints it

On point 2 however, I think you are way off base. That statement really glosses over what it means to have synchronized time and why it is necessary. Two computers agreeing on the time between each other is not sufficient to be considered synchronized from a security perspective. To be synchronized for security, those two computers must agree with an impartial third party. Without that you open the door to manipulation by a bad faith actor and all kinds of holes can be opened up.

I am sure there are many ways to mitigate that situation without the use of a third party time system, but those solutions are going to be much more complicated. And we know what happens when you increase the complexity.

Comment: Re:Simple methodology (Score 1) 347

by Outtascope (#49144407) Attached to: The Programmers Who Want To Get Rid of Software Estimates

Agile doesn't mean there is no plan.

To further that thought, agile isn't about not planning, it's about not being stuck with a crappy monolithic plan for an entire project. A plan that isn't crappy because of incompetence or negligence, but because the initial plan can't possibly account for the realities that every project encounters as it progresses (missed or changing requirements, technical failings of infrastructure that could not be predicted, change of business needs, etc).

Agile is intended to get you to stop trying to jam a square peg in a round hole. The alternative is to pound on that bitch 'till it's round. Which one is likely to result in a better engineered end product?

Comment: Re:No fuck off (Score 1) 468

by Outtascope (#48909521) Attached to: Police Organization Wants Cop-Spotting Dropped From Waze App

Every time I see a cop doing something useless like sitting at the side of the road I want to see their budget cut. They do that crap instead of helping with real crimes. And don't say "but the traffic cops are the same cops that would be investigating crimes" because it's all under one budget.

Actually, sitting on the side of the road isn't doing nothing. Having a visible presence is the best means to ensure that people actually obey the speed limit. Knowing that a cop is parked at a particular place helps ensure that people won't drive recklessly in that area.

Sitting behind a billboard or hiding in a patch of trees in the center median trying to CATCH people in the midst of a revenue generating civil infraction rather than engaging in a behavior that might PREVENT dangerous activities, that is dereliction of duty.

Police departments ought to have a budget that is exponentially and inversely proportional to their ticket revenue. If they are writing that many tickets then they SUCK at deterrence.

Comment: Re:RFID/card scanner (Score 1) 127

by Outtascope (#48474671) Attached to: Ask Slashdot: Best Biometric Authentication System?

What's the matter? Not looking forward to the calls to IT support to change your Biometric Password? Biometric authentication is generally a Very Bad Idea (tm), with a very narrow set of reasonable use cases. Typing a password being "a time-waster" does not, in my opinion, meet the criteria.

I'm with the parent here, use HID or something similar.

Comment: MTV News Vicky Pattison porn star celebrity.... (Score 1) 84

by Outtascope (#47666019) Attached to: Twitter Reports 23 Million Users Are Actually Bots

weight-loss spam bots, you must all die of syphilis right now!

Oh the fury, the anger. I'm talking to you nisha AttAck, and you Aileen Assauult. To you sisterly_picare and you Lupita:) and you Ariyah :). Right at you Dorothy pics and you Inez is Funny!, and you too Melonie Grace. To you Kaelynn Griffin and you Alex FearLesS.

Just stop it, OK? It's like being inundated by the stepford-wives' retarded nieces. Enough is enough!

Comment: No kidding (Score 1) 137

by Outtascope (#46375567) Attached to: Using Google Maps To Intercept FBI and Secret Service Calls

Just try getting something fixed on Google Maps. It's nearly impossible. Sorry, let me amend that: It's nearly impossible if you are or work for/with the agency responsible for the legal addresses and contacts shown on Google Maps. If you are some Joe Blow who wants to randomly change some shit, then it appears to pretty friggin' easy to get something changed.

Google Maps has cost us thousands, perhaps 10's of thousands in costs associated with mail being sent to the wrong location over the last few years (pity the poor guy who works in the office with the address they keep listing). They post addresses that they scrape from the underside of some toilet seat somewhere or pull off of someone's twit-pick of their salami and provolone sandwich, but are absolutely deaf when the easily verifiable owners of the municipalities/businesses/addresses in question can give them authoritative information to use. And try reaching a human being at Google that doesn't work in the sales department, good luck.

I know of one other company in the area who says that their experience with Google is completely different. Of course, the biggest difference is that this company is engaged in 6 and 7 figure contracts with Google on a regular basis. The motto may be Don't be Evil, but they never said anything about not being a pain in the ass.

Make it right before you make it faster.