Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment Re:How does injecting a cookie expose data? (Score 1) 66

So I was going to go all "what a bunch of bu..." on this, but your point about being able to set the secure flag from a non-secure connection makes the issue clear. This seems a rather easy fix for the browsers, refuse any cookie that has the secure flag set if it is being set over http. I'm actually astounded that this isn't the default behavior, I had always assumed it was. If this change breaks anything, well tough. You don't want to visit a site that is saving something "secure" over plain http anyway.

Comment Re:Ha! (Score 1) 480

But those bonuses (re-enlistment, specialty pay, hazardous duty pay, etc) still fit a very rigid structure. It isn't capricious, and everyone knows exactly what the requirements are to achieve that rate. SSGT Jackson doesn't make 20% more than SSGT Hanson simply because SSGT Jackson has a dick or because SSGT Hanson didn't have MSGT Thomas over for dinner often enough.

This is EXACTLY the kind of meritocracy that people whining about the occupy movement should be embracing. But they don't, they want to preserve their entitlements while criticizing others for seeking what they see as entitlements. What this company did isn't pay equity, it's just an idiotic overly literal interpretation of the expression (kudos for trying, but come on). I think you would be very hard pressed to find a significant portion of the occupy group that believes that a CxO shouldn't make more money than the average worker. They just don't think they should make an amount that is irrationally disconnected from their contribution to the success of the company.

The reality is, that if you were to pay according to merit, I think you would find that most high performing businesses would have dozens of employees who make more than any CxO because their contributions are that much more important. That doesn't happen though, because the entitlement issue happens at the top, not the bottom.

No honest person believes that a hamburger flipper should make the same as a police officer, or business executive, etc. Most decent human beings, however, would find it disgusting that such a large portion of our population makes insufficient money to survive, while WORKING THEIR ASSES OFF. They work multiple jobs because the assholes at the top limit their hours under 29 to avoid paying extravagant benefits like, you know, health insurance. They end up having to use corporate welfare (which in reality is ALL welfare outside of that for the disabled) in order to get by the day to day. Not ironically, the people complaining about the "entitled" workers for wanting to be able to live inside a home, to take a couple days off when they get hit by a car without losing their job, or be able to get antibiotics when they get pneumonia, are the same ones who treat those workers like shit at the drive through or the checkout or the customer service desk.

Comment Re:Prime Scalia - "Words no longer having meaning" (Score 1) 591

Unfortunately, Congress is ceding power to both the Executive and Legislative that can only weaken our rights and liberty. They are becoming less and less relevant.

I know, the Republic comes to a halt when Congress cedes power to the Legislative. Wait, what?!?! Mama always told me, it is better to remain silent and be thought....

Comment Re: I have two problems with this article. (Score 1) 287

That isn't really the type of cert expiry they are really referring to, but consider this: The mechanism you describe requires a certificate revocation list, which is just another way of doing the exact same thing - using a trusted 3rd party to ensure you all agree on the parameters used to determine if something is trustworthy or not. That's not an improvement, and in fact, it is far less tolerant to network interruptions (a network interruption could cause a client to trust a credential that it should. Using time, it doesn't matter if the network is interrupted within reason, you can still determine if the ticket is still valid).

Remember, this isn't about you tricking your own clock to trust a ticket provided to you. You could choose to do that all you want. Its about the other party choosing to trust you or not. And YOU don't get to roll back the clock on their infrastructure. If you could, you could open a security hole just as you have described, which perfectly illustrates why NTP/Time Synchronization is so important.

Comment Re:I have two problems with this article. (Score 1) 287

I partially agree with the sentiment of point 1, but he does have fixed costs to consider. That 96K isn't just salary. Still, I'm not sure it constitutes being impoverished the way the article paints it

On point 2 however, I think you are way off base. That statement really glosses over what it means to have synchronized time and why it is necessary. Two computers agreeing on the time between each other is not sufficient to be considered synchronized from a security perspective. To be synchronized for security, those two computers must agree with an impartial third party. Without that you open the door to manipulation by a bad faith actor and all kinds of holes can be opened up.

I am sure there are many ways to mitigate that situation without the use of a third party time system, but those solutions are going to be much more complicated. And we know what happens when you increase the complexity.

Comment Re:Simple methodology (Score 1) 347

Agile doesn't mean there is no plan.

To further that thought, agile isn't about not planning, it's about not being stuck with a crappy monolithic plan for an entire project. A plan that isn't crappy because of incompetence or negligence, but because the initial plan can't possibly account for the realities that every project encounters as it progresses (missed or changing requirements, technical failings of infrastructure that could not be predicted, change of business needs, etc).

Agile is intended to get you to stop trying to jam a square peg in a round hole. The alternative is to pound on that bitch 'till it's round. Which one is likely to result in a better engineered end product?

Comment Re:No fuck off (Score 1) 468

Every time I see a cop doing something useless like sitting at the side of the road I want to see their budget cut. They do that crap instead of helping with real crimes. And don't say "but the traffic cops are the same cops that would be investigating crimes" because it's all under one budget.

Actually, sitting on the side of the road isn't doing nothing. Having a visible presence is the best means to ensure that people actually obey the speed limit. Knowing that a cop is parked at a particular place helps ensure that people won't drive recklessly in that area.

Sitting behind a billboard or hiding in a patch of trees in the center median trying to CATCH people in the midst of a revenue generating civil infraction rather than engaging in a behavior that might PREVENT dangerous activities, that is dereliction of duty.

Police departments ought to have a budget that is exponentially and inversely proportional to their ticket revenue. If they are writing that many tickets then they SUCK at deterrence.

The trouble with doing something right the first time is that nobody appreciates how difficult it was.