Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment: Re:E-mail client? (Score 4, Insightful) 83

by Todd Knarr (#49773177) Attached to: Attackers Use Email Spam To Infect Point-of-Sale Terminals

For the first, tough. If they can't properly handle other people's financial information like credit-card numbers and PINs, they shouldn't be handling that information. Just like with a restaurant that claims they can't afford to maintain proper sanitary conditions to prepare food for customers.

As for the second, in larger organizations there's never any reason to have a general-purpose computer on the POS network that can access or be accessed from the outside world. I know, I helped build and maintain a national network of POS systems that maintained that separation. If corporate IT and the software vendor can't make it work, I'll be happy to quote an hourly rate for the work.

Comment: E-mail client? (Score 5, Insightful) 83

by Todd Knarr (#49773093) Attached to: Attackers Use Email Spam To Infect Point-of-Sale Terminals

So, WTF is an e-mail client doing on a POS terminal in the first place? It doesn't need one, it shouldn't have one. Ditto a Web browser. You don't have to worry about vulnerabilities in software that isn't present on the machine in the first place. There are of course other things to be looked at, but those are a good starting point.

Comment: Re:To be more precise, Amazon will collect on taxe (Score 1) 241

by Todd Knarr (#49762223) Attached to: Amazon Decides To Start Paying Tax In the UK

Unless, of course, one competitor says "Hey, I'm making a 20% profit margin currently. If I let that slip to 18% I can absorb the tax, keep my prices the same while my competition increases theirs, and gain 10% more sales as people go for my lower prices.". Certain investors, particularly the ones who don't want the business to succeed, will undoubtedly complain, but by the time they manage to wrangle the board into doing anything the first new sales and profit numbers will probably be in and most investors won't go along with them if the numbers are holding up while the competition are losing ground. If the competition don't raise prices, well, you pretty much have to hold them steady and investors who want to raise them are easy to neuter by pointing out that they're advocating giving away sales and profit to the competition.

Comment: Re:To be more precise, Amazon will collect on taxe (Score 3, Insightful) 241

by Todd Knarr (#49761761) Attached to: Amazon Decides To Start Paying Tax In the UK

That assumes that the business can raise prices without consequence, which is an invalid assumption. Amazon has to account for what consumers will do if faced with higher prices through Amazon, and what the effect of that will be on revenues. There's also the behavior of competitors to consider, as Amazon's prices go up it encourages other companies run by people willing to accept lower profits to step in and take Amazon's business away.

You also have to account for the fact that raising prices to cover taxes is a no-win proposition. Taxes are a percentage of profits, and are not deductible from revenue when calculating profits. So if Amazon raises their prices (and, assuming no change in consumer behavior, their revenue) by 10%, they also increase the amount of taxes they owe by 10%. So now they have to raise their prices again to cover the additional tax, lather rinse repeat. Consumers tend to get fed up with this cycle and vote in politicians willing to increase the tax rates as profits go up, which leaves companies facing a choice between accepting the taxes and somewhat lower profits or closing down and accepting zero profit.

Comment: It depends on the code (Score 4, Insightful) 48

Google's Chrome would be a good example. Google's business is not selling browsers. Their business is selling advertising. Many of the services they offer to attract eyeballs (and data) for their business require a good browser. So they don't lose any revenue by giving their browser away and letting other people build browsers based on the code, in fact the more modern browsers out there that're all compatible the better for Google. In that situation it makes sense to open-source their Chrome code. For any business, if the code's utility code that's necessary for the business but not a significant part of the parts that separate your offering from everyone else's it'd make sense to open-source it. You don't lose anything, you gain brownie points, and you may be able to use the bug fixes and enhancements others make without having to spend your own resources on them.

You don't, however, see Google open-sourcing the details of their analytics algorithms, or the exact code that drives PageRank, or the other things that set them apart from other search engines. Those things they need to keep secret because if they got out Google would lose a competitive advantage. Open-sourcing code like that would cost a business revenue, so it shouldn't be open-sourced.

Comment: Re:hmm (Score 1) 545

by Todd Knarr (#49743949) Attached to: California Senate Approves School Vaccine Bill

The problem is that other people see it as being their right to life, since we're talking about diseases that cripple or kill and not something that just gives you the sniffles. And they don't agree that you should get to decide to risk their lives because of your desire for medical self determination. Remember that we don't have to ask what things would be like if non-vaccination was common, we can look back at what they were actually like when that was the case. And it was not pretty.

Note that under the bill you can still refuse to get your kids vaccinated. You're just not going to be permitted to put the kids of parents who don't agree with you at risk because of your decision. And I suspect the kids will only be "deeply entrenched" until they get out of school and find out that having a quarter of your class consigned to braces or a wheelchair for life isn't normal. At that point your group will follow the pattern of similar groups like the Quiverful movement: having ~100% of their children reject the movement entirely. And if you want to prove me wrong, well, I'm perfectly fine with that just so long as you don't drag anyone into your experiment who doesn't agree to participate.

Comment: What manufacturer? (Score 1) 384

by Todd Knarr (#49738291) Attached to: Ask Slashdot: Best Way To Solve a Unique Networking Issue?

What manufacturer is this? When I dealt with POS interfacing with Tokheim and Gilbarco pumps (including the MPDs) all the smarts was in the controllers and the modules of our POS software that ran the pumps, card readers (Petrovend units for non-MPD stations) and RF tag hardware. The pumps were relatively dumb and only required software updates when the physical hardware was modified, and we could do the software bit while the pump was down anyway for the physical work. Most "software updates" were just changes to the database tables that told our software how to react to events and what settings to send to the pumps for mix ratios, prices and so on. Your description sounds like you've got a good chunk of the POS system actually running in the pump itself.

Comment: Re:hmm (Score 1) 545

by Todd Knarr (#49702409) Attached to: California Senate Approves School Vaccine Bill

At the point where you're deciding the level of risk for someone else. Which is what you're doing when you decide to expose other people to diseases that can kill or cripple for life because you don't want to be vaccinated. Your want to be free to choose on that matter without me having any say in it? Figure out how to avoid spreading measles to anyone else if you catch them, then we'll talk.

As for your proposal, I do consider it unworkable, but that's irrelevant. Your "solution" doesn't address the problem you presented. It doesn't stop the child from being born, it doesn't keep him from being raised by a poor single mother in the inner city, and it won't prevent his possibly becoming a criminal because of it. If anything, your proposed solution makes the problem worse. Even if it were sane and workable, it should be rejected on that basis alone. Vaccination, meanwhile, has not only a massive amount of evidence but many decades of practical experience demonstrating that it does in fact decrease the problem.

Comment: Re:hmm (Score 1) 545

by Todd Knarr (#49695919) Attached to: California Senate Approves School Vaccine Bill

1. Because vaccines don't provide 100% immunity. Nothing can. The more unvaccinated people there are, the more we're all exposed to the disease and the higher the risk of catching it despite being vaccinated. Also, there are people who for medical reasons (allergic reactions, compromised immune systems, still too young) can't be vaccinated. Every unvaccinated person poses a risk to them.

2. Yes.

3. This is true. However the risks from those side-effects are far less common and less severe than the risks from the disease when you're not vaccinated. Arguing that having a 1-in-100,000 chance of being crippled for life is better than having a 1-in-1,000,000 chance of needing a week in the hospital is... not a winning argument, I'm afraid.

4. As long as it's just you or your children, fine. But it's not, you're exposing everybody else to the consequences of your decision. You want the right to control what goes in your children's bodies, yet in the same breath you say we should have no right to control what goes in our children's bodies when it comes to the infections originating from your unvaccinated children. That doesn't fly. Note that the CA bill doesn't prevent you from refusing vaccinations. It simply means you can't send your children to public schools and subject everybody else's children to involuntary exposure to your children's infections if you won't get them vaccinated. You're free to send them to a private school that doesn't require vaccinations if you want.

5. How about the family who sees the same thing happen to their kids because before they were old enough to be vaccinated they caught something from your unvaccinated kids? Are you going to take responsibility for your actions there? If so, how exactly do you propose to compensate that family for the loss of their children?

Comment: I have to support disclosure (Score 1) 94

In an ideal world you'd notify the vendor, the problem would get fixed and the world would move on. Alas, we don't live in ideal world. Vendors fail to fix problems. Users don't upgrade software, or can't upgrade it or are unaware they're even using it, and the vendor doesn't publicly announce the fix and the need to apply it. The threat of disclosure, and the eventual disclosure even if the vendor doesn't say anything, is the only leverage we have to make sure vendors really do fix problems and users know what they need to know to assess the risks and mitigate the problem if they can't apply the fix. I'd love not to need to use that leverage, but we've seen how well that works already and we see repeated examples showing that vendors haven't changed their ways. Realistically the best we can manage is to notify the vendor (with full details, so they can verify the flaw is real and can't believably claim they couldn't replicate it) and give a deadline for either fixing the problem or providing mitigation measures, and then follow through with complete disclosure (so others can verify the problem's real without having to take our word for it) if the deadline passes without the vendor having disclosed the details themselves.

Unfortunately too many vendors have made it unsafe to do even that much. They don't just ignore problem reports and deny the problem exists, they actively try to silence the person reporting it through lawsuits and criminal prosecution and smear campaigns. When dealing with vendors like that you can't safely notify the vendor of a problem. I don't like it, but when dealing with a vendor like that all you can do is dump all the details into one or more suitable disclosure forums and make sure you've covered your tracks thoroughly so the vendor can't trace the disclosure back to you. Then clam up on the subject and don't say a single word anywhere to give anyone the idea that you were at all involved, lest you give the vendor a reason to suspect you. It's not a polite, civilized way of dealing with the matter, but I figure if the vendor's made it's bed it's just going to have to lay in it.

Comment: Re:The version number is dead... (Score 1) 154

by Todd Knarr (#49668871) Attached to: Windows 10 the Last Version of Windows? Not So Fast.

A year behind is typical for corporate users. Selected security patches get applied after thorough testing, but unlike a home user a corporate IT department can't simply apply any update Microsoft sends down. They have to insure that every bit of software they run, which is overwhelmingly not from Microsoft, is compatible and runs correctly with the updates applied to Windows, and is supported by the vendors. That's the major reason why corporate systems were running Windows XP for so long after Win7 came out, they had a lot of software that wasn't certified for or flat-out wouldn't run on Win7. It's why Win8 and 8.1 have so little adoption in the corporate world. Hardware is typically on a 3-5 year lease term, and other than security patches the OS typically doesn't change until at least it's time to replace all the hardware. Corporate IT departments can't and don't run their systems the same way a casual home user does.

Comment: The version number is dead... (Score 2) 154

by Todd Knarr (#49665747) Attached to: Windows 10 the Last Version of Windows? Not So Fast.

... Long live the version number. We saw it with Windows 95/98, XP and Vista, despite the names they still had nice conventional version numbers just like earlier versions. You just had to know where to look for them. MS may remove visible version numbers from Windows, but they'll still keep adding functionality and making backwards-incompatible changes which means software will still need some way of telling whether the system it's installed/running on supports the functionality it needs. Application developers being too lazy to write the large chunks of code needed to probe every single API they want to use and test for which specific variation is present, and the Windows team not having the time/resources let alone the inclination to go back and retrofit everything in Windows with individual version numbers or feature/variant flags, that means a version number that can be incremented to indicate the point at which a particular API or variation became available that app devs can easily test. And of course corporations are going to demand some way to make sure that the Windows 10 machines they buy in 2017 will run the Windows 10 image from 2016 and that the 2017 "written for Windows 10" software will actually run on machines using that image.

Comment: Re:Management, not Millenials (Score 1) 405

by Todd Knarr (#49660621) Attached to: Is IT Work Getting More Stressful, Or Is It the Millennials?

People who know stuff don't cause me any stress. It's people who think they know stuff but don't that cause the most stress, and I haven't found Millenials to be much worse in that regard than any other age group. More often it's that they do know and what they're asking is entirely reasonable, it's just prohibited for silly reasons. Eg., they come in wanting their phone to just work with the Exchange server. Yes, it should just work. Exchange supports all the protocols needed for it to just work. I've argued repeatedly in favor of that but upper management thinks they know better and won't permit POP3/IMAP4 to be turned on, after all they're open protocols and anything open has to be an open invitation to hackers to walk into our network (grumblegriemutterstupidsuits tiesmustcutoffbloodtothebraingrowlgnashgrumble).

"When it comes to humility, I'm the greatest." -- Bullwinkle Moose