Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment: wrong arrest (Score 2) 309

by Tom (#49525709) Attached to: Futures Trader Arrested For Causing 2010 'Flash Crash'

The real people to throw in jail are the ones who made it possible. The guys who deregulated the markets so much, the ones in oversight of the finance system who didn't see these things approaching and the people who dissolved all the protections of the real economy against the finance market because they were greedy for quick bucks.

Politicians, mostly, but we should also go after the lobbyists and their employers who influenced them.

Of course, that will never happen. Society rarely becomes self-conscious enough to get rid of its parasites.

Comment: Re:failed industry (Score 1) 67

by Tom (#49523033) Attached to: How Security Companies Peddle Snake Oil

That is exactly what I mean. I would even go one step further at the end: Without the risk of the computer compromising the user. Because the computer in itself is worth its scrap metal value and that's it. Everything of actual value is in the user - the data, the communication, the access to 3rd party networks and services. Not that one particular user in front of the machine, maybe, but a user.

Comment: failed industry (Score 4, Interesting) 67

by Tom (#49517301) Attached to: How Security Companies Peddle Snake Oil

I've exited the security industry after 15 years, no longer believing that it does any good. And TFA is pretty spot on.

The issue is that security is both wide and deep. You need to cover all your weak spots, and you need to cover them completely. As an industry, we have succeeded in finding technical solutions to almost every challenge, but we've failed in creating a systematic approach to the field. Look at the "best practice" documents - they are outdated and mostly a circle-jerk. I did a quick study some months ago checking the top 100 or so for what the academic or scientific or just substantiated-through-sources basis is, and the result is pretty much: None at all.
Even the different standards, including the ISO documents, are collections of topics, not systematic wholes. It's like high school physics: This month you get taught optics, next month Newton mechanics, the third month electromagnetism. The only thing they have in common is the class room.

Nowhere is it more visible than our treatment of the user. It's clear that most security professionals treat users as disturbances, as elements outside their field of security. I imagine what roads would look like if their planners would look at accidents and say "cars are a threat to our road system. They clog it up and very often they crash into each other and cause serious issues to traffic. We need to protect the road system against cars. Can we automate roads so they work without cars as much as possible?"

We need a much more systematic, holistic view on the whole field than we have right now. In a pre-scientific field, snake oil is the norm. It was the same in medicine (where the term originates), in chemistry (alchemy), in psychology (astrologie, numerology, one hundred other primitive attempts at understanding and predicting human behaviour) and virtually every other field, even many non-scientific areas, such as religion/magic.

Comment: Re:Execute the fastest way possible (Score 1) 591

Whilte it originally was introduced in order to execute painlessly, following basically your logic, it has since turned out that this is not true and the Guillotine is actually a fairly cruel execution method.

It is great for market-square entertainment, though. Maybe that's what you're really after?

Comment: interesting (Score 2) 58

by Tom (#49509515) Attached to: Computer Beats Humans At Arimaa

Actually much more interesting than I thought at first glance.

The game is designed intentionally with computational complexity in mind. It failed. The rules (WP has them, or a dozen other sites) are mostly designed to increase the search space. For example, instead of the fixed setup in chess, you get basically the same pieces, but you can put them into your 2 rows in any way you want. I'm too lazy to calculate the initial starting positions, but thanks to the Internet, someone else did it and came up with ~10^15. That makes an opening library practically impossible.

However, I'm a hobby game designer, so I look at rules with slightly different eyes. The complexity of the game is largely artificial. Brilliant minds will, like in a badly designed crypto-cipher, find tons of places where the complexity can, for the practical purpose of actually playing and winning a game, be reduced dramatically. Remember that in theory chess has 20 valid opening moves for white. The vast majority of them you will never seen in any real game.

I'm also bothered by the fact that complexity is reached by the addition of rules, instead of the subtraction. Go is a perfect example for how you can reach complexity with very simple rulesets. When building games, especially board games, you generally strive to keep the ruleset as simple as possible and check every rule for whether or not it adds anything worthwhile to the gameplay or not. For a simple, conventional style 2-player board game, the ruleset is overly complex IMHO. Maybe that's why I never heard about this game before - it doesn't actually appeal to many human players, except those interested in not being beaten by a computer.

Comment: new rules (Score 1) 229

by Tom (#49509455) Attached to: Whoah, Small Spender! Steam Sets Limits For Users Who Spend Less Than $5

New at Steam: We replace people who don't give a fuck with people who really don't give a fuck.

No, don't get me wrong, it's a step in the right direction. But the step itself begs questions. In general, the great firewall is the first cent - people who spend nothing at all and people who spend something, no matter how much. If you don't believe me, try charging 10 cents or something ridiculously small for any free web service you offer, and you'll find your user numbers drop through the floor.

I don't think there's a measurable difference between $5 and $4 or $3 -- the number is entirely arbitrary. A psychological barrier would be $10 (the two digits, the reason almost nothing in any shop in the world costs $10, it will always be $9.99 or $9.95).

Comment: Re:Long View (Score 1) 482

by Tom (#49491483) Attached to: Seattle CEO Cuts $1 Million Salary To $70K, Raises Employee Salaries

Compensation has been commensurate to your skills for hundreds of years.

Your argument smells.

Yes, more skilled people in general earn more. But (and in the words of Ben Goldacre: It's a big but) there are exactly two issues with this in our modern hypercapitalism, and they are related:

a) A class of very low skilled workers has moved to the top of the food chain and takes a massive part of the total wages for itself

b) The general level of pay is staggeringly low. If you compare the wealth of your western nations to the wealth of the average individuals within, you should be frightened. Most western countries can spend a few billions here and there without so much as shrugging. As nations, we have more, much much much more money available than ever in history. The most lavish spending of any king in history pales compared to everyday infrastructure, science or military projects of today. As people, we are richer than the average middle ages peasant, but in comparison to our nations wealth, we have less.

Comment: Re: For work I use really bad passwords (Score 1) 136

by Tom (#49481065) Attached to: Cracking Passwords With Statistics

Then another site I used got hacked. And at that point I decided I was better off using a password manager and using different passwords for each site.

Yeah, that sucks.

I use a password manager as well, mostly because I'm lazy typing. It gives me the added benefit that if one of the sites gets hacked, I can check the PW manager to see where else I use the same PW.

You can use different passwords, if you like. I don't do it because it would mean that when I find myself without my PW manager, I'd be fucked. And it happens quite often that I do.

Comment: Re: For work I use really bad passwords (Score 1) 136

by Tom (#49481055) Attached to: Cracking Passwords With Statistics

The problem there is that all it takes is one crap site and an attacker can check all of your "reset answers" (pet's name / mom's name / etc) to see if they can be used for an attack.

These bullshit "security questions" are actually the weakest link. I don't use them. If the site enforces it, I fill them with noise.

Think about what the minimum information an attacker would need to access your bank account (either login or social engineering) and then look at how many sites have that information.

Depends on your bank. Mine doesn't let me log in with username or password or any such crap. Also, every bank worth its money these days will use 2-factor authentication, or send a TAN by SMS or something like that. More and more banks will also send you SMS to inform you about every transaction made, so you can stop any abuse immediately.

Banks are among the few who actually take security seriously. They're not perfect, not by far, but they are still among the only commercial entities to use one-time-passwords (those TAN lists) and were among the very first to use 2-factor authentication.

So, to answer your question: What do you need to access my bank account? Nothing you would find on any of the forums, games sites or even my Amazon or iTunes account.

Comment: Re: For work I use really bad passwords (Score 1) 136

by Tom (#49481025) Attached to: Cracking Passwords With Statistics

Changing passwords doesn't make them magically more secure.

What do you hope to accomplish? If you have a good reason to change, change. If you don't, you change for prophylaxis, to stop someone who may have been using your account for something. But if you didn't even notice, what's the damage? And if he's a pro, he's also changed the password reset email address, at least on sites that don't send a notice to the old address.

You're doing a lot of effort for - what? If you can't answer that question, don't do it.

Reality must take precedence over public relations, for Mother Nature cannot be fooled. -- R.P. Feynman

Working...