Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment Re:Why stop there? (Score 1) 364 364

Keep in mind this often has nothing to do with any actual decision by the administrators/managers at the institution and everything to do with the financial/healthcare system provider. Healthcare in particular is plagued with lowest bidders trying to scam money out of the institutions from doctors and upper management that know nothing about technology and security.

At the end of the day, these decisions are the result of lazy programmers looking for a quick buck, not a conscious decision. The actual HIPPA document on security has no specifications on the passwords themselves, instead just practices about passwords. (i.e., there is no guideline on what a password should be. There are only guidelines about stuff like "reprimand employees who post passwords, require frequent changes, revoke passwords and tokens/keys upon employee termination")

Honestly, given that the trend is passphrase instead of passwords with length for strength, most people react a lot better and it'd be nice if companies took the time to do this. My last project at my previous work place was to help push through new requirements, and everyone loved it. Give people a strength meter and tell them the few forbidden characters and you end up with some really great passwords.

Comment Re:No kidding. (Score 1) 253 253

I would question your assertion on the native app; often times native apps are a second-thought, not a dedicated project, and unless the company has someone who is well versed in mobile development, it's usually a programming team's first and last foray into mobile design.

The truth is that not a lot of businesses/locations need an app - there's little to no functionality that can be obtained via the app that cannot be replicated in browser with a little bit of elbow grease, and the small benefits that an app can give are usually negligible when compared to, as Google put it in TFA, the "friction" of the mobile experience that interstitials cause.

Comment Re:Interlacing our knees (Score 1) 394 394

It's standard on most international flights outside of the US to have some sort of meal. Even my last relatively short flight from Amsterdam to St. Petersburg had two "meals" and snacks and drinks.

It's only when I've been flying within the US for long flights that they get stingy with the freebies.

Comment Both the submitter and WSJ got it wrong (Score 5, Informative) 230 230

http://arxiv.org/pdf/1506.0586...

The actual paper isn't about AI much at all as it is about making neural conversational models, basically, having the computer chat-back at you in a prompt and natural way. The conversations are less about the computer responding cognitively and more about responding human-like based on the speech patterns fed into it.

The researchers tested two types of datasets, an IT Help Chat Scenario fed with data from what I'm guessing are chat databases, and the second set was fed with conversations from movies as found from OpenSubtitles dataset (not sure if this is a relation to open subtitles.org).

The machine took this vocabulary and then pumped out conversations, and the researchers just looked to see how the new sorting method worked.

I don't understand the linguistic terminology nor the modeling at all, but it seems to me that this is less about AI research and more about just getting bot to sound a lot more natural when they generate responses. I guess this eventually has AI implications, but the research paper itself never even mentions AI, nor does it seem like that's their focus. They're just working on speech, and the statements the machine regurgitated were tested not for cognizance or sentience but coherence. The machine spitting out something relatively snappy isn't the machine getting an attitude, it's the machine finding something relevant to the input that the reader takes as snappy. Such an event has no more significance than when people trained Cleverbot to respond to questions about Hitler with "Hitler did nothing wrong". This bot is no more snappy than Cleverbot is a neo-nazi.

Comment Re:Codeword (Score 5, Insightful) 479 479

As funny and nice as this would be, the inevitable leak is precisely why no such thing exists.

If the author is really in tech, they should know why trees exist and it's to keep Tier 1 questions from reaching Tier 2+ support. Programmers shouldn't be doing password resets. DBAs shouldn't be copy/pasting FAQs to users. Engineers shouldn't be telling people to "Turn it off/on" again, and so on. (Of course, if it's a small enough org there may be some "all hands on deck" events which occur that require everyone to field all questions).

The problem with having an auto-escalation path is that it allows problems that never should have escalated to get escalated. Yes, you may have a fairly specific problem that requires a T3 tech, but the T1 doesn't know that, and the majority of [Company]'s customers don't know that either, but every single other customer think's their issue requires a T3 tech. The scripts and the tree exist to keep some order and structure going. Think about it this way - suppose you were a business customer who had a T3 question - do you really want your call being queued up behind someone who insists that Internet Explorer is the only way to get to their email? When I managed a first response desk, we had people calling in for the Sysadmin, Enterprise Manager, DBAs, Senior Devs, pretty much every upper-level employee, insisting that "Only they can solve this". Most of the time it turned out to be basic desktop troubleshooting or password resets or just basic "how to" questions.

This is why a lot of the big businesses have empowered their T1 to basically send replacements without oversight. When I had Comcast briefly last year, I had a modem that seemed to be capping speeds. I waited out the script, and at the end of 20 minutes, there was a new modem sent to me via Next Day.

The problem in the question does not require escalation; It doesn't need a tech higher than T1, and it's not a matter of the T1's not understanding. To me it seems like the author is just impatient; if I were to expand on that, I'd also suggest they think they're better than the T1 and as such deserve better treatment.

Comment Re:Targeting helps make an ad good (Score 1) 231 231

I don't think anyone disagrees with this in principle, but targeted advertising assumes a lot of things, namely that the target is a heavy consumer.

My experience with targeted advertising is advertisements offering me things I recently purchased. For example, if I order a bike, presumably I'm going to have it for a long time - I don't need more ads offering me bikes at discount prices, as I already have one. If the advertisements were to go through and find local repair shops and help advertise their repair plans (which a lot of shops seem to do now), that would be convenient, along with a distance from my location so I have a relative idea of which I'd like to go to, but that's not really what ads seem to do. Instead, it's "We saw you bought X, here are more X you might want".

Or, if I search for an auto-repair shop, it would be nice to see specialties for each shop, location, etc, but that's not what you get with advertisements. For example, I'm in Russia atm and I just searched Auto-Repair - the ad which is served to me is FireStone, which would be okay if there were any actual Firestones in Russia.

This is my issue with targeted advertising -- it doesn't work as advertised. I'm told that the more I give it information-wise, the better it can figure out what to show me, but it never plays out this way. I'm shown things I've already purchased or things just plain not available. Never mind that the ads themselves contain no information that is worthwhile. With just this alone, there is nothing the targeted advertising offers me which is compelling to not block it. It's a wash for me, and with only that as considerations, I'm merely indifferent.

Comment Re:"Kaspersky's relationship with the Kremlin" (Score 1) 288 288

Understood, but it's not Kaspersky that wrote the summary nor that section of the article. That's from the Daily Dot, copy and pasted by the submitter and approved by the editor. The dude shootin' his mouth off over "Kaspersky in bed with the Kremlin" is just being an idiot and confusing evidence and statements.

Comment Re:Honestly ... (Score 1) 342 342

Not always. Scummy neighborhood gas stations usually have a fair list of banned customers who still loiter around anyways and harass people into buying smokes/booze/lotto tickets for them. The 7/11 where I used to live had a fair sized list that the hobos just waited around the corner and either begged for you to buy them the cheapo cigars or had a couple of crinkled bills for beer or lotto tickets.

If the conspirator had the patience and time, they could have just gotten all dirtied up and waited outside a station like this for a few hours one night and there'd surely be someone who'd buy him a ticket, especially if he used the aforementioned fortune cookie thing. If he gets the cops called on him, most of the time they just tell the hobo to move along since it's more of a hassle to arrest them.

Comment It's good you missed it - it was an advertisement (Score 1) 86 86

Reading the whitepaper, the whole thing seems like it's focused on promoting Arxan's services. It's entirely possible that the presentation itself took a different tone/direction, but the whitepaper itself was fairly contentless sprinkled with a few good points about older MITM attacks exploiting the In-App purchases for iOS and the high piracy rates on Android in China and Russia.

Really that last part is the thrust of the article -- high piracy rates for which they don't really offer any solution except DRM and always-online games. (To their credit, they do make the recommendation of "some sort of protection on the networking layer, in-memory layer, and on disk layer...as well as portions dealing with receiving and unpacking the player's saved game or state.")

Everything else was either misleading, fairly obvious non-suggestions, or just plain outdated information.

Examples:

- Whitepaper dedicates a section to lost revenue from a MITM attack allowing iOS users to get in-app purchases for free. The reference they use is a 2012 article from the Guardian talking about how Apple already fixed it. Specifically, this was relating to iOS 5 and has since been resolved. While Jailbreak options still exist, the whitepaper does not mention these nor does it discuss any other actual leak.Referenced Article

- Whitepaper has section on Flappybird clones which reads:

...However, by March 2014, approximately 60 Flappy Bird clones a day were being added to the iOS App Store...Worst of all -- a reported 79% of these clones contained malware.

This section has a reference that points to a McAfee threat report from June 2014 - as the section reads, "these" refers to the clones on the iOS App Store, however, the McAfee report clearly shows that this is Android stores that are plagued, not iOS. http://www.mcafee.com/us/resou... Page 6

- Whitepaper has a section on how hackers damage communities, which is not incorrect, however, they provide the following "helpful" tips:

  • Learn how to tell when a hacker hacks
  • Include banning as a feature
  • Look for reports of hacking

While these are not bad suggestions, they're also absolutely common sense for mobile game developers, or just people dealing with problems in general.

The submitter is absolutely right that this could have been a really keen presentation, but based on what they produced in the whitepaper, it sounds like a business trying to drum up some more business for themselves with misleading and/or useless information.

Comment Re:The App Store stuff is more interesting (Score 2) 269 269

The 'race to the bottom' is something anyone with half a brain can see, and anyone who's a developer looks at that and must feel some gnawing fear. Maybe I'm wrong, but I feel like we're all pushed to mobile (if you're not on mobile, you're out of touch!) and when I look at the market, it gives me the willies. I don't think the Google Play Store is doing any better in that regard either. Worse, I don't have the foggiest idea of how to correct the problem, not even one that would take Herculean effort from either company to employ.

I'm not sure that this is as much of an issue as people are making it out to be. I do agree that developers should get paid for their work and curation needs to be a bit better (though I find that is somewhat at odds with the complaint that the Review Board rejects stuff...should Apple be more hands on or more hands-off?)

After reading through the article, I checked out the apps that the folk made and used some left-over freebie money from when I last bought a Mac to get their product. They're absolutely right that it is a very clean, well polished, functional app. I also have absolutely no use for it.

The two apps mentioned in the article, Vesper and Twitteriffic, are not suffering because of poor visibility in the app store or the race to the bottom; instead, neither really fulfills any particular need, Vesper in particular. Their description left me just completely dumbfounded as to what the app was actually for:

Vesper is a simple and elegant tool for collecting notes, ideas, things to do -- anything you want to remember. Organize your notes whatever way comes naturally to you, without complications. Vesper's focus is on how it feels to use.

Did you get anything from that except that Vesper is a notepad application? Can you think of any reason you'd need an advanced notepad on iOS? Much less one that uses yet another cloud service instead of iCloud? Again, I can appreciate the quality of the app -- it really is a pretty application. But their problem isn't Apple facilitating people racing to the bottom, it's that their app is basically a $10 substitute for what already exists in iOS; yes, it's all in the same spot as opposed to being spread over apps, but that's not $10.

Twitteriffic itself isn't particularly well made -- it's a mess of a screen and it looks cobbled together. The ads are far more intrusive than the original Twitter app, the coloring looks really bad (like geo-cities era webdesign bad), and it feels so much more like a "me too" app than anything.

What these devs seem to be missing is that while there are issues with curation in the Appstore, it doesn't impact their applications in the way they imagine. Vesper is an app trying to solve a problem/need that no one has. Twitteriffic is just a bland twitter clone with a few functions that the native client already supports or that no one wants. Even if Apple kept both apps on the featured page for weeks, it wouldn't change anything -- the apps just don't really do anything. It's not enough to make a pretty app for iOS, it has to actually serve a need, and if you can do this, people will pay. On Cydia, there are a few tweaks and apps which met needs that iOS didn't have. Prior to iOS 8, there was a need for MyWi, and I still use it on iOS 8 cause I like it better. Maybe with enough marketing spin and catchy advertisements, the likes of Vesper can convince the public that they need Vesper, but as it stands, it's not that apps like this are being treated unfairly, it's that there just isn't a need. It's like an art student pouring months into a painting that no one wants to buy -- we recognize the talent, but we've deemed it's not worth it. You can't just make a really slick product that does nothing and expect it to sell at $9.99.

Comment Re:I don't get it... (Score 3, Insightful) 215 215

No idea why this is modded as Informative -- people wanting to buy HL3 sight-unseen isn't an indicator to make it, that's an indicator for a cash-in which they're not acting on. This is a sobering but good reason as to why there's no HL3. If they aren't feeling it, they shouldn't be doing it, because it's just going to end up with unhappy Valve and unhappy gamers. No one really wins except for Valve's bank account.

Demanding they put out HL3 without a creative impetus is like a kid demanding to eat ice cream for breakfast, lunch, and dinner. Seriously, not everything needs to be on a scheduled release cycle; it's okay for stuff to be done when it's done instead of just forcing out a new product 'cause it's about new product time. This mentality is what leads to so much awfulness from the tech sector.

Comment Re:Reality of YikYak (Score 4, Informative) 367 367

YikYak runs off phones or via Chrome if you take the time to run YikYak as a package (or whatever the term is) for Chrome. If the device is connected to the school's wifi, they ought be able to get the log-in associated with that IP address at the time of posting, which YikYak stores and readily provides in the case of police investigations.

The campus I work for has basically taken a much more aggressive position on YikYak and we monitor it...as we remember to. YikYak itself is such a pain in the ass and most of the time it's just students bantering like students (I almost wrote idiots, but given how I was in university, I'm in no position to judge). Most of it is complaints and asking where the next party is.

Funny enough, YikYak's moderation system actually makes it really hard to deal with the threats that do pop-up because they get removed after 5 downvotes, meaning it's hard for us to find them before the students remove the threats. We effectively cannot take action despite wanting to. I wouldn't expect the YikYak folk to spend time contacting schools where the threats are occurring, but I hope that they log it well enough to allow institutions to take action if they feel that any one student is consistently using the service to post threats.

Comment You're fighting a few fronts here (Score 1) 247 247

You have a few challenges ahead of you; political ones, technical ones, and fiscal ones.

Are you just hoping to be the initial voice of inspiration and get everyone behind you? Or are you ready to be the advocate for the two factor auth you're proposing? Unless you've done your research and you know a lot of others in your department are on board with this proposal already, your proposal is going ground itself without much more than a candle flicker.

People tend to be really resilient to change, even really bright tech folk. "Good enough" is the motto that most people live by, so you're going to have to make a really enticing argument or get a lot of support across the board before even presenting this. Check with the necessary Systems folk; do they have ideas or wants or problems with a Two-Factor auth for users? Do the math for your accounts; are you saving enough money that it will make someone look good? Check with your Help Desk/Ticketing software; are password resets really enough of a problem that they're impacting people's work flow?

I promise you that most folks in a position to make a decision like this aren't staying up at night wishfully hoping that someone suggests TFA for the company, and few non-tech people in the company are even going to know what the hell you're talking about.

You're going to need to be prepared to really explain your idea and show that it already has support, else they're just gonna look at you like you suggested catapulting the ring into Mordor.

Comment Riot beat Bennet to the idea (Score 1) 132 132

Riot has had a system like this for some time, the Tribunal, and they allege it works pretty well. It used to have an in-game based reward (absolutely minuscule amount of IP, the in game currency), but they have since removed it, and last I checked it still had high numbers. I don't know if Riot is the originator, but I know it's a pretty major part of their abuse/harassment control.

I really don't know if a Tribunal style method would carry over to Twitter - I remember that part of the reason that people liked Tribunal was just the absolutely ridiculous stories you could read about players and the crap they pulled, and the in-game jokes made it worth it. Riot also made a mini-game of the system, insomuch that you get ranking based on how often your suggested ruling lines up with the actual ruling made on the case. You don't get anything in game anymore, nor does it affect your game profile, but people seem to like it. Likewise, Riot's punishments aren't just pardon/ban, but a range of punishments which can be administered by the admins there.

One thing that does make me kind of worried is that there's not a lot really holding people to the abuse Twitter accounts; in Riot's case, having a Level 30 account (necessary level to participate in the game in full) takes a bit of time, and while many users have accumulated quite a few spare accounts, eventually those pools run dry -- on top of that, primary accounts tend to have in game purchases tied to them, so loss of the account represents a financial loss. With Twitter, you can make a spoof account in seconds with no penalty, and harassment accounts are able to participate immediately and by necessity for Twitter to work. Without the time commitment or something tying people to the account, I'm not sure that this will have as great of an impact.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...