Follow Slashdot stories on Twitter


Forgot your password?

Comment: Re:But it does (Score 2) 127

by aaarrrgggh (#49537183) Attached to: POS Vendor Uses Same Short, Numeric Password Non-Stop Since 1990

Ok, how about the fact that credit card numbers are stored in the memory dump of the unit? When encrypted, credit cards storage uses a symmetric key? Servers are regularly stolen, but the drives are not encrypted? The software must be installed as the admin user?

From a security perspective, these units really are a POS and a betrayal of trust by the vendors. Most retailers do not have staff on-property to do IT security, so they out-source it. They have been charged an arm and a leg, but do not get a secure, reliable system.

Comment: ,UDH Worse than just Passwords (Score 1) 127

by aaarrrgggh (#49535973) Attached to: POS Vendor Uses Same Short, Numeric Password Non-Stop Since 1990

The actual presentation is much worse than just passwords.

Really pathetic that "chip and sign" won't do much to fix these issues. Disappointed that they didn't shame the manufacturer, although there are really only 3 left now among the majors.

(And sadly, the link to that presentation's directory is "writeable." Sometimes even security specialists get it wrong...)

Comment: Re:Why not let him know what to do (Score 1) 279

by aaarrrgggh (#49385375) Attached to: Ask Slashdot: Dealing With User Resignation From an IT Perspective?

For what it is worth, I am the employer.

I have had about 12 people resign in the past year. 3 Joined up to start a new company, 3 went to work for one competitor, 2 sought better pay, 2 had similar issues to pay (commute), and the remaining two made quality of life moves.

While only the three were real assholes about it, all twelve were technically disgruntled.

For the record, as a "nerd," I fully understand how to completely invade the privacy of my employees. I consider those actions unethical. They are entitled to be disgruntled, and I need to understand when they are unhappy and do my best to address it. Reality is that people that have a honest need to change, but value their employment handle things differently. They communicate well in advance of two weeks notice, and they provide options for both parties. They are not afraid of being treated like outsiders; they are still invested in mutual success.

Comment: Re:2 weeks notice? Fuggedabouit (Score 1) 279

There is this concept about burning your bridges. Being that person that just leaves without notice might catch up to you.

I had to give four months notice for a job; that is absurd. Two weeks keeps options open. Employees are also eligible for unemployment insurance, while employers don't have "cog insurance". Employees can dispute wrongful dismissal. The balance of power is much more equal than most people realize, until you get up to companies with over 5,000 employees or so.

Comment: Re:If he's sufficiently important... (Score 1) 279

From a liability standpoint, if you have a departing employee doing anything important and things go wrong then you are in big trouble. I saw one company go bankrupt in a week after a departing employee was overseeing a critical cut-over that resulted in an outage, and I have had problems with a departing employee putting out a crap product just because he didn't care anymore.

HR over reacts, but they are playing it safe.

Comment: Re:Why not let him know what to do (Score 2) 279

Moreover, from past experience, there are a significant number of people that resign and provide "proper" notice that have plans to compete against said former employer. The really maniacal ones start about a year before they leave, and shift communications to personal email addresses and phone numbers, and in innocuously start using a Box account for confidential information.

They have also likely copied everything off the servers they might want in the future.

Pretty much everyone that quits feels like they have been wronged by their employer, and their new employer will make everything right.

A prudent approach though is to ensure logging of all activity, in case things do come down to a lawsuit. I don't think that level of logging is ethical for active employees, but having the ability to do it is very useful.

The other thing that should be considered is a reviewer of any outgoing emails.

Comment: Re:Wind is (Score 1) 262

by aaarrrgggh (#49250897) Attached to: US Wind Power Is Expected To Double In the Next 5 Years

Per California ISO, which may not be representative of global production, and using yesterday's data we have:
Source / Peak MW / Daily Production MWh
Solar Thermal / 543 / 2,759
Solar PV / 5,164 / 48,086
Wind / 2,366 / 25,584
Small Hydro / 199 / 3,615
Biogas / 206 / 4,716
Geothermal / 1,058 / 25,120

Solar PV has over twice the peak capacity and just under twice the total production.

I tried Texas' ERCOT, but they don't have as good of breakdowns. Their wind production is about half of California's at 1,359MW.

Comment: Re:Wind is (Score 1) 262

by aaarrrgggh (#49250603) Attached to: US Wind Power Is Expected To Double In the Next 5 Years

Much of the issue (misconception) is smaller wind turbines. However, by definition a wind turbine is working hard to absorb most of that inertia into the generator, so there is variability on an individual machine level. The overall grid smooths things out. The complaints I have been hearing are that power flow direction and magnitude can change sharply with the wind turbines, creating challenges for the protective relays.

Sodium Sulfur batteries work great on a diurnal basis, but they seem less effective in short-term cycles, much like most battery technologies.

Comment: Re:Wind is (Score 1) 262

by aaarrrgggh (#49250445) Attached to: US Wind Power Is Expected To Double In the Next 5 Years

Photovoltaics are absolutely fantastic for distributed generation at a building level. Solar thermal is great for grid-scale power generation. Photovoltaic is not a great grid-scale solution precisely because it is a good DG solution.

Wind only works at grid scale. The power formula simply favors the largest turbine, mounted with the hub as high as possible. That does not work for distributed solutions.

What does not seem to be resolved today is how to actually connect 2-5MW wind turbines to the grid without negatively impacting grid stability.

Comment: Re:Classless action. (Score 1) 107

by aaarrrgggh (#49231271) Attached to: Lawsuit Claims Major Automakers Have Failed To Guard Against Hackers

There are likely easy paths and harder paths in. If you can't put a malicious CD or USB stick in and take control, you hit one level. If you can't plug a device into a port under the hood that can take over control, that is another hurdle. Ultimately though, you need to keep the system secure from the OnStar and its ilk being an attack vector. From fairly credible reports, this is not the case.

Comment: Dongle Insanity (Score 1, Insightful) 392

by aaarrrgggh (#49225401) Attached to: Does USB Type C Herald the End of Apple's Proprietary Connectors?

No, it heralds the beginning of another cycle of replacing various dongles and endless cables, much like what will happen when USB-C is eventually replaced with a standard that can accommodate 5K or 8K displays, more power, etc., which would generally be anticipated in about 3-4 years.

It wouldn't be that big of a deal to me, except for the fact that I need at least three sets of adapters for home, office, and weekend place, and ideally a fourth set for my travel bag. Between Ethernet, VGA, DVI, HDMI, USB, and SD this seems like a mess for me.

But what really pisses me off is that none of my USB receptacles that I have hard-wired in will work with the power requirements for the USB-C devices.

Seen on a button at an SF Convention: Veteran of the Bermuda Triangle Expeditionary Force. 1990-1951.