Forgot your password?
typodupeerror

Comment: Re: I wonder (Score 1) 347

by Ed Johnson (#46334733) Attached to: NSA and GHCQ Employing Shills To Poison Web Forum Discourse
And layered on top of all the CYA and paranoia, we have now 10's or perhaps hundreds of billions of dollars per year at stake - most going to private contractors who now have an enormous interest in perpetuating the cycle. As well we have media (especially "news" outlets) completely co-opted as propaganda arms of a few large corporations, which also stand to benefit from the perpetuation of all of this. It's difficult to imagine how this can be unwound.

Comment: Re:Wroooooong! Sorry but, WRONG! (Score 3) 389

by Ed Johnson (#46277251) Attached to: Windows 8 Metro: The Good Kind of Market Segmentation?
EXACTLY - I have been an MS user (sometimes reluctantly, sometimes enthusiastically) since windows 3.0 running in real mode on a 286. I have at least tried every O/S since then. I have been a windows developer since windows 3.1. NEVER before windows 8 did I have to search Google (when Bing proved completely useless) to learn how to close an app, or do much of anything really. This is by a very WIDE margin the most unfriendly, un-intuitive O/S I have ever seen. As an experiment, since MS claims this is aimed at "my mother" I installed it on a laptop for my wife - a MAC user who can do basic things on a PC but prefers the MAC. She hates it. She can't do anything without help, even after switching to 8.1, and adding classic shell, and populating her desktop she hates it since it keeps throwing her into these crazy metro apps that she cant close and can't find a way to get out of. MS needs to abandon this horrid abortion and go back to the windows 7 desktop, if they want to keep metro on the phone - fine, even on a tablet most of my coworkers live in the desktop, this either needs a LOT of help form some poached Apple UI people, or it needs to be gone. MS has FAILED utterly to address either the casual user or the pro - this thing needs to die.

Comment: as a former embedded guy here is my 2 cents (Score 3, Informative) 387

by Ed Johnson (#46035687) Attached to: Ask Slashdot: It's 2014 -- Which New Technologies Should I Learn?
I worked for 17 years as a mostly hardware and low level software person, with just enough MFC/Windows/Qt to make reasonable UI's. At the job I started 6 years ago everything is web based "enterprise" software. I now work on a small engineering team (about 8) in a very large company. I got hired for my expertise in C++ an dLinux to work on a biometrics project but as I finished it I needed to acquire skills more generally useful to the team. I started with PHP - it's very C like but with less type safety :). Modern PHP is much more object oriented, if you are comfortable with C++ it'll be very easy. Javascript is absolutely essential; JQuery and Knockout are nearly as essential (frameworks that clean up javascript and make it more portable). Any web app with more than 2 or 3 users needs to use AJAX rather than postbacks to have reasonable performance. In a windows shop you must learn ASP .Net and C#, Ojective C is useful if you want to target Apple products (phones or computers), but with HTML 5 you can do an awful lot without going native. Our apps use an abstarction framework to let one code base target all the popular phone O/S's with pretty standard web apps. (javascript/HTML front end, windows or linux backend REST service) Some SQL is very useful but you don't need to be an expert - any serious web development team will have a database expert who will do the DB stuff, you just need enough to code up test setups, prototypes and to talk to the DB guy. A Pluralsight subscription is very useful (no I don't work for them) I have learned a lot in a short time form their courses. Finally if you are going to work on "Enterprise" development you should really learn about Kanban and agile development since most of them use it in some form.

Comment: Re:A trademark claim might not be the best (Score 5, Informative) 188

BUT - governments are special; essentially you can't sue them unless they agree to allow it. Neither US nor UK governments would allow such a suit to proceed, even if all the facts were publicly known, they would invoke "state secrets" and quash any civil action. The only hope of proceeding in court is to show they violated a law, and even then you'll have a long drawn out battle to prove that you have standing to sue, and to find a judge who would allow the suit to proceed. Lots of people with much stronger cases demonstrating actual harm have had, so far, little or no success in getting the NSA into court and I doubt very much that the UK government is any less skilled at this sort of manipulation of the courts. In then end I doubt anything short of a revolution, or at least the credible threat of one will get any noticeable reform. There are a handful of politicians on both sides of the Atlantic trying to reign these agencies in, sadly they are a minority and unlikely to succeed unless a large wave of public outrage forces a majority of the political class to care about this issue. The best hope is that brave whistle blowers like Snowden will continue to expose the shenanigans of these agencies and that the reporting will be honest enough to get the public to wake up to the profound dangers they pose to all our freedom.

Comment: they know it doesn't work (Score 1) 303

by Ed Johnson (#45422915) Attached to: US Gov't Circulates Watch List of Buyers of Polygraph Training Materials
These agencies know perfectly well that it doesn't work. They are scared to death that the morons in Congress will find that out, and realize they are wasting billions on useless security theater; theater run by ex-insiders at these same agencies. At that point hell they might even begin to question really fundamental stuff like - is all the nonsensical theater at airports actually doing anything? (answer : NO - as seen in the most recent "scandal" in which sophisticated behavioral detection training costing billions is proven to be completely useless). And from their perspective the even worse possibility that more of them will figure out that all teh 10's of billions a year they spend on NSA, CIA, etc are equally useless. Gathering more and more information just makes the S/N problem worse and actually decreases the chance of detecting anything nefarious - but no one wants to hear that - especially when their livelihood depends on expanding this crap. So they will work very hard to continue to try to suppress and discredit the truth.
Encryption

Stolen Adobe Passwords Were Encrypted, Not Hashed 230

Posted by timothy
from the getting-around-to-it dept.
rjmarvin writes "The hits keep coming in the massive Adobe breach. It turns out the millions of passwords stolen in the hack reported last month that compromised over 38 million users and source code of many Adobe products were protected using outdated encryption security instead of the best practice of hashing. Adobe admitted the hack targeted a backup system that had not been updated, leaving the hacked passwords more vulnerable to brute-force cracking."

Comment: Geolocation sucks (Score 1) 188

by Ed Johnson (#45234643) Attached to: Online Retailers Cruising Tor To Hunt For Fraudsters
I am not concerned about an inability to use TOR when shopping on line, I am concerned about using IP geolocation to try to match my physical address. I live in a rural area of Colorado, when I first moved here 6 years ago, Googles automatic geolocation decided I was in Spain and insisted on showing me everything in Spanish; eventually I was able to convince them I speak English but then they decided I was in Seattle since my ISP is there. They offer unlimited, unccapped connection for a flat rate that none of the local ISP's will match = since I am a software developer who works from home and frequently needs to video conference or stay connected to many remote machines 24/7 I can't tolerate data caps. Now I have a fixed IP supplied by the nearest peering company (Mammoth in Denver) which is at least in the same state, but still a hundred miles away. Worse, many companies use an address verification scheme that seems to think my street address doesn't exist - anyone trying to "verify" my shipping address, especially by IP is not going to do business with me..... Sadly they are unlikely to care since people like me are a tiny minority, bit it's damn irritating nonetheless. Still this sort of "verification" is likely to be highly unreliable, and make many many people angry and frustrated when their routine checkouts fail - perhaps if enough people complain they'll drop this nonsense.

Comment: furloughed wife (Score 1) 1144

by Ed Johnson (#45058717) Attached to: Slashdot Asks: How Does the US Gov't Budget Crunch Affect You?
My wife does not work for the federal government, she is manager of a county wide organization. Her office, however is maintained by the department of Agriculture so neither she nor any of her non federal co-workers can work, or get paid since getting paid depends on using federal computers that are now off limits. The shutdown has MUCH wider effects than many, especially in the press, seem to understand. The ripple effects through the economy as all those people stay home, don't eat in restaurants, limit their shopping to necessities, etc. probably multiply that by 2 again. The morons in the extreme wing of the Republican party have instantly added another 2-3 million to the unemployment rolls, even if it is (nominally) temporary. In a reasonable world they'd be voted out, with gerrymandered districts and billionaire backers they will comfortably cruise to re-election even if their constituents hate them.

Comment: Golden Path (Score 5, Insightful) 221

by Ed Johnson (#45040145) Attached to: The Story of the Original iPhone's Development
I don't know why this surprises anyone. EVERYTHING I have ever designed had to be demoed before it was ready, sometimes a year or more before it was ready. Usually we could arrange to have the actual engineers (me or someone on my team) do the demo, and we always tred to practice to insure we could demo only things that worked. When the boss had to do the demo we always had extensive rehearsals, and emphasized that he must perform the steps exactly as we practiced or bad things would likely happen. On some projects hardware was so late we had to build simulators and hide them under the table so the software would have something to control/monitor. I believe this sort of demo is very common in any sort of R&D environment including big name companies demoing new products/technologies for the first time. Every demo of an early prototype will crash or show unexpected behavior at some point during the demo, the key to the impression it makes is how well the demonstrator handles the issue - getting mad in a public demo is never a good idea. Usually you just tell someone else to file a bug report, and move on - explaining that there is, of course, still some polishing to do; or use it as an opportunity to explain the way you work with customers to resolve such issues - leaving the impression that you engineered the failure in order to fit that topic in to the presentation. My ex boss was a master of that technique. Even in my current job where my products are for internal use I am frequently asked for demos before products are ready, the difference being I don't have to offer smooth explanations when things go wrong, usually I just have to offer an estimate of when it might be done.

Comment: Re:Decent. (Score 1) 213

by Ed Johnson (#44766829) Attached to: Amazon Hiring More Than a 100 Who Can Get Top Secret Clearances
since it's "National Security" they can do whatever they want. It's voodoo but they don't care - they can claim, if you turn out to be a spy or the next Snowden that they did "everything possible" to preempt you - it's just standard bureaucratic CYA. They don't even care that they end up rejecting 90+% of applicants for spurious polygraph failures - there are always enough who pass. Yes it can be abused and probably is - but no one cares and no court will touch it

Comment: WPA2 + open port for leechers (Score 1) 438

by Ed Johnson (#44476513) Attached to: Home wireless security level?
I use WPA2 for the in house computers and have a "guest" SSID with a password of "guest" easy for leechers to guess, but I have done my "due diligence" so local phone company doesn't cut off my access for having an "open" network. I have seen people park by my sidewalk and connect - it's amusing to watch what they do in the connection log :) mostly business types who HAVE to do some work RIGHT NOW and feel squeamish about using the neighbors down the block actually completely open network (SSID Lynksis) - that has saved my butt a few times when my network was down. I figure by providing an easy target no one would bother cracking my WPA password

Comment: Poor idiot will loose his job (Score 1) 201

by Ed Johnson (#44255219) Attached to: Discovering NSA Code Names Via LinkedIn
These are all Unacknowledged programs - meaning their very existence (and code name in most cases) is classified. Posting a public resume listing them is a fairly serious infraction which should result in loss of clearance, loss of employment - and under Obama and Holder the very real possibility of FBI persecution, criminal prosecution, and jail time. Of course, it's always possible these are some sort of Counter Intelligence red herrings, designed to smoke out possible spies. In any case someone is either very stupid, or so clever they outsmarted themselves.

Never say you know a man until you have divided an inheritance with him.

Working...