Follow Slashdot stories on Twitter


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Well someone has to do it (Score 1) 327

by Zak3056 (#49142595) Attached to: The Programmers Who Want To Get Rid of Software Estimates

I would not have finished the project (in two years) without his help, we hired him after a year, too.

First thought: your manager was a tool, and generally a waste of space--actually he wasn't even THAT useful, since he actively made things worse overall.

That said... the above quote is a bit damning. You claimed you needed two additional people, an empty task list, and two years. You did the job in two years, with other tasks encroaching on your time, and with a single new grad that you only had for 21 of those months. Either your project was a death march (not ruling that out, mind you), or your estimate was woefully off--maybe to the point that the dipshit manager, if you two had a history, simply didn't trust your ability to give him a good answer and modified it per past performance.

I'm sure there were many more factors in play than you mentioned above, which probably invalidate what I'm saying, but it might be worth taking a step back here and asking yourself if you made any mistakes you could learn from (other than working for Mr Clueless, of course).

Comment: Re:When groups like this attack you... (Score 0) 97

I think the Gemalto response seems reasonable, actually. The documents suggest they weren't doing anything more sophisticated than snarfing FTP or email transfers of key files, which Gemalto say they started phasing out in 2010. And the documents themselves say they weren't always successful.

NSA/GCHQ are not magic. They do the same kind of hacking ordinary criminals have been doing for years, just more of it and they spend more time on it. If Gemalto are now taking much better precautions over transfer of key material and the keys are being generated on air gapped networks, then it seems quite plausible that NSA/GCHQ didn't get in. Not saying they could NEVER have got in that way, but these guys are like anyone else, they take the path of least resistance.

Besides, it's sort of hard for them to do something about a hypothetical hack of their core systems that they can't detect and which isn't mentioned in the docs.

Comment: Re:Ugh. Just ugh. (Score 5, Insightful) 400

by IamTheRealMike (#49121137) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

It's hilarious. For a moment I wondered if the transcript is even real. This makes Eliza look sophisticated.

Q: Which of those countries should we give backdoors to?

MR: So, I’m not gonna I mean, the way you framed the question isn’t designed to elicit a response.

AS: So you do believe then, that we should build those for other countries if they pass laws?

MR: I think we can work our way through this.

AS: I’m sure the Chinese and Russians are going to have the same opinion.

MR: I said I think we can work through this.

He seems to believe, "I think we can work through this" is an acceptable answer to a simple yes/no question. The guy doesn't even have a coherent answer to one of the most basic and obvious questions he could possibly be asked. I thought Comey did a poor job of explaining his position but this takes it to a whole other level.

Comment: Re:Terrorists steal registered SIMs (Score 1) 132

by IamTheRealMike (#49119617) Attached to: Pakistanis Must Provide Fingerprints Or Give Up Cellphone

Why would people not report a SIM as stolen currently? They have every incentive to. They'd need to do so, to get their old number back anyway.

But seriously, if you're a terrorist, you're not going to be fazed by just doing some street muggings to obtain cell phones first. It doesn't matter much if the cards get de-activated a day later. Heck, just point a gun at a SIM vendor and force them to activate the cards with fake data. If the vendor doesn't have the IMSI codes for every SIM in their inventory, they can't even report them as stolen.

Comment: Re:disclosure (Score 2) 438

by Coryoth (#49105731) Attached to: How One Climate-Change Skeptic Has Profited From Corporate Interests

I'm guessing the reason he doesn't take money from the fossil fuel industry is because he just can't be bothered with such trifling sums. The average salary in the US is more like $350k or $400k, IIRC. 120k is for total losers.

I can only presume your talking about research grants combined with salary, despite saying "The average salary" because otherwise you are simply flat wrong. The average salary for (full) professors in the US is $98,974.

Comment: Yes, a variety of ways (Score 1) 182

by IamTheRealMike (#49101113) Attached to: Ask Slashdot: How Can Technology Improve the Judicial System?

The judicial system is, at heart, a method of resolving disputes. Sometimes those are disputes between civilians (civil suits) and sometimes they are criminal cases, disputes between people and the state.

The most obvious and easy place to start is with small claims courts. Commercial arbitration handles many disputes that would otherwise end up in small claims courts, but we don't exploit this anywhere near enough. Most people just rely on their bank to act as a dispute mediator via the credit card chargeback mechanism, but this is a one-size-fits-all solution and banks are often not good at mediating disputes. There's lots of fraud and problematic outcomes.

The place where most of the better-law-through-tech research is happening right now is the Bitcoin community, because of the general focus on decentralisation, global trade and frequent desire to avoid relying on government. So we have for example BitRated which is a platform for doing dispute mediated Bitcoin transactions, where anyone can be the dispute mediator. So you can get a fluid, international market of specialised judges who are experts in very particular types of transactions, like software contracts etc where "I didn't get software of sufficient quality" is not a dispute that makes sense to handle via a chargeback. And it can all happen over the internet.

That's a very simple example. More complex examples involve specifying a contract in the form of a computer program and then effectively having the program be the "judge". I wrote about how to implement this, again with Bitcoin, several years ago. The technology is not that complicated actually. The hard part is figuring out the right user interfaces to make it easy. Presumably only very simple and precise contracts could be managed that way, so there's still open research in how to craft these digital contracts such that you can escape back to human judgement if there's an exceptional case.

When it comes to criminal rather than commercial cases, probably the best way to apply technology to reduce costs is to allow remote lawyering. That is, you should be able to outsource your legal representation to someone who isn't physically present. They may be rather good and experienced, but just lives out in rural areas or in a country where the cost of living is cheaper. The issue here is not really technical but rather just institutional inertia.

The UK is putting its judicial system under tremendous financial pressure at the moment, to the extent that some criminal cases are just being abandoned because there's insufficient money to run them. They're (finally!) starting to experiment with allowing small claims court cases to be resolved over the phone, and also looking at decriminalising TV license violations to reduce pressure on the system. But you get the idea - the judicial system innovates extremely slowly even when being sliced to the bone. So don't hold your breath.

Comment: Re:Where does Snowden get all this information fro (Score 1) 192

by IamTheRealMike (#49093689) Attached to: How NSA Spies Stole the Keys To the Encryption Castle

Snowden hasn't had any access to the NSA since he fled to Hong Kong.

However, the amazing thing about this dude is he was able to do full blown web crawls of the entire NSA and GCHQ intranets, including dumps/crawls of data he didn't have access to .... all without getting noticed or caught. He appears to have provided the journalists with what is quite literally a snapshot of their internal networks at the time he was operating. It's taking them years to go through it.

Comment: Re:Liability shift to merchants (Score 1) 448

by IamTheRealMike (#49087465) Attached to: Credit Card Fraud Could Peak In 2015 As the US Moves To EMV

Most businesses pass those worries along to payment processors like BitPay or Coinbase. It's still better because you can always in-source if you want to, so they have little leverage over you.

But yes, Bitcoin isn't an immediate replacement for cards for all online commerce. At least not yet. Volatility is a pain, but the current price is only about 5% off where it was a year ago. Presumably as Bitcoin gets older wild press-driven hype cycles will become rarer and the bubble/burst cycle of the past few years will calm down a bit. We'll have to wait and see.

Comment: Re:Is javascript dangerous? (Score 1) 125

by IamTheRealMike (#49087437) Attached to: Jamie Oliver's Website Serving Malware

I think better warnings about not updating would be good, something in the line "there are currently X known ways of compromising your system, please update to fix".

It was tried. Doesn't work. Lots of people don't even read security alerts. They just immediately find the X or close or cancel button and click it without even reading the thing they are dismissing.

The amount of time your average user wants to spend on maintaining their computer is zero. They have no notion that a computer is a thing that must be maintained and failing to do so can damage the internet. They just want to achieve their task.

The only correct way to do auto updates is automatically, silently, and not giving the user any choice in the matter. Everyone who has failed to accept this reality has ended up with their users running obsolete and insecure versions of their apps, and getting reamed in the court of public opinion as a result. If the Java team fixed their auto updater to be entirely silent and scrapped the Ask Toolbar malarky they'd have a pretty compelling platform still. But for as long as browsers are managing themselves and Java is asking permission, it will always lose.

Comment: Re:Is javascript dangerous? (Score 1) 125

by IamTheRealMike (#49087409) Attached to: Jamie Oliver's Website Serving Malware

Yes, that seems like a remarkably common problem and I'm not sure how people manage that. Serializing objects to the database? I guess if vendors get enough customer pressure to work better with Java updates they might put some effort into it, eventually.

But then the Java security holes are all sandbox escapes. You aren't using the sandbox for some enterprise time tracking app. So the need to update is less.

Comment: Re:you can buy android without google over there.. (Score 1) 149

by IamTheRealMike (#49087351) Attached to: Google Faces Anti-Trust Probe In Russia Over Android

So basically, you either get to bundle the best app store and go fully Google, or you get to cause your end users issues by bundling the second best app store but get to use your own solutions for other things such as search.

I think we all see the surface parallels with Microsoft, but the problem is that all Android's competitors are significantly MORE tied and MORE bundled. Historically Apple hasn't even let people put apps on their own app store that compete with their built in apps! Don't even think about carriers shipping iPhone's with customisations, let alone Yandex - it just doesn't happen. Microsoft also don't even support alternative app stores on Windows Phone at all.

In fact, Google is unique in allowing such a huge degree of customisation and unbundling of the core components. Any outcome that results in Google getting in trouble for being dramatically more open than their competitors can only be the result of horribly broken politics, not rational and even application of law.

The secret of success is sincerity. Once you can fake that, you've got it made. -- Jean Giraudoux