Forgot your password?

Comment: Re:Solving the problem wrong (Score 1) 445

by Tablizer (#48199851) Attached to: NPR: '80s Ads Are Responsible For the Lack of Women Coders

Sometimes that works, but shops often dictate or encourage certain styles and practices that may hinder "personal productivity" practices so that the team can do maintenance.

And it's not just a matter of typing: there are screwy schedules, screwy deadlines, fickle requesters, etc. If you finish coding fast, they'll make you install software, fix Outlook, clean printers or whatnot.

Yes, it's a living, but typically one plateaus early salary-wise. Why not encourage women to be sys admins or high-end application trainers? Why focus on coding?

Comment: Re:How does it secure against spoofing? (Score 1) 106

by Opportunist (#48199749) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

No, there is no guarantee that the user will not use a mobile phone to access his online banking (and the idiocy of some banks pushing out mobile apps for online banking doesn't actually improve security in that area either).

You can't make the user secure. You can only offer it to him and hope that he's intelligent enough to accept it.

Comment: Re:Goal Should Be Zero Revenue (Score 1) 354

by vux984 (#48199617) Attached to: Speed Cameras In Chicago Earn $50M Less Than Expected

Red light violation ticket costs are way out of proportion with the potential damage done. For example: I go through about 40 traffic lights as part of my daily commute. If I sneak through only one of them every day, then I could potentially owe about $40,000 in fines each year.

And if I go out at 2am drive to the nearest deserted red light and just drive backwards and forward through it, I can rack that up in a single evening. I'm not sure what your point is? That you can deliberately hang yourself on the law if you are an idiot? Ok... I'll give you that.

In 10+ years of red light cameras here, I've never gotten a ticket from one, ever, and I drive through at least 3 to 4 protected intersections a day. And I don't count myself as a qualified driver ed instructor or anything else. I go days even weeks at a time without seeing the camera flash at any one; so its not like the general public has a difficulty with the concept.

I'm certain the safety aspect of a few extra cars going through the end of a red doesn't constitute enough of a safety issue to warrant fines at that level.

It does if you want them to stop doing it. Because a normal person isn't going to get 40,000 in fines, they are going to get 1 or 2 and then "figure it out" and stop getting them. But if the fine is $5 they won't care unless they ARE getting them daily.

Anyone with $40,000 in annual red light camera fines shouldn't be on the road, because if nothing else, it means they are incapable of "figuring it out".

If a rule is being ignored, then it's probably a bad rule.

Like stopping for red lights? Is that a bad rule?

Also, I assure you that a few extra cars getting through a red light doesn't promote gridlock at the next one

Traffic jams can arise nearly spontaneously via something like 'butterfly' effects. A few cars sneaking through the red (and in turn delaying the traffic moving crosswise as a result) can disrupt traffic in both directions leading to congestion "waves" that lead to jams where it would otherwise not occur. It doesn't take much at all to disrupt traffic and create waves.

There's a demo on youtube where they asked drivers to simply drive on an even circular track at 30km/h maintaining the same distance from the car in front, and within a short time there was a conjestion wave causing cars to have to stop completely when it hit them.

Its amazing how little it takes to disrupt stable traffic flow.

The state of traffic engineering is pretty dismal.

No argument. But saying that, traffic is much more complicated than regular fluid dynamics, and good mathematical models are hard to come by. And then to top it off you've got various political meddling overriding otherwise good design.

Comment: Re:Recognition (Score 1) 126

by UnknowingFool (#48199609) Attached to: 'Microsoft Lumia' Will Replace the Nokia Brand
Except MS didn't get Nokia IP. MS is licensing Nokia patents.

Microsoft Corporation and Nokia Corporation today announced that the Boards of Directors for both companies have decided to enter into a transaction whereby Microsoft will purchase substantially all of Nokia’s Devices & Services business, license Nokia’s patents, and license and use Nokia’s mapping services.

Comment: 80s movies? Really? (Score 3, Interesting) 445

by Opportunist (#48198887) Attached to: NPR: '80s Ads Are Responsible For the Lack of Women Coders

So it's also the 80s movies to blame that women are not interested in careers like soldier, spy, pilot, policeman (apology, -woman), archaeologist, exorcist, karate fighter,...

Has anyone ever looked closer at the 80s? The 80s were not a geek decade. The only movie I can remember where geeks were not just the comic foil (ok, even in that one they were) was "Revenge of the nerds". The whole "engineering geeks" were no role model in 80s movies, and even less so in TV series. Whenever they were in some prominent role, they were the little sidekick of the actual hero. Be it Automan's creator Walter, who was mostly a comic sidekick (ok, the show wasn't that memorable, but the special effects were great for its time) or Street Hawk's Norman who was some timid, beancounter-ish scaredy-cat. The geek roles were at best meant to make the hero shine some more.

Actually, the only engineer role I can remember that was allowed to be superior in areas to the hero and be more than a nuisance to him was that of Bonnie in Knight Rider.

A woman.

Comment: Re:How does it secure against spoofing? (Score 1) 106

by Opportunist (#48198737) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

The second channel will not secure a compromised channel, but it will make it easier to detect it.

There are various defenses against replay attacks, most of them relying on keys being tied to the current time and only being valid NOW but neither before nor after. But that is only good against a replay, it is quite useless when the attacker is manipulating your own communication. That has been the staple of attacks against banking software since the advent of the OTPs, and the only sensible defense against that is actually a two channel communication. Out of band one way transmission (i.e. sending a OTP to the customer to use in the transaction) doesn't help here.

There is very little you can do to combat malware infections unless you are willing to use a second channel. At some point in the communication the data is vulnerable to modifiction, no matter how well you try to shield it. It resides in memory, unencrypted, at some point in time. And if nothing else, this is where it will be manipulated.

And it's heaps easier to do if the interface used is a browser. You can literally pick and choose just where you want to mess with the data.

Comment: Re:How does it secure against spoofing? (Score 1) 106

by Opportunist (#48198661) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

Ok, using what frequency? As far as I'm aware the whole spectrum that could be used by 3G is owned by some telcos and considering just how expensive using those freqs is they will hardly be so nice to let you use them for a little bit. They'll want to see money for that!

Comment: Re:How does it secure against spoofing? (Score 1) 106

by Opportunist (#48198589) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

The system you describe has been implemented often. Most often I've seen it with online games and the like where the main threat is the use of credentials by a malicious third party (i.e. some account hijacker stealing username and password, logging into your account and doing nefarious things with it). For that, you don't need a dongle. You need two synchronized devices that output the same (usually numeric) key at the same time. Basically you get the same if you take a timestamp, sign it using PKI and have the other side verify it. If you have two synchronized clocks, transmitting the signature (or its hash) suffices. That doesn't really require plugging anything anywhere, although it probably gets a lot easier and faster to use if you don't have to type in some numbers and instead have a USB key transmit it at the push of a button.

But that's no silver bullet. All it does is verify that whoever sits in front of the computer is supposedly who they claim to be and entitled to do what they're doing. It does NOT verify what is being sent, or that the content being sent is actually what this user wanted to send.

If anything, it protects Google rather than the user. Because all that system does is making whatever is done by the user of the account non repudiable. Because whatever is done, it MUST have been you. Nobody else could have done it, nobody else has your dongle.

Comment: Re:How does it secure against spoofing? (Score 1) 106

by Opportunist (#48198461) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

Technically, "real" two factor authentication, with two different channels involved, require an attacker to infect and hijack BOTH channels if he doesn't want the victim to notice it.

As an example, take what many banks did with text message as confirmation for orders. You place the order on your computer, then you get a text message to your cell phone stating what the order is and a confirmation code you should enter in your computer if the order you get as confirmation on your cellphone is correct. That way an attacker would have to manipulate both, browser output on the computer and text messages on the phone, to successfully attack the user.

In other words, it does of course not avoid the infection. It makes a successful attack just much harder and a detection of the attack (with the ability to avoid damage) much more likely.

Money will say more in one moment than the most eloquent lover can in years.