Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:git blame (Score 1) 299

by Tom (#49152659) Attached to: Moxie Marlinspike: GPG Has Run Its Course

Three years ago, I tried to start something called the Human Security Initiative. Not by accident acrynomically close to Human Computer Interfaces.

This is desperately needed. We need to sit our asses and oh-so-smart brains down, get some designers and psychologist into the room, and talk about how to properly design security, not just engineer it.

Comment: Re:git blame (Score 1) 299

by Tom (#49152651) Attached to: Moxie Marlinspike: GPG Has Run Its Course

Top labs are *still* researching how to replace passwords while maintaining security.

I know. I've tried my own hand on this topic, to no avail. It's really hard.

And yes, entering your password once is a very big progress.

That's true except all kinds of people have learned to use GPG.

If you have to, or really, really want to, you will learn to use the worst tool in the history of mankind. But we should think about people who have no such drive.

The real reason people rarely use it is pure laziness

That's a cop-out. Another cheap excuse. You're blaming the user and stopping there. Let me help you with some cognitive dissonance: The same users that you call "lazy" spend an hour a day clicking on a screen to plant FarmVille crops. The most useless and boring activity ever invented. If Zynga can get them to click on some pixels repeatedly, twenty times a day, why can't we get them to click on a button once?

Comment: problem (Score 1) 337

by Tom (#49152641) Attached to: Verizon Posts Message In Morse Code To Mock FCC's Net Neutrality Ruling

it insisted that the very idea of Net neutrality squished its First and Fifth Amendment right

There's your problem right there. Once we grow three brain cells and understand that corporations are not people, and while they deserve rights, they don't deserve the same rights. I'm not even saying higher or lower, just saying there's a fucking difference, acknowledge it!

Comment: Re:Should come with its own football team (Score 3, Insightful) 96

Yes, it is pretty silly for them to expect the government to educate people. It is not like an educated population is some kind of public good.

Well, it is a benefit to the public as a whole to a large degree, but there is a dark side, too. The main reason that companies want to increase enrollment in CS is to get a larger pool of people to draw from so that they won't have to pay employees as much.

Comment: Re:Sorry but I have to bite (Score 1) 262

by dbIII (#49151209) Attached to: It's Official: NSA Spying Is Hurting the US Tech Economy
If you are going to go that far back should I start mentioning slavery and some bad American management practices that demonstrate that it's sorely missed? Will that hold up enough of a mirror to show how stupid your above comments are?

The US financial system fucked up the world's economy and the Greek situation, Spanish situation, Irish situation etc is an echo of it (because they blew everything on GFC bailouts and the cupboard is now bare), yet you have the gall to blame it on some sort of racial stereotype that is the opposite of reality. Greeks are lazy? You need to get out of your gated community.

Comment: Re:git blame (Score 1) 299

by Tom (#49145963) Attached to: Moxie Marlinspike: GPG Has Run Its Course

I'm not saying users are completely blameless littel angels. But I'm so sick and tired of this reflex of blaming everything on stupid users.

Some comedian said it very nicely about another topic: When a house burns down, and the firefighters put out the flames, they don't just go home and write a report saying "fire destroyed the house". They go in and sift through the debris and try to figure out what caused the fire.

In IT we largely don't do that. We treat users as mystical black boxes and root causes and once we've found the user somewhere in the chain of causality, we stop. We don't ask ourselves why the user made this mistake or why the users don't seem to want security. We say "stupidity" the same way ancient map makers put "here be dragons" on their maps.

And that, I say, is stupid. We should go in there and figure out what actually is in that white spot. Why did the user make this mistake? Why do they fall for phishing? Why do they want speed over security? And a boilerplate "because they're stupid" is not an acceptable answer.

We're so smart (or so we think), but we can't figure out how to make security desirable, unobtrusive and a positive experience. Really?

Comment: Re:git blame (Score 1) 299

by Tom (#49145943) Attached to: Moxie Marlinspike: GPG Has Run Its Course

You can lead a horse to water but you can't make him drink.

cheap excuse

People are too lazy to type in a password in order to send mail.

Then make it not necessary to type in a password. Even I don't understand why I should type a password for every mail I send.

Yes I do use GPG its the best thing we have going right now for the average person to protect his data.

No, it's not. It might be technically the best tool, but if it's unusable, then in sum total, it's not. There are many factors that go into these equations, and we techies are sometimes blind to some of them.

Comment: Either way it still gets drive-by malware (Score 0) 162

by dbIII (#49145687) Attached to: Microsoft's Goals For Their New Web Rendering Engine
I don't know the mechanism, but IE as of 2015 is still just a single click away from infecting entire office networks with malware such as cryptolocker. Two recent events I've had reported to me were from clicking on an email link about parcel tracking (which opened IE, which then helpfully ran the malware in some way) and another to see an invoice (once again the two usual suspects of Outlook and IE).
I don't know if Firefox is immune to such a malware attack but I've only heard of it coming in via IE.

Comment: Re:Interesting retort (Score 2) 89

by dbIII (#49145643) Attached to: Fighting Scams Targeting the Elderly With Old-School Tech
A decade ago it was easy - post a pile of crappy jokes and karma is up to 50 in no time. Now there's apparently no karma for jokes, so the easy way to get mod points is to say X is shit and Wayland is not just for phones and tablets sometime soon but can now do everything X can now. The easy way to lose points and attract foes is to politely point out that neither is the case. Pick another trendy topic like bitcoin evangelism for similar results.

Comment: easy (Score 1) 335

by Tom (#49144853) Attached to: The Programmers Who Want To Get Rid of Software Estimates

But it's so easy to make a good estimate, takes less than 10 seconds:

Take your instinctive estimate.
Double it.
Increase units by one (if you think "hours", make it days. If you think "weeks" make it months, etc.)

So if you think it'll take 2-3 days, tell your manager it'll be ready in 4-6 weeks. Don't forget that in management school, they teach these fuckers to under-promise and over-deliver. He understands.

Comment: Re:Tilting at Windmills (Score 2) 335

by Tom (#49144837) Attached to: The Programmers Who Want To Get Rid of Software Estimates

From a human psychology standpoint he would rather know that it will be done in 3 days, barring delays, than not know when it will be done and have it in two hours. I personally think that is a dumb way of doing things, but I am the outlier, not the director.

The psychological issue is that you don't know, but you have a hunch, you have some insight. You know it's probably going to be a few hours.

But for non-techies, all this stuff is a total blackbox. When you say "I don't know" they panic, because for them that means anything from a day to a month or maybe infinity. Uncertainty is a horrible psychological state and people try to avoid it. It's an instinct. When you don't know if that shadow is a monkey or a lion, it's better to panic just in case.

By saying "three days", you give him certainty. Now he knows the shadow isn't a lion.

I have hardly ever known a mathematician who was capable of reasoning. -- Plato