Become a fan of Slashdot on Facebook


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Nobody Wins (Score 1) 155

by dave562 (#49381715) Attached to: Ask Slashdot: Who's Going To Win the Malware Arms Race?

Nor is it clear that anyone other than some classes of users who are forced by law or employer dictate to use a trusted system actually would do so. No or very restricted email, social networking, etc.

This is the environment that I work in. We use a combination of Citrix and VMware 'non-persistent disks' to provide a locked down environment that reverts to a clean, known good configuration every time a new session is established. We have to maintain that kind of environment because we work with sensitive data.

I think that the fact that banks and merchants appear to be unable to secure their transaction flows ...

I am not sure that this is accurate. In two of the more recent major breaches (Target and Home Depot) it was acknowledged that the internal security controls and systems management strategies (patches, etc.) were inadequate. That leads me to believe that it is not that they are "unable" to secure their networks, but that they simply refused to do so.

Between hardware layer access controls (think MAC white listing), firewall controls and PKI technologies, it is possible to secure a network and the data that traverses it. All of those controls are worthless if the data is being held in a 15 year old SQL database that has not been patched in 3 years with an admin who is browsing porn from the console.

Comment: Nobody Wins (Score 1) 155

by dave562 (#49380751) Attached to: Ask Slashdot: Who's Going To Win the Malware Arms Race?

It is going to get to the point where the only viable solution is a trusted sandbox. It will be something along the lines of a TPM chip to make sure that the OS image / boot loader has not been compromised, combined with a white listed set of applications and trusted content sources.

People are either going to give up computing freedom for security, or they are going to become desensitized to and accepting of the fact that their "private / personal data" is neither.

Comment: Re:Not a diet, but a lifestyle change (Score 1) 496

by dave562 (#49332011) Attached to: Hacking Weight Loss: What I Learned Losing 30 Pounds

Right now I do not have a well formed goal in mind. My initial goal was to relieve the sciatic nerve pain. Then it was to learn kung fu. I have pretty much plateaued and am trying to get over the hump, but lack the motivation or goal to do so. Right now I am on auto-pilot, just training seven to eight hours a week and working to refine the techniques and skills that I have. Teaching a few classes a week helps too because I enjoy helping others, but I am definitely stuck in a rut with my own training.

Comment: Re:Not a diet, but a lifestyle change (Score 1) 496

by dave562 (#49329161) Attached to: Hacking Weight Loss: What I Learned Losing 30 Pounds

Mine still flairs up from time to time, but only when I slack off and stop exercising. It is definitely manageable.

I tried the whole "rest and pain killers" routine and that just made it worse. I am fully convinced that the only way to deal with sciatic nerve pain is with exercise / stretching.

Comment: Re:Not a diet, but a lifestyle change (Score 5, Interesting) 496

by dave562 (#49327649) Attached to: Hacking Weight Loss: What I Learned Losing 30 Pounds

This is spot on and should be modded up.

Enter personal anecdote...

About fifteen years ago I was starting to struggle with sciatic nerve pain due to years spent driving a car with a heavy racing clutch in traffic, and a lack of exercise. I considered my options and decided to start practicing tai chi. I caught a bit of a break and found a legitimate sifu. After a couple years of tai chi, I started training kung fu as well. It has been over a decade and I train on a daily basis. I can eat whatever I want because I burn it off.

None the less, it is a struggle. Despite all of the benefits, there are plenty of days when I would rather go home after work and play video games instead of heading over to the temple to train or teach classes. I still have not overcome the "exercise sucks" mentality. Sure, the endorphins are great and being able to defend myself is great, and have a strong and healthy body is great... but it is still work for me, not fun.

Comment: Re:Call Them Out / Tarnish Their Reputation (Score 2) 255

by dave562 (#49244671) Attached to: On Firing Open Source Community Members

The question was specifically how to deal with people who only offer criticism and do not contribute anything themselves.

Criticism is a part of development or any creative effort. Development is an iterative process and requires feedback and input from lots of people.

However the person who should leave the team is the person who does not have anything to offer. If someone's only "contribution" is to suggest how other people "should" be doing the work, that person is not really contributing.

There is an old Chinese saying that is tangentially related here. "The person who says it cannot be done should not bother the person who is doing it." Similarly, the person who says it should be done another way should either demonstrate that by doing it themselves, or STFU and leave the team alone.

Open Source is developed by and large by volunteers. While critical individuals are able to offer their criticisms, the people are doing the actual work are equally able to ignore them. Either a person is contributing code, contributing to the effort through things like documentation, wiki support, what ever... or a person is just a hanger on leeching off of the efforts of others. If that person is the worst kind of hanger on; the topping from the bottom, back seat driving, wanting to be in control but lacking the talent to do things themselves type of hanger on... well then fuck them.

Comment: Call Them Out / Tarnish Their Reputation (Score 2, Interesting) 255

by dave562 (#49230447) Attached to: On Firing Open Source Community Members

While this might not be the most subtle way of handling things, it could be quite effective to repeat the same question every time they are critical. "What have you contributed?"

Just ignore their arguments and ask them what they have contributed. Over and over and over again.

They will either go away, stop posting so much, contribute, or perhaps realize that the whole point of the movement is to contribute actual code and functionality.

On the Internet, ignore them. In real life, talk about them every time they open their mouth and complain. "Oh there goes Joe again, whining and NOT CONTRIBUTING." Then return to your regularly scheduled activities of doing things.

"Oh what wouldn't I give to be spat at in the face..." -- a prisoner in "Life of Brian"