Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment: So... (Score 4, Insightful) 150

What percentage of them would expect to receive zero praise and potential reprisal if they did report a security problem?

Yeah, sure, it's depressing that people aren't courageous moral heroes, or motivated to go above and beyond, most of the time, especially about boring stuff or things likely to get them in trouble.

Guess what? That's one of the areas where management is supposed to be earning its money. One of the differences between an effective organization and a trainwreck is how good the flow of information is: are important observations from the periphery being collated and passed on so that HQ can actually achieve a coherent larger picture of the world? Are directions and information passed back down usefully informed by that picture? Or do you have unrealistic demands and buzzword nonsense flowing down; and soothing lies flowing up?

This doesn't mean that 100% of employees are innocent('insider threats' are a subset of 'people who wouldn't report a security breach', since they create them; but not a terribly large subset); but if you have this problem on a large scale, that's because your organization is dysfunctional.

Comment: I hope that this was a bad description... (Score 2) 85

If you are serious about using bitcoins for transaction purposes, it seems pretty clear that there is a role for something more secure than 'wallets' running on people's shoddily-secured systems(or, god help us, 'cloud wallet' bullshit); by design, there isn't anyone in the ecosystem to soak up the fraud as a cost of doing business(which is what allows, say, absurdly pitiful CC security to survive), and the usual efficiencies associated with networked computers make stealing the things a great deal more efficient than stealing cash one wallet at a time.

If that is the idea; then sure, a 'bitcoin chip', is probably not the worst way to handle the problem(now, why any OEM would pay extra for the chip, the packaging, and the board space, rather than, say, just re-using the 'trustzone' stuff that basically all ARM cores have, or coaxing the 'secure element' that they are embedding to support some other contactless payment scheme into handling bitcoin related data, that's a much harder problem to answer). Assuming you don't fuck it up, it'll allow you to have a 'wallet' for bitcoins that isn't a total security disaster, is actually vaguely convenient in real life, and so on.

If the idea actually involves any 'mining' (beyond whatever bare-minimum might be needed for a wallet to initiate a transfer), though, this idea could scarcely be dumber. Bitcoin ICs are power hungry, achieve essentially zero gains from decentralization(modest resistance to datacenter fires, I suppose; but substantial additional bandwidth and control-node costs, plus the inability to concentrate them where electricity is cheap); and have so far become obsolete at a rate even faster than that of most cellphone components. Many of them don't even make it to customers before they burn more energy than they 'produce' in bitcoins; and the ones eating battery power, and baked into a cellphone for its entire life, sure as hell aren't going to do better.

At least the ones you keep at home are as efficient as electrical space heaters at converting electricity to heat, with some free math thrown in. In mobile devices, that isn't a virtue.

So what's the plan? Conceptually adequate, but probably doomed, smartcard-esque IC designed to implement a secure wallet; or utterly bullshit and completely crack-addled plan to distribute compute load to the worst possible places?

Comment: Re:Compelling? (Score 3, Informative) 243

by fuzzyfuzzyfungus (#49728519) Attached to: Why Apple Ditched Its Plan To Build a Television
There's also the problem that TVs tend either to be cheap crap for the cost sensitive(a market where Apple has little hope, much less an advantage), or one component of a larger, often partially customized for the room, 'home theater' setup. The latter is the place where customers might actually be willing to spend more money to get cooler stuff; but Apple has a very, very, tiny product lineup compared to the demands of a home theater integration type; and has a fairly tepid history of playing well with others and not shoving their pro users under the bus because they want to iterate their product line at consumer speeds.

Not only is the TV market as a whole a bit of a bloodbath, the TV market for which Apple would be most capable(systems nicer than those purchased more or less purely on price; but cheap and consumer grade enough that they need cooperate in only the most basic ways with other hardware) is especially harrowing. Since TVs are a keep-it-simple-stupid sort of device, there's virtually no UI/UX difference between the cheap crap and the midrange, it's just a question of how nice the panel is.

At least with computers, it is very often the case that cheap computers are a recipe for regret and sorrow, so Apple's strategy of 'we are going to charge you more; but give you the product you actually want, even if you don't know it yet' often makes people happy. With TVs, people who think that they want a big, cheap, screen are usually correct.

Comment: Re:epoxy? (Score 2) 88

by fuzzyfuzzyfungus (#49728199) Attached to: Yubikey Neo Teardown and Durability Review
Whatever they encased it in was on the seriously lightweight side. 30 minutes in acetone and the case dissolved right off, leaving the PCB and all the ICs and passives in pristine condition. That's not 'tampering', that's 'cleaning'; and the device appears to have rolled over and wagged its tail by way of resistance.

If you are serious, you at least use the same stuff that the ICs are packaged in, which tends toward the 'black as sin and harder to remove' school of adhesives. Hot nitric acid will usually do the job; but you need to know what you are doing if you don't want it to remove the contents of the package at least as enthusiastically as it removes the package; since destroying the contents defeats the purpose of the exercise.

Comment: Yes and no, mostly no. (Score 2) 616

by fuzzyfuzzyfungus (#49710887) Attached to: Editor-in-Chief of the Next Web: Adblockers Are Immoral
While I find his preaching about the moral rightness of what he does, and our duty to endure whatever shit he wishes to shove in our faces to be deeply obnoxious; it would not entirely surprise me if this little experiment by the carriers ends up going...badly.

Ad-blocking at the client end('client end' includes routers, filtering appliances, etc. under user control, if the applicable network is large or geeky enough) is simply the right of the individual to run the software of their choice on their hardware, to best serve their interests, in action. Running a public HTTP server doesn't give you some special right to dictate how the output is formatted for display.

Ad-blocking at the carrier level, though, gets risky fast. Whenever an ISP starts deviating from 'dumb pipe' operation, you have to start worrying about whose interests are going to win out, and how dramatically. Especially risky if (as is the case with quite a few cellular companies and ISPs) they also have a side interest in advertising, consumer analytics, a media arm, or other properties that could benefit from a little traffic meddling. We've already seen some of the more obscure WISPs provide 'ad blocking', then inject their own ads over the originals, worst of both worlds.

Ad blocking is well and good(and, frankly, until the advertisers can clean up the ghastly security situation, they have no justification for whining. Ads are easily the most dangerous part of most parts of the web you'd admit to visiting in polite company); but anything that gives ISPs more control over traffic is to be watched with considerable concern. You don't think that a plan to stick it to google is going to stop at blocking google's ads, do you? Not when they could use their privileged position on the wire to achieve the same tracking and advertising that google actually has to offer attractive services to achieve...

Comment: Re: Pass because the price point is too high (Score 2) 80

My impression is that Apple's industrial design people believe cables, physical buttons, and anything that requires a hole in the shell of the product to be intrinsically filthy and sinful.

The mac mini, which has among the fewest integrated peripherals of any current Apple product, wantonly incites users to plug their filthy cables into the various ports cut into the perfection of the aluminium body. The iMac, by contrast, can be used in relative purity(with bluetooth peripherals) marred only by a power cable that is discretely hidden as such a shame should be.

Comment: Re: Pass because the price point is too high (Score 1) 80

That's what I meant about 'barely concealed desire to kill the mac mini'. Time was when Apple considered the mini to be a strategically valuable product, both for replacing the emac as a school computer lab staple and for converting former PC user households. Not coincidentally, that's the time when they were actually pretty aggressively priced, unless you counted best-buy shelf crap that managed to be massively larger and still noisier.

Now, they'd really prefer that schools sling ipads and households either buy imacs(or, in either case, just go with laptops). Their tepid updates, uncompetitive pricing, and frankly painful lower end configurations reflect this. They haven't yet gotten to the point where they can kill them off; but they sure don't care much.

Comment: Obvious point of comparison? (Score 5, Insightful) 211

by fuzzyfuzzyfungus (#49688801) Attached to: FCC May Stop 911 Access For NSI Phones
So, for NSI phones, the figures are reportedly 70% fraudulent, 30% legit.

But what am I supposed to compare that to? What are the numbers for wired phones? Cellphones on contracts? Prepaid cell phones?

This seems like pretty important information if one hopes to make a decision. Nobody wants bogus 911 calls cluttering up the system; but is 70% fraud similar? Modestly worse? Terrible?

Also, if we deem 911 access to be a social good(which is why NSI 911 calls work at all, and seems pretty reasonable), why not split the difference and allow someone to 'register' an NSI phone(having their particulars on file with 911 dispatch is likely to discourage spurious use and potentially be useful for locating them in an emergency if they are unable to provide clarification themselves thanks to injury or exigent circumstance) without signing up for a paid calling plan? So long as it is 911 only, it's still no competition for actual calling plans; but it's less draconian than just killing NSI 911 entirely.

Comment: Re:Discrimination (Score 4, Interesting) 170

Given the NFL's more or less uniformly dishonorable record on football related traumatic brain injury (roughly the same honesty, and similar stalling tactics, as tobacco producers); it wouldn't entirely surprise me if they are worried about this guy because he's a football player with an easily demonstrable history of high intellectual capability.

If he ends up a pitiful sad-sack, markedly damaged, the story pretty much writes itself: "From published mathematician with lots of papers you don't even understand the title of, to broken man, thanks to football!". In players without any baseline, or where the baseline is roughly 'normal to sub-normal intelligence, no non-football skills of significant note', there may still end up being a sad story of cognitive effects(it doesn't just knock off IQ points, depression, emotional disregulation, and other quality-of-life ruiners are pretty typical); but the story won't be nice and clear cut in the same way.

Comment: Re:Sociopath (Score 1) 170

There are sociopaths that do overt violence; but most of them don't last so long in the wild. Either somebody kills them, or they kill somebody stupidly and impulsively and the criminal justice system gets them. (Though much of our more rigorous research on sociopathy is built on them; because people doing very long sentences in high security prisons are comparatively easy to sign up for studies, it breaks the tedium if nothing else, while getting high-functioning sociopaths with busy schedules who aren't in prison to cooperate can be tricky).

That aside, mistaking voluntary physical aggression for mutual entertainment for 'violence', because the mechanics look fairly similar, seems to be a mistake similar to mistaking consensual sexual behavior for 'rape', because the mechanics look fairly similar. It is pretty weird what our more atavistic tendencies have led us to think is fun; but so long as everyone involved is an informed and willing participant, so what?

Comment: Re:Surprising to those unfamiliar with mathematici (Score 4, Interesting) 170

I think that the 'surprise' here is related to the (quite numerous, now that the NFL has pretty much lost the battle to keep CTE under wraps) stories about how the head trauma you experience in football has a nasty habit of wrecking your brain in a variety of unpleasant ways.

The fact that not all math professors are wholly sedentary, feeble, and bookish isn't a huge surprise; but seeing one doing something well known to have a high risk of chewing up his brain and spitting it out, that is somewhat curious. I would have expected him to choose something with more below-the-neck contact. Soft tissue damage and broken bones are something that humans cope with fairly well, and Team Medicine knows a lot about dealing with, if natural recuperation isn't cutting it; but brains are touchier; and there is a lot less we can do for you if yours isn't working so well.

"Don't talk to me about disclaimers! I invented disclaimers!" -- The Censored Hacker