Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment: The number of things I don't volunteer for is stag (Score 1) 488

by iceco2 (#48503893) Attached to: Ask Slashdot: Non-Coders, Why Aren't You Contributing To Open Source?

My neighboorhood has an armed negiboorhod watch, a bike patrol and a parents foot patrol. They all do great stuff keeping me and my kids safe. I keep thinking about volunteering to one of them but never do.
I get invited almost every week by a local charity to help distribute food packages to needy families, haven't gone in years.
I was very politically active in college, since I have a family the most I do is vote.
Asside from giving some money to various causes I don't do anything.
Contributing to open source is just one of many good things I don't do enough.

Comment: Alma mater maters but not because of their quality (Score 2) 130

A candidates school(s) definitely come into my hiring considerations. Especially as a tie breaker or when their is little other information to go on.
This is not because I think the top schools teach you so much more than other schools, The big difference is in who gets accepted in the first place.
Top schools screening process are reasonably correlated with qualities I look for in a candidate and therefor are valuable input to my hiring decision.

Comment: study past competitions (Score 2) 102

by iceco2 (#48111377) Attached to: Ask Slashdot: Capture the Flag Training

This is the best advice for any competition.
Alsi arm yourselves with every tool you csn think of. Any minute spent familiarizing yourself with an extra tool is well spent.
Several years ago I led a team of capture the flag, our main tool was simply metasploit(the only tool we used more than once), 8 hours into the conpetition we were down to the last flag trailing the leading team by 15 minutes. We collected a hint stating that some users use the same password on multiple servers which got us to attempt to retrieve all passwords from an already compromised windows machine and try them on an apparently iron clad linux box with nothing but the latest openssh exposed. The other teams were using john the ripper but we had rainbow tabels. This is the only different tool we used and it gave us the win.

Comment: Don't put Dlog to sleep so soon (Score 5, Insightful) 114

The result is on for fields with small characteristic, but the most commonly used finite fields in this context are the Zp for some prime p which have characteristic p.
So though this is a very interesting result, I am not tossing out all my crypto suit yet.
we should be cautiously seeking better alternatives, but the worst thing we can do is to panic and ditch well studied algorithms and implementations every time some progress is made on their cryptanalysis.

Comment: Don't be right be smart (Score 1) 165

by iceco2 (#46795807) Attached to: Declassified Papers Hint US Uranium May Have Ended Up In Israeli Arms

Nothing much has changed in the last 30 years. The US still has intrests in Israel and the middle east. Everyone knows Israel has nuclear weapons but can't prove it and that is just the way Israel likes it. Israel was on the brink of extinction in 1973 and no WMDs were used this proves remarkable self restraint. Accusing Israel of a 50 year old crime would serve no practical purpose. It would hurt relationships with Israel it will harm the peace process it would harm the fight against WMDs because it would show the truth we are much more concerned about dictators with WMDs then we are about democracies.

Comment: The implementations should keep parameters open (Score 1) 169

by iceco2 (#44984363) Attached to: Did NIST Cripple SHA-3?

We should not have one SHA-3 with the security parameters selected by NIST or anyone else.
For the vast majority of usages the speed of the hashing is a non-issue, they are all plenty fast enough
yet some implementations, specifically those with limited hardware my have other concerns.
We should approve the basic algorithm, and have a family of hash functions with different security parameters
to be selected for each usage.
Most of us should use an extra secure variant most of the time.

Comment: As early as possible (Score 1) 299

by iceco2 (#44970089) Attached to: How Early Should Kids Learn To Code?

I learned to write in basic when I was 6, even though I could hardly spell at the time, coding and typing came together,
most words were very short and easy but I still remember, 30 years later, memorizing REPEAT. I consider this a good experience.
I also had the chance to teach a class of 5 year olds to do "Lego-logo", this was a once week afternoon activity for 20 weeks.
They would build from mechanical lego. and would then program it on the computer by arranging large colorful blocks in order, the building blocks were inspired very loosly by Logo commands.
All kids had fun and were introduced to computers&robotics as something fun,cool and accessible.
A few of the kids were able to build original programs by the end of the course.
These were not gifted kids and they didn't get much personnel attention. A parent teaching his child can probably accomplish a lot.

Comment: trust the algorithm or the implemenation (Score 1) 138

by iceco2 (#44838671) Attached to: Ask Slashdot: Can We Still Trust FIPS?

the algorithms have a lot of peer review independent of the NSA and the NSA had little input in their design (though may have
significant input in the slection of those algorithms that got standardized).
Though the NSA probably has better methods for attacking common cryptographic algorithms either using undisclosed weaknesses or more likely
custom hardware, it seems likely the NSA can not easily crack these algorithms.

The simplest thing to do is to pick a larger key length which will give you more of a security margin.

Some implementations have also been peer reviewed, and though one can probably hide a side channel leakage in a peer reviewed implementation
hiding something more sinister may be difficult for the algorithm to still be operating per the spec.

Comment: We pretty much have to (Score 1) 659

by iceco2 (#44805999) Attached to: Should the U.S. bomb Syria?

It has nothing to do with Syria, or innocents being killed by an attack.
It is only about american interest, It is clearly in the USAs interest to be able to affect foreign nations using words alone.
We never want to use force, but the threat of force or even the implied threat can be a powerful one.
Obama made an explicit threat, he drew a red line, it is arguable if he should have done that but he did.
Not acting, even symbolically would turn his word into Mud which would force the US to use actions rather then words in the future.

Comment: experienced developers are a risky hire (Score 1) 252

by iceco2 (#44506321) Attached to: Ask Slashdot: Is Development Leadership Overvalued?

When looking for a development position with little to no leadership responsibility I would be hesitant before hiring someone with 14 years of experience.
Many such developers are simply incompetent, they have been around for ever and haven't risen to the top for good reason.
many developers do not want to manage but find themselves leading in their own way, becoming an architect or a very hands on team leader of a small team.
A different problem with experienced developers is ego and strong opinions. There are normally many good ways of doing something, an experienced developer is more likely to continue arguing for too long.
If I published a position asking 2-5 years of experience I wouldn't disqualify on the spot someone with 14, but it is definitely a red warning light.

Mausoleum: The final and funniest folly of the rich. -- Ambrose Bierce