Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Dumb question (Score 1) 236

by jeffmeden (#49121941) Attached to: Study: Peanut Consumption In Infancy Helps Prevent Peanut Allergy

You do realize these kids were tested first to see if they had a peanut allergy.

FTA: "All had been given skin-prick tests to make sure they were not already allergic to peanuts. "

So they took precautions to make sure they kids weren't already allergic, something a parent isn't going to know. If you kids are allergic to eggs or had eczema, they might be at risk to having an allergy to peanuts. So the first thing you don't do is shove peanuts down their throats! You'd better have your child tested first. IF, they don't have an allergy, THEN you can give them peanuts, which should help prevent them from developing one.

Which is interesting because the allergists I've talked to don't seem to think the pin prick test for peanuts is conclusive. Apparently since this headline isn't "Children drop dead after being told to eat peanuts 'For Science'" that it is a decent way to test for it.

Comment: Re:Dumb question (Score 1) 236

by jeffmeden (#49121895) Attached to: Study: Peanut Consumption In Infancy Helps Prevent Peanut Allergy

Part of it was public awareness. You'd find it common in previous generations that people would tell you "it's all in your head" and other less than helpful answers to problems you had with things as allergies and many other health issues. Now, as this study suggests, that once there was public awareness, people were having their children avoiding high allergy risk foods and in doing so making the problem worse as humans are prone to do.

Or better yet you would just drop dead from an as-yet-unnamed disease (anaphylaxis) and the death certificate would list "Phrenitis" as the cod. What allergies?

Comment: Re:yes. (Score 2) 236

by jeffmeden (#49121841) Attached to: Study: Peanut Consumption In Infancy Helps Prevent Peanut Allergy

Except it doesn't. Try reading medical research sometime. Repeated exposure to an allergen can cause allergies.

And then one big dose of that allergen causes it to go away. How fucked up is that? Really, allergies make no fucking sense. This data suggests early exposure doesn't lead to developing an allergy in the absence of some other trigger, but people exposed early and often can still get them. Our bodies really are just fucking with us.

Comment: Re:Um, (Score 1) 112

by jeffmeden (#49096599) Attached to: TrueCrypt Audit Back On Track After Silence and Uncertainty

Yes. Because some people think that TrueCrypt was killed BECAUSE it was actually secure and the NSA wanted them to de-secure it.

As such, a warrant would let people continue to use it, secure in the fact that it actually works as required.

It also lets people fork it.

Frankly, I have been severely disappointed with BestCrypt, which I had hoped would end up as the replacement for TrueCrypt. (multiple problems with getting the regular operating system to recognize the 'mounted' drives)

Given that the authors were anonymous is it postulated that the NSA hunted them down and was ready to doxx them for not complying? What leverage could they possibly have had?

Comment: Re:Um, (Score 4, Interesting) 112

by jeffmeden (#49095993) Attached to: TrueCrypt Audit Back On Track After Silence and Uncertainty

What did the TrueCrypt developers have to do with the audit of TrueCrypt?

Is there a point to continue auditing a platform whose entire developer team has abandoned whilst urging all users to seek other encryption tools? At this point the audit is probably going to be interesting (related to the aforementioned dev abandonment), but not exactly useful... If you are still using Truecrypt, you have already been warned.

Comment: Re:WTF? (Score 1) 114

by jeffmeden (#49087971) Attached to: Duplicate SSH Keys Put Tens of Thousands of Home Routers At Risk

I don't think so. The pubic and private keys are only good for outgoing connections and not incoming.

Not funny. Anyway, having the private key is a valid way to authenticate inbound (if so configured) and its often enabled by default as it is thought to be a pretty good way to do it (until you put the same keys on a quarter of a million devices).

Comment: Re:what most people don't think of doing (Score 1) 114

by jeffmeden (#49087805) Attached to: Duplicate SSH Keys Put Tens of Thousands of Home Routers At Risk

What's this "machine ID" you speak of? The MAC address? It's pretty easy to configure the same MAC on a different machine.

Most people don't think of doing it that way because it's not a good way of doing it.

That part was a little bizarre (if you are physically connected directly from PC to router it doesnt matter much what ID the PC might have) but as a whole it creates a pretty tight way of ensuring integrity of the router configuration. In particular, not allowing any inbound access from the WAN until a hard password is set, and not allowing any association to the WLAN until a hard encryption key/passphrase is set. However, these are two steps most users don't want to bother with (and more importantly, will call tech support to help them with when they fail to complete the tasks). Security, as we have currently designed it, is pretty hard for the layperson. Vendors optimize their devices for the path of least resistance (read: path of least tech support) to minimize costs, and we shouldn't be a bit surprised.

Comment: Re:Not the same as root user keys (Score 0) 114

by jeffmeden (#49087661) Attached to: Duplicate SSH Keys Put Tens of Thousands of Home Routers At Risk

This is the fingerprint, not the root user's key.

They are identified as having the same fingerprint (which is derived from the same source as the private key). So, someone with the private key for one device (ahem, anyone who has a copy of the firmware and knows how to use binutils) can authenticate to all devices.

Comment: Re:WTF? (Score 1) 114

by jeffmeden (#49087571) Attached to: Duplicate SSH Keys Put Tens of Thousands of Home Routers At Risk

Isn't TFS supposed to explain what it's talking about?
1. Why does a router have public-facing SSH? The reason to use SSH on your router is to configure it, over a wired connection from your PC, innit?
2. Why does a router come with SSH keys already installed? Don't you generate your own SSH keys?

Given that they were deployed by one particular provider (Telefónica de España in this case) they probably requested a special firmware from the vendor for their CPE to allow remote management. And then did a bad job of keeping the master key safe (by putting a copy of it on 250,000+ devices). And then the vendor used it elsewhere, too.

Honestly, after the Carna botnet, does anyone think the internet isn't a raging sea of completely compromised devices?

Comment: Re:Sweet F A (Score 1) 576

Any race advanced enough to travel here to invade will have capabilities way beyond anything we could hope to combat or detect. I would imagine the first sign you would have would be if you were one of the lucky ones to see half the world wiped out a few seconds before you yourself were removed from this mortal realm.

How bleak. Let's be realistic, if aliens did come and wanted our planet, they would probably enslave some/most of us in the process. I mean what's a conquered planet without a bunch of servants to run it for you?

And considering what we know about FTL travel (that it is really truly impossible) even an alien with super advanced near-light-speed technology would take decades to travel from system to system. In that amount of time, their bitter rage is sure to be tempered by boredom, so when they show up they might feel the need to just chat for a bit. Space gets pretty lonely, you know?

Comment: Re:FINALLY (Score 1) 36

by jeffmeden (#49086425) Attached to: Storing Data In Synthetic Fossils

I've stored all my past data successfully and archived in a non-magnetic format, with duplicates stored at alternate locations for safety. Now if only I could remember what my encryption password was in 1983...

That's ok, any form of encryption used in 1983 is sure to be mere seconds away from cracking with any modern PC.

Comment: Re:Pick an easy solution (Score 1) 343

by jeffmeden (#49074159) Attached to: Ask Slashdot: Version Control For Non-Developers?

I would recommend Google docs, assuming there isn't any crazy formating involved.

#1) It is a single document so you don't have to worry about the naming of it..
#2) Google Docs has a built in ver. control, in that you can roll backwards to early version of the document, and you can see who is editing, changing etc. (assuming everyone has their own password).

It's low tech, easy to use, and the only education is to keep on using the same file name.

The big downside is that the Google Docs UI is dramatically different from Word/Excel/etc. If they need more than just a place to throw text and actual layout work is being done, the users will need to retrain on the Google Docs way of getting things done. It's not impossible, but it's also not easy either.

Comment: Re:Business problem != technology problem (Score 2) 343

by jeffmeden (#49074125) Attached to: Ask Slashdot: Version Control For Non-Developers?

Throwing more technology on the pile won't help without a lot of user education, and if you had that you would not need the technology anyway...

1) Create a rational naming convention and use that.

Or

2) use Sharepoint's (base version is free beer) built in versioning system. That is what it is designed for and is one of the few things that SP does well.

This. SharePoint does it in a fairly elegant and comprehensive way if you are a Microsoft shop. If you don't want to invest the time into installing/learning SharePoint, just look into Shadow copy or one of the many delete-less for the server, so you can go back in time if changes do get clobbered. For a more user-friendly but less controllable solution, every cloud file storage platform (Onedrive, google drive, dropbox, box, etc) offers this feature in a pretty straightforward way, and they have all have paid team collaboration solutions as well to managed shared files. And if you really want to flip them the fuck out, move to an online doc platform like Office 365 or Google Docs where you can actually do collaborative editing within the documents.

Comment: Re:Did they ask if they could look it up? (Score 1) 809

by jeffmeden (#49060597) Attached to: Ask Slashdot: What Portion of Developers Are Bad At What They Do?

Sure, but the person asking this question never even mentioned if PKI even had anything to do with the position being hired for. All we know is that he pop quizzed them on it and they didn't happen to answer the question as he wanted. If this is for a senior development job for developing encryption software than that is one thing, but if this is just random pop quiz questions than it's as silly as me asking someone questions about ARM Neon for a position writing .NET services.

If you are right then the title should really be "Ask Slashdot: What Portion of Hiring Managers Are Bad At What They Do?"

There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. -- Jeremy S. Anderson

Working...