Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:why the fuck (Score 1) 101

by jeffmeden (#48875279) Attached to: Google Plans Major Play In Wireless Partnering With Sprint and T-Mobile

Would any wireless company enter into an agreement like this?

As a consumer I'd love to see google kill one of those fuckers off but why would they put themselves in that position?

MVNO agreements are very lucrative for the operators, and every US operator does them already. They capitalize on an existing resource (And de-prioritize the traffic accordingly) and don't have any overhead of managing payments or tech support. It's exactly like "store brand" foods at the grocery. Price-sensitive consumers flock to MVNOs and the carriers make just as much profit per person (because they still control the actual resource) while expanding their user count and not devaluing their original product by very much.

Comment: Re:enterprise will need some kind of offline mode (Score 1) 567

by jeffmeden (#48868489) Attached to: Microsoft Reveals Windows 10 Will Be a Free Upgrade

Enterprise versions usually work differently anyway. For example the enterprise edition of XP doesn't require any sort of activation - install and go, change hardware to your hearts content, it just works (well, aside from driver issues). Like all operating systems used to do. Presumably 7 and 8 work the same way - if you've got a single customer buying and managing thousands of licenses you don't want to make them dick around with activating them individually. I suspect 10 will be basically the same, except for the automatically scheduled license audit if you fail to pay for your subscription on time.

To say that it "just works", ignoring the complexity of running a KMS (and juggling VLKs), is a bit disingenuous. 7, 8, and presumably 10 do indeed *all* need activation of some sort regardless of flavor.

Comment: Re:Only for the first year (Score 1) 567

by jeffmeden (#48868405) Attached to: Microsoft Reveals Windows 10 Will Be a Free Upgrade

That's not what it means. It means you have the choice to upgrade to 10 for free within 1 year. If you wait more than a year after release you have to pay. Anyone who got a free upgrade will continue to have a full 100% working and updated OS after the 1 year.

This is exactly how they did things with 8. I don't know why the article author is pulling BS out of his ass.

The Windows 8 to Windows 8.1 "free upgrade" had dubious generosity, since the user-visible part revolved around sidelining the much-maligned desktop replacement "start screen" in favor of something that slightly resembled the one in Windows 7. It was more of a "half upgrade half downgrade" that almost every user desperately wanted.

Comment: Re:Only for the first year (Score 4, Informative) 567

by jeffmeden (#48868353) Attached to: Microsoft Reveals Windows 10 Will Be a Free Upgrade

The Ars Technica post was a little more useful and less FUD-ridden, although I won't hold my breath til I see it directly in Microsoft product marketing materials:

Update 2: A blog post from Terry Myerson clears up what "Windows as a service" means, though the duration of "the supported lifetime of the device" is still foggy. "This is more than a one-time upgrade," writes Myerson. "Once a Windows device is upgraded to Windows 10, we will continue to keep it current for the supported lifetime of the device—at no additional charge

Comment: Re:Exactly (Score 1) 103

by jeffmeden (#48867289) Attached to: Gender and Tenure Diversity In GitHub Teams Relate To Higher Productivity

This, and studies like it, are used to impose diversity on groups that would otherwise not have it, whether by intentional exclusion or by unintentional "doesn't fit the organizational culture." It's not surprising to me that groups which are spontaneously diverse are productive, and I'm perfectly happy to go with the 'open minds accept diverse solutions and diverse people' argument. The question that interests me is whether you can impose social diversity on a group, force them to open their minds, and subsequently become more productive.

I can certainly see where putting a person of color, or a woman, in a group of racist, misogynist bigots would disrupt their happy groupthink and break up their productivity. Regardless of whether that productivity started out a little lower than an equivalent group of non bigots.

The question that interests me is: if you are employing "a group of racist, misogynist bigots"... whatthefuck? Clan members aren't a protected class. Fire their asses.

Comment: Re:Honest question. (Score 0) 479

by jeffmeden (#48831825) Attached to: Fighting Tech's Diversity Issues Without Burning Down the System

I'm at a loss here so I might as well ask cowardly and anonymously.

Why do we need women in tech so bad? Seriously, why? Is there something I'm missing that makes women super heroes at programming?

I'm not even trying to troll at this point, I can do that much easier on other sites and get way better reactions.

This is the thing the story completely misses. About half of the audience insists that there is no problem, since women "just don't want to be in tech so we shouldn't make them" and therein lies the actual reason nothing has changed in the past 30 years.

The reason that level-headed people want to diversify their organizations, is that if you draw your talent from one pool and ignore another pool you are at a competitive disadvantage. There is nothing concrete to suggest that women just "don't want to be in tech" and there is nothing to suggest that they are any less apt at excelling in tech. To the contrary, there is plenty of evidence that suggests women do want to belong in tech, and can be every bit as good in tech as men. Therefore, if there are two talent pools, and you are drawing at best 20% from one pool and 80% from the other, you are going to overlook a lot of talented women (they don't just naturally float to the top) and on the flipside you are going to hire a lot of undertalented men that you don't need to if you were able to find the talented women that are out there. This leads to a suboptimal team. If your competitor cracks the nut of hiring equality, they are going to have an easier time assembling a better team than you. This is why you should care. If you ignore it and continue to think the status quo is OK, you are going to get burned by the orgs that know they can do better.

Comment: Re:What about privacy? (Score 1) 112

by jeffmeden (#48813911) Attached to: Facebook Targets Office Workers With Facebook At Work Service

And the USPS does, in fact, have a pretty solid metadata look inside most businesses, since they know the destination of pretty much every package and letter sent or received in the USA.

How does the USPS see all the Fedex and UPS shipping data? They are the ones doing all the work, the USPS carries a slim share (a sixth) of packages in the US.

Comment: Re:Oh dang, I'm sorry (Score 1) 112

by jeffmeden (#48813677) Attached to: Facebook Targets Office Workers With Facebook At Work Service

I'm wondering if they'll have a "Here comes the Boss" button that suddenly pops up a spreadsheet.

It's facebook, for work... Your org will have to opt in. When they do, the "boss button" will be in the spreadsheet app, and it will bring up facebook. Welcome to the future. Let's get some shit done!

Comment: Re:One more reason to use a wired keyboard (Score 1) 150

by jeffmeden (#48806457) Attached to: Wireless Keylogger Masquerades as USB Phone Charger

As if having to replace keyboard-batteries every 6 months wasn't reason enough.

The batteries thing was one reason why I like my Logitech wireless keyboard as it is powered by solar cells - no battery changing at all.

But now .. hmm .. I totally didn't think about sniffing the keyboard.

Logitech is actually out in front when it comes to encryption. Their 2.4ghz wireless keyboards going back almost 10 years have used 128 bit AES. Unless someone has leaked the pre-generated key algorithm, your chat history is safe and sound.

Comment: Re:Um, what? (Score 2) 69

by jeffmeden (#48804581) Attached to: The Strange Story of the First Quantum Art Exhibition In Space

So if I understand the summary correctly (I give myself a 50/50 chance on this), they're basically sampling random noise off of a CCD and claim that eventually it will produce the Mona Lisa? A version of the million monkeys at typewriters producing Shakespeare?

I would tell you but you would fall from superposition, and I don't want to be liable for that.

Comment: Re:Part of me says yes, like DR (Score 1) 124

by jeffmeden (#48803855) Attached to: Do We Need Regular IT Security Fire Drills?

Everyone's talking about DR saying that a server has mysteriously gone offline or some disk has gotten corrupted and we need to restore to the last known backup point.

No-one seems to be thinking of a real disaster: 50' tidal surge, earthquake, or a fire destroying the entire IT setup.

Backups? Onto what, pray?
Use the cloud? There is no connectivity here.
Rig some borrowed PCs? Powered by what, exactly?

Unless you have a duplicate datacenter a long way away from your personal Ground Zero, no amount of drill on earth is going to prepare you for a real disaster. You'll be too busy shooting the guys who have come to take your food and fuel.

You make a good point, but indeed most medium-sized and up orgs do keep some sort of hot-spare facility at a distance, whether it's a privately owned building, colocation space, or cloud service. Traditional localized disasters (5 alarm blaze, earthquake, tornado, etc) are planned and drilled for, sometimes specifically down to which disaster has struck. If the entire eastern seaboard gets wiped out by a "real disaster", chances are your customers aren't going to be keen on getting online anyway, and everyone important to your org will be running scared for their lives, so presence of some sort of IT backup will be irrelevant.

Comment: Re:Part of me says yes, like DR (Score 1) 124

by jeffmeden (#48802775) Attached to: Do We Need Regular IT Security Fire Drills?

I think it would make a ton of sense for every organization to do a DR "drill" periodically where they attempt to actually use their DR plan (restore a group of servers, reload a switch configuration, etc).

This just seems like a sensible part of that.

What worries me, though, is how they will know when to actually implement a security plan and deal with the consequences. A lot of security breaches are subtle, and you don't know they've happened or at least not always with a definitive sign like a defacement page, etc.

I would assume a "real" security response would be something akin to putting a lot of resources "in lockdown" -- shutting down servers, cutting network links, etc, which could have major business consequences. I can see where uncertainty about a breech and hesitancy to isolate key systems (perhaps necessary to contain a breech) could lead to a real clusterfuck.

I think a key part of developing the plan is deciding when you know there is a real breach and making sure that the responses are well-known ahead of time to avoid a lot of head-scratching and internal conflict.

Treat it just like a DR exercise. The first phase would be confirming the breadth and depth of the incident. Your IDS goes off, or a department reports some missing/vandalized files, or notices some logs with audit warnings that are out of place, and raises the red flag. Next, you need to gather forensic information from every last piece of equipment in your entire organization, quickly, and move it to a sterile location. Whether that is possible or not will determine your ability to move forward strategically or to deploy the airbags and EPO the datacenter before it gets worse. It's really not as mystic as most commentators here make it out to be. Come up with a plan, then hire a pen test firm to do a number on you. Don't tell your front line techs about it (in fact keep it as secret as possible) and wait for the results to come in. If your incident response plan is executed, even in part, you are on the right track. If not, regroup and try again in 6 months, and hire/contract someone to beef up the plan.

The Sony hack was a wake up call to every company that doesn't have actual money on the line in IT, to realize that sometimes you will get fucked just for the sake of getting fucked. There isn't a single profitable venture left in the western world that succeeds without IT.

Comment: Re:Hopelesss (Score 1) 124

by jeffmeden (#48802611) Attached to: Do We Need Regular IT Security Fire Drills?

Everyone else just knows that having a bulletproof IT team would be an eye-watering outlay(that would spend most of its time twiddling its thumbs and swappping the occasional toner cartridge until something actually happens), while having an adequate-for-daily-use IT team is markedly cheaper and you can always claim that you 'followed industry best practices' if something goes pear shaped.)

The same reason that small and medium businesses don't have full time lawyers, but aren't totally fucked if they do get into a scrape with the law: You find a good one, start a working relationship, and keep them on retainer for a fraction of the cost of hiring them to work full time when you only need them three days a year. Security/risk firms, that will do everything from forensics to auditing to physical penetration testing and "fire drills", are out there. Find one you like, give them a contract to get your security and DR shit in order, and keep them on speed dial for when the Big One hits.

Weekends were made for programming. - Karl Lehenbauer