Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment: This is actually GREAT news! (Score 1, Interesting) 415

by johnnys (#48558417) Attached to: Microsoft's New Windows Monetization Methods Could Mean 'Subscriptions'

Finally some Clue (TM) out of the Redmond mothership!

In a subscription model, M$ does NOT have to tempt the users with "new features" to get you to buy their software, so there's no impetus to "change everything for the sake of change" and the abominations that are Me, Vista, "ribbons" and 8 should not happen anymore.

The initial cost of Windows drops to zero: Why would the mothership bother charging for it up front? The first hit is always free!

Since M$ is getting paid for every Windows system running, they can actually FIX the security problems in Windows instead of insisting that we all have to upgrade so they can make money. They will be able AND motivated to keep supporting older versions for much longer. Less retraining and hassle for the end users, and more stable and reliable systems for users and businesses to depend on.

Businesses have been doing it this way for years now, and they like it.

Comment: Here's the problem. (Score 5, Insightful) 205

by johnnys (#47318755) Attached to: The Security Industry Is Failing Miserably At Fixing Underlying Dangers

The "Security Industry" makes money for the shareholders selling "stuff". Any time they see a problem, they will treat it as an opportunity to sell more stuff, since that is how they make money. If the problem is because the customer has already bought too much stuff, they will still try to sell the customer more stuff since THAT IS WHAT THEY DO.

So if you want to be secure, what do you do? We all know: You get rid of crappy software, simplify your systems, remove unnecessary cruft and hire developers, network systems people and architects who can build you what you need securely. You do NOT hire the cheapest meat puppets who can find the company website and spell "javascript" and you don't outsource your security to the lowest bidder.

This requires real effort on the part of the company paying for all this: They need to recognize that the "Security Industry" and their shiny, happy sales droids are just parasites ripping off the public with the "latest and greatest security stuff that will really protect you this time I promise not like all the other times, I really really mean it THIS time!".

They really need to understand that the RIGHT way to GET Security is to design it in, have the right people building and managing it and proper oversight over all of it. To do that you have to treat it as a profession and a core part of what the company does, not as a "service" or "product" that can be "bought in" or "outsourced" to a low bidder.

Security needs to be treated as a profession in any company with a significant cyber presence, just like the accounting them, the legal team and the core business functions. Pretending it's "just something that we can buy from a vendor" is short sighted and ignorant.

Comment: Re:Dead on arrival (Score 1) 345

by johnnys (#47279113) Attached to: Harley-Davidson Unveils Their First Electric Motorcycle

Wrong! Wrong! Wrong!

90% of motorcyclists are perfectly reasonable people who ride motorcycles with the original quiet mufflers, or a reasonable muffler that is not a lot louder. The 10% of cretins who ride with earsplitting open pipes are the MINORITY. Don't think that because they make 90% of the noise that we're ALL like that.

I've ridden 40,000 miles on motorcycles in Canada and the USA and I always had a reasonably quiet muffler. So please don't keep spreading the lie that "90%" of us are lowlifes: There's probably a MUCH higher percentage of politicians and bankers who deserve culling than motorcycle riders!

Comment: Only ONE day??? (Score 1) 230

by johnnys (#46880759) Attached to: One-a-Day-Compiles: Good Enough For Government Work In 1983

You got your compiles back the NEXT day? Bloody luxury!!

At my high school, we had to write our own programs, punch them ourselves and submit. We then had to wait 2 days to see if they compiled!

You young whippersnappers with your fancy "gcc" have it so much better! And get off my lawn!!!

Comment: Follow your passion and keep your options open. (Score 1) 133

by johnnys (#46559075) Attached to: Ask Slashdot: Moving From Tech Support To Development?

If you find "problem solving" to be your passion then follow it, but try to make sure you don't follow something that will limit you later on: If you think Java is interesting then go ahead and learn it BUT make sure you learn the general skills in programming over the particular skills. Learn how to program then learn the language. That way if opportunities around Java go away, then you are set for what's next.

You may find that "problem solving" leads to programming now, but as you grow and develop new skills and interests it may lead to something else, then something else after that. If you can keep your passion then you will be motivated to keep going and learning new things.

Comment: Nonsense. (Score 5, Insightful) 162

by johnnys (#46523607) Attached to: Full-Disclosure Security List Suspended Indefinitely

There's a meme going around that "Fact is, you cannot make a secure product," is somehow a "Truth" that we all just have to accept.

This is just BS. Of course you can make a secure product. You just have to commit the time and resources to make security your top priority.

If you want to securely control your HVAC systems in your data centre, don't connect it to the Internet: Hire a person to operate it. If you want to securely control your nuclear reactor, don't connect it to the Internet but hire a staff to operate it using air-gapped systems.

If you want to save money on salaries by connecting your critical systems to the Internet using commodity CPUs that don't separate writable RAM from executable RAM, and operating systems designed for single user with poor security built in, and software written by the lowest bidder using languages that encourage lazy programmers to write buffer overruns, then you will save money but there's no way you can make a secure product. But don't pretend it's a universal fact that security is not possible: Recognize it's your own penny-pinching that is causing the problem.

Comment: Lots of unproven assertions here. (Score 3, Interesting) 245

by johnnys (#46513829) Attached to: Is Analog the Fix For Cyber Terrorism?

"obvious: that 'every digital system has a vulnerability,' "

So far, this has been demonstrated (NOT proven) only in the current environment where hardware and software architects, developers and businesses can get away from product liability requirements by crafting toxic EULAs that dump all the responsibility for their crappy designs and code on the end user. If the people who create our digital systems had to face liability as a consequence of their failure to design a secure system, we may find they get off their a**es and do the job properly. Where's Ralph Nader when you need him?

And as the original poster noted, you CAN isolate the control systems from the Internet! Cut the wire and fire anyone who tries to fix it.

"analog protection systems have one big advantage over their digital successors: they are immune"

Nonsense! There were PLENTY of breakins by thieves into banks, runaway trains, industrial accidents and sabotage BEFORE the digital age. There was no "golden age" of analog before digital: That's just bullsh*t.

Comment: Speaking from Canada, eh? (Score 1) 723

by johnnys (#46112467) Attached to: Atlanta Gambled With Winter Storm and Lost

REAL northerners are NOT making fun of the grief and hassle that the good people of Atlanta are facing. We've all seen what happens when the weather gets bad, and we're having problems right now ourselves so we can all relate. See:

So I wish you the best of luck and hope you get sorted out soon!

Comment: Does this mean I can get drivers? (Score 1) 513

by johnnys (#46038605) Attached to: HP Brings Back Windows 7 'By Popular Demand' As Buyers Shun Windows 8

OK, so now that HP has pulled their head out of their *ss and realized that NO-ONE likes Win 8, are they going to release any drivers for those of us who bought their "Envy" systems and need the drivers for Win 7 so we can make those "Envy" systems work properly?

Or, since they already have our money, are we SOL?

Hmph. SOL it is, then.

10 to the 12th power microphones = 1 Megaphone