Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Last Chance - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Comment What a joke. (Score 0) 52

Every time I see a story like this, I have to laugh. Submitted for your approval, a little reading:

Commerce on the Internet has come to rely almost exclusively on financial institutions serving as trusted third parties to process electronic payments. While the system works well enough for most transactions, it still suffers from the inherent weaknesses of the trust based model.

What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party.

This little "bitcoin" debit card with a fooking Visa logo on it just goes to show that bitcoin has become the dragon it was meant to slay.

Comment Re:The hilarity it keeps growing. (Score 5, Insightful) 259

NPR had a great piece on this yesterday where they openly stated that if strong encryption was backdoored, some kid would just write an app in his basement implementing strong encryption without a backdoor. The algorithms are public, and honestly not that complicated. The iPhone encryption that has everyone in such a lather is a Federal standard, after all.

Some of the media gets it.

Comment Re:Nobody Cares (Score 2) 116

I worked in hospital IT for over a decade. Your speculation is entirely wrong.

the only way to avoid those is to strip down the computer until it is to all intents a single purpose old analog device. The security issues which plague, aand will forever hobble personal computers will simply not apply to near bare-metal single purpose, constantly reflashable devices.

Good idea. Nobody does that.

Comment Re:As a security professional... (Score 1) 291

Fixing security problems isn't a "nuanced" process of weighing tradeoffs: it's about educating coders to write god code, rather than just "crap that works."

Let me give you an example. Your security problem is that you just hired a guy who plans to steal documents on your Super Secret Widget. He has no criminal record (yet), or other reason for you not to hire him. He has legitimate access to the system containing the plans, copies them, and goes home. Security problems are often nothing to do with software.

Software security is certainly important, but it's only a small part of security as a profession. The default assumption is that all software has vulnerabilities, and that the truth of that has been proven time and time again.

Comment Re:As a security professional... (Score 1) 291

What if that user is an executive?

What about the time between them creating the workaround and you identifying it and closing it?

What if lots of people do it? You can't fire them all.

This is my point: If the thing the user is doing is actually important for the business, the business should be HELPING them do it in a secure way. The security role's job is to support the business so that the decision makers understand the risks of different approaches and can make a reasonable choice of which of those risks to accept.

Comment As a security professional... (Score 5, Informative) 291

I have to say that if this is his position:

His broader message was this: Security of any system can never be perfect. So it always must be weighed against other priorities — such as speed, flexibility and ease of use — in a series of inherently nuanced trade-offs. This is a process, Torvalds suggested, poorly understood by his critics. 'The people who care most about this stuff are completely crazy. They are very black and white,' he said ... 'Security in itself is useless. The upside is always somewhere else. The security is never the thing that you really care about.'"

He's absolutely dead right and more people in the security profession need to understand what their job is really about. Security is a support role. Our job is to make someone else's stuff work better. Even if you're secret service protecting the president, the core value in your job isn't security for it's own sake, it's making sure the guy in the suit is able to do his job tomorrow.

Comment Re:wow (Score 1) 220

I don't think it's different at all. Corporations are made of people, and I don't care how big you are, the work is going to be done by a person who really can't possibly have more than a couple decades of experience, and the old experience is largely irrelevant anyway.

A cloud vendors expertise isn't necessarily better than mine or yours. If my next job happens to be at a cloud vendor, I'm not magically better at it than before because I work there, not here. If you're going to claim $CLOUDVENDOR has policies/procedures/practices that are distilled from many people's worth of experience, then you're right back to making an argument based on scale.

Comment Re:In other news.... (Score 1) 500

And this:

Of course, the other part that needs to be acknowledged is that the business is profitable while paying that much.

doesn't mean anything because he's paying his staff exactly what he was paying before. It's just distributed differently. It's just to be expected that his company, which was profitable before, is still profitable after not changing his expenses.

Comment Re:In other news.... (Score 1) 500

I don't think that's it. On the emotional side, I love the idea of everybody getting the standard of living that $70,000/year buys today. My rational side just can't look past the "will it really work?"

In this case, he got a ton of resumes and customer inquiries. That's directly because he did something unusual. That's where I'd caution people not to assume this is a thing that would work as a general policy. You don't get a ton of resumes and customer inquiries when you're doing the same thing everyone else is doing.

Our informal mission is to improve the love life of operators worldwide. -- Peter Behrendt, president of Exabyte