Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: This is not a SSL matter (Score 4, Insightful) 76

by lucm (#48685327) Attached to: Ask Slashdot: Dealing With Companies With Poor SSL Practices?

Your issue is apparently with them sending your password by email. This has nothing to do with SSL. Having a password stored in an inbox is bad for security reasons that have for the most part little to do with secure transport.

Can you reset it? If so, is it done on an HTTPS form? That's not ideal, but it's not immensely worse than those millions of websites that will send a "reset password link" by email.

I'm not saying their approach is fantastic, but I don't see reasons to get your panties in a bunch. If you are concerned with their email approach (which is not the same as "poor SSL practices") reply to that email (redacting your password), and if you're not happy with their answer or lack thereof, don't buy from them anymore. You don't need to Ask Slashdot for that.

Comment: Re:shocker (Score 3, Insightful) 202

by lucm (#48682449) Attached to: Facebook Apologizes For 'Year In Review' Photos

The answer from the Facebook guy is pretty good:

"It's valuable feedback," Gheller said. "We can do better -- I'm very grateful he took the time in his grief to write the blog post."

It's like when the clerk at the convenience store looks at the nudie mags and large bag of cheetos that you are buying and tells you "have a nice evening" on your way out. You know there's more to it than a polite goodbye but you can't prove it.

Comment: Re:FFS just keep the Warthog (Score 1) 253

by lucm (#48680323) Attached to: Newest Stealth Fighter's Ground Attack Sensors 10 Years Behind Older Jets

On a positive note, having been in the Army National Guard for over 25 years (including overseas deployments), I have worked with both the Navy and the Air Force. I cannot speak specifically to the "historical antagonism" the gf mentioned, but I can say that overall, everybody I worked with generally wanted to do a good job without deference to service branch.

It's always like that. People on the ground and people in the top slots always cooperate, it's somewhere in the middle of the food chain that backstabbing and cheap politics occur. Be it intelligence services, law enforcement agencies, or departments within a large company, people who are close to the value stream or to strategy always work together while people in middle management or execution planning positions tend to focus on their small kingdom.

Comment: Re:FFS just keep the Warthog (Score 1) 253

by lucm (#48680289) Attached to: Newest Stealth Fighter's Ground Attack Sensors 10 Years Behind Older Jets

Look at the French. They have FOUR services (the 4th one is the Gendarmerie, which is basically the police outside big cities). And in most cities the firefighters are part of the army too.

And yet, this huge military organization works smoothly, with optimally managed funds and not a single instance of inter-services snafu. It's a terrific model that any army should follow.

Just kidding.


Comment: Re:Huh (Score 5, Insightful) 253

by lucm (#48680229) Attached to: Newest Stealth Fighter's Ground Attack Sensors 10 Years Behind Older Jets

This is not a technology problem, this is military politics. Basically the USAF brass doesn't want to do air-ground missions, they want to do air combat and stealth bombing because it's a lot cooler and less dangerous (for the pilots) since there's basically no serious opposition. So they sabotage every aspect of their capabilities that would allow them to do air-ground missions, like pillaging the A-10 supply chain or doing this kind of cheap stunt with the F-35, hoping that drone technology will be mature soon enough to do the dirty jobs.

Anyone who has worked on large IT projects has seen this kind of thing. The big cheese and the overpaid consultants focus on the cool but useless features that look good in PowerPoint presentations and during board meetings (like a fancy iPad-optimized dashboard or an accountant-customizable expense approval workflow that will never be used) while the really important parts like integration or bulk updates, which will be used on an hourly basis, are neglected and downplayed because they are not sexy and will be a nightmare to operate.

Comment: Re:haha (Score 4, Funny) 114

by lucm (#48643365) Attached to: Google Sues Mississippi Attorney General For Conspiring With Movie Industry

this time it's to hide their own collusion, racketeering, bribery and likely other violations of federal law.

I wonder if the other inmates will appreciate her opinion that piracy is stealing when she's in the state pen

No, they will be too busy wondering how she ended up in the state pen for violation of federal law.

Comment: Re:Would this solution stem these unending breache (Score 4, Insightful) 97

by lucm (#48639785) Attached to: Staples: Breach May Have Affected 1.16 Million Customers' Cards

It's not a case of a data center being hacked and data at rest being stolen. When the POS is compromised (which is how most of these incidents happen, it was the same with Target) it's more insidious. It's like having someone install a keylogger on your computer - it does not matter how your password is stored on the backend if the password can be obtained while you type it.

The issue is how casual some organizations are about their POS security. If they were to adopt a "need to know" approach as opposed to a "whatever is convenient" approach these incidents would not have the same impact.

Comment: Re:One number to breach them all (Score 1) 97

by lucm (#48639771) Attached to: Staples: Breach May Have Affected 1.16 Million Customers' Cards

Why can't I load up, say, a Mastercard app on my phone, login, tell it that the next time I swipe my credit card, make it generate a one-time number only good for $50?

Because that would be immensely tedious and annoying. Look at how the TSA has made the process of taking an airplane a fucking pain in the ass... Intrusive security is not an acceptable solution.

The problem is not the credit card transaction. The problem is how companies store information they don't need out of convenience and laziness.

panic: can't find /