Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:the one answer they won't find acceptable (Score 1) 62

by mounthood (#46382303) Attached to: Cisco Offers $300,000 Prize For Internet of Things Security Apps

I want to keep my devices secure. This means: Let me control them.

DRM / Remote Control are hard to defend, but *I* don't want to manage the milk carton chip which tells the refrigerator it's empty. I could manage it, being a technical person, but the majority of people don't even have that option.

So what are we going to do?

Don't require them to phone home, or to be connected beyond my local network if I don't want.

The milk carton will be restricted to talking to the refrigerator, but *I* don't want to manage a refrigerator. You want "things" to only talk locally and any external communication to go through a server you manage? That sounds reasonable at first, but it's not more secure: a milk carton with an encrypted/steno-graphed/timed communication is not something people can fight against. That milk carton is not going to be open or have an API, it'll be opaque hardware that's constantly changing. I can hear the corporate excuses already: "Some of the older cartons had an error that leaked info, but they'll be gone in two weeks."

Unless I control what software is run, and what it talks to, then there can be no security for my "internet of things".

Is there "no security" for you're Banks network? Security doesn't mean control.

Comment: Re:Easy solution (Score 1) 306

by mounthood (#46103049) Attached to: US Forces Coursera To Ban Students From Cuba, Iran, Sudan, and Syria

Surely you aren't suggesting that the US would tell American Universities they can no longer share data with, say Oxford or Cambridge?

Of course they can, would, and have done. All governments have export restrictions, and apply them to Universities as well as all other groups, and are not fooled by "I didn't do it, it was that other group". If Coursera was sending money or satellite images could they simply setup a "partner" outside the US? If you think that teaching is not comparable... the politicians don't agree with you, and they've made it clear they don't by forcing Coursera to exclude these countries.

US export restrictions only apply to US entities. That's the law.

International sanctions are approved and enforced by the majority of countries in the world, although often at the behest of the US. If a member of Coursera tried to make the material available to a restricted country, regardless of how they obfuscate the transfer, they're liable (and likely) to be charged with a crime.

Are you suggesting that people move to Iran and start a Coursera clone? (Even if they did, how would they get the new material?) Are you suggesting that people working with Coursera stay in the US and defy export restrictions with some fig leaf excuse? The idea that "there is a simple solution" to ignoring the government is, again, either naive or trolling.

Comment: Re:Multiple credit cards (Score 1) 448

by mounthood (#46102633) Attached to: Developer Loses Single-Letter Twitter Handle Through Extortion

When the Target data breach happened, I commented here about some of the advantages to using throw-away, preload credit cards (which limits your potential loss and allows you to quickly switch to an entirely different account if you feel the other might be compromised). I was modded down by people who have bought into the whole big-bank credit card racket, and the attitude "why should I worry, when the bank is responsible and I'll eventually get my money back". Well here is yet another advantage of using preloaded credit cards. You load money on it, pay your annual hosting fees, etc, and then just toss it and get another next year to make the next annual payment. This story illustrates the advantages of using an entirely different credit card per service, so the card you use with Godaddy is not the same as you use with Paypal.

Yes, yes, it will cost you $3 each time you load a card to make that yearly payment, but you can decide for yourself what that extra $3 can buy you.

You've missed the point: the valuable thing is not the credit card or the fraudulent access it allowed, it's the DNS names and websites he's running. Having one-use credit cards may, or may not, have stopped the attacker in this case, but it definitely would not have secured the websites. Fraud and extortion can't be stopped by changing credit cards.

Comment: Re:Easy solution (Score 1) 306

by mounthood (#46102463) Attached to: US Forces Coursera To Ban Students From Cuba, Iran, Sudan, and Syria

... there is a simple solution. Move the company offshore, or obtain a foreign partner.

Poe's Law: are you sincere and politically naive, or are you trolling? Do you think the US Government will just give-up and admit defeat if Coursera tries to break international trade sanctions? Since your comment was modded +5 Insightful, I also have to wonder about the moderators. Is this really how people think politics and the law work?

Comment: Re:but it didn't remove the option. (Score 1) 130

by mounthood (#45967529) Attached to: Silicon Valley Workers May Pursue Salary-Fixing Lawsuit

The agreement was not to reach out and poach others' workers. It wasn't to refuse to hire them. You still had the option of getting a 25% raise to go to Google, all you have to do is apply to Google.

The agreement didn't reduce the options available to people, it just made it so the engineer had to take the first step, the recruiter wouldn't call you to entice you.

Assume this is true: people still got paid less because Google didn't call them and offer the 25% raise.

To come at it from a different angle: why did the companies discuss and agree to this, if not to save money? If they want to argue that it was *only* to reduce turnover ... well why did they think people would leave? Because they'd be offered better salary or compensation.

Comment: Re:Isn't this the ultimate goal? (Score 1) 732

by mounthood (#45950585) Attached to: If I Had a Hammer

Because we have no economic framework that could accommodate such a situation. It doesn't matter if machines can do all the work is there is no means to ensure access to their produce. Economics as we practice now is entirely centered around the labor market: People work for wages, use the wages to buy things, and producing those things pays wages back to the workers. Money circulates, everyone gets fed and clothed.

Then get on it! The Internet gives us the perfect testing grounds for new social and economic systems, whether in social websites, games or P2P "sharing" economies. One great idea can change the world, and unlike farmers in the industrial revolution, we technologists have the chance to make it so.

Comment: Re:Appropriate Supreme Court Quote (Score 0) 314

by mounthood (#45909007) Attached to: Court Rules Against Online Anonymity

If this underlying assumption of fact proves false, in that the reviewer was never a customer of the business, then the review is not an opinion;

Terrible reasoning! What is it if "not an opinion"? We can only speculate that the judge means it's not a valid or protected opinion. A review should NEVER be subject to approval of the person or group being reviewed. That's the whole point of having anonymity: saying what you want regardless of that others think. Besides, you can have bad service or someone *try* to rip you off without being their customer.

If society or business is worried about the financial effects of abuse ... we already have systems to deal with that, and it's the government that decides when speech becomes stock fraud, not private business.

(Nothing in this post should be construed as an endorsement of Yelp.)

Comment: Re:Ideal dependency graph (DAG) (Score 1) 51

by mounthood (#45900285) Attached to: KDE Releases Frameworks 5 Tech Preview

Unfortunately Go doesn't have any modular/plugin system (other than source.) The FFI is better now with C++, and I'm sure we'll get dynamic loading eventually. The whole KDE framework is predicated on shared libs, services and plugins. I like Go but making a platform like KDE in Go would be impossible.

Comment: Re:Ups and Downs (Score 4, Insightful) 324

by mounthood (#45682419) Attached to: Google Cuts Android Privacy Feature, Says Release Was Unintentional

It bugs me to see the crap google gets when they are the least abusive of all big companies by just about any measure ....

They deserve to get crap for *this* and any other positive actions aren't a get-out-of-jail-free card. Until a few years ago the slashdot faq contained this:

I thought everyone on Slashdot hated the RIAA, the MPAA, and Microsoft. Why do you keep hyping CDs, movies, and Windows games?

Big corporations are what they are. They sell us cool stuff with one hand and tighten the screws on our freedoms with the other. We hate them every morning and love them every afternoon, and vice versa. This is part of living in the modern world: you take your yin with your yang and try to figure out how to do what's right the best you can. If you think it has to be all one way or the other, that's cool, share your opinions, but don't expect everyone else to think the same.

Comment: Re:Thats a loaded question (Score 2, Insightful) 406

by mounthood (#45610845) Attached to: Why Engineers Must Consider the Ethical Implications of Their Work

It is unfortunate, but I would place the blame not on the person who makes the technology, but the one who decides how to use it.

When we design something, we're "the one who decides how to use it"; that's part of designing it. The intentions of the designer matter, and if they're evil the designer should be blamed. Consider, If I make a torture device, can I just shrug my shoulders and say 'they decided to use it the way I designed it, so it's their fault'?

To make it more relatable, if I make a Friendface website where it's easy to share personal info but hard to protect it, should I deserve any of the blame? Even if the users deserve blame, that doesn't make the designer blameless. And the designers deserve more blame when you consider the complications of the real world, like marketing departments lying to the users about how it's safe, and managers denying any time for security issues (or denying the issues even exists).

Comment: Re:Why replace what works? (Score 1) 393

by mounthood (#45582989) Attached to: IDC: PC Shipments Decline Worse Than Forecasted, No Recovery Expected

Software hasn't kept up. We should be programming in some GUI based/visual data-flow language that's slow, but lets us build functional (crappy) apps at record speed. Then we need to make everyone a "programmer" so they need faster computers, and they don't have to ask IT every time they need something.

"Now this is a totally brain damaged algorithm. Gag me with a smurfette." -- P. Buhr, Computer Science 354