Follow Slashdot stories on Twitter


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×

Comment Re:Don't install Comcast equipment... (Score 1) 47

... problem solved. The only reason this attack vector exists in the first place is that people are too lazy to install their own equipment. Instead, they rent a Comcast Wifi router at an exorbitant cost and questionable security. ......

Given the size and reach of Comcast the issue of questionable security is an issue
of national security and worth a letter or three to your elected officials.

Individuals can be lazy and will be (yes should not be lazy) but large organizations cannot be.

Security flaws need to be addressed in prompt time frames and agencies that keep them secret
because they believe them to be a tool of power need be squashed and the salary of the managers
reduced %10 for each week beyond 90days should they fail to report to the vendor discoveries
of security flaws.

Comment Re: A step in the right direction ..privacy (Score 1) 111

I expect my calls to be private even on the street.
Someone has to make an encryption app for the calls where you exchange keys in person and they are never on the network.

Expectation of privacy needs to be reviewed. Definitions of privacy should not be capricious.
There is privacy in a crowded noisy room.
There is privacy in the middle of an open field.
There is privacy in the home.
There is privacy in the bedroom (hotels have bedrooms).
There is privacy in a special RF shielded, sound deadening special room.

A conversation in a restaurant while on a date has privacy expectation.
There is privacy in the confessional of the catholic church.

To subject the population to privacy rules for NSA secret meetings
is folly.

Comment Re:Conflict of Interest? (Score 1) 80

Linux doesn't have anti-malware products

I had to laugh at this. I have to say that almost all of the automated attacks I ever see hitting my firewall are Linux server exploits.

I have managed many servers over the years, almost all of them Windows. I have had maybe 4 separate instances of one of my servers getting owned and they were all Linux servers.

Your view is illuminating yet the millions of laptops and home computers
are not behind a well managed firewall.

This lack of quality firewalls in ISP provided hardware is a real problem.
+1 for OpenWrt and friends.

Comment Re:One set to create the problem, one set to solve (Score 1) 80

>> Isn't that precisely what companies are doing with security bug bounty programs?

No, that's called "outsourcing QA"

I think we can also thank Snowden and many others that have noted how
common it is that a Microsoft machine gets used in a farm of attack

I know that I have written before that known flaws and exploits
are a risk to national security. Some falsely believe knowing how
to exploit systems is power but as script kiddies demonstrate these flaws
are not only known by honest law enforcement.

The problem is finding a global definition of honest law enforcement
for global companies to interact with.

Submission + - Comcast Xfinity Wi-Fi Discloses Customer Names and Addresses (

itwbennett writes: Despite assurances that only business listings and not customer names and home addresses would appear in the public search results when someone searches for an Xfinity Wi-Fi hotspot, that is exactly what's happened when the service was initiated 2 years ago — and is still happening now, writes CSO's Steve Ragan. And that isn't the only security issue with the service. Another level of exposure centers on accountability. Ken Smith, senior security architect with K Logix in Brookline, Ma., discovered that Comcast is relying on the device’s MAC address as a key component of authentication.

Comment Overqualified says good... (Score 1) 393

Overqualified says good things about the educational system
Overqualified says the list of jobs with interesting qualifications is shrinking.

Years ago help desk folk had to read schematics and source code.
Now they read scripts designed to swap out idiot proof boxes.

Apple has an idiot proof magnetic quick release power connector (nice except for the patent).
Apple has a new lightening USB magic connector that cares not which way is up (nice except for the patent).
Apple has used the new lightening USB connector on a pen that is surely going to break off inside
the new big iPad. Someone will read a script and replace pen after pen at $99.99+tax each.

Comment Re:This is great (Score 1) 73

No doubt advances in storage technology would go a long way towards making renewables feasible, however the prices need to come down for that to become a reality. .....

I wondered what the value of this was but saw a pun in your post.
There is data center storage and off peak electric storage and load leveling.

Buildings full of robots, food, data, semiconductor fabrication, assembly,communication equipment all have
large downtime risks and orderly shutdown risks.

Since these are pulled from recycled battery packs the costs are interesting.

These are lithium based -- I think the heavy iron based battery technology is
the most likely urban future. Install them in underground vaults perhaps
under the driveway then roof solar as well as off peak charging can be buffered
with little environmental risk. The interface technology is still expensive but
regulation and testing are settling down and cost reductions will follow.

Comment Re:node.js? (Score 1) 107

Do we know if this affects node?

You have to feed your node server a polluted pile of js and that
requires the site to be compromised. So yes but....

For some reason Google just upgraded Chrome.....
I wonder if it is related...

Always load two browsers on your device and save one for the days when
the other is "ill". You got to be on Edge to understand this...

Submission + - Justice officials fear nation's biggest wiretap operation may not be legal (

schwit1 writes: Federal drug agents have built a massive wiretapping operation in the Los Angeles suburbs, secretly intercepting tens of thousands of Americans’ phone calls and text messages to monitor drug traffickers across the United States despite objections from Justice Department lawyers who fear the practice may not be legal.

Nearly all of that surveillance was authorized by a single state court judge in Riverside County, who last year signed off on almost five times as many wiretaps as any other judge in the United States. The judge’s orders allowed investigators — usually from the U.S. Drug Enforcement Administration — to intercept more than 2 million conversations involving 44,000 people, federal court records show.

Comment Re: Male privilege (Score 1) 345

I eventually found a way around this. I just started not giving a fuck what others thought about me. It may or may not work for others, but I found that the less I cared about the opinions of others the happier I am, and the more real friends I had.

I might comment that not giving a hoot is a modestly effective strategy.
In the extreme it does risk dehumanization.

A valuable coping strategy is a thick skin. That is in some ways quite different than not giving a flipp.

One can go down the rat hole of discourse, cultural bias and small tall but I really want
to discuss the weather.

Comment Re:I have no debt and a hefty savings account (Score 1) 386

They _want_ people who arn't completely broke but can't afford the credit so they'll keep making minimum payments forever. ......

Yep, every dollar of debt you take puts $10 back into the sytem which they can then lend out to ten more suckers. Gotta love it.

Not completely. It might seem that people who pay off their credit cards every month would be refused credit under the "sucker system" y'all describe. But those people result in cash flow for the companies. If everyone made the easy minimum payments, it would be a big problem for them.

There are multiple games ... like a casino.... each game has it's own odds and action.

The people that pay off their debt are a predictable cash flow.
The fee that the merchant pays is what the casinos call action.
With fees in the 2.5% to 3.5% the lender can make 12x2.5% on
his bank... a 30% margin is not a bad business.

A second game is the individual with a constant balance of say $5000..
and a constant cash transaction rate of also $5000 a month. This is almost
a double dip situation because the full $10,000 is subject to interest at
near 25%per year and the $5000 action is also 30% so.
      (30% of $5000)+(25% of $10,000)=$4000
Since on average the bank has floating $7500 this is a marvelous rate of
return. The banks will argue and toss better data models and calculus
at you but the difference is often padded with short term-overnight loans
from the Fed. at one percent.

It is a racket (IMO), there are serious writedowns for fraud but I might assert
the biggest expense is the layers of management and regulatory compliance.
Most organizations do not care about regulatory compliance because
it is a documented obligatory expense and comes of the books very quickly.

Our elected officials need to pay attention....
First they need to pay attention to regulations crafted under the rule of law.
We no longer live in a world of law we live under a burden of dynamic
regulations rubber stamped by laws that allow regulations to go into effect
as a default fall through.

Comments like this illuminate the problem. When House Minority Leader Nancy Pelosi (D-CA) to
defend her 2010 comment that “we have to pass the bill so that you can find out what is in it, away from the fog of the controversy.”
She and the press ignored the reality that the law was simply a framework for regulations that on the first iteration
comprised 10x the page count of the law the reality is more obese...11,588,500 Words: Obamacare Regs 30x as Long as Law...
"Bureaucracies in the Obama Administration have thus far published approximately 11,588,500 words
of final Obamacare regulations, while there are only 381,517 words in the Obamacare law itself.
That means unelected federal officials have now written 30 words of regulations for each word in the law."

Golly I got off track...

Comment Re:Brits love to complain (Score 1) 136

The USA has constitutional prohibitions against this kind of activity. So the NSA and friends have to make a show about complying with the law. British prohibitions against this are much weaker. So the government just comes clean about it.


Fair enough, but candidly, I just assume any searches I perform without cloaking are accessible to any number of interested parties.

There is a plugin worth playing with.
To quote the description:

"Confuse surveillers by randomly browsing the internet.
"Advertisers and government agencies attempt to build a profile of you based on your browsing history. Paranoid Browsing confuses that effort by making a background tab which browses the internet at random.

"PB was inspired by fictional software described in Cory Doctorow's book Little Brother: "It even throws up a bunch of 'chaff' communications that are supposed to disguise the fact that you're doing anything covert. So while you're receiving a political message one character at a time, [it] is pretending to surf the Web and fill in questionnaires and flirt in chat-rooms. Meanwhile, one in every five hundred characters you receive is your real message, a needle buried in a huge haystack."

"PB currently browses the "standard American" set of web pages, but you can easily modify this to look at ponies, go carts or whatever else you want profilers to think you're interested in. Code is available on GitHub and pull requests are appreciated:

"Note: Since Paranoid Browsing clicks on links randomly, you will get some popups. I recommend having a dedicated window for PB.

"If you find PB useful, please consider donating to a top charity: http://www.effectiveanimalacti... "

Comment What is the state of the samples? (Score 2) 245

What is the state of the samples?
If the sample integrity has been maintained retesting is possible.

My bias is that the war on drugs has become vastly worse than the drugs themselves.
Given my bias and opinion based cost analysis all drug offenders should be released
with time served rubber stamps. The war on drugs has caused astounding social
damage in the US and much of the world. Can we say "war zone" children.
The WOD money would better be spent on the social and medical needs and consequences.

Addiction is very serious but once money is removed all of the associated crimes involved in
the financing of addiction are vastly reduced both domestic and international. Addiction does
cause harm to individuals. The WOD causes harm to communities and even nations.

The bigger fish involving truck loads of stuff and money are unlikely to be impacted.

Crack and meth are so evil that each citizen should be required to cultivate a marijuana
plant of old green simply to make a less harmful choice available.

Drug addiction is real and a problem --- the WOD is worse.

Comment Re:General advice, sir yes sir! (Score 1) 61

A corner case would be at an intersection of two edge cases! Almost by definition.

Almost, consider a corner involving three surfaces.

This is perhaps the single best question I have seen in a decade.
Bonus point for the asker.

End point case, overflow/out of bounds case, edge case, corner case...

I can offer some obvious, to me, thoughts.
*) End points are sometimes ill defined and the last legal value and first illegal value must be
correct... Off by one bugs fall into this ... so does testing for zero in floating point land.
Often found inside a function.
*) Edge cases would be interface issues between two functions with a single arg()
*) Corner cases functions with multiple args().
This simplicity ignores a lot!

In my experience labeling a bug with a type is more error prone than
any type-unsafe language. Consider bogus asserts() ....

Philosophy: A route of many roads leading from nowhere to nothing. -- Ambrose Bierce