Please create an account to participate in the Slashdot moderation system


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Another bad omen for privacy and security (Score 4, Insightful) 302

by qwijibo (#49125781) Attached to: Moxie Marlinspike: GPG Has Run Its Course
It's a bad sign when those who care about security lose interest. The NSA is doing their part to eradicate secure crypto. Law enforcement agencies are commonly breaking the law to fish for potential criminals. The only protection available is what's written by people who are not subject to influence from the NSA. That's increasingly meaning open source or non-US-based companies.

Crypto is hard to get right. It's hard for the average person to know what ciphers or tools to use and which are just snake oil. It's hard to implement correctly so that it is secure. New ciphers are written by people who have a lot of experience in breaking the old ones. As the old guard ages out, I don't see the same depth of interest in the next generation. With crypto, there's no quick fix, and the new hotness doesn't come overnight.

On the other hand, the 1990s cryptography he mentions would be a huge improvement over many things we have today. Since the 90s, I've wanted the ability to have cryptographically signed financial transactions. Instead of financial institutions and credit reporting agencies using shared secrets, I'd like to have the ability to authenticate with a public key. I'd like to provide my public key in person to my bank so they know I'm authorizing transactions. Instead, they rely on secrets which are available to anyone who's willing to spend a few bucks and maybe break a few laws. Identity theft is so prevalent because we're basically relying on writing (at least a 4000BC technology) for security instead of good crypto. Hell, bad crypto would be an improvement over most of what's being done today.

I hope his opinion isn't representative of more people who have been involved with security and privacy issues, but unfortunately, I think it will resonate with a lot of us.

Comment: Why just nations? (Score 1) 131

by qwijibo (#49079155) Attached to: US May Sell Armed Drones

When will those of us in the flyover states be able to buy our own armed drones?

Youtube is filled with entertaining videos of rednecks with guns and explosives. Armed drones would help take this to a whole new level. Think BattleBots with truly no holds barred.

Sure, there may be some people who would want to use these for illegal purposes, but think of all the benefits. Imagine a new service for stalking victims - counter-stalking drones, now with a "resolve" button.

(For the humor impaired, yes, I'm kidding)

Comment: Re:That's why nobody sensible wants them (Score 3, Informative) 223

by qwijibo (#48989127) Attached to: US Health Insurer Anthem Suffers Massive Data Breach

Encryption is not a panacea.

I'm in full agreement that sensitive data should be encrypted, but I've seen too many cases where encryption (even bad encryption) is an excuse for lazy and bad security decisions.

SSN is a bad "secret" for anything, given how simple and ubiquitous it is. The idea that shared secrets establish identity has been wrong for many years and it's just going to keep getting worse until we, as consumers, can make companies leverage public key cryptography for authentication.

Policies that require encrypting SSN at rest and PII in transit usually results in a database table with:

That sounds like a step in the right direction, unless you consider that how easy it is to decrypt the SSN. On my laptop, it takes 62 seconds to go through every possible SSN using a script that took me less than 60 seconds to write. Add some time for doing an encrypt operation and lookup for each possible value, but it's clearly possible to brute force the entire SSN range on any computer in a very short amount of time. Ultimately, once someone can get access to the data, they can easily generate every possible encrypted SSN and match up actual value to what's in the table.

Real world example:
Cox insisted on having my SSN to get internet service through them. The last 4 of the SSN is used to confirm the user on the web site. They insisted that storing SSN on the internet was safe because it's encrypted. They really want the SSN to be able to track you down if you don't pay and skip town. Most of their customers aren't going to argue with them because they hear that encryption is magic. I eventually convinced a supervisor that their security is a joke and we agreed that my SSN would be in their system as 3.14159265, without the decimal point.

When people believe that encryption makes their data safe, it allows people to decide to make riskier choices with where the data resides. Encryption is a step in the right direction, but it's just one piece of the security puzzle.

Comment: Re: Good! 100,000 more Democrat voters! (Score 1) 331

by qwijibo (#48988609) Attached to: Massive Layoff Underway At IBM

You took that seriously?

I was just making an absurd extension to the "give everyone free money" argument. This is all under a story about mass layoffs at IBM, so I figured trying to add some levity might help.

The income tax is a percentage of income paid to the government. If there was a "negative income tax" that would (mathematically) be money the government paid to the taxpayer(taxearner?). Math jokes aren't always funny, but when they have to be explained, all humor is completely lost.

As someone (often misattributed) once said: Democracy only works until people realize they can vote themselves more money.

Comment: Re:rival IBM? (Score 1) 331

by qwijibo (#48979913) Attached to: Massive Layoff Underway At IBM

Yes, it's too optimistic.

The people who are let go during mass layoffs aren't the visionary, brilliant and rich types. Those people can get another job easily, so there's no reason for them to stick around a soul sucking company they hate until they get laid off.

To found a company you need capital. Unless one or more of the founders is rich, that means convincing others you have something worth investing in.

How many of the people let go are going to work for free or cheap for a brand new startup?
What are they going to work on?
How is that product or service going to turn into a steady income stream?

Does IBM have anything worth a startup trying to beat them on?

A bunch of legacy applications that keep getting resold to new customers? There are none in a new startup.

IBM mainframes? Is there a market for a new mainframe manufacturer? And what's the barrier to entry to design, manufacture and market a new mainframe? I suspect not, but then I don't believe that the market for new IBM mainframes consists of anything but legacy IBM mainframe customers.

Project management? This is most of what IBM does. They get a contract to scope out a project that is never defined and therefore will never succeed or fail, but there's an amazing amount of billable hours in fluffing up the "no deliverables" that these projects could be shrunk to.

Most companies who want a project management circle jerk are perfectly capable of hiring a bunch of contractors and giving them no direction. There's no need for a startup to perform some role to get into that cash bonfire. IBM gets these contracts because people play golf and drink with other people, or they throw one of these engagements in with every product. You don't have to purchase a product, IBM will be happy to bill you for trying to sell you stuff you don't want.

Comment: Re: Good! 100,000 more Democrat voters! (Score 1) 331

by qwijibo (#48979625) Attached to: Massive Layoff Underway At IBM

Wouldn't a negative income tax be the government giving people free money based on how much money they made? That would make the $15/hr minimum wage people happy, just make the negative income tax 100%.

I would also like the government to give me 100% of my income as free money. When can we get this initiative on the ballot? Everyone will vote for it. There's no down side.

Comment: Re:Levels (Score 1) 214

by qwijibo (#48922913) Attached to: Ask Slashdot: What Makes a Great Software Developer?

The "do one thing well" philosophy is about purpose, not implementation.

For example, the grep family of tools search for patterns in files or input data streams. There's egrep for regular expression matching, zgrep for searching through compressed data (decompressing before searching, of course), etc. There's oodles of options to make all types of searching easier, but those are all aimed at the central purpose.

If you need to search for all of the numbers in a file and add them together, you could use grep for searching, but need another tool to do the addition.

Comment: Re:2.5 billion transactions a day (Score 5, Interesting) 164

by qwijibo (#48818149) Attached to: The Mainframe Is Dead! Long Live the Mainframe!

Mainframes are like really big industrial cars where everything is hugely expensive. They're stupid expensive, but far cheaper than trying to do massive amounts of work with thousands of pickup trucks.

It's like the transporter they use to move the space shuttle with rockets and all ready to go:

It goes 1MPH, which sounds pretty wuss-tastic in car terms, until you consider how much capacity it has at that speed. It would be basically impossible to accomplish the same thing with any number of VW Beetles without spending years taking apart and reassembling everything each time you wanted to attempt a launch.

That's where mainframes make sense - problems which are really massive, but need to run on one computer. Any problem that can be broken down into smaller chunks can be solved much more efficiently with a network of smaller computers.

As the smaller computers continue to get more and more capable and the technology to break down problems and high speed interconnects become more common, the jobs that run better on a mainframe get more rare and networks of servers become more common.

Mainframes do have one cool thing going for them that is not respected on smaller machines - portability. There's code that's been in use for several decades on mainframes running in a stack of emulators. Each new mainframe gets an emulator to make it possible to act just like an an old mainframe. This means the customer needs to run their code on the emulator instead of having to tweak the code to work on the new mainframe. For jobs that justify mainframe costs, downtime is very expensive, so minimizing additional conversion efforts is huge. Also, it's entirely possible that the last person who knew how some mission critical code worked may have died 40+ years ago and business people aren't big proponents of hiring someone to figure out and rewrite legacy stuff.

Comment: Re:Enforcing pot laws is big business (Score 5, Interesting) 484

by qwijibo (#48633175) Attached to: Colorado Sued By Neighboring States Over Legal Pot

From my point of view any compromise in the belief that it is morally wrong to ....

This is why the states rights model makes more sense than overbearing federal laws.

Reading your position, I think you and the people of the bible belt would get along just fine. Nothing negative against you or them is meant or implied in any way. While I may not agree on this specific point, you're promoting personal responsibility, which I support completely.

However, I'm also positive that the people of California and the people of Tennessee have some pretty significant differences of opinion on several legislative topics. There's nothing wrong with either side, the people just need to respect that others may believe differently and not try to force it down each others throats.

If more laws were handled at city and state levels and fewer at federal levels, the discussion could be a lot more rational. i.e., there are people who use marijuana recreationally and there are people who carry loaded guns in public. Both of these groups are generally not going around hurting anyone, so I don't have a problem with either of them. However, those should remain two separate groups and it seems reasonable for people to choose one or the other, not both, just like we do with alcohol today.

The people who are bringing pot from Colorado into the neighboring states are committing a handful of crimes. Those states could pass laws requiring high restitution fees for those crimes to support the increased enforcement costs. Or they could decriminalize or legalize it. Each state should make their own choices and deal with enforcement accordingly. If it's not cost effective to prosecute people who have small amounts of pot and those people are generally not hurting anyone, a good business decision is to look the other way, just like with the other hundreds of thousands of laws on the books that are selectively enforced today.

Even bytes get lonely for a little bit.