Forgot your password?
typodupeerror

Comment: Re:If you're entering any position where previous (Score 1) 892

by rsagris (#44578401) Attached to: Ask Slashdot: When Is It OK To Not Give Notice?
That policy is there to prevent people from actually being able to actively look for work. So far, in my experience, except for fairly rarified fields, employers don't even look to hire people that far out. By requiring people to give 3 months notice or never work for them again, basically the only way you'll ever work for them is if you are lay off and then tried to be re-hired at a later time. -rs

Comment: Two Words: Air Gap (Score 3, Insightful) 56

Seriously: water, power, and other critical utility infrastructure providers are not a low density/low volume market. There are large enough economies of scale such that there should really be no discussion here. There should be a separate physical network for these industries.

Air gap the network, heck, develop and mandate totally new hardware interconnects to ensure some moronic PHM or more likely brain dead network admin isn't physically capable of connecting COTS hardware to SCADA hardware.

There is absolutely no reason for any of this stuff to be directly accessible to the public internet, the utility provider can very well have some data diode http://en.wikipedia.org/wiki/Unidirectional_network/ to provide metering information on the public internet side, but there absolutely should be no bidirectional links between the command and control network and the public internet

There would be no astronomically expensive software validation necessary if these industries were mandated to require Hardware level compartmentalization, which funnily enough a custom hardware solution would be orders of magnitude cheaper and deployable now rather than some pie in the sky (never going to happen) software based solution that the "Tube" worshiping ludites in Washington think can actually be created

-RS

Comment: Re:Just releasing the source may not fix it (Score 4, Insightful) 161

by rsagris (#42569939) Attached to: Norway Tax Auditors Want To Open Source Cash Registers To Combat Fraud
Would people quit using this as an example of doubt? Show a real, honest to God, in the wild example of a widely used backdoor inserting compiler, or just STFU about it because while it might be possible it isn't in anyway practical or plausible enough to mention. If it was so easy to write a general use backdooring compiler, then it'd be actually seen, not fantasized about. -rs

Comment: Re:Degrees are meaningless (Score 5, Insightful) 461

by rsagris (#38755832) Attached to: US Losing R&D Dominance To Asia?
Uh, how about you and your company try the novel idea of TRAINING people how to do their job, instead of expecting them to do your job for you by training themselves. If companies would quit expecting their employees to walk in already trained on their specific skill needs and actually get down to taking 1-2 months of training their employees, they might actually solve the problem of not having enough skilled candidates. Use their major and them having a degree as a screening criteria for work-ethic and overall ability to accomplish tasks put to them under a deadline, but don't expect them to be tailor made to suit your field. -rs

Comment: Could someone please properly frame this! (Score 1) 265

by rsagris (#37581322) Attached to: Security By Obscurity — a New Theory
It isn't Security Through Obscurity. When Obscurity is added as part of an overall Security Architecture it is Security In Depth. For Obscurity to be a proper security enhancer, you have to have a fundamentally secure foundation onto which you add Obscurity to outside attackers. For example, I would wager it'd be very difficult to even begin to conduct cryptoanalysis aagainst an unpublished/undocumented NSA designed crypto-system over trying to crypto-analyze a documented crypto-system. I am presuming that the system itself is secure by design, as it was designed by the NSA (the largest single employer of mathematicians in the world, devoted to cryptography to boot.) So, if we are going to discuss adding depth to secure systems by overlaying more obscurity could we stop rehashing how obscurity isn't security. Anyone who knows anything about this topic knows that, Obscurity by itself does not provide a robustly secure system, it fails once the obscurity is peirced.

Comment: Re:alternate vitamin D sources (Score 4, Informative) 616

by rsagris (#12983939) Attached to: Sunscreen Not So Good for You?
The article I read said that dietary supplement Vitamin D is not the kind that is absorbed by the body very well. And that sun exposure produced Vitamin D is produced in ridiculous quantities by the skin when compared to dietary ingenstion (for even natural Vitamin D foods like the grandparent listed) The Doctor was saying that even taking into account a proper diet, you still were not properly reaching what a healthy level of sun exposure would natural have circulating through the body.

"People should have access to the data which you have about them. There should be a process for them to challenge any inaccuracies." -- Arthur Miller

Working...