Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment: Re:This never works (Score 1) 163

by Dutch Gun (#49548313) Attached to: Microsoft, Chip Makers Working On Hardware DRM For Windows 10 PCs

I can certainly tell the difference between 1080 and 720 on my 60" TV when watching from about 10 feet away or so, although it's certainly not a dramatic difference. According to charts I've seen, I'd need an 80" TV to even begin seeing any benefit to 4K, and it tops off at 160". For most people, at least for TVs, 4K just doesn't make any sense.

Here's a handy chart to see the optimal resolutions given a particular TV size and viewing distance.

Comment: Re:Personally, I don't think he was talking to Goo (Score 1) 316

by tlambert (#49547447) Attached to: Median Age At Google Is 29, Says Age Discrimination Lawsuit

I would be pretty shocked if you are even remotely on the right track.

I did over 50 interviews of technical candidates while at Google, and 6 of them were phone screens.

One of them tried this on me, so it definitely happens. Two of them tried the "look things up on the Internet to answer the question" trick.

Personally, I would have had him drive the hour and a half from Boynton Beach to the Miami MarCom office, and interview from there. I don't recruit directly since my pre-Google/pre-Apple/Pre-IBM days, but if you are acting as a recruiter, one of the best gauges of a candidates personality is the front desk person's opinion of them. I can't see a recruiter passing on that information.

Shields should have gone up from the they-contact-you-because-you're-desirable-then-they-phone-screen moment. If they want you, they'll call you in, and if they *really* want you, they'll fly you to Mountain View to get a full team on your interview.

PS: I was 5 minutes late to exactly one of them because the bike I was riding to the building broke down. It would be interesting to hear an explanation of why the recruiter was not on the line with the person at the appointed time, and telling them of the schedule change and asking if it was OK with the candidate. For the on-site I was late for, the last interviewer stayed with the candidate until I got there. At a full 10 minutes of no-show I would have been substituted.

Comment: Re:systemd, eh? (Score 1) 362

by Dutch Gun (#49546129) Attached to: Ubuntu 15.04 Released, First Version To Feature systemd

Hrm, yeah, I should have put quotes around "won", because what I meant was "most major distros are using it", nothing more. Let's look at some of the top Linux distros:

systemd camp:
Mint
Ubuntu
Debian
Mageia
Fedora
openSUSE
Arch
centOS

Non systemd camp:
PCLinuxOS
Slackware
Gentoo

How many in that list do NOT use systemd? For those folks who don't want to use it, it may be increasingly difficult to avoid it without jumping ship to BSD, because it's very possible you're going to be seeing more and more dependencies on it. That's all I was getting at.

Comment: Re:Amazing... (Score 1) 202

If you've followed US politics over the past few years, it's not surprising at all. Rand is the only Republican that groks IT at all. If he wasn't also in the Koch's pocket, he would be the perfect candidate. He's still far better than Hillary "what email server?" Clinton...why the Republicans won't actually nominate him I'll never understand. He would pull conservative Democrats to him, and is a positive force for both Libertarians and Progressive Republicans (in the vein of Eisenhower). He's spoken out against the NSA, against drones, He's an actual MD. He voted against extending the PATRIOT Act.

My main issue is he's too anti-government, and wants to cut into the Department of Education, and is way too "pro-life". But weighing these against his positives, we'll not find another candidate who scores better. Of course the Republicans will give the nomination to someone else; someone who is more in-line with the $$$ and is a war-mongering corporate shill instead. And when they do, Hillary will sweep this election...it's almost like the Republicans like loosing on purpose.

RP is indeed a mixed bag of much needed reform and batshit crazy.

For a tree hugging liberal, I am however fully on board with killing the department of education. It's not that a DoE couldn't work. It is that the current one has always been a force for evil in schools. This is simply an example of the thing in question no coming even close to what a tree hugging liberal or a baby eating conservative would hope for from a government department. Centralizing some education stuff is entirely sensible, but they tried it and they failed again and again and just made things worse. But yes, he's anti government by default and want to do stupid shit like axing the federal reserve as well.

I want him to have a love child with Elizabeth Warren. Let the spawn be the president.

Comment: Such hyperbole in TFS (Score 2) 33

by fyngyrz (#49544657) Attached to: MIT Developing AI To Better Diagnose Cancer

MIT Developing AI To Better Diagnose Cancer

FFS, it's not AI. It's a mindless program. Unthinking software. Data analysis software. Innovative to some degree perhaps, but AI? Hardly. No better than me stumbling in here and calling some DSP code I'd written "AI." Well, except I wouldn't do that. :/

When AI gets here, we'll have to call it something else what with all this crying wolf going on.

Comment: Re:He screwed up. (Score 5, Interesting) 141

Except, his "one mistake" was bragging about his find to his buddies (the exploits were found and submitted, so there was no reason to do so), and Oops! it went public, obviously in a way that Groupon happened to spot it as well*. Now it's essentially out in the wild before a fix was in, however you want to spin it. That's the exact opposite of "responsible disclosure". If you tell someone else about an exploit, even in private, you no longer have control of that information. Groupon is, I think, making a point that they take the "responsible disclosure" part of that agreement seriously.

Note in the article:

He also points out that another company, Sucuri Security, was happy to pay out even after a tweet revealed some details of a security flaw in their product.

Was this also by him, meaning this isn't the first time he's done this? Or one of his colleagues? How do you accidentally tweet about an undisclosed security disclosure? Is it too much to ask them to simply NOT blab about it to others in public forums? Either way, it learns like these guys need to learn how to keep their mouths shut about the vulnerabilities they discover until the fix is confirmed, that is, if they actually want a bounty. What the hell is so hard about NOT talking about a security exploit you've discovered? Ok, sort of a dick move by Groupon (no surprise), but it's hard for me to feel too sorry for this guy either.

* My theory is that Groupon was actually emailed that the vulnerability was made public on XSSposed.org. If a company doesn't respond, XSSposed simply publishes the vulnerability and emails a notification to the webmaster, as they seem to be all about public exposure. This site also gives "rankings" to security researches, so there seems to be an incentive to share the details of an exploit before it's fixed with others on the site in order to get "credit" for the discovery (and this guy is that the top of the list), which seems like a really bad incentive.

Comment: Re:Fairly easy way to protect data. (Score 1) 73

Ha! It's not like they don't actually want all that delicious, valuable customer data. That stuff is pure gold. They just want to be able to use it themselves, such as selling access to "interested third parties".

My summation / interpretation of the article's premise: "We don't want a huge security breach that will embarrass us, but we don't actually want to spend a lot of money on the problem."

Comment: Re:root = same process (Score 4, Informative) 125

Gatekeeper also isn't "all MacOS X security". There's separate malware detection, and in order to do much of anything the user has to enter their computer account password.

It's a minor part of OS X security, mostly designed to keep casual users from installing stuff outside the apple store.

Yes.

There's also Mandatory Access Controls (MAC Framework) in the kernel itself, and there's BSM secure auditing in the kernel itself, and there's discretionary access controls, such as standard UNIX permissions, and there's POSIX.1e draft (it was never ratified as a standard) ACLs, and then there's whatever malware detection or antivirus protection you've jammed into the kernel as a MAC module via a KEXT, and in the absence of any access controls whatsoever, it's default deny, and then there's code signing, and encrypted pages within executables.

They didn't bypass any of that, and they wouldn't really be able to, even if they were root, because you can't get the Mac port for the kernel virtual address space without jumping through a massive number of hoops (which is why jailbreaking phones is non-trivial, and everyone uses script kiddy tools to do it, instead of jailbreaking from scratch).

And yeah, it's pretty stupid that Gatekeeper or anything else would be running as root and thus be exploitable with the escalated privilege available at install time, since it'd be pretty easy to just have it run as a role-based account, and have the kernel's cooperation, after cryptographic verification of the developer keys at the kernel level. But that doesn't let you bypass "All OS X Security": getting root doesn't really get you nearly 1/10th of the security bypassed (less, if you've installed third party anti-malware KEXTs that refuse to be unloaded except in single user mode during boot as part of an uninstall script, and are therefore always active).

They clearly do not understand the concept of "security in depth".

Comment: Personally, I don't think he was talking to Google (Score 5, Interesting) 316

by tlambert (#49542231) Attached to: Median Age At Google Is 29, Says Age Discrimination Lawsuit

Personally, I don't think he was talking to Google; at least not directly.

He got called by a recruiter, supposedly for Google, who set up a phone interview Looking for C/C++ and Java. Fine. There's an outside chance of Java, either as an Android App developer, or for some server back end crap at a company they purchased. It's unlikely, but it's possible (in 2011, they hired people to work at Google, and then groups decided to offer them, and then you got a choice of usually one of 3 groups... you didn't know what you'd be working on at interview time, and there was no such thing as "hiring for position" unless you were net.famous).

Then he didn't get sent a Google Docs link by the interviewer. You are *always* sent a Google Docs link by the interviewer, unless you are in a city/area where Google has a facility, then you are instead brought in to use the video conferencing at the Google location.

Then he got an interviewer who barely spoke English, and wouldn't take him off speakerphone. That never happens at Google.

The interviewer was 10 minutes late to the call.

Frankly, sir, IMHO, you got played.

You just got man-in-the-middled by an Indian or other foreign person who wanted a job at Google, and got you to ghost his or her phone interview for them, with the help of a "recruiter"/"interviewer" who had you on lousy speakerphone so that they could relay your answers directly via a cell phone to the person Google was actually talking to.

Yes, this happens.

No, savvy technical people generally don't fall for it, because they get an email from Google telling you the schedule, there's a Google Doc URL sent out with an @google.com address, and if you look at the email headers in the email of the schedule, you'll see that they are probably forged, assuming you got one at all.

Congratulations on being played, Mr. Robert Heath.

You can't take damsel here now.

Working...