Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Comment Re:Agree with content, not the name (Score 1) 234

"the bigger the island of knowledge, the bigger the shore of ignorance".

It's the opposite (sorta). The more you expand the shore of knowledge, the bigger the island of ignorance. The more we know and discover, the more we realize what we don't know and have yet to discover.

And then there's the ocean of information around the island that in the famous (paraphrased) words of Donald Rumsfeld, you don't know you don't know.

Comment Re:oh, man. Prepare for another round. (Score 2) 86

That it would force people to write down the passwords in sticky notes and very cleverly paste it on the underside of the keyboard is not realized by the bozos, or if it did, it did not bother them.

People keep trotting this out as if it was some horrible, boogeyman security practice.

Quite frankly, it's probably better than any other security solution. After all, humans have spent thousands of years working on physical locks, while electronic ones (like passwords) have only been around for a few decades. And, physical security is another legitimate layer of security. Sure somebody can break into your work place and grab your passwords. But they'd actually have to be physically there. And the cops are much more likely (and able) to respond to a physical break-in than to some virtual intruder entering virtual storage.

The worst thing that could happen would be to electronically store the passwords in plain text. You get neither physical nor electronic security. That should be discouraged.

Comment Re:Slashdot (Score 5, Insightful) 226

Slashdot's not a publication. It's a community with links to articles as topics of conversation.

The raison d'etre of publications is producing articles and other pieces of content. The raison d'etre of Slashdot is the community and the discourse of other people's content.

tl;dr: Without (an effective system for) comments there is no Slashdot.

Comment Re:Way to encourage responsible disclosure. (Score 1) 87

Agreed. The "responsible" in responsible disclosure applies to both the researcher and the company. If the company is not responsible in their behavior towards the security hole, then there's no point in the researcher being responsible either.

Companies that have a bad track record of responsibility should have their security holes publicized immediately. After all, if they don't take their product's security seriously today, there's no reason to expect them to take their product's security seriously the next time around.

Comment Re:Simple rule (Score 4, Insightful) 152

Even without an NDA, you'd be lucky if you didn't screw up somehow. Not only could you be revealing trade secrets, you could also misrepresent your company, or in the worst case, reveal insider financial or strategic information. Best to keep that line drawn, especially on a public forum.

Comment Re:SubjectsInCommentsAreStupid (Score 3, Insightful) 254

By imperfectly mimicking the old Office GUI, the LibreOffice GUI (and UI in general) ended up falling into the uncanny valley. It sort of looks like MS Office, but because it differs in subtle ways both visually and behaviorially, it's off-putting.

If there's any OSS product that needs a UI redesign, it'd be LibreOffice. It'd be great if Mozilla could ship all their Firefox UI resources over, since it seems Firefox has so many choices they can't seem to decide which one to go with.

Comment Re:Welcome to the new world? (Score 1) 262

You just increased your attack surface while offering marginal benefit. The increase in attack surface is certainly new.

You're also paying additional for it, both during purchase (to recoup the manufacturer's R&D investment and for the additional physical components), and then afterwards as part of the car's maintenance. The additional costs associated with the additional components is also new.

Comment Re:Welcome to the new world? (Score 1, Interesting) 262

It's another attack vector, on top of all the existing attack vectors.

The attack vector these electronics close is hotwiring under the dash. This kind of attack doesn't happen as much as you think. More likely, people go for the GPS unit or something other item that's left out in the open, or your wheels and other easily-accessible parts. Stealing whole cars is rarer, unless you've got some collector's piece, and stealing whole cars via hotwiring is very rare. For stealing whole cars, there's a lot of low-hanging fruit, namely people who forget to lock their doors, people who more than crack their windows, or people who habitually keep the keys inside their car. And people who do steal whole cars for a living (usually for getting to less-accessible but more expensive parts) will have the equipment to be able to gain entry anyway, so it hardly matters.

The additional electronic security may close one or two attack vectors, but it doesn't close all of them, and certainly not the most important ones. So now the question becomes, is closing the one or two attack vectors worth the additional (literally) thousands of dollars worth of electronics as well as introducing an additional unknown quantity of electronic attack vectors?

The only difference between a car salesman and a computer salesman is that the car salesman knows he's lying.

Working...