Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Long View (Score 1) 469

by Tom (#49491483) Attached to: Seattle CEO Cuts $1 Million Salary To $70K, Raises Employee Salaries

Compensation has been commensurate to your skills for hundreds of years.

Your argument smells.

Yes, more skilled people in general earn more. But (and in the words of Ben Goldacre: It's a big but) there are exactly two issues with this in our modern hypercapitalism, and they are related:

a) A class of very low skilled workers has moved to the top of the food chain and takes a massive part of the total wages for itself

b) The general level of pay is staggeringly low. If you compare the wealth of your western nations to the wealth of the average individuals within, you should be frightened. Most western countries can spend a few billions here and there without so much as shrugging. As nations, we have more, much much much more money available than ever in history. The most lavish spending of any king in history pales compared to everyday infrastructure, science or military projects of today. As people, we are richer than the average middle ages peasant, but in comparison to our nations wealth, we have less.

Comment: Re:Clean room design has dirty and clean teams (Score 1) 175

by MobileTatsu-NJG (#49490281) Attached to: Cyanogen Partners With Microsoft To Replace Google Apps

This is a night and day difference with respect to reverse engineering...

No, it isn't. They had to go further out of their way to dance around that issue in order to make a legal clone.

...and the fact that IBM didn't want a compatible BIOS to be produced does not change this.

It changes this part:

Compaq et al were able to create clones because the IBM PC was an open platform.

Comment: Re:"Open" does not mean without copyright (Score 1) 175

by MobileTatsu-NJG (#49490143) Attached to: Cyanogen Partners With Microsoft To Replace Google Apps

...the fact is those working on a compatible BIOS had the IBM source code with comments to work from

... they clean-room reverse engineered it.

That is pretty open and greatly facilitated the creation of a compatible BIOS.

The fact remains that IBM published the source code to the embedded firmware, that is by definition open.

You can nitpick individual details all you like, but at the end of the day Compaq created the clone of the BIOS despite IBM, not with support from them.

Clean room design (also known as the Chinese wall technique) is the method of copying a design by reverse engineering and then recreating it without infringing any of the copyrights and trade secrets associated with the original design. Clean room design is useful as a defense against copyright and trade secret infringement because it relies on independent invention.

Comment: Re:IBM PC was an open platform (Score 1) 175

by MobileTatsu-NJG (#49488829) Attached to: Cyanogen Partners With Microsoft To Replace Google Apps

From the same link:

The success of the IBM computer led other companies to develop IBM Compatibles, which in turn led to branding like diskettes being advertised as "IBM format". An IBM PC clone could be built with off-the-shelf parts, but the BIOS required some reverse-engineering. Companies like Compaq, Phoenix Software Associates, American Megatrends, Award, and others achieved fully functional versions of the BIOS, allowing companies like DELL, Gateway and HP to manufacture PCs that worked like IBM's product. The IBM PC became the industry standard.

Using off-the-shelf parts is not the same as being open.

Comment: Thank goodness the NSA is looking our for us (Score 1, Insightful) 320

by gestalt_n_pepper (#49481859) Attached to: Gyro-Copter Lands On West Lawn of US Capitol, Pilot Arrested

So, this guy published the the fact that he was going to do this on his blog and in email before he did it. Here's the quote from "Thehill.com":

On the webpage thedemocracyclub.org, he wrote: ''My flight is not a secret. Before I took off, I sent an Email to info@barackobama.com. The letter is intended to persuade the guardians of the Capitol that I am not a threat and that shooting me down will be a bigger headache than letting me deliver these letters to Congress.''

Tell me again, what our incredible spying and surveillance program is supposed to be doing? Because, I'm pretty sure this is the definition of "intelligence failure" in all senses of the phrase.

Comment: Re: For work I use really bad passwords (Score 1) 136

by Tom (#49481065) Attached to: Cracking Passwords With Statistics

Then another site I used got hacked. And at that point I decided I was better off using a password manager and using different passwords for each site.

Yeah, that sucks.

I use a password manager as well, mostly because I'm lazy typing. It gives me the added benefit that if one of the sites gets hacked, I can check the PW manager to see where else I use the same PW.

You can use different passwords, if you like. I don't do it because it would mean that when I find myself without my PW manager, I'd be fucked. And it happens quite often that I do.

Comment: Re: For work I use really bad passwords (Score 1) 136

by Tom (#49481055) Attached to: Cracking Passwords With Statistics

The problem there is that all it takes is one crap site and an attacker can check all of your "reset answers" (pet's name / mom's name / etc) to see if they can be used for an attack.

These bullshit "security questions" are actually the weakest link. I don't use them. If the site enforces it, I fill them with noise.

Think about what the minimum information an attacker would need to access your bank account (either login or social engineering) and then look at how many sites have that information.

Depends on your bank. Mine doesn't let me log in with username or password or any such crap. Also, every bank worth its money these days will use 2-factor authentication, or send a TAN by SMS or something like that. More and more banks will also send you SMS to inform you about every transaction made, so you can stop any abuse immediately.

Banks are among the few who actually take security seriously. They're not perfect, not by far, but they are still among the only commercial entities to use one-time-passwords (those TAN lists) and were among the very first to use 2-factor authentication.

So, to answer your question: What do you need to access my bank account? Nothing you would find on any of the forums, games sites or even my Amazon or iTunes account.

Comment: Re: For work I use really bad passwords (Score 1) 136

by Tom (#49481025) Attached to: Cracking Passwords With Statistics

Changing passwords doesn't make them magically more secure.

What do you hope to accomplish? If you have a good reason to change, change. If you don't, you change for prophylaxis, to stop someone who may have been using your account for something. But if you didn't even notice, what's the damage? And if he's a pro, he's also changed the password reset email address, at least on sites that don't send a notice to the old address.

You're doing a lot of effort for - what? If you can't answer that question, don't do it.

Comment: Re:math (Score 1) 136

by Tom (#49480945) Attached to: Cracking Passwords With Statistics

No, it wouldn't help.

The problem is techies thinking in techie terms. What would help is get a normal user into the room and give him an actual voice in the matter, when the policy is decided. You know, not John from the call center, but Frank the philosophy doctor who's now head of product management.

Comment: All taxpayers are forced to subsidize religion (Score 1) 698

Religious institutions own business and property. They don't have to pay taxes on any of this, which means that while *my* business and property taxes go up, they're free to continue on their merry way, polluting the airwaves with drivel, owning prime real estate forever without fear of confiscation by the authorities due to unpaid taxes, and so on. Nice deal, that.

If a religious organizations want to start a fan club with a big building, it's their business, but let them pay their share for the surrounding infrastructure (i.e. roads, law enforcement, flood control, sewage, etc.).

Comment: Re:The assumption is wrong. (Score 3, Informative) 136

by Tom (#49476351) Attached to: Cracking Passwords With Statistics

The point of password complexity requirements has nothing to do with security. It's about the check box some auditor or lawyer needs to check. People assume it leads to security, but only because they see it in a vacuum.

That's consultant bullshit. The legal requirements are nowhere near this specific. It's only consultants that turn them into this nightmare of nonsense. I've worked in IT Compliance (SOX) for years. As long as you can describe why your password policy is good, it doesn't matter what it actually is. The problem is too many people don't invest the time to think a bit and simply take a so-called "best practice" and apply it. In way too many cases without reading to the end and realizing that this "best practice" was published in 1998 and may be a little outdated.

You scratch my tape, and I'll scratch yours.

Working...