Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment Re:regulatory aspects (Score 1) 91 91

You shouldn't trust the cloud providers. Even if the CSP and its employees are trustworthy, if they get a court order or double-secret-probation security letter, they have to turn the data over.

Whether that matters or not depends on what you are doing with the cloud though. If you are using cloud storage as a "big scalable drive in the sky", then you just need to encrypt the data on-premise where YOU control the encryption keys. Server(cloud)-side encryption helps with hackers, but not against three letter agencies.

Just using encryption to transport the data isn't enough. The data itself needs to be encrypted before it goes to the cloud. As long as you do that, you can take advantage of the cloud providers cost structure and save yourself some significant $$$ without risking your data.

Comment Re:Eliminate all tax withholding (Score 1) 413 413

Your math is ridiculous.

The math isn't really the point. The point is that people seem to think all those government benefits, programs, etc. are free.

Today in the US, you never really "see" the taxes directly. Most people just look at their take-home pay, not their gross pay. If you got rid of all those out-of-sight, out-of-mind deductions from people's paychecks and made them write a check to the IRS each month, they would be WAY more aware of the cost of government.

Presumably that would make them significantly less likely to vote for politicians promising them more "free" stuff, because that monthly check to the IRS keeps the cost in their face.

Comment Re:At the same time (Score 2) 323 323

IBM did not one but several REALLY fucking stupid things, 1.- When Intel refused to license the 386 for second sourcing IBM refused to buy it, instead sticking with the 286 (which they made) damned near until the Pentium was released.

Interesting version of history you have there... The 386 went into full production in mid-1986. IBM released their first 386-based computer in 1987 (PS/2 Model 80). The Pentium came out in 1993.

Comment Re:Is this shocking? (Score 1) 63 63

All the major testing houses check for false positives alongside detections, but perhaps they decided more false positives would still look better on benchmarks than a lower detection rate.

It's not that they don't claim to test for false positives... It's that their FP testing tends to be... rudimentary.

To be fair, I haven't worked with these specific test houses. I have, however, worked closely with some very well-known and trusted test labs. Perception and reality don't line up very well

Comment Re:Is this shocking? (Score 3, Informative) 63 63

I am not shocked, but I am confused. Why would they give bad software to their customers, but give good software to the testers? The marginal cost of software is zero. So, if they have good software, why don't they give it to their customers? Can someone please explain how any of this makes sense?

It's really easy to "detect" everything so you get a high detection rate. It's really hard to do so without a ton of false positives.

Very few of the tests out there check for false positives, so it is easy to game the results. You could never ship the product to customers that way because you'd drown in support calls from customers complaining about programs not work, broken websites, etc.

Comment Re:How about basic security? (Score 1) 390 390

Bullshit. Just use a firewall the proper way and stop using crap.
If your machines are that vulnerable you are already screwed. Hiding behind NAT and thinking you are safe is a joke.

Wait, you think firewalls provide security?

Even if your network is one of the rare ones that doesn't just allow any internally initiated traffic out, you'll at least have ports open for web access, email, ftp, dns, etc. Guess where the vast majority of the attacks come from? Web, email, etc. The exact ports you already have open on your firewall.

Attackers aren't stupid. They go where the opportunities are.

Traditional firewalls (stateful, L3/L4) are mostly about access control. They don't protect your vulnerable machines other than reducing the ports they can be attacked on.

Comment Re:Eqaul Protection (Score 1) 760 760

Right, equal protection. For example, 2 people who make wildly different sums of money every day both get pulled over for speeding by the same amount, and both of them have to pay what it takes them say 3 days to earn. That way the richer guy doesn't laugh it off while the poorer guy gets evicted. Equal protection.

I've got no problem with that as long as we also apply it to taxes. Drop all deductions and charge everyone the same percentage of their income for taxes. Equal taxation.

Comment Re:Hardware ICE - JTAG (Score 2) 215 215

JTAG debuggers are a major problem when you really need to protect your IP. It's enough of a hole that I got NetLogic to add an e-fuse to their XLP network processors (+ later generations) that could disable EJTAG.

Blow the e-fuse during ICT on production hardware and you can cut down on RE capabilities a fair bit.

Doesn't really help for general purpose computers, but a very nice for hardening embedded systems.

Comment Re:does not sound like closure to me (Score 3, Funny) 115 115

One of the more memorable quotes I heard while developing embedded systems: if you can fix it in software, it isn't a hardware bug

Annoying as hell to the software team when it is clearly a bug in the hardware, but very true at a practical level for the engineering team trying to get product out the door.

Comment Smithsonian Museum of Natural History (Score 2) 131 131

One of the coolest things I ever got to do during my stint at HP was dinner and drinks at the Smithsonian Museum of Natural History as a private event. Various buffets and bars scattered around the museum. Had no idea you could rent the Smithsonian like that.

Martini bar at the Hope Diamond? How freakin' cool is that?!

Comment GPL vaccine (Score 1) 328 328

Good point. Corporations would be free to start incorporating more open-source code into their products since GPL code would start going into public domain. I mean, why should software developers be allowed to rent-seek with their creations? It belongs to the public!

Comment Re:Hitting 36 years old (Score 1) 552 552

I bet if you take a look outside of social media, phone apps and web startups, you'll find the situation is a lot different. Granted, that excludes a lot of the hot companies that everyone hears about constantly...

My company is an early-stage high-tech startup in Austin and the only developer on my team under 40 is our front-end guy. It's not older because we are using ancient technology either... High-speed network processing in C, control plane and management code in Python, and a modern web-based management interface (HTML5, CSS, JavaScript, etc.)

Could just be a quirk, but it was similar in the last company I was in (network security product company). I suspect it is because it is embedded systems development, but maybe it is because the types of products we were/are building. Inline network appliances where you performance is critical and you can't bring the network down.

Comment Re:Yeah right (Score 2) 308 308

Kind of hard to pause something the said they wanted to do. Which means they didn't even start it. Maybe notes on the back of a napkin. But that would be giving them to much credit.

Really? The 900 Mbps+ up and down I enjoy at my house from AT&T Gigapower is imaginary?

AT&T pausing their gigabit rollout when the President announces that he wants to make broadband a utility is completely reasonable. They have no idea what is going to happen, so it is hard to justify continuing to spend $$$ with the network upgrades.

Now, that's COMPLETELY different than not rate-shaping different types of traffic or trying to double-dip by charging both the sender and the receiver for traffic. Pretty much all of the ISPs are being butt-nuggets on that one.

I have the simplest tastes. I am always satisfied with the best. -- Oscar Wilde

Working...