Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment: Re:Personally, I don't think he was talking to Goo (Score 1) 333

by tlambert (#49547447) Attached to: Median Age At Google Is 29, Says Age Discrimination Lawsuit

I would be pretty shocked if you are even remotely on the right track.

I did over 50 interviews of technical candidates while at Google, and 6 of them were phone screens.

One of them tried this on me, so it definitely happens. Two of them tried the "look things up on the Internet to answer the question" trick.

Personally, I would have had him drive the hour and a half from Boynton Beach to the Miami MarCom office, and interview from there. I don't recruit directly since my pre-Google/pre-Apple/Pre-IBM days, but if you are acting as a recruiter, one of the best gauges of a candidates personality is the front desk person's opinion of them. I can't see a recruiter passing on that information.

Shields should have gone up from the they-contact-you-because-you're-desirable-then-they-phone-screen moment. If they want you, they'll call you in, and if they *really* want you, they'll fly you to Mountain View to get a full team on your interview.

PS: I was 5 minutes late to exactly one of them because the bike I was riding to the building broke down. It would be interesting to hear an explanation of why the recruiter was not on the line with the person at the appointed time, and telling them of the schedule change and asking if it was OK with the candidate. For the on-site I was late for, the last interviewer stayed with the candidate until I got there. At a full 10 minutes of no-show I would have been substituted.

Comment: Re:root = same process (Score 4, Informative) 128

Gatekeeper also isn't "all MacOS X security". There's separate malware detection, and in order to do much of anything the user has to enter their computer account password.

It's a minor part of OS X security, mostly designed to keep casual users from installing stuff outside the apple store.


There's also Mandatory Access Controls (MAC Framework) in the kernel itself, and there's BSM secure auditing in the kernel itself, and there's discretionary access controls, such as standard UNIX permissions, and there's POSIX.1e draft (it was never ratified as a standard) ACLs, and then there's whatever malware detection or antivirus protection you've jammed into the kernel as a MAC module via a KEXT, and in the absence of any access controls whatsoever, it's default deny, and then there's code signing, and encrypted pages within executables.

They didn't bypass any of that, and they wouldn't really be able to, even if they were root, because you can't get the Mac port for the kernel virtual address space without jumping through a massive number of hoops (which is why jailbreaking phones is non-trivial, and everyone uses script kiddy tools to do it, instead of jailbreaking from scratch).

And yeah, it's pretty stupid that Gatekeeper or anything else would be running as root and thus be exploitable with the escalated privilege available at install time, since it'd be pretty easy to just have it run as a role-based account, and have the kernel's cooperation, after cryptographic verification of the developer keys at the kernel level. But that doesn't let you bypass "All OS X Security": getting root doesn't really get you nearly 1/10th of the security bypassed (less, if you've installed third party anti-malware KEXTs that refuse to be unloaded except in single user mode during boot as part of an uninstall script, and are therefore always active).

They clearly do not understand the concept of "security in depth".

Comment: Personally, I don't think he was talking to Google (Score 5, Interesting) 333

by tlambert (#49542231) Attached to: Median Age At Google Is 29, Says Age Discrimination Lawsuit

Personally, I don't think he was talking to Google; at least not directly.

He got called by a recruiter, supposedly for Google, who set up a phone interview Looking for C/C++ and Java. Fine. There's an outside chance of Java, either as an Android App developer, or for some server back end crap at a company they purchased. It's unlikely, but it's possible (in 2011, they hired people to work at Google, and then groups decided to offer them, and then you got a choice of usually one of 3 groups... you didn't know what you'd be working on at interview time, and there was no such thing as "hiring for position" unless you were net.famous).

Then he didn't get sent a Google Docs link by the interviewer. You are *always* sent a Google Docs link by the interviewer, unless you are in a city/area where Google has a facility, then you are instead brought in to use the video conferencing at the Google location.

Then he got an interviewer who barely spoke English, and wouldn't take him off speakerphone. That never happens at Google.

The interviewer was 10 minutes late to the call.

Frankly, sir, IMHO, you got played.

You just got man-in-the-middled by an Indian or other foreign person who wanted a job at Google, and got you to ghost his or her phone interview for them, with the help of a "recruiter"/"interviewer" who had you on lousy speakerphone so that they could relay your answers directly via a cell phone to the person Google was actually talking to.

Yes, this happens.

No, savvy technical people generally don't fall for it, because they get an email from Google telling you the schedule, there's a Google Doc URL sent out with an address, and if you look at the email headers in the email of the schedule, you'll see that they are probably forged, assuming you got one at all.

Congratulations on being played, Mr. Robert Heath.

Comment: Re:It's hard to credit the behavioural science cla (Score 1) 195

by tlambert (#49541255) Attached to: House Bill Slashes Research Critical To Cybersecurity

Which is probably why it's a good idea for the Feds to fund it instead.

Because if the feds fund it, and the research gets actual results we don't already know, Microsoft is going to run out and implement it and make the next version of Windows the same headache for themselves that XP has been turning out to be?

What does it matter *who* funds it, if no one implements anything based on the results (if any) of said research?

Scratch that... I guess it matters to currently unemployed behavioural scientists, although they are likely more concerned*that* it's funded, rather than *who* is funding it...

Comment: Have to wonder if this has something to do with... (Score 1) 362

by tlambert (#49539969) Attached to: iTunes Stops Working For Windows XP Users

Have to wonder if this has something to do with the interposing https phased rollout by Comcast for their CloudFlare based CDN that they use for web acceleration to reduce their peering overhead. It was preventing me from getting to e.g. LinkedIn and for a couple of days, until they had the kinks worked out. I'm told that I was in one of the "early rollout areas".

Obviously, no one complaining about this gives ISP or other useful diagnostic information in their postings, so it's impossible to give them a good technical answer for their problems, since the problem statements are all lacking in technical information.

This may help; I'd suggest a rename, rather than a delete on the cache stuff, though - in case that's not it:

Comment: Re:It's hard to credit the behavioural science cla (Score 1) 195

by tlambert (#49534425) Attached to: House Bill Slashes Research Critical To Cybersecurity

So let's say Microsoft had some idea to reduce Social Engineering. How will they figure out whether it's Security Theater without trying it out on people?

How is that not behavioral science?

I'm pretty sure Microsoft can fund this research, if they even actually want to fund it. Probably they don't: they learned their lesson, when people were satisfied with XP, and really didn't want to buy newer operating systems: "Good enough is the enemy of repeat sales".

Comment: Re:RTFA (Score 5, Interesting) 182

by tlambert (#49533249) Attached to: Chinese Scientists Claim To Have Genetically Modified Human Embryos

2. Not only did the splicing technique not work very often (28 / 86 embryos), but it also created lots of off-target mutations in other parts of the DNA. Both of these results were not expected.

Wrong. They only tested 54 of the embryo's afterward. 28/54 is a 51.8% success rate.

The off-target mutations in the remaining 26 embryos was not only expected, it was predicted about 16 years ago, when we first started experimenting with retroviral splicing vectors.

Comment: Re:Cautionary Tale? (Score 1) 182

by tlambert (#49533225) Attached to: Chinese Scientists Claim To Have Genetically Modified Human Embryos

we can't get people to immunize their kids.... good luck!!

I don't think most of us really care about people stupid enough to remove their progeny from the gene pool so that they don't pass on the "stupid gene" to future generations. Maybe you care about these people, but I pretty much think that the fact they have medical power of attorney for their children until the age of majority is a great negative feedback mechanism.

Comment: Re:Cautionary Tale? (Score 3, Interesting) 182

by tlambert (#49533209) Attached to: Chinese Scientists Claim To Have Genetically Modified Human Embryos

Why is this a cautionary tale? What horrific outcome did they have that we are supposed to learn from?

They were "horribly" able to cure B-thalassemia in 51.8% of the embryos.

We should "learn not to do this type of thing" from the post-testing not having a 100% success rate.

You know, instead of just not implanting the other 48.2% of embryos that were not successfully modified to not have the disease.

Not that they planned on implanting them anyway.

PS: I know in vitro clinic which would be screaming the "Happy, happy, Joy, joy!" song at the top of their lungs for a 51.8% pre-screening success rate on just not implanting embryos that carried the gene for Huntington's or Downs Syndrome, let alone *fixing* the damn thing.

Comment: It's hard to credit the behavioural science claim. (Score 5, Insightful) 195

by tlambert (#49533139) Attached to: House Bill Slashes Research Critical To Cybersecurity

It's hard to credit the behavioural science claim.

Since we already know how to social engineer our way into secure areas, secure building (including nuclear and military facilities), and to get people to give their passwords or reset someone else's password, and even get the police to respond with deadly force to a perceived threat by an otherwise innocent third party (e.g. SWATting), and get them to click on crap they shouldn't click on in emails, and get them to insteall "media player updates" that aren't, anti-mallware that's actually malware, and so on...

How is additional funding for behavioural science in this area going to make us any more secure by making us even more aware of the exploits we already know, such as those being used by Mitnick prior to 1995 to get into the phone company?

We already understand the human behaviour which allows these attacks to work -- and so does Microsoft, and they're not really spending any effort fixing their software over this knowledge.

So how *exactly* will additional spending in this area impact cybersecurity again? Will it make anyone less likely to believe someone pretending to be from the IT department? Will it make someone less likely to let you on the premises when you pretend you want to talk to the property manager "or someone else in charge" about purchasing land adjacent to an otherwise secure facility?

I kind of don't think so.

But... BOOGA! BOOGA! Cybersecurity! Cyberwarfare! Fund us, fund us!

All syllogisms have three parts, therefore this is not a syllogism.