Become a fan of Slashdot on Facebook


Forgot your password?

Comment: Re:Fairly easy way to protect data. (Score 1) 75

"It's certainly your problem when they fire you for not doing it."

Nobody is going to fire you for not doing something known not to be possible.

See... machines cause that effect. People get angry with people not doing as commanded -even if it is a silly command, but they won't take it personally if it is a machine the one saying "no". That means the CEO cannot have a four letter password, because it is not me disallowing it, but a policy in a machine stating that everybody will have an 8 letter password, and I can do nothing to change it.

Comment: Re:Training thats the ticket (Score 1) 75

"The credit industry got allowed to use it as an identifier"

That's good, since it *is* an identifier, a better one that the first name/surname combination since it offers less collisions. What it is not is an authenticity token.

The problem is not the industry using SSNs as an identification means, that should be OK, but that they are using them as passwords.

Since they are private companies, it really doesn't take "an act of congress" to change things but people voting with their wallets. Would you put your money on a bank that obviously has no security guards and with their vaults wide open to the public?

Comment: Re:Fairly easy way to protect data. (Score 1) 75

"In my experience, the dumbness of the policy is directly proportional to the difficulty in making anyone understand how dumb it is."

Well, that's not exactly what we were talking about. If a policy is "just" dumb, or insecure, it's probably not your role to change it but, at most, to share your opinions with whomever is nominally responsible for that.

Here we are talking about subverting the policies in order to be able to get your job done. No need to explain anything here, just follow the policies and let others see why no work is done. By subverting the policy, you are not only not allowing the problem to surface -so it won't get corrected, but offering yourself as a scapegoat when shit hits the fan: not the policy's fault, but yours, since you didn't follow it.

"It's also dumb to allow the CEO to have a non-expiring password that is the name of the company. But good luck telling the CEO he can't have it"

Well, it's a problem if the CEO already has such a password. If that's not the case, sorry, sir, I can't change your password's policy, neither technically nor by authority. Now, if you are technically able to change it and your supervisor commands it -ideally in written, why not doing it? It's not your problem.

Comment: Re:Training thats the ticket (Score 1) 75

"Something like a SSN should be sitting in a well secure table that only verifies if it's a match since no human should ever need to do a customer to SSN lookup"

And this, sir, shows where the problem lies: even basic understandment of what security is about.

Why the hell should be an IDENTIFICATOR be taken for a SECURITY TOKEN???

SSNs should be damn public because they are and should be nothing but a way for you to tell me who you are, just as it is your name. Do you imagine your name being secret? Well, an SSN is just a more cumbersome version of you name: it states who you say you are, just like your real name, but says nothing about why I should believe you are who you say you are, just like your real name.

Comment: Re:as much as big companies? (Score 1) 75

"by the miracle of crap middle-management ensure that those people only do as they're told and don't think for themselves."

Is not "crap middle-management" but "crap companies". In such companies, the moment middle-management start thinking for themselves, they are fired.

Comment: Re:Fairly easy way to protect data. (Score 1) 75

"Most current forms of Access control assume a greater and greater level of access with each level. That still creates accounts which can access everything."

Hey! we could put a name to that. I suggest, hummm... "discretionary access control". What about that?

"What is needed is an access level system that lets you install updates, maybe move files, but not read them. This way the system admin can't access your secure data period."

If only someone invented something we could call, say, "mandatory access controls"...

But then, let's imagine a world where you already could choose between implementing either "discretionary access controls" or "mandatory access controls", what do you think would be bussiness' choice?

Comment: Re:Fairly easy way to protect data. (Score 1) 75

"Not because they have nefarious use of them, but because they will need to get their job done, and the official secure way is too impractical."

And by finding and using workarounds you are just making the problem bigger since an undetected problem is a problem that won't get solved anytime.

If the policy in place is dumb, make it obviously so. This way it can be solved, if you don't do it, you are part of the problem.

Comment: Re:Age discrimination works? (Score 1) 333

by turbidostato (#49542845) Attached to: Median Age At Google Is 29, Says Age Discrimination Lawsuit

"You'd think that age discrimination would have hurt Google. They are losing out on all the potentially talented old people and all their experience. According to free market principles this should have put Google at a huge disadvantage in a highly competitive market."

And maybe that's showing in the way they build beta product/services right and left that they don't know what to do with and end up closing some few months later.

A "highly competitive market" is not so highly competitive when you can throw at it a ton of cash to burn.

Comment: Re:Why bother with young programmers? (Score 1) 333

by turbidostato (#49542703) Attached to: Median Age At Google Is 29, Says Age Discrimination Lawsuit

"Experienced senior dev at my company... perhaps 4-5x the "jr dev" salary. So even if 80% of the young devs turn out crappy, you're still ahead productivity wise."

That would be true if programing was purely effort-bound (which partly is) instead of knowledge/intellect-bound.

Say you own an Formula One team. Do you really think your odds to win the Pilots' Championship are the same if you have in your team one Lewis Hamilton or five Felipe Nasr?

Comment: Re:And when capped internet comes then people will (Score 1) 278

by turbidostato (#49537841) Attached to: German Court Rules Adblock Plus Is Legal

"Well, so you *do* think they have a moral obligation then."

No. I explicitly said they do *not* have any moral obligation.

And exactly because they don't have any 'a priori' kind of obligation, either moral or otherwise, but since I *want* them to forcefully cover any area they are granted a license to serve to, they *should* have a contractual obligation to do so, as any other utility should.

Comment: Re:And when capped internet comes then people will (Score 2) 278

by turbidostato (#49529777) Attached to: German Court Rules Adblock Plus Is Legal

"Does any company have some sort of a moral obligation to provide anyone with internet access?"

No, they don't.

That's why the should have a contractual obligation to be considered an utility and provide everyone with Internet access when granted license to serve a given area.

Comment: Re:Hasn't this been proven to be junk science? (Score 1) 313

""can thaw and somehow repair cellular damage" is secondary to "...also entire body missing"."

It makes sense. The premise of being able to recover the personality out of a frozen rotten brain is so ludicrous that if by a miracle that happened, producing a full new body out of DNA looks like child's game in comparation.

It also makes sense from the scammer's point of view: after all freezing a whole body in a convincing -even though unworking, way takes money so by lowering their running costs they open the scam to a larger target.

The amount of time between slipping on the peel and landing on the pavement is precisely 1 bananosecond.