Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×

Comment Car (Insurance) Analogy! (Score 1) 113

In the US all or most states require you to have liability insurance to pay for any injuries or death, required just like the ACA mandates/requires you to buy health insurance.

Guess what, some people don't. Or they just pay the initial premium to show coverage and then let the policy lapse.

So some states also mandate that you have additional coverage in case the other guy is un-insured or under-insured (i.e. not enough to cover your co-pay).

These APP companies are the un-insured guys. They could be responsible and provide benefits typical of the jobs they provide, but instead they want it to be somebody else's problem.

Did anyone notice that they didn't actually propose anything beyond 1) we shouldn't have to pay and 2) stop suing us.

Comment Not all data is useful (Score 1) 142

The new glorious world of big data and data analytics has one small problem. Just because you have a ton of data doesn't mean that there is any useful information in it. Really, what are companies going to be able to glean from such a database? That some peoples heart rate goes up when they drive? Which means what?

Insurance companies are the original big data users. Actuarial science is all based on the premise that it is possible to predict the likely outcome for an individual through the statistical analysis of the larger group. They have been doing this quite successfully/profitably since the 1700's. There is a definite point of diminishing return between increased revenue by identifying higher risk individuals and the costs associated with implementing those programs. If it costs $1 million to implement you would need to identify 10,000 people and charge them an extra $100 just to break even. If they can find a competitor whose rate is less than that $100 increase and leave then you start losing money, and not just the $100 but the original premium as well.

A lot of people are under the misconception that all they need to do is gather data and they will then be able to sell it. But the data has to be useful and I just don't see it in this case.

Submission + - What is keeping you out of IT Security?

xanthos writes: Demand for cybersecurity professionals over the past five years grew 3.5 times faster than demand for other IT jobs and about 12 times faster than for all other jobs, according to a March 2014 report by Burning Glass Technologies.

The types of jobs in the field are numerous and range from entry level analysts who monitor intrusion detection systems, security engineers and architects who design and build out various security technologies, risk and compliance analysts, pen testers, malware reversal analysts and IT Security management.

With all these jobs paying above average and many over $100K, what is keeping you from taking your admin, networking, developer experience and moving to information security?

Comment And the point of the study is what? (Score 1) 159

Single factor authentication (ie password) is a people problem. If access to a site is granted by matching an identifier with one other piece of information, then it is the risk created by the compromise of those credentials that should govern how "strong" those credentials need to be.

Financial information? Strong. Personal Health information? Strong. Email? Depends on how interesting you are. Hardware store loyalty points? Meh.

The more important point from the article is this:
"In fact, research from Microsoft/University of California at Berkeley/University of British Columbia (paper titled Does My Password Go Up to Eleven? The Impact of Password Meters on Password Selection) found that indeed, password gauges do encourage users to concoct stronger passwords."

Warn/shame people that their passwords suck and they are likely to do better.

(And interestingly enough, mathematically a site that insists on an 8 character password with at least one each of upper/lower case letters, numbers and special characters produces less secure passwords than a site that insists on 8 characters that can be any of those.)

Comment And if you haven't read Simak (Score 4, Informative) 104

If you are unfamiliar with the work of Clifford Simak I strongly suggest that you give him a try. What I have always loved is that there is so much that is just unknown going on in his stories. No great hero's, no great battles, just a lot of "what the hell is going on here?"

His last book "Highway of Eternity" is great and "Ring around the Sun" has always been a favorite as well. Most of his stuff is a short quick read abd us easily found in your favorite used book store (you do have one I hope).

At a minimum read the novel synopsis over at Wikipedia to get a glimpse of a very interesting author.

Comment A number of free options at Turnkey Linux (Score 1) 343

A great resource for situations like this is Turnkey Linux (http://www.turnkeylinux.org). They host a wide variety of fully built server images that make it easy to try out a number of systems to see what best fits your need. You can download and fire up well known CMS like Drupal or plone and see if they fit the need or not. Then if there is something they like they can load the iso on a bare metal box and go.

Comment On the Internet, no one knows that you are a dog (Score 1) 62

Really people? Your lives are so fascinating that you need to keep the details away from the digital paparazzi? Mine sure isn't.

Here is my take on what is going on here. First, the government doesn't care. Have you heard about the huge number of people arrested for having pictures on Facebook showing drug use? No? Well that is because it's not a threat to the greater good and not worth the time and effort to prosecute. Not even a cursory email saying to clean up your act or we will send you a more strongly worded email. Many of us may have dissident thoughts but we don't do dissident acts and are mostly harmless. So that leaves the Big Business boogie man with a financial motive. In the beginning there was the trifecta of terror, the credit rating agencies. They, with their magical patented Fair Issac scoring formula, have claimed for years that those numbers offer a glimpse into a persons soul. And they basically market it as such even when the intended use is based more on correlation than causation. As evidence I present the recent use of credit scores by insurance companies. My credit score has never been affected by my driving history, so why should my car insurance rates be based on my credit score? In my case I was given the option of allowing it or not. Allowing it could have saved me as much as 3%!, or cost me more, in any case the amount did not benefit me enough to make it worth my while. Same with the followup offer to install their OBD digital spy.

There are a bunch of people who think they can make a fortune collecting other peoples data. Reality is that most of that data is mundane garbage that has very little value to it. Much like the millions and millions of credit card numbers that have been compromised. Collecting the information is easy, monetizing it is hard.

Comment Have we come full circle? (Score 1) 71

I can't shake the feeling that I've seen this movie before, I think it was called "statically linked executables" where all the code needed to run the application resided in one place. Then as the executables got more complex they got much larger, consumed more resources, and large parts of each executable was redundant with each other. Hence static executables were superceded by "dynamically linked executables" which pulled out the redundancies into general purpose libraries that existed in only one place which led to dll version hell. So now we have containers which allows an application to be bundled up with just the code it needs to execute.

And yes, containers have more capabilities than simply isolating the code. However I would argue that code isolation is the primary use of containers.

I have a prediction, that by the end of 2015 we will see one of the container vendors offer a version that allows for "code sharing" between a master image and the individual containers in order to cut down on redundancy. Full Circle++.

SCCS, the source motel! Programs check in and never check out! -- Ken Thompson