Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment Re:Just a self promoting blogger (Score 1) 205

What gave it away? The linked "rsmiller510" or the credit at the end that said

— Ron Miller is a freelance technology journalist, blogger, FierceContentManagement editor, and contributing editor at EContent magazine.

OK, he looks like Borat. The article may not have a whole lot, but it's not that bad, and it's disclosed that it's someone's opinion. Slashdot does far worse on a regular basis.

Comment Re:Definitely interesting.... (Score 1) 220

Yes and no.

With custom code that audit, should you bother, needs to happen once and then perhaps again when changes are made.

An open CMS is likely a moving target. Depending on the code quality and the familiarity of the audit team, an audit probably is easier, but how long is that audit really good for? What do you do when you KNOW you are running an insecure version as a hole has been found, but are not in a position to upgrade and re-audit the entire CMS? Do you get paid to keep the software updated to the latest version at all times?

It sounds very much to be like HBGary was a target who didn't feel the need to secure their own systems as well as they could have. I don't think an open or closed CMS matters that much compared to their perceived business priorities. How many open CMS products make the same mistakes of using a fast hash function like MD5? Without a salt or multiple iterations?

These problems are common. It takes more resources to fix them. Is it worth it? For them I can easily see them laughing all the way to the bank had one clueless individual not provoked Anonymous. They fired the vendor, that's probably the fix they intend on as far as their CMS goes. After all, if your admin is going to give out the passwords based on an email, does how you store it protect you?

For them the ROI of STFU was greater than fixing every best practice ignored. But they screwed that up too. I'm sure they could have screwed it up with an open CMS as well.

Comment Re:A "problem?" (Score 1) 428

Perhaps biased to the point of blindness in this case.

Expensive "official" phones drives a black market. One so prolific that killers can still make calls. Except it's a matter of economics, not law. Prison officials can't monitor or restrict those calls as effectively.

Cable TV is probably economics as well. TV is cheaper than more guards. Better paid guards that are less likely to sell a cell phone to an inmate are way more expensive than TVs. But who WANTS to be a prison guard?

I won't pretend to have any easy answers to solve prison problems. I don't want to dismiss your pain either, I'd be biased too if so directly affected. Nonetheless in this case (phones) I think the prison system isn't working in societies best interest and it is fixable.

Comment Re:A better solution ... (Score 1) 428

Beyond that, simply get a scanner that detects the frequencies used by cell phones, install a few of them around the prison, and when they go off if the system is properly designed it could tell a guard immediately and tell them approximately where the phone is in the jail.

I was going to argue against this, then I realized how genius it is.

The "problem" is that the guards are the ones selling the prisoners the cell phones. Alerting them wouldn't do any good... or...

Since the corrections officers like the cell phones business, the inmates utilize it (and probably hate the prices they pay, but the demand is there), and only the politicians "care". The solution is just that simple.

Sell the state/prisons a cell phone locator device (doesn't need to work, just look fancy and have proprietary/secret documentation). Politicians get to "do something". Guards get to quickly locate and resell contraband phones. Rich get richer. And if the prisoners get all uppity about human rights? Threat level red!!! Our device says someone is being bad in prison, lockdown!

And before you question my business plan, ask yourself, are you licensed by your state to provide an engineering-level quality assessment?

Comment Re:Not really (Score 1) 111

you haven't seen this yet is because most malware is directed at turning a machine into a zombie

I admit to not reading the article, but this is my concern here. Is mobile malware the same definition?

I have an android phone. Permissions are such I can tell if an app wants "unneeded" permissions in some cases. An (offline, single player) game that needs no permissions, or maybe wants to have "disk access" (save a little game state) sounds safe.

On the other hand, certain apps (gmail, you name it) need lots of permissions for "legitimate" purposes. The problem is, just because an app might have good use for camera or GPS permissions, doesn't mean I can trust it to only read/store/send those values as I expect.

I'm concerned about all the "free" apps that may collect information. I don't (yet anyway) have a good way to know whether they are behaving or not. I just have to trust that they do. And certain things, like my phone number, I can't necessarily just put in fake data for.

There are lots of reports (many exaggerated) that talk about this already happening. I'm not sure to what extent, but I wouldn't doubt I've been "victimized" and just don't know it. If 2011 is the year I find out the hard way, I'm can't say it will be all that surprising.

But yeah, I don't see "regular" (desktop) malware getting substantially worse on mobile in a short time frame.

I'm not sure there's an easy fix for this either. Java applets allowed much more fine grained permissions, and it sucked ("Yes to all"). I think android is better, but I still want a way to override and (to the extent I trust the OS) have the OS enforce it.

Comment Re:Well then, CHANGE the law. (Score 1) 515

In my state (Maryland) the law is already correct (but could be better I suppose). The problem is a (county) prosecutor can still try to bring charges, even if they won't stick, as happened with the motorcycle rider.

The "no-tax freaks" may not have accomplished much. I think it's too early to judge. But paying taxes is something everyone would like to avoid, but only the very rich are able to do.

Can we even boil this down to "no-tax freak" or "police accountability party" or something that sounds better than "anti-cop freaks"?

I don't want to pay taxes is simple. Recording the police is a little more nuanced.

Comment Re:High school math versus college math (Score 1) 266

Maybe I'm doing it wrong, but I didn't search, I just filtered. The #2 advanced result for slashdot is the robots.txt file.,rls:2&sa=X&ei=n98KTZWWFMKC8gbr_omfAQ&ved=0CIABEIoKKAI&fp=9bef8cda26d1a6ec

It does seem like $20 words do well, but "collision" comes up a lot in slashdot discussions (hashing and such), probably less so (or in the car crash sense) for celebrity watcher sites. Advanced is rather subjective.

Comment Re:Success (Score 1) 349

I wish I could say I think you are wrong. Best I can do is hope you are wrong.

The expense and risk are tricky. One things bombs have going for them is a track record. They may not always achieve your goals, but you have more history to look at.

The history here isn't good. As a software developer, I wish people wouldn't "do that" as it's a PITA to code against. People will do that, and it helps to keep me employed.

Long term, will black hats consistently win over white hats, even with things like nuclear energy? So much so that bombs become ineffective?

As an american, software developer or not, I'm not sure that's in my long term interests.

Slashdot Top Deals

Time to take stock. Go home with some office supplies.