Hacksaw - Slashdot User

Comment Re:Yay process (Score 1) 200

by Hacksaw on Saturday November 27, 2010 @01:49PM (#34358644) Attached to: What Software Specification Tools Do You Use?

Process isn't a substitute for thinking, process is a substitute for forgetting. A well designed process is simply the thing you'd do if you could keep every *actually* important detail in your head at all times.

You should certainly file bugs against a process (in the same way you would against any work product) if you perceive that a step or steps is useless or wrong.

You *are* following a process, it's just ad hoc, and maybe made up on the spot. Formalizing that process is a way to make it repeatable, and debuggable.

That said, and to reiterate, you must fight against the bad process. Bad process isn't clear. It's a bad program. Debug it.

Comment Re:not dumb (Score 1) 169

by Hacksaw on Thursday September 30, 2010 @07:55AM (#33745454) Attached to: Map Based Passwords

So, thinking like a would be cracker, the list of basic places to try first:

Persons front door.
One of their windows.
A bank near their house.
Their car, if visible.

Etc. Given the usual kind of passwords people choose for themselves, I expect this will be similar.

Of course, this assumes the cracker can figure out the person's address, but we know how easy that can be.

I have been teaching people to use a complicated random password, but to go ahead and write it down. Then the basic security problem is getting them to control that piece of paper (keep it in your wallet, please), and makes over-the-net cracking much harder. Most of my users never had a problem with this.

Comment Re:not dumb (Score 1) 169

by Hacksaw on Wednesday September 29, 2010 @04:38PM (#33739692) Attached to: Map Based Passwords

People are dumb. Millions of people would select something like the entrance for Fort Knox, or Norad, or a local bank. You have a training problem just as large as the one you have now.

Comment Re:20 second explanation (Score 1) 612

by Hacksaw on Tuesday March 03, 2009 @07:43PM (#27058261) Attached to: Null References, the Billion Dollar Mistake

It's a bit like getting a certificate that you have no apples. The certificate accomplishes nothing except to fill a space that does not need to be filled.

Except that the space is never not filled. 0 is a valid address. The certificate means we haven't figure out how many apples you have yet.

Comment Understand the fear, and then address the concern. (Score 3, Insightful) 674

by Hacksaw on Wednesday February 11, 2009 @01:26AM (#26808535) Attached to: How To Argue That Open Source Software Is Secure?

1. Do not belittle or otherwise blow off the customer's fear. In fact, hear it, and agree that it's something to think about.

Them: "I'm worried about this Linux stuff. A guy was telling me that anyone could see the code, and just know how to hack it!"

You: "I can understand how that could be a concern. It is a little like having a map of the valuables in your house taped to your front door."

2. Explain why openness is helpful

Them: "Yeah, so what should we do?"

You: "To be honest, sir, the reason why we like that anyone can see the code is because that means anyone can fix those problems. And lots of people do, for the very same reason you are worried about it. They need something that's secure, and isn't going to surprise them."

3. Mention that serious people have a big stake in making this work.

You: "I should mention that a few companies have bet a lot of money on open source, and wouldn't be happy to see it easily broken. IBM, Novell, and Oracle, to name a few, have very large investments in Linux, and have donated many patches to make sure the code is secure. And for that matter, so has the NSA. They have actually extended the security quite a bit, with their Security Enhanced Linux."

4. Reassure them that people are thinking hard about this.

Them: "Yeah, but if anyone can see it..."

You: "...then you have to be extra careful. See, the strategy that Open Source follows, and everyone should, is to assume that everyone *can* see the code, so you better design it so that the real keys to the kingdom aren't in the code at all. You make sure the keys are completely in the hands of the owners of the system, so it doesn't matter if you can see how the lock works, you still don't have the keys."

5. Point out the obvious.

Them: "But what happens if someone tries to slip something in, and is really good at it?"

You: "Once in a while, someone tries. But when a thousand people might look at the files you are trying to sneak in, someone's going to notice. And then a hundred thousand geeks will make fun of you. In public, all over the internet."

Submission + - Daylight Savings Time Increased Energy Consumption

Submitted by Anonymous Coward on Friday April 20, 2007 @10:50AM

An anonymous reader writes: An article in the Toronto Globe and Mail (here) reports that the change to extend Daylight Savings Time in an effort to save energy backfired. It seems that electrical usage (as reported here earlier) didn't significantly change, but what is new is that fuel usage for cars and trucks increased more than seasonally adjusted figures would allow.

Submission + - Microsoft and Samsung sign Linux patent deal

Submitted by AceJohnny on Friday April 20, 2007 @10:43AM

AceJohnny writes: Microsoft continues with its patent FUD tactic it used with Novell, now striking a deal with Korean giant Samsung. Since the Novell affair, Microsoft had also inked a deal with Fuji-Xerox. Microsoft still hasn't explicited which patents Linux is violating.

Submission + - Human blood may contain a cure for AIDS

Submitted by

Lisandro

on Friday April 20, 2007 @10:39AM

Lisandro writes: "German scientists at the University of Ulm have identified a natural ingredient of human blood that prevents the HIV-1 virus from from infecting immune cells and multiplying. The molecule, which they call virus-inhibitory peptide (VIRIP), promises new types of effective treatment for HIV in the future."

Submission + - Linux sponsered Indy 500 car campaign

Submitted by fedaykin42 on Friday April 20, 2007 @10:07AM

fedaykin42 writes: The Tux500 program was created with a simple goal: "to collect community donations to enter a Linux sponsored car in the 2007 Indianapolis 500." For those that don't know, the Indy 500 is one of the world's most viewed sporting events. With approximately 350,000 spectators at the Speedway, over 5.5 million in the U.S., and an estimated 344 million international viewers, this is a great opportunity to get the Linux name out there. The team is actively working to raise enough money to have "Primary Sponsership", which means not only a large logo on the side of the car but also "Team Linux" in the race team name. Donations can only be accepted through May 21, 2007, so fire up your paypall accounts and let's see a very big Tux going 200mph!

Submission + - Head of Vista, Jim Allchin: "I would buy a Mac

Submitted by moonbirds on Monday December 11, 2006 @08:00PM

moonbirds writes: ComputerWorld is reporting that Windows Vista Chief, Jim Allchin, co-president of Microsoft's Platforms and Services division wrote in a 2004 e-mail to Bill Gates and Steve Ballmer that "he would buy a Mac if he wasn't working for Microsoft." The e-mail was presented as evidence late last week in the Iowa antitrust trial, Comes v. Microsoft Corp. As in past antitrust trials against Microsoft, much of the evidence came in the form of e-mails from Allchin and other Microsoft executives. Ironically, Allchin himself is quoted in two internal memos directing employees to get rid of all e-mails after 30 days. "This is not something you get to decide," he wrote on Jan. 23, 2000. "This is company policy. Do not think this is something that only applies to a few people. Do not think it will be okay if I do this, it hasn't caused any problems so far. Do not archive your mail. Do not be foolish. 30 days." Iowa's counsel also presented evidence designed to show that an ostensibly charitable program from Microsoft for developing countries and schools was actually designed to ensure that Windows remained preinstalled on PCs to discourage competition from the open-source Linux operating system. The so-called Education Government Incentive (or EDGI) program, appears "to be based on Microsoft generosity, but in fact the program is intended only for use where Linux is a threat," according to Roxanne Conlin, co-counsel for Iowa.

Submission + - Invention: Light Razor!

Submitted by Anonymous Coward on Monday December 11, 2006 @07:48PM

An anonymous reader writes: NewScientist reports ( http://www.newscientisttech.com/article.ns?id=dn10 772&feedId=online-news_rss20 ) that Philips is patenting a device that uses light to painlessly remove hair follicles, doing away with shaving for weeks at a time. The full patent application can be viewed here: http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=P TO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2F srchnum.html&r=1&f=G&l=50&s1=%2220060247740%22.PGN R.&OS=DN/20060247740&RS=DN/20060247740

Submission + - Cobol compilers for today's computers

Submitted by innocent_white_lamb on Monday December 11, 2006 @07:45PM

innocent_white_lamb writes: The recent discussions of COBOL have piqued my interest in playing around with and learning COBOL. I have found some COBOL compilers but very little discussion about them. Does anyone have an opinion on the best COBOL compilers to use, books to learn from, online resources, freely available subroutines and the like?

Slashdot Top Deals