Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Re:Provide your phone number for extra security? (Score 4, Interesting) 150

Having password reset happen with a text to your phone is more secure than the typical security questions that websites and (worse) CSRs ask. The text message is intended to help prevent what happened to Mat Honan, where his google account, twitter, and Apple ID were hacked, and his MacBook and phone erased remotely. This happened because a hacker was able to convince help desk folks he was the legitimate owner of the accounts, using info scraped from different places.

Cell phone numbers aren't as good as hardware or software-based authenticators for applications that require more security. It's part of a continuum, where the more security is needed, the more of a hassle it can be to get in.

Comment Re:Better vs. Perfect (Score 2) 150

Not many organizations are required to follow NIST security standards. Those that do are in a better situation than most to switch to physical tokens or to software-based tokens of one sort or another. Note that "5.1.3.2. Out of Band Verifiers" does not deprecate sending a notification to a smartphone app that can then authenticate the user and provide a secondary authenticator.

Comment Re:What's wrong with using COBOL? (Score 1) 217

Well...

The software ends up extremely rigid and hard to change. Changing the length of a field from 9 to 10 characters can cost hundreds of thousands of dollars of development time, as you update VSAM or ISAM files and copybooks across a zillion different places. Hopefully you have enough padding everywhere if you want to add something to a request.

It has all sorts of annoying legacy limitations. CICS transactions are limited to 4 character names. Was it S320 I was supposed to call or H614? Did anyone bother to update the software to support lowercase, let alone UTF-8? (it's possible, yes, but rarely done.)

The dev environment has huge limitations in the way you work. With modern stacks, you can spawn, wipe and respawn the entire stack on your laptop. You can't spin up a clean z/OS on your development machine to run tests. You can't download a VM to do some playing and learning. (Hercules tries, but....)

The hardware is expensive, since you're usually using some sort of mainframe or another. We commonly run into fights at our company about whether we can enable some sort of functionality because the cost of executing it on the mainframe at peak hours will be so expensive in MIPS and thus dollars, and there's no convenient way to move that processing onto a lower cost platform. I can't use that source code on an elastic cloud provider, I can't easily migrate or replicate that data, etc.

The hardware usually works, but when it goes down it goes down hard. We recently had an instance where a component that was redundant and hot swappable was swapped, and it caused some electrical fault which brought down the entire mainframe, corrupting the disk. It was completely down and not processing transactions for 12 hours and was having data inconsistency issues on lesser priority transactions for a week. But it's been at least two or three years since the last time some large-scale problem like that happened. (IBM said it shouldn't have been possible. Twice.)

If you have a COBOL system and it's doing exactly what you want it to do, awesome. It's probably pretty solid. If you want it to do something else, you'd better know beforehand if it's worth it. You won't have the ability to cheaply experiment on new ideas.

It's been noted that big companies find it hard to innovate. I think that COBOL systems are often a reason why.

Comment Re:"sexual misconduct"? (Score 5, Informative) 264

RTFA. It means: "kissing her and groping under her skirt" while the woman wakes up from blacking out. It means "Dr. Richmond smiled and grabbed P1[’s] breast,”. It means "put his arm around me, and plunged his hand down the back of my skirt all the way to my thighs, and forcefully grabbed my posterior,". And all of this happened while Richmond was an instructor in the program and had a position of authority over the women involved.

Comment Re: You mean, like SharePoint (Score 1) 134

So, this is based on the current sharepoint installation at a Fortune 25 company.

Automatic notifications of changes are great. Workflows might be ok, but I've seen very few sites using them internally.

There is no collaborating on a document at the same time. There's a checkin/checkout model. While Excel offers true simultaneous editing of a file on a shared drive, that's gone if it goes in a sharepoint. Documents with OLE linking don't work. It has some limited BI capabilities, which is nice, but it's hard to embed real BI solutions (BizObj, Tableau, etc) into sharepoint so there are either links or we're dropping exported files in a document library. It would be nice to send links to people outside our company (and you can define federated identity) but that definitely requires a lot of configuration to make happen. (It's not currently set up in our company.)

As it is, since everything in Sharepoint seems to site-based, we have hundreds of individual sites across multiple sharepoint farms. There's no global way to search all share points. When there is a search, it's really, really bad compared to what people get from Google. (And glacially slow compared to google, but I suppose if we dedicated google-scale infrastructure to sharepoint, it might be better.) As a result, people do not use search. It's almost never a successful tactic. There's no automatic clustering of content like "See Also" or "Related documents".

Most groups end up using a single document library as a shared drive and maybe add a shared calendar. Meeting sites are set up by very few groups only for standing meetings, because it's a lot of work for each meeting. If one is set up, that information is siloed away from everything else. The wiki pages work, even though they aren't as easy to use as a normal wiki.

I'm sure that all of these problems could be fixed by working hard enough. That's my point: Sharepoint is a tool that groups could use to build a decent information sharing platform, with suitable care, planning, adoption of third party apps, etc. It's not a good information sharing or knowledge management tool out of the box.

And yes, there's a reason that it's used by tens of millions: it integrates with the Office products and is sold alongside the other MS enterprise offerings, and is therefore bought by lots of IT departments where the purchasers of the software are separate from the people who end up having to use it.

Comment Re: You mean, like SharePoint (Score 1) 134

[quote]Sharepoint does that have search functionality. It is used for storing documents. Unusable for sharing information[/quote]

  You have absolutely no idea what you're taking about. SharePoint is an amazing product. Also there are billions of dollars in development behind it and it's mature.

I have never seen an installation of sharepoint which was good for sharing information. It's probably possible to build something that people find usable with it, but it's like recommending a hammer and lumber to someone asking for a house.

Comment Re:A license does not make people honest (Score 1) 569

You think a license makes people honest? There are plenty of doctors and lawyers and other licenses and bonded professionals that behave unethically and even criminally. A license doesn't solve this problem. All a license does is attempt to ensure a base level of functional competence. It doesn't ensure honesty one bit.

The license does two things: it gives the individual more of an incentive to be honest (to avoid revocation) and it gives them leverage against pressures from management. If an engineer can say "I'm not doing that, and if you try to make me, the state board will hear about it and you won't have any (legally mandated) engineers to approve your designs" there is a lot better change they'll get people to back down. It won't stop a dishonest engineer, but it can help an honest engineer who is in a tight spot.

Slashdot Top Deals

Lo! Men have become the tool of their tools. -- Henry David Thoreau

Working...