Please create an account to participate in the Slashdot moderation system


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:whose payroll is the scientist on? It matters (Score 4, Informative) 514

That is true, but without understanding what the GAO report was covering it can be a bit misleading. Here is a bit of a graphic summary.

First it is important to note the 106B was over like a 20 year period. It is also important to note, that 106B wasn't all for science (in fact only the minority of it was). That number was the full amount they could attribute towards any are of work on climate change. In the above link the break it down into science, technology, and international assistance. So this covers FAR more than what one would first think of if they were told 106B went to climate change research. Research into clean coal? That would be counted. Nuclear, that would be counted. Research into better batteries for electric cars, that is counted. Research in to solar/wind, that is counted.

You can dig into the reports further to get a more detailed understanding. The point is simply saying climate change got 106B may sound like "oh my god climate researchers are getting rich!!!!". However, when you understand what the report really covers (long period of time and only a small portion goes to what you'd normally thing of as climate research) it does change the perspective a bit.

Comment Re:Why? (Score 1) 213

If they come from a company retained pool, that company retained pool would be an asset on the companies balance sheet. So taking it from there lowers the company's value by 76M. The stock options are a tax dodge, but that isn't what Oracle's owners are complaining about. They are complaining about his compensation being too high. I don't think they are too worried about the exact structure of that compensation. Either way it takes from their value.

Comment Re:Moar tin foil! (Score 2) 178

I have gotten incredibly sick of the tin foil hat brigade putting the NSA into every one of their conspiracy theories

If at this point, you still believe the NSA collecting private data is tin foil hat territory, I'm not sure exactly how to proceed. However, I'll assume you didn't actually mean that for purposes of the rest of the post.

Obviously you are concerned about your data being intercepted and stolen. Do you guys honestly think, for one second, that you can hide from these guys if they really want you?

OK, this statement really points that you aren't involved in information security (at least in a serious capacity anyway). Do you really guarantee you can hide from Anonymous or even script kiddies 100% of the time if they really want you? If you answer yes, then again we know you aren't involved in information security. So since the answer is no, what is your solution? Do you simply throw your hands in the air and say screw it? I cannot guarantee to stop them anyway, so lets just toss our firewall and anti-virus in the trash? No of course not. Heck even your sarcastic comment about a physically secured facility, in a faraday cage, with no internet access cannot promise the information will be secure. A simple warrant, guys with guns, breaking down your door and taking the server easily gets around that.

Information security is about risk mitigation. What can you reasonably and responsibly do to ensure the security of your client information? It isn't about guaranteeing 100% security as that is simply not possible (NSA or not). So there standard industry best practices to mitigate against risks even though that doesn't completely remove all risks. Such things include encryption, firewalls, anti-virus, IPS, DLP, etc, etc. Even if you do all of those things and more, that cannot promise 100% safety, but it does represent you doing your best to protect your clients data and not just tossing your hands in the air and saying screw it.

This NSA (I use that as they are the largest, but mean it to encompass every alphabet agency from every country) threat isn't new obviously, but the scope and visibility of it is obviously much more obvious than ever. Thus responsible IT professionals will be talking about how best to responsibly do their jobs in this regard for quite some time. I'm sorry you don't like it, but it is a good thing. New best practices on how to combat and mitigate these risks will come from such discussions. There will never be a 100% fix, but these discussions will lead to solutions that help. Those of us who take our clients information security serious obviously love these discussions. I'm sorry for you (really more for your clients) if you don't want to hear about this, but it isn't going anywhere.

Comment Re:Your Fingerprint isn't ever stored in flash (Score 5, Insightful) 303

Apple touts the fact that the fingerprint is never sent over the network as a feature but in reality it can't send it over the network even if it wants to

So the data exists on the phone. The phone is connected to a network. But it is physically impossible for that data to be sent over the network? Not sure how that would work.

Comment Re:just FUD IMHO (Score 1) 303

Certainly not FUD. A valid concern even if you personally don't think it is an issue. I personally am not worried about it != FUD.

If you want better security on your phone your best bet is stop using a 4 digit numerical passcode or incredibly simply swipe gestures and choose a properly strong/long password. My knowledge of biometrics is limited to enterprise system we had years ago which was horribly unreliable (often wouldn't allow the proper person access and would allow unauthorized people access on what seemed a random basis). I'm sure things have improved a lot since then, but still most studies you read on such systems don't leave you with much confidence.

Their best use seems to be in a 2 factor authentication scheme, but certainly not a replacement for a proper strong password.

Comment Re:The author is either a shill or a pawn of Googl (Score 2) 332

An ISP's stance on net neutrality basically comes down to their view on the market. If I go to an ISP looking for access to the internet and their goal is to provide me the best internet access for my money, then they support net neutrality. Alternatively, if a customer paying you for internet access if viewed as a commodity to sell to large corporations, then net neutrality is a horrible injustice. I do applaud you for openly stating your company's position. No matter how much I hope your position fails, I do appreciate your open admission of it.

Comment Re:Why not move? (Score 1) 182

Another thing we do as much as possible is use self-signed certs as much as possible (obviously not always possible with client facing communications). Even I thought that was paranoid until recently, but if you think about it all the NSA has to do is intercept communication to/from CAs and brute force or have some back-door into that. Brute forcing just that small subset of internet communication can give you the certs to freely read the rest of the 99.9999% of SSL/TLS communication over the web.

Comment Re:Why not move? (Score 5, Insightful) 182

To reliably do this, they must move themselves and have a self-hosted solution. If you host your data with anyone else you need to believe they value your data more than the money to be made from it or you are worth the head-ache of annoyingly trying to protect it from government agencies.

Over the last 10 years from time to time people within my company (which highly depends on privacy) have suggested hosting our servers/services with external hosting providers/cloud solutions. Every time I refuse. Their arguments are valid. It could be cheaper. It removes the hosting burden. These large providers are experts and could have better security. Even all of that being true the overriding truth as I see it is even though they may be better, cheaper, etc I can promise you we care about our data more than they will. FBI raids a data center for someone elses server and grabs our with it? Sorry, it was the FBIs fault! Any business reality makes handing over our data a legal requirement or just more convenient legally? Sorry we had to!

The last few months revelations just confirm what I've always known. If security and privacy are your business and you take it seriously, you had better be hosting it yourself. Google may have better technical experts than you, but I promise the people who actually make decisions internally care more about your data and will fight for it more when you host internally.

Comment Re:Kickstarter replaces IPO (Score 1) 70

Are you sure you want to try and prove a negative? AFAIC Kickstarter is the proof positive that you are wrong on this. Many companies would love to be able to access the public for initial funding but they cannot.

But with Kickstarter, the owner doesn't have to give up any equity or give contributors any voice in decisions. A VERY big difference. With Kickstarter, they basically get free money to try something if people think it is a good idea.

I think though that if Kickstarter (or a competitor) comes up with the business model that allows a small investor actually to own part of the business they are investing in, there will be government intervention

Absolutely. That would already be illegal with current regulations unless done in a way to basically copy existing VC structures and thus not be public. If you want to market you company publicly you are free to do so, but that is an IPO. If you don't yet want to go public, then you do private deals. You can do a private deal with any one you choose (even private investors), just there isn't much of a market to privately approach a ton of small investors who only bring a bit of cash to the deal for hopefully obvious reasons.

Comment Re:Kickstarter replaces IPO (Score 1) 70

As others have said, Kickstarter has no relation to an IPO as it isn't even an investment. More confusing is reference to small investors blocked for IPOs. IPOs are by definition public to all investors. Do you mean pre-IPO? If you do mean pre-IPO what government regulation do you think stops you from investing pre-IPO? You are in fact more than free to find any private company you like and invest in it (assuming they are interested in your investment). Those are obviously risky investments, but has you say can have a lot of upside. No government restrictions however on any individual investing in any private company I'm aware of. On restriction I'm aware of is a private company cannot generally publicly market pre-IPO offerings (at that point you go IPO).

The real restriction to small investors for pre-IPO investments is the market. No company wants to take on thousands of small investors who really bring nothing to the table when they can find one (or a small number) of large investors who besides their cash also bring industry/government connections and experience in building a pre-IPO company toward IPO.

Comment Home and Work (Score 1) 1880

Top of the head reasons to keep windows at home and work

At home:
  - Visual Studio/.NET (do work from home)
  - SQL Server (do work from home)
  - Windows Media Center integration with XBox 360

At work:
  - Visual Studio/.NET
  - SQL Server
  - Exchange
  - Active Directory/Group Policy/etc
  - System Center

Slashdot Top Deals

Logic doesn't apply to the real world. -- Marvin Minsky