Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Not really needed (Score 4, Insightful) 504

I'm in exactly the same situation, with no regrets. Interviews were a little tough early on, but once you have it, experience trumps education. My lack of a degree hasn't been an issue in a long time.

And the great thing about this industry is that you can get the experience and prove yourself without anybody else's permission. Contribute to open source, release a smartphone app, etc. It's in your hands: just do it.

Comment Re:The e-mail from Mt.Gox. (Score 3, Informative) 642

Gmail also flagged suspicious failed login attempts on my e-mail account, so I had to go through a password reset process on it. Although I used a unique password at Mt.Gox, the attacker apparently is running automated login attempts using the stolen e-mail addresses and Mt.Gox passwords, so anyone using non-unique passwords is likely in trouble.

Yep. Same story for me too. Glad I enabled two-factor authentication on my Google account (and SSH to my home server while I was at it).

Comment Re:P.J. O'Rourke said... (Score 1) 309

No, everybody wouldn't need to. The threat would be enough of a deterrent in general, and in the area immediately surrounding the polluter it would not be a difficult case to make.

You're right that the devil is in the details. But this is even more true when you're trying to attack such problems head-on with direct, one-size-fits-all legislation. A legal framework based on property rights would decentralize these decisions and apply local considerations.

"I've known people who have sued over blatant property rights violations..."

Yeah, but this isn't surprising since property rights are not properly protected these days. Instead of clear lines, there are fuzzy rules fraught with exceptions and loopholes.

Comment Re:P.J. O'Rourke said... (Score 1) 309

Lack of regulations wouldn't. But stronger property rights, which are another essential ingredient, would. Their neighbors should have the ability to sue when their property is polluted (read: damaged) by the nearby factory.

This requires no strong central government or anti-business regulations, and would not be prone to political manipulation by the rich and well connected. Simply apply the same rules to everybody.

Comment Re:Hi, I'm Left... (Score 1) 639

What, are they nuts? Who would want to live in a place where barroom brawls give way to deluges of bullets? Or where would-be minor road rage incidents end up in cars full of corpses? The violent crime rate there must be through the roof!

Except that reality doesn't match left-wing fantasy, and Vermont has one of the lowest murder rates in the country.

I don't understand why people can't leave the shooting of criminals to the police

Because when seconds count, the police are only minutes away.

Comment Re:because of the ass-hat signature authorities (Score 1) 665

I don't think it's realistic to expect people to check certificates before giving out sensitive data (or ever, really). And since that's the case, having encryption-but-not-really seems worse to me than encryption-only-if-it's-secure. The average person won't understand the distinction, and will assume encryption=safe. Since the user can't be expected to check the certificate's authenticity, the CA steps in to fill this role.

If you give your POP3 or FTP password over a self-signed SSL connection, you might as well send it over plain text. It's not a whole lot harder for somebody in the middle to read, unless you're checking the signature out-of-band. Which you're not.

The general consensus in the encryption community is that bad encryption is worse than no encryption, and I think they're right. On the surface, it is marginally "better" than cleartext, but in the real world it changes people's behavior and makes life much easier for the bad guys.

Your point about spoofed URLs and such is correct, but that's a different problem.

Comment Re:because of the ass-hat signature authorities (Score 1) 665

But that doesn't actually protect you - it just gives you a false sense of security.

If there is no way to verify the identity of the other side, then it's dead simple to stick yourself in the middle, unbeknownst to either legitimate participant. You may think you're having an encrypted conversation with GMail, but you're really having one with me, and I'm having one with GMail pretending to be you. See the problem?

It's like putting black tape over the warning lights in your car. Sure, it makes the problem "go away", but you haven't actually fixed anything.

Use self-signed certificates if you must, but I damn well want my browser to tell me about it. The certificate authorities are far from perfect, but at least you have to create a paper trail of some sort when you want a fraudulent one.

Slashdot Top Deals

"The following is not for the weak of heart or Fundamentalists." -- Dave Barry