Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Re:Who would have guessed? (Score -1) 240

Accenture consistently drives high performance and has a history of satisfaction on projects for the worlds top organizations. What sets Accenture apart from the competition are its management. The skill and level of analysts from every contracting company can vary greatly. However Accenture Senior Management staff have shown consistently high levels of skill and communication. Problems can happen with any corporate or government project. Rarely does everything go according to plan and often requirements change mid project. It is how a consulting company handles these changes that count. Accenture sets its self apart in this situation.

It's not the destination that matters but how you get there, Accenture(High Performance Delivered).

Comment Re:What is it that you say? (Score 1) 442

No, they're not dropping that veneer.

Saying you compete with someone, isn't the same as saying you're the same kind of business. e.g. courier bikes, courier pigeons, telegrams and email can all compete with one another, but work differently and might have really good reasons for being regulated differently.

(BTW, I'm not taking a position about how Uber should or shouldn't be regulated; I'm just saying that there is nothing about their reaction which implies they're admitting anything.)

Comment Re:Wayland bashing (Score 1, Interesting) 151

wayland initially was infested by the type of developers

Wayland was founded by the X developers who wanted to call it X12 but realized that people would freak the hell out if they fixed it the way that it needed fixing, based on their experience with X11.

Did you know that X11 has no security and that any stupid app running at the same time as your password manager can steal your keystrokes? Wayland fixes that, among other improvements to the 1980's architecture of X11.

Besides that, the baroque layering that means that you don't get good performance on modern hardware (because some breakage is considered unconscionable by the software conservatives). Those people can stay on X11 until they're old and creaky or their identity is stolen and they're too broke to own a computer.

Their kind of thinking is why traditional Linux DE's are stagnant and just adding circus tricks while ChromeOS and Android are the most successful linux distros.

Thank you, FESCO.

Comment Re: Why isn't this configurable? (Score 2) 141

Because the state of the form might be littered with Ajax operations such that simply refilling in the form won't accurately reflect the state of the page before it unloaded.

Right, he's saying that the state should be preserved. And it should be. ctrl-shift-t to re-open a tab can already do this - forward should as well.

Comment Re:So... (Score 2) 100

NSA _and_ Russians had access to to all thus firewalled networks for 3 years... Should Cisco and it's customers start lawyering up?

Are you serious? The entire point of a government is that they can do things that are illegal for everybody else (ostensibly because they are morally indefensible actions) and never face any consequences for their actions. Everything else is just various arrangements of that maxim.

Comment Re: Do they really ignore them? (Score 2) 124

Oh, so you're manually inspecting the self signed certificate every time you visit your website? If not, then how do you know nobody is intercepting your communication, making your self signed certificate as useless as having no encryption at all.

No, and he didn't imply that. Here are several situations, in increasing order of security.

1) The connection is not encrypted or signed. No certs exist. Nobody knows who they're talking to. An active attacker on the network between the two parties, can proxy and impersonate each side. A passive attacker, someone who just gets copies of the traffic, while they can't impersonate, can at least read what everyone is saying. No warning.(?!)

2) The connection is encrypted, but with unknown parties' public keys. Certs exist but are essentially worthless. An active attacker on the network between the two parties, can proxy and impersonate each side. A passive attacker, someone who just gets copies of the traffic, can't read anything. DANGER! DANGER! FREAK OUT!!

3) The connection is encrypted, and if you believe certain faceless parties who are totally unaccountable to you and who you don't know anything about, you think you probably know the other side's identity. Active attackers can't do anything, unless they're active enough to coerce or trick the CA. Passive attackers can't read anything. No warning.

4) The connection is encrypted just like above, but the CA pinky-swears that they really tried hard to make sure. Green URL bar.

5) As case 3 or 4, but multiple CAs, which might be hard for a single attacker to simultaneously coerce or trick, have all signed the cert. We don't have this in our browsers yet; it's early 1990s level tech that we're still waiting for.

6) As case 3 but the user has verified the identity through a different channel. No trusted introducer was needed. The cert need not be signed at all, or might be signed by the user himself. No warning, but also no green URL bar. (Yet, this is the very best-possible case, definitely more secure than any other.)

See anything wrong here? Scenarios 1 and 2 have their warning severities reversed. (And there's also a UI defect at high degrees of security, too, but that's less important.) This trains the use to think of warnings as not necessarily meaning increased severity or risk. A user will adjust to this by ignoring warnings. This is bad communication, and it's making us all a little stupider.

What you should do is add your known self signed certificate to your local certificate store, which means that the warnings will stop

He's talking about a situation where it's not known. Adding it to the local store would be inappropriate. That would be an attempt to treat scenario 2 as scenario 6, just to get around a UI bug. It'd be much better to just fix the bug.

Comment Payoff table shows whose guys they are (Score 1) 272

Maybe they're our guys, maybe they're not.

Country A is full of citizens, businesses, and government orgs which routinely depend on working computers and networks. Country B is similar, but a little behind, because they're not as wealthy.

Both countries' citizens, businesses and government orgs pretty much run the same code. Same OSes, same big applications, etc.

For the most part, everyone's computers run pretty badly, and outages and various fuckup are frequent. Criminals in both countries are very happy with the situation. Both countries have a pretty easy time with espionage, but a nearly impossible problem with counter-espionage. Everyone can attack, but hardly anyone seems to be able to defend.

Well, they're about the same, but not exactly. In Country B, due to the lower tech, more people use cash, more things are done low-techy, etc. Computer crime isn't quite as easy there. Fewer government systems (both civilian and military) are vulnerable to cyber-attack simple because they're not as computerized. Fewer businesses depend on networks. The airlines' schedules in Country B are run by a guy who has a big notebook, but Country A has an airline schedule that's run in some datacenter.

A group of nerdy people figure out part of the problem with everyone's fucked up computers. Turn out, there are bugs in popular software. Sometimes the symptoms just happen (bad luck) and sometimes they are exploited by adversaries.

The nerds have to make a decision: "Do we tell software industry about the bugs and have them fixed, so that everyone (both our country and the other country) get a defense advantage? Or do we not talk about the bugs, thereby preserving everyone's attack advantage?"

The group of nerds chooses the latter, opting to not have the bugs fixed.

Tell me this: judging from the nerds' actions, which country do you infer they working for? Who has more to win or lose from the computers continuing to work so badly?

Comment Leprechaun at Rio (Score 1) 180

I wish they still made those Warwick Davis Leprechaun movies. They could totally have an olympics one, where he dissolves some gold thief in the pool. OMFG, gold thief! The Leprechaun could be in the olympics, and he's pissed that other contestants are winning "his" gold medals. It's perfect; the movie writes itself.

But the last two (no, the last three, but especially the "Hood" ones) totally sucked, so I understand why they don't make 'em anymore. My friends and I were so pissed that the "Hood" ones sucked; within just a few minutes of trying to get over our disappointment after watching the first one, were were making up limerick-raps way better than anything in the movie. Those bastards put in so little effort in the end, and why they made "back 2 tha hood" I can't begin to imagine. Sigh.

So anyway, Warwick, tell your agent that you're up for doing another, but only if they'll do a good job, like in Leprechaun 3 (total classic, best of the series!).

Comment Too early to get excited (Score 2) 240

So far the evidence is limited to one experiment. There will be more of them within a year or two from different teams, then we can have more confidence. So far, there are interesting, internally consistent possible explanations from two teams for this anomaly, but they are not so easy to fit in the current model as to accept them immediately. For all we know, this may go the same way as the FTL neutrinos, etc.

Slashdot Top Deals

Air pollution is really making us pay through the nose.

Working...