Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Many security tools are a security risk (Score 1) 99

Anti virus and sand boxing programs such as Invincia run as root. (any program that requires root to sand box a user space program is just a bad idea). The quality of programming and design that goes into some of these programs is appalling. It would be nice to educate employere not to click on every link and to be suspicious of certain emails but unfortunately most corporations find it too inconvenient to actually authenticate their corporate emails so a vigilant employee would miss any company wide notifications.

Comment I doubt it (Score 1, Informative) 249

From the picture you can see their set up is flawed. The current sensor they are using can be inaccurate but more importantly they are likely measuring power as current*voltage which is only correct in AC for purely resistive loads. The switching power supplies in the LED light bulbs or the ballasts in florescent lights or any inductive motor will cause this reading to be incorrect.

I didn't recognize any of the meters in the pictures. The big makers L+G, Itron, Elster and Senses go through an insane amount of testing and regulatory oversight. These are almost commodity items and the cost of a recall would wipe out tens of years of profit.

We do need smart meters. We need to have billing based on the cost of electricity production so that we can use things like wind and solar. I want people to use more energy when the wind blows or the sun shines and I want to avoid building and firing up peaker plants.

Lastly ask some former meter readers from Texas and the US south how much they miss being bitten by dogs and shot at while reading meters.

Comment Insurance industry should fight this (Score 1) 397

In any normal country the insurance industry would be fighting this. Insurance is insuring against risk. Without risk there is no insurance. If an insurance company knows 100% that you will die or cost them something then they won't offer you insurance but if they do offer you insurance then you would be a fool to take it since you aren't going to need it.

Comment Not a back door (Score 1) 85

Many vendors put a method to contact and trouble shoot their devices. Windows telemetry could be considered an example of this. For the average consumer (who doesn't even know what privacy is) this is almost always a good think. Customer support can easily fix their device. Unfortunately, this is IoT so the security is going to be shit. It's not just a Chinese problem it's the entire industries attitude.

Comment Maintenance costs will kill it (Score 2) 238

The killer to these projects is you have to recoup your cost before the system wears out while also covering maintenance costs. We do this on land pumping water up hills and doesn't make economic sense. The systems require to much maintenance. In North America the ones that are already build are used as insurance. Utilities pay for the ability to draw several MW from these systems while they wait for a coal system to come on line. Coal takes a while, while hydro is close to instant. The utilities pay for this insurance every month whether they use the electricity or not and when they do use the electricity they pay in the multiple dollars per KWh. The system in the article will be charged with unwanted electricity, cost 0, but will sell the electricity only at peak and shoulder prices. It's not going to viable.

Comment Complex systems don't make great leaps (Score 1) 474

A modern processor has many different parts and technologies in it. You might make huge leap in one area - lithography, reducing internal resistance or gate switching time but it won't increase your overall performance by very much because one of the other parts will then become the bottle neck.

Comment The more power the more rope to hang yourself with (Score 1) 169

The admin has a very powerful tool. It has almost no constraints on what it can do because 99% of the time we want that power. We are dealing with an uncommon, unexpected situation and need to be able to have the power to do something different. The exact correct command might be something that no one anticipated before. It would be very time consuming to come up with rules preventing such a command.

Also I don't think more warning messages or safety logic is always the answer. Maybe practicing more without the autopilot is the answer. Look at Air France 447.

Comment Create something you haven't before (Score 1) 1001

Programming is about creating something that hasn't been created before. So a programmer has to be someone who can create something new. It is the interviewer's job to find out if the programmer can create something new so the interviewer asks a question they hope the programmer doesn't already know and observes how the programmer comes up with a solution.

Every interviewee should know ahead of time that this is the type of question they will get. The interviewer should also know why they are asking the question. The problem is that no one told these rock stars who are taking to twitter this. (maybe over use of twitter has a correlation with intelligence) The other thing I see is interviewers who don't know why they are asking the question and how to evaluate the answer. However this isn't a problem, it is just a great big flashing warning not to work at the company.

Comment Re:Well no fuckin shit (Score 4, Informative) 154

A very large company I worked for had this for about 3 months and the reward was a percentage of the money you saved the company. It was well thought out and ideas were all considered. The first 3 winners were secretaries of senior management and all their ideas were ones that senior management should have already implemented. The program was then canceled and I think the secretaries got screwed out of the percentage they saved.

Comment Help - Looking for solutions (Score 1) 64

As a consumer, I can't measure the security of a webcam, toy or even a website before I buy/use it. If I live in the USA I can't even safely test it after I buy the product. There are 4 companies that have reputations that I would consider trusting their security and to get to four I had to include Microsoft.

So if you are not one of those four companies security will not gain you a single sale. Lack of it might burn you later but even that is unlikely.

We know shit security is a problem. I want to hear some viable solutions.

I don't see certifications for products catching on or being effective. Liability for the software developer would result in the lead developer being some guy in India with no assets to sue. Recall laws that say if your device is used in a DDOS attack you must upgrade it or replace it? What if I buy the device of the net from a company in China and China doesn't have such a law.

Comment Re:Hash Functions 101 (Score 2) 167

This still can be weaponized. Even if I only have two bit streams that start the same and then only differ in a block that I couldn't control I can still create malicious executables. Once I have the two streams that collide as long as the bits I add to both streams are identical the hashes will remain identical. I then have code after the differing block(s) that checks a value of a field in the differing blocks and behaves differently based on this value. I now have a good executable that is well behaved that I can submit to be signed by Microsoft or some other trusted company and a bad piece of software that has the same hash value. I take the valid signature from the good software and append it to the bad software and the signature remains valid.

Slashdot Top Deals

"When the going gets tough, the tough get empirical." -- Jon Carroll