Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment And the point is? (Score 4, Insightful) 475

The last time that you could get a decent permanent job without solid skills and education was the 70s. But they weren't easy jobs - things like auto plant worker. And many of those jobs vanished in the 80s. Today's WSJ has an article why... basically people got progressively more expensive, while automation got less expensive. The "gig economy" is no different than what people did before about it... Amway or Fuller, or holding Tupperware parties, or starting a lawn care or housecleaning service, or starting your own cab/limo company before cities regulated and medallioned that option off the list. The unfortunate part is that we fall for the sob stories, the anecdotes of emotion, and then close off another rung on the upward-mobility ladder in the name of protecting the people that, as a result, are held down more firmly.

Comment Re:Yeah (Score 1) 398

You may be a bit young to remember this, but a lot of jobs in the medical device sector were lost due to Obama before he implemented any policies. The statements he made about his intent to constrain what could be charged - for what devices, under what conditions, how much - reduced investor confidence long before he put any policies in place. His actual actions later were bad for that same sector, but not nearly as bad as his initial off-the-cuff statements of intent. Hiring (or continuing to pay) a team for a project is an investment in future returns. It's bets by investors that putting their money into companies is better than into government bonds. It's not about what today looks like, but rather how, relatively, they expect tomorrow to look.

Comment Password Guessing hasn't been the problem! (Score 2) 498

This has been a pet peeve of mine for a long time, and I've followed it for years, because password complexity hasn't been the problem in the big breaches. We are just making it harder on normal people, who then write them down, lose them, use the same one everywhere.

Think of the big breaches, which I tracked until about five years ago... In the Zappos breach, hackers broke into their system and stole their database. They didnt guess passwords, just stole them.
In May 2005, GMail was hacked... via JavaScript, exposing contacts, personal data without cracking (or exposing) passwords.
When CardSystems Solutions (a payment processor) was hacked and 40 million credit card numbers stolen, it was by SQL Injection. Fust full names, addresses and passwords exposed without any password guessing.
TJX (TJ Maxx, a retailer) lost 45 million credit card records in a hack... by unprotected WiFi and unencrypted records.
Google's AdWords system by surrupticious files being installed. User passwords were stolen.
About ten years ago, Internet Explorer (yeah, I know...) facilitated look-alike sites to steal Hotmail (Microsoft), GMail and Yahoo passwords... but complexity or guessing were not the issue.
When Epsilon Data Management was hacked, it wasn't via guessed passwords, but they were stolen, compromisingcustomer accounts on Citibank, Chase, Target, Walgreen and Best Buy.
LinkedIn, the professional networking site, had six million passwords cracked-and-leaked in June 2012. The process was an attack on the server storage encryption, not on password strength.

The stupid thing was, when Zappos was hacked (again, not via password theft), they then decided to impose stringent password requirements. Amazon doesn't have such stringent requirements, so just for ease I've switched most of the purchases (about four a year) I used to do from Zappos over to Amazon.

Comment Re:"universal" (Score 2) 207

I admire your passion, but the world of media doesn't work that way. If the content distributors (Netflix, Amazon, HBO GO/NOW and the also-rans) weren't able to use standardized DRM, they would use... and standardize... on a non-standard platform. One that, being non-standard, would probably be very closed-source and proprietary. And consumers would flock to it Resulting in a huge, unverified surface for exploits and attacks.

This has happened before. Remember Flash?

Channel George Santayana.

Comment Re:Racism at work (Score 1) 627

I don't think that. For several years I was "randomly" picked for a thorough search every time I boarded a flight back from Europe... which was every other month. I'm blue-eyed, white, clean-shaven, born in the U.S. and was usually in a nice business suit. We used to joke that it was because it's safer to search someone like me, as you know you won't find anything and you won't be accused of bias.

You are making an accusation based on a single incident. It could have been an agent responding to Sidd being, e.g., belligerent, or some other country on his passport, or even just misinterpreting a recent memo.

Comment Social Holes (Score 3, Interesting) 75

VeraCrypt/True were already secure -enough-. Cracking through the holes is usually more effort than local law enforcement, your boss or the local mob will care about. If you're on the radar of worse people, they can toss you in jail or threaten your family. So while I consider better security a good thing when it doesn't increase cost or inconvenience, it's not really an essential move forward.

The bigger problem is common passwords, leaving the volume open, having open drives automatically backed up to "the cloud", emailing documents... things these security code fixes cannot address. We don't hear often that the Feds have used a security hole to extract data from a user's system.

Comment Re:Mostly... (Score 1) 178

Umm... no. The real number is about 25%. Real world tests. But you have to do REAL world tests.

A few years ago I was at the VP8 conference. Google was touting how much bandwidth VP8 could save over H.264. They said they could give identical quality with a 5Mbps VP8 1080p stream as with a 10Mbps H.264 stream. Well, yes... you get about the same quality with a 4Mbps H.264 stream at 1080p as with the 10Mbps. But they did freeze when asked if they would pit the quality of VP8 doing a 1.2Mbps stream against H.264 doing a 2.4Mbps stream.

You've got to know the context. For our tested real world content, same quality, against optimized H.264, it's about 25%, pretty consistently.

Comment Code Style for Effectiveness vs Purity (Score 1) 239

I've seen a lot of style wars - tabs vs spaces, braces starting same line vs next line vs omitted when possible, commented enums required (especially by European companies using StyleCop), etc.

All of that is unnecessary from a compiler perspective. But the style you are accustomed to aids your efficiency and effectiveness. Code doesn't care if it's consistently indented, but finding that unbalanced loop is much easier with it.

For me personally, since I'm in C++, Java, JavaScript/Node (never by choice), Groovy, C# and Python every week, style consistency for me, rather than optimizing for what zealots for a particular language want, is highly beneficial. So the Groovy gets semicolons. The inability of JavaScript to handle certain brace formattings resulted in me modifying my default across all the languages, because they other (real) languages don't care.

Use what makes you personally across all your development, and more importantly your entire team, faster and better.

Comment Cluelessly Bad Analysis (Score 4, Insightful) 153

There is so much wrong with that as to be comical.

When do you ever hear about insecure passwords being compromised? That doesn't happen. They get leaked. Constantly. But not guessed, not when they can be leaked or stolen.

So how does a super-ultra-secure password help?

And then we have this odd bit of math, that 18% of the >51 age range had compromised accounts, while less than double that, 35%, of the youngest range had. Probably, but unclear because the report requires providing PII, while having four times more accounts. I'd certainly bet that the 18-to-34 age bracket has more than double the account count of the compu-geysers. (I say as someone just squeaking below that bar.)

Which would imply that, mathematically, insecure passwords are more secure. Go figure.

Comment One not-so-minor detail... (Score 1) 350

The on-chip FM radio requires a WIRED headset. Not bluetooth, not using the phone speaker or earpiece. The headset lead is used as an antenna. Without it, the radio doesn't work. Generally won't even turn on, just gives a warning.

So it won't work for most users. And was probably costing too much in support calls about why it wasn't working.

Comment Re:This is one reason why IT doesn't get respect (Score 1) 765

"For everyone who is going to respond to this in a "Fuck you, I can say and do whatever I want" fashion, can you please explain why it is so difficult to refrain from inappropriate jokes in an office environment?"
Did you even READ the OP? This wasn't about an office environment. And, if you really have been around that long, you know that the definition of "appropriate" changed a lot in 25 years. You could claim that we should have been this sensitive, this advanced, 25 years ago, but that was then and, for then, it was pretty advanced. More so than 25 years before that.
All of which makes you sound a bit immature.

Comment Re:What a load of FUD! (Score 1) 150

That's not entirely fair. That's still a pretty recent version - if you purchase from Amazon or NewEgg you have a good bet of getting it even on an x14 model, and certainly will get that or older on any other model - and there's no "Automatic Update" mechanism on Synology systems. Plus they're essentially storage appliances; users aren't expected to log into and manage them frequently. And the feature that seems to put people at risk is a selling point of the device.

I'm not bashing Synology; I have two Syns running in my system (both current, both firewalled, neither has the rumored susceptible port open, neither infected.) But you're not spending enough time around regular people if you think people expect to be logging into the admin screen of their external hard drive - or their fridge, toaster oven or coffee maker - frequently to check for updates. ;)

Slashdot Top Deals

Money is better than poverty, if only for financial reasons.

Working...