Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Overwatch competitive ego boost (Score 2) 163

I used to play Overwatch competitive. For the first few seasons, when you completed each season's 10 placement matches, they placed you a few hundred Skill Rating (SR) points lower than they estimated. I suspect they figured you'd be more likely to stick around if you got to club seals for a few games. In hindsight, it cheapened the experience of a few games where I played incredible, and makes you wonder exactly how much you're being psychologically manipulated when you play the next Blizzard game.

Comment Hospitals themselves are largely to blame (Score 1) 7

Good luck offering "cybersecurity" to a bunch of penny pinching execs and bumbling IT. I worked for an EMR provider and got to overhear support calls. Neglect and incompetence were at the root of many patient-visible outages.

Examples:
System down, nurses call us up saying they can't track medications for newborns. Meanwhile, clinic leadership has ignored our "you should upgrade you hardware before it breaks down" recommendations for months.

We require backups be made. MSP says they can do backups cheaper, and it turned out their solution wasn't pulling backups off of our server. We even sent the clinic a certified letter! Server dies, company loses 10 years of patient data. They (and us) get sued by patients.

Fighting us tooth and nail to stop us from sunsetting their W2k3 server in 2017.

At least a dozen calls where the tech replaces their firewall and can't rebuild it properly, so the VPN to us is broken and in many cases, nonexistent. Guess they didn't need labs this week while their new MSP learns2vpn.

Comment Letter of Marque and Reprisal? (Score 1) 82

Once upon a time, I used to reach out to US-based hosting providers that spammers used. In the unlikely event I received a response back, it was to inform me they won't do anything about Canadian Pharmacy websites unless you can prove that they sent that spam email--being a mere beneficiary of spam is not enough. It took being one of the world's largest spamming operations for McColo to be shut down, and it was done by the upstream service providers. Feds don't have time for this. I propose we take a page from colonial-era maritime law and let private individuals petition the government for the right to seize equipment from bad actors. McColo wouldn't have lasted a week if you could round up about 20 guys to break in at 3 AM and start hauling off servers. Oh, you dealt with that spammer earlier? Take it up with the government when they have the award hearing. This changes the balance from removing spammers whenever someone finally compels you to, to accepting a considerable amount of liability for tolerating a spammer/leaving your infrastructure poorly secured.

Comment Re:Except for solving puzzles (Score 3, Funny) 89

My department did that once as part of a team building exercise. A good half of the IT team members' individual contributions were stronger than the group they were put with. I've since learned the value of giving people token decision making ability (bike shed color) instead of letting important decisions be the product of everyone's input.

Comment Re:new excuse? (Score 1) 193

My company has a common pool for sick days and PTO as well, and instead of encouraging people to stay healthy, it encourages sick people to come in while contagious so they can still keep their days for summer vacation. Paying out fewer days looks good on the balance sheet though, so the policy remains in effect.

Comment Not convinced of the effectiveness (Score 1) 134

It's a nice gesture, but they need to drive through my old neighborhood sometime. In the southeast, it used to be that the liquor store to church ratio was the gauge of a town's squalor. These days, you can't go drive down a street without passing a handful of payday loan places. Internet advertising isn't to draw people in who otherwise wouldn't consider a payday loan, it's to make sure your slice of the pie is the biggest. Some cities pass ordinances limiting the number of payday loan places, but in many towns, one place can easily become five. As a result, keeping an adequate flow of new customers becomes increasingly important. Buying ads for "payday loan bessemer alabama" is just one way to do that, and is honestly preferable to the ongoing battle for "most obnoxious LED display" that many places are engaging in.

In my area, they're extremely aggressive: I live in a apartment complex, and they apparently buy names/addresses from the credit agencies. I used to receive about 3-4 "personal loan" offers from the local payday place a year until I got around to renewing my prescreen opt out.

Comment Re:Programers can not even figures (Score 1) 372

Hello fellow victim of RFC 3696:

Without quotes, local-parts may consist of any combination of alphabetic characters, digits, or any of the special characters

            ! # $ % & ' * + - / = ? ^ _ ` . { | } ~

period (".") may also appear, but may not be used to start or end the local part, nor may two or more consecutive periods appear.

The wording isn't grammatically correct. There's two interpretations:

local-parts may consist of any combination of alphabetic characters, digits, or any of the special characters [including period] may also appear, but may not be used to start or end the local part

--or--

Sentence 1: Without quotes, local-parts may consist of any combination of alphabetic characters, digits, or any of the special characters [special characters follow].
Sentence 2: Period (".") may also appear, but may not be used to start or end the local part, nor may two or more consecutive periods appear.

The first applies the ending character restriction to all special characters, while the second only to period.

Comment Re:Well duh (Score 2) 67

Don't underestimate the power of incompetence. If I had to guess, port forwarding is hard if you don't know what you're doing, and if you set up a 1-to-1 NAT statement and permit everything to that IP, you'll expose more than just the port you were concerned with. Many people will fiddle with something until it works, and "wide open" works.

We just had a third-party tech take something like 10 failed attempts and a month and a half to set up port forwarding for a single port. I suspect the business model is to find non-technical customers, and hope they never catch on.

Comment Heathcare IT? Ugh. (Score 1) 67

I work for an EMR vendor. FYI, the HITECH Act obligates companies to disclose breaches only in situations where PHI (patient data) is accessed. Our infrastructure could be co-opted into a Russian Bitcoin mining farm, but as long as patient data isn't touched, we don't have to let anyone know.

What a lot of people don't realize is that many clinics are small businesses. Small businesses tend to make small business decisions. Doctors won't replace those workstations running Windows XP or Vista if they plan to retire in a few years--that's wasted money. We've noticed that not maintaining support contracts for critical infrastructure is a popular cost-saving measure as well.

Penny pinchers are a problem, as is entrusting responsibility to Billy Bob at Local Computer Guy's and Cable TV Repair's. Yes Billy, we can tell you haven't made a successful backup in six months, and the UPS at the customer site has been failing for twelve. No Billy, it's not ok to leave those ports exposed on the Internet. People rag on the cloud being someone else's computer, but cutting Billy out of the loop is a net positive.

Slashdot Top Deals

Anyone can hold the helm when the sea is calm. -- Publius Syrus

Working...