Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Re:Tools and movements (Score 1) 216

There is a pretty easy middle ground: multiple signatures per identity. You could then have authority(s) vouching for your identity, plus other people too. This makes it much easier to catch a defector. "Hey, how come the Turkish intelligence service (a CA that almost everyone trusts on the web) just signed this guy's brand new key, but Verisign hasn't?" (or better: "how come the federal CA and this guy's state CA disagree?")

Comment Re:Tools and movements (Score 1) 216

You simply can't have people not do "anything extra" while also being resistance to MitM. Part of HTTPS' success story is that it's easy enough to set up, but at the cost of being extremely vulnerable (by PGP standards) to MitM. So to anyone who knows how it works, it's "insecure" but people actually bother to use it, so it's about a trillion times more secure against totally passive attacks, than plaintext is. Thus, on average for all persons, the web is more secure than email.

PGP email needs some kind of "lame" mode (where people have keys but they're not carefully certified, maybe just signed by a robot CA), but easy enough that passive attacks are defeated. And it needs to be compatible with doing things right, so that people-who-care and people-who-don't-care get combined into the same network-effect.

The only problem with that, should be webmail. People would have to do something that compromises the secret key (either upload it to server, or make it available to javascript) and that would make it harder for anyone to ever transition from don't-care to care. We really need to wipe webmail off the planet; it offers nothing and costs a lot. And that's not going to happen, is it? :(

Comment Re:Floppy disks drilling & punching holes (Score 1) 611

For us cash strapped kids, cutting holes into single sided floppy disks was the only option, shortsighted or not.

No, there was one other, though it did require spending a little money. You go to Radio Shack and buy a switch/button/whatever. (Many to choose from.) Open up your 1541 (which is probably permanently semi-open anyway, from all the times you need to re-align the head), cut the wirse to the optical sensor which detects the hole, drill a hole in the front of the 1541's case, mount the switch into there, connect the sensor's wires to the switch....

BTW, whole discussion is Slashdot trolling old people into admitting they're old people.

Comment Personalized Web Crawler... (Score 1) 325

Back in the day we were used to time-shifting our collection of information, and the viewing of information. This was accomplished on BBSs - such as FIDONET - by up and down loading content for later viewing with offline viewers. You would just set up some automation to run during off times (while you were asleep for example). Back in those days -- even as slow as things were, your time didn't seem to be wasted as much as today.

I don't have a bad connection - I stream videos no problem - so I can only assume the problem is the advertising cruft layered on top. As a result, I'm in the early stages of putting together a web crawler of my own...basically I go to the same sites day after day -- so most of what I read comes from the same sources - so why not crawl those sites and draw down what I want to read at my leisure? I can also automagically separate the multimedia from the text, and deal with that as I want to - rather than how a standard browser decides to do for you.

Website owners and ad people have gotten lazy - and disrespectful of users; time to claim back our time.

Comment Re: Doing it wrong? (Score 1) 600

I think the real issue here is 'access to' versus 'elimination'.

If you are your own boss, or you are a hobbyist, then this question is irrelevant. You can and should have access to every capability - it is up to you to manage based upon your own capabilities.

In a business with a gaggle of programmers that is evolving over time, it is a different story. In that situation, you have developers of all different skill levels potentially, coming into and leaving the business if you are growing, and you have to take into consideration the risks associated with allowing poor code to impact your paying customers. In that case, I think it would make sense to create access limits for different programmers based upon their skill levels and areas of responsibility. You could also cross train and provide options for people without this access to prove they can be trusted to get higher level access to more of the 'shoot yourself in the foot' tools/constructs - which would expand your cadre without risking your business in the process.

Comment Re: Doing it wrong? (Score 1) 600

It's not a simple as that. If you are on a team of developers who are building applications on top of clearly defined APIs, all the heavy lifting from a systems perspective should already be done for you. This is to ensure the company doesn't end up with 15 different versions of the same code in each release that needs to be maintained in the future. I think mostly it comes down to the bottom line: a business doesn't want to spend money on building the same library over and over again.

There are instances when low level systems programming is needed, and whoever is assigned that task should have the freedom to do what is needed to ensure the systems provided can perform at the desired level and provided whatever is necessary for security and so on. There is nothing canned that can do that, so you better have your best developers on that given the potential impacts to your customers and therefore to your bottom line.

If you work for yourself - then do what you want since you're calling the shots.

Policy choice is relative to your business risk/exposure. Ultimately whatever you choose to do with your own programming (if you work for yourself or you're just a hobbyist) will be proved out by your clients/users when they use (break) your software and systems. On the other hand, if you work for someone else as an employee, then you are bound to follow their rules, regardless of your views. You can try to change it, or you can find another job elsewhere.

It's not simply a matter of these things being beyond anyone's ability, but it is also true that there are different levels of skills and experience that exist in a business environment. A good choice would be to partner your systems developer with your brightest applications developer to cross pollinate. Unfortunately, my experience also suggests that many companies don't do a good job of mentoring and growing talent within the company. People get assigned to silos and languish unless explicitly transfered to the group with a different focus. It really comes down to the philosophy of your employer.

Comment Arrogant maybe? (Score 1) 229

At first, when I read the title I thought to myself, "how arrogant." What about people who are primarily verbal - and don't do math, or don't care to do math? Are they not equally fulfilled in their lives? How rich - a scientist who makes sweeping generalizations in a scientific journal.

If he had prefaced it with, "I have observed in some people that...blah blah blah," then yeah, that would be defensible.

Comment Sheer Volume of Cruft (Score 1) 333

Imagine if you will, a haystack. That haystack represents all the 'information' flowing from various 'news' sources on the Internet. Inside of that haystack are needles - that represent stories about the Trump administration: several gold needles - real news stories, several silver needles - bona fide comedic satire, and rusty needles which appear to be real news stories - but are fake...click bait and possible propaganda.

People are so overloaded with the cruft coming inbound from so many sources, some of this being retweeted or relinked stories (facebook) - they are losing track of what is real and what is not. It becomes even more difficult when news outlets that are ostensibly real, end up addressing the fake stories as well - either through mistakes and presenting as real news, or to debunk. Ultimately it is a news blitz caused by the confluence of a number of things: Trump's propensity to tweet and countertweet, his administration's rate of deployment of changes, confusion about sharing information from the administration (mixed messages), overlayed with all the satire and click bait.

Clearly indicating what is and is not satire will go a long way to avoiding satire bubbling up through multiple layers as true news stories.

Comment Re:I think it's safe to say that wouldn't hold up (Score 5, Insightful) 216

If it's an argument at all, it's one against all forms of criminal sentencing of any kind whatsoever, not just the death penalty.

I still can't believe some people think the sentences are what's wrong, instead of the inaccurate verdicts. It's as though people think that figuratively taking an innocent person's life by putting them in prison for decades (or life) isn't an irreparable injustice on par with murder.

I have to call total and complete bullshit on that. How about I imprison you for years, perhaps also as my rape-slave among other violations of your dignity and a total denial of the entire life you wanted to live, and let's see if you don't, at some point, say "I wish he'd just kill me."

Get the trial right!! That is where efforts are most needed.

Comment Re:Still optional (Score 2) 95

No. DMCA has been common fodder on Slashdot for .. oh shit, it's decades plural now, huh? Learn what it says, and also how courts have interpreted it. It's actually not that big of a topic.

I'm leaving out a lot of synonyms or near-synonyms, but basically: you're prohibited from bypassing a technological measure that limits access to a copyrighted work. Removing your computer's ability to descramble DRMed stuff is not a violation, because doing this does not provide you with access. It is perfectly legal, per DMCA, for you to do that.

(You might have violated a contract by deleting a shared library, though. DMCA aside, we saw some sweeping "judicial activism" in contract law, a few years ago. (Thanks, Blizzard and their customers.) It's possible that you [wave hands] did a thing [waving harder, look over here!] equivalent to signing a contact, where you magically (and unknowingly) (and possibly requiring time-travel) agreed to not alter or delete any of the proprietary software on your computer.)

Slashdot Top Deals

"It might help if we ran the MBA's out of Washington." -- Admiral Grace Hopper

Working...