Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:Cost of Living Tradeoffs (Score 1) 163

Mod parent up. I've seen *exactly* the same you point to virtually everywhere. But one thing I'd like to add is the perspective of the "startup", not only the large companies. They are great in luring you with big promises and massive amounts of stock options while offering crappy salaries. This also unfavorably caters to the young who can afford the gamble, and who are too naive to understand the downsides. They are not necessarily in the H1B game, but their way to keep you "at bay" is with their "at will" contracts, where a CEO can just fire you for no reason. HR is a third party outsourced company.

Comment Security is an afterthought (Score 1) 41

The IoT market is indeed insanely hot and competitive, and time-to-market can make or break a product's success. This means that the MVP version (minimum viable product), that is supposed to be just the first step in an iteration, many times ends up becoming the version that gets shipped.

It's very rare that security is considered in an MVP. Some simpler types of IoT devices (typically send-only), that rely more on the cloud back-end, may have better luck by improving the security of the cloud-based components over time, but if the device accepts input and network commands, all bets are off.

Comment Re:Seen this before? (Score 3, Interesting) 95

Not this time. I think this is an acknowledgment that they need to rethink what's important, and it's not the OS anymore. It's the Cloud (both, IaaS and PaaS), where AWS is the biggest competitor and the one to beat, reason why Azure is so strategic for Microsoft. They need to have expertise and business solutions whatever underlying OS the customer may choose. If Linux, they need to have an outstanding support for it in Azure and across all their offerings.

We may think this is the same old Microsoft, but I believe they are going through one of their biggest reinventions to date.

Comment Re:utterly pointless and ineffective (Score 5, Insightful) 556

Mod parent up. I feel more ashamed that it's actually MY congresswoman, and I will write her a note, because this is absolutely non-sensical as many have already pointed out. It will stop nothing.
I can get any low-end Android phone, put it in airplane mode and never sign up with a carrier, connect to any public WiFi network, and use a SIP client with ZRTP to connect to a server paid with Bitcoin to do my anonymous calls.
This is classic government reactive approach with no input from subject matter experts, always 10 steps behind.

Comment Insane (Score 4, Insightful) 33

May be I'm just getting old but I cannot wrap my head around these kinds of deals. Paying 100M for bullshit like that, when I can enumerate dozens of startups with amazing technology and real innovations in cloud, back-end services, automation, platform, security, etc, that can barely get a couple of millions to continue their development. The industry is ran by teens now.

Comment Re:A word to the wise (Score 1) 43

Really? has the IQ level in Slashdot gone downhill that much that you can't even do a Google search?

If you frequent this site, you will notice this community is big on privacy, and QubesOS has been for quite some time among the best options out there, since they are the only ones addressing very hard problems, like hard isolation of driver-level components in the OS, such as the USB or the Network subsystems for example. This is particularly good to mitigate against 'evil maid' type attacks and such. They achieve this using a modified version of the Xen hypervisor with lightweight VMs with a common hardened X-based interface.

These folks don't release very often, and this update has been coming for a long time, and it's very welcome. Particularly the UEFI boot support, that has blocked me to be able to install it on my private laptop.

Comment Streisand Effect of sorts (Score 1) 546

For years, many voices in tech have been screaming about lax security and privacy controls in most devices and online services. Well, this argument may end up being a Straisand Effect of sorts, by encouraging the tech community to finally rally together and develop the kind of systems where this will be a non-issue: zero knowledge, end-to-end encrypted, ephemeral IDs when we need it, plus validated, immutable, blockchain-based distributed trust systems when we choose to. Heck, right before this story in Slashdot you have the one on the release of Wire. We'll see more and more of this. The government has no idea of what they've unleashed.

Comment Re:So vague is has to be true? (Score 1) 241

What broke down here is the threat assessment model. Was there a competent team of interdisciplinary experts who reviewed the threat and concluded it was reasonably credible? then no need for a CYA, since you are doing your job.
But if this was based on the consensus of a few local folks you know, that may or may not have a respectable background to advice you, then it's on you.
First of all, if they would have a semi decent IT Security expert as part of their threat assessment team, they wouldn't even have reported that "the IP address was from Germany" since they'd know it's largely irrelevant, being most likely a Tor exit node or a VPN end point, if it didn't match a well-known origin. Instead, they'd focus on the language, plot details and other things that can reveal if this is indeed credible or not. Then they'd probably correlate with similar chatter in other places (like NY), and on and on.
I'm not sure if every major city should have one of such teams on stand-by, but at least a "service" should exist for these kinds of things so someone like a School Superintendent or a Mall Manager can tap into.

Comment Extrapolating from today (Score 2) 279

CI/CD systems will automate the heck out of everything, and there will be less and less visibility into what's running where and how.

"Cloud Native" applications designed around microservices with well-defined interfaces and running in some PaaS "somewhere" will become the norm. I sadly foresee that developers themselves will be expected to become microservices, basically expected to do one thing only, and one thing well, and forbidden to look beyond their immediate horizon of the ever rolling Agile backlog. There will be less space for creativity at the individual level, and massive invisible machine learning software running in the back-end of the datacenters will automatically generate "facts" for the suits in charge, and possibly even stories on a backlog based on those facts. In 20 years, they'll generate their own code.

Comment That's why decent PR is needed (Score 1) 278

This could be easily solved by having a single place (a web site and an app) where the scientific community at large shares with the public what's the current consensus, explained in the simplest terms possible, with links to credible resources to second level and third level of depth.

The site needs to be authoritative, and widely known as the single source from the community, so if anyone ever has a doubt, they know where to go to understand what the scientific community really think about a certain issue.

This does not mean by any means the absence of debate, or the constant change in views and information, but a place where the bulk of the community put their minor differences aside for the benefit of the common good and their own, by helping closing those gaps.

Comment Bad system design (Score 0) 111

First, SSNs themselves should not be "stored" in any database. They should be used dynamically for initial patient validation and stored as a salted hash. For that matter, you can do the same with DOB and other key identifiers that are not required for anything but for validation. Use an internal patient number as index for everything else. Second, use MAC (Mandatory Access Controls) for any app or microservice attempting to access specific portions of data. Any unauthorized attempt to access a record should be logged, and if you really want to catch the bad guys, do a transparent session forward to a honeypot with a fake database. Third, use 2 factor authentication for any remote access to the data. Fourth, all internal systems should run virtualized and accessed over VDI, no data on laptops, ever. Is it really that hard?

Comment Removes an important failsafe (Score 2) 468

I was on a business trip once going from Lima, Peru, to Arica in Chile on a 727 when the pilot announced that the navigation system in the plane was basically dead. Instead of freaking out, he lowered the altitude and he visually followed the Iquitos river and other landmarks, piloting the plane the old fashion way, taking us to the destination safely. In a windowless cockpit that would have been a non-starter. I for one, want to keep an "analog backup" as an option. Thank you.

Comment The leave me NO choice (Score 0) 484

I *want* to pay for a service like that. I'm eager to pay to watch what I like when I want it. But with decisions like that, they leave people like me NO choice but using "alternative" methods like Sickbeard + SABnzbd, forcing me into the underground. These guys are so far behind the times it's like watching a 1950s movie. Term limits!

Comment Re:Isn't the upshot the same? (Score 1) 325

H1B visas serve only to drive down wages for US employees. Additionally, they end up training foreign talent that are later kicked out of the country (after 3 or 6 years, depending upon whether the visa is renewed).

Not necessarily. They system may be corrupted now, but I doubt that's the only reason why we created this program. I came to Silicon Valley 14 years ago specifically because I had skill sets that were required by my company at the time and were simply not available (like speaking specific languages and understand local cultures in specific countries, in additional to specific technical skills), so for all intents and purposes, it was completely legit. I was also very naive at the time and I openly discussed salaries with my co-workers (something pretty common where I come from) so I realized I was NOT being paid less than them. In some cases I was being paid more.

I didn't consider I was being "trained" either. In fact, I was doing most of the training, and when the time came to look at other opportunities outside the company, almost every potential employer that contacted me already knew they'd have to renew my H1-B in order to get me, and that wasn't considered an issue, just an annoyance.

A while after I met my wife and I became a citizen through marriage, but at least my experience was very different from what other people is discussing in this thread.

Slashdot Top Deals

Moneyliness is next to Godliness. -- Andries van Dam