Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Sad that rent is a metric (Score 1) 251

It is sad that the cost of rent and not the cost of a house / mortgage is being used as a benchmark when talking about IT, which is usually considered a higher paying profession. The concept that higher paying professions aren't assumed by default as leading you to property / home ownership is worrying. Yes, I get that "IT" spans a wide range from low level call center work to senior level architects, but nonetheless, it is a sad statement on the state of our world.

Comment Re:Foundamental flaw of the CA infrastructure (Score 1) 250

The protection against man-in-the-middle attack is relevant only in a handful of cases. With home Internet access, MitM can more or less only be performed by network operators, who have a lot to lose if they are caught playing these games. It is more of an issue with public access, but still rather minor.

There is no difference between protection from man in the middle attacks for home users and users using public access. The user (or software / browser on the user's computer) is either validating certificates or they are not. Validation includes checking cryptographic signatures, checking revocation lists, and checking that the subject matches the requested resource (web site). It is true that checking signatures requires keeping tabs on what certificate authorities are trusted, which is a difficult problem, but this challenge isn't any different for home or mobile users. The whole point of Public Key Infrastructure is to prevent man in the middle attacks (provide secure communications.)

I would argue that MitM is relevant in all cases, especially when you consider that beyond your (or the coffee shop's) ISP, you have to worry about spyware on your machine doing it. You may have even have agreed to it by installing something like comScore or any anti-virus product that "protects encrypted sessions". In the workplace you can have similar issues, many companies have egress filtering firewalls which perform MitM attacks on outbound encrypted traffic (otherwise they would not be able to monitor the traffic). In the work place though, the company owns the machine and can add the firewall's on the fly generated certificates to your trusted CA list.

Man in the middle attacks are possible and relevant pretty much everywhere.

Comment Re:Do not blame the tool(s), blame the workman... (Score 1) 150

This point isn't that all tools are equal. Different tools are clearly better or worse for different jobs. The point is that poor performance is not the tool's fault, it is the the fault of the worker for either choosing the wrong tool or not knowing how to be productive with the tools available. Or the short form, "Only a Tool would blame the tool."

Comment Re:MapReduce is great (Score 1) 150

If you make people jump through hoops like circus animals to come work at your company you only get the desperate, or the ones who want the job as a status symbol.

Or the ones who like being made to jump through hoops like a circus animal. I guess if you are into that it's okay; who am I to judge?

Comment Re:Stupid (Score 1) 258

This varies by country.

Yellow means "Stop if safe to do so" in many places. Red means "Do not enter".

If you think about it, it also doesn't make any sense that Red means get out of the intersection as anyone in the intersection would not see the red light in many countries due to layout. e.g. In most of Europe (UK excluded) the lights are at the entrance to the intersection.

In the US, it also varies by state. In some US states if the light is red and any portion of your car (even the last inch of your rear bumper) is in the intersection, you have run a red light (committed a traffic infraction). In other states, as long your car is completely in the intersection prior to the light turning red, you are okay.

Comment Re:Why I wait before buying.. (Score 2) 112

I guess having a patch within a week is pretty good though.

Assuming that the patch actually fixed the problem and just doesn't disable the instruction (or feature set) on the CPU. Disabling CPU functionality would "solve" the problem, but then you would be effectively getting a reduced capacity CPU and not what you were paying for.

Comment Network HSM (Score 1) 151

While encryption itself is an issue to be worked out, the real question is key/encryption password management: How do you keep the keys off of a server that you worry about being stolen or physically compromised? Specialized hardware exists specifically for this. There are network versions of hardware security modules and you would put one of these in a secure location, apart from your server, but available to your server over a network so if you need to restart the server, it can access its encryption keys (probably with human intervention on the HSM side.)

HSM equipment comes in all sorts of shapes and sizes with the smallest being the chip in your credit card or a TPM chip in your laptop, to big ones which are rack mounted and require multiple key cards to activate.

Comment Re:Rough edges visible miles away (Score 4, Informative) 92

I for me think that's fine and dandy but be careful not to throw out the good with the bad. Electronic-only boarding passes? How am I supposed to hold those? So they're now requiring me to carry a mobile phone or tablet just to hold that ticket?

The article talked about paper tickets not paper boarding passes. They are not the same thing. A paper ticket is a document that holds the value of your journey, it is like cash and similar to cash, expensive to handle. A boarding pass is a document that says you may get on the plane and on most airlines indicates your seat assignment. The boarding pass holds no monetary value. The boarding pass typically has a ticket reference number on it, but it is not the actual ticket. All other airlines that I am aware of (at least the majors in the US) got rid of paper tickets years ago, they all still have options for paper boarding passes. I don't fly Southwest due to their boarding process and lack of assigned seats, so I wasn't aware but was surprised to hear that an airline was still using paper tickets.

Comment Re:Costs of maintaining infrastructure are fixed (Score 1) 82

seems redundant to maintain two phones & two phone numbers

Redundancy is good, it gives you a usable option when one thing fails.

Accurate location services are not a sure thing with a cell phone, whereas if you call 911 (emergency services, for those not in the US) from a land line, they will know exactly where you are.

Comment Re:Bring back Logan's Run (Score 1) 82

Every article about old people is them being too poor, stupid, etc to handle life. Let's go back to the old days, the days of Logan's Run, where only the young are around.

Other than the articles about congress where the members are old people who are rich and powerful and hmmm maybe Logan's Run isn't such a bad idea after all.

Comment Re:Why stop at IT? (Score 1) 197

All of your engineers will need healthcare at some point. You could probably save a mint if your engineers could diagnose and treat some simple medical problems on their own.

Actually I would expect engineers (and everyone really) to be able to diagnose and treat simple medical problems. Have a headache? Take an aspirin, ibuprofen, etc. Have a small cut or scrape? Wash it and put on a band aid. Sure, a headache that won't go away or a cut that becomes horribly infected may need a doctor but these are stepping away from "simple medical problems". Most people know where the line between simple and not simple medical problems lies and those that don't create quite a burden on society (using the emergency room for a simple headache as an example). Being able to do simple medical diagnostics is a basic life skill that I would expect anyone with at least average intelligence to have.

I would argue that in today's society that basic technological knowledge is also a basic life skill that someone with average intelligence should have. Since a competent engineer would be someone with above average intelligence, there is really no excuse for not having basic technological understanding. By basic I mean simple "take an aspirin for a headache" kind of stuff such as checking to see if equipment is plugged in and has power before calling the doctor (IT support) or knowing that a message on the screen saying that you need to change your password means that you need to change your password.

Comment Re:And so it begins... (Score 4, Informative) 407

Someone didn't follow Lock Out Procedures or those procedures were inadequate.

The only possible liability lies with her, or the company, not the robot manufacturers.

For those who don't know what "Lock Out Procedures" means... It is safety protocol that has been used in industry for at least decades in which a person who is going to work near dangerous machinery turns off the power to the system and physically puts a padlock on the switch so that it can not be turned back on. Protocol is that there is only one key to the padlock and the person who placed the padlock carries the key with them. This way the person is responsible for their own safety. If 15 people are working on the equipment there are 15 padlocks hanging off the switch (there are special devices that allow a whole gob of padlocks to placed on a switch.) Lockout can be mechanical in addition to electrical, but the concept is that when something is locked it, it is not physically possible for it to operate. It important to note that control systems are not locked out, actual power sources are, this way even a computer or control system failure can not cause a dangerous condition when something is "locked out".

Slashdot Top Deals

Men take only their needs into consideration -- never their abilities. -- Napoleon Bonaparte