Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Options (Score 1) 500

Let's rephrase this a bit more realistically:

  1. Use Windows 7, and everybody with access to malware techniques from the last decade can get in, or
  2. Use Windows 10, and only the nation-state threats with access to the latest techniques or legal avenues will be able to get in.

Windows 10 integrates a lot of the malware mitigations that were either add-ons or unavailable for Windows 7. The default configuration also requires stronger security, and the system internals are much better hardened against malware compromising system integrity. In effect, whole classes of malware that could affect Windows 7 are ineffective on Windows 10.

I know it's Slashdot's fetish to think that the NSA really cares what websites you're visiting, and to think that you're all protecting the rights of freedom fighters around the globe, but really, using antiquated software just means that the barrier for entry is lowered. The NSA might not be able to pull your telemetry directly from Microsoft, but their regular old RATs and spyware will work just fine, along with the same kit from every hacker group around the world. Not only will the NSA still have access to your data, but so will everyone else.

If you actually want a secure system, opsec is still your best bet. Start with an isolated system for processing, keep it isolated, and use an airgapped (preferably with several walls and rooms between) system for communication. Never transfer electronic data, change service providers occasionally, relocate erratically, and follow all of those other paranoid guidelines that are more effective than "use old software".

Comment Re:Remember kids! (Score 2) 401

$DEITY forbid they should have a marketing department.

The casino doesn't know (and may in fact not be allowed to know) who has a gambling problem. All they know is that a long-time customer has stopped coming, so they fire up the marketing machine and incentivize future business. To use your analogy, the bartender might pass a known regular on the street, say "I haven't seen you in a while", and offer a drink on the house next time the customer comes in.

Yes, some people think they're lucky. Some people are addicted. That doesn't change the legality of the casinos' operations, and doesn't make them liable.

Comment Re:Look to history (Score 1) 293

That's intentional, even necessary. There is no data on antibiotic-resistant infections prior to the discovery of antibiotic-resistant infections. Since my whole point is that historical data is absolutely critical when making comparisons to historical practices, that's the best data we have available.

Comment Re:Look to history (Score 1) 293

"Each year in the United States, at least 2 million people become infected with bacteria that are resistant to antibiotics and at least 23,000 people die each year as a direct result of these infections."

Well, that sucks. Now, how do those numbers compare to historical measurements, accounting for the significant improvement in reporting reliability? The reality is that infectious disease rates were about three to five times worse in the 30s and 40s, because we were still at the beginning of a large-scale improvement process in general sanitation throughout daily life, not just hospitals.

"Antibiotic-resistant infections can happen anywhere. Data show that most happen in the general community; however, most deaths related to antibiotic resistance happen in inpatient healthcare settings, such as hospitals and nursing homes"

Let's say that again, simplified: "most deaths occur in care facilities". That's a great talking point, but what about where most fatal infections were acquired? If you get infected with a resistant bacteria in your kitchen, and go to the hospital for it before dying, it still counts as a hospital death.

Lusting for the good old days is a very dangerous habit. You have to remember that you are only able to recall the stinging pain because you were one of the survivors. The people whose lethal infections weren't cleaned by iodine can't speak up to remind you of their story, except as historical statistics.

The problem is also far more complicated than just "clean things". Over-use of antibiotics contributes to the prevalence of AR strains, but careful management is actually mostly what protects vulnerable patients. That is hindered by the stupid humans in the mix, who don't trust doctors and undermine their practice (for example, by bringing home-cooked desserts into a hospital isolation room). That in turn is a symptom of poor medical knowledge among the public, partly due to the confirmation bias you've shown here.

Comment Re:The Backasswards solution (Score 3, Interesting) 196

Joseph Bramah's lock was considered secure for 67 years, until Alfred Charles Hobbs picked it after a 51-hour effort in 1851. Now, modern tools and techniques can pick such a lock in a matter of minutes.

So let's suppose you had purchased one of Bramah's locks in 1850, with a 65-year history of perfection. If you were robbed in 1853, who bears the liability? Is it Bramah (actually his sons who inherited the business) for making an insecure lock that was sold as being secure? Is it you, for not replacing the lock as soon as a picking technique had been proven? Or is it the thief who actually exploited the vulnerability and broke the law?

Comment Re:Leave. (Score 1) 432

From my own experience, it's an exercise in professionalism, extinguishing the bridges that are burning without your knowledge.

The key (that is apparently missed elsewhere in this discussion) is to maintain absolute professionalism. The letter is not just whining. It is a dissection of the factors that forced you out of the company. It serves as an explanation of your actions to the people who would otherwise be left with questions that would be answered with rumors, often spread by the bully himself.

Until you walk out the door (or otherwise enact termination), you still work for the company. Your job doesn't end when you decide you're leaving. Right up to that last minute, you're still a part of the team, and they're still expecting you to help the company improve. While it can also be cathartic to say "fuck you all" and sit idly waiting for that two-weeks-notice paycheck, that leaves a very bad final impression on your colleagues. While they might end up being your opposition next month, they might also be your reference (or recruiter) next year.

When that time comes that others think back on you, will they recall a embittered man who just gave up and left, or will they remember the guy whose last act was a professional attempt to point out the proverbial elephant in the room? While the managers are ultimately responsible for the decisions (right or wrong), very few are actually all-knowing, even in their own minds. Rather, they have their particular perception, and a sufficiently manipulative employee can control their perspective and prevent them from ever seeing the unethical behavior. While it is not your place to tell management what they're doing wrong, it is your place to ensure that they accurately see the effects of their decisions. They can decide for themselves if it matches their expectations and other employees' descriptions.

It is not enough to "leave with a smile" any more. Now recruiters look at LinkedIn to see if you play well with others, and referrals from past colleagues is the easy way through the HR bureaucrats. Now, the best way to ensure your bridges aren't burning is to try to leave your colleagues with the understanding that you hold no hard feelings toward them, but only the environment you worked under.

Comment Re:The Backasswards solution (Score 3, Insightful) 196

The problem is defining "secure" and "insecure". In the US, the standard is "perfect tender", where the company just has to produce a product that is perfect to the best of their ability, and acceptable to the customer. The product may have been insecure from the start, but nobody knew it, because the vulnerabilities weren't known yet.

Three years ago, we had no idea that the rowhammer effect could corrupt data. Two years ago, we didn't think it had security implications. Now we know better, but my desktop was built four years ago.

There are some vulnerabilities that can be resolved, like default passwords... but those are comparatively rare. For production and installation ease, the devices are usually shipped with a default password and the user is provided instructions to change the password. The problem is that the users don't read the instruction manual for their new lightbulbs. In this case, the product is designed and sold to be secure, but the user's inaction caused the insecurity.

Ultimately, the liability for an attack lies (legally) with the attacker. It's been that way for several thousand years, and is fundamental to the legal framework in this country. Trying to change that will have many unintended consequences.

Comment Re:Leave. (Score 1) 432

On the other hand, with no documented explanation, it's very easy to blame the problems on the guy who is "no longer with the company", blackball him, and move on with no improvement. Saying just a name to HR does nothing, as it doesn't provide any context in which to investigate. In a large company, it may be the first time the interviewer has heard the name, and the guy leaving tomorrow will work with a different interviewer, so it'll never be correlated.

Comment Re:Politically incorrect solution: free/open softw (Score 1) 196

That's why all android devices automatically get updates, right? Even the decade-old ones that can't run new versions?

The OS doesn't matter. What's missing is the infrastructure to support patch development, testing, and delivery. Once the initial vendor goes out of business (or discontinues that product), there's no mechanism to continue development, no way to test the patch, and no way to get the new software into the devices.

An open-source mandate fixes the ability to develop new patches, but it becomes much more difficult to thoroughly test on all versions of affected devices, and there's no easy channel to get the new software to the end users.

Comment Re:Super bad idea, keep it verbal (Score 2) 432

Perhaps I should clarify, then.

Write a well-written letter of resignation, detailing the facts and verifiable events that led to your departure, in an informative and non-confrontational way. Express that you're choosing to leave the environment, rather than blaming the company. Avoid specifically naming the culprit, but frame the situation as a product of the environment that idealizes rock-stars at the expense of a healthy collaborative environment.

While you're still in the company, any complaint you make about the company's favored genius can be construed as an attempt to advance your own career at their expense. Any threats to leave are also idle. You and your opponent are both still working here, so the company still gets the rock-star's work and whatever you manage to do when you're not complaining.

In an exit interview, the attendance won't be as selective as a letter's addressees. Your manager may not have the power to do anything about the gaslighter if he's under a different manager's authority. HR may not be prepared to discuss another employee at your interview, so their hastily-scribbled notes may be the only actionable evidence. I've also seen companies treat the exit interview as their last chance to get information from an employee, so they'll bring in the resident expert to absorb any technical knowledge they can before it walks out the door. That would be very unproductive in this case.

A letter puts you in control. You decide to whom it goes first, you decide exactly its tone and contents, and you decide how incriminating it actually is. In the worst case, someone pulls it out to use against you years later, and it's no less professional than a technical document. In the best case, it's the wake-up call and first-hand evidence that HR or management needs to start improving the company.

Anecdote time. First, I've worked at a company that couldn't/wouldn't do anything punitive without primary written evidence. Verbal descriptions weren't good enough, because the company was large enough that the chain of command turned into a game of Telephone. I've also worked at a company that had a manager covering up for a bad apple, and watching the manager try to hide written evidence ended up making enough visible evidence to get them both fired.

The reason you're telling management about the bullying isn't to help management. It's to help your ex-coworkers and colleagues who still have to stay in that environment. It may be too late for you, but management still has a chance to prevent the problem from getting worse. The purpose of the letter isn't to tell management why you personally left. It's to ensure that management is aware of a problematic situation that has caused the departure of at least one employee.

In short, maintain your professionalism to the end and beyond. Say exactly what happened, and let management come to the conclusion of what to do about it.

Comment Re:Leave. (Score 4, Insightful) 432

And in the letter of resignation (perhaps a separate one to management, rather than one to your colleagues), document in great detail the actual reason for your departure. It's pretty hard to ignore a complaint that isn't just an idle threat. The gaslighter drove someone out of the company, so management will notice.

Comment Re:Four legs good, two legs BETTER. (Score 1) 211

Originally, I believe the idea of Wikileaks was to have a place for people to safely and anonymously without fear of retaliation, leak information people in power didn't want publicized.

That might have been the idea, but it was never really the result.

WikiLeaks made a name for itself with the Collateral Murder video which, through heavy editorializing, pandered to the anti-war populist opinion of the American public. With that fame and adoration as a first impression, they promoted themselves as a champion of the underdog, ready to fight any power anywhere.

Unfortunately, since then they've shown a very heavy bias in the subject of their leaks, and also a bias in the amount of care exercised in minimizing harm. When a US government interest is the target of a leak, they'll happily leave personal information in the data, in the interest of transparency and completeness, of course. When information could harm their own reputation or their benefactors (notably Russia and Ecuador, but others to a lesser degree), the leaks get a more thorough redaction.

This is not transparency. This is propaganda, using the viewer's own judgement against them.

Effectively, WikiLeaks uses its information not to drive change, but to encourage fear. Rather than seeing a report of a mistake and thinking "I can do that better", WikiLeaks' publications encourage fear that one might be the target of a leak. The collateral damage against uninvolved "innocent bystanders" also causes general mistrust and a fear of working with any organization WikiLeaks targets. After the fact, leakers get harsher treatment because of the damage their leaks caused, and real lawful whistleblowing gets undermined by its association with such harm.

Comment Re:because they won't be resetting the tv. (Score 1) 295

You were dead wrong.

Prove it, then. Show me any legal doctrine requiring a manufacturer to make products that remain perfect years after their sale.

Even LG came to agree with my position and finally divulged the sooper sekret cheat code to actually restore to factory. It's even documented in a video.

Providing a reset code does not imply they agree with your position. Again, prove it. Show me their public apology admitting they made a mistake.

There's no point trying to twist logic into a pretzel with your what ifs that clearly did not come to pass.

And yet, that's exactly what the $340 was. It was an offer for a business deal that did not come to pass.

Clearly those instructions were either wrong or meant for a different model.

So it was user error, then, and still not any mistake on LG's part.

Do you not believe in the KISS principle? Apparently not Occam's razor either.

Actually both, but above that I believe in rule of law. LG may have pissed somebody off by keeping secret procedures, but that does not change the legal or moral framework around the situation.

As for the kindergarten comment, that was in reference to your big red button story. I made that clear by quoting from your reply to that argument.

Yes, I got that, but you seem to have missed the point of the story. The flawed product is obvious, and it's clearly traceable back to manufacturing, but in both cases the manufacturer was unaware of the issue, and the product was accepted and operated for a significant amount of time, effectively terminating any initial implicit warranty under the perfect-tender doctrine. You still haven't shown any liability for LG, or the amp manufacturer in my anecdote, and you haven't shown that enforcing eternal implicit warranties is fair, or established any boundary which would be fair.

Again, I'll ask you to please prove your assertions. Please provide links to established laws or precedents on the subject.

If you're just going to try to talk around the simple fact that time and events have demonstrated my point and refuted yours, don't bother.

You're making ridiculous claims about what LG "should" do, and how you assume their repair shops work, and how you assume their products are designed. You provide no evidence for your claims, but simply keep saying that you're right. You can't even piece together a moral basis for your claim, and you haven't coherently refuted any of mine.

Like I've said several times now, it's time for proof. Please explain precisely where in established legal procedure or moral philosophy your claims come from.

Slashdot Top Deals

Hackers of the world, unite!