Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment Arms control only works if attribution is possible (Score 1) 47

One of the biggest differences between the two types of warfare is that attribution is non-trivial in cyber. So even if agreements were made between two or more countries, how can you verify that they are enforced if you can't determine who authored/deployed the illegal malware?

In traditional warfare, which often relies on kinetic weapons, its pretty straightforward to trace the trajectory of a weapon back to where it was deployed

why not shift national priorities towards creating robust, fault-tolerant, systems that render offensive tools ineffective?

Defense is more expensive and takes longer to develop because it is only as strong as the weakest link. You have to make sure the entire perimeter is secure by eliminating as many holes as you can.
On the offensive side, you only need to find one hole. As a consequence, offense is relatively cheap and the costs are typically associated with the initial R&D. After the initial R&D, cyber weapons can be replicated with virtually zero-cost.

Comment Re:Except much of the time they're right... (Score 1) 408

Hindsight is always 20:20. In fact the best ideas, those that become second nature, are often considered obvious after the event. The real question though is, if they were so obvious, why didn't someone else do it before?

The technology was not there to do it yet. Almost always, peoples ideas for what can be possible are far ahead of what is currently possible.

Comment Two solutions (Encrypt or leave) (Score 5, Insightful) 243

If you are determined to use drop box, use an open source software as 7zip that will encrypt and zip. Otherwise, stop using drop box and move on to something else. One of the consequences of using the magical cloud is that your are bound to somebody else's rules for how they manage your data. Also note that those rules are subject to change at any time, and you don't have any say in those changes (I guess the only option is to speak with your wallet and move to greener pastures).

Comment New ideas get adopted when the old guard dies (Score 1) 625

If you could double the active lifespan of a (sane, healthy) individual, you'd get twice the amount of work for the same amount of high-school and college man-years. It's simple economy of scale.

New ideas are usually adopted once the old people with the old ideas dies . Classic example is the theory of relativity. There were brilliant physicist of their time who went to their graves refuting Einstein's theory because they had invested too much of their time and effort in the status quo. Furthermore, acceptance of the theory of relativity would have meant their work was invalid.

Comment Suggested Reading: Mythical Man Month (Score 2) 214

If you want some relevant history and insight on the struggles and triumphs of software engineering, I highly suggest reading the Mythical Man-Month.

What was surprising to me was the fact that something written in the 60's about software development is still very relevant today.

The engineers who worked on the IBM System/360 OS discovered software engineering through pure trial and error.

One of the classic insights from the book that I've seen companies (i.e. Microsoft) violate over and over is Brooke's Law. Brooke's law states that "adding manpower to a late software project makes it later." It is incredible how we reinvent the wheel everyday instead of taking time learn the from the trials and mistakes of others.

Another surprising insight to me at the time was the following. Although the engineers were working on a very technical problem, the biggest challenges they had to overcome were social/people challenges.

Comment small but definite probability RSA Broken (Score 1) 282

“Our conclusion is there is a small but definite chance that RSA and classic Diffie-Hellman will not be usable for encryption purposes in four to five years,” said Stamos

Laymen terms: There is a small, but non-zero probability that an asteroid will collide into the earth and destroy civilization in the next 4 or 5 years

My thought: There is a non-zero probability of INSERT_UNLIKELY_EVENT happening in the next 4 or 5 years. Should we panic? Nah. That is called life... There are no guarantees. If we worried about unlikely events happening...we'd be in a state of paranoia, fear, and constant worry of the next catastrophe. Oh wait....wrong thread.

Comment Cyber Insurance == Correlated Risk (Score 1) 71

Traditional insurance that include life insurance and fire insurance work on a key premise. This premise is that they can get enough different types of clients that can not only distribute the risk, but also decouple the risk.

Take fire insurance for example. A fire that happens in say Miami, FL is most likely not going to increase the risk of a fire occurring in Seattle, WA. Therefore a fire insurance company can make sure that the clients they select are geographically distributed to distribute the risk AND minimize the risk correlation.

In contrast, Cyber Insurance is somewhat unique from typical insurance because there is an inherent correlated risk that you run into regardless of how and where you choose your clients. Most clients run the same OS (Windows) and use the same software and AV packages. Therefore, a data breach that occurs with one client can mean other clients can be at immediate risk to also have a data breach

So what can happen is that a cyber insurance company can end up needing to pay out more money than they collect because breaches can happen concurrently or consecutively.

Comment Re:Internal politicing (Score 2) 124

This random system then prevents people from spending all their time scheming to set up the ideal circumstances where all the other candidates have been pushed under a bus. Also then they don't owe any favors for their job.

Even with that method....you would have the same problem. This is because of how a "qualified" candidate will most likely be defined. The "qualified" candidates will be the ones that are the most adept at politicking (i.e. backstabbing) and marketing (i.e. look at all the amazing things I do for company Z) themselves.

So you'd have a random pool of people who were all scheming and calculating there way to the top.

Comment Synching and sharing with random peers (Score 1) 69

I know this might be a bit more difficult, but It would be neat if you could distribute your files with random peers. Of course, the files stored with a random peer would be encrypted. It would be something similar to Buddybackup .

The advantage of synching and sharing with random peers is increased bandwidth and more redundancy in case one or more of your devices are not working or have limited network connectivity.

Comment Rationality of introducing ads (Score 1) 300

I don't particularly like ads on cable tv or video game consoles, but from a business perspective it is the rational thing to do.

Imagine you are an executive at a company that makes a gadget that users interact with. The user pays for the gadget along with the interactive services that the gadget provides.

Lets also suppose that the gadget is very popular and has a large user base. Being a profit-seeking individual, you as an executive come up with the genius idea of integrating ads into the gadget.

You demonstrate that by introducing ads you can immediately impact the bottom line in a positive manner (at least in the short term). Since most businesses are short-term oriented, everyone is excited. Your genius idea is implemented and you get a bonus that is commensurate with the money your idea brings in.

All the executives line their pocket and live happily ever after. As far as the consumers who were buying your gadget, if they eventually stop buying/using your gadget, so what. You got yours (golden parachute opens).....The end.

Slashdot Top Deals

Almost anything derogatory you could say about today's software design would be accurate. -- K.E. Iverson

Working...