Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Re:Tabs v. Spaces (Score 1) 300

Except that editors (I've look at you vim) still fuck it up in terms of lining up the tabs and spaces equally. In addition, my point was on standardization. Alice chooses eight because she's a web dev, Bob chooses 4 because he's a sane programmer, and Allen over in the corner chooses 2 because he thinks that whitespace is an abomination. None of that fixes the problem.

Comment Re:700GB (Score 1) 243

I also have CableOne. I pay $133/month for the "privilege" of uncapped "business" access that is supposed to be 100Mbps up and 10Mbps down. I fairly consistently get 115Mbps down and around 9Mbps up, so I can't complain about the service, other than the fee. Also, they foisted a "static ip" on me that was non-negotiable, but it only stayed static for about two months then went back to being dynamic.

Comment How about Snowden? (Score 1) 384

Why isn't this poll about Snowden? Unlike Manning, Snowden didn't deliberately expose multiple innocent people thus potentially putting their lives in jeopardy. Snowden is the definition of a responsible whistleblower. Manning indiscriminately dumped data for arguably personal reasons that had nothing to do with the greater good. Manning deserves at least some punishment, for reckless endangerment of multiple American lives.

Comment Two options (Score 2) 433

If this is a systemic problem in the company, then your best option is to get out as soon as possible because you aren't going to fix it.

A lot of people who are responding are assuming a bad work environment is systemic when it may not be. It is surprising how many dillholes manage to build themselves empires inside of bigger corporations without getting caught. I have faced this exact scenario at a prior job (manager was exactly like this, and she also had a weird sexual thing for me. Tried to use the whole gas lighting thing as a power play). Company wasn't bad, just her section. I managed to win an ultimately get her fired. The trick in this situation is to find ways to document their behavior and the fact that you were on the right side of the issue, then "inadvertently" expose them when they try to screw you over. If it looks like you are gunning for them, you look like the bad guy. These guys pride themselves on always sucking up to management and looking like the good guy. Your job, if you think it is worth fighting the battle, is to reveal their skullduggery, but make it look innocent. An example from my experience. This manager told me to make a bunch of bad design choices on a client's product. I knew they were wrong, and I told her as much, but she cut me down in front of my colleagues and the client (by misrepresenting the choices). Later I emailed her and said, I must have misunderstood what she was asking, and would she please clarify (thus appearing to submit and getting her to document her explanation, while subtly documenting why I thought it was wrong and that I had explained it to her). Of course the project turned into a train wreck. Manager summoned me to her office, and frankly propositioned me or threatened to get me fired over it if I didn't go along. I refused. Then, when we were presenting, the now horribly screwed up project to the client, as well as upper management in our company, I made sure to print off those emails and take them with me. Of course the meeting was a disaster, the client was mad, as was our upper management. As soon as they started questioning why we'd made all of these stupid decisions, and ignored some of the their direct requests and needs, my manager immediately started to turn on me and the rest of the team. She tried to make it sound like she was blameless and couldn't understand why we'd gone against her direct orders. After letting her dig herself in deep for a minute or two, I pulled our her emails that I had printed off, and said, "You're right! I don't know why things got so out of hand. When I emailed you for clarification, I thought I was very clear on these client needs. Let's use this meeting to do some constructive, 'lessons-learned'. I figured you probably had a superior picture of the requirements, and so that's why I followed your directions to the best of my ability. It must have been my misunderstanding."

Here I looked like I was just doing my job, and thought I'd made a mistake, but actually I exposed what a lying, piece of shit she was. A few days later, the rest of the team and I were each interviewed by upper management on how things had been going. Again, I didn't frame it as personal, or like I was trying to throw her under the bus, I just explained and showed email after email where I had tried to get clarification, after clearly explaining what she was demanding and why that wasn't a good choice, but each time I showed upper management the email, I pretended to be a bit naive on what could have gone wrong. Since I wasn't being "vindictive" it was pretty obvious where the problem was. The rest of my coworkers were only too happy to throw this lady under the bus because these types of jerks rarely screw with only one person. Next thing I knew, she got a forced "lateral promotion" to a dead-end position with no under-staff and shortly there-after got "laid-off".

Comment Re:Now it begins (Score -1, Troll) 1069

We've had a President, who has for eight years disrespected the Constitutional limits of the office. Has deported more illegals than any previous President. Has continued to bomb American citizens abroad. Has increased or at least not abated the spying on American citizens. Has continued to perpetrate the drug war. Has at every opportunity attempted to expand the administrative branch through endruns around Congress. Who installed two Supreme Court Justices, one of which (Kagan) doesn't even pretend to care about the Constitutionality of the situation and only wishes to further move the ball into the liberal side of the field. Who has race baited opponents routinely. Who spearheaded the takeover of student loans and the health insurance industry, against the will of the majority of Americans. Yet in spite of this, we are only now fucked? This is why keeping government power in check matters, even when your guy is in office.

Comment So black and white... (Score 1) 158

I love how the anti-smoking crowd is so black and white.
If you smoke you're an addict.
If you smoke you'll get cancer and die
If you smoke you'll give cancer to everyone around you
If you vape, you'll also get cancer and die, and give it to everyone around you.
If you smoke you'll be come more addicted than a crack addict.

Second hand smoke has never been thoroughly proven, when given the levels of tobacco smoke a person can reasonably expect to encounter. I enjoy a pipe or a cigar no more than once a month, but my doctor and insurance company treat it like I'm a two packs a day guy. I've been smoking an occasional cigar for years, never once have I ever run into some sort of addictive quality.

I have vaped in the past. All indication from serious studies on the matter are that nicotine by itself is a relatively harmless stimulant, with some actual positive benefits. It's bad for pregnancy, and some of the glycol solutions and heating elements may be bad for you, but again, we're talking extremely small doses, even if you regularly vape.

I love getting lectured about how I a terrible human being for occasionally enjoying tobacco and nicotine by a bunch hippies telling me about the miracles of pot, that will cure everything that ales you, and has no bad long term effects...

Comment As Some Who Worked in PCI... (Score 2) 76

This would never work in the US. As others have stated, the CVV number that you see is different than the one in the stripe. Since the advent of chip-and-pin finally starting to trickle into the US market, it has become less common, a lot of vendors still don't process transactions until the evening. For instance, when a restaurant uses your card, they may not go back and process your tip until the end of the day. In countries that have fully embraced chip-and-pin, transactions must be done at time of sale, so this type of dynamic pin can be utilized.

To be workable in the current US market, the bank would have to track the last several CVV patterns for a 24 hour period, however, if that is indeed what they are doing, they are effectively creating (60 / 3) * 24 = 480 valid pins in a sliding 24 hour window. That is far worse than a single pin. In fact, early implementations of chip-and-pin were vulnerable to these kind of problems due to the need to support long periods of time for transaction processing.

Bottom line: We can do a lot to fix fraud if the US would ever fully embrace chip-and-pin.

Comment So much whining (Score 0) 181

So Lenovo didn't want to out of their way to support a minor market segment. So what? They aren't selling to Linux users, if you don't like it, take your business elsewhere. Pretty sure the missing AHCI option was likely an oversight. If enough people want to run Linux, Lenovo will add back AHCI support or Linux/Lenovo will role out a driver.

I personally love Lenovo hardware. It's always been rock solid for me. Since I'm not a moron, I never keep the installed OS, so I don't have to deal with their crapware. Same goes with any other pre-installed laptop from anyone. Just a couple months ago I bought a Lenovo Y700-17ISK gaming laptop. I absolutely love it, and it is easy to work on (first thing I did was upgrade the hard drive size). Works fine with Linux. Right now I'm duel booting Qubes OS and Windows 10.

Comment Shying away from OOP(s) (Score 4, Insightful) 674

Few programs are more hellacious to write and maintain than code that has been overly-factored into classes, that inherit from other class, that implement some abstract that was inherited from other abstract, that isn't even called directly because it is actually a event handler or intent for yet another inheritance mess. OOP makes sense if used sparingly, if not, it makes GOTO spaghetti look sane.

Comment Re:Encryption != Integrity (Score 1) 89

You can prove that it is mathematical infeasible that your decryption, which is a valid file and displays a reasonable result, is NOT the one that the original user was expecting. That number, no matter how you arrive at it, is way, way less likely than a Fingerprint or DNA match being an accidental duplicate of an innocent person, so good luck making that argument to a jury...

Comment Proactive Monitoring (Score 1) 148

I think what the EndGame CEO was trying to state was that security needs to focus more on indicators of compromise and less on "defense" against compromise. As a redteam hacker, I agree. The fact of the matter is that securing the perimeter and the endpoint against all attacks is an impossible exercise. Too many security teams have that type of mentality, "Oh, you got in? No worries, just tell us exactly what you did and we will block that specific attack vector." What they should be focusing on, is developing the capabilities to detect the intruder that has breached their defenses. We all like to talk about the magical "APT" that has unlimited time and resources and can teleport around your network without making a sound, but it just doesn't exist. Even a very advanced, skilled attacker, with months of time, is going to need to perform significant recon on the network. Much of that recon is atypical behavior for a non-malicious user.

Detecting malicious behavior isn't even that hard, it just takes some knowledge of what we hackers do. Alerting on specific domain events, looking for specific traffic patterns, and profiling normal system behavior. Even a small security shop can greatly benefit by well-placed honey pots around their network. These type of things are not visible to an attacker, and if your network is reasonably secure, the attacker is likely to trip over one or more of them before they get what they are after.

Slashdot Top Deals

There's no sense in being precise when you don't even know what you're talking about. -- John von Neumann

Working...