Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment State level identification (Score 1) 59

Technologies like OAUTH 2.0 have been around for a long, long time, and their purpose is to provide a verifiable audit-trail for users.

And it works! Although there have been (and will always be) security issues, the reality is that technologies like SAML and OAUTH do provide a very useful level of trust.

Except that, although these technologies do allow for a useful transfer of identity, the agents widely used to provide this identity (the IDP) is never an entity that provides a uniformly useful level of identity.

Here I am: Bill Jones (not my real name) citizen of the UK (not my real country, either) and I have no way to properly assert that to, say, Bank of the West (not my real bank, either) or Northern Airlines. (not my real airline)

If I have to assert my true identity, I have a state-issued driver's license or passport. Why do I have no way to assert either of these identification documents electronically?

Why can't I use my passport ID to assert myself to the bank, or the airline?

Seems to me that it would be HIGHLY USEFUL if I could. And it seems to be self-evident and proper that the agencies that issue drivers licenses or passports could offer electronic identification, even if it's sourced out to a tech company with a good reputation.

In the US, it's now become increasingly common to have a unified electronic ID to interact with agencies: see id.me. This is a start, and I know government agencies work GLACIALLY SLOWLY so maybe by the time my grandkids are having babies this could be a thing.

Comment Eh? (Score 4, Interesting) 65

Eh?

> At some point you have to ask why you're using RAID at all. If it's for always-on, avoiding data loss due to hardware failures, and speed, then RAID 6 isn't really am great solution for avoiding data loss when disks get to these kinds of sizes, the chances of getting more than one disk fail simultaneously is approaching one, and obviously it was never great for speed.

If you're at this point, then using drives at all is probably already off the table. But I think this position is probably ridiculous.

I have many years of experience managing file clusters in scopes ranging from SOHO to serving up to 15,000 people at a time in a single cluster. In a cluster of 24 drives under these constant, enterprise-level loads, I saw maybe 1 drive fail in a year.

I've heard this trope about "failure rate approaching 1" since 500GB drives were new. From my own experience, it wasn't really true then, any more than it's true now.

Yes, HDDs have failure rates to keep in mind, but outside the occasional "bad batch", they are still shockingly reliable. Failure rates per unit haven't changed much, even though with rising capacities, that makes the failure rate per GB rise. It still doesn't matter as much as you think.

You can have a great time if you follow a few rules, in my experience:

1) Engineer your system so that any drive cluster going truly offline is survivable. AKA "DR" or "Disaster Recovery". What happens if your data center gets flooded or burns to the ground? And once you have solid DR plans, TRUMPET THE HECK OUT OF IT and tell all your customers. Let them know that they really are safe! It can be a HUGE selling point.

2) Engineer your system so that likely failures are casually survivable. For me, this was ZFS/RAIDZ2, with 6 or 8 drive vdevs, on "white box" 24 bay SuperMicro servers with redundant power.

3) If 24x7x36* uptime is really critical, have 3 levels of redundancy, so even in a failure condition, you fail to a redundant state. For me engineering at "enterprise" level, we used application-layer logic so there were always at least 2 independent drive clusters containing full copies of all data. We had 3 drive clusters using different filesystem technologies (ZFS, XFS/LVM) and sometimes we chose to take one offline to do filesystem level processing or analysis.

4) Backups: You *do* have backups, and you do adhere to the 3-2-1 rule, right? In our case, we used ZFS replication and merged backups and DR. This combined with automated monitoring ensured that we were ready for emergencies, which did happen and were always managed in a satisfactory way.

Comment Re: Seems strange to allow user input (Score -1) 108

Turning them off and landing in an empty field or on the Hudson, or rolling off the end of the runway may be preferable to the plane burning itself up in flight. It's extremely unlikely it was entirely unforced error and the pilot/copilot did something malicious.

Obviously it wouldn't be preferable ever at this airport, but there is an assumption that the pilots arent actively trying to down the aircraft.

There are thousands if not millions of ways a pilot can actively sabotage the aircraft. They are the one group on the plane that is trusted not to. It's nearly impossible to prevent it without removing them entirely from the plane. And all the passengers too ...

Sometimes, not very often ... the pilot is a problem.

Comment Re: Expectations (Score -1) 37

No.

No breaks or excuses.

You cant bolt security on after the fact. The entire protocol and application MUST take security into account from the start.

Trying to add security on after the fact is how we ended up with ActiveX on web pages and VBA in documents and NEVER WERE ABLE TO MAKE IT SECURE.

To make web browsers secure, they pretty much all started over (website, firefox) because trying to strap it on was impossible.

Comment Re: Fuel or electrical? (Score -1) 106

You dont typically use avgas in fuel trucks at large airports like this as most ICE engines are on small aircraft that dont fly in large airports for all sorts of reasons.

You dont fly your little Cessna single engine into an airport with 787s landing or taking off. Thats a nightmare/disaster in the works. The Cessna would be like a leaf in a hurricane.

They drive to a gas pump AWAY from the jet wash that will destroy them.

Larger prop driven aircraft are powered by turboprop engines - they use jet fuel as well, not areas.

It's not impossible of course, but pretty unlikely.

Comment Re: Really? (Score -1) 106

Nope, you can absolutely roll off the end of the runway at any speed except full stop. Take off is always a choice.

The landing in the other hand is governed by physics, mostly gravity. If you dont leave orbit, landing is mandatory, its only a question of when and what it looks like. The aircraft will be on the ground eventually.

It may be a good landing, it may be a fiery crash, but you absolutely are going to land.

Comment Re:Sums up the housing crisis (Score -1) 102

This is such cry-baby nonsense.

NONSENSE.

Since 2008, I have personally mentored dozens of young dudes (at no cost whatsoever, just because that's what successful people do).

I have helped poor dudes in bad neighborhoods buck up, get some side hustles, stack cash, and buy property.

You fucked yourself because you refuse to actually do someone to buy property. I don't know ANYONE, starting with even zero money, who couldn't find a nice home in just 2-3 years of saving money properly -- except the lepers in California, and fuck them anyway.

Comment Re: I know people who use Twitter (Score -1, Flamebait) 73

I would rather let Nazis speak and elect to block them myself than have an entire moderation team block everyone they disagree with.

Reddit is equally a shithole.

Heck. /. used to have a good libertarian minority and today it's nerds defending their trans kids here.

Comment Re:I'm Still Not Seeing It (Score -1) 36

I don't own a computer. I am not a programmer. I do everything from my iPhone.

In the past 10 years, I have spent tens of thousands of dollars on human programmers to create 3 web apps. Zero of them ever were finished. ZERO.

I used Grok AI to create 5 web apps. 3 of them were monetized almost immediately and have paying clients. All 5 have passed security checks that look for bugs or hack entry points.

One of the 3 monetized web apps took me all of 30 minutes using Grok, on an airplane, using my iPhone. I was able to download the files and upload them to a web server and the site was live. Literally 30 minutes and that website has created thousands of dollars of passive income.

I use vibe coding DAILY to make spreadsheets better for me and clients (I am not in IT). I use vibe coding DAILY to come up with cool functions for my web apps that people pay me to use.

Slashdot Top Deals

If at first you don't succeed, you must be a programmer.

Working...