Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Are the NIST Standard Elliptic Curves Back-doored?

PureFiction Re:Meta review (366 comments)

What is concerning are the twice refuted efforts for RDRAND to bypass the Linux kernel pool mixing entirely, and the design decisions which intentionally make RDRAND an inscrutable black box and trivial for a VMM to intercept and modify. These are not accidents.

While there is no harm in using RDRAND to complement entropy on a system, by no measure should it be used as the sole source of entropy in a system.

about a year ago

Will Donglegate Affect Your Decision To Attend PyCon?

PureFiction Re:To the MODS (759 comments)

I tried to mod your comment +"insightful"; alas, I'm out of points...

about 2 years ago

Will Donglegate Affect Your Decision To Attend PyCon?

PureFiction Only If I'm Feeling Lucky... (759 comments)

the stars must align for a clusterfsck this big:

1) polemic agitator in attendance, in propinquity
2) opportunistic exploitation of overheard conversation occurs, twitter shaming to ten thousand
3) polemic agitator doubles down with histrionic blog post when twitter shame draws doubts and disapproval (this would be a crime in EU)
4) overly sensitive, over reactive start-up employer over compensates with firing, leading to social media furor, fanning flames
5) classy apology asking for less nuclear resolutions ignites the firestorm, critical mass achieved
6) juvenile hordes exact retribution on employers servers, DDoS'ing to oblivion until terms met
7) capitulation to vigilantes in a sea of misunderstanding drives media to madness

about 2 years ago

CCTV Hack Takes Casino For $33 Million

PureFiction Re:Backdoors Will be Used (308 comments)

"Are you really honestly claiming that, based on this one rare and isolated incident, that casinos all do good to improve their overall security by getting rid of their cameras?"

No, but the "security tools" they apply should also be considered as sources of risk in the overall risk management equation. Too often security products get a pass because, well, they're security products.

The witty worm is another favorite example of this position of privilege turned against you.

about 2 years ago

What Does a Software Tester's Job Constitute?

PureFiction Good Test Engineer == Dev/QA Toolsmith Automator (228 comments)

Your development background will be very useful in a QA / Test Engineer role, assuming you are considering joining a technically competent organization.

I say this because many companies have an antiquated view of "testers" as low skilled keyboard jockeys able to bang keys and input fields like monkeys on ritalin. Avoid these places like the plague...

A premium QA/Test Engineer will apply development and other solid technical skills to:

- Provision test systems spanning wide varies of operating systems, network configuration, applications and settings, in short: be able to build everything you need to test the systems tasked of you.

- Obtain a deeper understanding of the system under test; able to dig into code to discern logical errors and oversights, triage down to root cause and even suggest a fix/patch.

- Integrate test automation technologies into the software process so regression and performance testing is part of a continuous integration & test lifecycle. Manual testing should only be a part of your efforts, as software systems continually expand in scope and a manual-only test process will eventually be overwhelmed by progress.

- Extend and apply third party tools, ranging from code performance analyzers to network traffic capture/replay, code coverage analysis and unit test frameworks, fuzzers and chaos monkeys, etc.

- Understand security risks and defensive coding techniques to identify deficiencies in a code base or implementation/design which introduce vulnerabilities. Catching these defects before a product goes live is very rewarding and can be exceptionally cost effective.

- Develop internal tools or customize existing software using Shell, PERL, Python, Ruby, Java, C/C++, and other languages as required or appropriate for the task at hand.

- Communicate effectively with multiple stake holders in an organization: development, product support, marketing, administration, operations. These will all be interfacing with you and the ability to tailor the technical depth and nomenclature of your written and oral communications to each of these groups is critical to being an effective QA/Test Engineer.

And many other skills and capabilities I've not listed, depending on the context of your role in the group and the domain of the organization you work for.

Many people still consider QA a less important or prestigious occupation compared to other technical professions, like software development. While the prestige may be lacking, the job satisfaction of a competent QA/Test Engineer who applies development, operations, and security analysis skills to improve a product is significant.

The many varied resources you should incorporate into your tester toolbox is too long to list here. Many sites exist devoted to QA toolsmith / test automation / security analysis roles, and you're going to want some skills and tools from all of these specialties at your disposal.

Good luck! I hope you consider the switch; the world needs more competent QA/Test Engineers.

more than 2 years ago

America's Future Is In Software, Not Hardware

PureFiction Re:Oh yes, software (630 comments)

Just wait until we have matter compilers.

Except where I come from, we call them "ribosomes".

Yes; but knowing how to programming those matter compilers, ... GOTO 10

about 3 years ago

The Bitcoin Strikes Back

PureFiction Re:That's how money works - a shared hallucination (344 comments)

"Any medium of exchange is just as much a shared hallucination as bitcoin..."

commodity based you can at least barter with or consume; in general you are correct and we agree.

they all have trade off's. i'll take decentralized, secure (potentially anonymous) Bitcoin and fend off the hackers while others pay banking intermediaries high fees for transactions performed at their leisure, presumably with less risk.

to each their own... ;)

more than 3 years ago

The Bitcoin Strikes Back

PureFiction Re:That's how money works - a shared hallucination (344 comments)

"It has value because we pretend it does."

absolutely true!

fiat currencies are just as much a shared hallucination as bitcoin.

    at least bitcoins may provide more privacy...

more than 3 years ago

Evaluating Or Testing Utility SCADA Security?

PureFiction SCADA and Security are not yet integrated (227 comments)

SCADA systems are not designed, implemented, or operated with network and application level security concerns in mind.
  (Usually. The exceptions know who they are :)

Your compensating control is physical security to limit access to SCADA elements and programming. It costs more, but you have no sane alternative.

And before you get too cocky about that restricted air gap, consider Stuxnet turning such a strength into a weakness for exploit. At some point SCADA systems will be security conscious; that day is not today...

more than 4 years ago

How Tor Helps Both Dissidents and the Police

PureFiction Re:knowledge of the law (122 comments)

"... there's no way in hell you could EVER know what the entire body of law"

This is where jury nullification comes in. But they don't like that much either!

more than 5 years ago

The Drawbacks of Anonymous Surfing

PureFiction Tor is Easy via Transparent Proxy (233 comments)

You can make Tor very easy to use with any application (on Windows or other VMWare/OpenVPN supported OS) with JanusVM:

When you start the Windows VPN connection to the VMWare virtual machine that PPTP network becomes you default route. All DNS lookups, http requests, and other TCP traffic is now transparently routed through Tor. Simply disconnect the VPN to terminate anonymous onion routing...

Also see the user documentation: http://januswifi.dyndns.org:85/Instructions.htm

Transparent proxy avoids many common problems with explicit SOCKS configuration and DNS leaks. Worth a look...

more than 8 years ago


PureFiction hasn't submitted any stories.


PureFiction has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?