Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Google Pressure Cookers and Backpacks: Get a Visit From the Feds

Ytsejam-03 Re:Wireshark (923 comments)

The NSA could also be getting duplicate copies of customer certs issued by CAs in order to play MITM.

Presumably you mean certificates using NSA-generated key pairs, but that are otherwise identical to the "customer certs".

about a year and a half ago

Trade Group: US Software Developer Wages Fell 2% Last Year

Ytsejam-03 Re:Ah the myth of amazing software tech (237 comments)

winning the day. Didn't work our so well for Corel did it? Or Novel? Or Sun?

I assume you meant Novell.

Yeah, you're few good programmers will make better code, but my 100 code monkeys will make more of it.

Novell isn't really a good example. Starting in the late 90's, they began laying off employees in the states and replacing them with cheap labor in Bangalore. That didn't work out so well.

Especially telling was a blog post by then-CTO Jeff Jaffe sometime around 2008, where he talked about the superior quality of Novell's software. Only problem was that quality had been steadily declining for the past ten or so years. The comments section was full of Novell customers telling the CTO that he was full of shit.

Jaffe was fired (er, resigned) a year or so later, so that blog post is long-gone. Fortunately, the wayback machine has a copy.

about a year and a half ago

Azure Failure Was a Leap Year Glitch

Ytsejam-03 Not a surprise... (247 comments)

The story yesterday said that they were having a problem with certificate validation. The routine they were using to validate certificate expiration must not have been able to handle the leap year. I wonder what non-standard API they were using to process the expiration date. That reminds me of another article that I read yesterday.

more than 2 years ago

RSA Admits SecurID Tokens Have Been Compromised

Ytsejam-03 Re:Dear Customers... (219 comments)

With RSA doing the keyfill at point of manufacture, the customer just needs to load the seed file for the entire batch onto their authentication server and then hand out the token

Don't forget that the tokens also expire every couple of years. If it customers were able to load a new seed themselves, then they wouldn't need to purchase new ones as often.

more than 3 years ago

How Facebook Ships Code

Ytsejam-03 Bug Free Code (314 comments)

Interesting article, especially this little snippet:

re: surprise at lack of QA or automated unit tests — “most engineers are capable of writing bug-free code. it’s just that they don’t have an incentive to do so at most companies. when there’s a QA department, it’s easy to just throw it over to them to find the errors.” [EDIT: please note that this was subjective opinion, I chose to include it in this post because of the stark contrast that this draws with standard development practice at other companies]

This guy's obviously fresh out of college. It would be interesting to hear from someone with a little more real-world experience.

about 4 years ago

Security Lessons Learned From the Diaspora Launch

Ytsejam-03 Re:Security (338 comments)

If it were, say, a private company producing this product, wouldn't they have subjected it to the normal quality control processes in software companies...

But what exactly is that process? The QA process can vary widely from company to company and product to product.

There are several factors that can influence the quality of QA:

How important is the product to the team/company/manager and middle-managers involved?

Is the QA team responsible for more than one product? If so, which product is given the most priority?

Is the QA team staffed to adequately test each product assigned to them?

What is the individual skill and experience level of each team member? Does anyone on the team have experience finding and testing for security vulnerabilities?

Does the company actually have a qualified "in house security specialist"? How involved is he/she in the product design and QA process? Such a specialist should review and approve both the initial product design and the test plan.

How much testing goes into each release? IE: Does the team perform a full regression (re-executing the entire test plan, which can take weeks or months), or do they focus their efforts only around the new features that were added, potentially missing bugs that may arise due to an unanticipated affects that new features might have on other components in the system?

Commercial software companies often ship products with serious security flaws, in spite of the reasons you listed. Some products receive through testing and others don't. It doesn't matter much whether or not the product is a commercial offering.

more than 4 years ago

Calculating Password Policy Strength Vs. Cracking

Ytsejam-03 Re:Is this a problem? (231 comments)

Most systems have a "three strikes and you're out for 5 minutes". So that kind of makes 65 guesses a minute impossible. You'd have 3 every 5 minutes.

You're missing the point. This isn't so much about guessing the password in network logon attempts as it is about guessing passwords on already-compromised machines. Since users frequently use the same password on multiple systems, a password file from a compromised workstation will sometimes yield valid passwords for other not-yet-compromised systems. Local passwords can also be useful in decrypting hard drive contents in cases where the encryption key is stored locally, wrapped with the user's password. The faster an attacker is able to crack passwords in the password file, the more time he has to further compromise the network without being noticed.

more than 5 years ago

Sandals and Ponytails Behind Slow Linux Adoption

Ytsejam-03 Re:Yeah... (948 comments)

Having been on both sides of the issue now, I think there's a lot to be said to matching your dress and other aspects of your personal image (hair, accessories, etc.) to the impression you want to create.
I could not have said it better. I experienced this first-hand just after finishing college. I had long hair reaching about half way down my back through most of my twenties. I noticed a significant difference in the way I was treated after cutting my hair.

The most notable difference was when I would go out with my wife. When I had long hair, about half the time the waiter would give her the check. Now that I'm clean-cut this almost never happens.

I was already a couple of years into my career before I cut my hair. I'm a software developer with a large company (not Microsoft), and managed to land this job and two previous jobs in this industry before cutting my hair. I'm happy with my job, but I wish I had cut my hair earlier. If I had, I belive that I would have had more opportunities after college, and as a result could probably have negotiated an ever higher salary.

Everyone judges you on your apperance whether they are aware of it or not.

more than 8 years ago


Ytsejam-03 hasn't submitted any stories.


Ytsejam-03 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?