Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

The Security Industry Is Failing Miserably At Fixing Underlying Dangers

johnnys Here's the problem. (205 comments)

The "Security Industry" makes money for the shareholders selling "stuff". Any time they see a problem, they will treat it as an opportunity to sell more stuff, since that is how they make money. If the problem is because the customer has already bought too much stuff, they will still try to sell the customer more stuff since THAT IS WHAT THEY DO.

So if you want to be secure, what do you do? We all know: You get rid of crappy software, simplify your systems, remove unnecessary cruft and hire developers, network systems people and architects who can build you what you need securely. You do NOT hire the cheapest meat puppets who can find the company website and spell "javascript" and you don't outsource your security to the lowest bidder.

This requires real effort on the part of the company paying for all this: They need to recognize that the "Security Industry" and their shiny, happy sales droids are just parasites ripping off the public with the "latest and greatest security stuff that will really protect you this time I promise not like all the other times, I really really mean it THIS time!".

They really need to understand that the RIGHT way to GET Security is to design it in, have the right people building and managing it and proper oversight over all of it. To do that you have to treat it as a profession and a core part of what the company does, not as a "service" or "product" that can be "bought in" or "outsourced" to a low bidder.

Security needs to be treated as a profession in any company with a significant cyber presence, just like the accounting them, the legal team and the core business functions. Pretending it's "just something that we can buy from a vendor" is short sighted and ignorant.

about a month ago
top

Harley-Davidson Unveils Their First Electric Motorcycle

johnnys Re:Dead on arrival (345 comments)

Wrong! Wrong! Wrong!

90% of motorcyclists are perfectly reasonable people who ride motorcycles with the original quiet mufflers, or a reasonable muffler that is not a lot louder. The 10% of cretins who ride with earsplitting open pipes are the MINORITY. Don't think that because they make 90% of the noise that we're ALL like that.

I've ridden 40,000 miles on motorcycles in Canada and the USA and I always had a reasonably quiet muffler. So please don't keep spreading the lie that "90%" of us are lowlifes: There's probably a MUCH higher percentage of politicians and bankers who deserve culling than motorcycle riders!

about a month ago
top

US Supreme Court Invalidates Patent For Being Software Patent

johnnys Re:Oh please please please (220 comments)

I think everyone else was paralyzed with the shock of seeing such "blinding common sense" come from a government institution. You were the first person to recover from the shock, so you get first post.

about a month ago
top

German Scientists Successfully Test Brain-Controlled Flight Simulator

johnnys Not impressed. (73 comments)

Call me when this helps get my LUGGAGE to the same airport as me.

about a month ago
top

One-a-Day-Compiles: Good Enough For Government Work In 1983

johnnys Only ONE day??? (230 comments)

You got your compiles back the NEXT day? Bloody luxury!!

At my high school, we had to write our own programs, punch them ourselves and submit. We then had to wait 2 days to see if they compiled!

You young whippersnappers with your fancy "gcc" have it so much better! And get off my lawn!!!

about 3 months ago
top

Ask Slashdot: the State of Open CS, IT, and DBA Courseware in 2014?

johnnys There's a lot of overlap between CS and Philosophy (84 comments)

Philosophy questions:
1. Why?
2. Why is life a living hell?
3. What did I do to deserve this?

CS questions:
1. Why?
2. Why is life a living hell?
3. What did I do to deserve this?
4. What evil b*st*rd wrote this g*d*mn*d compiler?

about 4 months ago
top

Ask Slashdot: Moving From Tech Support To Development?

johnnys Follow your passion and keep your options open. (133 comments)

If you find "problem solving" to be your passion then follow it, but try to make sure you don't follow something that will limit you later on: If you think Java is interesting then go ahead and learn it BUT make sure you learn the general skills in programming over the particular skills. Learn how to program then learn the language. That way if opportunities around Java go away, then you are set for what's next.

You may find that "problem solving" leads to programming now, but as you grow and develop new skills and interests it may lead to something else, then something else after that. If you can keep your passion then you will be motivated to keep going and learning new things.

about 4 months ago
top

Full-Disclosure Security List Suspended Indefinitely

johnnys Nonsense. (162 comments)

There's a meme going around that "Fact is, you cannot make a secure product," is somehow a "Truth" that we all just have to accept.

This is just BS. Of course you can make a secure product. You just have to commit the time and resources to make security your top priority.

If you want to securely control your HVAC systems in your data centre, don't connect it to the Internet: Hire a person to operate it. If you want to securely control your nuclear reactor, don't connect it to the Internet but hire a staff to operate it using air-gapped systems.

If you want to save money on salaries by connecting your critical systems to the Internet using commodity CPUs that don't separate writable RAM from executable RAM, and operating systems designed for single user with poor security built in, and software written by the lowest bidder using languages that encourage lazy programmers to write buffer overruns, then you will save money but there's no way you can make a secure product. But don't pretend it's a universal fact that security is not possible: Recognize it's your own penny-pinching that is causing the problem.

about 4 months ago
top

Is Analog the Fix For Cyber Terrorism?

johnnys Lots of unproven assertions here. (245 comments)

"obvious: that 'every digital system has a vulnerability,' "

So far, this has been demonstrated (NOT proven) only in the current environment where hardware and software architects, developers and businesses can get away from product liability requirements by crafting toxic EULAs that dump all the responsibility for their crappy designs and code on the end user. If the people who create our digital systems had to face liability as a consequence of their failure to design a secure system, we may find they get off their a**es and do the job properly. Where's Ralph Nader when you need him?

And as the original poster noted, you CAN isolate the control systems from the Internet! Cut the wire and fire anyone who tries to fix it.

"analog protection systems have one big advantage over their digital successors: they are immune"

Nonsense! There were PLENTY of breakins by thieves into banks, runaway trains, industrial accidents and sabotage BEFORE the digital age. There was no "golden age" of analog before digital: That's just bullsh*t.

about 4 months ago
top

Atlanta Gambled With Winter Storm and Lost

johnnys Speaking from Canada, eh? (723 comments)

REAL northerners are NOT making fun of the grief and hassle that the good people of Atlanta are facing. We've all seen what happens when the weather gets bad, and we're having problems right now ourselves so we can all relate. See: http://cnews.canoe.ca/CNEWS/Ca...

So I wish you the best of luck and hope you get sorted out soon!

about 6 months ago
top

HP Brings Back Windows 7 'By Popular Demand' As Buyers Shun Windows 8

johnnys Does this mean I can get drivers? (513 comments)

OK, so now that HP has pulled their head out of their *ss and realized that NO-ONE likes Win 8, are they going to release any drivers for those of us who bought their "Envy" systems and need the drivers for Win 7 so we can make those "Envy" systems work properly?

Or, since they already have our money, are we SOL?

Hmph. SOL it is, then.

about 6 months ago
top

Canadian Music Industry Calls For Internet Regulation, Website Blocking

johnnys Re:Those canucks are really pissing me off now (198 comments)

At least have the decency to mention the important thing the Harper government got RIGHT: Limiting the scope of how hard the CRIA can screw the individual downloader. We see HUGE penalties in the USA for poor people getting nailed for "copyright infringement" but at least in Canada Harper has limited that to $5,000CDN for "all infringements involved" so no-one has to lose their house over downloading a few songs to listen to at home. That is a HUGE benefit and protection to the average person here in Canada who just wants to listen to music. It also forces the music labels to leave the music lovers alone and go after the commercial infringers, since they can't exploit individuals as a "cash cow".

Also note that these copyright changes are all REQUIRED under international agreements that Canada is party to, so you can blame Harper all you want but no-one else could have done any different. IMHO, I think he got the best deal possible out of a crappy situation!

See: http://laws-lois.justice.gc.ca...

(b) in a sum of not less than $100 and not more than $5,000 that the court considers just, with respect to all infringements involved in the proceedings for all works or other subject-matter, if the infringements are for non-commercial purposes.

http://www.theglobeandmail.com...

about 6 months ago
top

The Spamming Refrigerator

johnnys What did you expect? (90 comments)

If you give someone the opportunity to make money without holding them to account for the consequences of their actions, don't be surprised when they create, market and sell crappy insecure products to the public.

THIS is what Ralph Nader was talking about in his book "Unsafe At Any Speed". The car makers were putting unsafe, crappy cars (like the early Chevy Corsair) on the road to make money and deliberately rejecting any moral or legal responsibility to make the cars safe. It's happening again: Now we have software makers all over the world from the largest to the smallest that are making crappy insecure software and getting out of any responsibilities through EULAs that let them off the hook. And the software is insecure garbage that allows malicious attackers to screw with the gadget or computer you just bought, so they can rip you off or steal your identity or whatever they like.

And they are going to keep on doing this until there is legislative or other pressure put on them to take responsibility for their actions. You decide how likely that is.

about 6 months ago
top

Ask Slashdot: How Would You Secure Your Parents' PC?

johnnys Re:Linux (408 comments)

The last time my 82 year old father-in-law visited, he wanted to check some web news sites so I handed him my netbook running Ubuntu. Half an hour later, I told him he was using a Linux system and he was happily surprised since he was used to Win7.

What I learned at that moment is that IF you provide a good system running Linux and presenting the apps a user needs in a usable way, THEN the user doesn't really care whether it's Linux or whatever. Firefox and Thunderbird and Libre Office really are good enough (or better) for any "normal" user doing "normal" things.

I haven't converted his home system yet, only because he has a son who does support for him, so it's Not My Problem. :)

about 7 months ago
top

D-Link Patches Critical Vulnerability In Older Routers

johnnys Well that's good. (54 comments)

Good guy D-Link!!!! It's nice to see a manufacturer actually helping out their customers instead of just making them buy a new router.

about 8 months ago
top

Speed Test 2: Comparing C++ Compilers On WIndows

johnnys Inaccurate test. (132 comments)

According to the fine article, "The Intel compiler occasionally âoecalls homeâ to an Intel-owned Website to check licensing information. When it does so, it prints out a message about when the current license expires. I didnâ(TM)t use the results when that happens, since it would add time and skew the timing results. " WRONG. The tester should not have excluded these results where time was wasted with this nonsense: If WE the users have to put up with it, it SHOULD be included in the benchmarks.

about 8 months ago
top

Ask Slashdot: Best Open Source Project For a Router/Wi-Fi Access Point?

johnnys Re:DD-WRT on Buffalo hardware (193 comments)

This is probably not what the OP wants to hear (surprise! It's Slashdot after all) but I agree that a VERY good option is a Buffalo router. I bought a Buffalo WZR-600DHP running DD-WRT and it has been completely reliable in my SOHO environment. The feature set, tunability and capabilities of DD-WRT on this device are extensive and impressive.

I have tried DD-WRT on some older routers (Linksys) in the past and although the features were there the reliability and dependability were just not there. I had to reset every few weeks and reconfigure. So when I saw Buffalo was using DD-WRT I decided to try it and I have been very happy.

about 10 months ago
top

Ask Slashdot: What To Do When Another Dev Steals Your Work and Adds Their Name?

johnnys Wayback machine? (480 comments)

Would the wayback machine or something similar be able to retrieve the originals? Or, could you get a signed letter from the original client that this was your work? Then you could talk to a lawyer about copyright infringement.

If the original client won't cooperate, perhaps you could send a DMCA takedown notice asserting your ownership of the copyright for the original digital content.

about a year ago

Submissions

johnnys hasn't submitted any stories.

Journals

johnnys has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...