Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Sorm: Russia Intends To Monitor "All Communications" At Sochi Olympics

ltning And how do they plan to deal with.. (193 comments)

...gnupg? ...tor? ...ssl+pfs? ...ssh? ...ipsec? ...openvpn? ...voip? .....<insert your favorite encryption/privacy tool here>?

Block everything? That would probably kick up more dust than the anti-gay legislation.

about a year ago
top

So What If Yahoo's New Dads Get Less Leave Than Moms?

ltning Re:Equal rights (832 comments)

It doesn't take 16 fucking weeks for a woman to recover from giving birth.

Have you given birth lately?

about a year ago
top

Google Reaffirms Stance Against Software Patents

ltning So they do like the communists... (197 comments)

...collect all the money so the rich capitalist bastards won't get their hands on them.

(s/money/patents/)

more than 3 years ago
top

"Digital Universe" Enters the Zettabyte Era

ltning I'm happy to see (137 comments)

That we have all become good citizens, backing up all our data. I presume the data recovery firms are all panicking now that all their potebtial customers have backups of everything, and thus no longer need their services.

Not bad to have a global backup ratio of >1:1

Personally I use RAIM (Redundant Array of Instant Messages) to back up all my important notes and communications. It only works as long as all my friends log everything too, of course.

more than 4 years ago
top

Web Copyright Crackdown On the Way

ltning DMCA.. (224 comments)

What on earth is the DMCA supposed to achieve, in the context of Ad-providers?

Sounds pretty scary to me.

more than 4 years ago
top

Why "Verified By Visa" System Is Insecure

ltning Article and "research" bad.. (243 comments)

The researchers, and the article writers, completely fail to understand that 3-D Secure simply defines the interfaces between the three domains in the security model. The actual authentication model used is chosen and implemented by the card issuer. If the card issuer would decide it wants to use passphrase+OTP in a separate window (for URL validation), it could do so. In fact, outside of the US, many do. In Norway, for instance, online payments are usually verified through something akin to a "national electronic ID", which despite its flaws goes way above and beyond simple passwords.

The article is so full of factual mistakes and displays such a complete lack of knowledge and understanding it's not even funny.

more than 4 years ago
top

Bell Starts Hijacking NX Domain Queries

ltning Re:Happens in Germany too.. (310 comments)

They SO do .. but it might be for certain T-DSL products only; I have no idea. I've seen it in action at two different homes in southern Germany (Bavaria). My "samplings" are from the latter half of July 2009.

I don't have proof, and I cannot produce proof as I'm not in Germany at the moment.

I guess you'll just have to take my word for it, eh? Or offer alternative suggestions as to what I've seen.

about 5 years ago
top

Bell Starts Hijacking NX Domain Queries

ltning Happens in Germany too.. (310 comments)

The Deutsche Telekom / T-Online does exactly the same in Germany.

about 5 years ago
top

Panel Recommends Space Science, Not Stunts

ltning Re:All well and good (304 comments)

I couldn't disagree more.
Curiosity and Creativity are the two most outstanding qualities of human beings, and neither can flourish without the other.

Why should painters paint? Musicians compose and play? They shouldn't, following your logic. They do so because they can, and the rest of us are left to enjoy the fact that they do.

I think it is of *vital* importance that we explore and research for its own sake, and not only with specific purposes in mind. Fundamental research is the most important research we do, and for it to carry any meaning, it MUST be free of expectations and purpose. Whatever comes out of it can only be seen as a bonus, not taken for granted. Those bonuses will pay off, as they always have.

more than 4 years ago
top

Net Shoppers Bullied Into "Verified By Visa" Program

ltning Re:Why not proper authentcation? (302 comments)

First mention I've seen of 3-D secure here. Good research.
Anyway: Visa does not impose the authentication method on the issuers; the issuers can do this in any way they prefer (within certain limits). Some use "web shopping passwords", some use one-time passwords, some use a SMS or email solution, some tie it into the online banking security platform, some use national ID.

Also, many of the current gripes with 3DS are being worked on; for instance the iFrame/domainname issues.

Keep in mind that 3DS (VbV/MCSC) does NOT entail any other kind of fraud screening (name matching, etc.); it is an authentication system ONLY. And, for the time being and for most card products, if your card is not enrolled by your issuer (voluntary or not) you won't be asked to authenticate, though you will sometimes be redirected to a component of the 3DS chain to check your enrollment status.

For the merchant, it's simple: Attempt to authenticate, and liability for fraud is shifted to the issuer. Card not enrolled? Not your problem. Card enrolled? Authorize if authentication OK, otherwise don't.

But as many have said: This is not primarily done for the cardholder. It's for merchants (lower risk -> more/happier merchants), banks (lower risk -> lower cost, more merchants -> profit!) and the card companies (Visa/MC, less fraud -> less brand damage -> more shopping -> profit!).

about 6 years ago

Submissions

top

ltning ltning writes  |  more than 7 years ago

ltning writes "After having had a rather loosely organized sysadmin group at work, with many responsibilities (stretching far beyond mere sysadmin work), the whole company is now trying to focus its people and departments in order to improve efficiency. This naturally causes the "free flow" of information between the departments to decrease, meaning that I no longer know "everything" about what the sales or customer service guys are doing, and vice versa. As part of the process, monthly status meetings have been established, where everyone is invited, and each department head is to present his or her departments work the last month. For sales, this is easy — sales numbers, statistics and pretty graphs speak for themselves (and they usually get an applause by the end of their presentation). For customer service, it's also quite doable — they report on the number of issues they had, resolving time, any problems with external providers etc., and they do customer satisfaction surveys.
But what is a sysadmin department supposed to do? Our work is, in its nature, pretty much invisible. Whenever it isn't, it's because something has gone wrong. I can show them uptime stats, but I have no idea how to explain — to computer-illiterate people — how much work it actually is to keep the uptime good. I can tell them that we had such-and-such many security patches and virus database updates to install ... "yea big deal, my computer at home does that automatically".
I'm wondering if these presentations won't be used to evaluate each department, in order to distribute bonuses etc. Therefore this becomes a rather pressing issue, from a strategic point of view. So, does the Slashdot sysadmin community have any experience with such presentations?"

Journals

ltning has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>