Slashdot Mirror


User: plover

plover's activity in the archive.

Stories
0
Comments
7,233
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,233

  1. Re:I want... on Scientists Invent World's First Anti-Laser · · Score: 1

    An anti-green-laser pointer would be nice.

    Yes. This would make a perfect Christmas gift for airline pilots!

    I think they should issue 5 kW YAG lasers to airline pilots. Far better than an anti-laser, it's an anti-laser-wielder laser.

  2. Re:who cares on Steve Jobs Health Worries Escalate · · Score: 1

    the reality distortion field around Jobs seems to make otherwise reasonable people forget very basic rules of investing and value.

    Spoken like a responsible long-term investor. In other words, someone to be taken advantage of.

    If you were instead to think like a typical short term trader of any sort (day trader, hedge fund manager wielding billions of dollars) things like basic rules of investing or value simply don't matter. When news of the CEO's health can cause a temporary fluctuation in the stock's value, you act quickly to take advantage of the situation. The true worth of the stock or stability of the company doesn't mean anything if you can short 100,000 stocks at $360 in the morning and clean up when they hit $355 in the afternoon. By the time you long-term investors begin to realize what's happening, the vultures have already drained real value from your investments, and punched AAPL's good name in the nose.

  3. Re:This is way over the top on Why Nokia Is Toast · · Score: 2

    For now, however, Nokia's cheap & ubiquitous approach has served them very well indeed.

    That was a great strategy in 2002 - 2007. But it's all over now.

    Let's not forget about the low-end price range. In 2008, MediaTek supplied complete reference designs for phone chipsets, which enabled manufacturers in the Shenzhen region of China to produce phones at an unbelievable pace. By some accounts, this ecosystem now produces more than one third of the phones sold globally - taking share from us in emerging markets.

    That's a direct quote from the Nokia CEO in his "burning platform" memo. China now owns "cheap & ubiquitous." Apple and Android now own smartphones. And Android just beat up Symbian at recess on the school playground and took its middle-of-the-line market share. Nokia has no strategy, very little future, and it really doesn't matter if you look at it from an American or European perspective. The only thing missing is Netcraft confirming it.

  4. Re:Way too many cheap quality phones on Why Nokia Is Toast · · Score: 1

    At one stage I was a Nokia user, then went over to Sony-E and am wondering about Blackberry, not liking the idea of a phone in my iPod, Windows in a mobile or the stuff that Sony-E is now coming out with.

    As far as the numbers of cheap phones goes, it turns out the Nokia CEO agrees with you. His "burning platform" memo http://www.engadget.com/2011/02/08/nokia-ceo-stephen-elop-rallies-troops-in-brutally-honest-burnin/ is an excellent prequel to their impending demise.

    At the lower-end price range, Chinese OEMs are cranking out a device much faster than, as one Nokia employee said only partially in jest, "the time that it takes us to polish a PowerPoint presentation." They are fast, they are cheap, and they are challenging us.

    What's happened is that Nokia's "strategy" was to coast. They didn't maintain the high end once Apple entered the market, and are now years behind. Android is beating them both in the high and now the mid price range phones, utterly destroying their now-stale Symbian OS. And in the low end, the Chinese have been shipping a chipset available for dirt cheap that lets any manufacturer knock out a phone at a cost far below the cost of producing anything at Nokia. So Nokia is now pretty much just another maker of expensive versions of cheap phones, and that's not a winning strategy, either.

    I don't know if Windows Phone 7 will be able to save them, but it's certainly no worse than the crap they sell now.

  5. Re:Oblig Non-Pedantic Question? on Un-Bricking Linux Plug Computers · · Score: 1

    I read on their site that they recommended running one of the network ports at 10/100 in order to manage the heat until they had a "solution". I was not comforted.

  6. Re:The problem is people on Are You Sure SHA-1+Salt Is Enough For Passwords? · · Score: 1

    The "three word" comment was not a literal recommendation (thus the words "maybe" and "or something".) It was an example of the types of restrictions an implementer would have to add in order to get better security compliance. A more considered policy (which three seconds of a /. reply does not produce) might include character set requirements, minimum lengths, dictionary checks, and other assorted end-user annoyances.

    The point is to get people thinking in terms of sentences instead of words. Sure, a grammatically correct English sentence may have less "raw entropy" than a random 10 character string, but it's much stronger than a 7 character password, and just as easy to remember.

    Make it usable, and people will use it. That's the point.

  7. Re:The problem is people on Are You Sure SHA-1+Salt Is Enough For Passwords? · · Score: 1

    Oh...I'll have to remember that! :-P

    ...in bed.

  8. Re:The problem is people on Are You Sure SHA-1+Salt Is Enough For Passwords? · · Score: 1

    Back in the mid-90s one of our Unix gurus ran Crack on a monthly basis and sent out emails to the violators. It was a small box with only a half dozen IT developers on it, but it was still pretty damn funny.

    Pretty sure we couldn't "officially" do that these days.

  9. Re:Cybercheat? on 61.9% of Undergraduates Cybercheat · · Score: 1

    That's because they thought they could simply steal that extra month of revenue from you with impunity. You were quitting anyway, so they were going to lose nothing by treating you poorly. There is no chance you'll ever become a repeat customer, so they don't care how you feel about being cheated. And if it was a dialup ISP, they saw the DSL or cable truck coming down the street, knowing they were in a dying business.

    It was a desperate business move coming from someone who was a thief at heart, rather than a business person. Yes, there is often a difference.

  10. Re:The problem is people on Are You Sure SHA-1+Salt Is Enough For Passwords? · · Score: 1

    I wasn't trying to provide a comprehensive list of password composition rules. What I was trying to say is that because we're dealing with people, we have to encourage them to make better password choices. Changing the mindset of people from "password" to "passphrase" or even "pass-sentence" is one place to start. It's an easy way to help average people think of more (number of bytes) data.

    Even if it's as inane as "omgilovejustinbieber!", it's probably not found in any hackers' rainbow table (yet.) But if you were to demand a 20 character password, people would be really mad, thinking "I don't know any 20 character words!" With a pass phrase, it's much easier to think of and to explain to users. Your error message can be fairly simple: "Your pass phrase doesn't have enough words for good security. Pick a longer sentence, and use some punctuation."

    And yes, you'll always have some people picking "aaaaaaaaaaaaaaaaaaaa." and variants. No scheme is perfect, but neither is security. If you can shift the number of weak passwords in your user base from 75% to 10%, that's a large reduction in your attack surface.

  11. The problem is people on Are You Sure SHA-1+Salt Is Enough For Passwords? · · Score: 3, Interesting

    Like TFA says, worry more about the passwords people choose. It doesn't matter if you use SHA-1, MD5, or an HMAC, if the idiot types "password" for his password, it's going to be discovered on the first loop of anyone's "common passwords" list.

    One way to get people to comply better is simply to refer to it as a "passphrase" instead of a "password". Maybe enforce "three word minimum" or something. Even if they just use a line from a movie, it's increased the search space dramatically over a single word.

  12. Re:Anomyous as largely a group of criminals.... WT on HBGary Federal Hacked By Anonymous · · Score: 1

    How can "anonymous" be a group?? People just say the act in the name of "anonymous" but they could say they act in the name of Holy Grail - it means nothing..

    Maybe slashdot needs to change the name of the "not logged in user" because this is getting fucking ridicules. Anonymous is NOT a group. Anonymous is NOT a "movement". Anonymous is an idea that you can have privacy in today's world. Even fake privacy, like Anonymous Coward on slashdot.

    People "acting in name of anonymous" or whatever is just retarded. There is no "anonymous" yet at almost all times we want to have that privacy - we all want all be anonymous. Anonymous is no one and it is everyone. How can people not understand something so simple???

    You're too late, the word is already a proper noun in this context. Whether you agree with the semantics of the name or not, they are a group because they acted like a group against MasterCard, and they have claimed the protective cloak of anonymity. Lacking anything else to call them, yet needing a name in order to work with the phenomenon, they are now effectively a group called Anonymous. And that's happened regardless of how the individuals who fired the LOIC feel about the name.

    It's just like a virus researcher calling a new worm Win32.Derp because he found the string "DERP" in the binary. People will create working names to refer to a thing. And several people acting in an organized or coordinated fashion is a thing we refer to as a group. The group who fired the LOIC at MasterCard did so beneath a screed that used the words "We are anonymous." It seems to me the rest of the people are perfectly justified in calling their group "Anonymous."

    Your argument reads exactly like this: "But packers are a profession, they wrap meat in paper and cellophane! You can't call a football team Packers because they don't wrap meat in paper!" The fact that it's a word that you use to mean something else won't take away the new meaning.

  13. Re:Security is for Other people! on HBGary Federal Hacked By Anonymous · · Score: 2

    I work for a telecom dealer that specializes in fulfilling corporate needs. All corporate sales are done through our website. A few of our clients are security companies. One of them (which will go unnamed) has a key purchaser who is completely computer illiterate. When trying to troubleshoot her difficulties using our website, I asked what browser she was using. She replied "Office 2003".

    After patiently instructing her on how to determine her browser and version number, it turned out she was using IE6. That was about 2 years ago. They still use IE6 to this day and have no intentions of switching off of it. Having dealt with a large variety of companies over the years, I think security firms are the most technically inept and the most likely to completely disregard online security.

    I think the problem is "risk analysis". It's the latest project management buzzword circling Corporate America, but the ones tasked with doing it have no idea what they're really doing, or what the risks really are.

    They'll put together a meeting to answer the question "what is the risk if we change everyone to IE8?" People in a conference room will toss out reasons like "It will break our internal web site, costing $50,000 to fix." "It will break compatibility with our trading partners, costing us $20,000 to mitigate." "It will mean we have to update our servers to the latest IIS, and upgrade our farm to Server 2008 and SQL 2008, and that's a huge risk for downtime, probably $10,000 in impact" which we all know is secret BOFH code for "I don't want to come in at 2:30 AM on Saturday to do this crapwork." So a business analyst puts up three fat tally marks under "IE 8 BREAKS ALL OUR STUFF!". Then someone says "It reduces our risk of malware" and "We can use Web 2.0" So the analyst puts a couple marks in the "IE8 BENEFITS" column, labels them each $0, and puts a sticky note reading Define 'malware' in the column labeled "PARKING LOT."

    Nobody says "The Treasurer's admin will surf to a cute puppy site where her PC will be infected with a drive by key logger, and the corporate bank accounts will be wiped out" or "The HR person will open a malicious PDF resume and all our employee payroll data will get leaked" or "The lead network engineer will have a javascript injected into his cache next time he uses the free wifi at the coffee house, and the hackers will get domain admin rights and use them to dump the credit card database" because it doesn't occur to them that a tiny hole in the wall is all a decent hacker needs. For that matter, it's all a script kiddie needs. But according to risk analysis math, 3 tally marks worth $80,000 > 2 tally marks tagged $0, therefore the answer is "don't upgrade".

    Any moderators who tag this '+1 Funny' obviously don't work in Corporate America, where we all know it's really '+1 Sad Truth'.

  14. Re:Let that be a lesson to you! on Woman Gets Revenge Courtesy of Google Images · · Score: 1

    You made my brain cry.

  15. Re:That's just sad. on Adobe's Reader X Spoils New PDF Attack · · Score: 1

    You know what's sad? My iPhone opens PDFs faster than Acrobat. How about when you have a network printer setup and you're not connected to that network Acrobat hangs the entire machine while trying to connect to it?

    Tell me again why we need our applications to be bloated and buggy when they're run on desktops?

    You may feel the need to have a bloated and buggy Acrobat, but I found that it's actually optional.

    By removing most of the plug-ins that it installs by default, it avoids a lot of the security holes. Do I give a damn if a PDF on my box can execute javascript, send an email, play a media stream, or be translated into a voice reader for the blind? No. So I yanked probably a dozen default plug-ins, and my Windows version of PDF reader has a much reduced attack surface as a result. As a side benefit, it opens documents almost instantly.

    Is my desktop box more secure than yours? Judged solely on that basis, I'd say yes. For every Acrobat Reader exploit out there, less than 10% would impact my installation. Something people are quick to forget is that security is never 100%, and they decry the 90% solution as "useless", but it's not. It's a numbers game. I'm willing to accept the risk of some possible vulnerabilities in Reader in exchange for being able to read most PDFs. And I'm willing to accept the loss of some content (media streams, javascript) in exchange for higher security.

  16. Re:Please take responsibility for your life. on 'Death By GPS' Increasing In America's Wilderness · · Score: 1

    "Warning! This Superman cape is only a costume, and does not enable the wearer to fly."

  17. Re:Cell Phone Jammers? on Prison Cell Phone Smuggling Out of Control · · Score: 1

    Why don't they just install cellphone towers specifically for prisons ;). If you do it right, the phones will always use your towers in preference to others.

    Extending this principle: 1. Give out cell phones to any prisoner who wants one. Secretly configure them to talk only to a special tower you control (not even the guards can know about that part). 2. All calls on those phones will be wiretapped. (prisoners have a lot less 4th Amendment protection than folks out of prison) This solves a couple of problems at once - giving out cell phones dries up the black market and allows those who want to talk to their loved ones, but since you're wiretapping them anyone who's trying to organize and escape or crime actually unwittingly helps the police catch and prosecute their accomplices.

    Won't help. They'll still smuggle in their own phones for doing deals or other crimes. Everyone will quickly learn that the "free" phones are tapped. The first time they prosecute a guy using wiretapped evidence from one of those phones he'd tell everyone else in prison, and the secret is dead. It's like cryptography: you can't base the security on keeping the algorithm a secret.

    The prisons could certainly install cells inside the walls that wouldn't serve the community outside the walls. Managing signal level is pretty well understood by those engineers.

    They'd have to post a sign at the gate that says "STOP! NO CELL PHONES! For security reasons all cell phone calls within this fence line are intercepted, monitored, recorded, and possibly blocked. This includes all cell phones including those belonging to visitors, attorneys, guards, doctors, and court officials. If you need to make an official confidential call while within the prison, please ask the warden and a secure wired land line will be made available to you."

  18. Re:Please take responsibility for your life. on 'Death By GPS' Increasing In America's Wilderness · · Score: 1

    I should think a decent trucker GPS would therefore be more useful in England than in America. Our city streets have signs indicating "Truck Route", and it just takes a small bit of reading to know which way trucks have to take. The signs won't point you down a street that can't handle a large rig. I recall London having a bunch of big streets that went straight and true for a while and then just ended at a goat-path. If the GPS could say "turn left BEFORE you get to the goat-path" that'd be a huge benefit.

    Or if you were driving through the countryside, wouldn't it be important to know which of the town's roads would be better for truck traffic (assuming that a town has more than one route through it?)

  19. Re:How to Mess with OnStar on 'Death By GPS' Increasing In America's Wilderness · · Score: 1

    Two farmers met, and were swapping stories. The Texan rancher boasted "My spread is so large that if I hop in my truck it takes me two hours to drive the fence line." The farmer from New Hampshire replied, "Yep, I had a truck like that once, too."

  20. Re:Please take responsibility for your life. on 'Death By GPS' Increasing In America's Wilderness · · Score: 1

    The same class of GPS map is sold in the UK; the problem is that they cost more than the cheap car GPS units. Taking Garmin as a sample manufacturer, the cheapest car unit they sell here is £99. The cheapest truck unit is £259. A trucker buying a GPS unit on his own dime because he's a bit unsure about how best to get to his destination, but isn't brave enough to ask the office to get the maps out is going to buy the £99 unit. And then he's going to foul up; if it wasn't such a problem for the rest of us, it'd just be funny.

    I think the general topic of the discussion being "stupid people are stupid" applies equally well here. Being too stupid to buy the right tool for the job is little different than following the GPS directions into an alley posted "DEAD END - NO TRUCKS", or into the sands of a desert that isn't posted anything at all except "DEATH VALLEY".

  21. Re:Please take responsibility for your life. on 'Death By GPS' Increasing In America's Wilderness · · Score: 1

    First, GPS trucker equipment comes with a caution that you still have to use them with your good judgment. If you see a sign that says 11'8", you'd better believe it. The mapmakers don't claim that they're perfect. They do claim, however, that if the GPS saves you from just one tow, ticket, rescue, or low clearance bridge, that the device was more than worth the money you paid for it.

    Yes, maps are not perfect. But at least the electronic maps can improve with age, if people bother to report failures and problems.

    And I'm not sure why you're complaining about "the goddamned map", either. I zoomed out from the exact Google link you posted above, and changed to map view, and I could clearly see that Deerwood Drive does NOT connect to Perimeter Road. Google doesn't try to link them as a through route, as you can see when you ask it to route between your old road and the airport's road:

    http://maps.google.com/maps?f=d&source=s_d&saddr=Deerwood+Dr&daddr=Perimeter+Rd&geocode=FSXUjAIdoZO8-w%3BFePQjAId3J28-w&hl=en&mra=mift&mrsp=1&sz=16&sll=42.784173,-71.525888&sspn=0.013669,0.025578&ie=UTF8&ll=42.78452,-71.52518&spn=0.013669,0.025578&t=h&z=16

    Google reports the route between the two dead ends is 4.2 miles long. So either find another error to complain about, or maybe you need to accept that people actually do fix problems. Shocking, I know, but it happens.

  22. How to Mess with OnStar on 'Death By GPS' Increasing In America's Wilderness · · Score: 4, Funny

    So if you're up there on those wintery roads and bored out of your mind, try this: Drive your OnStar equipped vehicle to the middle of a large frozen lake. Press the button. Continue driving in straight lines, occasionally stopping to make square left and right hand turns. Talk to the nice lady from India (or Southern California) who has never seen ice in any amount larger than a water pitcher, and tell her you're kind of lost.

  23. Re:Please take responsibility for your life. on 'Death By GPS' Increasing In America's Wilderness · · Score: 3, Informative

    A bigger problem over here in old blighty is articulated lorries getting stuck by driving down roads that are too narrow or otherwise unsuitable. One big problem in this case is it's virtually impossible to turn a lorry on a narrow road. So if the road starts looking bad the choices are to carry on and hope they don't get stuck, try to reverse out (very slow and likely to require a second person) or tow the lorry out.

    In America, there are GPS maps created by commercial services for sale to the trucking industry. These maps include weight restrictions, width and height restrictions, truck routes, diesel fuel truck stops, tire and service centers, all kinds of information that is specific to the driving of big rigs. I would assume you have similar services available over there. But if your ordinary trucker thinks he can just drop a $99 Garmin on his dashboard and use it to drag a 30 tonne trailer to wherever he wants, well, that's almost as foolish as trying to cross two hundred miles of desert because there's a little blue line on the screen.

  24. Re:You don't have to be non-random for fixed winne on Statistician Cracks Code For Lottery Tickets · · Score: 1

    Sorry for the misunderstanding, I just reread your previous post, clarified it in my mind, and realized I've just parroted exactly what you suggested in the first place. Damn, where is that "remove stupid post" button when I need it? :-)

  25. Re:You don't have to be non-random for fixed winne on Statistician Cracks Code For Lottery Tickets · · Score: 1

    Just completely wild-assed guessing here, but I'm wondering if they developed just one algorithm to "fill in the blanks with interesting but guaranteed non-winning numbers". The algorithm looks at the starting condition of the board, selects random numbers that do not correlate with any values already on the board to ensure they don't create extra winners, then fills in the blank spots. TFA's statistician guessed that this algorithm seeds the cards with several two-in-a-row kinds of things in order to make it more exciting. So I'm suspecting that because they want all cards to be equally intriguing to the buyers, they start with the winning sequence of numbers, then run that same algorithm to fill in the rest of the digits. Very non-random, and he spotted it.

    I think their problem is in their whole approach to preventing "extra" winners. They appear to be taking the safest route to guarantee that only known winning cards are produced by completely avoiding the winning numbers in the random fill-in data. If they instead reused all numbers (including winners) to fill in the empty spaces, and added a final one-winner-only check (discarding any game card with winners other than the intentional winners) they might be able to avoid this problem. But again, that's a "might". Study would be needed before I'd run down there and say "here's a statistically random algorithm to generate interesting game cards."

    Actually, it being a lottery, a whole pile of cash would be needed before I'd run down there and say anything at all! :-)