Slashdot Mirror


User: Opportunist

Opportunist's activity in the archive.

Stories
0
Comments
44,848
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 44,848

  1. Re:False Positives on Ask Slashdot: Share Your Security Review Tales · · Score: 1

    You cannot but the CISO can or at the very least he can put it on the table the next time the C-Levels meet and discuss why the audit failed. This will also probably not result in you switching payment providers, but at the very least it will move the problem out of your hands.

  2. Re:I agree - moon first on Vice President Pence Vows US Astronauts Will Return To the Moon (engadget.com) · · Score: 2

    Mostly because it's way, way harder to do than Mars. Personally, I'd guess it's pretty much impossible with current technology to do a manned mission to Venus.

    And I'm not even talking about the atmosphere yet. The dV budget required to get to a stable low orbit around Venus is already higher than for Mars, and as soon as you wish to land you are really in trouble. Ok, you can aerobreak on Venus, that's nice for going down, but the question is how you get up again. You need about 10k dV to get from the surface of Earth to LEO. From the surface of Venus to LVO you'd need approximately 27k dV. Nearly THRICE that.

    You remember the kind of rocket we used to launch humans into space for a trip to a piece of rock that's practically rolling around in our back yard?

    You have to build a rocket more than three times that size on the surface of Venus. Provided you're fine with going to Phobos or Deimos. It might need to be a wee bit bigger to bring along the fuel for the trip to Earth.

  3. Re:the hell!? on The Google Clips Camera Puts AI Behind the Lens (theverge.com) · · Score: 1

    No, but I can make sure that the door is locked when I stand in front of it and only take a picture of the door when I know that it is locked.

  4. Re:Waning glory... on 20 Years of Stuff That Matters · · Score: 1

    In every life, of a human being, of a company, of a country and even of a website, there is four phases. People liken them to the four seasons. Spring, with its growth, Summer where things shine and where you are on top, Fall when the momentum keeps you going despite being past your prime and Winter when you slowly wither away and die.

    The reasons for this development are mostly dependent on the people you usually have in the phases, and the fact that people, too, change with time, and so does their attitude towards the thing going through the phases. At the beginning, when excitement is high and people want this Big Next Thing to succeed, they gladly put in hours of work and lots of their energy and effort despite seeing little reward, because they want it to succeed. If it does, it's easy to keep pressing because you see the rewards, but you also start to get complacent, especially when you see that it does actually keep going even if you don't keep pressing like mad, and that leads towards the decline. And with decline comes a general dislike to redouble the effort. After all we've done that already, wasn't that enough? You'd need the same kind of enthusiasm that you had at the beginning, but rarely you can motivate people to do that again. They're used to getting their rewards, usually also pretty easily because they benefited from the time when lots of energy was invested for little reward, why push it again?

    And with this comes stagnation and decline.

    That's how things go, everywhere. Webpages and boards are no difference here.

  5. Re: Not a first post on 20 Years of Stuff That Matters · · Score: 5, Funny

    Slashdot. The only place where penis envy is about having the smaller one.

  6. Re:Happy Birthday Slashdot on 20 Years of Stuff That Matters · · Score: 2

    And still one of the top news for nerds sites out there

    Which probably says more about the general amount and quality of "news for nerds" than about /....

  7. Re:Slashdot Died when CmdrTaco Left on 20 Years of Stuff That Matters · · Score: 4, Interesting

    That's true. We did have a more sophisticated kind of trolls back in the days.

    But in the early days, there were true masters of the dark art, they could make comments so carefully crafted to goad you into actually replying in an attempt to actually engage in a meaningful discussion, and they even replied. Not even with canned statements but with witty, if trolling, remarks. Back then it was actually a challenge to know whether someone's just trying to fool you.

  8. Re: Slashdot Died when CmdrTaco Left on 20 Years of Stuff That Matters · · Score: 2

    Back when slashdot was slashdotted by being slashdot...

  9. Re:the hell!? on The Google Clips Camera Puts AI Behind the Lens (theverge.com) · · Score: 1

    Hey, that's actually a good idea.

    One of my concerns whenever I leave my apartment is whether I locked the door. Many days I turn back to see whether I did actually lock the door. Invariably, I did. Doesn't really help that I, so far, never ever left the door unlocked. That nagging feeling that I just might have not locked it this one time is always present. And yes, of course I remember that I locked the door. But was that today? Or is it an older memory? But I could take a picture of the locked door as a reminder that I did actually lock the door. Good idea.

    But I somehow doubt that the AI would consider taking a pic of my closed door a "worthy kodak-moment". Instead you'll probably get a lot of pictures nobody asked for, of people who never wanted to be photographed.

  10. Re:This is what people want! on Mattel's New Baby Monitor Uses AI To Soothe Babies and Lawmakers Aren't Happy About It (washingtonpost.com) · · Score: 3, Insightful

    I doubt anyone minds the educational angle, what people are worried about is the marketing angle.

  11. You should've gone to a Catholic school if that bothers you.

  12. Re:Telescreen on The Google Clips Camera Puts AI Behind the Lens (theverge.com) · · Score: 3, Insightful

    And just like with Brave New World, some people actually see the dystopian future as utopian.

  13. Re:the hell!? on The Google Clips Camera Puts AI Behind the Lens (theverge.com) · · Score: 1

    So he can bore the world with the minute details of his insignificant life on an unprecedented level.

    Back when I was a kid, relatives bored you out of your skull with carousels and carousels of their holiday slides. The internet changed that, now it's easier than ever to tell them you're going to watch it at home while ignoring them altogether.

    Didn't stop anyone from taking those slides, though, in the vain delusion that anyone but they themselves actually wanted to see those pictures.

  14. Re:corplife on Ask Slashdot: Share Your Security Review Tales · · Score: 1

    The CIO's "policy is two factor authentication -- all APIs require a username and password"

    I guess that's the IT version of "we have both kinds of music - country AND western".

  15. Re:Scan Platform & Source, then do Fuzzing on Ask Slashdot: Share Your Security Review Tales · · Score: 1

    Hey! I sell that knowledge! Would you kindly shut up? :)

  16. Re:Encryption everywhere on Ask Slashdot: Share Your Security Review Tales · · Score: 1

    Wow. Just wow.

    Who did these bullshit requirements come from?

  17. Re:False Positives on Ask Slashdot: Share Your Security Review Tales · · Score: 1

    A tool is only as good as the people using it and an automated tool is only as good as its configuration is valid. The GPs problem is one of faulty configuration, and he's not the one who could (or should) change it.

  18. Re:False Positives on Ask Slashdot: Share Your Security Review Tales · · Score: 1

    Invite your CISO to a meeting. Tell him about this problem, explain to him that the exploitable ciphers are not used by your company (bring proof!) and that the automated test needs to be remodeled to fit your case.

    It's likely that your CISO doesn't even know about it, and he's the only one that can sensibly end this madness.

  19. Re:Here we go.. on Ask Slashdot: Share Your Security Review Tales · · Score: 1

    Process management fail.

    Second question should be "If Yes, are you using the company standard X building block OR is your job to redesign the standard X building block?"

  20. Re:I'm an encryption researcher on Ask Slashdot: Share Your Security Review Tales · · Score: 1

    Why?

    I mean, yes, I can, but why would I? More, why would I trust a routine I wrote more than one that has, by its very nature, survived countless security reviews from countless security researchers and specialists?

    Your routine is as secure as you are. Commonly used ones are as secure as the security community can make them.

  21. Re:You MUST have anti-virus with current signature on Ask Slashdot: Share Your Security Review Tales · · Score: 2

    You jest, but that's what we did.

    Very similar setup, a completely isolated network with no way to bring data in an automated way into it. Data was entered manually only and extracted on CD-Roms. Similar problem, getting any kind of data line in would have required unacceptable security breaches. And similar requirements, i.e. all machines need antivirus software.

    So we wrote one. What that software basically did was to routinely check all hashes of all files on the machine (with the exception of the data files that contained text-only and some system files that didn't want to play nice) and locked the machine if they found a single file that did not match the whitelist.

    A "signature update" was basically us recalculating the hashes whenever a planned change occurred on a machine. Since that happened with a frequency of about once a month (i.e. at MS patchday) and we had mostly identical machines, that was not really a big deal. We simply created a "template" machine, patched it, created the hashes and rolled them out to the other machines along with the patches.

    In other words, we reduced the problem of "you have to have an AV" to what the AV is supposed to do: Ensure that nothing bad exists on the computer. Since our approach was more restrictive than the required one (i.e. nothing unknown allowed at all instead of nothing bad allowed), it was considered acceptable.

  22. Re:I've been through a few... on Ask Slashdot: Share Your Security Review Tales · · Score: 1

    Doesn't work if your CISO knows his shit. Ours would drag your ass out of your current project and give you the "fix that! NOW!" lecture. Not necessarily with more words but with more decibel.

  23. Re:"security review"? on Ask Slashdot: Share Your Security Review Tales · · Score: 1

    Since I sit on the other end (the receiving end of these jokes here), i.e. doing penetration tests, code reviews and general consultation in the area of IT security, I might be able to answer this.

    Usually we get called when someone either wants to or (more often) is legally or contractually obligated to perform security reviews of their code, their processes or their remotely accessible infrastructure, e.g. webservers. Then we throw everything (or not, depending on what they want) we have in our arsenal of security shit against their stuff and look what sticks.

    And in the end, we usually sit there with their managers and (far too rarely) with their developers and server admins to discuss what we found and how they could fix it.

    My guess is that this is about the ... let's say less palatable specimens of my business, the haughty security know-it-all who berates you like a little child for not knowing some esoteric once-in-a-blue-moon-possible race condition, the secretive "I-can't-tell-you-how-I-did-it" asshole who still demands that you fix what he won't tell you about, i.e. expects you to find the error yourself and of course the "my-way-or-the-highway" idiot who insists that his approach to solving a system is the only permissible one.

    But don't worry, assholes sit on both sides of the table. My favorite is the "but this is impossible" admin, refusing to accept that his configuration could even possibly have some flaw despite you just demonstrated it to him.

  24. Re:Fooled ya! on Ask Slashdot: Share Your Security Review Tales · · Score: 1

    Considering how long it took and how much is still surfacing, my money is on "not the whistle".

  25. Re:Fooled ya! on Ask Slashdot: Share Your Security Review Tales · · Score: 1

    Not as well as the guy I sold the data... I mean, my new employer.