Slashdot Mirror


User: mysidia

mysidia's activity in the archive.

Stories
0
Comments
13,354
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,354

  1. Re:A screen on California Legislature Approves Trial Program For Electronic Plates · · Score: 1

    Don't forget the part where everyones plates show gay pornography gifs after some 14 year old hacks their system.

    What about when they don't get hacked; but show some Politician-You-Hate's ADs on the back of your car? Or Phillip Morris/R.J. Reynolds Tobacco ads, or other companies/products you find morally reprehensible.

    At least if someone hacks your car and displays gay porn or illegal kiddie on the back of your car; you have a hacker to press charges against, when/if they get caught.

    And you can console yourself knowing that the perpetrator did something that is illegal; and they can eventually be held accountable for.

    On the other hand... when you're an Obama supporter; and a giant Bush ad appears on the back of your car; or when you're a Palin supporter and a giant Obama ad shows on the back of your car; you legally speaking, have noone you can legally put in jail for that....

  2. Re:A screen on California Legislature Approves Trial Program For Electronic Plates · · Score: 1

    I thought the intent wasn't to get information, but to trick the system to display "STOLEN" on the wrong vehicle.

    Exactly. Bad guy steals car A; drives off a ways; steals license plate of similar-appearing car B, and swaps.

    Drives off a few more miles; finds similar appearing car C; steals car C's plate, and swaps.

    Drives off a few more miles; finds similar appearing car D; steals car D's plate and swaps.

    By the time the owner of car A realises his/her car is gone; the thief is using car D's plates; and the police are looking for the plate currently attached to car B.

  3. This must be a revenue generating opportunity on California Legislature Approves Trial Program For Electronic Plates · · Score: 1

    They say it's about changing plates to say "EXPIRED" or "STOLEN"; but I think the real reason they want it at this point is so they can Monetize drivers' license plates, BY renting out advertising space

    They can also use some of the AD slots to show PRO-ADMINISTRATION political messages; reminders to get out and vote Democrat, etc.

  4. Re:what about battry life and lost of power? on California Legislature Approves Trial Program For Electronic Plates · · Score: 1

    Some stuff like the radio resets when the battery is removed so will the system lose it's info when you do a battery swap?

    Some stuff does. But if they spend the extra money for a few bytes of static RAM, or an EEPROM chip; there is no reason that it has to lose its memory.

    Of course, an alternative is that on powerup it immediately starts attempting to establish contact with the central server to upload its GPS position; report that it was just powered on, and to request what it should display.

    Until the plate knows what to show it could show a giant picture of an hourlass; or the Windows startup screen

  5. Re:A screen on California Legislature Approves Trial Program For Electronic Plates · · Score: 1

    More fun, would be to mark all the cop cars as stolen.

    Personally; I think "EXPIRED" would be more fun.

  6. Re:A screen on California Legislature Approves Trial Program For Electronic Plates · · Score: 1

    it's easy to claim you just came out of Walmart and somebody must have done it while you were in there. There's no way they can prove it's not true..

    Except you have the legal burden of compliance. Which means you MUST verify that you have the proper license plate, before starting your car and driving onto a public roadway.

    Once you have taken those steps; you are fully responsible, for not having ensured the right plate was there, with no sticker or other illegal obstruction

  7. A screen on California Legislature Approves Trial Program For Electronic Plates · · Score: 1

    receive updates from a central server to display that same information. In an example shown by a South Carolina vendor, messages such as 'STOLEN,' 'EXPIRED,' or something similar could also be displayed on a license plate.

    You don't think thieves would get around that by stealing other cars' license plates and swapping the plate/screen of the stolen car with other non-stolen vehicles?

    On the other hand... if the plate is controlled by the car's computer; the thief will likely have a defeat for this as well. At a distance you won't be able to tell that the plate or electronics have been tampered with, to prevent the plate from changing to STOLEN.

  8. Re:Spoon fed on Survey: Most IT Staff Don't Communicate Security Risks · · Score: 1

    Another reason employees may ignore the alerts (especially programmers who understand this stuff better than IT).

    You mean arrogant developers who falsely believe they have a better understanding of current risks than IT?

    Obviously sending out company wide computer alerts, should only be done with IT's approval.

  9. Re:Features are priority #1 on Survey: Most IT Staff Don't Communicate Security Risks · · Score: 1

    And yet you are required to have homeowners or renters insurance to have a house/apt

    Why do you say that? You have the option of not buying either. You could bank the premium you would have spent on that; or form your own insurance company to write your policy and pay the premium into that. On average, you will probably save money after enough time passes without any of those events happening.

    In the worst case you don't, BUT insurance is always priced such that the insurance company expects that on average, the premium will be much higher than the expected costs of insurance claims during the policy term.

  10. Re:Holy buzzword Batman! on Survey: Most IT Staff Don't Communicate Security Risks · · Score: 1

    In other words: security professionals will have to become a lot more like managers, both in how they think, how they act, and what actions they recommend in response to potential security threats.

  11. Re:one-way street on Survey: Most IT Staff Don't Communicate Security Risks · · Score: 1

    Security policies are reviewed all the damn time. The problem is that those who make the decisions don't know the first thing about security. If you have those supposedly "onerous" policies, they were put in place for regulatory reasons most likely (HIPPA, FERPA, etc). And you're damned right, those are NOT negotiable. There's federal law involved.

    That's complete bollocks. The federal law rarely/never requires a specific security management policy. There are always multiple different ways of implementing the law, or making sure the organization will comply with the law.

    Ever heard of privilege escalation? Once it is behind the firewall and compromised, it doesn't matter what is "on the test setup", unless your "test setup" is itself entirely separated from the rest of the network

    This is what is called a vague aspersion; FUD; or attempt to create irrational fears. It is not something that just you are guilty of, but something a lot of security folks are guilty of.

    Last I checked; weak cryptography in a test system is not a privilege escalation risk.

    Now the concept of data transfer from a system outside the firewall, to an internal system on a secured network; is very scary to me. That's the sort of thing that keeps admins from being able to sleepe at night; knowing there's some "special application" that has somehow been given permission to bypass the DMZ and allow directed file transfers to the internal LAN.

    This is exactly the sort of thing the firewall is supposed to prevent, and there should be no exceptions; only servers on a DMZ should have any ports whatsoever open, BUT; somehow, some app developer has managed to convince management, that there is an exceptional situation meriting the security of the firewall be totally nerfed, and data allowed to flow into the corporate network with minimal real controls.

    This is one of the likely paths that could be used to deliver crafted malicious code into the LAN and open a backdoor.

    Put together in the future with other risks; there is a potential for a compromise to be linked to it, AND that's even if the cryptography is fixed.

  12. Re:one-way street on Survey: Most IT Staff Don't Communicate Security Risks · · Score: 1

    And just TRY to talk to them about two-factor identification (via cellphones or a swipe-card or something). You will get nowhere because the brainless, Peter Principle, Fail-Upwards recipients of CEO/CTO/CFO jobs will say it's "too much work" for them to comply with.

    Maybe the two factor auth on the market IS too much work for people to comply with. I have had a negative reaction from many ordinary people to suggestions of 2-factor auth using Yubikey,Smartcard, Fingerprint, RSA Token, Cell phone, or other. It's all about the inconevnience of having to carry around another key in their pocket; the unfamiliarity of the login process, or the extra time and annoyance people need to take every time they come back to unlock their workstation.

    If ordinary people are annoyed by it, maybe it is too burdensome, and security folks looking earnestly towards a promise of "stronger authentication" are full of shit and hurting the business, with added massive hardware costs (All security vendors seem to charge an arm and a leg for any security "solutionss"!), annoyances, frustrations, and costs for everyone?

  13. Re:one-way street on Survey: Most IT Staff Don't Communicate Security Risks · · Score: 1

    Manager: "It's simply not a problem. Go away."

    That's not IT failing to communicate risks. That's management not caring about risks.

    Except; management hasn't really taken on the risk either --- if they are hacked; he will simply blame the IT guy, and he will be fired for having plaintext password storage.

    Sure he had that conversion about it with the Manager, but I will bet the IT guy did not document it, and get the manager to sign off on "not fixing the problem".

    Which means the manager will always be able to escape liability for him and the organization by using his subordinate as a scapegoat -- and he can even see that the IT guy gets sued instead of the company; "Good of the many outweigh the needs of the few....".

  14. This is like a bank saying on Would You Tell People How To Crack Your Software? · · Score: 1

    "Please don't rob us at gunpoint"; Someone might have planted die packs in the money stash.

    Here's how you can sneak into our safe and plant some die packs: the combination is 9642 to the left; 2209 to the right; 822 to the left; 4991 to the right; 6133 to the left; 1273 to the right; 4155 to the left; 3701 to the right; 9812 to the left; 422 to the right; then turn left back to 7111, and open the door

  15. IT Staff doesn't understand security risk on Survey: Most IT Staff Don't Communicate Security Risks · · Score: 1

    The article's talking about IT staff not communicating security risks. But my argument would be Most IT staff do not have sufficient understanding security risks.

    They may understand that certain bad things can happen.... but do they actually know how likely they are? NO.

    IT staff can give you some idea of what some of the risks are, but only from a limited perspective.

    To have a full understanding of risks, you need more than a technologist's point of view.

    You need both the technologist's understanding of the risks, AND an understanding of the statistics and research in the field of security. Security risks should be evaluated by personnel who are equipped to do it, not by IT.

    One of IT's jobs should be to confer with security personnel, and security personnel can ultimately check the research and run the internal studies to make the necessary findings about extent of risk, and help senior management come up with the appropriate strategy that balances all the various risks and mitigation costs.

  16. Re:Irony on Drone Hunters Lining Up and Paying Out In Colorado · · Score: 1

    Considering the size of the drone, driving through town with one tied on the hood could be problematic.

    That's not the biggest problem for whoever shoots one down. It's the free (mandatory) all-expenses paid trip to Guantanomo bay, followed by indefinite detention.

  17. Re:QUICK - THEY'RE ON OUR TAIL! on Government To Release Hundreds of Documents On NSA Spying · · Score: 0

    Execute Order 66

  18. How about apps to alert about true issues? on New Smartphone Tech To Alert Pedestrians: 'You Are About To Be Hit By a Car' · · Score: 1

    Where can I get the app to alert me; if there's a need to evacuate the building? Specifically.... if there's a fire in the crowded theatre; I want an app to alert me immediately, so I can scramble for the door, and get out first: trampling anyone who dare stand in my way.

  19. Re:Sounds more like a mockery on IBM Uses Internal Kickstarters To Pick Projects · · Score: 1

    But then do you not have to evaluate all the unsuccessful stuff. How do you quantify the rapidly prototyping with a 3D printer vs. slower prototyping, which out of necessity is only going to be used on well formed ideas and the various success rates.

    This, by the way: is not a new problem. It's part of the accounting that management of businesses like IBM already have to do in order to figure out their return on assets, and other metrics typically used by management.

    And technically.... operating a 3D printer is separate from having a 3D printer. For example: the organization could lease time on a 3D printer instead of buying one.

    Personally, I think it's all moot -- because a 3D printer is less than $5,000; and it's more like a line item expense, than a capital investment.

    Major projects that use a 3D printer should probably not be credited to whoever decided to buy a 3D printer. Buying one is not something novel or innovative: it's an obvious choice.

    And even if you could do this you wouldn't be measuring anything, you'd be estimating.

    All measurements in the real-world are estimates. There is always some degree of error in any measurement; they are only exact when comparing to the definition; for example the "reference cylinder" at the BIPM; that 1 kilogram is defined to be the mass of.

  20. Re:Sounds more like a mockery on IBM Uses Internal Kickstarters To Pick Projects · · Score: 2

    The problem I have with this is crowdfunding is about big ideas; Procuring a 3D printer is not a big idea. When was the last time you saw a kickstarter project with someone asking for help buying themselves a personal 3D printer?

    A big idea is something more like "go to the moon and start working on an interplanetary computer network" or "build a supercomputer"

    You will never be able to measure the financial contribution made by that 3D printer, so why bother?

    Sure you will. The practice is to imagine two worlds: one world with the 3D printer, and one world without the 3D printer. Then estimate the outcome, and how revenues and costs change, without having purchased the 3D printer, to figure the opportunity cost.

    By the way; if the 3D printer was required for a $3billion in profit generating project to first get off the ground; then the opportunity cost of having not purchased the 3D printer was ~ $3bn.

    The assumption is the project would not have happened at all if not for the 3D printer.

    You can also entertain worlds where that was not the case ---- you can assume the idea would occur anyways, but implementation would be delayed, or you'd realize at a later event that a 3D printer (or other method) was needed; in which case, you would need to figure out how much the costs go up, or how much the revenues go down by not having the 3D printer at that time.

    It's tedious to work, and the math only worth doing later if the project turned out to be obviously valuable --- but it's not intractible.

  21. Sounds more like a mockery on IBM Uses Internal Kickstarters To Pick Projects · · Score: 2

    "employees were each given $100 to invest exclusively in colleagues' proposals, which ranged from procuring a 3D printer to setting up a disc golf course to recording and sharing seminars."

    Given how small the employee population of a company like IBM is; $100 per person might add up to 10,000 or so. Talk about guaranteeing any significant idea, such as a new product could never be sufficiently funded by this.

    It sounds like they are remiss about the whole kickstarter thing. If they were serious about it, they'd have at least $10,000 per person for each employee to intelligently divide among projects -- with some sort of reward for folks supporting winning projects; in the form of a revenue share, E.g. 10% of revenue reserved for winners; allocated among employees that supported in proportion to each employee's contribution.

  22. Try a FOIA request on Prankster Calls NSA To Restore Deleted E-mail · · Score: 1

    For retrieval of your data.... or maybe a lawsuit, with a subpoena for their copy of your files; or seek a court order for a copy of the data......

  23. Re:why should apple steal someone's work? on Patent Suit Leads To 500,000 Annoyed Software Users · · Score: 1

    Not that their naming conventions make any sense. One would think AppleTalk would be for phones, not file transfers. :P

    Well; it helps to understand the history. AppleTalk was created back in the 1980s. Back then, there was no such thing as VoIP.

    These days AppleTalk/AppleNet are protocols that have long been obsolete -- few use them. I would not recommend using them, because they are such a pain; they have largely been superceded by TCP/IP, NFS, and Server Block Messaging (SMB/CIFS)/Windows file sharing protocols.

    Windows/Linux in general doesn't support them natively out of the box.... need any more reasons not to use AppleTalk ? :)

  24. Re:why should apple steal someone's work? on Patent Suit Leads To 500,000 Annoyed Software Users · · Score: 1

    Peer to peer communications over an electronic protocol have been in mass use since the phone was invented.

    They've also been in use in paper form, since the private courier was first invented. Not everyone sent their letters through centralized post offices.

    Your courier might on occassion consult information from a central authority (a printed map) in order to get your message from point A to point B, but you could also carry the letter yourself -- an intermediary was never a requirement, just a convenience for quicker implementation.

    Once the logistics of GPS turn-by-turn directions could be worked out, and printing everyone's coordinates in a book -- it became no longer necessary for anyone to have couriers

    As for the internet and resolutions for issues involving NAT -- there was not anything fundamentally an invention there either. The internet equivalent of: sending your friend a letter through the central authority requesting you to meet at place X for some face time, and sending you a note with a room number and the name of a guard to talk to for access; and informing the guard to let friend Y into place X when he shows the letter.

  25. Re:why should apple steal someone's work? on Patent Suit Leads To 500,000 Annoyed Software Users · · Score: 1

    this work was originally created for the CIA many years ago when peer to peer video was not obvious

    What do you mean when peer to peer video was not obvious?

    It was always obvious; there were technological barriers in the form of users just not having enough bandwidth and CPU processing power, and H.264 not having been invented yet.

    Peer to peer video communications was obvious from the days of Star Trek and the Jetsons.

    That is: peer to peer was always the most obvious client architecture for communications. Servers became involved in the first place to address technical challenges with resource discovery.