Slashdot Mirror


User: mysidia

mysidia's activity in the archive.

Stories
0
Comments
13,354
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,354

  1. Sounds low-tech to me on North Korea's High-Tech Counterfeit $100 Bills · · Score: 1

    similar printing technologies as the U.S. and buy ink from the same Swedish firm.

    Get the cooperation of the company that supplies the US... a very low-tech attach

    The fix is not digital currency, it's a move towards exclusive sourcing of materials used to print the bills, and the requirement of multiple different materials. And digital technology can be used to enhance security of currency without losing the benefits of paper money.

    By that I mean: whatever firm supplies the ink should not be allowed to deal with anyone else. [for example]

    Beyond that, what should happen is the unique serial number printed on every bill should have a secret key associated with it, with a public key that is made public knowledge; part of some database available to the general public.
    And a representation of a digital signature using that key should be printed on every bill. Every every batch of X bills is printed, that private key should be destroyed irrevokably.

    Then they should make an iPhone App that lets you use your phone's camera to "scan" any bill, and validate that the digital signature printed on it, against the serial number and the public key for that lot of bills.

    The app would then submit the serial number (anonymously) to increment some counter, along with a loose GPS fix; allowing for blacklisting a certain serial number as 'suspect' to occur.

  2. Re:Good point. on MIT Lecturer Defends His Standing As Email Inventor · · Score: 1

    E-mail surely predated the internet and all those RFCs.

    Before the Internet, there were LANs and BBSes, and they had person-to-person mail (as well as message boards / post it notes like things).

  3. Re:Sign into my what? on Last Day To Tell Google To Forget You · · Score: 2

    Yeah, but if you opt-out directly you wind up becoming part of Google's Opt-Out Village

  4. Re:Free = no good on Security Tool HijackThis Goes Open Source · · Score: 1

    it's a tool, and the tool is only as good as the person using it.

    A tool is also only as good as the functionality it provides. You don't use a hammer to make a chocolate cake.

    HiJackThis is a useful tool, but its application is extremely constrained -- its a tool to be used by an expert/specialist to attempt to manually remove an infection.

    This has many applications, but its uses are not compatible with IT best practices for Enterprise security. In the Enterprise, the main job of security software is to prevent the infection, if a machine becomes infected, than that machine from now on is questionable, the security risks of just attempting a manual removal are great (if some remnant is missed, corporate secrets or customer data may be at risk, huge possible liabilities), and the only appropriate resolution is really to reimage.

    Again HJT is more suitable for home users and "PC Repair shops"; where the objective is to repair an arbitrary home computer with least expense to the owner, and malware removal can be a full-time job.

    In well-managed Enterprises, "manual malware removal" is not a job at all let-alone a full time one, where the skills required to utilize HJT would be valued specifically.

    Now, the security consultants or hackers the Enterprise hires to help clean up after a massive security incident, would be HJT experts.

  5. Re:Comparison of technologies on Damaged US Passport Chip Strands Travelers · · Score: 4, Informative

    Can be used with a scanner that has a range of only a few inches. If any part of the chip is damaged, the data is irretrievable. Costs more than paper. Can be destroyed in everyday use, including sitting on it, folding it, getting it wet, etc.

    Contains electric circuits that can fail, rendering the RFID useless, even with no abuse.

  6. Re:FTFA on Damaged US Passport Chip Strands Travelers · · Score: 1

    You don't need a passport for flying within the US. Technically, you don't even need a passport for leaving the US, but if you don't have one, it becomes very difficult to re-enter.

    Not for leaving the US, but you need a Passport + Visa to enter your destination country.

  7. Re:Bad summary: the airline, not the government on Damaged US Passport Chip Strands Travelers · · Score: 4, Insightful

    Does it really make a difference which incompetent and/or indifferent bureaucrat screwed this family over?

    They think it does. It allows the various players involved to all abdicate responsibility by pointing fingers.

  8. Re:Youtube video. on Hunters Shoot Down Drone of Animal Rights Group · · Score: 1

    If you go out and catch some fish to mount on your wall, that's a different story

    The result is the same, so why do you care about the motivation?

    The only think negative I have to say about mounting a fish to the wall, is it seems like a waste of perfectly good meat, that could have gone towards feeding poor hungry people all over the world, if the hunter hadn't desired to make it an adornment.

    But I can understand that some people feel it's a major accomplishment that proves your accomplishment and skill as a hunter to catch as large a fish as possible.

    And there are plenty of people that waste money on stupid "lavish" shit, like 25 pairs of pretty shoes, that could have gone to buy food for the hungry as well (from farmers or hunters).

  9. Re:If they hadn't brought their drone on Hunters Shoot Down Drone of Animal Rights Group · · Score: 2

    So, does that mean I can smash up your stuff on say, a public beach?

    If I smash up your stuff purely as a malicious act to hurt you, then it's a criminal destruction of your property. And I would be liable for the damages.

    If your stuff is performing unauthorized filming of my private property, after I told you that you can't do it, for example, or your equipment is clearly present there to do something illegal that harms me or my property, and I can disable your equipment without hurting any person, then it won't be a crime for me to smash up the equipment, to the extent necessary, with the level of force required to stop or prevent your attack on my property.

    Now, despite not being criminal -- I might still be liable for damage I do to your property, or collateral damage to other people's property, if there is any, that results from my use of force.

    But that's a matter to be handled by the courts, and will depend on the facts surrounding the circumstances. For example, if you had been warned by law enforcement and the property owner already, not to place your stuff adjacent to my property, then chances are good you will be found liable to the damages to your equipment I smashed up.

  10. Accept all is bad on Microsoft Accuses Google of Violating Internet Explorer's Privacy Settings · · Score: 1

    The P3P specification (in an attempt to leave room for future advances in privacy policies) states that browsers should ignore any undefined policies they encounter.

    Just as you shouldn't configure a firewall to allow incoming traffic to private computers on unknown (unassigned port numbers); default accept, the P3P specification's choice of "default accept" for unknown policy tokens is a very poor one.

    It's not Google's fault that the spec is defunct and permissive.

  11. Re:Free = no good on Security Tool HijackThis Goes Open Source · · Score: 3, Insightful

    Does the hours upon hours someone spend re-installing and re-configuring their system after a re-image count?

    The image is supposed to be taken after the install is fully configured with all the role-specific software.

    What about the time spent reloading data from backups?

    No data requiring backup is allowed to be on endpoints. Any documents should be in the user's profile which gets redirected to a place on the server.

  12. Re:Free = no good on Security Tool HijackThis Goes Open Source · · Score: 2

    So whats the business need of Symantec's Endpoint Client? Malware steamrollers over it all the time, even with the latest definitions.

    That's because the software fails to do what it's actually supposed to do. If the software were effective, the featureset would make it a clear winner over the free product. Because in actual practice the Symantec software doesn't do what it's supposed to do, an Engineer experienced with it could tell you that all those checkboxes are worthless.

    In a number of large companies, corporate management fails to make a distinction between what the software vendors' salespeople say their software does, and what it actually does in practice.

    I'm definitely not holding up Symantec as a product you should consider using. But there are many alternatives that do what they are supposed to do, and have the must-have features you really need for assuring Enterprise security.

    And HJT still isn't the answer for endpoint security.

  13. Re:Would *I* use it? on Should Microsoft Put Office On the iPad? · · Score: 2

    No way. Typing on my iPad is one of the most awkward things I do in a day, but I don't blame the device. There are people in my same department at work that I have seen knock out multipage emails on one as if sitting at a regular computer.

    What you need to be able to do is dictate to the iPad, and simultaneously use a pen/stylus to make any corrections/adjustments on screen.

  14. Re:Free = no good on Security Tool HijackThis Goes Open Source · · Score: 1, Insightful

    More likely he says that free stuff without vendor support is no good, and for most businesses he is right.

    It's not just about Vendor support; it's also about Tool capabilities, Tool quality, and meeting a business need. Businesses don't want to spend a lot of time manuallg "cleaning up" after malware infections; they want to prevent them.

    If the infection beats the protection, then the cleanup must be fast and fully automated, otherwise it's more efficient to re-image in this situation.

    HJT is for home users and hackers not working on company time, who can afford to spend hours upon hours manually digging through a log and removing suspicious components, at risk of breaking the system further.

    For day-to-day business use, HijackThis has nothing on Trend Micro OfficeScan, Malwarebytes Pro, PrevX Business, Webroot Secureanywhere Endpoint, eEye Blink, Defensewall/Parador, SuperAntiSpyware PRO, ESET, and plenty of others.

    Real-time protection, automation/periodic scans, and central monitoring capabilities are a must for good endpoint security.

    HJT has limited use cases. Symantec's product don't make the Top10 list.

    Perhaps since they've open sourced HJT now, there will be more developers working on it, and its capabilities could improve -- for example, automatically identifying items that are suspicious, and automatically identifying items that are system critical, and verifying their integrity.

  15. Re:Optimization on Tetris In 140 Bytes · · Score: 1

    By the time you add all the bytes used by the Web Browser and OS required to run this software, it's probably larger than 140MB.

    A 140 byte bootable Tetris floppy image would be much more interesting

  16. Re:html tag on Tetris In 140 Bytes · · Score: 1

    but for the average joe who doesn't care about formal languages anyway.

    Yeah... the average joe can't use HTML. They would use a visual editor.

  17. Interesting on Tetris In 140 Bytes · · Score: 2

    This is easier than any game of Tetris I ever played... there's a nice grid of dots displayed to line up pieces with.

    And when you get a two-column piece, it allows you to move the right half of the piece off screen, causing the piece to "wrap" around the edge of the screen....

  18. Re:I have an idea for the style guide on Why Microsoft Developers Need a Style Guide · · Score: 1

    Now it seems we're happy if you just use camel-case.

    I'm not happy with that fscked up naming scheme. The one right way to do it is to put an underscore in between each word.

    int the_ultimate_answer = 42;

    At least, until programming languages evolve further, spaces can be used in variable names, and those variable names are case-insensitive as they should be.

    As in...
    PROCEDURE [Get The Answer] IS
    [Question] : Integer
    DECLARE
    [Answer] : Integer;
    BEGIN
    If [Question] = [The Ultimate Question] then
    Answer := 42
    Else
    raise [The Answer is Unknown]
    End
    END

  19. Re:Two mostly similar choices on Dealing With an Overly-Restrictive Intellectual Property Policy? · · Score: 1

    You actually run the risk, even asking the question, of implying you have an idea for a product on your current companies time, that you may be thinking about (even if not implementing), so if you leave they may claim that work was done on this project on their time, and you're in violation of their agreement

    Possibly. It's also possible you will move to a different state, or country, to implement your idea, or incorporate the company in a different state. You may not advertise to the former employer the name of the new company, or what exactly you are working on.

    I don't think they will chase ghosts. There's likely little to worry about there, at least unless/until your idea is actually successful, and generates income for you.

  20. Re:Two mostly similar choices on Dealing With an Overly-Restrictive Intellectual Property Policy? · · Score: 2

    Downside is of course that your future business model would have to build around an OSS core

    Then don't use the GPL for this. There are plenty of free software licenses this could be licensed under that would enable you to sublicense.

    For example: You could have them retain copyright, but grant you an irrevokable write to modify, redistribute, sublicense, and produce derivative works.

    Or use the BSD license / Academic Software License / Mozilla Public License.

  21. Re:Mark to market on The Zuckerberg Tax · · Score: 1

    Anyway in general I think it is a great idea for making the tax system far more fair.

    It doesn't make the tax system more fair. Mark to market penalizes saving money by creating an artificial reason to force investors into paying taxes based on the theoretical amount they might get if they had sold the asset.

    It devalues a great many type of assets -- if you have to get that painting appraised every year for mark to market, are you really going to risk buying a $500 piece of art? Now not only can you not have a nice decoration for your home (due to the burdensome costs of appraisal and accounting paperwork burdens), but now the seller cannot dispose of that piece, so economic value is lost, and lots of people are hurt.

    Mark to market is also incompatible with the conditions under which Congress can lay taxes. The constitution doesn't allow the Federal government to tax property. The US congress can lay duties, excise taxes, tax commerce, etc, actual transactions, but not the condition of ownership of property which is protected under the 5th amendment of the constitution.
    For the same reason that the US government does not have the power to assess a tax based on home ownership, for example , there is no power of taxation that permits requiring property owned to be appraised and "marking owned property to market", until commerce is actually conducted.

    In a mark-to-market system if people don't want or can't afford the taxes, then they have to sell the asset to cover the tax, which means they lose capital, and therefore resources required to fuel economic growth.

    The government is the worst possible hands for lost capital to fall into ( they are among the least efficient at spending money, and it's basically like burning the money), in other words -- the overall economy suffers greatly.

    That creates a great disincentive to maintaining long term investment in the US, and creates inventive for moving money to countries that don't have asset taxes, which is ultimately a situation that is unfair to the people.

    The other problem for investors is the risk of paying mark to market tax based on a market overvaluation of an asset, actually creates an unfair situation, a double loss when selling - loss in capital value, and loss due to taxes paid, since the government never refunds capital gains taxes, when they are later cancelled out by a greater equal loss.

    IF the tax system were actually fair, every penny of investment loss would be fully refundable against every penny of tax paid in the past based on supposed gain.
    And an anticipatory refund would have to issued based on 'losses marked to market', if the investor overall had a negative market treatment for the year.

    But as with mark to market, there would be a serious deflationary effect which would likely cause what's left of the economy to implode.

  22. Jobs' widow on The Zuckerberg Tax · · Score: 1

    Now Jobs' widow can sell those shares without paying any income tax on the appreciation before his death

    That's because if those shares are all in Jobs' estate, they will count against Jobs' estate tax exclusion, once the tax excluded amount is exceeded, all the rest of the value of the estate is subject to estate tax, even if there was no appreciation on it.

  23. Re:MOAR. SQAR. METRES! on MIT Envisions DIY Solar Cells Made From Grass Clippings · · Score: 1

    we would have to cover nearly 100% of our continental land mass with this stuff to replace our current energy sources. Seems to me like smoking the other kind of grass really is a better deal.

    We need our land. Something tells me, we'd be better off with vertically-oriented towers collecting solar energy on all surfaces or reflecting light onto point targets, and floating collectors in the oceans.

    But towers have the advantage that if they're tall enough, wind collectors can be added on some of the higher floors, to reduce loss of production during overcast days, and there are more hours of daylight at higher altitudes.

  24. Re:Or you could electrocute yourself in the proces on MIT Envisions DIY Solar Cells Made From Grass Clippings · · Score: 1

    Just because it's "green" doesn't mean it's safe to let just any yahoo install an electric generator on his hut. Methinks it might be wise to let the village electrician do the installing.

    Nice thinking.... this is how you create jobs, and dig villages out of poverty. Now everyone who wants this solar electricity mat is forbidden from doing it themselves, so they'll have to hire a member of the union of village electricians, who will have to be trained by someone with the proper certifications, giving rise to a whole new training industry as well. Since a chemical expert is required to actually put the mat together, the electrician is only allowed to install it, and some other kind of worker is the only type of worker allowed to transport it after assembly, to the install site.

    Even though the voltage and current output will be so small that you can barely power a small LED array.

    Now if you really want to help solidify the village economies, you just need to get litigation in; perhaps a team of sue-happy lawyers could volunteer to go on a good-will mission expidition, to help build the ecosystem and bureaucracies required for lawyers to thrive, and spur an entire sector of their economies around that.

  25. Re:Good, Because Certs Are Worthless on The IT Certs That No Longer Pay Extra · · Score: 3, Interesting

    There are really own two certs I respect: Cisco's CCIE and Oracle's OCM. Both require hands-on lab demonstrations of skill. (Is RedHat doing that now, too?)

    Microsoft MCM certifications require hands-on lab demonstrations of skill. And there are plenty of other IT certs with similar requirements, that are not simple "pass a test, get the cert".

    Have you seen the requirements for the VMware VCDX and Cisco Certified Architect certifications that require prospectives to submit an application, have suitable experience shown, be accepted, build a design to certain requirements, and then defend their design choices in front of a panel?

    They kind of make Oracle OCM and IE look like like 'easy' certs by comparison.

    There are also things like CISSP-ISSMP, where applicants actually must have 2 years of job experience specifically related to the knowledge base and positive references to certify, in addition to passing tests, and they must show a fair number of hours of continuing education every year to stay certified; so holding the papers there takes a lot more than just passing a test too.