And I suppose when a geek hooks up 12 monitors to 6 computers to play a game, thats a good use of that energy? BIAS
I don't do this either. I do a lot of things to reduce the amount of energy I use in general. Probably the one thing I waste the most energy on (aside from the occasional car ride in my relatively fuel efficient Chevy Cavalier -- I live close enough to work to walk there) is the servers here at work.
At home, I keep the thermostat at 65 or lower in the winter; I don't use AC in the summer. I don't even have a computer at home. The most electricity I use at home is when I watch TV from time to time, but it's generally under 6 hours per week, and it's a pretty small 21 inch TV, so it's not likely to use all that much energy anyway.
Also, even if I did hook up 12 monitors and 6 computers purely for entertainment, that still uses a lot less energy that a Hummer, without question. And given that a Hummer for civilian use is most likely for recreational purposes, more than likely the person who owns it is going to go on frequent joyrides in it (If they're using it just to commute I consider that a real waste of money.)
So, the objective truth is that unless you actually are in Iraq or a similar situation where roads are mostly non-existent and a strong, heavy vehicle is crucial to survival, a Hummer is a dumb, egotistical, and wasteful way to get from point A to point B.
If there are any such Hummer drivers out there who are offended, good. You may have made those hundreds of thousands of dollars to buy one by genuinely contributing the healing and well-being of the planet, but I doubt it. And even if you did earn your money through some such activity, that was a damn stupid way of spending it.
If Amazon has successfully secured this as a patent, does this mean that EBay could be sued for patent infringement even though it was the first major online auction player?
Actually, I am sort of hoping for this because it would make ebay's thousands (millions?) of buyers/sellers suddenly aware of the problems of patents and trademark law in software. Also, ebay is a big enough player that hopefully this patent would get knocked down.
I mean hell you can see their effects in everything, flight, navigational, medicine, batteries......the Internet....
Geez, I thought I'd be the last person in the world to say this, but the military has occasionally introduced some good, positive technology.
Re:Title made me think this was about daylight sav
on
Take Back Your Time!
·
· Score: 1
Nope.
According to pretty much every state's Alcohol Beverage Control Department (name may vary from state to state), bars close at 1:59 AM, NOT 2:00 AM, for this very reason. Technically, the bars close at 1:59:59 AM. The instant it hits 2:00 AM, they have already been closed. Which is why, by the way, a lot of bartenders yell at you to finish your drinks around 1:57. If you're still around at the stroke of 2, technically you and they are breaking the law.
I used to use this trick all the time. It's been only recently (last 10 years or so) that all ink manufacturers put a little seal at the end of the tube, so you *can't* blow through it. Pretty much any kind of cheap ballpoint can be disassembled in this fashion, that is, you can pull out the refill of practically any pen.
My guess is that the little seal is to create a mini vacuum in the tub so the pen's less likely to leak on its own. Back in the day, when I blew through pens to get them working again, I used to get ink leaking all the time when I carried the pens around in my pants pockets. Of course, I don't tend to keep a pen in my pocket anymore, so maybe they still leak just as often.
Most plotter printers cost 2,000-4,000 anyway, and all they do is print in colored ink on paper. I'm not sure what the maximum dimensions are for this printer, but it's probably not lousy.
Once you leave normal ink printing behind, it's not unusual to see printers costing somewhere in the 1000s. Sublimation printers, used in making T-shirt prints, cost a bundle too. I'm guessing they started at prices around 10,000. Now you can get one for just barely under 1000.
I honestly didn't know the stuff you've written, thank you!
I didn't know it either. Thanks for raising the issue and inspiring me to do a little quick and dirty research.
As someone who lives about 15 minutes from Monticello and has seen his water clock, dumbwaiter, duplicator (basically, a second quill that apes your movements), and other inventions, I knew that TJ was a hardcore inventor, and went seeking some resources to prove it. The stuff about his work in the patents field was just an added bonus
Ben Franklin was a good businessman and PR man. So he is the one known as the inventor, when in fact TJ probably invented at least as many items as Ben Franklin did. Since Ben Franklin was the shrewd businessman-type, and Thomas Jefferson was the always-losing-money-on-every-business-he-tried type (and his businesses were often based on the newest and latest technologies), you'd think Ben would be more likely to come up with patent, trademark, and copyright laws than TJ would.
TJ created the patent system that was the basis for the patent system in place today, even though he disliked the idea of patents in general. He felt that patents could cause there to be an unfairmonopolies.
Sounds like bullshit to me. Sure, there are varied ethnic groups and people of different ages and what not, but they're all living in an Urban environment. They've probably been exposed to the Internet earlier, since it was widely available in cities and tech centers (like college towns) before it was available in Podunk, Flatstate. Also, New Yorkers are probably more naturally suspicious of scam artists. That's probably a generalization, but I believe that it's easier to be naive in a small town filled mostly with trustworthy people than it is to be naive in a big cities which, although not "riddled" with crime, has a lot more of it than a small town.
This is also true actually for Geotrust certificates too. For most certificate issuances, you do have to install new root certificates. After you've installed the root certificate once, you don't need to do so again. This is partly why Geotrust's FUD about InstantSSL not owning its own root isn't that big of a deal: as long as the root certificate you installed hasn't expired (and those generally last 10-15 years or more), the certificates based on that root are valid and recognized. Anyone who wants to depend on things being the same for a 10-15 year period should probably get out of the Internet business.:-)
You probably do not have to do so for VeriSign, though.
Seriously, good point. I'd say that once you enter the Open Source arena, Linux is definitely the most hyped of the OSes, but it still trails far behind Apple and MS in hypeability. Still, it's the only OS that lay articles on technology talk about. It'd be interesting to know how and why it is that Linux is so well known and BSD is not. Is it just because there are a lot of corporately-overseen distros of linux, while that isn't the case for BSD?
Just so you know, WhichSSL.com is owned by Comodo Group, which makes InstantSSL certificates. So, it's biased towards InstantSSL certificates. Geotrust (under the guise of "FreeSSL") hosts its own similar website (originally WhichSSL.org) called SSLReview which has its own predictable slant.
Basically, they are both low budget certificates and while they compete somewhat on price, mostly they try to sell their strengths and over-FUD the other certificate's weaknesses. InstantSSL has a wider browers recognition (99% of all browsers vs. FreeSSL's 95%); WhichSSL warns you could be losing thousands of customers. FreeSSL (Geocities, actually) owns its own root, whereas InstantSSL uses the Baltimore root; SSLReview warns that certificates bought through InstantSSL might not be reliable or stable as a result.
Right now I'm using InstantSSL myself; even with Geocities behind them FreeSSL just doesn't look as polished or professional, and since the security of the certificates are identical, I'm going mostly on the confidence my customers will feel when I send them to the InstantSSL website to show that they're a professional company.
*sigh* the one time I didn't preview... should have been:
You didn't choose to auto-renew, and you forgot to do it manually, ergo, it must be someone else's fault. OK. You did notice that portion of the terms of use that stated that X days after the registration has expired, anyone can register the domain, didn't you?
Read the line you quoted more carefully:
I transferred a domain to them and they let it expire, charged my account anyway, and re-registerred it to themselves.
I think if they didn't at least send an expiration warning, then they were a crappy registrar. Seeing as they want ahead and charged him anyway, they're assholes. Either don't charge him, or renew the domain because he's paid. Simple as that. Since he got charged, that suggests he did have auto-renew checked, and they messed up.
Would you rather be told that you are too arrogant and don't take responsibility for your own actions (or lack thereof)? Just a question.
Again, if his account hadn't been charged, then I would say he's a somewhat misguided idiot and shouldn't be surprised he wasn't hired. But since his account was charged, they were the idiots.
It's possible this guy is too arrogant and doesn't take responsibility for his own actions. From the comments from a lot slashdotters, sounds like those are the qualities that actually get you far in the business world (although they turn you into a moral cesspool).
However, if I was turned down for a job from a company, I wouldn't be eager to use their services either.
You didn't choose to auto-renew, and you forgot to do it manually, ergo, it must be someone else's fault. OK. You did notice that portion of the terms of use that stated that X days after the registration has expired, anyone can register the domain, didn't you?
Read the line you quoted more carefully:
I transferred a domain to them and they let it expire, charged my account anyway, and re-registerred it to themselves.
I think if they didn't at least send an expiration warning, then they were a crappy registrar. Seeing as they want ahead and charged him anywayWould you rather be told that you are too arrogant and don't take responsibility for your own actions (or lack thereof)? Just a question.
Again, if his account hadn't been charged, then I would say he's a somewhat misguided idiot and shouldn't be surprised he wasn't hired. But since his account was charged, they were the idiots.
It's possible this guy is too arrogant and doesn't take responsibility for his own actions. From the comments from a lot slashdotters, sounds like those are the qualities that actually get you far in the business world (although they turn you into a moral cesspool).
However, if I was turned down for a job from a company, I wouldn't be eager to use their services either.
Man talk about FUD. Last time I checked, almost every single hole in windows was patched before an exploit was available.
s/available/made public
Just like in the OS world, most exploits aren't discovered by the original code writers, but by users who try to hack into their systems benignly. Because those people who discover the exploits are decent folk, they alert Microsoft first and don't make the exploit publicly known until a patch can be written.
However, some people have gotten so frustrated with MS's shoddy response to security alerts that some have taken to giving up and saying, "Look, this part of MS software is insecure. Here's the work around, since they won't patch it."
I can't think of any sites to send you as examples off the top of my head, but I'm sure there are slashdotters out there who'd be happy to provide you with examples. I do recall seeing that one of the patches set up this September was first for an exploit first discovered and reported in early July.
And the documentation included with the patch gave the correct changes to the configuration file, so it's beyond my comprehension how someone could have entered an incorrect configuration there anyway.
See, if the patch really had "broken" something, then it could have been changed so that it *didn't* break it. And the truth is, no change made to the patch will prevent this problem as long as someone purposefully enters an incorrect configuration. And can you blame software for functioning incorrectly with a bad config file?
I guess they have some sort of software which allows people to order cheques remotely
That's not the impression I got.
This guy was really vague about the security concerns he had -- I guess he must believe in the "security through obscurity" method.:-p
Frankly I think this was way too generic of an Ask Slashdot. If he'd said whether his security concerns were regarding the products that we sold (and again, since they're pieces of paper I'm not sure how you can "secure" them), the software used to print the checks (hmmm...I bet the banks will still take it if you write out the name and price by hand!), or the network at his company.
He admits to not knowing anything about security (If a geek says they know a "little" bit about something, that means that they have heard the term).
And, really, what answer does he want? Something like "Go to your favorite online bookstore. Search for 'computer security'. Order the results by 'Customer Rating'. Purchase the first 5 books in the list. Read them through."? We certainly can't offer him any "security" suggestions, since we don't know what his security problems are.
Here's an similarly vague question:
Ask Slashdot: Greenhide writes "I'm bored. Someone told me it is bad to sit on my ass all the time, but maybe I'm not good at sports (I don't know!!)? What should I do?"
Some poeople have pointed out that it seems like almost any kind of Ask Slashdot is getting posted even when the answer has a googleable answer or is excessively vague. Personally, I think Ask Slashdot should only be to start a general discussion ("What would be an effective yet fair way to protect media copyrights?") or to answer non-trivial questions ("I am trying to modify an old dorm refrigerator so that I can use it as a cooling system for my overclocked PC. Does anyone know what tools and steps I could take? Is it safe to take apart a fridge?")
I cringe everytime I hear them say it, because I know that it is 'secure' only because of it's relative obscurity.
By "obscurity", do you mean it's not a well known product?
I'm going to jump out on a limb here and guess that if you're going around making check software, then someone in the company actually spent a number of minutes x (with x >> 5) thinking about security in the product.
Here's an idea. You're a junior developer, right? Why not sidle up to a senior developer and say, "Hey, can we talk for a moment?" Tell them you've recently become interested in security and learning more about it. Ask them what the current security for your products is. If there isn't really any, ask them if they know if competitors use any kind of security features, saying something like, "I'll bet it would make our product look better if we could tell potential customers that we use x, y, and z to make our products secure." If he or she doesn't sound interested, evaluate how this makes you feel about working there. It probably isn't a good idea to make this a crusade; it'll just make you look mean spirited if you push through your senior developers. You can choose to stay in the company, knowing the product isn't fully secure, or if security is your thing, you can move to a company that's more secure.
Think about a worst case scenario: someone writes a series of checks that are bad. That's not impossible to happen with normal non-computer generated checks anyways. It could potentially be a lot of money -- perhaps -- but credit card fraud is generally a lot easier to perpetuate. Most check fraud that does occur is people writing big checks on their own accounts that bounce, or it's people just forging checks, neither which you or your company have any part in.
If you were in a company storing electronic medical records or bank accounts, then security through obscurity would be pretty catastrophic. But I'm guessing that you're blowing this out of proportion.
This is why the idea of a second ( legitimate correspondence only protocol ) is the only real solution.
No, this would suck.
The great thing about email is, it's a way for people who don't know you to contact you without you having to tell them somthing really personal like your phone number and name.
So I want my e-mail address available to someone I don't know, because maybe they're an old friend of mine who runs across my e-mail address somewhere and decides to see how I'm doing. Or maybe it's a friend of a friend who heard I was interested in forming a Jug band and knows how to play the fiddle.
Whatever the reason, I can't always know who is going to e-mail me. So e-mail has to be open. And if it's open, then why bother using the second protocol? If I use a closed protocol only, then I'll never get either of those messages.
And if you make the new protocol in such a way that strangers can e-mail me, then the 1c an email scammers in Nigeria will figure out how to do it. It might take a little longer to gather addresses and send e-mails, but ultimately they'll determine some way to automate it.
The one idea I've heard tossed around that I like is requiring some sort of certificate-based connection from a mail server before a message could go through. Spammers would quickly have their certificates revoked once their spam limit exceeded a certain amount, and you could specify which certifying authorities you were willing to trust. This would prevent things like DSL and other fly by night SMTP servers from being effective.
I'm not sure if you'd need a whole new protocol; you'd just need some way of adding the possiblity of a secure SSL connection for SMTP (not that bad of an idea, since it could provide at least a little security for the messages being sent through). Once that was set up, the rest of the protocol could behave the same as it has before.
Slashdot Mirror
And I suppose when a geek hooks up 12 monitors to 6 computers to play a game, thats a good use of that energy? BIAS
I don't do this either. I do a lot of things to reduce the amount of energy I use in general. Probably the one thing I waste the most energy on (aside from the occasional car ride in my relatively fuel efficient Chevy Cavalier -- I live close enough to work to walk there) is the servers here at work.
At home, I keep the thermostat at 65 or lower in the winter; I don't use AC in the summer. I don't even have a computer at home. The most electricity I use at home is when I watch TV from time to time, but it's generally under 6 hours per week, and it's a pretty small 21 inch TV, so it's not likely to use all that much energy anyway.
Also, even if I did hook up 12 monitors and 6 computers purely for entertainment, that still uses a lot less energy that a Hummer, without question. And given that a Hummer for civilian use is most likely for recreational purposes, more than likely the person who owns it is going to go on frequent joyrides in it (If they're using it just to commute I consider that a real waste of money.)
So, the objective truth is that unless you actually are in Iraq or a similar situation where roads are mostly non-existent and a strong, heavy vehicle is crucial to survival, a Hummer is a dumb, egotistical, and wasteful way to get from point A to point B.
If there are any such Hummer drivers out there who are offended, good. You may have made those hundreds of thousands of dollars to buy one by genuinely contributing the healing and well-being of the planet, but I doubt it. And even if you did earn your money through some such activity, that was a damn stupid way of spending it.
Also, gas is one of the best ways to back that much energy in to a small space.
Yeah, but a Hummer is not the best ways to use that energy, which is the real point of the article.
If Amazon has successfully secured this as a patent, does this mean that EBay could be sued for patent infringement even though it was the first major online auction player?
Actually, I am sort of hoping for this because it would make ebay's thousands (millions?) of buyers/sellers suddenly aware of the problems of patents and trademark law in software. Also, ebay is a big enough player that hopefully this patent would get knocked down.
I suppose you could always use solid state hard drives. They don't make much noise.
I mean hell you can see their effects in everything, flight, navigational, medicine, batteries... ...the Internet....
Geez, I thought I'd be the last person in the world to say this, but the military has occasionally introduced some good, positive technology.
Nope.
According to pretty much every state's Alcohol Beverage Control Department (name may vary from state to state), bars close at 1:59 AM, NOT 2:00 AM, for this very reason. Technically, the bars close at 1:59:59 AM. The instant it hits 2:00 AM, they have already been closed. Which is why, by the way, a lot of bartenders yell at you to finish your drinks around 1:57. If you're still around at the stroke of 2, technically you and they are breaking the law.
The Borg Queen tried this on Data. But in the end, his loyalty to Starfleet was greater.
Only by instilling the concepts of loyalty and respect can we expect any good behavior from our robots.
I have a shake for breakfast, a shake for for lunch, and a sensible dinner.
I used to use this trick all the time. It's been only recently (last 10 years or so) that all ink manufacturers put a little seal at the end of the tube, so you *can't* blow through it. Pretty much any kind of cheap ballpoint can be disassembled in this fashion, that is, you can pull out the refill of practically any pen.
My guess is that the little seal is to create a mini vacuum in the tub so the pen's less likely to leak on its own. Back in the day, when I blew through pens to get them working again, I used to get ink leaking all the time when I carried the pens around in my pants pockets. Of course, I don't tend to keep a pen in my pocket anymore, so maybe they still leak just as often.
Most plotter printers cost 2,000-4,000 anyway, and all they do is print in colored ink on paper. I'm not sure what the maximum dimensions are for this printer, but it's probably not lousy.
Once you leave normal ink printing behind, it's not unusual to see printers costing somewhere in the 1000s. Sublimation printers, used in making T-shirt prints, cost a bundle too. I'm guessing they started at prices around 10,000. Now you can get one for just barely under 1000.
I honestly didn't know the stuff you've written, thank you!
I didn't know it either. Thanks for raising the issue and inspiring me to do a little quick and dirty research.
As someone who lives about 15 minutes from Monticello and has seen his water clock, dumbwaiter, duplicator (basically, a second quill that apes your movements), and other inventions, I knew that TJ was a hardcore inventor, and went seeking some resources to prove it. The stuff about his work in the patents field was just an added bonus
Ben Franklin was a good businessman and PR man. So he is the one known as the inventor, when in fact TJ probably invented at least as many items as Ben Franklin did. Since Ben Franklin was the shrewd businessman-type, and Thomas Jefferson was the always-losing-money-on-every-business-he-tried type (and his businesses were often based on the newest and latest technologies), you'd think Ben would be more likely to come up with patent, trademark, and copyright laws than TJ would.
TJ created the patent system that was the basis for the patent system in place today, even though he disliked the idea of patents in general. He felt that patents could cause there to be an unfair monopolies.
So he never patented any of his inventions.
Actually, it could be argued (and, indeed has been argued) that he was instrumental in its growth.
The "False" on the Urban Legends link is that he never claimed to have invented it.
Sounds like bullshit to me. Sure, there are varied ethnic groups and people of different ages and what not, but they're all living in an Urban environment. They've probably been exposed to the Internet earlier, since it was widely available in cities and tech centers (like college towns) before it was available in Podunk, Flatstate. Also, New Yorkers are probably more naturally suspicious of scam artists. That's probably a generalization, but I believe that it's easier to be naive in a small town filled mostly with trustworthy people than it is to be naive in a big cities which, although not "riddled" with crime, has a lot more of it than a small town.
This is also true actually for Geotrust certificates too. For most certificate issuances, you do have to install new root certificates. After you've installed the root certificate once, you don't need to do so again. This is partly why Geotrust's FUD about InstantSSL not owning its own root isn't that big of a deal: as long as the root certificate you installed hasn't expired (and those generally last 10-15 years or more), the certificates based on that root are valid and recognized. Anyone who wants to depend on things being the same for a 10-15 year period should probably get out of the Internet business. :-)
You probably do not have to do so for VeriSign, though.
Sure, but BSD is dying. *rimshot*
Seriously, good point. I'd say that once you enter the Open Source arena, Linux is definitely the most hyped of the OSes, but it still trails far behind Apple and MS in hypeability. Still, it's the only OS that lay articles on technology talk about. It'd be interesting to know how and why it is that Linux is so well known and BSD is not. Is it just because there are a lot of corporately-overseen distros of linux, while that isn't the case for BSD?
Just so you know, WhichSSL.com is owned by Comodo Group, which makes InstantSSL certificates. So, it's biased towards InstantSSL certificates. Geotrust (under the guise of "FreeSSL") hosts its own similar website (originally WhichSSL.org) called SSLReview which has its own predictable slant.
Basically, they are both low budget certificates and while they compete somewhat on price, mostly they try to sell their strengths and over-FUD the other certificate's weaknesses. InstantSSL has a wider browers recognition (99% of all browsers vs. FreeSSL's 95%); WhichSSL warns you could be losing thousands of customers. FreeSSL (Geocities, actually) owns its own root, whereas InstantSSL uses the Baltimore root; SSLReview warns that certificates bought through InstantSSL might not be reliable or stable as a result.
Right now I'm using InstantSSL myself; even with Geocities behind them FreeSSL just doesn't look as polished or professional, and since the security of the certificates are identical, I'm going mostly on the confidence my customers will feel when I send them to the InstantSSL website to show that they're a professional company.
*sigh* the one time I didn't preview...
should have been:
You didn't choose to auto-renew, and you forgot to do it manually, ergo, it must be someone else's fault. OK. You did notice that portion of the terms of use that stated that X days after the registration has expired, anyone can register the domain, didn't you?
Read the line you quoted more carefully:
I transferred a domain to them and they let it expire, charged my account anyway, and re-registerred it to themselves.
I think if they didn't at least send an expiration warning, then they were a crappy registrar. Seeing as they want ahead and charged him anyway, they're assholes. Either don't charge him, or renew the domain because he's paid. Simple as that. Since he got charged, that suggests he did have auto-renew checked, and they messed up.
Would you rather be told that you are too arrogant and don't take responsibility for your own actions (or lack thereof)? Just a question.
Again, if his account hadn't been charged, then I would say he's a somewhat misguided idiot and shouldn't be surprised he wasn't hired. But since his account was charged, they were the idiots.
It's possible this guy is too arrogant and doesn't take responsibility for his own actions. From the comments from a lot slashdotters, sounds like those are the qualities that actually get you far in the business world (although they turn you into a moral cesspool).
However, if I was turned down for a job from a company, I wouldn't be eager to use their services either.
You didn't choose to auto-renew, and you forgot to do it manually, ergo, it must be someone else's fault. OK. You did notice that portion of the terms of use that stated that X days after the registration has expired, anyone can register the domain, didn't you?
Read the line you quoted more carefully:
I transferred a domain to them and they let it expire, charged my account anyway, and re-registerred it to themselves.
I think if they didn't at least send an expiration warning, then they were a crappy registrar. Seeing as they want ahead and charged him anywayWould you rather be told that you are too arrogant and don't take responsibility for your own actions (or lack thereof)? Just a question.
Again, if his account hadn't been charged, then I would say he's a somewhat misguided idiot and shouldn't be surprised he wasn't hired. But since his account was charged, they were the idiots.
It's possible this guy is too arrogant and doesn't take responsibility for his own actions. From the comments from a lot slashdotters, sounds like those are the qualities that actually get you far in the business world (although they turn you into a moral cesspool).
However, if I was turned down for a job from a company, I wouldn't be eager to use their services either.
Man talk about FUD. Last time I checked, almost every single hole in windows was patched before an exploit was available.
s/available/made public
Just like in the OS world, most exploits aren't discovered by the original code writers, but by users who try to hack into their systems benignly. Because those people who discover the exploits are decent folk, they alert Microsoft first and don't make the exploit publicly known until a patch can be written.
However, some people have gotten so frustrated with MS's shoddy response to security alerts that some have taken to giving up and saying, "Look, this part of MS software is insecure. Here's the work around, since they won't patch it."
I can't think of any sites to send you as examples off the top of my head, but I'm sure there are slashdotters out there who'd be happy to provide you with examples. I do recall seeing that one of the patches set up this September was first for an exploit first discovered and reported in early July.
And the documentation included with the patch gave the correct changes to the configuration file, so it's beyond my comprehension how someone could have entered an incorrect configuration there anyway.
See, if the patch really had "broken" something, then it could have been changed so that it *didn't* break it. And the truth is, no change made to the patch will prevent this problem as long as someone purposefully enters an incorrect configuration. And can you blame software for functioning incorrectly with a bad config file?
I guess they have some sort of software which allows people to order cheques remotely
:-p
That's not the impression I got.
This guy was really vague about the security concerns he had -- I guess he must believe in the "security through obscurity" method.
Frankly I think this was way too generic of an Ask Slashdot. If he'd said whether his security concerns were regarding the products that we sold (and again, since they're pieces of paper I'm not sure how you can "secure" them), the software used to print the checks (hmmm...I bet the banks will still take it if you write out the name and price by hand!), or the network at his company.
He admits to not knowing anything about security (If a geek says they know a "little" bit about something, that means that they have heard the term).
And, really, what answer does he want? Something like "Go to your favorite online bookstore. Search for 'computer security'. Order the results by 'Customer Rating'. Purchase the first 5 books in the list. Read them through."? We certainly can't offer him any "security" suggestions, since we don't know what his security problems are.
Here's an similarly vague question:
Ask Slashdot:
Greenhide writes "I'm bored. Someone told me it is bad to sit on my ass all the time, but maybe I'm not good at sports (I don't know!!)? What should I do?"
Some poeople have pointed out that it seems like almost any kind of Ask Slashdot is getting posted even when the answer has a googleable answer or is excessively vague. Personally, I think Ask Slashdot should only be to start a general discussion ("What would be an effective yet fair way to protect media copyrights?") or to answer non-trivial questions ("I am trying to modify an old dorm refrigerator so that I can use it as a cooling system for my overclocked PC. Does anyone know what tools and steps I could take? Is it safe to take apart a fridge?")
Yuh, it's always them Midwest crackers spamming my Inbox.
I cringe everytime I hear them say it, because I know that it is 'secure' only because of it's relative obscurity.
By "obscurity", do you mean it's not a well known product?
I'm going to jump out on a limb here and guess that if you're going around making check software, then someone in the company actually spent a number of minutes x (with x >> 5) thinking about security in the product.
Here's an idea. You're a junior developer, right? Why not sidle up to a senior developer and say, "Hey, can we talk for a moment?" Tell them you've recently become interested in security and learning more about it. Ask them what the current security for your products is. If there isn't really any, ask them if they know if competitors use any kind of security features, saying something like, "I'll bet it would make our product look better if we could tell potential customers that we use x, y, and z to make our products secure." If he or she doesn't sound interested, evaluate how this makes you feel about working there. It probably isn't a good idea to make this a crusade; it'll just make you look mean spirited if you push through your senior developers. You can choose to stay in the company, knowing the product isn't fully secure, or if security is your thing, you can move to a company that's more secure.
Think about a worst case scenario: someone writes a series of checks that are bad. That's not impossible to happen with normal non-computer generated checks anyways. It could potentially be a lot of money -- perhaps -- but credit card fraud is generally a lot easier to perpetuate. Most check fraud that does occur is people writing big checks on their own accounts that bounce, or it's people just forging checks, neither which you or your company have any part in.
If you were in a company storing electronic medical records or bank accounts, then security through obscurity would be pretty catastrophic. But I'm guessing that you're blowing this out of proportion.
This is why the idea of a second ( legitimate correspondence only protocol ) is the only real solution.
No, this would suck.
The great thing about email is, it's a way for people who don't know you to contact you without you having to tell them somthing really personal like your phone number and name.
So I want my e-mail address available to someone I don't know, because maybe they're an old friend of mine who runs across my e-mail address somewhere and decides to see how I'm doing. Or maybe it's a friend of a friend who heard I was interested in forming a Jug band and knows how to play the fiddle.
Whatever the reason, I can't always know who is going to e-mail me. So e-mail has to be open. And if it's open, then why bother using the second protocol? If I use a closed protocol only, then I'll never get either of those messages.
And if you make the new protocol in such a way that strangers can e-mail me, then the 1c an email scammers in Nigeria will figure out how to do it. It might take a little longer to gather addresses and send e-mails, but ultimately they'll determine some way to automate it.
The one idea I've heard tossed around that I like is requiring some sort of certificate-based connection from a mail server before a message could go through. Spammers would quickly have their certificates revoked once their spam limit exceeded a certain amount, and you could specify which certifying authorities you were willing to trust. This would prevent things like DSL and other fly by night SMTP servers from being effective.
I'm not sure if you'd need a whole new protocol; you'd just need some way of adding the possiblity of a secure SSL connection for SMTP (not that bad of an idea, since it could provide at least a little security for the messages being sent through). Once that was set up, the rest of the protocol could behave the same as it has before.