Slashdot Mirror


User: phantomfive

phantomfive's activity in the archive.

Stories
0
Comments
31,362
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 31,362

  1. Re:Of course on Microsoft Chastises Google Over Chrome Security (pcmag.com) · · Score: 1

    Which part exactly do you disagree with?

  2. Re:Nothing To... Hmm... on For Under $1,000, Mobile Ads Can Track Your Location (mashable.com) · · Score: 4, Insightful

    I imagine the more reputable (i.e. common) ad networks will/already prohibit such specific targeting.

    No. I've worked in ad-tech, and I can tell you the answer is no. There is absolutely no motivation for ad companies to even think about this problem beyond a token effort.

    Ad companies have every motivation, indeed they have people paying them to give them as much information about a person as possible. This isn't even a new thing: decades ago you could buy mailing lists with names, addresses, gender, and income.

  3. Of course on Microsoft Chastises Google Over Chrome Security (pcmag.com) · · Score: 2

    Good has some really good programmers, and so does Microsoft. In the past they were even more impressive.

    But both of them are now process driven companies, primarily focused on not overturning the boat, and the result is code that follows process. As long as process is followed, you don't have to worry about whether you did a good job or not. Just go home at the end of the day. That is the mentality of the vast majority of mediocre programmers at both companies.

  4. Re:The Mac Is Dead on Tim Cook Confirms the Mac Mini Isn't Dead (macrumors.com) · · Score: 1

    oh yeah, I forgot about that credit card things. fubar.

  5. Re:The Mac Is Dead on Tim Cook Confirms the Mac Mini Isn't Dead (macrumors.com) · · Score: 1

    It's not just Tim Cook. After the iPhone was released, a lot of people who had been at Apple from the Next days began to retire. The average quality of libraries at the code level began to suffer first, then it became more and more noticeable (XCode? What monstrosity of Agility got inflicted on that?) Now there are strange things like the touch bar. The drop in quality is obvious because good people left and they got infected by process.

  6. Re:The Mac Is Dead on Tim Cook Confirms the Mac Mini Isn't Dead (macrumors.com) · · Score: 1

    I recently switched back to Linux. I couldn't be happier. As a bonus, GNU radio is easier to set up on Linux.

  7. Biometrics are ID, not security on Why Are We Still Using Passwords? (securityledger.com) · · Score: 1

    Such technologies -- from fingerprint scans to facial and retinal scans -- promise more secure and reliable factors than alphanumeric passwords, the executives agreed.

    No, no no, my god, no. Something that can be acquired just by looking at you is not secure. Using as authentication something that can only be changed by destructive surgery is not sane.

  8. I haven't signed my credit card for the last decade (if I lose my card, do I really want to give them my signature too?), and in that time only one person has asked to see my signature.

  9. This blunts the hypothesis that Mensa is a dating service for smart guys.

    I can't say I've ever heard that hypothesis........

  10. The other half is planning on leaving and hope they get severance pay.

  11. Re:fuzzing works. on Targeted Fuzzing Is Improving Linux Security, Linus Torvalds Says (iu.edu) · · Score: 2

    Incidentally, there has been some good work on improving the quality of fuzzing. In the future we may have fuzzing tools that use genetic algorithms to modify the input and get as deep into the program as they can. I don't know of any tools that have incorporated this yet, but it's an area worth paying attention to.

  12. Re:fuzzing works. on Targeted Fuzzing Is Improving Linux Security, Linus Torvalds Says (iu.edu) · · Score: 4, Informative

    The answer is lots and lots of random input. If you just start injecting random data into a field, you'll find a lot.

    The difficult part is that you want the random data to get past the initial sanity checks. To do that, you need to have relatively deep knowledge of the thing you are fuzzing. That is why automated fuzzing tools tend to be a bit frustrating.

  13. Re:What is the alternative though on The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com) · · Score: 1

    Thanks. Mainly I was wondering if he had particular exploits in mind, or if he was just going on some vague hunch. If he had some particulars in mind, I was interested in seeing them.

  14. Re: IT is out, DevOps is in on Ask Slashdot: What Are Some Hard Truths IT Must Learn To Accept? (cio.com) · · Score: 1

    But if you pull out the lawyerish CYA language it works a lot better:
    "Dear Bossman, In my considered professional opinion proposal X will be severely detrimental to the security of our systems. By going ahead with X, we are exposing both the company and our customers to unnecessary and potentially disastrous risk. Having notified you of this unacceptable risk, I disclaim any and all personal responsibility for any adverse effects that may result."

    That is a nice trick, I am definitely adding it to my toolkit.

  15. Re:DevOps is out, DevSecOps is in on Ask Slashdot: What Are Some Hard Truths IT Must Learn To Accept? (cio.com) · · Score: 1
    ok, I looked it up. Found this, I'm liking what I see. Their manifesto needs some conciseness, though. Indeed, if security isn't a part of the product from the beginning, it can't be added later.

    The purpose and intent of DevSecOps is to build on the mindset that "everyone is responsible for security"

  16. Re:What is the alternative though on The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com) · · Score: 1

    You might as well ask me to stop using Windows

    Yes please. It would make the world a better place.

  17. What percentage of people eligible to join MENSA actually do join MENSA?

  18. Re:Maybe / Maybe Not on Intelligent People More At Risk of Mental Illness, Study Finds (independent.co.uk) · · Score: 1

    Measuring only people from MENSA is one hell of a confounding factor. They are a self-selected group by definition.

  19. Re:Can it be generalized? on DeepMind's Go-Playing AI Doesn't Need Human Help To Beat Us Anymore (theverge.com) · · Score: 2

    The answer is no, and provably so, because it is not Turing complete.

  20. Re:What is the alternative though on The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com) · · Score: 1

    Nice links.

  21. Re:JS engines are often exploited on The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com) · · Score: 1

    Nice link, good find.

  22. Re:What is the alternative though on The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com) · · Score: 2, Insightful

    Oh, I dunno... Maybe... mining?

    If that's literally the worst exploit out there, then Javascript is the most secure platform and VM ever invented. The only antivirus we'll ever need is "close the browser window."

  23. Re:What is the alternative though on The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com) · · Score: 3, Interesting

    Javascript is not only a theoretical security problem, it's one that's very commonly exploited.

    What exploits are you talking about here?

  24. Re:What is the alternative though on The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com) · · Score: 1

    We are just a few short steps from asm.js becoming a reality, and all the benefits that will flow from there.

    Webassembly is here NOW and available in all major browsers. The major drawback right now is that it can't access the DOM, but that will change in the future.

  25. Re: Why disable? on The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com) · · Score: 4, Insightful

    The point (which you seemed to have missed) is that any vaguely legitimate website will be able to make more money selling ads than they will by mining bitcoin on their visitor's computers. (Note that as Bitcoin value increases, the effort required to mine increases as well.)

    Since you can make more money by selling ads than mining bitcoin in Javascript, the only ones who will do it are those who don't have the ability to sell ads.