Slashdot Mirror


User: phantomfive

phantomfive's activity in the archive.

Stories
0
Comments
31,362
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 31,362

  1. Re:Slippery Slope on An FBI Hacking Campaign Targeted Over a Thousand Computers (vice.com) · · Score: 1

    A simple test is.. if a citizen did this to another citizen, would that be against the law?

    Then no one would ever get arrested and put into jail, for any reason whatsoever.

  2. Re:They had a warrant... on An FBI Hacking Campaign Targeted Over a Thousand Computers (vice.com) · · Score: 2

    The answer is yes, they did have a warrant, that allowed anyone who logged into the site to be hacked (according to the article).

  3. Re:Is it news? on China's Tech Copycats Transformed Into a Hub For Innovation (wired.com) · · Score: 1

    Good info

  4. Re:Management on The Sad Graph of Software Death (tinyletter.com) · · Score: 1

    Bugs are a tiny part of the whole.

    If you want to keep the bugs down, you can't just expect the architect to solve it, though. You need to provide training for even the lowliest programmer on how to avoid bugs (especially security bugs), because they are adding to the product in a real way. The architect can balance things, but he can't write all the code himself. It's the responsibility of every member of the team to contribute good quality code.

    Of course, the architect has more experience and can guide the team on big decisions, knowing pitfalls that have ruined other teams.

  5. Re:Best security system on Comcast's Xfinity Home Security Flaw Leaves Doors Open (rapid7.com) · · Score: 1

    Cool.

  6. Re:Best security system on Comcast's Xfinity Home Security Flaw Leaves Doors Open (rapid7.com) · · Score: 1

    I find your comments disingenuous at best.

    I know people who've had their dogs shot, so I apologize for your findings.

  7. Re:this is good for press blasts on Twitter To Extend 140-Character Limit For Tweets (recode.net) · · Score: 4, Insightful

    I don't get why sites like Youtube still haven't managed to create a proper vertical video player.

  8. That paper is an advertisement for Qubes OS. Is there any part of it that you find particularly convincing? Virtual Machines can be exploited, an air gap can not unless you plug a USB stick in or similar.

  9. Re:"Hackers" of the past on Ukraine Power Outage May Be the First One Caused By Hackers (arstechnica.com) · · Score: 1

    Serious question.....has anyone ever actually used an ax to chop down a telephone pole? As a terrorist act?

  10. And to think that a FREE air gap would have prevented this.

    It's more than just an air gap. We know that an air gap isn't enough to stop hacking, although it helps and recommendable.

    If you want to have secure software, you need to think about security from the very beginning. US infrastructure is at risk because SCADA programmers didn't think about security from the ground up, which you really should if you're going to be running anything critical on software.

  11. Re:Best security system on Comcast's Xfinity Home Security Flaw Leaves Doors Open (rapid7.com) · · Score: 1

    You can shoot dogs, or poison them, or bribe them with meat.
    No one is going to think your house is being broken into, just because a dog is barking.

  12. Re:You get what you deserve for using comcast. on Comcast's Xfinity Home Security Flaw Leaves Doors Open (rapid7.com) · · Score: 1

    It depends on how long of a loss of signal, a few ms sure a few seconds sure, get to 30 seconds and well you have a problem.

    Then someone turns on the microwave for 10 minutes to cook a frozen pizza......

  13. Re:Classic! on How an IRS Agent Stole $1M From Taxpayers (onthewire.io) · · Score: 1

    but I honestly don't know how they would catch me in the first place.

    If you commit one crime, you might get away with it. If you start committing a lot of crimes, you'll leave little trails here and there, clues that investigators will start to pick up on. A big clue is the question: where did your money come from?

    A single crime usually isn't worth the effort, and multiple crimes becomes a organizational problem, so you might as well just do it legally and become an entrepreneur.

  14. it is simply cowardly to attack the electrical system.

    As opposed to actually shooting people with guns?

  15. Re:Is anybody surprised? on Comcast's Xfinity Home Security Flaw Leaves Doors Open (rapid7.com) · · Score: 1

    I just read this story which suggests that consumers are starting to avoid IoT stuff because of security concerns. So that might cheer you up (a bit) on a rainy, dreary morning.

  16. Re:Given a choice in the 70's on Gene Roddenberry's Floppy Disks Recovered (pcworld.com) · · Score: 1

    Ah, that reminded me of the smells and sounds of an old dot matrix printer. Mmmmmmmm.

  17. Re:Is anybody surprised? on Comcast's Xfinity Home Security Flaw Leaves Doors Open (rapid7.com) · · Score: 1

    Development methodologies focus on speed of the development as well as producing the right thing for the right job. If security is part of what "the right thing" is, then the methodology will produce it. If it's not, then it won't.

    Nope. You can tell what from the name what they are focused on. "Agile" is focused on quickly responding to customers, RAD is focused on Rapid application development, for example.

    Every development methodology claims to "produce the right thing," even teams without any methodology, even waterfall claims that. That is not unique to any methodology, they all do that.

  18. Re:This is why... on Comcast's Xfinity Home Security Flaw Leaves Doors Open (rapid7.com) · · Score: 1

    A wired solution that reported "everything is ok!" if you cut the wires or the power went out would be equally stupid. The problem isn't related to wireless

    With a wired solution, you need to actually cut the wires and have physical access. With a wireless solution, an attacker can use a jammer to break the connection.

    Most likely the developers did this because with wireless, there would be so many false alarms of the connection being broken, that it was just annoying for the users (That's not an excuse, they still should have put a notice somewhere that the connection had been broken, even if they didn't turn on the alarm and automatically call the police).

  19. Re:Is anybody surprised? on Comcast's Xfinity Home Security Flaw Leaves Doors Open (rapid7.com) · · Score: 1

    All the development methodologies of the last few decades have been primarily focused on how to get software out the door quicker: Agile, RAD, Extreme Programming, etc are focused on faster (of course, there are exceptions: NASA for example always tries to make things more reliable, other researchers have looked at that too, but the mainline software industry has mostly ignored reliability).

    The reality is, if you want secure software, every programmer needs to be thinking about security. It's not something you can bolt on after the software is written. You can't have a "Red Team" who tries to fix things later (although that can be a secondary layer of security). Companies don't think about security until they are big enough to be a target, which is obviously a problem.

    We need a new development methodology based on security.....instead of RAAD call it RAADT after a certain contentious developer......

  20. Re:Not Zigbee's Fault, either on Comcast's Xfinity Home Security Flaw Leaves Doors Open (rapid7.com) · · Score: 0

    It's something that's basically guaranteed to happen: when you hear the words "Comcast Software" you don't think "oh, that's really going to be secure" because they are a company that focuses on cutting costs primarily.

    If you want secure software, you need to start from the bottom up: even the most junior programmers need to be thinking about security, every time they write a line of code. Security isn't something that can be bolted on after the fact.

    If you think of Comcast's management style, you can be certain the managers are not training their new, junior programmers to think about security every time they write a line of code, but that is what it takes.

  21. Re:what on IPv6 Turns 20, Reaches 10 Percent Deployment (arstechnica.com) · · Score: 1

    Network Address Translation - have a dozen people hitting Facebook at once behind one IP address and watch their web browsers slow down once per minute no matter what bandwidth you have.

    That's a really good point, I hadn't thought of that.

  22. Re:Specialization on Overcoming Intuition In Programming (amasad.me) · · Score: 1

    I've noted that businesses that have historically shown high growth and apparent long term stability seem to be looking for "T-shaped" employees. These are employees who know a little about a lot (a wide horizontal) and a lot about a little (a narrow vertical). Specialization is good, but you have to know enough to be able to respecialize in anything else quickly

    Well said.

  23. Re:Glueing things together is how I teach OO desig on Overcoming Intuition In Programming (amasad.me) · · Score: 1

    Say what? I don't know too many (computer science) academics who'd touch C with a ten foot pole

    Donald Knuth, for one (albeit with a literate programming pre-processor).

  24. Re:Just in time on Copyright Expires On Adolf Hitler's Mein Kampf · · Score: 1

    Goebbels did his best to convince everyone that Mein Kampf was the perfect wedding gift,

    That.......is kind of hilarious.

  25. Re:Many happy returns, IPv6 on IPv6 Turns 20, Reaches 10 Percent Deployment (arstechnica.com) · · Score: 1

    Perhaps your friend's ISP needs to upgrade their equipment anyway.

    If it works fine, why upgrade? Businesses tend not to upgrade until there's a business case for it. You don't just throw out perfectly good things because they are 'old'