I thought you guys believed in the immortal soul of man. You know, an eternity burning in Hell if you didn't accept Jesus Christ as your personal Lord and Saviour? Or an eternity in Heaven eating grapes and playing the lyre if you did?
Perhaps deep down you're really a Hindu like your pseudonym "reboot", and you're continually reborn to try one more lifetime to get it right? Will this life be the one?
The US mortgage industry single-handedly is keeping facsimile alive and well. Anyone who's bought a house lately can attest that they have no clue about PII in unencrypted e-mails, and think nothing of asking you to print out, sign and initial a 60 page document, then fax it back to them. And then they have the gall to complain when you reduce their 8.5 x 14 legal size documents to 8.5 x 11 because your $99 inkjet printer/scanner can't handle legal size.
With throwback companies like that, you'd never know that the mortgage industry is the major backer behind DocuSign. Another reason why banks should issue you a digital certificate when you open an account. If the US Government can implement PKI for their own use, surely the more nimble private marketplace can do the same.../s
And here I thought Puerto Rico was a territory of the US since the Spanish American War of 1898. Or was that where Los Tres Mosqueteros surrendered to Menudo the in the PR Battle of the Bands in 1997?
The side which is in the western hemisphere. If you had asked "Which way is north if it straddles the south pole", then you could say "pick any direction from the south pole, and that's north"...
Current hysteria sounds like assassins can use the pump to kill their targets and avoid discovery, which unless answers are "yes" and "yes" is false, or at least no worse than current medical devices.
Maybe the pump is crap, but the security researcher here is more crap, and/. peanut gallery is worst crap.
That is in fact what the researcher is saying - the answers are yes and yes. By simply gaining access to any configured PCA pump, whether it's in hospital inventory, on any patient (including an attacker admitted as a patient), an attacker can remotely manipulate any identical PCA pump on the "secure" wireless network. And as others have said, since these pumps generally dispense opioid pain killers, it would be trivial to kill most any patient attached to one.
What you're advocating is security by obscurity. Since this flaw is no longer obscure, the pump is no longer secure. Oh God, I'm channeling Johnny Cochran during the OJ trial.
Where have you been? This is exactly what's underlying ISP opposition to Title II. It's not because they don't want regulation. It's because, like Nazi Minister of Propaganda Joseph Goebbels, they want to control the message. One can do that if they control the production and the delivery of information.
I'd venture a guess that AT&T Uverse either hasn't IPv6-enabled their CDN, or they haven't executed any contracts with their CDN suppliers which demand IPv6 support. IOW - Stuttering videos aren't caused by IPv6, it's probably because AT&T may not yet allow Netflix or Google/Youtube to install 6-enabled caching servers in AT&T's network. I wonder how their own video streaming sources work over IPv6? I can't test that theory because right now my ISP is Verizon FIOS...
Not quite true. The first cellular service in the US was launched by just prior to the January 1, 1984 divestiture of the Regional Bell Operating Companies (RBOCs - the local service providers of telephone service) from AT&T - the long distance provider. The March 6, 1983 launch was by the future RBOC which would become Ameritech. So while technically not AT&T, it was the spawn of AT&T.
And one certainly didn't get cellular service back then because you were tired of being overcharged by AT&T. A normal cellular bill back then was way over $200/month - in 1986 dollars. And that got you maybe 60-70 minutes of air time, and didn't include long distance either.
Back in the day the FCC, through spectrum allocations, mandated that each major future cellular (they weren't called wireless back then) market would be divided into two: the non-incumbent "A" service provider (e.g., like a Cellular One in the NYC metro area) and the incumbent "B" service provider (like NYNEX in this case). So in lots of markets wireless startups were funded by investors who'd make a killing. But in other markets, the non-incumbent carrier was simply another RBOC which was entering into a new territory.
So when we get to kernel version 4.1.15, it will speak with an Austrian accent rather than Finnish?
And of course, when we see the later T-1000 form a pointy sword from its liquid metal arm and kill young John Connor's foster father, it's further proof that there's still old cruft code in the future kernel, since it's just reproducing Linus' most famous gesture.
It would be an interesting Big Data exercise to see trading data by certain federal government employees... Oh, I don't know - perhaps to see what the average gains were in a 12-month period compared to the gains of the average Joe in private industry?
82 posts and not a single reference from the Conspiracy Theory faction about the shadow US Government controlled by the Grays. Or Thetans. Or Pleiadians.
When the next "cometary visitor" from the Oort Cloud comes knocking - whether it is 100 years in the future or 10,000, you had better hope for humanity's sake that there are Space Nutters out there, because humanity would be toast.
You personally may have no long term plans, but if mankind wants to live as long enough to speciate, we have to clean up our act - with resource usage and population control here on earth, and branching out beyond earth. If we don't radically change our economic model, then the latter choice is the only choice for survival our our species.
Politicians/Marketing twist everything for their own use.
The problem with scientists and engineers is that they don't understand economics or sociology.
You obviously aren't an engineer by training. Engineering education harps very heavily on the economics aspect of every engineering project. If anything, engineers are constrained by their code of ethics, whereas politicians and marketers are not.
Dark matter only interacts gravitationally with baryonic matter, right? If so, then I'd think it's pretty obvious that dark matter would be a major constituent of a galaxy's supermassive black hole. But then, according to Sheldon Cooper, I have only a Masters' Degree - in engineering, at that - so what do I know?
Donuts, dude. Everyone knows a solar-powered vehicle doesn't fart... Dust from donuts should be a lot better ever since the other aliens hopped it up with monster rims after the first aliens jacked the tires. https://www.youtube.com/watch?...
I think the file type actually does matter. Since Excel and other programs natively provide security, why not use that? I get that if you want a security person you need to ask specific questions, but perhaps you need to be more specific when looking for applicants. A killer JQuery person or data translation expert probably won't know PKI very well.
No - it has nothing to do with what the original poster asked:
We are looking to fill a senior developer/architect position in our firm. I am disappointed with the applicants thus far, and quite frankly it has me worried about the quality of developers/engineers available to us. For instance, today I asked an engineer with 20+ years of experience to describe to me the basic process of public/private key encryption. This engineer had no clue.
This is for a senior developer / software architect role. If I were in Ramone's position, I'd feel the same way. I learned the basics of PKI while an EE undergrad back in the early '80s - concentrating in telecommunications. It was in a required course. And I didn't really use that knowledge as a professional until the late '90s and I continue to use it to this day, even though I'm not a security professional (though I do design secure networks). Now, that being said, a developer today, to be a software architect, should at least be able to explain the basics of PKI at a cocktail-conversation level. They don't have to know what goes into the various SHA and RSA algorithms (I certainly don't know off the top of my head), but they should be able to talk about encrypting with someone's public key and the only way to decrypt is with that person's corresponding private key. Security 101 is probably part of every single CS curriculum, if not every IT-related one.
I asked another applicant a similar question: "Suppose you wanted to send me a file with very sensitive information, how would you encrypt it in such a way that I would decrypt it?" The person started off by asking me if it was an excel file, a PDF, etc
Now this response from the candidate I can understand. Remember this isn't the first interviewee who couldn't explain PKI. In this case, they may have been thinking "Excel and the PDF standard both support encryption - so I'd just answer that you password protect the file. If it's a plain-text file, you could use the password protection feature of any.zip archive utility, or better yet use PGP/GPG encryption if you know the recipient's public key". It may well be that Ramone was expecting something different when the candidate asked this, and on seeing the surprise on Ramone's face, lost his train of thought and got confused.
After all, the interview was apparently for a high level position writing code for Ramone's pool cleaning business.;-)
I think the idea is to have a huge source of neutrons in physical proximity to increase the chances of one leaking into the other universe first so it can leak back on the other side of the shielding.
I have a big problem with that.
From TFA: "...the number of neutrons that leak back into our universe from another brane will depend on the distance of the detector from the reactor, where they are created in the first place. This rate should fall with the square of the distance from the reactor. So any distance dependence will be good evidence of brane leakage."
What? Why should the creation rate fall with the square of the distance? I can understand the inverse square law from the standpoint of neutron emissions from our own universe, but wouldn't entanglement across branes be, by definition, independent of distance?
Sorry, but the theoretical work has mostly been already done. The real work now is making OpenSSL/LibreSSL (including client, not just server authentication) and PGP/GPG ubiquitous. Every e-mail client(desktop and mobile) should have S/MIME and GnuPG integrated in - including Gmail, Yahoo and the various ISP web clients. What's taking Google so long for Gmail - pressure from various governments? Projects like Enigmail are great, but there really needs to be a push to get commercial companies to start adopting secure email.
Being a customer of a bank should mean I get an authenticated PGP/GPG key or an X.509 key when I open an account. Or my ISP should issue one to me. Maybe something akin to the FDIC would maintain the public key infrastructure. The bank has my identifying information. We just need the wherewithal to create the supporting infrastructure in the marketplace.
How to fund it? Hell, it would pay for itself by reducing identity theft and fraud losses incurred by the banks and retailers.
And it should be easy to generate a revocation key in case mine is compromised (phone or laptop gets stolen?). Right now in GPG4Win, there's no way to generate a revocation key from the Kleopatra GUI - I gotta do it from the command line. Adding that feature doesn't take a PhD in mathematics - that's something a reasonably experienced coder to add, since Kleopatra is just a front-end to generate the command line to pass to the gpg executable.
Slashdot Mirror
I thought you guys believed in the immortal soul of man. You know, an eternity burning in Hell if you didn't accept Jesus Christ as your personal Lord and Saviour? Or an eternity in Heaven eating grapes and playing the lyre if you did?
Perhaps deep down you're really a Hindu like your pseudonym "reboot", and you're continually reborn to try one more lifetime to get it right? Will this life be the one?
The US mortgage industry single-handedly is keeping facsimile alive and well. Anyone who's bought a house lately can attest that they have no clue about PII in unencrypted e-mails, and think nothing of asking you to print out, sign and initial a 60 page document, then fax it back to them. And then they have the gall to complain when you reduce their 8.5 x 14 legal size documents to 8.5 x 11 because your $99 inkjet printer/scanner can't handle legal size.
/s
With throwback companies like that, you'd never know that the mortgage industry is the major backer behind DocuSign. Another reason why banks should issue you a digital certificate when you open an account. If the US Government can implement PKI for their own use, surely the more nimble private marketplace can do the same...
And here I thought Puerto Rico was a territory of the US since the Spanish American War of 1898. Or was that where Los Tres Mosqueteros surrendered to Menudo the in the PR Battle of the Bands in 1997?
The side which is in the western hemisphere. If you had asked "Which way is north if it straddles the south pole", then you could say "pick any direction from the south pole, and that's north"...
Current hysteria sounds like assassins can use the pump to kill their targets and avoid discovery, which unless answers are "yes" and "yes" is false, or at least no worse than current medical devices.
Maybe the pump is crap, but the security researcher here is more crap, and /. peanut gallery is worst crap.
That is in fact what the researcher is saying - the answers are yes and yes. By simply gaining access to any configured PCA pump, whether it's in hospital inventory, on any patient (including an attacker admitted as a patient), an attacker can remotely manipulate any identical PCA pump on the "secure" wireless network. And as others have said, since these pumps generally dispense opioid pain killers, it would be trivial to kill most any patient attached to one.
What you're advocating is security by obscurity. Since this flaw is no longer obscure, the pump is no longer secure. Oh God, I'm channeling Johnny Cochran during the OJ trial.
Where have you been? This is exactly what's underlying ISP opposition to Title II. It's not because they don't want regulation. It's because, like Nazi Minister of Propaganda Joseph Goebbels, they want to control the message. One can do that if they control the production and the delivery of information.
I'd venture a guess that AT&T Uverse either hasn't IPv6-enabled their CDN, or they haven't executed any contracts with their CDN suppliers which demand IPv6 support. IOW - Stuttering videos aren't caused by IPv6, it's probably because AT&T may not yet allow Netflix or Google/Youtube to install 6-enabled caching servers in AT&T's network. I wonder how their own video streaming sources work over IPv6? I can't test that theory because right now my ISP is Verizon FIOS...
Not a natural-born citizen of the US. Otherwise, we'd have had Ahnold.
Not quite true. The first cellular service in the US was launched by just prior to the January 1, 1984 divestiture of the Regional Bell Operating Companies (RBOCs - the local service providers of telephone service) from AT&T - the long distance provider. The March 6, 1983 launch was by the future RBOC which would become Ameritech. So while technically not AT&T, it was the spawn of AT&T.
And one certainly didn't get cellular service back then because you were tired of being overcharged by AT&T. A normal cellular bill back then was way over $200/month - in 1986 dollars. And that got you maybe 60-70 minutes of air time, and didn't include long distance either.
Back in the day the FCC, through spectrum allocations, mandated that each major future cellular (they weren't called wireless back then) market would be divided into two: the non-incumbent "A" service provider (e.g., like a Cellular One in the NYC metro area) and the incumbent "B" service provider (like NYNEX in this case). So in lots of markets wireless startups were funded by investors who'd make a killing. But in other markets, the non-incumbent carrier was simply another RBOC which was entering into a new territory.
So when we get to kernel version 4.1.15, it will speak with an Austrian accent rather than Finnish?
And of course, when we see the later T-1000 form a pointy sword from its liquid metal arm and kill young John Connor's foster father, it's further proof that there's still old cruft code in the future kernel, since it's just reproducing Linus' most famous gesture.
It would be an interesting Big Data exercise to see trading data by certain federal government employees... Oh, I don't know - perhaps to see what the average gains were in a 12-month period compared to the gains of the average Joe in private industry?
The hell with recalibrating. Spritzer needs to power it on!
Whereas jellys are not?
82 posts and not a single reference from the Conspiracy Theory faction about the shadow US Government controlled by the Grays. Or Thetans. Or Pleiadians.
/., for shame.
For shame,
When the next "cometary visitor" from the Oort Cloud comes knocking - whether it is 100 years in the future or 10,000, you had better hope for humanity's sake that there are Space Nutters out there, because humanity would be toast.
You personally may have no long term plans, but if mankind wants to live as long enough to speciate, we have to clean up our act - with resource usage and population control here on earth, and branching out beyond earth. If we don't radically change our economic model, then the latter choice is the only choice for survival our our species.
It's like trying to PROVE which group is better, Christians or Catholics.
Which is better, Los Angelenos or Californians? Americans or North Americans? Asians or Earthlings?
Evangelicals or Christians? Sunnis or Muslims? Shia or Muslims?
You do understand set theory, don't you? Perhaps you missed the class on Venn diagrams ;-)
Politicians/Marketing twist everything for their own use.
The problem with scientists and engineers is that they don't understand economics or sociology.
You obviously aren't an engineer by training. Engineering education harps very heavily on the economics aspect of every engineering project. If anything, engineers are constrained by their code of ethics, whereas politicians and marketers are not.
Cyberax's second comment about the train (on a frictionless track) is really cool. I wonder how much the Coriolis force would affect the travel time.
What if, instead of a straight tunnel, you curve it to counter-balance the Coriolis force? Interesting thought.
Dark matter only interacts gravitationally with baryonic matter, right? If so, then I'd think it's pretty obvious that dark matter would be a major constituent of a galaxy's supermassive black hole. But then, according to Sheldon Cooper, I have only a Masters' Degree - in engineering, at that - so what do I know?
I feel cheated. As a kid, all I got was a microscope.
Donuts, dude. Everyone knows a solar-powered vehicle doesn't fart... Dust from donuts should be a lot better ever since the other aliens hopped it up with monster rims after the first aliens jacked the tires. https://www.youtube.com/watch?...
I think the file type actually does matter. Since Excel and other programs natively provide security, why not use that? I get that if you want a security person you need to ask specific questions, but perhaps you need to be more specific when looking for applicants. A killer JQuery person or data translation expert probably won't know PKI very well.
No - it has nothing to do with what the original poster asked:
We are looking to fill a senior developer/architect position in our firm. I am disappointed with the applicants thus far, and quite frankly it has me worried about the quality of developers/engineers available to us. For instance, today I asked an engineer with 20+ years of experience to describe to me the basic process of public/private key encryption. This engineer had no clue.
This is for a senior developer / software architect role. If I were in Ramone's position, I'd feel the same way. I learned the basics of PKI while an EE undergrad back in the early '80s - concentrating in telecommunications. It was in a required course. And I didn't really use that knowledge as a professional until the late '90s and I continue to use it to this day, even though I'm not a security professional (though I do design secure networks). Now, that being said, a developer today, to be a software architect, should at least be able to explain the basics of PKI at a cocktail-conversation level. They don't have to know what goes into the various SHA and RSA algorithms (I certainly don't know off the top of my head), but they should be able to talk about encrypting with someone's public key and the only way to decrypt is with that person's corresponding private key. Security 101 is probably part of every single CS curriculum, if not every IT-related one.
I asked another applicant a similar question: "Suppose you wanted to send me a file with very sensitive information, how would you encrypt it in such a way that I would decrypt it?" The person started off by asking me if it was an excel file, a PDF, etc
Now this response from the candidate I can understand. Remember this isn't the first interviewee who couldn't explain PKI. In this case, they may have been thinking "Excel and the PDF standard both support encryption - so I'd just answer that you password protect the file. If it's a plain-text file, you could use the password protection feature of any .zip archive utility, or better yet use PGP/GPG encryption if you know the recipient's public key". It may well be that Ramone was expecting something different when the candidate asked this, and on seeing the surprise on Ramone's face, lost his train of thought and got confused.
;-)
After all, the interview was apparently for a high level position writing code for Ramone's pool cleaning business.
"We are the Priests, of the Temples of Syrinx..."
"One day I feel I'm ahead of the wheel, and the next day it's rollin' over me."
I think the idea is to have a huge source of neutrons in physical proximity to increase the chances of one leaking into the other universe first so it can leak back on the other side of the shielding.
I have a big problem with that.
From TFA: "...the number of neutrons that leak back into our universe from another brane will depend on the distance of the detector from the reactor, where they are created in the first place. This rate should fall with the square of the distance from the reactor. So any distance dependence will be good evidence of brane leakage."
What? Why should the creation rate fall with the square of the distance? I can understand the inverse square law from the standpoint of neutron emissions from our own universe, but wouldn't entanglement across branes be, by definition, independent of distance?
Sorry, but the theoretical work has mostly been already done. The real work now is making OpenSSL/LibreSSL ( including client, not just server authentication ) and PGP/GPG ubiquitous. Every e-mail client(desktop and mobile) should have S/MIME and GnuPG integrated in - including Gmail, Yahoo and the various ISP web clients. What's taking Google so long for Gmail - pressure from various governments? Projects like Enigmail are great, but there really needs to be a push to get commercial companies to start adopting secure email.
Being a customer of a bank should mean I get an authenticated PGP/GPG key or an X.509 key when I open an account. Or my ISP should issue one to me. Maybe something akin to the FDIC would maintain the public key infrastructure. The bank has my identifying information. We just need the wherewithal to create the supporting infrastructure in the marketplace.
How to fund it? Hell, it would pay for itself by reducing identity theft and fraud losses incurred by the banks and retailers.
And it should be easy to generate a revocation key in case mine is compromised (phone or laptop gets stolen?). Right now in GPG4Win, there's no way to generate a revocation key from the Kleopatra GUI - I gotta do it from the command line. Adding that feature doesn't take a PhD in mathematics - that's something a reasonably experienced coder to add, since Kleopatra is just a front-end to generate the command line to pass to the gpg executable.