Slashdot Mirror


User: gweihir

gweihir's activity in the archive.

Stories
0
Comments
19,136
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 19,136

  1. Actually, given that most software (except some carefully hardened server software) is insecure, an open port is very much a risk if it connects to an app.

  2. Re:You're outsourcing the jobs! Then you complain! on IT Leaders Will Struggle To Meet Future Demands, Study Says (betanews.com) · · Score: 2

    It is actually a lot more long-term. As IT people have been treated badly pay- and career-wise (and in other ways) for a while now, many people that would have been good at it decided to enroll in other subjects at university or learn another trade-skill. The skill-gap is real, but those that complain now are the morons that caused it by focusing on short-term goals instead of on long-term survival.

  3. Re:People like Musk need to do more homework on Elon Musk Outlines His 'Boring' Vision For Traffic-Avoiding Tunnels (axios.com) · · Score: 1

    There are a few numbers, and they are not good at all. Also, time-frame would be multiple decades.

  4. Re:People like Musk need to do more homework on Elon Musk Outlines His 'Boring' Vision For Traffic-Avoiding Tunnels (axios.com) · · Score: 1

    Musk has a lot of money and one good product (much like other super-rich people). Even if he claims the most outrageous bullshit, it will still be heralded as the next great thing in the press. Also typical for the super-rich, it looks very much like he has surrounded himself with yes-men.

  5. And you think countries with good train systems do not have that issue? And maybe they have solutions for it? All your posting shows how unaware you are of what is possible and being done in modern countries. (No, the US does not qualify as "modern".)

  6. The US is not a modern country in many regards. Its lack of a good train system is just one of them.

  7. Re:With someone else's equipment on Elon Musk Outlines His 'Boring' Vision For Traffic-Avoiding Tunnels (axios.com) · · Score: 1

    Yes. Utterly stupid, but all too human.

  8. ... and better hidden. The NSA does not think its immoral acts were the problem, it thinks getting caught was the problem. They are, as so many people, completely unaware of history.

  9. Re:I often think dietary "science" is a myth on Popular Belief That Saturated Fat Clogs Up Arteries Is a Myth, Experts Say (independent.ie) · · Score: 1

    Well, it is just yourself you want to convince, sure. But for others, you sort-of have to have demonstrated skills and that is where the PhD comes in. After all, you cannot just call yourself a surgeon or a pilot or the like either. Well, you can, but it will be meaningless. Although almost all self-styled "scientists" have no clue what they are doing and due to Dunning-Kruger are in addition unable to see that. The scientific method is a bit more involved than most people realize and that includes some pretty smart people. For example, "following the scientific method" is necessary but not sufficient. And even that part is actually pretty difficult to do and takes a lot of different forms. A single life is too short to find out all that by yourself.

    Hence assuming that somebody without a PhD is not a scientist is a pretty safe bet.

  10. Re:I often think dietary "science" is a myth on Popular Belief That Saturated Fat Clogs Up Arteries Is a Myth, Experts Say (independent.ie) · · Score: 4, Informative

    Quite possibly that as well. MDs are not scientists. That requires an actual PhD.

  11. I wonder how long until these get hacked... on Amazon Wants To Put a Camera and Microphone in Your Bedroom (vice.com) · · Score: 1

    As these are consumer devices, security will suck. Maybe it will be better than average, but even then it likely takes one talented black-hat and pictures from your bedroom will make it on the Internet.

  12. Re:I often think dietary "science" is a myth on Popular Belief That Saturated Fat Clogs Up Arteries Is a Myth, Experts Say (independent.ie) · · Score: 0

    Science actually works well, if practiced by competent and honest scientists. Unfortunately, there are just as many bad and dishonest scientists than there are incompetent and dishonest people in any other field. The medical fields is an extreme offender here though, probably dues to hugely inflated egos as additional problem.

  13. Can only be acieved with the "Scotty Method"... on Ask Slashdot: Are Accurate Software Development Time Predictions a Myth? (medium.com) · · Score: 1

    I.e. if you carefully estimated the time, tell them you need twice that. If needed, waste some time to be accurate. Of course, even this method requires a high level of skill, because the average developer (i.e. not really good at anything) will deliver results with even more delay if given more time.

  14. Fine example of "Pseudo Profound Bullshit" on Will the High-Tech Cities of the Future Be Utterly Lonely? (theweek.com) · · Score: 1

    First, nothing technologically created is becoming "sentient" anytime soon, and certainly not "fast". At that position I stopped reading, because there was no chance left of anything worthwhile reading in the rest.

  15. Re:Not much luck over a two-year period on Companies Are Paying Millions For White Hat Hacking (nypost.com) · · Score: 1

    Luck is involved in the parts of finding things that others have not yet found and that hence give you a high payout. In particular, this gets progressively harder and the harder it gets, the lower the payouts. So while this person made $600'000 over 2 years, a repeat performance over the next 10 years, or so is exceptionally unlikely.

    An actually professional code security review does not depend on luck. It also does not try to maximize "bugs found". It looks at architecture, design, input validation, critical data-paths, etc. and more than half of the result will not be description of bugs found, but analysis of severity and conclusions to be drawn and even things that are not directly bugs, like critical data-paths that rely on one protection mechanism, configuration options that are hard to get right and breaks security (or remove one layer of protection) when done wrong, code structure that is misleading, security functionality in surprising places, etc.

    The whole focus on "finding bugs" is misplaced. You will never find them all and due to the randomization aspect of this, a different attacker may just find ones you did not find, regardless of how hard you looked. In fact, it is basically always cheaper and has a better result to re-implement with highly skilled and trusted people that thoroughly understand software security. Doing background-checks on these people and making sure they are satisfied with their jobs is actually much more important than to look at the code they produce. As so often in IT security, skewed and outright wrong ideas from bad movies are prevalent in the area of code security as well.

  16. Re:Ten years too late... on Companies Are Paying Millions For White Hat Hacking (nypost.com) · · Score: 1

    You are welcome.

  17. Re:I work for a medical billing software... on NSA's DoublePulsar Kernel Exploit a 'Bloodbath' (threatpost.com) · · Score: 1

    Indeed. And apparently, the ones that caused huge losses for society and cost a lot of people their jobs are somehow regarded as above punishment.

  18. Re: minwage $11.40-$9.90 on Ontario Launches Universal Basic Income Pilot (www.cbc.ca) · · Score: 1

    You are blind. There is also a thing called "software" that can be used to automate tasks, no robots involved. Apparently, you have never heard of it.

  19. Re:Corporate espionage on Uber Gets Sued Over Alleged 'Hell' Program To Track Lyft Drivers (techcrunch.com) · · Score: 3, Informative

    You miss the point. Sure all those you are quoting will gladly spy on, maim and kill others, but they will not touch each other. While these actors are pretty bad, it would be far worse if they were at war with each other.

  20. Re:minwage $11.40-$9.90 on Ontario Launches Universal Basic Income Pilot (www.cbc.ca) · · Score: 2

    It basically has no impact on employment. Industries that claim they now want to replace people with automation have planned to do this before anyways. They just found a pretext in minimal wages. The fact of the matter is that wherever people can be replaced with automation, they were not the main cost-factor anyways, with very few exceptions. Hence the effects of minimal wage are just to make sure people have more spending money and that is universally good for the economy. After all, what point is there in producing things, if people cannot buy them? Of course, this only works were people have jobs, and that is where the UBI comes in. Because in the medium-term future, a large part of the demographic will not have a job anymore due to automation. If they do not have reasonable spending money, the economy collapses due to market collapse and social unrest with become an extremely expensive problem.

    I do however think that many of the opponents to an UBI are those that define their worth by their jobs and these people are scared extremely by the idea that they are actually not that special. The whole argument about it "being too expensive" is bogus.

  21. Now also explain and make available effective contraception, or each person saved will spawn a few more to die from hunger and war two decades down the road. Messing with natural population control mechanisms is dangerous and tricky. Not saying it should not be done, but it needs to be done right or catastrophes will ensue.

  22. Re:Germany will increase on Some of the Biggest Economies Aren't a Big User Of Social Media (axios.com) · · Score: 1

    Funny. There are not that many refugees. This is an artificially generated panic which serves to promote right-wing populists. Fortunately, in Germany they (AfD) are currently imploding, but other countries are not so lucky and the population anywhere always has a large faction that fall for the these people.

  23. Re:Vetting on Companies Are Paying Millions For White Hat Hacking (nypost.com) · · Score: 1

    At the cost-point they claim? They maybe have verified the email address for that ...

  24. Re:Is "white hat hacker" a Millennial/hipster term on Companies Are Paying Millions For White Hat Hacking (nypost.com) · · Score: 1

    It can also be a "system security analyst" and a "software security analyst" or a lot more fuzzily an "IT Security Expert" or "IT Security Consultant". Of course, in a time where the BS term "Cyber" gets attached to anything, "Hacker" is actually a significant improvement.

  25. Re:Ten years too late... on Companies Are Paying Millions For White Hat Hacking (nypost.com) · · Score: 1

    white box = you have all documentation, accounts, technical authorizations, and access to people
    gray box = you have some of the above, often in limited form
    black box = you know how to reach the target systems

    Black box pen-testing makes no sense, since it wastes a lot of time. The only reason to do it is that with a limited budget, it may not find things, i.e. create a false sense of security that management can then escalate as a great achievement.