Slashdot Mirror


User: gweihir

gweihir's activity in the archive.

Stories
0
Comments
19,136
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 19,136

  1. Re:Nit-picking on Linux on Windows Exposes a New Attack Surface (eweek.com) · · Score: 1

    You don't think they have implemented that as a translation layer in the NT kernel? Well, it is MS with their massively bloated kernel API, so maybe they did do it natively and since it is closed-source, we may never know.

  2. Interesting. That _is_ a problem. Sounds like an attempt at protectionism completely backfired.

  3. One problem is also that there are apparently quite a few people around with fake degrees. I have now met two verified holders of fake CS PhDs (both lost their job over it, not my doing) and I am wondering how much more are fake and also how many MAs and BAs are fake. Of course in the academic world this is hard or impossible to do, but in industrial jobs it seems to be relatively easy to pull off.

  4. The place they got their BA and MA from, personal pages, CVs, etc. Not 100% reliable, but pretty good. And we had one person that had just spent two weeks in that group as a guest.

  5. No, I tend to overlook the abbreviation and then it becomes "an institute", which is correct usage. Creeps in some times.

    But I find it nice how so many people here trying to insinuate I am either from India or stupid (I am neither.) Apparently all these people have nothing but cheap Ad Hominem in counterarguments, which is the same as to say they have nothing valid.

    I do admit I have made some pretty negative experiences especially with Chinese "experts". The thing is however that one of the drivers of H1B is bad US graduates. If you can have low-skill "engineers" with an attitude that demand high salaries in addition, or you can have them cheaply and with no attitude (because loosing their jobs gets them shipped back to India), companies go for H1B. The other thing is (and that was my point above), Indian graduates are not worse than US ones, they are a pretty similar mixed bag. Things are different here (Europe), where there are some imported teams from India, but well-qualified natives have no problem getting jobs and basically all university graduates in technical fields are well-qualified. May be one effect of not paying tuition (or only some low nominal value), because then the universities can demand a lot more and fail underperformers without repercussions.

  6. Hahaha, nice. And completely misdirected. I am not from India and I have zero interest in working in the US.

    The first and essential step to dealing with a problem is however admitting that you have one. Your attitude nicely explains why the US is lagging behind in education and is getting worse: Ignorance and arrogance.

  7. Well, yes. Personally I only have undergrad teaching experience in Europe and I was a guest in one undergrad lecture in the US for a few weeks (was an academic guest and wanted to see how they taught), and my impression is that US tech students are 2-3 years behind European ones. I observed the same on PhD level there. This was an university with a good reputation for its undergrad program, but not for its PhD program (or so I was told). I also have a friend that has a BA in CS from Caltech and there the level is comparable to what I see in Europe, but apparently Caltech is in the top 5 or so for CS in the US.

  8. Hahahaha, fail. I am not from India and I do not work in the US either.

  9. The IIT is actually 15 universities with 6500 Students staring each year.

  10. I happen to know that even getting accepted for a BA at the IIT requires passing one of the hardest university entry exam on the planet. Sure, for MA and PhD, the IIT is crap, but the BA graduates are among the best available, simply because they are the best from a large pool of applicants (and the rest be damned...). That said, while there are a few US universities that can compete on BA level, they do not produce enough graduates, and hence the importing.

    Side note: A few years ago when I was doing my PhD, we did a nice little experiment when we found a floor-plan of an CS institute at Berkeley: We tried to identify which PhD students were American and which were not. We ended up with something like 1 in 10 US and 1 in 10 unsure. The rest were from abroad. So my take is the insult here is not by the people saying the truth about the US education system, the insult is to those going through that defective system.

  11. Re:Different scope on Linux on Windows Exposes a New Attack Surface (eweek.com) · · Score: 1

    Indeed. I may point out that I did not say it was the same. It is not.

  12. Re:Big, fat, NO FREAKIN' DUH! on Linux on Windows Exposes a New Attack Surface (eweek.com) · · Score: 1

    For the discussion at hand, I fail to see a difference.

  13. Re:Big, fat, NO FREAKIN' DUH! on Linux on Windows Exposes a New Attack Surface (eweek.com) · · Score: 1

    And that matters why? You have the same translation layer, just in a slightly different place vertically.

  14. Re:Big, fat, NO FREAKIN' DUH! on Linux on Windows Exposes a New Attack Surface (eweek.com) · · Score: 1

    Indeed. And what is even more, having Linux user-space components running on top of a translation layer is not new either. Cygwin has been doing it for ages.

  15. And if you start ignoring the definition of even more terms, you can make even more nonsensical statements! Try it!

  16. They cannot if they want to do the same for 1'000'000 other people at the same time. And that is not a "belief".

  17. Re:Sounds like sensationalist bullshit to me on One Billion Monitors Vulnerable to Hijacking and Spying (vice.com) · · Score: 1

    For a smart TV you are certainly correct, because smart TV is a full-fledged computer. But a computer monitor is an entirely different thing that has almost no computing power and only a few hundred bytes of EEPROM storage and that is basically it.

  18. And, fail. Mass-surveillance still counts as "they want to read your stuff" and encryption used right will reliably prevent that.

  19. They fail to understand the problem. That is the root-cause for most human problems these days. "Stupid" is prevalent and cannot be fixed.

  20. But can users be trusted to not lose their keys / forget their passwords? (And therefore lose access to old emails.)

    Those that want security can. The others are defenseless against attacks anyways.

  21. It is not as simple as that. Every time they install such malware, they risk losing the vulnerability used. It just takes one person uploading something suspicious to https://www.virustotal.com/ and their $100'000 zero-day exploit may be gone. And the cost is not even the worst. There are at one time always only a small number of zero-day exploits. Hence in order to keep their capabilities intact, they can only ever use these against high-value targets. And they will try conventional hacking (which good security practices prevent) first, which again is expensive.

    So, no, they are not "giggling", they are very careful to use the limited resources they have only against targets that are high-priority. The mere amount of things they do _not_ discover before something bad happens should be a clue.

  22. You are wondering whether I have a choice in giving up? Are you retarded?

  23. Sounds like sensationalist bullshit to me on One Billion Monitors Vulnerable to Hijacking and Spying (vice.com) · · Score: 5, Interesting

    First, the attack surface of a monitor is pretty bad. In VGA, all you get is an I2C line. It will be hard to even mount attacks. Second, there are a lot of different firmware versions out there. And third, no, the "computer" in a monitor cannot usually read individual pixels (or any screen-content at all), it is by far not fast enough for that and it will usually not even have access to that data-stream. This "Computer" is a small MCU, not anything general-purpose or fast.

    Seems to me somebody wants to improve their fame by posting horror-stories with little or no connection to actual reality.

  24. If they are used right, it does take a bit more than just stealing the keyfile though as they will be protected by a good passphrase. Build-servers that sign by themselves (and hence the server either has the passphrase or the key is unprotected) are simply insecure on architecture-level. The way to do his right is to sign manually.

  25. Re:"Dark Side"? More like admin stupidity! on The Dark Side of Certificate Transparency (sans.edu) · · Score: 1

    Seriously, you cannot practically keep hostnames secret, in particular those where a descriptive name is an advantage (no, this is _not_ generally the case).