Slashdot Mirror


User: rickb928

rickb928's activity in the archive.

Stories
0
Comments
7,014
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,014

  1. Re:You need to move to texas on 40GB of Data That Costs the Same As a House · · Score: 1

    Both, for similar and different reasons.

  2. Re:You need to move to texas on 40GB of Data That Costs the Same As a House · · Score: 1

    Haven't spent much time in Boston, have you? Or Detroit. Either of the Detroits, for that matter..

  3. Re:duh on Rootkit Infection Requires Windows Reinstall · · Score: 1

    Whan't she just parroting Hicks?

  4. Re:News for nerds on Off-Duty Police Officer Steals iPad From TSA Checkpoint · · Score: 1

    What? More like "ooh, shiny!".

  5. Maybe, maybe not. on Vint Cerf Says Fix the Net With More Pipe · · Score: 1

    I'm thinking there are several other problems that will not be solved entirely by expoential bandwidth expansion;

    - Bufferbloat is crippling streaming for a lot of us. Read up. This could be solved with a few clicks, unless it actually won't solve it, and then of course we have to reconsider network design

    - Some ISP systems, for instance, cable and DSL (woops, that pretty much includes ALL U.S. systems, my bad), can't be scaled up exponentially. So the solution is either Gigabit Ethernet or fiber. Vint has essentially stated that the solution is for the incumbents to discard their entire physical plants and rebuild all the way to the home. That's bound to be a big hit with the boards of several companies.

    - And then the advantages of streaming are lost. For instance, DRM. Well, to the providers, DRM is an advantage.

    - Further advantages of streaming would include multicasting, which isn't done because of several technical problems that I don't think an exponential bandwidth increase solves. Routing is the problem.

    - Storage is an issue that raises the DRM question as well as finding a use for the copious capacity we have now. But this is just shifting the burden to local storage, and well, I betcha we find out we need to manage multi-terabyte astorage to keep all the shows we want to watch 'someday' until we do watch them. As a previous poster pointed out, we will want our 4320p/8.1 audio with concurrent Twitter and IMDb feeds, which raises bandwidth nmeeds and storage needs, and well, we've used up all our copious capacities, everywhere.

    - FTTH is not without problems. Hack down the cable and see how fun it is to splice. And then the adapter, since you won't be plugging fiber into your laptop. The bottlenecks just move.

    Still, I'm all for an ISP to start building a next-gen network, delivering Gigabit speed to users. This will need the support of the backbone providers, since they will have to support capacity increases as well, and that requires more than just changing the PHY layer.

    Right now, solving bufferbloat would nice

  6. Re:Basic Security = Authentication + Authorization on How Citigroup Hackers Easily Gained Access · · Score: 1

    No, call them idiots. No matter the pressure, they have to at least tell their managers that what they have is so insecure that they are all going to quit, move to Malaysia, and strip accounts clean for a living with nothing more than a netbook and Firefox. Why bother to work, this is easier than stealing air.

  7. Re:WTF on How Citigroup Hackers Easily Gained Access · · Score: 1

    Forgiven. Please consider upgrading to PAN in the future... :)

  8. Re:Should be easy to find them on How Citigroup Hackers Easily Gained Access · · Score: 1

    Knowing how easy it is to keylog someone, it would be trivial to just watch a cafe, see the Citi logo, and go retrieve your data. Imagine the FBI carshing into Grammy's trailer, guns drawn, looking for the hax0r who did this.

    It would be funny if not for the likelihood that Grammy ends uop with a broken hip or a heart attack, or Grampie shot to death cause he thinks the black helicopters have landed.

  9. Re:Wow, that's negligence on their part on How Citigroup Hackers Easily Gained Access · · Score: 1

    On a very basic level, PCI requires you not send the card number in the clear, even over an SSL connection. In a URL, it's so clear you might as well tie a pork chop on it.

  10. Re:Wow, that's negligence on their part on How Citigroup Hackers Easily Gained Access · · Score: 1

    Kinda looks like they failed PCI-DSS as well. How embarassing to be called out and have a mainstream app decertified.

  11. Re:So stupid on How Citigroup Hackers Easily Gained Access · · Score: 1

    1. Total lack of truly critical thinking in the development group.
    2. Total lack of effective or even minimal penetration or security testing.
    3. Total lackof creativity on the part of anyone involved in development.
    4. Dumb luck they actually caught them, my speculation.

    I'd like to think that around here, in design, this would get someone dismissed from the team. Fundamentally incompetent in this day and age.

  12. Re:Seriously, what the fuck! on How Citigroup Hackers Easily Gained Access · · Score: 1

    "'It would have been hard to prepare for this type of vulnerability.'

    Single most clueless statement by a 'security professional' in years. Dumber than a blade of grass.

    Now Citi can be entirely and truly embarassed.

  13. Re:What the market will bear. on Unlocked iPhones in US For $649 · · Score: 1

    And in Europe, there are no government-enforced spectrum monopolies, right?

    Europe uses limited bands, 900MHz and 1800MHz mostly, and 2100MHz for data, which makes it much easier to roam.

    The European cell market is vastly different from the US market, so much so that comparisons are not very helpful. It seems, to me, that the cell industry in Europe is managed as a utility, including singificant regulation and interoperability. In the US, handoffs and network connections are the limit of interoperability, since we have GSM and CDMA networks overlaid. Roaming is also a tragic situatio in the US.

    But to further inject the government into this is not just undesireable, it's probably unconstitutional. And it will not fix the GSM/CDMA chasm.

    Now comparing the US market to any single national market in the EU makes marginally more sense. Still not bery useful though.

    And, yes, AT&T and Verizon do in fact compete. Roughly every two years their customers have the opportunity to switch. My wife just went to AT&T since she can't get an iPhone to run 3G on T-Mobile's network. I'm staying on TMO cause I want an Android phone and AT&T has nothing that interests me enough to pay a little more each month. Yet. Ask me in 18 months or so when they eat TMO and I'm in for a new phone anyways.

    And this brings me to my only true peeve about the US market. IF you bring your own phone, do you get a discount on service? Why not? they can't easily make the argument that Bell made for so long, that foreign equipment might disrupt the network, since they accept them, and you can buy the same damned phone elsewhere.

    Why not?

  14. Re:Um, no. on Homeland Security Running NBC-Owned PSAs · · Score: 1

    'None of the above' sounds like a great way to express your displeasure with the incumbent, and your lack of interest in the challenger(s).

    Sadly, the elections in this country that I reference are not popularity contest. They are choices to fill an office. 'None of the above' doesn't serve that purpose.

    We would not have an election where 'none of the above' gained a majority of the votes. that is a no decision. You feel better NOT sending a representative to Washington, and leaving your office empty?

    And violence, while effective, is not quite the system our nation has instituted. Feel free to promote violence, but count me out. As a last resort, it is not yet the time.

    In my opinon, it will take changes in several areas to reset our federal government and make the changes needed. 'Entitlement' programs will need to be better managed, and then funded adequately. When we wind down our foreign wars, we will solve some deficit issues. Emphasizing onshore manufacturing and employment and not using tax code to enrich corporations for sending jobs and profit overseas will expand the tax base and help avoid tax increases that only add to the pressure to go offshore. A public works campaign would add to the deficit, but both stimulate the economy from the bottom up and improve efficiency through better and more useful roads, etc. Repayment of the massive capital exchanged to the financial sector wil restabilize the currency. Encouraging, though perhaps not paying for, alternative energy solutions should, in a perfect world, give us a chance at not sending so much capital overseas.

    Having said all that, I don't favor pouring capital into the top of the economy, such as we did to avert a crisis in 2008, nor do I favor pouring it in the top in the form of energy initiatives. Encouraging alternative energy development may take the form of limiting or eliminating energy company tax breaks, at the least aligning them with other industries' breaks.

    And having said THAT, we need to simplify the tax code. Corporate taxes still look to me like another cost to buisnesses, and costs are passed on to their customers in pricing. My economist friend argues with me that this is a marginal cost issue that won't change anything, but let me put it to you this way: If GE managed to pay essentially zero taxes for 2010, why bother to make then jump through hoops to get tax breaks that made that possible? Either an alternative minumum tax (like individuals can pay) or just simplify it, since we can't really see the innovation and investment that zero-taxed GE used to make their business in the US so very much bigger and better, or can we?

    Perhaps we need to re-explore corporate taxes, and use tarriffs to capture offshore import costs of moving jobs overseas?

    And while we're at it, do we need the H1B programs? Really? And the other work visa programs? I reject the argument that we need to grant H1Bs permanent status to capture the, and avoid a brain drain. We do need to realign education with employer needs. This will take a lot of effort, as I think most Americans no longer value education sufficiently. But we still welcome immigrants, and they will, as they always have, pick up the slack.

    We have a lot of problems. Candidates will get these questions from me. What will you be asking?

  15. What? on Arduino Music Controllers With Horns, Finally · · Score: 1

    Looks like a controller to me. That is *not* an instrument, any more than a DM2 is.

    Still interesting, but still a controller. And in my book, the Moog is an instrument, like a Stratocaster is. But a sequencer is not.

  16. So what? on Ex-Google Engineer Blasts Google's Technology · · Score: 2

    All my ex'es blast me too. And for good reason. According to them.

    The moved on to another loser of their own making. How's that workin for ya, honey? Gotten through his six months worth stupid stories yet? Ask him how he likes your hyena-like laugh. Later, babe. See if your latest will move you into your new trailer. Love your new hair.

    ps - Hackers struggle in almost every corporation. Something about breaking stuff and not valuing availability over innovation. So do I want a hacker mentality ruling at my bank? Depends. Keep them away from the transaction system and the website, so I can get in and get my money, ok? The ops guys hose it up enough already.

  17. Re:Um, no. on Homeland Security Running NBC-Owned PSAs · · Score: 1

    Ocean beats paper. If it doesn't, it's a boat. Rock beats boat.

  18. Re:CVV data? on Citi Bank Reveals Attack... One Month Late · · Score: 1

    Around work, we sit inside multiple firewalls and run multiple methods of intrusion detection and anti-whatever stuff. So much so that I see scans multiple times a day, and other stuff monitoring communications and looking specifically for sensitive and encrypted data, and where it is going.

    When I use my system outside of work, it goes through a VPN and always has. It's never seen the Internet without going through the corporate VPN and then the corporate security. So far, no hint of problems.

    And when I do use removeable media, it is first scanned to see if it is secure, using the corporate encryption method. If not, access denied.

    Citi may not be doing enough. That's a common story. I'm glad I don't do corporate security stuff for ANY size organization - it's just excruciating any more.

    But if your question is if merchants can be compromised, well yes they can. Can processors be compromised? Yes. Can their platforms be compromised? Much more difficult. But not proven impossible.

    And using valid PANs stolen elsewhere does not constitute compromising a platform.

  19. Re:That nimrod would be Sony. on Citi Bank Reveals Attack... One Month Late · · Score: 1

    Not yet, anyways. Visa certainly takes their time, and I suspect the PCI Council will act first and revoke the cert.

    Then of course they will be paying for much fraudlent activity if any occurs.

  20. Re:Um, no. on Homeland Security Running NBC-Owned PSAs · · Score: 1

    It certainly seems that way. So long as you are limited to the two major parties, then you get similar candidates, this is true.

    So broaden your horizons, work for an alternative candidate, run yourself.

    Or pick the donut back up and complain. Your choice, my friend.

  21. Re:Um, no. on Homeland Security Running NBC-Owned PSAs · · Score: 1

    Or just give up and re-elect the current bunch of weasels. Your choice, my friend.

  22. Re:CVV data? on Citi Bank Reveals Attack... One Month Late · · Score: 1

    You're not going to exploit a Flash vulnerability with any processor platform - they don't do any of that.

    And if the workstation is able to view the data, well, yes, compromising the workstation gets you data. None of that has to do with processors.

    You're assuming this incident was a workstation attack,which is not implausible.

  23. Re:CVV data? on Citi Bank Reveals Attack... One Month Late · · Score: 1

    That would be how EMV cards are supposed to work. The cryptogram can be shown to the merchant, but good luck using it without certificates. And if it gets out of synch, say after a man in the middle attack that forced an offline transaction, at least the cardholder is alerted and the card dies.

    Yes, mag cards are insecure. Merchants that don't discard CVV (actually the spec says 'do not store') are in violation and risk all sorts of reprisals, though they are never harsh enough. Some merchants do engage in data mishandling, and that won't be solved until we get to fully encrypted models. like EMV and NFC/RFID, which can be very secure. EMV's offline mode is the weak point. Take a moment and check that the terminal you're using has one and only one cord to it, which rules out someone adding a shim or their own reader, which is about all you can do. Merchants need to make sure they are certain who is servicing their POS hardware, and avoid some nasties coming in with terminals with loggers in them, for instance.

    Ultimately, though, if you have access to the hardware, you can break anything.

  24. Re:CVV data? on Citi Bank Reveals Attack... One Month Late · · Score: 1

    Well, one way is to santitize input and discard anything not expected. Most processing platforms do this. Try FTPing into any major platform some time. Another way is to ensure that whatever the external platform gets, it is parsed and sent on. No, our platforms don't even recognize characters used in injection attacks etc, and those don;'t even get passed on.

    It is possible. RSA and Lockheed got used because they failed. Not every other system is run by incompetents.

  25. Um, no. on Homeland Security Running NBC-Owned PSAs · · Score: 3, Insightful

    "So, shouldn't we be asking serious questions about why Homeland Security and ICE are running a one-sided, misleading corporate propaganda video, created and owned by a private company, without mentioning the rather pertinent information of who made it?'"

    Um, no. Let the Government do what they damned well please.

    Or start firing your representatives, and hiring new ones. THEY are the ones not doing their jobs. It's called an election, and they happen every 2 years. Fire your Representatives, and your Senators, and your President, until they get it right. Then they will have to look over the other branch (judiciary) and get them re-oriented as well. This will take decades, my friends. It's ok, BTW, for the Congress to instruct the Judiciary, by law and by appointment. We have influence on that, if we choose to exercise it. Even the SCOTUS answers occasionally to Congress, in the form of nomination confirmations, and in new law to address disagreements. Not instantanous, not perfect, but it can work.

    You know how at work, if the boss isn't paying attention, then the staff gets into trouble screwing around and failing to even try for goals, much less achieving them? Same problem with government. We are lax in our management of our own government. This must stop.

    Gotta steer the boat, or it will end up on the rocks. Rock beats sailboat.