Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×

Comment Re:"Fear" (Score -1, Troll) 384

Fear is relatively easy to manage if you actually have, you know, the peoples' trust. Imagine that. Why, if the public was actually used to the government telling the truth (including telling them when something was actually potentially detrimental to national security, rather than using that as an excuse to obscure _everything_) I'll bet you could just be honest with them and people would be rather rational about the whole thing. Lie through your teeth and then blame it on your predecessors or people you have appointed and you get the current situation.

Then again, who among us today has any experience in an environment where people were actually being honest, even a majority of the time, and especially in any governmental context? The closest you'd get to that today would be certain military units and small teams at companies.

Obama - September 2014:

First and foremost, I want the American people to know that our experts, here at the CDC and across our government, agree that the chances of an Ebola outbreak here in the United States are extremely low. We’ve been taking the necessary precautions, including working with countries in West Africa to increase screening at airports so that someone with the virus doesn’t get on a plane for the United States. In the unlikely event that someone with Ebola does reach our shores, we’ve taken new measures so that we’re prepared here at home. We’re working to help flight crews identify people who are sick, and more labs across our country now have the capacity to quickly test for the virus. We’re working with hospitals to make sure that they are prepared, and to ensure that our doctors, our nurses and our medical staff are trained, are ready, and are able to deal with a possible case safely.

Obama - October 2014:

The key thing to understand about this disease is these protocols work. We know that because they've been used for decades now.

I shook hands with, hugged, and kissed, not the doctors, but a couple of the nurses at Emory because of the valiant work that they did.

I don’t have a philosophical objection, necessarily, to a travel ban if that is the thing that is going to keep the American people safe. The problem is that in all the discussions I’ve had, thus far, with experts in the field is that a travel ban is less effective than the measures we are currently instituting.

Franklin Delano Roosevelt - March 1933:

I am certain that my fellow Americans expect that on my induction into the Presidency I will address them with a candor and a decision which the present situation of our Nation impels. This is preeminently the time to speak the truth, the whole truth, frankly and boldly. Nor need we shrink from honestly facing conditions in our country today. This great Nation will endure as it has endured, will revive and will prosper. So, first of all, let me assert my firm belief that the only thing we have to fear is fear itself—nameless, unreasoning, unjustified terror which paralyzes needed efforts to convert retreat into advance. In every dark hour of our national life a leadership of frankness and vigor has met with that understanding and support of the people themselves which is essential to victory. I am convinced that you will again give that support to leadership in these critical days.

Obama is a useless sack of shit.

Comment Re:How does it secure against spoofing? (Score 1) 121

by sexconker (#48198061) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

What does that give you? You have malware that can already fake the browser into opening a page, what's to keep it from doing screen captures/key logging, network monitoring, and sending that info back to the C&C node?

You'll gain session login information, but it's not going to be useful for logging in somewhere else (either via another site or to Google again once you log out) because each time you press the a-ok button, a different sequence of characters is generated.

Wrong.
You get a different set of characters every X seconds, not each time you press the button. On the authentication end, there's a rolling window of time it will accept button presses for. This window is not perfectly aligned with your generation window (and can't be, as clocks skew). This window is larger than your generation window. For most implementations, at any given time there are multiple strings that will be considered valid.

With this you can do things like set an time offset for each user. When they log in and you find their clock is 6 seconds behind yours, you can correct for that before it becomes 10 seconds, which may be outside the overlap. You can also do things like change your password to a temporary one, tell your friend your temporary password and the output of the key, have them log in on their computer, then immediately change your password back. This is how people shared the StarCraft II beta, for example. Blizzard now has an additional layer on account settings changes - you have to input the authenticator code, wait, and then input the next authenticator code.

This windowing system is a fundamental necessity as you have to give people time to type shit in, for their browsers to send shit back and forth, for your own servers to process shit, and to allow for clock skew. The windowing system can be used by an active attacker (either pwing the box or acting as a MITM) to get authenticated as the user. This is why some banking / stock sites make you input a code for every transaction.

2-factor authentication sent over a single channel only prevents you from attackers who harvest credentials and sell/use them later. An active attacker can use that shit immediately, while it's still valid. An active attacker can fool the user into giving them more valid credentials when needed by popping up a bogus security dialog asking them to hit the button and type in the key to confirm their free $10 gift card reward or to keep their session from timing out or whatever.

Comment Re:Dongle Bells! (Score 1) 121

by sexconker (#48197741) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

You mean a serial port? I bet yours does and you didn't even know it.

The OP mentioned Commodore 64 dongles that typically plugged into the 9-pin joystick ports, which were compatible with the Atari 2600 joysticks. The 9-pin connector for the joystick ports were also used for serial ports on the PC, although I think that came later as 25-pin serial connectors were still common on modems in the early 1980's. Early PCs had a 15-pin game port on the old SoundBlaster cards. Don't recall if anyone made a 9-pin to 15-pin adapter to plug in the old Atari 2600 joysticks.

And if it doesn't?

None of my PCs have serial ports on them. I had to get a USB serial adapter to be able to console into my Cisco rack.

Your PCs probably everything but the physical port for a serial port. You can buy the connector and slap it on if you give a shit, then cut a hole in the i/o shield (or your case) for it.

Comment Re:Compelling, but a mix still better... (Score 1) 399

by sexconker (#48190817) Attached to: NASA's HI-SEAS Project Results Suggests a Women-Only Mars Crew

Another reason to favor the female of a species for an extended space mission involving possible settlement(s) is the total waste of resources to ship a living male for reproductive purposes.

Literally millions of diverse fathers can be shipped in much smaller containers requiring minimal upkeep.

You can do the same with eggs. Your breeding capacity is going to be limited by the resources available, then the wombs (real or artificial) available, then the care takers available, and lastly the sperm/eggs available. You're arguing for shipping more women than men in order to support breeding, but you've got to deal with the massive amounts of supplies to send for X people + breeding before you deal with the gender ration of X.

Comment Re:Compelling, but a mix still better... (Score 3, Funny) 399

by sexconker (#48190793) Attached to: NASA's HI-SEAS Project Results Suggests a Women-Only Mars Crew

Send amputees missing their legs. Legs are dead weight in space. You can maneuver in zero G with just your arms.

StarFox pilots have their legs cut off so they can fit into the cockpits of the Arwings and to prevent blackouts in high-acceleration maneuvers.
Go look at the original box art and manuals if you don't believe me. They've all got mechanical prosthetics.

Comment Re:Are people still going to buy this thing? (Score 1) 76

by sexconker (#48172951) Attached to: Kickstarter Cancels Anonabox Funding Campaign

It'll be interesting to see how the general public's trust pans out over this thing. Do they take Kickstarter's cancellation as a red flag or are they so desperate for a easily-configurable Tor router that they'll pay whoever they can for it. Even if that means trusting these assholes vs. their ISPs.

Neither - their interest was enough to get them click on the button on the Kickstarter they were linked to, but their interest is not enough to get them to go to some other site, fill out payment info, and hope for the best.

Kickstarter works because:
There's a single site with tons of people on it who would otherwise never visit yourrandomproject.com or thatotherproject.org .
It's a single click to pledge your cash for a specific reward.
Backers know that they have the option to cancel their pledge at the 11th hour. This safety encourage people to pledge when they're only slightly interested, and limited rewards encourages them to do it early, generating hype.

There's a reason the vast majority of Kickstarters are extremely front-loaded - people don't want to be left out of the next big thing. I would see more value in the Kickstarter model, and trust it more, if projects were posted before funding opened. This would allow for comments, questions, and updates before the bandwagon gets rolling. Then a limited funding period (7-10 days?) would commence where people could fund the thing. Right now everything is driven by hype and impulse. This is, of course, what project creators and Kickstarter itself want, so it's not going to change.

Comment Hungry in Italics, Fuck Kickstarter (Score 1) 76

by sexconker (#48172897) Attached to: Kickstarter Cancels Anonabox Funding Campaign

I'm not hungry for "easy-to-use technology that encrypts and anonymizes all personal internet traffic", nor am I hungry for it.

If you want to encrypt traffic then set up secure keys (OFFLINE) with the hosts you wish to communicate with. Use whatever you want for keys - certificates (NOT FROM THE ESTABLISHED CERTIFICATE AUTHORITIES), passwords, RSA clocks, OTPs, or scans of your genitals.

If you want to anonymize your traffic, then use someone else's connection, changing your MAC every time you do so. Try to use multiple different connections in different locations. Try to use locations away from your house. Do not travel to said locations in a way that can easily be tracked (your cell phone, your car, etc.).

Tor, proxies, certs from the established authorities, etc. are nothing but annoying obfuscation to the NSA and similar entities. There is no easy way to be secure and there never will be. Unless you have physical control over the entire pipe, you cannot trust the connection. End of story.

Beyond that, fuck Kickstarter. I haven't seen a useful one yet.

Comment Re:Fission is Dead (Score 2) 218

by sexconker (#48172773) Attached to: Fusion and Fission/LFTR: Let's Do Both, Smartly

So far every "inherently impossible" to meltdown design has been proven to be susceptible. The pebble reactors were meltdown-proof, until it was shown that the pebbles will, over time, change in a way that would eventually guarantee a meltdown, shortening the useful life, and greatly increasing the risk.

We've heard it before. So why should we believe it this time?

Of course, the proponents claim the problems are overblown, but nobody wants to find out. The only approved reactor was put on permanent hold. So we may never find out for sure.

Engineers rarely use the word "impossible". With your standards, we'd never build another boat.

Comment Pollyanna (Score 0) 218

by sexconker (#48172687) Attached to: Fusion and Fission/LFTR: Let's Do Both, Smartly

I believe the morning sun's
Always gonna shine again and
I believe a pot of gold
Waits at every rainbow's end, oh
I believe in roses kissed with dew,
Why shouldn't I believe the same in you?

I believe in make believe,
Fairy tales and lucky charms and,
I believe in promises,
Spoken as you cross your heart, oh,
I believe in skies forever blue,
Why shouldn't I believe the same in you?

You may say I'm a fool,
Feelin' the way that I do
You can call me Pollyanna,
Say I'm crazy as a loon,
I believe in silver linings
And that's why I believe in you

I believe there'll come a day,
Maybe it will be tomorrow,
When the bluebird flies away,
All we'll have to do is follow,
I believe that dreams can still come true,
Why shouldn't I believe the same in you?

You may say I'm a fool,
Feelin' the way that I do,
I believe in friends and laughter
And the wonders love can do,
I believe in songs and magic
And that's why I believe in you
You may say I'm a fool,
Feelin' this way about you,
There's not much I can do,
I'm gonna be this way my life through
'Cause I still believe in miracles,
I swear I've seen a few
And the time will surely come
When you can see my point of view,
I believe in second chances
And that's why I believe in you

Slashdot Top Deals

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Close