Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment: Re:TOR is a fucking honey pot ! (Score 3, Insightful) 68

by Kjella (#48641095) Attached to: Tor Network May Be Attacked, Says Project Leader

You do realize that most "darknets" are built on a "bust one, bust all" model? Pretty much the only security is that the bad guys aren't in your darknet, they've never reached a popularity where there's any plausible deniability. The only other people likely to be in your darknet are the other members of your terrorist cell or whatever you're part of, it has never offered anything for "normal people" for you to hide in. And darknets have actually been used as honeypots, to make clueless people give away their IP to join a private group which turns out to be a sting. It is pretty much the exact opposite of anonymity, it's joining a conspiracy and you're at the mercy of the stupidity of everyone in it.

TOR is trying for something entirely different, which is to keep everyone at arm's length from each other. I talk to you over TOR, you get busted well tough shit they still can't find me. The users don't know the server, the server doesn't know the users. Of course by adding that glue in between you run the risk of the man in the middle working out who both ends of the connection are, but that's the trade-off. TOR is trying to do something extremely hard, it tries to offer low latency - easy to make timing attacks, arbitrary data sizes - easy to make traffic correlation attacks and interactive access - easy to manipulate services into giving responses, accessible to everyone and presumably with poison nodes in the mix. It's trying to do something so hard that you should probably assume it's not possible, not because they have any special inside access.

I actually did look at trying to do better, it was not entirely unlike Freenet done smarter only with onion routing instead of relying on statistical noise. It wouldn't try to be interactive so you could use mixmaster-style systems to avoid timing attacks and (semi-)fixed data block sizes to avoid many correlation attempts but I never felt I got the bad node issue solved well. TOR picks guard nodes, but it only makes you bet on a few horses instead of many. It was still too easy to isolate one node from the rest of the network and have it only talk to bad nodes, at which point any tricks you can play is moot because they see all your traffic. Even a small fraction of the nodes could do that on a catch-and-release basis and I never found any good countermeasures.

Comment: Re:One number to breach them all (Score 4, Informative) 82

by plover (#48639961) Attached to: Staples: Breach May Have Affected 1.16 Million Customers' Cards

I can only think the reason it hasn't been fixed is because fraud makes the banks money and they love seeing stories like this.

Well, you would be very wrong. Fraud costs both the retailers and the banks money. The real problem is that issuing new chip cards would cost the banks more than the fraud. Not only are the cards about a dollar more expensive each, and they still have to be re-issued about every three years, but the systems that inject encrypted keys into them, and store the keys on their databases, are very expensive. Banks are notoriously cheap when it comes to spending money that won't make them money.

The other reason EMV hasn't rolled out across the U.S. is that millions of retailers have about 12 million old credit card terminals spread across the country, and most are owned by cheap store owners who don't like being told they have to spend money to replace them. Most retailers have been dragging their feet, not wanting to make an expensive change. But the new members of the breach-of-the-month club are mad about the insecure systems they've been forced to use, and are now championing the rapid switch to EMV instead of fighting it. The smaller retailers are also impacted now, and are no longer resisting.

The irony is that EMV readers for the small retailers are far, far cheaper than the old terminals, and the rates for using new companies like Square, Intuit, and PayPal are much lower than the typical old bank rates for the old credit card readers.

Comment: Re:I think it's about time... (Score 4, Informative) 82

by plover (#48639775) Attached to: Staples: Breach May Have Affected 1.16 Million Customers' Cards

I think it's about time we implemented some sort of single use credit card system.

That's how Chip and PIN works. Your account number is still fixed, but your authorization to spend from it (your PIN) is encrypted by the chip, and is valid only for a single transaction. There are still kinks with non-electronic transactions, but those can be solved.

Look for it to be all over the US by October of next year.

Comment: Perspective (Score 2) 68

by radtea (#48638823) Attached to: NASA Video Shows What It's Like To Reenter the Earth's Atmosphere

For those like me, who just watched the video and didn't understand the point of view 'til quite late on, the camera is pointing back along the direction of flight.

Also, for some reason the video has strange out-of-focus side-pieces that are distracting and annoying. The view itself is gorgeous and amazing.

Comment: Re:Interesting... (Score 1) 119

by Kjella (#48638543) Attached to: Tesla About To Start Battery-Swap Pilot Program

From what they've said before they expect you to eventually return to pick up your original batteries on your way home, though they haven't said how long you can keep driving on your loaners. If you don't they'll create some kind of fee to offset the condition between the battery pack you had and the one you got. If you're permanently relocating and make arrangements I'm sure they'll offer some kind of system to choose a battery in roughly the condition you had if you want it to be free or to swap for a brand new one if you want to restore max range at your final destination. Otherwise you could swap a 7 years old/100k miles battery for an almost new one for free, that wouldn't be right.

Comment: Re:3 minutes is slow? (Score 3, Insightful) 119

by Kjella (#48638401) Attached to: Tesla About To Start Battery-Swap Pilot Program

It's not about getting it done in 3 minutes, it's about being 3rd in line at 7:20am with 35 minutes left on your drive to work.

If your commute involves a battery swap for a Tesla you should really consider changing jobs. I'm guessing it's more about the weekend rush, Friday afternoon lots of cars will be going on long range trips and return Sunday evening, I'm guessing a battery swap pad is a lot more involved than a gas station pump so they won't have very many of them. They did run a test here recently driving a Tesla ~1000 miles and they said it all worked well but there was a lot of waiting, for every 2-3 hours of driving there's was one hour of charging. I know that when we drive to the capital it takes ~7 hours and we have one 30-45 minute stop, if they could swap batteries on at least one stop they'd be down to one hour charging per 4-6 hours of driving which would roughly be the break time we'd want with an ICE car too. But Friday afternoon I'm one of a thousand lemmings trying to get out of the city, it better go fast.

Comment: Re:Is a lame Seth Rogen flick worth dying for? (Score 3, Insightful) 211

by Kjella (#48635883) Attached to: Hackers' Shutdown of 'The Interview' Confirms Coding Is a Superpower

The first amendment only says "Congress shall make no law..." but everybody understands you don't have much freedom of speech if you end up hanging from the nearest tree afterwards. Because the law isn't supposed to shield me from lawful retaliation like a boycott only retaliation that's already illegal you don't need a specific law for that. But everybody realizes that targeted action against those who exercise a particular freedom is trying to encroach on that freedom. Of course the government can just wash their hands and say we weren't the angry mob holding the rope, but it wouldn't be a very good government.

Any time you refrain from a lawful action because of the risk or threat of illegal action is a failure of the system of law IMHO. If I can't walk through a part of the city at night they're failing to keep the street safe. If they can't show this movie at the cinema without the risk of terrorism they're failing to keep the country safe. At least if it's a genuine risk and not chicken little screaming that the sky is falling, I mean you can't expect them to be everywhere and prevent every crime everyone's trying to commit. And I don't want to sell out all my rights in an attempt to make it so either. There could be a price for not caving but there's a price for caving too, the terrorists don't need to take away your freedoms if your too afraid to use them anyway.

Comment: Re:Let Me Gaze Into My Crystal Ball (Score 1) 595

by dave420 (#48635053) Attached to: Skeptics Would Like Media To Stop Calling Science Deniers 'Skeptics'

Global cooling: A fringe belief in the 1970s, and never the prevalent theory (but oft reported as such in media which seeks to lampoon actual scientific discovery)
Global warming: The increased heat in the Earth's system (in the atmosphere, seas, etc.)
Climate change: Changes to the climate, which might result from cooling or warming
Climate disruption: The specific changes to the world's climate which cause disruption to the existing industries and societies

You playfully confusing these terms only shows your ignorance, and does not cast dispersion on the people who use them, or on the phenomena they describe.

Comment: Re:Sure (Score 1) 595

by dave420 (#48634997) Attached to: Skeptics Would Like Media To Stop Calling Science Deniers 'Skeptics'
They're not comparable, as one side is accepting the scientific method, and the other side is ignoring it. You calling those who believe the results of the scientific method (which gave you the computer you're looking at now) a church only shows your bias, and doesn't reflect poorly on them.

Comment: Re:Scandalgate! (Score 1) 595

by dave420 (#48634965) Attached to: Skeptics Would Like Media To Stop Calling Science Deniers 'Skeptics'

English is a descriptive language, not prescriptive, so if a word or suffix is used in a particular fashion by enough people, that becomes the meaning. You should probably get over that, as otherwise you'll have a very annoyed life. Language evolves, as do the meanings of the words we use.

Further reading

Comment: Re:Science is on the skeptical side of this debate (Score 3, Interesting) 595

by dave420 (#48634885) Attached to: Skeptics Would Like Media To Stop Calling Science Deniers 'Skeptics'
The science is on the side of AGW. That's it. Challenge all you want, but when you start ignoring study after study and claim they're all wrong or in some sort of conspiracy, you are not engaging in science or skepticism but block-headed cynicism.

"It's what you learn after you know it all that counts." -- John Wooden

Working...