Forgot your password?

Comment: Re:https is useless (Score 1) 166

by Altrag (#47682833) Attached to: Watch a Cat Video, Get Hacked: the Death of Clear-Text

I'm not sure which well-trodden path you're talking about.. the only significant change in "the internet" in the 80s and 90s was the introduction and popularization of the web, the latter of which really only gained ground when it became available out of the box with Win95. Sure there was AOL and Compuserv and whatnot but those weren't taken over by geeknet 0.1, they were taken over by easy access to Internet Explorer.

And yes, "we" as geeks should and mostly do know better.. that's why things like TOR exist in the first place. But while geeks accounted for 90+% of the internet population back in 1991, the opposite is true now. If you're content limiting yourself to whatever content is available through TOR, whatever games and business software are available through Linux, etc, then power to you. I applaud your ability to stick to your ideals!

But here in the real world where the rest of us live, there exist motivations beyond "will this ban me from the True (or Real?) Geek club"?

You're absolutely correct about me though. I am not a True Geek, a Real Geek, nor even a Scotsman. I used to be one of the former (or at least much closer to it) to back when I had more free time and less life experience. Things change. Priorities change.

Should people practice computer safety? Absolutely. Web admins in particular should turn on https by default since there's no reason not to unless you're intentionally being shady.

Should people practice computer safety to the exclusion of their ability to do their jobs, websites they like that don't have https support or whatever else they do? Can't say I agree with that, even for geeks. Its just so incredibly beyond overkill that its not even funny.

I'm not saying we shouldn't aim for end-to-end security, and I'm definitely not saying that geeks won't be the ones trying to pave the way. I AM saying that until there's a significant content saturation under whatever solution they come up with, that its unrealistic for most people -- even geeks -- to completely shut out the existing systems.

Oh and just to be really pedantic, since the article is about injection attacks, there's absolutely nothing stopping the injections from being done directly at Youtube -- except Google's objections -- so https is at best only reducing the problem, not eliminating it. The only way to be 100% secure online is to unplug your internet connection and never plug it in again. But that kind of defeats the purpose.

Comment: Re:https is useless (Score 3, Insightful) 166

by Altrag (#47682461) Attached to: Watch a Cat Video, Get Hacked: the Death of Clear-Text

What's inconvenient for them is often impossible for us. Try running most AAA games under Linux. A few will come with ports, and a few more will deliver a port 2-3 years later when nobody cares anymore. The vast majority are either Windows-only or Windows+Mac. Indie games tend to be somewhat better for this but most casual gamers just want the big name games.

And it gets even worse in a business environment where you often have software restrictions imposed on you by corporate policy and frequently by the fact that you need to interact with vendors/customers who use Windows-only products.

"Just stop using Windows" is a stupid catchphrase. Its like trying to end starvation by saying "just give them food." Actually its worse because food is a pretty good solution to starvation whereas its pretty unproven that FOSS software is "objectively" safer than closed software (I mean its probably true, but until Linux becomes a significant hacking target, we can't say definitively that the lack of exploits is due to better software rather than due to fewer people attempting to exploit it.)

Similarly with Facebook. Its the "state of the art" in social media because of absolutely nothing to do with privacy protection. In fact a lot of its popularity was initially based on its _lack_ of privacy considerations -- "Facebook stalking" and such activities. I mean that probably wasn't the main driving factor (being fresh and simple right around the time that Myspace was bloating itself out of existing is likely the biggest contributing factor. I doubt FB would have gotten as big as it did if Myspace had stuck to being a site people actually enjoyed using rather than letting themselves be overrun by commercial interests.)

And lastly protocols. Protocols are king. If TOR or similar ever comes out with a product that you can just install and "it works," then we might be getting somewhere. I mean "it works" as in it starts up with Windows, and immediately funnels all traffic through its own pipes and doesn't significantly impact the speed of watching a cat video on Youtube and basically in all ways stays the fuck out of the way. If it can get to that level, we might see some better adoption. As long as its something you have to consciously connect and disconnect and slows down your connection by 50% and whatever else, it won't pick up widespread adoption. Look how long its taking IPv6 to get off the ground and its got built-in support by every major OS and network equipment provider! (Disclaimer: I haven't used TOR myself in a few years so I don't know how close to this ideal its gotten.)

At the end of the day, the real problem isn't Windows or lack of encryption or any other technical issue -- the problem is that 90% of the population doesn't care. Or I should say, doesn't care _enough_. We care enough to sign online petitions and shit that's easy to do in the hopes that someone who has more time on their hands will be able to make a difference ( up here in Canada is a great example of an organization that has taken the "enough" qualifier to heart and used online petitions to make significant changes in the way our government treats privacy and other online issues.)

But on their own? Most people are too busy to worry about things that have a very low chance of ever impacting them directly. Its one thing for the NSA to tap a billion email accounts. Its another for them to filter through that data and pick targets. Yes everyone gets uppity when they pick a target wrong, but unless that target happens to be "me", most people have jobs and families and other things to do than worry about it for longer than it takes to exclaim "damned go'ment!"

TL;DR: "just fix everything" is great in principle, pretty much impossible in practice.

Comment: Re:Wow ... (Score 1) 419

by Altrag (#47563789) Attached to: A 24-Year-Old Scammed Apple 42 Times In 16 Different States

The article isn't clear. It states the override was "against the instructions of Chase Bank," but it sounds like the instructions are just a generic "overrides are bad mmkay" (in which case what's the point of having them at all?)

The vagueness of the article means we really have no idea what the basis of any case that Apple might bring against .. anyone .. or if they even have a case. A few possibilities:

1) The bank just issues a generic "we recommend you don't do overrides" and calls it a day. They're still shitty for even allowing an unauthorized transaction but they've taken the EULA way out and instead of fixing a problem, just outright disclaim any liability and walk away.

2) The bank issued a specific recommendation to deny this particular authorization. 100% on Apple's shoulders in this case.

3) Some third party equipment or software manufacturer accepts the override on the bank's behalf and does it in a shitty way, unbeknownst to Apple. The Bank's generic warning in this case may be due to the equipment in question so that they don't take liability for some third party's problem, but the third party may still have some liability.

You're right though that the bank probably doesn't have any liability, even if its just due to the #1 scenario of them flat out disclaiming it.

Comment: Re:I also measure distance (Score 1) 190

Just measure in Planck units. Don't get much more base than that!

I think his issue wasn't in the units but in the dimensional analysis. Its like saying "I walked a total of 3mph!" Uhhh.. total? You can't really compute a total of "X per unit time." At least not in any way that makes physical sense. You could add up all of the individual units (or integrate over it if you want to go continuous) but then you're effectively removing that "per unit time" bit and the original statement still doesn't make sense (and even that doesn't work without knowing how many hours I spent walking.)

Comment: Re: String theory is not science (Score 1) 147

by Altrag (#47505505) Attached to: Can the Multiverse Be Tested Scientifically?

The question was whether math > reality, not whether math (minus all the stuff that doesn't fit reality) > reality.

I'm also assuming a relatively complete model. Its pretty obvious that the math of "only the positive integers" is not a superset of reality because we already know that reality includes things that aren't integers. (Then again we CAN define parts of the integers that are not available in reality. "The total number of countable things in the universe, plus one" is not something that can exist in the universe basically by definition. And yet we know its an integer because we defined it as a countable value plus an integer.

That's the fun thing about Godel's theorem. Even though he expressed it in a fairly limited context, you can usually find an analogue to it in any mathematical model of sufficient complexity. I mean yes you can add "excluding stuff that doesn't make sense" as part of the description of your model but to use your words, that's more just side-stepping the issue than solving it (and there's probably still a way that you could contradict that part of the description if you try hard enough!)

So yes right, it is a leap of logic to go from one to the other, but its not an entirely unfounded leap. And yes, it is (in theory) possible to create a "model" of the universe that doesn't have this issue (for example, individually enumerating every single thing in the universe rather than using generalized mathematical relationships) but that gets back to the "of sufficient complexity" disclaimer -- an enumerated list, no matter how long, isn't really "complex" its just big.

Comment: Re:Missed Point (Score 1) 147

by Altrag (#47505021) Attached to: Can the Multiverse Be Tested Scientifically?

More of a problem in this bubble universe idea of the multiverse is that even if it exists, its far more likely to be akin to particles in empty space rather than particles in a lattice as the video suggested -- that is to say, the chance that we would have been hit is probably extremely slim even if the underlying theory is correct.

And an even bigger problem is.. if we find a multiverse outside of our universe.. then what's outside of the multiverse?

Comment: Re:My favorite test (Score 1) 147

by Altrag (#47504385) Attached to: Can the Multiverse Be Tested Scientifically?

Actually, thanks to our exponential growth explosion over the last couple hundred years, there's more humans _alive_ today than in all previous history. Meaning there has been less than 14 billion humans to ever live.

Pretty sure most of them still eventually die in all universes though, unless there's a universe where humans are legitimately immortal and not just statistically unable to kill themselves.

Comment: Re: String theory is not science (Score 1) 147

by Altrag (#47504297) Attached to: Can the Multiverse Be Tested Scientifically?

Yes. Godel (essentially) showed this in his incompleteness theorem -- any theory of sufficient complexity will necessarily include statements that can be written in the language of the theory but constitute a paradox within that theory.

So any model of reality you can think of will also include at least one statement that can't exist in the reality. Generally this isn't a problem because we tend to ignore things that don't exist anyway, even if they theoretically could exist. (Well sometimes we stop to check out something that could exist but doesn't just in case "doesn't" is an observational failure rather than a fact of reality.)

Comment: Re:Maybe, maybe not. (Score 1) 749

by Altrag (#47453341) Attached to: Obama Administration Says the World's Servers Are Ours

Perhaps. But none of that is relevant to the topic at hand. This is governments intruding into the affairs of corporations. Has fuck all to do with you individual people (directly, at least.)

Also just to feed the troll: If you trust corporations, you're just as gullible as anyone who trusts their government. Perhaps moreso. At least governments have to pay token heed to their voters. Corporations don't even have to pretend they care.

Comment: Re:Obama apologetists? (Score 1) 749

by Altrag (#47452693) Attached to: Obama Administration Says the World's Servers Are Ours

Yeah Obama's turned into a pretty sour disappointment. Had high hopes for him but I guess either it was all rhetoric from the start, or he just ended up caving to pressures he wasn't expecting when he got the job. Either way, he certainly hasn't lived up to his promises.

Bush was still bad though. Its hard to say these days who's worse. Bush' worst atrocities at least were (mostly) confined to the areas where he started pointless wars. Obama's rights-eroding policies have the potential to affect the entire world thanks to the US' position as schoolyard bully (especially on the internet which is still fairly US-centric.)

China will likely stand up to the US sooner or later but well.. China's track record with human rights is not exactly a shining beacon of hope.

Comment: Re:A larger legal question arises here (Score 1) 749

by Altrag (#47452625) Attached to: Obama Administration Says the World's Servers Are Ours

MS transfers US data to Ireland and Irish data to the US and now neither government has subpoena power? Yeah, something's going to break there.

This only works if you can also prevent the same companies from just transferring data around. Borders have to apply to everyone equally (at least in theory) or they're meaningless.

As long as the companies are free to transfer data out of the country, the government is going to want to be able to transfer that data back into the country when required. Tax havens still exist because they disproportionately benefit the politicians that could put a stop to the practice. Data havens so far do not enjoy that level of political protection and will, one way or the other, get snubbed out.

The only way to stop this practice is to find a way that having data stored out of country benefits the politicians in a significant manner. Currently privacy laws, ignored as they are for the general populace, can protect a politician's data sufficiently that data havens aren't necessary to protect them.

Comment: Re:Goodbye foreign markets (Score 2) 749

by Altrag (#47452539) Attached to: Obama Administration Says the World's Servers Are Ours

There's a bit of a fallacy in that comment -- we have no proof that Iceland wouldn't be just as bad if they had the opportunity. If Iceland had the same vendor presence internationally that the US and China do, there's a fairly good chance that sooner or later someone would come into power who feels a need to abuse their position.

What will (and in a lot of places has started to) happen is that all of the countries will just turn inwards and shut out everyone.

Canada for example has started building our own backbones after relying on the US ones for decades because we no longer trust our data passing over US carriers after PRISM was revealed.

Similarly, many countries and companies have stopped buying routers made in China after the talk a few years about back doors being built in (I'm not even sure that was proven but just the rumor was enough to make people look to other vendors.)

Comment: Re:Maybe, maybe not. (Score 1) 749

by Altrag (#47452445) Attached to: Obama Administration Says the World's Servers Are Ours

There's a difference between the US being coercive and the foreign entity giving in (bullying tactics) as compared to a legal requirement (actual law.)

Of course none of that is particularly relevant in this case as its a question of the US government placing demands on US companies to produce (presumably) US data and the companies basically saying "nyah nyah I don't have it with me!"

Others have mentioned the idea that the internet is international and then use that fact to claim the US government should suck it up because borders. I'd say though that the real argument is in the reverse -- just as the company has no barrier to transferring data out of the country, the US government should have no barrier against having that data transferred back into the country.

Assuming of course its actually US data that's only been transferred out in an attempt to hide it (which I did assume above.) If they're trying to subpoena data generated in another country and stored in another country well, that's another story.

He: Let's end it all, bequeathin' our brains to science. She: What?!? Science got enough trouble with their OWN brains. -- Walt Kelly