Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: I did and didn't (Score 2) 734

by AndyCanfield (#49194195) Attached to: Ask Slashdot: Should I Let My Kids Become American Citizens?

I am an American citizen. I have had seven children; my children have five mothers. Two in America, one in Thailand (died), four Thais still alive.

I prefer my children to be Thai. Indeed, if it were possible, I would give up my American citizenship and become a Thai citizen myself.

IANAL, but ... You make the normal mistake that any kid of yours is an American citizen at birth. I disagree. AFAIK only YOU can get your kid an American passport. Uncle Sam, in all his egocentric power, cannot force him to be a US citizen. The USA passes laws that regulate the behavior of U.S. citizens even when they live overseas. For example, sex with a girl under 18 is a federal felony. What the hell will that mean when my son is 14 years old and discovers 15 year old girls? My bank refuses to open accounts for US citizens because of IRS regulations, how is that going to affect my offspring?

After our divorce, my ex-wife asked me to get our son a US passport, so I did. He's in Australia right now.

As a practical matter, a boy is not a US citizen unless the US government knows about him. If a boy is eligible for dual citizenship, I have heard that he must decide on one or the other before he's 18. My son is now 7; I figure he's got another 10 years to go before he has to make his own choice. Then it's up to him. Until then, let Uncle Sam ignore my son.

Andy Canfield (www.andycanfield.com)

Comment: e-mail, not phone (Score 1) 230

I would e-mail, not telephone. Phone calls are too short and simplified.

Before you hit Send, trace through an exact example and describe every step in the e-mail message. I expect that the Customer Service Representative won't understand it. But with an e-mail he can forward it to somebody who will understand the security flaw.

That's what I would do.

Comment: Re:I use GnuPG (Score 1) 309

by AndyCanfield (#49144381) Attached to: Moxie Marlinspike: GPG Has Run Its Course

Uhm, this story is about the fact that no one uses PGP, which means your correspondent on the other end of the wire probably can't use it. Paying attention to the world around you might be helpful.

Sorry, the way I read it was "PGP has a bad user interface". Nothing in the original post tells me about anything that has a better user interface. Moxie Marlinspike hates to get PGP-encrypted e-mail because the gnu implementation is hard to use (OK, arguably true). I use Thunderbird with Enigmail. I can agree that Enigmail could be better. The one option I'd like to have is "If there is no encryption key in my list, what should I do? [A:ask, B: ask a keyserver, C:don't encrypt].

your correspondent on the other end of the wire probably can't use it.

I only send encrypted e-mail to correspondents for whom I already have their encryuption key, so I know they can use it. You want enryption that any dumb Windows secretary can use, that's a whole 'nother ball game.

Comment: Re:I use GnuPG (Score 1) 309

by AndyCanfield (#49144177) Attached to: Moxie Marlinspike: GPG Has Run Its Course

... and so is your website, which is trivial to just MITM, making your PGP key less useful than S/MIME from the instant you started using it, and harder to use for everyone else as well.

MITM = Man In The Middle? Not likely. There are several other web sites on that server; you get one or another depending on what DNS name you use. Subverting the name requires subversing the DNS system, and I'm on 8.8.8.8 (Google's DNS server). Subverting the IP address will bring down other companies' production sites. And of course MITM requires a man *IN*THE*MIDDLE*, and you have no idea where the cables are.

Uhm, this story is about the fact that no one uses PGP, which means your correspondent on the other end of the wire probably can't use it. Paying attention to the world around you might be helpful.

I use PGP to correspond with two people. I told them about this exchange. One answered "Well, I'd certainly be happy if he create a better alternative. Until then, I'm using what works." If you've got a better tool for end-to-end e-mail encryption, tell me about it. Maybe nobody uses PGP, but I know of no alternative. And I don't care if you use PGP or not; send me your key and I'll use it, otherwise you get plain text like everybody else. I got enough work solving my own problems without solving the world's problems too.

Hey, gang, let me add a data point here. This discussion has been going on for day or so on Slashdot. During that entire time my web site URL has been in the comments. The web site includes my e-mail address. During that time NOBODY has sent me any e-mail related to this discussion. Nobody said "Hello", nobody said "Here is my PGP public key", nobody said "Andy you're a dumb-ass." (well, here, yes, but not in an e-mail).

Comment: Uninteresting (Score 2) 89

by AndyCanfield (#49144031) Attached to: OPSEC For Activists, Because Encryption Is No Guarantee
The article misses one partial solution: be uninteresting. I've got a bank account in a non-US bank. It's got several hundred dollars in it. Nobody's going to bother to steal that. I've got a password I use all over the Internet, including Slashdot, but you can't do anything with it but post stupid comments. My bank password was a different one. I look just like a million other Amerians living overseas, and that is my ultimate protection. Of course, the cheaper hard disks get, the more data the NSA can store, so the protection is only partial. But for now it is a factor. Of 200 million Americans, how many are worth tracking?

Comment: File transfer from old PC (Score 1) 466

by AndyCanfield (#49143957) Attached to: Ask Slashdot: Old PC File Transfer Problem

I'd make sure to use zip; as I recall unzip has an automatic check on the format of the input. So if you copy W to X and X to Y it might come out wreong, but if you zip W to X.zip and try to unzip X.zip onto anything, it will warn you if there was some loss of bits in the intermediate medium X.

A fall-back solution: e-mail the (zip) files to yourself. Of coures this assumes an internet connection on the old machine, but even an old dial-up modem can be used. This is how I get pictures off from my (new) Android phone. If you've got an RS-232 socket on the old machine you can hook both machines to a LAN router and transfer the files faster. Again, though, in call cases, use zip to provide confirmation of contants.

Comment: Identity theft? (Score 1) 311

by AndyCanfield (#49136085) Attached to: Reddit Imposes Ban On Sexual Content Posted Without Permission
I don't use Reddit, but - how the H* is Reddit going to judge, evaluate, or confirm the pemission? I can post a picture of Julie Smathers naked. Is Reddit going to contact every person in the world name "Julie Smathers" to see if any of them gave their permission? And even if they did, how can they tell if she's the one in the picture? Or do I have to send an e-mail to with an attached signed autographed copy of the photo? This seems like a "call the cops" theory gone wacko.

Comment: Re:I use GnuPG (Score 1) 309

by AndyCanfield (#49134395) Attached to: Moxie Marlinspike: GPG Has Run Its Course

Thing is, there is a mechanism to make doing it this way trustworthy. By opting out of that mechanism, you put the burden onto everyone else for no reason. The result is that you remove your key from the set able to be considered trustworthy without effort.

I never opted out of it. I simply never opted into it. I don't think the mechanism is trustworthy because it is under the control of organizations which are not under my control. I have not put any burden onto anyone else; you can still go to http://www.andycanfield.com./

I "remove my key from the set able to be considered trustworthy without effort."? Again, I did not remove my key; I just never put it in. To me, the Internet is not trustworthy. None of it is. Any trust is an illusion. And "without effort"? You mean like Windows?

Comment: Re:I use GnuPG (Score 1) 309

by AndyCanfield (#49133933) Attached to: Moxie Marlinspike: GPG Has Run Its Course

It feels like you either have a misunderstanding of how the WoT is supposed to work that leads you to false conclusions on how best to use it... only succeeding in making it too annoying for other people to be bothered working with it.

You come very close to saying that you want the Internet to be automatic and trustworthy. Pick one or the other; both are not possible today.

Comment: Re:I use GnuPG (Score 1) 309

by AndyCanfield (#49133733) Attached to: Moxie Marlinspike: GPG Has Run Its Course

You can retain a copy of my public key on your compter. Then you can trust any signed message from me to be from the same source as the previous signed message from me.

Someone could make a key with the same details, get it to me somehow, and I would have no choice but to accept it

"get it to me somehow, and I would have no choice but to accept it"? You allow random strangers to update your hard disk? I don't.

Who goeth a-borrowing goeth a-sorrowing. -- Thomas Tusser

Working...