Please create an account to participate in the Slashdot moderation system


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:I use GnuPG (Score 1) 298

by Asgard (#49129173) Attached to: Moxie Marlinspike: GPG Has Run Its Course

The NSA can't subvert a keyserver. At least, at worst they can replace the keys with their own, but then the Web Of Trust would render those keys untrusted. Getting the key from a keyserver or copying it from a webpage is equivalent. The benefit of the keyserver is if you get an email from someone signed by key X, your client can fetch the key from the keyserver then calculate if you have any trust of that key.

Also, I see that your key is on a keyserver: as any key can be published to a keyserver regardless if you have the corresponding private key.

Comment: Auditing (Score 2) 262

by Asgard (#48948295) Attached to: Comcast Employees Change Customer Names To 'Dummy' and Other Insults

It seems improbable that a 'Enterprise' Customer Relationship Management system that Comcast must be using wouldn't have a detailed history on account changes, such as who submitted a name change. There should be no mystery as to who is changed the names.

Unless someone has hacked in to the underlying database and is bypassing the business logic, in which case Comcast has a serious problem on their hands.

Comment: No control (Score 1) 83

by Asgard (#48885243) Attached to: Data Encryption On the Rise In the Cloud and Mobile

Hosted applications may or may not handle the passwords properly after they've been entered into the form. It is inescapable that the host must have the raw keys in order to decrypt the data. It may be impervious to 3rd parties *now* but there's nothing that prevents that from changing, and the user has no way of detecting it.

Similarly for mobile applications -- unless one has firsthand knowledge that the currently installed application will not transmit raw keys to a 3rd party, AND prevents all future updates to that application, then the security is fleeting.

It may be that the promise of security is enough for a given use case, but to be sure one needs to encrypted the data with keys that are never transmitted to a 3rd party prior to uploading the data.

Another way of looking at it: If an entity were to hold a figurative gun to the head of a mobile app developer / hosting provider, in such a way that you as a user were unaware of it (ie were still willing to use the application / provider in the normal course of usage), could the application be changed such that the data is exposed?

Comment: Re:You're screwing it up devs (Score 1) 473

by Asgard (#48410995) Attached to: Elite: Dangerous Dumps Offline Single-Player

Every single-player exploration game falls under the 'could make exploration pointless' category, yet they are still fun games.

It doesn't make sense that a game with one player requires more CPU then a desktop can provide -- tracking that a NPC spawned some items on a market in various star systems is not that intensive. The CPU intensity of MMOs comes from tracking all the player interactions and routing/filtering those actions, not the spawn rates of various events.

The alternative is to say that one players interactions require more resources then a desktop CPU can provide, which bodes poorly for the scalability / longevity of the game if they need 1.5 cloud-nodes to run 1 player's simulation.

Comment: Re:really? (Score 1) 986

It had to be plugged in to operate, the manufacturer was directly involved in several parts of the test, and it sounds like the outputs were measured in a questionable way. It'd be awesome if it was true, but there is a lot of room for tricks in that.

Even if nobody knows how it works, it should be possible for one of these to be handed off to a disinterested 3rd party with the appropriate inputs detailed, and have it function such that it can be detached from external power and continue to generate significant heat.

But, having the manufacturer involved with setting up the test and fiddling with it partway through casts great suspicion on the claims.

Comment: Re:that's sorta the problem (Score 1) 192

by Asgard (#48011813) Attached to: NVIDIA Begins Requiring Signed GPU Firmware Images

Then you'd have people ransacking stores looking for serial #'s that test above their price level, buy them all up and resell them after unlocking them. Instead, perhaps publish a serial #/model catalog. That works so long as the serial # on the card is relatively tamper-evident, and the manufacture has to be ok with essentially exposing their exact manufacturing numbers. Probably not especially palatable.

Comment: Re:telnet (Score 2) 566

by Asgard (#44230437) Attached to: HTTP 2.0 Will Be a Binary Protocol

Exactly. It is useful to be able to demonstrate that a given request/response occurs with minimal interference. Otherwise there is always questions as to whether FireFox or Curl is sending a request 'differently' somehow; being able to show that a given behavior is reproducible with a request issued over least-common-denominator telnet is inarguable.

Additionally, telnet is nearly ubiquitous while protocol analyzers are much harder to find, plus are often forbidden on desktops in large corporate environments as a security issue either due to their sniffing capability or for innate vulnerabilities.

Comment: Re:Perfect is the enemy of good. (Score 1) 1103

by Asgard (#44154565) Attached to: Employers Switching From Payroll Checks To Prepaid Cards With Fees

They may be required to accept cash, but it can be very inconvenient. Cash transferred via 3rd parties (mail, drop-box, etc) could be pocketed'/lost' before it gets credited to your account, leaving you to pay the bill again plus late fees with no recourse as there is no paper trail. The alternative of spending a solid weekday (not everyone has a weekend office open) each month traveling to places where you can hand the cash to a person/machine and get an immediate receipt is not practical for many.

Computer Science is merely the post-Turing decline in formal systems theory.