Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re: Ah, come one, don't we trust the Feds? (Score 2) 90

by Asgard (#49191293) Attached to: US Marshals Service Refuses To Release Already-Published Stingray Info

Installing Open Connect means Comcast avoids costs in maintaining higher capacity edge routers, and can place the caching boxes wherever is efficient for their own network topology. For example, if placed in each geographic region hub, it means their own long-haul trunks are less stressed and do not need to be upgraded as soon. If you take as a given that customers will want to watch NetFlix, then the costs of hosting these cache boxes is supposed to be offset by the reduced pressure on the long-distance Comcast network connections.

Comment: Re:I use GnuPG (Score 1) 309

by Asgard (#49129173) Attached to: Moxie Marlinspike: GPG Has Run Its Course

The NSA can't subvert a keyserver. At least, at worst they can replace the keys with their own, but then the Web Of Trust would render those keys untrusted. Getting the key from a keyserver or copying it from a webpage is equivalent. The benefit of the keyserver is if you get an email from someone signed by key X, your client can fetch the key from the keyserver then calculate if you have any trust of that key.

Also, I see that your key is on a keyserver: http://pgpkeys.mit.edu/pks/loo... as any key can be published to a keyserver regardless if you have the corresponding private key.

Comment: Auditing (Score 2) 262

by Asgard (#48948295) Attached to: Comcast Employees Change Customer Names To 'Dummy' and Other Insults

It seems improbable that a 'Enterprise' Customer Relationship Management system that Comcast must be using wouldn't have a detailed history on account changes, such as who submitted a name change. There should be no mystery as to who is changed the names.

Unless someone has hacked in to the underlying database and is bypassing the business logic, in which case Comcast has a serious problem on their hands.

Comment: No control (Score 1) 83

by Asgard (#48885243) Attached to: Data Encryption On the Rise In the Cloud and Mobile

Hosted applications may or may not handle the passwords properly after they've been entered into the form. It is inescapable that the host must have the raw keys in order to decrypt the data. It may be impervious to 3rd parties *now* but there's nothing that prevents that from changing, and the user has no way of detecting it.

Similarly for mobile applications -- unless one has firsthand knowledge that the currently installed application will not transmit raw keys to a 3rd party, AND prevents all future updates to that application, then the security is fleeting.

It may be that the promise of security is enough for a given use case, but to be sure one needs to encrypted the data with keys that are never transmitted to a 3rd party prior to uploading the data.

Another way of looking at it: If an entity were to hold a figurative gun to the head of a mobile app developer / hosting provider, in such a way that you as a user were unaware of it (ie were still willing to use the application / provider in the normal course of usage), could the application be changed such that the data is exposed?

Comment: Re:You're screwing it up devs (Score 1) 473

by Asgard (#48410995) Attached to: Elite: Dangerous Dumps Offline Single-Player

Every single-player exploration game falls under the 'could make exploration pointless' category, yet they are still fun games.

It doesn't make sense that a game with one player requires more CPU then a desktop can provide -- tracking that a NPC spawned some items on a market in various star systems is not that intensive. The CPU intensity of MMOs comes from tracking all the player interactions and routing/filtering those actions, not the spawn rates of various events.

The alternative is to say that one players interactions require more resources then a desktop CPU can provide, which bodes poorly for the scalability / longevity of the game if they need 1.5 cloud-nodes to run 1 player's simulation.

Comment: Re:really? (Score 1) 986

It had to be plugged in to operate, the manufacturer was directly involved in several parts of the test, and it sounds like the outputs were measured in a questionable way. It'd be awesome if it was true, but there is a lot of room for tricks in that.

Even if nobody knows how it works, it should be possible for one of these to be handed off to a disinterested 3rd party with the appropriate inputs detailed, and have it function such that it can be detached from external power and continue to generate significant heat.

But, having the manufacturer involved with setting up the test and fiddling with it partway through casts great suspicion on the claims.

Comment: Re:that's sorta the problem (Score 1) 192

by Asgard (#48011813) Attached to: NVIDIA Begins Requiring Signed GPU Firmware Images

Then you'd have people ransacking stores looking for serial #'s that test above their price level, buy them all up and resell them after unlocking them. Instead, perhaps publish a serial #/model catalog. That works so long as the serial # on the card is relatively tamper-evident, and the manufacture has to be ok with essentially exposing their exact manufacturing numbers. Probably not especially palatable.

Comment: Re:telnet (Score 2) 566

by Asgard (#44230437) Attached to: HTTP 2.0 Will Be a Binary Protocol

Exactly. It is useful to be able to demonstrate that a given request/response occurs with minimal interference. Otherwise there is always questions as to whether FireFox or Curl is sending a request 'differently' somehow; being able to show that a given behavior is reproducible with a request issued over least-common-denominator telnet is inarguable.

Additionally, telnet is nearly ubiquitous while protocol analyzers are much harder to find, plus are often forbidden on desktops in large corporate environments as a security issue either due to their sniffing capability or for innate vulnerabilities.

"Ada is the work of an architect, not a computer scientist." - Jean Icbiah, inventor of Ada, weenie

Working...