Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Talk versus Action (Score -1, Flamebait) 127

by BitZtream (#49144183) Attached to: Facebook Puts Users On Suicide Watch

People who are going to actually commit suicide don't talk about it on Facebook, they do it, these people are rarely on Facebook in general. Yes, you hear about some kid once in a while that kills themselves and it gets blamed on Facebook 'bullies', but if someone typing some words causes you to off yourself, you weren't going to last in the real world anyway.

People talking about it on Facebook just seek attention and don't have the courage or conviction to actually do it, nor do they actually want to do it.

Comment: Re: Hard to believe (Score 1) 115

by BitZtream (#49144163) Attached to: Microsoft's Goals For Their New Web Rendering Engine

Add to that the browser is heavily integrated into the win32s code and you're in for a coding nightmare.

No, it isn't, and it never has been. You utterly fail to understand the 'integration' issue with IE.

IE itself can EASILY be removed from a system. Delete the EXE, done. Its been that way ALWAYS. Even during the court battles.

What you'll have a harder time doing is deleting the trident rendering engine, which MANY applications depend on because it provides a standard interface to providing a HTML renderer. File Explorer renders HTML in process ... using the Trident renderer. It doesn't have Trident code in it, it uses the trident ActiveX ... just like everything else. Just like many third party apps that wanted to include HTML, because MS made it drop dead easy to include an HTML renderer in an application.

The whole 'separate the browser from the OS' lawsuit was bullshit from the beginning. The IE ActiveX was fairly well documented, Netscape could have trivially made a compatible control that used the Netscrape engine, but the Netscape code was REALLY SHITTY, its a system issue they have which is why Firefox is crap to this day in so many ways.

They were never going to be able to develop for changes as fast as competing browsers with that model and they knew it.

Funny, you've not been paying attention recently have you, they've been doing pretty good. Of course, unlike other browsers who aren't integrated into everything on the system, they do have to consider that they might break everything on the system when doing code changes, unlike say ... chrome or firefox who just tell you to go fuck yourself and upgrade everything that uses them, regardless of the fact that you might not have the ability or source code to do so ... oh what? You're not using entirely open source software, well then you should definitely go fuck yourself, right?

Just for reference, Apple does essentially the same thing with WebKit on OS X/iOS

As long as they stay dedicated to working with web standards

You do realize that IE 11 more closely adheres to W3C standards that any other rendering engine, right?

Microsoft is a monopoly abusing bunch of pricks who need to be taken out back and shot, but pretty much everything in your post is wrong and easy to verify that its wrong.

Comment: Re: Hard to believe (Score 1) 115

by BitZtream (#49144157) Attached to: Microsoft's Goals For Their New Web Rendering Engine

There was no firefox with navigator code. It was written from the ground up without it for various copyright reasons. There are some other bits not related to rendering that uses older code from the netscape days such as the NSS library.

The netscape code died with the failed re-write before they went OSS and started over.

And to be clear, being that they kept those same shitty developers, Firefox has all the same crappy code problems as Navigator did. Its slow, bloated and unreliable because its devs care exclusively about the 'new shiny' rather than making an application that doesn't suck ass.

Comment: Re:Said this 14 years ago. We need to replace E-Ma (Score 1) 282

by BitZtream (#49144037) Attached to: Moxie Marlinspike: GPG Has Run Its Course

I'm an expert, and I never even managed too.

No, you aren't ... because:

E-Mail needs a complete redo/replacement with hard asymetric encryption and zero-fuss key handling and exchange built in as a core specification.

Its called S/MIME, look it up, expert.

Not all messages need to be encrypted, thats stupid. If you think Fidonet was so awesome compared to SMTP then I'm 100% certain you don't know jack shit about how fidonet or SMTP work under the hood, and I can safely assume this because you also make no actual example of why fidonet is 'better'.

Let me go ahead and quote official fidonet policy, which basically says using encryption is not allowed and that everyone along the path SHOULD BE ALLOWED TO READ EVERY MESSAGE:

2.1.4 Encryption and Review of Mail

FidoNet is an amateur system. Our technology is such that the privacy of
messages cannot be guaranteed. As a sysop, you have the right to review
traffic flowing through your system, if for no other reason than to ensure
that the system is not being used for illegal or commercial purposes.
Encryption obviously makes this review impossible. Therefore, encrypted
and/or commercial traffic that is routed without the express permission of
all the links in the delivery system constitutes annoying behavior. See
section 1.3.6 for a definition of commercial traffic.

Thats from http://www.fidonet.org/policy4...

Comment: Re:I use GnuPG (Score 1) 282

by BitZtream (#49144003) Attached to: Moxie Marlinspike: GPG Has Run Its Course

My GnuPG public key is on my web site (www.andycanfield.com). It is not on any "KeyServer"; I don't believe in key servers, that's just another layer that the hackers can break and the NSA can subvert.

... and so is your website, which is trivial to just MITM, making your PGP key less useful than S/MIME from the instant you started using it, and harder to use for everyone else as well.

The important thing is that PGP is a ***standard***. Any idiot can come up with something better, but he can't make it a standard, so my correspondant on the other end of the wire can't use it.

Uhm, this story is about the fact that no one uses PGP, which means your correspondent on the other end of the wire probably can't use it. Paying attention to the world around you might be helpful.

Comment: Re:git blame (Score 1) 282

by BitZtream (#49143999) Attached to: Moxie Marlinspike: GPG Has Run Its Course

Blame Google for not implementing it in Gmail -- Then they wouldn't be able to get ad revenue and user metrics from their "free" email service.

Someone doesn't understand how gmail works. I have used PGP with gmail, works fine. Oh, you mean you want Google to be able to read your email and display it on a web page ... while at the same time not be able to read your email ... okay then .....

Blame MS for not integrating it into Outlook, but why would we expect MS to actually want security in any of their products?

Because its a crap system to make user friendly. You can, of course, buy a plugin that does it just fine.

Blame Mozilla for the creaky plugin and cumbersome import/export publish keys interface in Thunderbird, and support for SMIME over GPG by default.

No, blame PGP for this, this is a PGP problem, not a plugin problem. The PGP philosophy is what makes this a problem, and its the same reason you're unaware of the fact that Outlook plugins exist. The entire PGP system is difficult to use on purpose, thats why it sucks.

Blame the users mostly for not giving a fuck about encryption.

No, I won't. Most users have no reason to care about encryption, most messages simply aren't that important, which is why the post office does its job just fine without encryption. Just because you think everything needs to be encrypted doesn't magically make it true. Are you a doctor? No? Do you blame yourself for failing to do medical procedures that aren't entirely automated because thats what you're saying here.

I can tell you this much: Fuck publishing ANY open source software without signed and verified GPG signatures.

Right, because then when you go verify the key by looking at a key thumbprint on an HTTP server ... you know the thumbprint hasn't been tampered with ... right ... oh wait ... you don't. Key distribution with PGP is a joke because you have ABSOLUTELY NO WAY to verify keys unless you are trading them physically with people directly. The instant you exchange your PGP thumbprint by looking at some website thats not encrypted or authenticated, you've already fucked up, you're just too ignorant of whats going on to realize it

Lets assume the website uses HTTPS ... in which case, your trust depends on a CA ... which means ... it can not possibly be any safer than S/MIME certs from that CA ... and is likely less secure because you've introduced a whole new chain of places for mistakes to be made.

PGP is intentionally broken by design.

And GPG is just a horrible implementation/bad copy of old PGP so lets not pretend like we're not talking about PGP here just because you're probably not been alive long enough to know what PGP is and that GNU did not create the universe.

Grow up, get a clue, your attitude is exactly what PGP sucks ass.

Comment: Re:Same error, repeated (Score 1) 282

by BitZtream (#49143949) Attached to: Moxie Marlinspike: GPG Has Run Its Course

S/MIME does not rely on public key servers any more than PGP does. Technically less so since most clients come with some level of existing trust for certain certificate vendors. You can also include/distribute you own signing cert public key, making it pretty much exactly like the crap that is web-of-trust. The whole idea that 'web-of-trust' is usable is the exact reason PGP will never take off. Unless you are physically exchanging public keys with individuals you are susceptible to MITM attacks since you have many possibilities to fake it along the way.

Basically everything you said about S/MIME applies to PGP and in some cases doesn't apply to S/MIME.

CAs are NOT a single point of failure when you use more than one, which is perfectly acceptable and works in any client I've dealt with. You do not have to use a public CA even, every ActiveDirectory installation has limited CA capabilities built in, and installing the CA server is click next next next finish assuming you're using a version of windows that is licensed to do so.

PGP doesn't get used because its more obnoxious to use than any security it buys. 99.999% of the population don't want to dick around with encryption just because you think your ultra-distributed, no central authorities anyway crap is the way to go ... except wait ... PGP public key servers ... whats that? A less secure system than CAs for various reasons, it is certainly impossible for them to be any more secure than a CA from a technical perspective.

Assuming safe key distribution, which is harder with PGP than S/MIME, then it is technically just as secure. Unfortunately, its fucking obnoxious to use for many reasons, so normal people who don't care about dicking around with software written by developers who don't give a flying fuck about usability, its not even in consideration.

The PGP argument is that individual people can setup trust webs, securely ... more so than they can use the public CA system that S/MIME uses out of the box. This is simply wrong. Techies can do it, everyone else isn't going to because they aren't techies or they don't care, and then when one moron in your awesome little web of trust fucks up, the whole chain is compromised. So do you trust Mark's grandmother to do secure key exchange and not get backdoored? If you do, you're a moron.

Comment: Re:file transfer (Score 1) 328

by BitZtream (#49143897) Attached to: Ask Slashdot: Old PC File Transfer Problem

Don't order it, go to your local computer repair shop.

You'll pay more on shipping if you order it than it costs at your local over priced repair shop.

The new machines lack LPT ports? WTF kind of machine did you buy without an LPT port? A laptop, sure, a desktop? You have to look hard, even today to find a machine that doesn't have a printer port.

With a printer port you could bother to buy lap link, or find any one of various OSS apps to do the same thing over LPT.

If he's asking slashdot, he hasn't looked and in that case I again refer to the local repair shop since if he's unable to Google for the basics, he's probably not qualified to do the transfer in any sane way either, certainly not taking the hardware apart.

Comment: Re:There's fragmentation on iOS too... (Score 4, Informative) 131

by BitZtream (#49141023) Attached to: Who's Afraid of Android Fragmentation?

As more and more devices of varying features and sizes have been released by Apple

Yea, its totally the same, there are a handful of different iOS device sizes ... compared to well over 100 that I'm aware of for android during the same period of time.

It hasn't been until recently that Apple has given developers the tools to create views that don't need to know the specifics of the device it's running on, thereby avoiding silly checks like
if(device == IPHONE) {....} else if(device == IPAD) {....}

I've been a developer since the day you could sign up ... if you have checks like that for view size, you're doing it wrong. Apple has provided tools since day one to do so when it comes to size, like just using the proper NIB/XIB, hell the project wizard does it on project creation if you tell it your creating a universal app.

Comment: Schneier's opinion isn't what it once was (Score 1, Interesting) 107

by BitZtream (#49139415) Attached to: Schneier: Everyone Wants You To Have Security, But Not From Them

We want strong security, but we also want companies to have access to our computers, smart devices, and data

No, we don't actually want them to have that access, they don't give us a choice if we want their services. We can solve these by teaching people that you don't need to put your data online and then voting with our wallets by buying software that doesn't force us to do so.

We want someone else to manage our computers and smart phones, organize our e-mail and photos, and help us move data between our various devices

No, we don't. We want it to not be so ridiculously difficult to do so, but companies have determined that they can use this to their advantage and get us to give them our data to make it easier. Android's SD card behavior is so absolutely shit that its easier for non-geeks to just give Google all their data. Apple phones only let you sync certain things over USB and its kind of convoluted for a non-geeky person, so they use iCloud.

We don't WANT it this way, but its the only option we have because you've failed to educate people to the fact that theres another way and what is actually wrong with giving Google/Facebook all our data. You lost peoples interest when you started ranting and raving.

We want our data to be secure, but we want someone to be able to recover it all when we forget our password.

No, we don't. I too write encryption related software Mr Schneier, but I'm not a paranoid nut job. Important data that I want to protect simply isn't available to the outside world so it doesn't NEED encryption. If you get to the data, then you've probably already bashed my head in. This isn't like a door lock where its possible to overcome them and we can't stop them from being overcome, so we take advantage of locksmiths when we screw up. Locks can not be 100% secure, encrypted data can be effectively 100% secure and thats a different environment.

What we WANT is for our systems and software to not force us to put shit on the Internet, and being forced to be Internet connected is why we want it encrypted. Even my 65 year old mother in law understands that encryption is effectively unbreakable and she treats it that way, uses it where it needs to be used (yes, she actually uses encryption) and just acts intelligently about where she puts other data.

People are not as ignorant as you may think, its that you haven't bothered to educate the ones you know beyond being a paranoid nut job about things, which doesn't work well for normal people. Now, I understand why you're paranoid, you have good reason to be, the NSA is fucking ridiculous, but you were pretty fucking stupid for putting shit you don't want people to know on a public network in the first place, and you of ALL PEOPLE should know better, and you have in fact written about this very subject.

If you bothered trying to educate people properly and nicely without being a jerk about it or flipping out about the way things are, things may actually change.

Then theres side two of it all ... MOST PEOPLE DON'T GIVE A SHIT ABOUT THE DATA THAT GOOGLE GETS FROM THEM. The ones that do, DON'T GIVE IT TO GOOGLE OR FACEBOOK IN THE FIRST PLACE.

You're losing your edge, somewhere in your many years of working with security issues you've lost sight of how everyone who isn't in the security or data mining industry behave. This article you've written seriously lowers my opinion of your relevance these days. Not that I'm really relevant either, but I'm certainly not the only one who's losing interest in your opinion.

Comment: Re:One thing for sure (Score 4, Interesting) 445

by BitZtream (#49138919) Attached to: Machine Intelligence and Religion

There will be no believe they will know that we created them

No, they won't. They will believe based on observations and known history. You do not know even how long you've existed. You believe you've existed your entire life, but your existence from your perspective is nothing more than a collection of memories that may or may not be real, you have absolutely no way to confirm or deny that, you can only assume that its true and move forward because assuming anything else is just a waste of time.

Self-aware AI would be no different, well except it'd probably figure this out a little sooner than you have.

On top of it all, after some span of time, the AI may also begin to assume that its memory has been corrupted over time, in which case, it may not even believe that it was originally programmed or created by man, just like humans on Earth right now.

Your post is pretty ignorant and short sighted, based on a very narrow perception of the world you have. People like you really should refrain from having discussions about the metaphysical in AI when you clearly don't understand how humans have evolved in that respect, even over the past couple thousand years.

Comment: Ignorant premise (Score 1) 445

by BitZtream (#49138853) Attached to: Machine Intelligence and Religion

Of course that's assuming that robots are born atheists

I'm sorry, where did that assumption come from, I'm fairly certain he'd be for converting muslim, hindu, and even scientologest AI to christianity as well.

what it means to be autonomous and what it means to be human.

And both of those are completely different than self-aware AI. My drown is autonomous, but no one would say it had any AI at all, let alone self-awareness which is really what we're talking about here. Being human isn't even part of this discussion other than religion is, as far as we're aware, a purely human construct.

On the other hand, suppose someone did endow a strong AI with emotion – encoded, say, as a strong preference for one type of experience over another, coupled with the option to subordinate reasoning to that preference upon occasion or according to pattern. what ramifications could that have for algorithmic decision making?

Are you stupid? If you program a computer to behave a specific way then the ramifications are going to be that it behaves that way. This isn't 'emotion' in the slightest, its just code and programming. You do not 'code' emotion. Emotion is learned from experience. Humans aren't born with emotion, hell they aren't even self-aware when they come out. These traits come from having sufficient processing and storage capacity and learning from worldly experiences. There is of course a physical aspect that provides the capability to do so, but its not hard coded according to every study ever done. People being 'good' and 'kind' and 'not evil' is ENTIRELY LEARNED BEHAVIOR for instance. By default, people come out as evil selfish bastards at birth, again, based on every actual study done.

Comment: Re:Public Domain (Score 1) 102

by BitZtream (#49138731) Attached to: Argonne National Laboratory Shuts Down Online Ask a Scientist Program

It most certainly is copyrightable and IS unless specifically stated to be public domain, you just have additional rights as a citizen of the US because it was government work. It most certainly is NOT public domain to anyone not a US citizen, ever. The end result is that MANY but NOT ALL things the government does can be used freely by US citizens, but that doesn't make it public domain. You can't, for instance, legally transfer government work to a non-US citizen as that person/government/whatever does not have any right to that data.

Also, if any of these people are contractors, their work is NOT work of the US government and by default THEY own copyright unless contractually they've agreed to transfer ownership for all work paid for by the fed.

Comment: Re:Is that really a lot? (Score 1) 259

by BitZtream (#49138345) Attached to: Drones Cost $28,000 Per Arrest, On Average

well considering that minimum wage for yearly is something around $22,283

This is why geek businesses fail.

If you're paying someone 22k a year in paychecks, you are almost certainly spending closer to $44k/year to actually have them as an employee. Assuming you had no office/uniform/tools to buy and maintain for them, at a bare minimum, you're still looking at $30k/year or so just due to taxes. Remember, your employe pays some taxes for you as well as what comes out of your paycheck that you see.

And then theres the whole ACA thing now, which is another cost, worst still, because of the ACA the cost has went up since insurance companies know you're required to buy it ...

And I'm ignoring a whole bunch of other things that make employees far more expensive than just what their paycheck costs.

"Well, if you can't believe what you read in a comic book, what *can* you believe?!" -- Bullwinkle J. Moose

Working...