Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:GP is an attempt to censor and bias (Score 1) 795

by Dan Ost (#47967241) Attached to: How Our Botched Understanding of "Science" Ruins Everything

Anyone that dares to challenge the status quo is attacked and ostracized. If they have arguments that are really good, they are ignored and black listed from media. Society has gone through many phases just like this one previously, as a true Philosophy I study everything including History.

Can you give any examples of the bolded statement?

Comment: Re:Security fix backports (Score 1) 190

by Dan Ost (#45443689) Attached to: Linux 3.13 Kernel To Bring Major Feature Improvements

Some Linux distributors, instead of providing a new kernel that may break old applications or devices, instead backport security fixes to an old kernel.

Why does Linus allow kernel updates that break applications and drivers?

Because he has decided that those updates improve the kernel somehow. That's his job: to improve the kernel.

If some applications get broken when the kernel is improved, it's the application developer's job to fix them.

This is as it should be. Any other model ties the hands of the kernel developers and then they can't do their job.

Comment: Re:Likely outcome (Score 1) 105

by Dan Ost (#44873903) Attached to: UK Cryptographers Call For UK and US To Out Weakened Products

We have to assume everything up to this point is compromised and start pretty much from scratch. Replace AES with TwoFish, re-design all the lower level protocols, increase all key lengths, remove any ability to downgrade security and mercilessly cut off clients that don't upgrade when an issue is found.

I don't think any of that is strictly necessary. Verify the math and inspect the implementations, but there's no need to throw it all away. Some amount of paranoia is justified, but throwing it all away goes too far.

The whole trusted certificate system has to be replaced as well, which is going to be hard.

I agree there are serious issues with the current system, but I am at a loss to come up with what would replace it.

Comment: Re:Meta review (Score 3, Interesting) 366

by Dan Ost (#44819001) Attached to: Are the NIST Standard Elliptic Curves Back-doored?

Because the designers of the Linux random number generator code designed things such that if RdRand is compromised, it doesn't reduce the strength of the random number generated. However, if it is not compromised, then the randomness is stronger.

Why should we give up a potential benefit if there is no possible harm?

Comment: Re:A Sensor to unlock with Fingerprint? (Score 2) 773

by Dan Ost (#44811037) Attached to: Apple Unveils iPhone 5C, iPhone 5S

But for security purposes using it to unlock your phone or identify you to the device as the current user is pretty sweet

Sure, unless you're wearing gloves, or when you have wrinkled fingers from swiming or bathing, or you have grease on your fingers from eating, or you have a job where you have to wash your hands a lot (doctor, nurse, new parent, etc).

One can't proceed from the informal to the formal by formal means.

Working...