Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Blame email clients (Score 4, Insightful) 285

by DrXym (#49126051) Attached to: Moxie Marlinspike: GPG Has Run Its Course
The first mistake made by email clients is they added support for a broken-by-design protocol called S/MIME which used asymmetric encryption through the entire message and was thus cripplingly slow. The ciphers were also covered by patents and had weak key lengths. Messages were signed with a cert like https, and were required to be signed by a CA. And you couldn't get a key unless you paid a CA for one. Oh and keys expired meaning you might have multiple dead keys to maintain if you wanted to open an old email. And no email client or ISP actually offered to give you a key or set you up with one so you had to figure this all out for yourself. And functionality like search / filtering broke on encrypted mail because the client never bothered to maintain an encrypted index of the plaintext that could have allowed it to work.

Then PGP / GPG solved a lot of this bullshit, starting with generating keys for free but email clients never bothered to give it proper support. Instead they offered up some plugin APIs and unsurprisingly PGP / GPG ended up with half assed implementations too. Even fairly good extensions like Enigmail didn't integrate with the client as closely as they should.

And by this point cloud based email took off and crypto fell by the way side. If you want to use crypto in GMail then you have to cut and paste and clearly it's too much effort.

So I really don't blame GPG here. If the first thing an email did during setup was ENCOURAGE a user to create a key; and by default published that key; and attached the key sig to outgoing emails; and automatically looked up incoming email addresses; and automatically encrypted content when all recipients had their own key; and didn't hobble functionality for any of this (e.g. search still worked). THEN this wouldn't even be a problem. Encryption would have been the default and it would be an irrelevance if it was PGP or GPG was under the covers.

Comment: Re:Komodia = Mossad SSL intercept (Score 1) 113

It's quite different. Anyone doing work for mossad wouldn't announce it in any way, shape or form whether they took the page down later or not. If they took the page down it might be because they are the centre of a shitstorm at the moment.. You can't rationalize around this because no rationalization makes any sense. Spy agencies would not and do not do this.

Comment: Re:About right (Score 2) 241

by DrXym (#49110507) Attached to: In Florida, Secrecy Around Stingray Leads To Plea Bargain For a Robber
The state pays the prison to operate under certain parameters and if it so wished one of them could be recidivism rates. e.g. by requiring prisons to offer certain facilities, training, eduction and certain living standards.

So I don't it being relevant who runs the prison providing it abides by standards. What is more important is the political recognition that putting the time into ensuring people don't reoffend will pay off in the future.

I believe a far bigger issue is that the US has the most fucked up justice system anywhere in the western world.

Comment: Re:Komodia = Mossad SSL intercept (Score 1) 113

Stop being so silly. If Mossad was involved with this software then they wouldn't scream it from an about page. There wouldn't be an about page. There wouldn't be a product at all. If they wanted to infect PCs they would do so in a targeted way and they wouldn't shout about it.

It is more likely that this guy left their services and applied some of the tricks he learned to a commercial purpose - writing a library that allows various spyware / adware libraries to hijack clicks and traffic and inject their own affiliate ids / ads / search results into the response.

No one says it's a good or honourable thing but the primary motivation appears to be money and nothing else. It's still a security threat. It's still utterly reprehensible. But it seems to be the guy enriching his own pocket.

Comment: Re:Mossad connection is a red herring (Score 2) 113

Besides, if it really was Mossad, they'd have done a much better job.

If it was really Mossad they'd be installing the code onto PCs used by their enemies for intelligence gathering. They wouldn't be installing it onto new PCs so they could popup ads for penis enlargement pills.

Comment: Does the pit have to be straight down? (Score 4, Interesting) 121

by DrXym (#49093645) Attached to: The Science of a Bottomless Pit
The article suggests that the earth's rotation would cause the dropped to hit the wall on the way down. So why can't the tunnel curve to account for this? Presumably it would curve the other way as it exits. It also suggests that going from North to South pole wouldn't work because of their relative altitudes, but is there an antipodal point where the altitudes are close enough feasibly go from one side to another - e.g. build a tunnel / raised platform to bring each side to the same altitude. I realise this is all completely hypothetical, bad movie remakes notwithstanding.

Comment: Re:that's peanuts compared to the tweakers (Score 2) 213

by DrXym (#49093319) Attached to: Sony Offers a "Premium Sound" SD Card For a Premium Price
What about a $500 wooden volume knob which claims to dampen micro vibrations?

Audiophiles are clearly idiots. A rich seam of idiots with a lot of money that companies specialise in exploiting by selling expensive tat to.

As for this Sony thing, the impression appears to be it would offer absolutely no benefit whatsoever to playback though I guess it's conceivable that recording artists and the like would find a use for it if it reduces radio interference when they're trying to record something.

Comment: Re:It's no wonder fraud is rife in the US (Score 1) 448

by DrXym (#49088321) Attached to: Credit Card Fraud Could Peak In 2015 As the US Moves To EMV
How can a contract be worth any value at all if the store didn't even bother to validate the identify of the person signing? How can my signature by valid if I scrawl "Mickey Mouse" or draw a dick because they're not looking.

Whatever tenuous reason they might have for a signature, it's not a very good one. If they cared for the strength of their contract they would do the minimum necessary to verify it was the person with authorisation to use the card.

As for the cashier, that's part of the reason for chip and pin. It takes the authentication and authorisation out of their hands. Either the transaction goes through or it doesn't but at least some security is applied.

It is not best to swap horses while crossing the river. -- Abraham Lincoln