Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:Hypocrites (Score 1) 433

by shutdown -p now (#48668749) Attached to: In Breakthrough, US and Cuba To Resume Diplomatic Relations

False. Your confusion lies in the fact that you believe this will do good for the Cuban people, as if somehow magically a place with no free market and a government that has historically given it's people dirt will all of a sudden benefit from these relations. This money will go to the Cuban communist regime, not the people that are suffering that need it. That is where there is truly no logic and severely detached from reality.

Even if 1% of that money gets to the people (and, pragmatically speaking, more of it will for sure), then they are going to be better off.

More importantly, if it prompts economic reforms along the lines of what most other communist countries did - the closest example here probably being Vietnam - the people are going to be vastly better off even if the authoritarian political system remains in place.

Either way, while we can only guess what will happen without sanctions, we know full well what happens with the sanctions: absolutely nothing. So what exactly is their purpose then?

Also, even if it was for revenge, would you really blame someone who feels that way?

Blame them for feeling that way, no (well, it depends on who they were before Castro; if it's one of Batista's cronies, or the members of the top ruling elite supporting him, I'd say they can suck it and go cry in a corner; I have no sympathy for people robbing others under gunpoint when they get robbed themselves in a similar fashion). But I will blame them for letting that emotion guide their political decisions, and especially for pushing the same onto others.

Oh, as for my comfy chair. I was born in a communist country. Don't try that "you rich American asshole can't understand" on me.

Comment: Re:Hotel group asks permission for illegal protect (Score 1) 285

by fuzzyfuzzyfungus (#48667227) Attached to: Hotel Group Asks FCC For Permission To Block Some Outside Wi-Fi
We are obviously going back and forth on a joke here(though there have been a few cases over the years of some poor sucker in a coastal city accidentally roaming onto a cruise ship's $10/min cellular-to-satellite tower and getting a bit of sticker shock, though not often enough to suggest anything other than occasional incompetence); but at least on CDMA(in the broad sense of 'what Verizon and Sprint do', not necessarily the one particular generation that was actually called that) the carrier can initiate a PRL push, silently, at their discretion. Sometimes it's just an update, since towers and signal landscape changes over time, sometimes it's them assisting the feds in moving you over to a stingray...

Comment: Re:Fuck Cisco. (Score 1) 285

by fuzzyfuzzyfungus (#48664349) Attached to: Hotel Group Asks FCC For Permission To Block Some Outside Wi-Fi
There may have to be rules; but I am less than convinced as to why those 'rules' include getting to use deauth attacks against other people's Part 15 devices with your own just because their presence annoys you.

They can have whatever rules they want about who connects to their network and what they do on it; but 'there must be rules' is a pretty thin justification for tearing down the usual rules of precedence for part 15 devices and the ISM band. It's also a recipe for setting off a nice little arms race, which is about the last thing you want happening on a slice of spectrum that only remains useful if the devices on it manage to cooperate a bit.

Comment: Re:Gawd I hated it! (Score 1) 229

by fuzzyfuzzyfungus (#48663039) Attached to: The Slow Death of Voice Mail
They aren't exactly advertized in the glossy consumer stuff section; but there are cellular providers that cater to embedded sensors, distributed system control, and that sort of thing, who will sell data-only, SMS-only, or data/SMS SIMs designed to be used by assorted sensors and traffic lights and things that need to swap bits but can't justify dedicated hardlines. Getting reasonable prices at quantity 1 might be tricky, though.

Comment: Re:youmail (Score 5, Insightful) 229

by fuzzyfuzzyfungus (#48663005) Attached to: The Slow Death of Voice Mail
The trouble with voice mail is that it painstakingly offers almost all the vices of the other options and few of the virtues. All of the inaccessibility of voice (yeah, you could cut and paste part of a VM into your reply, with some effort; but that would be highly unusual...) without any of the conversational or interactive qualities. All of the one-side's-rambling-monologue of email; but without any of the easy access, search, categorization, exchange of information where formatting or spelling count (Who doesn't love resorting to NATO phonetic alphabet just to get a serial number across a phone line?).

Then include the fact that most systems for retrieving them are so awful that somebody using an email client 25 years ago would assume that you were fucking with them, and it's just icing on the cake.

Comment: Re:more NOS and less lense flare (Score 1) 322

Into Darkness on the other hand, is shit. JJ Abrams is shit. Therefore, whoever's replacing him has a low bar to overcome.

I agree about JJ, but I think they've managed to do even worse here. The director of the Fast-n-Furious movies? Are they fucking kidding? This is even worse than hiring Michael Bay to make a movie.

Star Trek is dead.

Comment: Re:Pretty cool vulnerability but.. (Score 1) 159

by fuzzyfuzzyfungus (#48662897) Attached to: Thunderbolt Rootkit Vector
Sounds like somebody was cargo-culting it on that design decision: systems that are intent on using cryptographic lockdown to resist tampering usually don't store the blessed key in rewriteable memory, for reasons made obvious here. Depending on the hardware, it gets some sort of more aggressively write-once/locked/burned in at the factory and read only/whatever storage, with the data to be cryptographically verified going in the rewritable part. I suppose it still functions as a sort of checksum; but not really a security measure.

Comment: Re:In other news... (Score 4, Insightful) 159

by fuzzyfuzzyfungus (#48662829) Attached to: Thunderbolt Rootkit Vector
I'm frankly surprised to hear that Apple still manufactures a device that will boot after you tinker with its boot ROM. The notion that a device that is, for most purposes, right on the PCIe bus can scribble all over the place isn't exactly a shock; but it doesn't seem much like Apple to build hardware that would still boot if the cryptographic signatures didn't check out.

Comment: Re:In other news... (Score 3, Interesting) 159

by fuzzyfuzzyfungus (#48662811) Attached to: Thunderbolt Rootkit Vector
Plus, thunderbolt daisy-chains, so (if you are handy with rework tools or Intel ever gets the stick out of their ass about selling the chips) the malicious device could either be a (subverted) normal looking peripheral or a surprisingly small lump lurking within a thunderbolt cable or somewhere within the chain.

The proof of concept is probably a big hairy bundle of prototype that would get you arrested if you brought it to an airport; but a slightly more polished variant could be squirreled away in quite a few places. The volume and power required to implement an entire single-purpose attacker device is already fairly small, getting into "eh, probably just one of those EMI ferrite things" territory, and not going to get any larger; plus the options available in either embedding the attacker device in the case of a legitimate device or modifying a legitimate device's firmware.

The truly paranoid user might not be vulnerable; but few users are paranoid enough to qualify.

Comment: Re: Interesting (Score 1) 285

by fuzzyfuzzyfungus (#48661259) Attached to: Hotel Group Asks FCC For Permission To Block Some Outside Wi-Fi
Nor in this one(though, barring exemplary tactlessness on your part, customs isn't going to catch you importing all kinds of crazy stuff), that's why the hotels are whining to get a regulation changed. At present, ISM band devices are specifically supposed to avoid interfering with one another. They want the right to explicitly attempt to interfere with others. That will work really well on a shared area of spectrum...

Comment: Re:Irrelevant -- many banks use non-RSA fobs (Score 1) 71

by fuzzyfuzzyfungus (#48661215) Attached to: JP Morgan Breach Tied To Two-Factor Authentication Slip
Fair enough, I certainly deal with the ghastly little things more on the inside than as a user. I assumed that 'RSA dongle' implied that the grandparent poster was using the same, didn't actually check to see what the companies mentioned issued to customers. They are usuriously priced; but that didn't seem implausible for a brokerage account that might easily have actual money in it.

That said, aren't all non-connected tokens(like the Symantec one you link to) going to have the same fundamental limitation that you need to know enough to clone the token in order to authenticate the token? In the case of the Symantec offering, it appears that the model is "Company B needs to pass every auth request to Company A for processing". It's Symantec: Neutral Trusted Party, rather than Bank A vs. Bank B; but same basic system.

The nice thing about smartcards (and USB dongles or contactless systems that implement equivalent functions) is that, while they do need a communication channel, they can perform a proof of identity(via public/private keypair) without ever needing to expose their private key, and without the remote host needing to know anything except the public key. The extra channel is a huge pain in the ass, compared to the time-based ones(which really are a cute trick, even if RSA are awful to deal with), especially if users expect to log in on something where you can't just install a card reader; but something with access to keypair auth is fundamentally better suited to multi-institution verification.

I really wish that we'd just bitten the bullet 10 years ago and actually rolled out a CAC-style keypair/smartcard system, with accompanying hardware and software ecosystem) in a big way. Trying to add it on after the fact is pretty hopeless; but if baked in it's a pretty cheap interface, and more capable than the disconnected tokens by a fair margin. Ah well.

The only possible interpretation of any research whatever in the `social sciences' is: some do, some don't. -- Ernest Rutherford