Please create an account to participate in the Slashdot moderation system


Forgot your password?
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re: Above Congress? (Score 2) 60 60

not sure if serious ... CIA people have been in the Whitehouse since 1980, out in the open (it's debatable before then). They spy on Congress, have their own secret kangaroo courts, and carry out overseas executions all admittedly. One could suppose that there's nothing worse behind closed doors but that would be generous towards spies. Who doesn't really think they're blackmailing anybody in Congress or other high elected office?

Politics remains the entertainment arm of the military-industrial complex. After all, people would be mildly non-plussed to learn that they were secretly ruled by spooks and banksters.

Comment: iOS users feel it (Score 2) 151 151

I currently have a web radio transceiver front panel application that works on Linux, Windows, MacOS, Android, Amazon Kindle Fire, under Chrome, Firefox, or Opera. No porting, no software installation. See for details of what I'm writing.

The one unsupported popular platform? iOS, because Safari doesn't have the function used to acquire the microphone in the web audio API (and perhaps doesn't have other parts of that API), and Apple insists on handicapping other browsers by forcing them to use Apple's rendering engine.

I don't have any answer other than "don't buy iOS until they fix it".

Comment: Re:Dumb as a Rock (Score 0) 41 41

Who builds a house for $7,000? Maybe 50 years ago if you did all the labor yourself and it was a two room affair with no plumbing or running water.

Even a very basic kitchen these days would cost more than that, and that would just be for cabinets, plumbing, electrical a fridge and a stove.

I'd wager that the mortar alone would cost a good chunk of the $7k by itself, if by "stone house" you mean a single floor house built with entirely stone walls to the soffits.

Comment: Re:Big giant scam ... (Score 1) 597 597

I distinctly remember it being promised that the F-35 would beat anything but an F-22 in air-to-air combat, at a fraction of the price. It was not part of the original concept for the system but it was definitely sold politically as being capable of acting as a poor man's F22.

I wonder about the helmet mounted display, whether that's something you'd consider absolutely necessary in an aircraft whose job is to hit surface targets in contested airspace.

Comment: Re:Big giant scam ... (Score 1) 597 597

As a supposed air-superiority platform, this is an utter failure.

To be fair, that was not the original justification for the thing. That was mission creep.

I think the original impetus was to have something stealthy that could do ground strikes in enemy territory. And it makes sense to do a naval version of the same thing. If they'd just focused on that they'd have been done a long time ago with a solid design, which of course in engineering nearly always turns out to be more versatile than you planned for. Adding STOVL and the whizbang helmet (cool as that may be) as necessary elements of the system turned this into an "everything for everyone" project, which almost always turns out less versatile than you hoped.

Comment: Re:Dogfights?! What year is it?! (Score 1) 597 597

Sure you can identify scenarios where the A-10 is useless. But in the last twenty years it's been extremely useful in a number scenarios we've actually faced.

The idea that a system ought to play every role in every conceivable situation is why the F35 performs none of them very well. In hindsight the idea of accommodating the Marines' need for a STOVL aircraft in the same basic design probably dictated too many compromises in the plane's other roles.

Comment: Re:Drone It (Score 1) 597 597

In reality, the only way to fight a war like ISIS is to do what was done to Germany -- level all cities (and all buildings in the city) that even are rumored to have insurgents. Without the commitment to do actual, yucky warfare that completely breaks all resistance... half-ass measures just creates emboldened enemies (think "Remember the Alamo! Remember Goliad!".)

This has been the weakness of the US military since at least Viet Nam and possibly even Korea.

The only way to "win" a war is to defeat the people, not just the army or the fighters. Sure, it's ugly because you kill a lot of people who don't really deserve to die in any conventional moral sense. But not doing it just causes you to lose lives for nothing.

Comment: Re:Drone It (Score 1) 597 597

and yet 9999 times of 10000 or more they continue to treat the enemy humanely and frequently place themselves in grater danger to do so.

But do they do it for humanitarian reasons or fear of punishment?

I don't know how true to life it was, but in "Lone Survivor" when the 3 SEALs capture two random Afghanis they have all manner of animated discussion about what to do with them -- if they let them go, they will likely get a whole bunch of Taliban after them, if they kill them or tie them up so they can't get away, they might end up with some kind of war crimes problem.

During their debate, it wasn't "what kind of a humanitarian are you" it was "Do you want to go to Leavenworth for the rest of your life?"

Frankly, I think they probably should have just executed them. It was pretty clear they were aligned with the enemy (one guy was carrying a two-way radio, and I don't think Afghanistan has a CB club) and the results of not killing them were kind of as predicted -- a company-size band of Taliban chasing them down and trying to kill them, succeeding at killing two of them.

It's hard to think of any other military campaign that would have allowed an operation to get compromised like that when snuffing the enemy would have been so effective.

Maybe a better future compromise is a little autoinjector they could carry with a strong dose of a short-acting (eg, 4-6 hours) but powerful sedative/hypnotic. Nighty-night for them and when they wake up, the soldiers are long gone.

Comment: Re:Kaspersky (Score 1) 30 30

Given what's pretty well known about the overlap between FSB/KGB and Russian organized crime, the generally corrupt nature of Russian government and the cronyism in Russian business, it's hard not to see Kaspersky being reticent about talking with a foreign reporter about Russian cybercriminals.

That being said, it may have more subtle influences. Maybe they're in social scenes that overlap? Maybe there's a certain nationalism or national pride going on where they want to talk about something OTHER than the usual narrative of Russian corruption and crime.

The base problem I have with Kaspersky is that given what we know about money-grubbing American corporations and their willingness to cave to the security apparatus, how does Kaspersky operate in Russia without caving or being strongarmed by the government, criminals, or worse?

Comment: Re:Refill (Score 3, Informative) 155 155

Thanks for this. My experience with the refurb vendors has been fair to terrible. I wonder if I should just replace the caps on a leaky refurb toner I got. Brother makes good machines and sells their carts for a king's ransom. I was literally contemplating $50 more for a new Brother color laser than for a set of toner carts for my existing Brother color laser. The refurbs run 25% of the cost, but I'd rather refill them myself now that I know it's possible.

As to the OP - don't spend a gallon of gasoline to bring a toner cart in for recycling - just toss in the trash if that's your only option (for a brand without a mail-back program). Economics is hard, but recycling without considering economics is stupid.

Comment: Re:ipv6 incompetence is nothing new. (Score 1) 61 61

I don't like what you're saying, but it's true. For this reason I disable ipv6 wherever I care about security (vmlinuz ipv6.disabled=1), because I can't trust the existing implementations and I'm pretty sure there will be data leakage if I don't (this story doesn't help assuage my concerns). Therefore, I'm not engaged in filing bug reports very much, because I mostly have to avoid it. Quite a Catch-22.

Also my ISP doesn't offer it and most endpoints don't offer it, so it just adds latency for Internet operations. There are clearly incentives missing or the situation would be better. The recent move to monetize IPv4 space transfers might finally be the impetus needed for network operators to move their internal nets to IPv6, but look at Android 5 not even supporting DHCPv6 (which administrators seem to want) and you can see how far we have to go - whether Google or the admins wind up backing down, there are still fundamental philosophical disagreements about how v6 should be disabled and no amount of shouting "but I'm right" will solve it. That's in 2015 with at least a lead time of five years for everybody to get on the same page, *after* there is agreement. And even if monetization of IPv4 does start to work, the BGP community has had its head in the sand for two decades and really can't handle it.

IPv6 is necessarily more complex than IPv4 since it shifts the complexity of kludges into services (the tech schools aren't even teaching it so only alpha nerds even understand the stack) and fundamentally the transition plan was "we'll make a spec and then everybody will support it for altruistic reasons") which is such a monumental failure in understanding human action that it's socially embarrassing to be associated with the spec. The IPv6 transition will be a warning to future generations about how not to advance technology in society.

Yet we still need it.

Comment: Re:yeah yeah (Score 1) 52 52

It will display a warning and let you continue

No, it won't - and that's the whole problem. It prompted me to write this piece on re-enabling SSLv3 on Firefox which is probably the most heavily-trafficked post I've done on that blog.

Most of these devices will support HTTP and HTTPS. The posture of the browser developers is to blow up HTTPS support on SSLv3 everywhere, regardless of the risk profile.

There are very few people who are going to get $1100 to replace a PDU because the current one only supports SSLv3. As it currently stands, those people have to re-enable SSLv3 for the whole Internet on their browsers to admin their local devices. Pretty soon they will have to stop updating their web browsers entirely.

There are only two possible real world outcomes:
1) people will re-enable HTTP administration and start sending their passwords cleartext on their LANs
2) the very people in companies who do security work will be running outdated browsers, on purpose, to connect to their gear.

3) a million dollars will appear overnight in a company's budget to replace gear for highly theoretical risks

simply is not an option that exists concurrent with reality.

If the browser engineers had handled the situation the same way as self-signed certs, or even made a more complex UI to specifically whitelist certain hostnames or subnets, then we could have made a reasonable transition. But that would have been hard work with real analysis required, and why do that when flipping a switch and boldly posturing is more crypto-macho?

The very same people who jeered corporate people for staying on IE6 are creating exactly the same situation in regards to SSLv3. They may understand a narrow aspect of cryptography very well, but they completely fail to understand the security of complex systems. They are hurting the security and privacy we're working so hard to achieve. Jeers indeed.

You will have many recoverable tape errors.