Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: "Hack?" (Score 1) 93

by Sloppy (#49155605) Attached to: Blu-Ray Players Hackable Via Malicious Discs

Isn't the very point of this player's system, that the player serves the interests of the disc's publisher over the interests of the users, where the users' needs should always yield whenever there is a conflict? That's not a mere technicality; it's the very essence. From the spec's pov, this is desirable operation. Nothing has been subverted.

Comment: Encryption Castle (Score 1) 192

by Sloppy (#49096631) Attached to: How NSA Spies Stole the Keys To the Encryption Castle

Cell phone SIMs are the "Encryption Castle", really? From a practical perspective, they are essentially plaintext, since everything gets fully decrypted at each hop.

Maybe I will start calling my previous car a "Dining Palace" in honor of the epic glorious time that I once ate a chili dog while driving, shifting and making a left turn (alas, this was before I had a cell phone) without getting any chili on my shirt.

Comment: Re:Impossible! (Score 1) 42

by gmhowell (#49082285) Attached to: One Year of Data Shows the Hacker Community Is Tight-knit and Welcoming

The hacker community is primarily a male dominated space, therefore it must be hostile and problematic, shitlord!

Perhaps we should start marketing the term "hackette", and include a pen-test ISO image with every Barbie Thumb Drive.

Seems to be the desperate approach in CS-land.

Those Barbie thumb drives already have them. Not my fault you haven't discovered it yet.

Comment: What's people obsession with rubber hoses? (Score 1) 220

by Sloppy (#49080813) Attached to: Obama Says He's 'A Strong Believer In Strong Encryption'

Rubber hoses are weak. You never get threatened with a rubber hose or a $5 wrench, without knowing it happened and your enemy revealing himself. It takes irrevocable commitment and admission of guilt on their part, and therefore risk of consequences, to take things to that level.

When they bring that stuff out, comply. Sing like a bird. They get the data they want, and then you call the media and your lawyer (or the cops, if your adversary with the hose/wrench doesn't happen to be the cops), and the TRUE bitchslapping (to whatever degree is possible, at least) may then commence.

Crypto is good. Sure, you can still find some bad things within that scenario: your privacy was still violated rather than protected. Maybe they're going to "disappear" you so that you never get to tell anyone about the threat or torture. Maybe they're going to torture you anyway after you give up your keys. But all those possibilities also exist in the plaintext scenario too! If they want to murder you, they'll do it. If they want to torture you, they'll do it. Psychopaths are going to do whatever they're going to to. But they slip up and get caught sometimes, and if you confront them with crypto, there's also the chance they'll do what many other criminals usually do: pick an easier target.

Comment: Re:Who TF buys a "Smart" TV anyway? (Score 1) 370

by Sloppy (#49030323) Attached to: Samsung Smart TVs Injected Ads Into Streamed Video

..why would anyone in their right mind buy..

Go look at how much it would cost you to a buy a single Raspberry Pi (its capabilities are just about right for this). Then imagine what something like that would cost a huge manufacturer like Samsung (I say this part, so that you'll have some sense of how low the margin will be). That is how much a smart TV costs to make, relative to a dumb TV. On something costing hundreds of dollars, it's nearly free.

And what the game console makers, the smartphone makers, etc (and even pre-loaded OS desktop PC makers) have established over the last few decades is that "nearly free" can become "actually free" or even profitable if someone pays you to bundle malware with your product, or there's some kind of product-tying, or things like that. (So basically, damn near every expensive anything, ought to have a [potentially user-hostile] computer in it. Think of anything that costs $400 or more. That thing needs malware.) So just having a CPU can increase the revenue from the sale, so that from the manufacturer's point of view, it virtually costs less to make. So if you're in a highly competitive market, you can sell it for less.

Thus, the reason people buy these things, is that they cost less (to buy; I mean the cost at the time of the sale, not the costs of using the product).

We simply haven't yet gotten to the point where, when you first buy a TV (or a car) (or for some people, a phone) the first thing everyone knows they need to do with it, is overwrite the preloaded assumed-to-be-user-hostile software with a user-centric replacement. Fortunately, Samsung is joining Apple and Nintendo/Sony/Microsoft, and many others (this is an all-too-common thread to rehash; don't feel offended if I omitted your favorite Peoples' Enemy), in helping to teach us all this basic principle.

Comment: Re:Best alternative? (Score 1) 370

by Sloppy (#49029925) Attached to: Samsung Smart TVs Injected Ads Into Streamed Video

Yes, I could leave it unconnected from the network, but then I'm just pushing the problem to another device.

But at that "another device" point, the problem is really easy. You can build (or even still buy) awesome Mini-ITX (or similar sized) systems to use a HTPC and can very likely mount it on the back of the monitor if you really don't have any place for it to sit.

It's only the built-into-the-monitor form factor where there aren't really any good computers avai-- actually, you might look into running Linux on an iMac (though IMHO you'll get less computer for more money, that way) if you simply just must have it down to one single enclosure without any unsightly bumps on the back.

Comment: It would require somebody giving a fuck (Score 1) 239

by Sloppy (#49025323) Attached to: Ask Slashdot: What Will It Take To End Mass Surveillance?

People can't even be bothered to generate and exchange PGP keys with their own friends and family, and then someone talks as though those same people might be willing to vote or revolt.

That's not laymen I'm talking about (they care even less); that's self-labeled geeks/nerds. Slashdot doesn't care enough, for it to ever get to a point as extreme as voting.

Comment: Re: Not a laywer. (Score 1) 224

by Sloppy (#48974781) Attached to: If a Financial Institution Mishandles My Data, What Recourse Do I Have?

Your idea will never catch on. ;-)

But seriously, one of the problems with your idea, and it has actually happened in real life, is that the users fail to authenticate the bank. So some of them end up sometimes submitting HTML forms to an imposter. When you and the bank meet each other and they're getting your public key, you should also be getting their public key.

Instead, we're using this ridiculous system where someone named verisign, whom we never met, is our introducer for a party we have already met (our bank). It's actually pretty crazy, insecure, and regressive tech, when you think about it.

"Consequences, Schmonsequences, as long as I'm rich." -- "Ali Baba Bunny" [1957, Chuck Jones]