Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
What's the story with these ads on Slashdot? Check out our new blog post to find out. ×

Comment Re:No shit ... (Score 1) 157

As usual, you just whine that context is missing without explaining how you could possibly believe yourself when you said "nobody is claiming the ocean is not rising."

Nobody is whining. I am certainly accusing.

Many times, in many places, I have clearly stated that of course the ocean is rising. If in one time and one place you thought I meant something else, then the CONTEXT of that statement must have been misunderstood or missing. You already know I don't believe the ocean is not rising at all, but you use your out-of-context distortions to make it appear that I did. That's lying.

Don't you realize that being completely unwilling to back up your lies with actual calculations is indistinguishable from your being completely unable to perform even the most basic tests for acceleration in a dataset?

You cited Church and White, but I have more that say it ISN'T accelerating. I have many counterexamples, but I only need one. Church and White (2011) found a minuscule acceleration (0.009 cm / year ^-2), while others have found larger DEcelerations. Houston and Dean (2011), though their error bars are somewhat larger, Watson (2011), etc.

No dishonesty here. I have evidence for the things I say.

Comment Re:Yes, in many states... (Score 1) 693

There you go again. You have just illustrated a very real difference, and made my point for me.

You have been told many times that I am not a "sky dragon slayer". Whether I might have been once, in your opinion, is another matter. But you talk about years ago as though it were today, in precisely the calculated way that would give someone else the wrong impression.

That's dishonest. UNlike an honest mistake, it's a form of deliberate lying.

I am not (and have not been) the liar here, you are. You might try to excuse yourself for that in many different ways, but it hasn't worked.

Comment Re:Programming (Score 1) 555

Because so many people mis-understood my comment (in several seemingly very creative ways), I will clarify what I meant.

I didn't say you should roll your own. I agree that would be dumb. I didn't mean to imply that you had to know every aspect of every bit of math going on in an encryption algorithm, but you should have at least some grasp of the basics.

The reason I chose bcrypt as an example is because though it is based on Blowfish, it has not been shown rigorously that the additional key-generation rounds it is using to increase decryption time does not weaken the underlying encryption in any way. It seems like a reasonable conclusion, but reasonable is often not enough in encryption, as history has shown us quite often. The only real assurance we have that bcrypt's key-generation doesn't weaken the underlying encryption is that the developers said they "hope" it doesn't, in their original white paper. Hope is not a good measure to use for encryption.

On the other hand, there is PBKDF2, which has pretty much all the advantages of bcrypt, but unlike bcrypt has been fully security-audited.

My main point about the math was just that you should have a good idea of the relative "strength" of the algorithm vs today's computing power, and a basic idea of how it works. But there there are things like: how do I figure out how many bytes my salt should be? Etc.

Not rocket science. But it's not all 6th-grade math either.

Comment Re:Programming (Score 3, Insightful) 555

Well, my comment has been so much misunderstood, I cannot help but think I could have worded it more clearly. I didn't mean what you seem to think I meant. Even so, THIS:

As someone who works in the infosec industry, the fact this comment is rated +5 Informative fills me with panic. Yes, you should absolutely take someone else's word for it, specifically you should take NIST's word for it.

... is such utterly wrong, complete bullshit, I hardly know where to start.

You're referring to the same NIST that tried to foist Clipper Chip and Skipjack on a mostly-unknowing public in the early 90s? And planned to continue with the plan even though 80,000 negative comments were received during the public comment period, and a mere handful of positive comments? The same Skipjack that was later shown to have serious flaws?

Or, let's see... wasn't that the same NIST that has been implicated in trying to push a compromised form of elliptical-curve key generation on the businesses and public of the US?

That NIST?

It is to laugh.

No, people should listen to private-sector experts, and not listen to the Government at all, or at least take what it says with a grain of salt the size of a basketball.

Comment Re:Programming (Score 1) 555

In other words, any web developer who has not worked through their own proof of the Fermat-Euler theorum is not qualified to call themselves a good programmer.

You people seem to have some very creative forms of reading -- um -- "comprehension". I didn't write that and I didn't mean that.

I wasn't trying to imply that you necessarily had to know how elliptical curves apply to public-key cryptography. But you should have a good understanding of key length vs brute-force time, or whether the method being used is vulnerable to rainbow tables, etc. That does require a bit of math. Not PhD level, by any means.

Comment Re:Programming (Score 2, Informative) 555

Indeed. You can be a good programmer in most sub-fields without having a good grasp of multi-variate calculus, but you will never be a good programmer without at least some decent math skills.

You might do okay at coding web sites. But even then: if you don't understand how the encryption works, how do you know what method to use for encrypting the passwords on your website. Should you just take someone's word for it? (Answer: no. And yet that's how bcrypt became popular.)

Comment Re:No, obviously (Score 1) 263

Armed robbery includes any deadly weapon brandished as threat of force during the robbery, not just firearms.

Do you understand what "enhancements" are? In some states, using a firearm specifically will result in an "enhancement" to your sentence if found guilty. It's the same crime (armed robbery), but carries a stiffer sentence if thw weapon happens to be a firearm.

Killing (even accidentally) in the commission of a felony is usually considered murder, so planning to kill in commission of a felony is like planning to murder.

True, but irrelevant to the point being made.

Comment Re:No, obviously (Score 1) 263

They inflict grievous bodily harm, every time.

Nonsense. Where do you get these ideas?

MOST shooting victims today (some sources say as much as 90%) survive.

MOST knifing victims (some sources say as much as 90%) bleed out before help arrives.

Your irrational fears, based on faulty perceptions, are not a rational basis for making law.

Comment Re:No, obviously (Score 3, Interesting) 263

unless of course you're terrified of computers and networks, view them as tantamount to witchcraft, don't understand them, and hate and fear anyone who does. Then of course, by all means, grab your torch and pitchfork. The rest of the loonies will be waiting in the town square at midnight.

It's the whole "enhancement" idea in the law that is just so much hogwash.

Why was the crime "worse" because a computer was used? Did the victim suffer more? Was there more physical damage?

In the same vein, why does an armed robbery in many states carry an "enhanced" sentence, or even become a different crime, because a gun was used? Would a crossbow or a big knife have been any different? They're all deadly weapons.

"Enhancements" like these are an expression of fear and attempted control. It's not a matter of justice, it's a matter of trying to control people. Plain and simple.

Comment Re:Yes, in many states... (Score 1) 693

Just so we're clear, here is a statement from an attorney about this habit of yours. You can find the same information in many places:

Putting a question mark at the end of a statement when it's meant to be a statement can still lead to liability.

Also, from a law school:

Defamatory statements can come in the form of questions as well, especially if the question implies certain facts about the person who is being questioned. For example:

A radio DJ, during an interview, asks his guest âoewhen did you stop beating your wifeâ? This question carries the implication that the guest has been beating his wife. Thus, there is a defamatory implication to the question and the guest may have a viable cause of action against the radio DJ.

Your long history of making statements similar to the one you made above, some with question marks and some without, has made your intent very clear. You don't get a pass just because you put a "?" at the end of a defamatory sentence.

Comment Re:Yes, in many states... (Score 1) 693

Just so we're clear, this is a statement from an attorney about this habit of yours. You can find the same information in many places:

Putting a question mark at the end of a statement when it's clear that it's meant to be a statement can still lead to liability.

Your history of making similar statements with question marks makes it very clear what your intent is. You don't get a pass just because you put a "?" at the end of a defamatory sentence.

I was playing poker the other night... with Tarot cards. I got a full house and 4 people died. -- Steven Wright

Working...