Forgot your password?

Comment: Re: Whips and manicles (Score 1) 206

by jd (#48012047) Attached to: My toy collection is ...

If it's not an abacus, it can't count. Most of the rational people have quit fet due to database failures, update disasters, an incredibly primitive unthreaded discussion format and a contingent of highly abusive individuals. Abusiveness and primitiveness has done for tech forums, too, which is why Kuro5hin has been in death throes for some time.

A community is never stronger than the people who stand behind it and, in sadly far too many cases, the people standing behind the community are crouched down and in hiding.

Comment: Re: So, systemd integration is suddenly a good thi (Score 1) 394

by jd (#47979851) Attached to: Debian Switching Back To GNOME As the Default Desktop

Doesn't matter. It's not tested or validated for every possibility. Hell, given how easily I can break Debian, I wonder if it's tested at all these days. There is no point in using unvalidated setups with a distro, if you're at that point then you should roll your own.

Comment: Re: Funny, I Left GNOME 3 Mainly Because of System (Score 2, Insightful) 394

by jd (#47979833) Attached to: Debian Switching Back To GNOME As the Default Desktop

Software that is designed correctly separates out what it does, how it does it, and how it interacts with the outside world.

Ergo, software that is correctly designed is user-agnostic. If the user thinks in a particular way, whatever that way happens to be, it is the job of the software to accommodate that. If it does not, it is not software for users, it is software that has users. Possession is everything.

Software that is correctly designed is configuration-agnostic. If the configuration file states something is enabled, then that is enabled. It is not the job of the software to say the file really means something else. If the configuration is broken, state how and why. Clearly. If the configuration is old, import and update. But don't tell me, or anyone else, what Joe Bloggs thinks would look better. I don't care. And the more other people's preferences get shoved in my face, the less I will care.

Theo clearly has the right idea - the only way to get past the morons is with an attitude of utter contempt. Bugger all else matters, apparently.

Comment: I'm switching off Debian. (Score 0) 394

by jd (#47979755) Attached to: Debian Switching Back To GNOME As the Default Desktop

Linux-From-Scratch is easier to use, less user-hostile and less determined to tell me how to think.

ANY software that pretends to know better than me how I want things done is software that deserves to burn. And then sink into the swamp. It is that precise attitude that got me to kick the Windows habit and led me away from the early ix86 BSDs.

I not only think better than a mere machine, I think better than your average distro compiler. I can spec better, I can build better, I can test better. Debian had, up till now, been acceptable, the packages are convenient and it's no great pain to tune. Now, Debian ranks lower than Fedora. I'd recommend the MCC distribution before either and that was last updated during the Ice Age.

Comment: Re: More great insightful summaries from /. - not! (Score 1) 76

by jd (#47970913) Attached to: Researchers Propose a Revocable Identity-Based Encryption Scheme

I've used the site longer and reserve the right to use Doctor Who references where I'm suspicious of technical details, especially as relate to timing vulnerabilities. This is allowed, as per The Hacker's Dictionary. Bonus points for finding the Doctor Who references included.

Comment: Re: Cursory reading (Score 1) 76

by jd (#47970887) Attached to: Researchers Propose a Revocable Identity-Based Encryption Scheme

That was pretty much my interpretation as well. Which would be great for ad-hoc encrypted tunnels - the source and destination can have keys that are valid only until the tunnel's authentication expires (typically hourly) and where the encryption is based on the identity the other side is known by. Ad-hoc tunnels need to generate keys quickly and efficiently, but also don't need to be super-secure. In fact, they can't be.

If RIBE isn't useful in ad-hoc, then you'd end up having to ask when it would be useful.

Anything that depends on a third party, including PGP/GPG with keyservers, is vulnerable to some form of compromise, SSL/TLS certificates all have a third party signer and Kerberos depends on all kinds of behind-the-scenes work being secure. However, although they're imperfect, they're considered adequate for what they do. Well, except for SSL, perhaps.

RIBE presumably therefore also has a niche where it's good. Rapid key turnover is what's wanted for conversation-based protocols with timeouts. That makes RIBE sound promissing for IPSec ad-hoc and SSL, as it makes store and crunch by attackers less likely to work. But is that the right niche?

+ - New revokable identity-based encryption scheme proposed->

Submitted by jd
jd (1658) writes "Identity-based public key encryption works on the idea of using something well-known (like an e-mail address) as the public key and having a private key generator do some wibbly-wobbly timey-wimey stuff to generate a secure private key out if it. A private key I can understand, secure is another matter.

In fact, the paper notes that security has been a big hastle in IBE-type encryption, as has revocation of keys. The authors claim, however, that they have accomplished both. Which implies the public key can't be an arbitrary string like an e-mail, since presumably you would still want messages going to said e-mail address, otherwise why bother revoking when you could just change address?

Anyways, this is not the only cool new crypto concept in town, but it is certainly one of the most intriguing as it would be a very simple platform for building mostly-transparent encryption into typical consumer apps. If it works as advertised.

I present it to Slashdot readers, to engender discussion on the method, RIBE in general and whether (in light of what's known) default strong encryption for everything is something users should just get whether they like it or not."

Link to Original Source

Comment: Hmmm. (Score 0) 72

by jd (#47921793) Attached to: Astronomers Find Star-Within-a-Star, 40 Years After First Theorized

If Kip Thorne can win a year's worth of Playboys for his bet that Cygnus X1 was a Black Hole, when current theory from Professor Hawking says Black Holes don't really exist, then can Professor Thorne please give me a year's subscription to the porno of my choice due to the non-existent bet that this wasn't such a star?