Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:Expect an updated U.S. travel advisory. (Score 1) 28 28

At least if you do it you're pampered and it's safe, unless you act out (say run to one particular statue and piss on it, or grope a female soldier)

Right. According to the above mentioned Travel Warning from the U.S. State Department, the following then qualifies as "acting out" and can be cause for arrest:

* involvement in unsanctioned religious and/or political activities (whether those activities took place inside or outside North Korea)
* unauthorized or unescorted travel inside North Korea
* unauthorized interaction with the local population, including unauthorized attempts to speak directly to North Korean citizens
* exchanging currency with an unauthorized vendor
* taking unauthorized photographs
* shopping at stores not designated for foreigners

(The warning then goes on to say that "If DPRK authorities permit you to keep your cell phone upon entry into the country, please keep in mind that you have no right to privacy in North Korea and should assume your communications are monitored." So at least some things are just like in the US.)

Comment: Re:Over think (Score 4, Informative) 152 152

The NoCrack authors mention this briefly in their paper (PDF). They call the approach you describe "stateless password managers", and briefly describe some of the drawbacks of the approach:

Chiasson et al. conducted a usability study of both PwdHash and Password Multiplier and found the majority of users could not successfully use them as intended to generate strong passwords. Another usability challenge is dealing with sites with a password policy banning the output of the password hash.

But yeah, I'm not convinced the problems they highlight are intractable, nor that NoCrack solves them.

Comment: Re:So how does this work? (Score 3, Interesting) 152 152

What you're proposing sounds like Kamouflage (PDF link from TFA), with only 1 decoy password set (Kamouflage suggest 10,000); and suffers from the problem of generating plausible fake master passwords without revealing anything about the real master password, as mentioned by the authors of NoCrack.

What the NoCrack authors try to achieve is a solution where every incorrect guess at the master password still provides a set of (incorrect but at least sometimes plausible) passwords. A bit like a one-time pad, which is the only provably secure encryption, because brute-forcing the key yields all the possible plain texts (both the correct and all the incorrect ones). Of course, the problem with the one-time pad is that the key length matches the plain text length, which would completely eliminate the benefit of a password manager. Additionally, as noted in TFA, authorized users might not like the idea that making a typo when entering the master password yields (seemingly) correct passwords. :-)

I'm not convinced the NoCrack authors have actually succeeded, as they claim, but can nevertheless recommend the NoCrack paper (PDF), since it discusses pros of cons of the approach and alternatives.

Comment: Re:Cost of Programmers Cost of Engines (Score 1) 125 125

Upfront cost? Most engines are charging percentages of revenue

Of the game engines mentioned in TFA, "most" = "one"?

Unity: $1500 (or $900/year) per developer.

CryEngine: $120/year per developer.

Source 2 (upcoming): Free (for games released on Steam).

Unreal: 5% royalty.

Comment: Re:How many other flaws (Score 5, Informative) 173 173

Some facts about the U.S. justice system:

* The Reid technique is widely used for interrogations, a technique notorious for its effectiveness in enticing false confessions.
* Only 5 % of convicted felons had their case tried in court; the rest make a plea bargain (typically under threats of excessively long prison sentences and/or the death penalty).
* Judges are elected, subjecting them to the whims of public opinion and making them more politicians than impartial legal officials.
* At least 4 % of people sentenced to death in the U.S. are innocent.
* The U.S. incarcerates more people than any other country in the world, not just relative to the population size, but in absolute numbers.
* U.S. private prisons sees $3+ billion in annual revenue... Not that that has anything to do with the above issues, I'm sure.

The U.S. justice system is broken in so many ways, I'm certainly forgetting some things.

Comment: Re:My question about international data collection (Score 2) 200 200

ES said that if my gmail account was moved overseas on an international server, then the NSA could have a copy of my account even if there were no international sources/targets. Is that true or false?

That's true. While theoretically the NSA is not allowed to monitor communications between two american citizens, in practice, any communication leaving the country is simply assumed to involve a foreigner and is thus up for grabs. This "inadvertent" capture of american communications is in fact standard operating procedure:

The government has set a dismally low bar for concluding that a potential surveillance target is, in fact, a foreigner located abroad. By default, targets are assumed to be foreign. That's right, the procedures allow the NSA to presume that prospective targets are foreigners outside the United States absent specific information to the contrary—and to presume therefore that those individuals are fair game for warrantless surveillance.

Comment: Re:FMH (Score 5, Interesting) 128 128

I've seen an example that works: The Danish film and video game rating system.

It differs from e.g. the US system in a number of ways:

* It's run by an independent government-sponsored organization, not the industry.
* For children not accompanied by an adult, the highest rating is "15 and older".
* Children ages 7 and up can see any movie if accompanied by an adult, no matter the rating.
* The board is charged only with determining if a film could be psychologically damaging to a typical child. They do not judge the "morals" and message of the film.
* The board features actual child development experts. As such, they know that cursing and nudity is not harmful to children, and if that's all the film contains, it will be rated "All audiences".

Example: "Harold & Kumar Go to White Castle".

USA (MPAA): 17+ (unless accompanied by an adult) due to "strong language, sexual content, drug use and some crude humor".

Denmark: 7+ recommended (but all ages admitted) due "strange and threatening persons, assaults, fights and accidents [...] all in a comedic context" (a context which could be lost on very young children).

To quote the ratings board:

The Media Council classifies films based on a perspective purely concerning harmfulness. The classification decision shall be made on the basis of an assessment of whether a film is considered harmful for children in that particular age group. When classifying films, we look at film effects, depictions of grievous loss, degree of realism, possibility of identification, inclusion of redemption within the course, genre and the expected media competences of the age group in question.

The Media Council’s view on child protection is that
* Children can manage a good thrill.
* Children are not likely to fall to pieces by the slightest push.
* Children are active users of media and, therefore, already in an early age, they have accumulated both media competencies and experiences.
* Media are good resources in children’s everyday life.
* It is acceptable that films frighten, though, only to a certain limit. The Media Council sets these limits.

Comment: Re:I'm one of those engineers... (Score 2) 341 341

we havnt even fixed the train crash issues yet... and how hard could that be :)

Not that hard. Automatic train operation is a solved problem; a properly installed, modern ATO system is safer than the best human driver, better at following time tables, and even has significantly lower energy consumption. In fact, many ATO mass transit lines cannot be run manually (without cutting down on the number of departures); human drivers are not able to keep up with the amount of traffic managed by the ATO.

An ATO will not stop the train if there's an unregistered person or vehicle on the tracks (or if the tracks are gone entirely, e.g. due to flooding). But then, the braking distance for a passenger train at speed is high enough that a human won't be able to stop it either.

Also, ATO systems may have a higher false-positive rate than manual systems... e.g. stopping the train because an umbrella has fallen on the tracks (to take a concrete example from the Copenhagen Metro). But that's an availability issue, not a safety issue. (And as noted, humans aren't able to keep up during normal operation, so the ATO still wins on availability overall.)

Full disclosure: I work with ATO systems.

Comment: Re: Jerri (Score 3, Informative) 533 533

See what happened in Paris and Denmark. People from Europe travel to Syria and Iraq to fight with ISIS, get training and AK47s, and then come back to Europe to kill the infidels.

Omar El-Hussein, the Copenhagen shooter, never went to Syria nor Iraq, never received any terrorist training, and didn't use an AK47, nor is there any evidence he ever communicated with terrorist organisations.

He did use a C7 rifle stolen from a member of the Danish national guard, but apparently had no weapons training. He did spend a couple of years in the Middle East years ago, but his radicalization appears to have happened primarily while he was incarcerated in Denmark.

Comment: Re:Can they do it with corporate code? (Score 1) 220 220

Can they do it with corporate code where there are naming and style standards in abundance, and code reviews to ensure those guidelines are followed?

Presumably, yes. Style guides are 95% formatting, and if one RTFA (I know, I know), they look only at the structure of the parsed AST, not variable names, comments and whitespace. From the article:

Accuracy rates weren’t statistically different when using an off-the-shelf C++ code obfuscators. Since these tools generally work by refactoring names and removing spaces and comments, the syntactic feature set wasn’t changed so author identification at similar rates was still possible.

Since they look at code structure, they've even found identifying patterns that survive compilation and end up in the binary.

This is one of the coolest data mining results I've seen in quite a while.

Comment: Re:Well... (Score 3, Informative) 181 181

How would the West feel about the release of a popular film in which the assassination of a living head of state is planned? How would your government behave toward you if YOU wrote a book / published a film / performed a play about this?

In 2006, Death of a President portrayed the assasination of George W. Bush. I don't remember hearing about it at the time, and even searching the website of Fox News doesn't turn up much controversy.

In 2008, AFR came out, in which Anders Fogh Rasmussen, the then-Prime Minister of Denmark (and later Secretary-General of NATO) was murdered (and also, incidentally, portrayed as a closeted homosexual, in line with long-standing rumours). It genereted minor controversy, was well-received by critics, and a failure at the box office. I found it forgettable (I literally don't remember any of it).

Of course, both films were small, independent films, and both can legitimately claim to use the controversial plot for a higher purpose. The Interview... not so much.

Comment: Re:"We listen to users" (Score 1) 551 551

In addition to which, you replace it with something that requires more typing, and does not give any feedback. service nfs restart stopping nfsd starting nfsd etc.

systemctl restart nfs

Here you go; put this in your .bashrc:

service() { systemctl $2 $1; }

And the entire concept of *BINARY* logfiles,

Install a syslog daemon and put this in your /etc/systemd/journald.conf?

[Journal] ForwardToSyslog=yes

Or just install syslog-ng 3.6.1+, which requires no additional journald configuration?

xml configuration files [are] insanely stupid when X won't run, or isn't installed (like on a server).

Where does systemd use XML configuration files? (And what does XML and X have to do with eachother?)

And telling me that oh, it boots up *so* much faster means something *only* if I'm on a laptop.

Or a virtual machine, or a container...

Comment: Re:The very first thing out of his mouth (Score 1) 551 551

The very first thing out of his mouth is a straw man.

Basically, his arguments are :
* systemd haters have no clue about UNIX
* RedHat took a long time to notice my genius
* Gentoo users are old-farts that don't like beautifully written shiny new stuff
* Debian users are even older assholes
* You can use Gnome without systemd, but it won't work
* I listen to users, but they're all idiots

I take it that the irony of accusing Lennart of strawman arguments and then posting this is lost on you.

"Because he's a character who's looking for his own identity, [He-Man is] an interesting role for an actor." -- Dolph Lundgren, "actor"