Forgot your password?
typodupeerror

Comment: Re:Devices, convenience and lack of knowledge (Score 1) 550

by Mashiara (#35470476) Attached to: Why We Should Buy Music In FLAC

1. The portable device issue is one of chicken-vs-egg, add demand and support will follow (probably in short-order since it's just a firmware update, something iThings handle very nicely if you use them with the iSoftware).

2. Ripping is indeed a pain, however I like to hoard the physical goods; the sleeves and whatnot. I rip them to flac and mp3 and my Squeezebox plays the flac versions, my portables will settle for mp3 (mostly because of storage space and the devices don't have that good DAC+amp anyway). Another reason for flac is future-proofing, I would absolutely hate to re-rip the 600+ (and counting) collection: it would take months...

3. Is also simply solved by the iSoftware (it already has options for automagical transcoding), or whatever software your favourite player ships with.

Comment: Re:Gosh since when was CD quality quality? (Score 1) 550

by Mashiara (#35470422) Attached to: Why We Should Buy Music In FLAC

> CD audio is also not as good as LP audio; where the LP playback is done with a high quality pickup cartridge, and the playback is pristine (no record scratches, dust, vibration, hum, incorrect turntable setup, etc).

Actually LPs have significant dynamic range compression (ie reduction in "quality") for example the "RIAA correction", now you could claim that since all of this is done in analog you still have "infinite" resolution but fact is that vinyl has higher noise-floor than CD.

Now the mastering techniques are different and especially when CDs were new people didn't really know how to master them properly and thus did all sorts of mistakes leading to the fact that those albums sounded much better on vinyl.

And to dispel another myth: tube amps actually distort the sound more than transistor amps, however the distortions are "pleasing" to most humans so many people prefer the tube sound even though from cold-facts POV it's inferior quality. And of course it can be argued that if a record has been mastered in the golden age of tube amps then it will likely sound best on a tube amp due to the fact that the mastering has been tweaked to take advantage of the limitations of the medium.

I do agree that 16bit @44.1kHz is a bit low for "true sound" since there are all sorts of harmonics to consider in the frequencies that are technically above human hearing range, but isn't new recording work done on 24bit @192kHz, I must admit I can't remember the dvd-audio spec... Anyways even if you master down from that in the intermediate steps you will want plenty of headroom so nothing gets lost accidentally.

Comment: Re:Nobody Seems to Grasp The Government Abuse, Her (Score 1) 317

by Mashiara (#35403508) Attached to: Meth Dealer Faces Loss of His Comic Book Collection

Yes, and when the goverment proves that he actually is a drug dealer *then* they can forfeit property as part of damages (punititive or otherwise), before the trial they can freeze the assets (not forfeit, *freeze* a *huge* difference) to avoid the property from "getting lost" (this is also a bit tricky, a person should be able to defend themselves but if all their assets are totally frozen how to do that ? [IMO using frozen property to fund defense should be allowed])

Comment: Re:Spam action doesn't get less useful (Score 1) 131

by Mashiara (#35403420) Attached to: A Spamming Attorney Gets Sentenced To 40 Months

> rather than trying to stick some kid in pound-me-in-the-ass hard-core prison, for writing a script that spams a bunch of crap to a million accounts.

Writing a script is not a problem, you can do what you want with your own resources, however it gets more complicated when you involve my resources (bandwidth + time) and resources I pay in part for (ISP staff handling the mail servers, the bandwidth my ISP needs to handle the torrent of spam in addition to legitimate traffick).

This conviniently excludes the fact that spammers use malware induced zombies (definitely illegal) to send the messages (for various technical and economic reasons)

Let's do a quick calculation; I use a few minutes a day to doublecheck that I have no important mail in the spam folder, this at my consulting rates comes to about 10EUR/day, let's round the daily spam to 200pcs so per spam it's 0.05EUR, doesn't sound much ? well it does add up, multiply by a few hundred million messages sent per spam run and suddenly it's a very real and very big cost to society (and this is just the lost time alone, adding all the extra infrastructure and staff will increase the cost even more).

Joe-Jobs are of course a problem but should be easy to weed out with proper investigation, but yes, going after the spammers themselves is going to be unproductive. OTOH those actually selling the stuff need some way to handle payments which will make tracking them down relatively easy. So go after the ones who pay for spam to be sent, fine them say 1USD/spam, halved if their help is instrumental in nailing the actual spammer (1USD/spam plus of course whatever using malware to zombie boxes earns them) and of course if they're breaking any other laws then that's a separate issue.

Comment: Re:Good and bad. (Score 1) 131

by Mashiara (#35403306) Attached to: A Spamming Attorney Gets Sentenced To 40 Months

And since "they" (internet "pharmacy") choose to ignore the rules about how to properly check the person doing to ordering actually 1. has prescription 2. is the person to whom the medicine has been prescribed you might want to think about what other rules they choose to ignore for their profits.

For example: using reputable suppliers that actually deliver what it says on the box.

Also since their customers are not acting exactly within the law themselves it's all too tempting to just send them whatever cheap pills they happen to have at hand (if it's only placebo the customer is lucky to only having been defrauded and not poisoned too [yes, I have lost my faith in humanity], but I don't think those are actually the cheapest pills available) and trust that the people who respond to spam are not going to go complain to the police that they got defrauded when illegally buying drugs.

Comment: Re:more like casualty of war (Score 1) 459

by Mashiara (#35277886) Attached to: Ask Slashdot: Is There a War Against Small Mail Servers?

My ISP back here in finland will actually rent you a static IP-block even for consumer-grade connection if you ask nicely (and configure reverse-dns for them upon request too [though that might be just me; I have very good relations with them and very rare name]), don't really know if they block outgoing 25 since I always have used their mail server as smarthost (it saves me a whole bunch of trouble with blacklists etc).

I also have a proper business-grade connection from them (since the uplink speeds on consumer-grade connections suck) at another location and that one is expensive (over 5 times the price of the consumer link), however it's not "best effort" of a theoretical maximum bandwidth you will never reach (and that too is shared between who know how many subscribers) but proper guaranteed bandwidth from your modem to their interconnects (and up/down bandwidths are the same), now the consumer stuff is in theory 10Mbit per sec, still for "some reason" (aka the "best effort") the 4Mbit/sec business-grade connection constantly achieves higher sustained transfer rates...

Comment: Re:"Assets" == "Intellectual Property" (Score 1) 334

by Mashiara (#35091016) Attached to: Pirated App Sold On Mac App Store

Some people might have highly malleable double-standards but I for example still do buy music and/or stream/download it from the various fully legal sources.

My problem with the *AAs of the world (IFPI and it's minions are the problem here in Europe) is first the whole stupid DRM debacle and criminalizing in a backhanded way things that used to be legal (time and format shifting was fully legal before the "protection circumvention" stuff came along, now the status is questionable at best) while still demanding "compensation payments" on blank media (instantiated back when tape-to-tape copying was all the rage) the "compensation" scheme was just increased to cover external hard-drives for example, which is totally nuts but apparently they have bought the right politicians.

Then there's the sampling issue (no piece of music recorded in commercial interest has been truly original [there might be something truly original recorded somewhere but it would so completely weird that it never be commercially successful, people like famialiarity], everything borrows from something else) and length of copyright issue (current "limits" are totally meaningless).

Add to that the 3-strikes etc things they "must have" since they possibly can't use the existing legal framework to go after the infringers the way it was meant to be (specifically: make the process such that it's only worth going after commercial counterfeiters instead of harassing individuals into "settlements").

I could go on about more issues with Imaginary Property in general but for me there is no real double-standard between game assets and music/movies.

Comment: Re:Is "quantum computing" the next "cloud computin (Score 1) 228

by Mashiara (#34614986) Attached to: The Clock Is Ticking On Encryption

the exponential problem is that increasing key size by a single bit doubles the time required to check the key space.

So yes, should quantum factorization actually work for real-world key sizes this would be a huge advantage for the attacker compared to the current situation but it's still less costly for the defender to double the key size in order to keep the "probably not decrypted while earth still exists" timeframe than for the attacker increase their cracking capability to match.

Comment: Re:FFS (Score 1) 392

by Mashiara (#34557830) Attached to: Why Anonymous Can't Take Down Amazon.com
Of course Amazons EC2 do not automatically protect you from DDOS, they merely allow you to build an automatically scalabale system should you have the money and interest to pay for that scaling when needed. This is not a critisism of EC2, just pointing out that there's no magical Amazon unicorn defending your website even if you happen to host it on a server in EC2.

Comment: Re:Use md5 (or something) over the wire (Score 1) 185

by Mashiara (#34021366) Attached to: Firefox Extension Makes Social-Network ID Spoofing Trivial

By now you may have seen my follow-up that I mistyped when I said "un-md5" (meant compare hashes on the server).

Yup, that was in fact a completely secondary point to me as I first thought that is what you *must* have meant , since hashes are not reversible, and only seconds later decided that maybe pointing the fact out might be a good idea.

But I disagree that all logins (even for large sites) are encrypted.

For example, I use Slashdot just fine without JavaScript. I haven't checked the source, but the standard HTML FORM element doesn't encrypt anything when sending form submissions over the network. So the password must obviously be sent (at least the first time) in the clear.

That's why I was encouraging people to md5 their passwords on the client before sending it over. That won't stop this attack, but it'll stop others (security in-depth).

A fair point, though that would require either plaintext passwords (*very* bad) or unsalted passwords (slightly bad) in db (or first validating the username to get the specific users salt to be passed on to the client but that is again rather bad).

IMO someone attacking the server gaining access to wholesale set of plaintext or unsalted (rainbow tables here we come) usernames&passwords is in fact worse than someone sniffing plaintext passwords in POSTs in you network segment (or between you and server but that's less likely).

Comment: Re:WPA2 will work better against this hack (Score 1) 185

by Mashiara (#34012242) Attached to: Firefox Extension Makes Social-Network ID Spoofing Trivial
Actually on wired network it depends on the switching hardware whether you're getting packets meant for others on your port or not (discounting active mac/arp spoofing but with properly configured high-end HW you will find yourself in an isolated network segment really quickly if you try that)

Comment: Re:Use md5 (or something) over the wire (Score 2, Informative) 185

by Mashiara (#34012106) Attached to: Firefox Extension Makes Social-Network ID Spoofing Trivial

You are missing the point.

The problem is not reading the password as plaintext from the cookie (now that would be monumentally stupid design) but that since the cookie equals valid session authentication copying the cookie equals session hijacking (or sidejacking since the original cookie is still there on the original users machine).

A consultant is a person who borrows your watch, tells you what time it is, pockets the watch, and sends you a bill for it.

Working...