Follow Slashdot stories on Twitter


Forgot your password?

Comment: Subaru Impreza (Score 1) 195

by Midnight_Falcon (#48435823) Attached to: Ask Slashdot: What's the Most Hackable Car?
I'm biased here because I drive one, but, Subarus are known for being "lego cars." They are ridiculously easy to take apart and put parts in, everything is setup very logically, and parts are interchangeable within a few years of the model. Also, there's a huge community at NASIOC that will give you lots of information and people to ask about whatever you'd like to do.

So far, I have (previously having no experience doing work on cars):
Installed Pioneer head unit w/ DVD player + ebrake bypass (no I do not watch DVDs while driving, it's just easier to bypass than connect the ebrake :) )
Replaced speakers with SEAS Lotus
Replaced battery with an optima yellowtop for the soundsystem (stock 90A alternator works great though)
Installed subwoofer in custom enclosure (easy to find custom fiberglass for these cars)
Installed remote starter
Disabled the blasted beeping when a passenger doesn't put on their seatbelt

I'm sure you could do a lot more with one of these, but that's just what I've been able to do in a year or two of playing around with it. I am no longer at all intimidated by opening my car up and doing work on it, if you can put together a PC and do legos, you can work on a Subaru.

Comment: The bike riding is less than impressive.. (Score 4, Informative) 136

by Midnight_Falcon (#48372771) Attached to: Study Shows How Humans Can Echolocate
If you'e seen videos of him doing the supposed "riding bike down the street," he only gets a handful of meters, slowly, and it is a very painstaking bike ride. They even edit his video to show the more successful parts. I looked into this after seeing his TED talk -- while echolocation seemed pretty neat, it definitely seems like his foundation is exaggerating its efficacy. It definitely does something, his bike riding is awkward at best but I think it's talked up in an effort to encourage others to learn it as well.

Comment: Re:Finally.. (Score 0) 130

by Midnight_Falcon (#48313247) Attached to: American Express Seeks To Swap Card Numbers For Secure Tokens
I'm pretty sure I'm not the "asshole" that, well, you chime in on a conversation just to call someone an expletive, or insult them..without even bothering to google OTP first. Notice in all my posts in my post history I don't resort to name calling like you have done here -- it's a clear sign logic has failed, and all you have is nonsense rhetoric and insult to offer.

Comment: Re:Finally.. (Score 1) 130

by Midnight_Falcon (#48313191) Attached to: American Express Seeks To Swap Card Numbers For Secure Tokens
Clearly I should've spelt out OTP to avoid confusion in this context..except, yes, I do PCI compliance audits for a living, and this acronym seems very second-nature at this point. However though, I wasn't the one confusing was the readers applying their own cognitive bias to apply the "one time pad" meaning here, even though the context clearly pointed away from that.

Comment: Re:Finally.. (Score 1) 130

by Midnight_Falcon (#48312925) Attached to: American Express Seeks To Swap Card Numbers For Secure Tokens

What am I saying? I think I have some idea.

I've done plenty of PCI compliance audits, CISA certified, yadda yadda.. so you would hope I have some insight here.

What do you know about crpytography? For example, if AMEX cards had a smart card in them that also had a OTP functionality -- like YubiKey, meaning a public key, an OTP (one time password, not pad), and a counter -- they could be made much more secure.

How so, you ask?

  • Merchant validation service would validate based on OTP, this could be API-based with only AMEX etc storing shared secrets with the OTP devices
  • Replay attacks prevented by counter -- so old OTPs could not work if re-used
  • May require information on magnetic strip + RFID/NFC/OTP device, thus ensuring the card is present
  • POS systems could be compromised and since the OTP/counter changes, compromise of PAN data stored at endpoints would be far less valuable

This is just the tip of the iceberg in terms of the many advantages such a system would have on making fraud a lot more difficult, and thus less profitable/worthwhile.

Comment: Finally.. (Score 3, Insightful) 130

by Midnight_Falcon (#48312479) Attached to: American Express Seeks To Swap Card Numbers For Secure Tokens
With OTP and related two-factor authentication technology becoming so widely available, one would have hoped that credit cards would implement some type of solution either using OTPs instead of cards, or augmenting them with OTPs. Millions of dollars in fraud prevention, "credit monitoring" and other such services would be saved by simply using solid cryptographic systems for the payment networks.

PCI compliance would probably be a lot less of a headache as well...

Comment: Re:News for Nerds? (Score 3, Insightful) 764

by Midnight_Falcon (#48272129) Attached to: Tim Cook: "I'm Proud To Be Gay"
The problem is the context these terms are used in. Perhaps it is a result of living with so many attacks, but the various transgendered people I meet seem to have one thing in common: being very defensive. They throw around the word "cisgendered" almost like a racist epithet, .e.g. "Who cares what that stupid cismale thinks." -- which, because they're a minority group, seems to be tolerated. But it is not much better than saying something most people would agree as offensive, like, "Who cares what what stupid Jew thinks?"

I have been in many situations where it seemed like the transgendered person was trying to trap people into saying something they consider offensive, using the wrong pronoun or what not, just so they can act out. This has made many, including me, grow tired of the constantly changing politically correct vocabulary associated with these people -- as well as the over-the-top dramatic defensive attitudes.

The clearest way into the Universe is through a forest wilderness. -- John Muir