Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
User Journal

Journal Journal: Slashdot could recover top spot from Reddit

So Reddit - where most veteran Slashdotters have been hanging out these days - is melting down, and for good reason.

I've been coming back here more lately.

But man, there's things that Reddit does better. No limit on mod points, for one. A better story queue mechanism for another.

There is a window here, if Slashdot admins have the balls to try. Implement Reddit's up vote system and subreddits. Maybe limit the latter to departments more traditional for Slashdot, but allow all users to submit stories in the Reddit manner. Hell, just clone the thing! You'd get a huge amount of your readership back.

Maybe the Slashdot front page is curated a la /r/bestof to get that moderator filtered quality for the front page, but subslashes should be open season.

Is the spirit of Rob Malda still alive in /. HQ? Can a tiger team code this in a hurry? You should.

Ah, nobody will ever read this....

User Journal

Journal Journal: Reason 431 that I don't bother with Slashdot any more - 5 minute comment timer.

I can type at over 100wpm. Slashdot's comment timer was set to 5 minutes a few years back. So if there is a particularly interesting article with interesting comments, I can comment and reply every 5 minutes.

If I'm going at 100wpm, I could write a 500 word essay as a comment. Or what happens more frequently is, I type out a nice constructive reply to someone, and am granted the text telling me I'm going too fast.

So I close the window and go elsewhere.

5 minutes between messages on a good conversation isn't conversing. I had FidoNet conversations go faster than that. I could type up and send faxes faster than that. With a bit of practice, I could send messages over short wave radio in morse code faster than that.

Even if my comment were "you sir are a moron", that leaves well over 4 minutes waiting for the timer to run out.

If anyone wants to have an intellectual conversation with me on an old Slashdot topic (like, appropriate for the genre "News For Nerds. Stuff That Matters"), find me elsewhere. Even this comment, would still have a 3 minute timeout before I could post it.

User Journal

Journal Journal: Is it time for data-storage devices to archive changed blocks?

SSDs already use wear-leveling technology that effectively turn all file-updates into copy-on-write operations.

If SSD devices would keep track of the old copies so that an operating system or SSD-vendor-supplied data-rescue-utility could easily treat non-overwritten data as if it were a "shadow copy"
AND
if the SSD would hide that data from the host computer unless a particular switch or jumper was set,
THEN
it would aide in data recovery after a ransomware attack.

Why hide it from the host when the switch is not set? If the "shadow copy" IS visible to the OS, all the ransomware has to do is write to the disk until the data it wants to erase is no longer there in the "shadow copy." If it is invisible to the host, the ransomware has to write enough data to overwrite all existing "shadow copies" to guarantee success.

Why would a user have the switch on all the time? Backups.
Having a hardware-based "shadow copy" mechanism that the backup software or host OS understood would make backups easier without the necessity of the host OS or filesystem having to implement a shadow-copy system of its own.

User Journal

Journal Journal: How to store your private key "in the cloud" safely

Storing a private key "in the cloud":

Key is K1. Key is thousands of seemingly-random bits, probably based on a pair of 1024-bit-or-larger prime numbers. You typically store K1 on your computer using a good encryption algorithm. Your password to decrypt the key is P1. P1 is typically tens of characters. Decrypting K1 with P1 is a fast (in human-time-scale) operation, under a second.

Although K1 is typically used to encrypt or decrypt data, for the purposes of this document, K1 is the thing to be encrypted. It will not be used to encrypt or decrypt anything.

Problem:

How to safely store a backup of key K1 online such that the end user can access it from any device if he has both the password P1 and something else that is not mathematically related to K1.

Method 1, the "something else" is a one-time pad:

Create a random one-time pad, R1, which is the same size as K1.
"Encrypt" (XOR) K1 with R1 then encrypt both with P1, creating the safe copy S1. Store S1 online.
Print off a copy of R1 such that it can be easily photographed and re-constructed. Store R1 or an encrypted version of it in a safe place, such as a safe-deposit box or distributed in parts to trusted secret-keepers.
Without R1 it is provably impossible to extract K1 from S1, so S1 is "safe."
R1 by itself is useless.
R1 with S1 constitutes a compromise but it will mean the attacker has to either guess P1 or exhaustively search for it.

If the person loses their local copy of K1, they can use R1, P1, and S1 to reconstruct K1.

Method 2, create a file S2 which from which is computationally hard to extract K1 without P1, acceptably moderately difficult to extract K1 with P1 and no other information, and easy to extract K1 with P1 and "something else" not related to K1.

For example, create a one-time pad R2 which consists of P1 combined with some random-ish filler-number B2 whose size is dependent on how "moderately difficult" it can be to extract K1 given only P1.

If this pad R2 is at least as long as K1, proceed on as in Method 1: "Encrypting" (XOR) K1 with R2 and encrypting both with P1, creating a safe copy S2. As neither P1 nor B2 are known or predicatble, S2 is safe.
The time to recover K from S2 with only P1 will be the time it takes to go through all (or, on average, half) of the possible values of B2. Since the length of B2 was chosen in advance based on how hard this decription should be, K1 will be recoverable in a predicable, acceptable amount of time. With B2 and P1 recovering K1 from S2 is quick.

If the pad R2 is not as long as K1, one option is to re-use the one-time pad and as such will not satisfy the goal o being "comptationally hard to extract K1 without P1," but it may be good enough for some applications.

A different solution is to encrypt K1 with P1 (the file that is normally stored on the person's local computer will qualify) then encrypt the result with either B2 or some combination of P1 and B2 to create S2. The difficulty of extracting K1 from S2 with only P1 depends on the time it takes to go through all (or, on average, half) of the possible values of B2. Depending on the lenghts of P1 and B2 and the encryption algorithms used, this may not be safe enough. With B2 and P1, recovery is quick.

This method has the advantage that the "something else," B2 in this case, need not be kept at all.

A typical scenario where the "B2" method would be preferred over the "R1" method is where it is acceptable if key K1 becomes unavailable for an extended period of time in exchange for a zero-risk that an adversary will acquire or discover R1.

User Journal

Journal Journal: Extreme Laissez-Faire 3 3

In this post, Immerman wrote:

The problem is that our society has been systematically eliminating most of the occupations where an honest, hard-working, but not-especially-bright-nor-politically-savvy person can make a decent living.

Then I wrote:

Then perhaps we need to encourage people with those biological advantages to breed more.

Another Slashdot regular told me that comments like these are "dude, not funny". This is something that I occasionally need help to discern because of my mental condition. I think part of my problem comes from trying to fit in with other users on Slashdot who write comments suggesting similarly impractical workarounds out of hardcore laissez-faire ideology: "No jobs in your area? Just move." "No good ISP in your area? Just move." (1 | 2 | 3 | 4) Some such comments even get moderated up.

Sometimes I can get through to them: "Cost of living in some areas has become so high that an entry-level job doesn't pay a living wage." Or "Public high schools aren't doing a good job of teaching basic life skills such as how to relocate for a job. For example, about how much money should I have saved up before I move to, say, Austin?" Yet some posters can't even come up with a ballpark figure. Or a more tongue-in-cheek approach takes them up on their "offer": "How should I go about qualifying for even a temporary work visa in your country?"

But other times I've concluded that it's easier just to try to fit in. If it has in fact gone too far, perhaps I should take the advice of Jesus of Nazareth. To paraphrase Mark 9:45: "If your Slashperger buddies cause you to stumble, cut them off."

User Journal

Journal Journal: A self-proving identification card:

A self-proving identification card:

Display in human-readable and computer-readable form:
Identifying information such as name, card number, issuer/certifying agent, expiration date, face or thumbprint, signature, etc.

Display the same in a computer-readable form. For easy-to-scan things like letters and numbers that are on the card in a pre-defined layout, the human-readable form and computer-readable form may be identical.

For things like a photo, the computer-readable form may be a simpler version, such as an 8- or 16-color 64x64 bitmap.

Have the comptuter-readable form be digitally signed by the issuer/certifying agent and have the signature on the card in both a computer- and human-readable form.

Have the scanning device display the computer-read data in a human-readable form so that a human being can compare what is on the screen with what is on the card.

The same human being would compare what is on the card with either another form of ID or, if the card had a picture or thumbprint, with that of the person presenting the card.

OPTIONAL:
Some information on the card could be encrypted and require a password or other authentication token to decrypt.

Other than this optional part, the card would be "self proving" provided that the public key of the issuer/certifying agent was available to the authentication terminal.

User Journal

Journal Journal: I want Slashdot without the ACs.

Yes I admit it I am tired of the idiot ACs that post on Slashdot. Really just make people log in and even allow them to hide there Nick when posting but at least give them the karma hit when they post something foul and and or racist. It is not like Slashdot karma is important in the real world so the chilling effect should be very low.

User Journal

Journal Journal: Am I a Windows 8 Hater? 3 3

Mystikkman claims that I've been posting messages perceived as unjustly hateful toward Microsoft. I would prefer to express my feelings without hate, but sometimes I have the wrong idea of what is hate and what isn't. Please point out which of my comments are hateful and why so that I can understand how not to post next time.

User Journal

Journal Journal: Quickly Mirandize arrested people no matter how serious the crime. 1 1

The surviving Boston Bombing suspect has not read his rights and as of Monday April 22, 2013, it's been several days since his arrest. Law enforcement has already said they believe the two bombers were acting alone. It would be one thing to press a suspect for information if you catch a guy and think an accomplice is about to set off another one within hours but anything after that is trampling on the Constitution. Therefore we petition the White House to only use the "imminent threat" exception to the Miranda warning when the threat really is imminent and getting information now is more important than preserving the Constitution.

White House Petition URL:

https://petitions.whitehouse.gov/petition/quickly-mirandize-arrested-people-no-matter-how-serious-crime/DncN0Pm2

User Journal

Journal Journal: How to Correct Grammar Without Being a Nazi 9 9

"Let your speech always be with grace, seasoned with salt, that you may know how you ought to answer each one."--Colossians 4:6, NKJV.

In this post, h4rr4r wrote in a reply to a post by roman_mir:

SEAT the word you wanted was SEAT!

Sit is something you do in a seat. If this is some sort of non-american english, than deal with my correction as slashdot is an American site.

It appears roman_mir is not a native English speaker. Through the "Homepage" link in his profile, I found what appears to be his user page on Mozdev. Roman Mironenko's native language appears not to even be written with Latin letters.

On Slashdot and other web forums, a lot of people reply to comments just to correct the grammar, usage, or mechanics. It's more polite to phrase your correction as a throwaway bit at the beginning of your comment and then, with that out of the way, proceed to make a thoughtful reply to the comment's topic. This way, your comment is more likely to be seen as a sincere attempt to build another user up, rather than the sort of abrasive and inconsiderate personal attack on one's intelligence that has caused people to associate corrections with National Socialism.

Crime

Journal Journal: Handling older juveniles accused of serious crimes

Handling older juveniles accused of serious crimes

Most states try to certify older juveniles arrested for serious crimes as adults. "You do an adult crime, you do adult time," as the saying goes.

The human brain's moral centers don't reach full adult maturity until the early or mid-20s. This is reflected in our law and legal history.

Until the Vietnam era, some states would not let you vote until you turned 21. The logic was that young adults were too immature or ill-informed to vote responsibly.

While we now give anyone old enough to serve in the military without his parent's consent the right to vote, we have taken away the right to buy or consume alcohol without parental supervision. We did this because we saw that way too many people under 21 were using alcohol irresponsibly and killing or maiming themselves and others as a result. Prior to the laws being changed, people over 21 drank irresponsibly and killed people at a significantly lower rate than those under 21.

Knowing this, we need to change our court system so those convicted of crimes done before age 18 are at least offered a path to rehabilitation and, once their complete sentence, parole, and a possible short period after parole is complete without any new crimes committed as an adult, the assurance that their records will be sealed.

At least one state has implimented the option of a "determinate sentence" for youth over a certain age but young enough to be tried as a juvenile. Here is how it works:

* The prosecutor decides not to ask for an adult trial OR a judge turns him down
* The youth pleads guilty or is convicted and given either a "determinate sentence" of a stated number of years or decades, an "indeterminate" (traditional) youth sentence which means he gets out by a certain age or sooner, or a non-prison sentence such as home confinement or youth probation.

Assuming he gets a "determinate sentence" and is not yet old enough to be transfered to an adult prison:
* The youth goes to a youth correctional facility with a focus on rehabilitation
* If the youth serves enough time to be paroled before becoming a young adult, he MAY be paroled
* Under some situations, the youth may be paroled or discharged when he becomes a young adult
* If the youth is not paroled or discharged at this time, he is transferred to adult prison
* The now-adult inmate will eventually become eligible for parole if he his not already
* The inmate or parolee eventually serves his stated sentence and parole and is discharged
* The juvenile record is sealed

That last item is key. It's the "you can start your life over now, the mistakes of your immature-brained youth are forgiven" element that any society with a moral compass will have as part of its juvenile justice law.

Crime

Journal Journal: Reforming Criminal Statutes of Limitations: A Phased-In Approach 1 1

Reforming Statutes of Limitations: A Phased-In Approach

Current statute of limitation laws are "all or nothing."

If the prosecution decides to file charges 1 day before the time limit expires, you can get the full sentence, even if you've been a responsible citizen for years after the crime.

But if they wait one day later, you are off the hook.

This is unfair to the guilty party and to society.

The purposes of statutes of limitations include:
* encourage swift justice, discourage prosecution laziness
* give people who have committed long-ago crimes some certainty that it really is behind them, at least with respect to criminal charges

====
A phased-in approach would be better.
====

Set an initial time period based on the minimum sentence, within a range of 1-10 years. Any charges brought before this time expires would not be affected by statutes of limitations.

Set a maximum time period based on the maximum possible sentence PLUS the initial time period. Any charges brought after this time period could be tried but there would be no prison term.

If charges are filed between these times, the trial and sentencing would be carried out as normal, but the newly-convicted criminal would be given day-for-day credit for time served for each day of delay after the initial period expired. The fact that he would be given such credit could not be used against him during sentencing or parole-eligibility or mandatory-release determination. However, the parole board can decide he hasn't spent enough time behind bars and deny parole up to but not past his mandatory-release date, if any.

====
Some examples:
====

A person committed second-degree murder 12 years before charges were filed. The law says the judge can sentence him from 2 years on the low end to 20 on the high end. The judge sentences him to 15 years. He gets 12-2=10 years of credit, so his effective sentence is only 5 years even though his criminal record will show a 15-year sentence.

A person stole a car 25 years ago. The police found the car with DNA but "John Doe DNA" indictments aren't allowed for property crimes in that state. 25 years later the same guy is arrested on a relatively minor felony. He is convicted and gets 1 year on the new felony. He could get 2-20 on the old car theft charge. He's charged and pleads guilty but no matter what the judge sentences him to, since 25-2=23 is more than the maximum sentence he will not serve any prison time for the car theft. He will, however, have a second criminal conviction on his record. If he later commits a third felony he may face serious prison time under "3-strikes" laws.

====
====
Some special considerations:
====
====

====
Tolling the statute of limitations:
====

Current rules on tolling would not be changed. Most states toll the statute of limitations for:
* Fleeing the jurisdiction
* Legal incapacity of a key witness, such as being a minor or medically unable to testify
* Intimidation or perceived intimidation of a witness, such as if the victim is financially or otherwise dependent on the alleged criminal
* An ongoing criminal enterprise
* Judicially granted extensions for an ongoing investigation
* "John Doe" indictments against the person matching a DNA sample, photograph, or other evidence that is presumed unique to the alleged criminal
* Any pending charge, once an indictment or equivalent is made

====
Reduction of charges by the prosecutor:
====

The prosecutor would be allowed offer reduced charges before conviction while allowing an effective sentence up to the same as if the original charges were filed (but no more than the maximum actual sentence on the reduced charge). Take the murder case above: The prosecution could offer a plea of manslaughter, which carries a 2-10 year sentence, on the condition that the person accept a 10 year sentence but serve the same 5-year effective sentence he would serve on the more serious charge. If it was to his advantage, the newly-convicted murderer could ask the parole board to treat him as if he had served 75% of a 20-year sentence.

To prevent abuse by prosecutorial bullying, if the effective sentence on the lesser charge under this rule is more than the effective sentence if the lesser charge had been the original charge, the actual plea would be the legal equivalent of pleading guilty or no contest to both charges with a judge acting on the prosecutor's motion to dismiss the higher charge. Since all pleas are under oath, a prosecutor encouraging a false plea is suborning perjury.

====
Reduction in charges by routine clemency:
====

A modified version of this would reduce the charge to match the maximum effective sentence, or to some "minimal" charge if the maximum effective sentence was zero as in the car-theft example above.

For example, if routine clemency were offered, the murderer would still be stuck with his original charge since 5 years is within the sentencing range for his crime. But the car theif would have his charged administratively reduced to the highest felony theft charge that allowed probation of 1 day or less, or to a special charge created by lawmakers for this purpose.

====
Effective dates of discharge and release when considering post-release and post-discharge conditions:
====

The date of discharge is no later than what the date of discharge would have been if the person had started serving the maximum sentence on the day the initial time period expired, plus extensions for tolls of the statute of limitations.

For example, if a person committed 2nd degree murder in 1970 and could have received 2-20 years, any conviction today will be considered to have been discharged in 1992.

If there are any post-discharge conditions or legal disabilities that are based on time, he will be given credit for all time since 1992 towards fulfilling these conditions and towards the eventual expiration of these legal disabilities.

====
Ultimate expiration of the statute of limitations
====

Allow only a specific period of time, such as 5 years for felonies or 1 year for misdemeanors - after the time where all legally-imposed time-based post-discharge penalties will have expired to file charges.

This allows prosecutors a short additional window to gain a "symbolic" conviction or to brand someone a criminal years or decades after a crime, while giving society a "date certain" beyond which they won't have to interrupt their lives to face possibly-false allegations of long-ago alleged crimes in criminal court.

====
Effect on fines
====

This plan is not designed to change the fine schedule.

====
The bottom line: The practical effect
====

Some example crimes and the effect of this change on them:

Petty crimes: Maximum sentence of 1 year or less:
1 year to bring charges to get the full maximum sentence.
2 years and a day to bring charges at all.
Latest discharge date after back-dating applied: 2 years after crime committed.

Higher-jail-time crimes: Minimum sentence 1 year or less, maximum sentence 2 years, no post-discharge conditions
1 year to bring charges to get the full maximum sentence.
3 years and a day to bring charges to get any jail time.
This is also the latest release date and the latest discharge date if the discharge date is back-dated.
4 years and a day to bring charges at all.

Low-prison-time crimes: Minimum sentence 2 years, maximum sentence 10 years, 5 years of post-discharge conditions
2 years to bring charges to get full maximum sentence.
12 years to bring charges to get any prison time.
This is also the latest release date and the latest discharge date if the discharge date is back-dated.
17 years to bring charges to get any post-discharge conditions.
22 years to bring charges at all.

Medium-time prison crimes: Minimum sentence 5 years, maximum sentence 40 years, 10 years of post-discharge conditions
5 years to bring charges to get full maximum sentence.
45 years to bring charges to get any prison time.
This is also the latest release date and the latest discharge date if the discharge date is back-dated.
55 years to bring charges to get any post-discharge conditions.
60 years to bring charges at all.

Very serious felonies less than life: Minimum sentence 10 years, maximum sentence 99 years, up to 25 years of post-discharge conditions
10 years to bring charges to get full maximum sentence
109 years to bring charges to get any prison time
This is also the latest release date and the latest discharge date if the discharge date is back-dated.
134 years to get any post-discharge conditions
139 years to bring charges at all

In practical terms:

If the person COULD have received a sentence that would have had him in prison for the rest of his life if he'd been charged by the end of the initial period, there is no statute of limitations.

If the person COULD have received a long sentence that would've had him under post-discharge conditions for the rest of his life if he'd been charged by the end of the initial period, he'll live to see daylight but there is no statue of limitations.

"Ignorance is the soil in which belief in miracles grows." -- Robert G. Ingersoll

Working...