Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Slashdot Deals: Prep for the CompTIA A+ certification exam. Save 95% on the CompTIA IT Certification Bundle ×

Comment Re:No shit ... (Score 1) 157

As usual, you just whine that context is missing without explaining how you could possibly believe yourself when you said "nobody is claiming the ocean is not rising."

Nobody is whining. I am certainly accusing.

Many times, in many places, I have clearly stated that of course the ocean is rising. If in one time and one place you thought I meant something else, then the CONTEXT of that statement must have been misunderstood or missing. You already know I don't believe the ocean is not rising at all, but you use your out-of-context distortions to make it appear that I did. That's lying.

Don't you realize that being completely unwilling to back up your lies with actual calculations is indistinguishable from your being completely unable to perform even the most basic tests for acceleration in a dataset?

You cited Church and White, but I have more that say it ISN'T accelerating. I have many counterexamples, but I only need one. Church and White (2011) found a minuscule acceleration (0.009 cm / year ^-2), while others have found larger DEcelerations. Houston and Dean (2011), though their error bars are somewhat larger, Watson (2011), etc.

No dishonesty here. I have evidence for the things I say.

Comment Re:Yes, in many states... (Score 1) 693

There you go again. You have just illustrated a very real difference, and made my point for me.

You have been told many times that I am not a "sky dragon slayer". Whether I might have been once, in your opinion, is another matter. But you talk about years ago as though it were today, in precisely the calculated way that would give someone else the wrong impression.

That's dishonest. UNlike an honest mistake, it's a form of deliberate lying.

I am not (and have not been) the liar here, you are. You might try to excuse yourself for that in many different ways, but it hasn't worked.

Comment Re:Programming (Score 1) 503

Because so many people mis-understood my comment (in several seemingly very creative ways), I will clarify what I meant.

I didn't say you should roll your own. I agree that would be dumb. I didn't mean to imply that you had to know every aspect of every bit of math going on in an encryption algorithm, but you should have at least some grasp of the basics.

The reason I chose bcrypt as an example is because though it is based on Blowfish, it has not been shown rigorously that the additional key-generation rounds it is using to increase decryption time does not weaken the underlying encryption in any way. It seems like a reasonable conclusion, but reasonable is often not enough in encryption, as history has shown us quite often. The only real assurance we have that bcrypt's key-generation doesn't weaken the underlying encryption is that the developers said they "hope" it doesn't, in their original white paper. Hope is not a good measure to use for encryption.

On the other hand, there is PBKDF2, which has pretty much all the advantages of bcrypt, but unlike bcrypt has been fully security-audited.

My main point about the math was just that you should have a good idea of the relative "strength" of the algorithm vs today's computing power, and a basic idea of how it works. But there there are things like: how do I figure out how many bytes my salt should be? Etc.

Not rocket science. But it's not all 6th-grade math either.

Comment Re:Programming (Score 4, Insightful) 503

Well, my comment has been so much misunderstood, I cannot help but think I could have worded it more clearly. I didn't mean what you seem to think I meant. Even so, THIS:

As someone who works in the infosec industry, the fact this comment is rated +5 Informative fills me with panic. Yes, you should absolutely take someone else's word for it, specifically you should take NIST's word for it.

... is such utterly wrong, complete bullshit, I hardly know where to start.

You're referring to the same NIST that tried to foist Clipper Chip and Skipjack on a mostly-unknowing public in the early 90s? And planned to continue with the plan even though 80,000 negative comments were received during the public comment period, and a mere handful of positive comments? The same Skipjack that was later shown to have serious flaws?

Or, let's see... wasn't that the same NIST that has been implicated in trying to push a compromised form of elliptical-curve key generation on the businesses and public of the US?

That NIST?

It is to laugh.

No, people should listen to private-sector experts, and not listen to the Government at all, or at least take what it says with a grain of salt the size of a basketball.

Comment Re:Programming (Score 1) 503

In other words, any web developer who has not worked through their own proof of the Fermat-Euler theorum is not qualified to call themselves a good programmer.

You people seem to have some very creative forms of reading -- um -- "comprehension". I didn't write that and I didn't mean that.

I wasn't trying to imply that you necessarily had to know how elliptical curves apply to public-key cryptography. But you should have a good understanding of key length vs brute-force time, or whether the method being used is vulnerable to rainbow tables, etc. That does require a bit of math. Not PhD level, by any means.

Comment Re:Programming (Score 3, Informative) 503

Indeed. You can be a good programmer in most sub-fields without having a good grasp of multi-variate calculus, but you will never be a good programmer without at least some decent math skills.

You might do okay at coding web sites. But even then: if you don't understand how the encryption works, how do you know what method to use for encrypting the passwords on your website. Should you just take someone's word for it? (Answer: no. And yet that's how bcrypt became popular.)

Comment Re:No, obviously (Score 1) 263

Armed robbery includes any deadly weapon brandished as threat of force during the robbery, not just firearms.

Do you understand what "enhancements" are? In some states, using a firearm specifically will result in an "enhancement" to your sentence if found guilty. It's the same crime (armed robbery), but carries a stiffer sentence if thw weapon happens to be a firearm.

Killing (even accidentally) in the commission of a felony is usually considered murder, so planning to kill in commission of a felony is like planning to murder.

True, but irrelevant to the point being made.

Comment Re:No, obviously (Score 1) 263

They inflict grievous bodily harm, every time.

Nonsense. Where do you get these ideas?

MOST shooting victims today (some sources say as much as 90%) survive.

MOST knifing victims (some sources say as much as 90%) bleed out before help arrives.

Your irrational fears, based on faulty perceptions, are not a rational basis for making law.

Comment Re:Quote (Score 1) 290

They just don't have the streaming rights anymore.

Then they lost every single one of their customers that are like us: we *don't* have cable TV and never want it and OTA TV is out of the question because this is New Hampshire and there are too many mountains (thus we get WMUR nooz by going to their website).

The only CATV provider where we live is Comcast and their awful bundling choices and shit service. Sorry, no, we're not doing that.

Back to torrenting. Fuck'em. Not kidding.

--
BMO

Somebody ought to cross ball point pens with coat hangers so that the pens will multiply instead of disappear.

Working...