Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: "Hack?" (Score 1) 99

by Sloppy (#49155605) Attached to: Blu-Ray Players Hackable Via Malicious Discs

Isn't the very point of this player's system, that the player serves the interests of the disc's publisher over the interests of the users, where the users' needs should always yield whenever there is a conflict? That's not a mere technicality; it's the very essence. From the spec's pov, this is desirable operation. Nothing has been subverted.

Comment: Encryption Castle (Score 1) 192

by Sloppy (#49096631) Attached to: How NSA Spies Stole the Keys To the Encryption Castle

Cell phone SIMs are the "Encryption Castle", really? From a practical perspective, they are essentially plaintext, since everything gets fully decrypted at each hop.

Maybe I will start calling my previous car a "Dining Palace" in honor of the epic glorious time that I once ate a chili dog while driving, shifting and making a left turn (alas, this was before I had a cell phone) without getting any chili on my shirt.

Comment: What's people obsession with rubber hoses? (Score 1) 220

by Sloppy (#49080813) Attached to: Obama Says He's 'A Strong Believer In Strong Encryption'

Rubber hoses are weak. You never get threatened with a rubber hose or a $5 wrench, without knowing it happened and your enemy revealing himself. It takes irrevocable commitment and admission of guilt on their part, and therefore risk of consequences, to take things to that level.

When they bring that stuff out, comply. Sing like a bird. They get the data they want, and then you call the media and your lawyer (or the cops, if your adversary with the hose/wrench doesn't happen to be the cops), and the TRUE bitchslapping (to whatever degree is possible, at least) may then commence.

Crypto is good. Sure, you can still find some bad things within that scenario: your privacy was still violated rather than protected. Maybe they're going to "disappear" you so that you never get to tell anyone about the threat or torture. Maybe they're going to torture you anyway after you give up your keys. But all those possibilities also exist in the plaintext scenario too! If they want to murder you, they'll do it. If they want to torture you, they'll do it. Psychopaths are going to do whatever they're going to to. But they slip up and get caught sometimes, and if you confront them with crypto, there's also the chance they'll do what many other criminals usually do: pick an easier target.

Comment: Re:Who TF buys a "Smart" TV anyway? (Score 1) 370

by Sloppy (#49030323) Attached to: Samsung Smart TVs Injected Ads Into Streamed Video

..why would anyone in their right mind buy..

Go look at how much it would cost you to a buy a single Raspberry Pi (its capabilities are just about right for this). Then imagine what something like that would cost a huge manufacturer like Samsung (I say this part, so that you'll have some sense of how low the margin will be). That is how much a smart TV costs to make, relative to a dumb TV. On something costing hundreds of dollars, it's nearly free.

And what the game console makers, the smartphone makers, etc (and even pre-loaded OS desktop PC makers) have established over the last few decades is that "nearly free" can become "actually free" or even profitable if someone pays you to bundle malware with your product, or there's some kind of product-tying, or things like that. (So basically, damn near every expensive anything, ought to have a [potentially user-hostile] computer in it. Think of anything that costs $400 or more. That thing needs malware.) So just having a CPU can increase the revenue from the sale, so that from the manufacturer's point of view, it virtually costs less to make. So if you're in a highly competitive market, you can sell it for less.

Thus, the reason people buy these things, is that they cost less (to buy; I mean the cost at the time of the sale, not the costs of using the product).

We simply haven't yet gotten to the point where, when you first buy a TV (or a car) (or for some people, a phone) the first thing everyone knows they need to do with it, is overwrite the preloaded assumed-to-be-user-hostile software with a user-centric replacement. Fortunately, Samsung is joining Apple and Nintendo/Sony/Microsoft, and many others (this is an all-too-common thread to rehash; don't feel offended if I omitted your favorite Peoples' Enemy), in helping to teach us all this basic principle.

Comment: Re:Best alternative? (Score 1) 370

by Sloppy (#49029925) Attached to: Samsung Smart TVs Injected Ads Into Streamed Video

Yes, I could leave it unconnected from the network, but then I'm just pushing the problem to another device.

But at that "another device" point, the problem is really easy. You can build (or even still buy) awesome Mini-ITX (or similar sized) systems to use a HTPC and can very likely mount it on the back of the monitor if you really don't have any place for it to sit.

It's only the built-into-the-monitor form factor where there aren't really any good computers avai-- actually, you might look into running Linux on an iMac (though IMHO you'll get less computer for more money, that way) if you simply just must have it down to one single enclosure without any unsightly bumps on the back.

Comment: It would require somebody giving a fuck (Score 1) 239

by Sloppy (#49025323) Attached to: Ask Slashdot: What Will It Take To End Mass Surveillance?

People can't even be bothered to generate and exchange PGP keys with their own friends and family, and then someone talks as though those same people might be willing to vote or revolt.

That's not laymen I'm talking about (they care even less); that's self-labeled geeks/nerds. Slashdot doesn't care enough, for it to ever get to a point as extreme as voting.

Comment: Re: Not a laywer. (Score 1) 224

by Sloppy (#48974781) Attached to: If a Financial Institution Mishandles My Data, What Recourse Do I Have?

Your idea will never catch on. ;-)

But seriously, one of the problems with your idea, and it has actually happened in real life, is that the users fail to authenticate the bank. So some of them end up sometimes submitting HTML forms to an imposter. When you and the bank meet each other and they're getting your public key, you should also be getting their public key.

Instead, we're using this ridiculous system where someone named verisign, whom we never met, is our introducer for a party we have already met (our bank). It's actually pretty crazy, insecure, and regressive tech, when you think about it.

Comment: Re: Not a laywer. (Score 2) 224

by Sloppy (#48968355) Attached to: If a Financial Institution Mishandles My Data, What Recourse Do I Have?

That's funny, because the submitter claimed the bank had her "name, address, date of birth, social security number, drivers license number and bank account information." It's almost as though they might have met her (in some form), got a lot of information from her (you can ask for all that stuff but not a fingerprint?) and authenticated her. Typos aside, you have to authenticate anyway, otherwise I could take out a loan in the submitter's sister's name, and give them my email address which they correctly enter.

In a situation like that, where you're already authenticating, you don't even need an "infrastructure," or rather, you're building the infrastructure right there. After that meeting, the bank and the customer can sign each other and add the connection to the WoT so that the next person (who knows one of the parties but not the other) will have it.

Oh right, the WoT. So there is already an existing infrastructure but people just aren't using it so it's still missing a lot of people.

Comment: Re:So.... (Score 1) 265

is there an unknown benefit of having a blood-borne disease vector?

Yes, and he just told you, but you weren't listening. Having a blood-bourne disease vector has the benefit of staying the wrathful hand of Gaea.

Are you trying to persuade us that this disease is somehow important enough to be a bad thing, or are you making your argument to a god?

If you're so intimately familiar with a values and agendas of the gods, then on humanity's behalf I request that you also please explain to Cthulhu that the stars aren't right.

Comment: Layers of stupidity (Score 1) 165

by Sloppy (#48940173) Attached to: Drone Maker Enforces No-Fly Zone Over DC, Hijacking Malware Demonstrated

There are so many layers of stupid in this story, it's hard to address one of them without the embarrassing feeling that someone might read a rebuke of one stupidity, and take it as an implicit acceptable of the rest of the stupidity that you didn't address. If you argue too hard that Yog-Sothoth made a mistake in designing camels, somebody might think you're a creationist.

From the point of view of a malevolent user who intends to use the device to harm someone, why would they want your malware?

From the point of view of a benevolent user, why would they want your malware?

What will happen in the marketplace, if a benevolent user is persuaded to run your malware and then has a problem and finds out that it was due to the malware?

What's so special about the security needs of people in a capital, compared to people everywhere else? And is this special need, really a function of where they happen to be at a moment, or is it based on what their powers and responsibilities (and presumably, replacement cost) are?

I am leaving a few dozen obvious things out because it's tiring to enumerate. That my original point: don't think that just because I missed a totally-obvious way that the idea is stupid, as meaning I would debate one of these points from the premise of accepting a lot of other stupidity. It's not even something I disagree with or think is a bad strategy or an us-vs-them thing. It's just a totally dumb idea, a loser no matter how you look at it and no matter what your agenda is.

C for yourself.

Working...