Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment: Re:why just 5 mod points aren't going to cut it (Score 1) 436

by TaoPhoenix (#48503405) Attached to: Supreme Court To Decide Whether Rap Lyric Threats Are Free Speech

"And this is why just 5 mod points aren't going to cut it."

Weird - this story?!

And there are over 130 of those spam posts... that's far more than I've seen in a *long* time!

They need to downmod those at the admin level with a script so you can save your legit mod points for good things!

Comment: Re:General Fund (Score 1) 54

by TaoPhoenix (#47996619) Attached to: Stanford Promises Not To Use Google Money For Privacy Research

" If all money goes into a general fund, there's no distinguishing "whose" money it is..."

Sounds to me like an easy accounting exercise.

So don't put it in a general fund. Make a Restricted Account for privacy research. Then when you do privacy research, just make sure it comes from there and only there. Also make sure none of Google's money gets in there. Standard GAAP should handle that like a snap.

"Money" sounds "fungible", but it's not. In many ways, "money" = "$ combined with the source and destination". Or you can do it in reverse, and make Google's money a Restricted Account, and run it backwards in that general fund money can fund anything, but pulling Google's money needs a senior management review that it is "not reasonably construed" as privacy research.

And yes, get Legal on this. Because for example you can tweak a footnote of almost anything to "improve privacy" even if the original research was "Study of Seattle's laws penalizing food wastes in trash."

The world is just becoming messy because those old fluid "neutral zones" are closing up and Flannery O'Connor was right, "everything that rises must converge".

Comment: Re:could be used therapeutically (Score 4, Insightful) 57

by TaoPhoenix (#47472415) Attached to: Biofeedback Games and The Placebo Effect

The Placebo Effect is just our poor bodies reaching some limits vs more and more clever scientific studies.

As I understood it, it was self healing abilities only triggered by "someone gives a damn about me" that we don't easily access every day to fix other problems.

So having computer programs just goes more towards the whole "look, it's now on a computer" we've seen in darker scenarios. I'll stay positive on this note.

If you just stick 300 fortune cookies into a computer program, a few of them will strike home and then you get "therapeutic benefit". (I know, because I have a file of over a hundred of them, from asking my Chinese restaurant to give me a bunch each time. A few of them are really pretty good.)

Studies keep trying to go super narrow to carefully limit "complexity" but I am beginning to think the "Scientific Method" is on the verge of missing "Emergent Results" when they risk small details but leave behind controlling micro-scenarios.

Sideways from the Slashdot tradition, I didn't read the article because one look at the summary says it's too narrow, and it's become the Press's job to "expand them". Some journalists try hard, a few are hacks.

Much more broadly, I have smashed together a few projects I know have helped me.

Comment: Re:8 character min (Score 1) 280

by TaoPhoenix (#47472297) Attached to: Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

Again a guess, but I bet this is about "how much it costs us to upgrade our system".

Underscore I can see, but Space used to be a character that messed up a lot of systems. And I frankly don't have any 20 character passwords, so maybe people lowered it so that users would have any hope of ever remembering their password, however bad it may be.

Comment: Re: 11 characters (Score 1) 280

by TaoPhoenix (#47472279) Attached to: Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

Quick uninformed guess, sounds like someone's sloppy programming problem.

I'll defer to my betters here but it sounds like when someone slammed out the system they just picked some number like 11 for the password length and then someone else did the best they could by making it require lots of stuff.

Comment: Re:Losing an email account (Score 1) 280

by TaoPhoenix (#47472257) Attached to: Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

Years ago in a weak variant of this whole thread, I designed a system of using some nine passwords for the entire net, and for whatever reasons I am to senile to recall, one email account got a weird password that changed a couple of times until I couldn't get in. (Including one suspicious moment but that's another post.)

But fortunately I made my "security questions" sufficiently strange yet unforgettable that after two hours on hold, I got into Yahoo Customer service and fixed it. (For now.)

But you have a point that, that was a "backup account". If the primary ones ever got hacked, people would have access to tons of stuff.

I'm def of the school of "use your passwords every time so you know them" and haven't looked into password managers that sorta bother me. It's one reason why last quarter's Heartbleed story made me grumpy - is every site in existence gonna make me flip my password system now? I don't have a new one yet.

Comment: Re:Govt vs Corporate (Score 1) 280

by TaoPhoenix (#47472177) Attached to: Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

"True. I should have said major corporate standards when I said government. But because of the way the payment card industry works, if FEELS like government. Complete with not following its own rules and having rules for the sake of rules."

Sorry, but I find this a bit of a big error to make.

I'm really torn on who I dislike more, but to *confuse* corporate policies and govt policies feels like a big step backwards!

(Your choice of which) one punches me in the gut and one holds me by the throat, but to *confuse* them doesn't feel right!

Comment: Re:Banking (Score 1) 280

by TaoPhoenix (#47472145) Attached to: Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

I'm old school here.

What is all this "banking info"!? I only do about five things with my bank, and 3.8 of them I can do on my phone just *dialing the automated number*.

Check my balance, pay something to my credit card, look to see if a check has been cashed that shouldn't have been (I've hired a bit of house help), and a couple other things.

When it gets a little weird I hit 0 or say "Representative" to do a couple of fancy things.

What I spend is in my head, I don't need a huge online report to tell me. My five bills are on my desk (including last month's late one!)

I have resisted BOA's attempt to get me to go all online-automated. I theoretically set up a couple of accounts to be online to save money, but not because I need a fancy account. When you wanna know what you can spend, you make a 1.7 min phone call - what else do you need to do?

Comment: Re: Offtopic - sig url for Bill Stewart (Score 1) 509

by TaoPhoenix (#47472043) Attached to: Ask Slashdot: Future-Proof Jobs?

Okay, off-topic but I can hack a 1 point karma drop.

Bill, what even is that url?

What is even the point of ""?
It goes to an Evening Sun article by Craig Paskoski here:

And it's filled with some of the loudest javascript I've seen. What do you gain by hiding it in a tinyurl?

Comment: Re:They aren't stupid (Score 1) 62

by TaoPhoenix (#47471965) Attached to: Google's Project Zero Aims To Find Exploits Before Attackers Do

I'll reply to you, as you're the closest to the angle I was going for.

Cross-posted from another site, with two more sentences here.

Okay, picking my words a little and hoping I get my tone right...

I get that Google (and Facebook and all kinds of other gangs) are *selling info*. It's sleazy, but to me that's "grey hat". It's "we're psychologically manipulating you to make money, but you knew that but we made the services nice and fun/useful so you don't care". I've been reading a huge Star Trek DS9 Re-Watch overview, and that feels so like a Quark move - he's devious but eventually even he draws his lines.

Secret silent software bugs that only X number of governments even know exist is a whole other level of Black Hat. (Really, somewhere in the combo of Heartbleed and the True-Crypt mess I got grumpier than I have been in a while.)

So Google isn't some poor 12 man op with a lonely tech who was beaten by big guys - behind the sales guys there's a *lot* of tech crunching firepower there. So *maybe* the Agencies have a bit of a lead on them, but I'd bet not as big as those Agencies thought.

It's a fascinating twist - Govt can beat up "little guys" a few at a time in a Divide and Conquer strategy, but what if this story catches on, and then Microsoft and Facebook and Apple and Samsung and your choice of others jump in?

(I put Samsung in there because software bugs know no boundaries, so it's specifically a test of geographic negotiations beyond the US level.)

Short Selling jokes aside, can the US even manage to indict the CEO's of all of US tech? Their dealmaking might just be on the verge of coming to bite them. (There was a TV series about all that, corps, totally owning govt openly and outright.)

When we're not busy snarking in the Basement or the Living Room, having a gaping security flaw in software isn't good for any of these companies. So maybe (making up a name) Gennady Li Chandarovskiyij-Maharujshi is the greatest programmer alive at one of the Agencies, but can he really stand up to a world wide team that's now pissed off??

Going all story fiction for a moment, imagine it:
All these companies, led by the big dogs with little guys lending a spare hour;
CEO's around the world getting royally pissed and saying "our products are dominant enough and we have time to put away our micro-jockeying. Let's spend an entire year and 700 billion dollars/whatever to clean this mess up. Grab anyone who has any legit idea whatsoever about software security and let them do whatever they want (jokes aside), no questions asked including extra perks like the 90's like croissant sandwiches in the break room."

US Govt is slowly winning the PR war against "Anonymous", but what if the Big Tech companies with tips from millions of freelancers all unite and say "Thanks for all the fish, yummy, now watch what you made! We have a worldwide "team" of over a *thousand* software people (and four space aliens, only three of which you know about.) Do you *really* wanna keep doing this? Or can we just get back to selling people's info for money?"

At least in my imagination I wanna believe we're on the verge of Tech calling Govt's bluff that they've been going "Divide and Subdue" too long, and the beautiful part is all the bribery is (mostly) illegal - how can they even pretend to shout about 770 companies and 12,345,845 freelancers all spending an entire year on software security?

So that's my message of daydream hope!

Comment: Re:precedent in many future law cases. (Score 1) 346

by TaoPhoenix (#47377657) Attached to: Goldman Sachs Demands Google Unsend One of Its E-mails

You're almost the only one addressing the legal-theory side.

Stepping aside from the technics, what becomes the theory for this?

"Material that is believed to be owned by the recipient but is in fact leased or rented may be removed by the lessor/provider if it causes reputational damage from the sender (and maybe to other parties?)"

Lawyers have a fun job. (Things to do with a 170 IQ). Take can take one word and use it to create billions of client dollars. There was that one other article in Rolling Stone about how Goldman Sachs borrowed one paragraph from their federal government bailout, jammed it into a 15 year old finance bill, and now they get to run oil pipelines while bidding on oil futures and stuff.

Or the one from earlier today where that review board authorized the NSA to keep spying by abusing the words "adequate" and "reasonable".

Comment: Re: 191 page report (Score 1) 170

by TaoPhoenix (#47374843) Attached to: Privacy Oversight Board Gives NSA Surveillance a Pass

The report is a bit more clever than that, and *parts* of it are actually good. It's certainly more info than I ever knew before, and than they would have ever released before.

The way these "Devils in Details" landmined reports work is that 95% of it is legit, and builds a legit case towards ... what you think it should. Then at the very capstone when it comes time to produce the conclusion, they flip a key paragraph as the landmine. In a perfect world, let's say we ever magically elect a both incredibly powerful party majority and an incredibly honest one, they can take this report, reverse the landmine paragraphs, and end up with the correct result.

Try looking near pages 98-99.

This is the paragraph that echoes this entire thread:
"On the other side of the coin, the acquisition of private communications intrudes on Fourth Amendment interests. Even though U.S. persons and persons located in the United States are subject to having their telephone conversations collected only when they communicate with a targeted foreigner located abroad, the program nevertheless gains access to numerous personal conversations of U.S. persons that were carried on under an expectation of privacy. Email communications to and from U.S. persons, which the FISA court has said are akin to âoepapersâ protected under the Fourth Amendment,426 are also subject to collection in a variety of circumstances."

At this point everyone is clamoring for the followup to be "Unconstitutional so get rid of it." As they say, "always put one concession to your opponent's position in an argument", so here I say, "it is not possible under any form of intelligence work to have *zero* US-US information showing up, such as because any email to that sketchy girlfriend with a CC to your US buddy on it, drags him along along for the ride." Of course that's a minimal data point, but this thread has been about the issue of Non-Zero data collection.

*However*, then they threw their landmine in.

Over on page 99:

"The government has acknowledged that the Fourth Amendment rights of U.S. persons are affected when their communications are acquired under Section 702 incidentally or otherwise, and it has echoed the FISA courtâ(TM)s observation that the implementation of adequate minimization procedures is part of what makes the collection reasonable. (See footnote 433)"

So before everyone jumps on the word "reasonable", *that's* their landmine. You get Schrodinger's Cat scenarios with that email because as soon as they even see whose names are on it, one to Osama Bin Laden's hot neice's Iranian cousin staying in the Netherlands, and one to your radical US buddy, they *already have* metadata! So they decide to open it, whereupon it contains some nice NSFW Rule34/Rule35 pictures, and a PS memo on the bottom of it with a piece of info that actually qualifies as intelligence. Great. Now you have an email that pisses off at least four countries. What do you do with that?! (After you finish grinning lewdly and more to the pictures!)

So the *actual* word to mess with is "Adequate". After you finish laughing at my scenario, is that an *adequate* acquisition of US citizen data? I don't know. So saying "Aha! A right was violated, abolish the entire agency!!" is not the answer. The only one I can think of is a percentage one of some kind, such as "less than X% of US communications were collected, as verified by an auditor that you actually believe." Then we can all start over deciding what that percentage is.

The confusion of a staff member is measured by the length of his memos. -- New York Times, Jan. 20, 1981