Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:Let me take this one (Score 1) 87 87

Right, but there are also legitimate problems with Amnesty too. It admits itself that it tends more towards criticism of state actors and typically western states because it feels it's safer to investigate them and easier to acquire the information to investigate. You can see Amnesty's own admission of this here, though the cited link doesn't seem to work any more:

https://en.wikipedia.org/wiki/...

What this typically means is that say, Hamas can fire rockets specifically with the aim of killing Israeli civilians by targetting Israeli cities and avoid criticism, whilst if Israel responds and hits the rocket launch sites killing a civilian accidentally as collateral damage then Israel will receive a scathing response from AI. Now I'm not trying to comment on the Israel/Palestine conflict here, Israel most definitely does have plenty to answer for, but I am citing this as an example of the issue because it's truthful and legitimate.

It's also somewhat understandable, because it's far safer for Amnesty investigators to investigate somewhere like the US, or the state of Israel, than it is to investigate Hamas or ISIS but on the same note inevitably what this means is that Amnesty ends up attracting people with deep anti-Western sentiment, because this bias ends up giving the impression to many that they are an anti-Western organisation.

It shouldn't be surprising then that Amnesty does start defending questionable cases sometimes, and that as a result they attract questionable people to have in their organisation - some people may wish to investigate a state like Israel, not because they believe in general justice, but because they see it as an opportunity to politically attack Israel whilst believing it's okay what Hamas does even though Hamas is similarly guilty of the sorts of gross human rights breaches that Amnesty is meant to argue against.

Now, at the end of the day, this surveillance of Amnesty was deemed to be unlawful, and the fact therefore that it was illegal is in itself enough for me to agree that this was unacceptable and wrong. But I can see why at least some segments of Amnesty might reasonably be classed as a legitimate surveillance target for Western intelligence agencies with some of the people it attracts. What makes it incredibly awkward though is that due to Amnesty's size, you may well find that whilst it's justifiable that Western intelligence targets some of it's members, other members are legitimately investigating those very Western intelligence agencies, and that creates a hell of a mess, because it's unlikely that those intelligence agencies could stop themselves from just snooping a little more past simply legitimate targets at Amnesty and on to non-legitimate targets who are rightfully investigating them.

I don't know what the solution is other than Amnesty to clean house, and be more objective so that Western intelligence doesn't have any legitimate reason to spy on them in the first place. That solution feels wrong, as it feels somewhat like victim blaming, and an awful lot like the if you have nothing to hide fallacy, but what else do we do when Amnesty does have legitimate surveillance targets working with it? Are there organisations like Amnesty that should always be out of bounds regardless of who works for them and who they might be supporting and helping and what they might be planning with them? I'm not even going to try and pretend I know the answer to that question.

It all gets very messy and creates many shades of grey when you've got two far from squeaky clean organisations going at each other.

Comment: Re:Not a surprise (Score 1) 87 87

I don't think representative democracy even works in either sense of the word either though because the UK's representatives don't represent their constituencies democratically due to the fact AV was rejected, and because it doesn't use an even remotely representative voting system to be even close to proportional nationally either.

For example, the current government has 100% of the power with 37% of the public vote, whilst my local MP has 100% of local representative power with only 31% of the vote.

Elected dictatorship is really the only way to describe the UK's electoral system, as it's a system that enables the few to dictate to the majority. Democracy requires that any form of government be representative in some way, but in the UK it's not representative in any way.

Of course the UK is not alone here, I believe Canada and the US for example also suffer the same problem, though I believe it's not typically as pronounced as it is here in the UK where the electoral calculus really shows how fucked the system is.

Though I don't mean to distract from your key point of course, that we're most definitely not a republic either way :)

Comment: Re:Drone It (Score 1) 804 804

Yep, I think you're exactly right. Theft of plans is in no way going to let China reproduce exactly what we have, we'll still always have the edge, if not only because we're ahead on material science and they just don't have the facility or knowhow to produce cutting edge materials like we do.

It does however allow them to skip some of the expensive stages of design, have a look here:

https://en.wikipedia.org/wiki/...

or here:

https://en.wikipedia.org/wiki/...

You'll note that the profile is based heavily on the F-22 and F-35, but you'll see that the engines aren't in any way stealthy. It seems clear that they were able to take the main measurements and angles of the F-35 and F-22 in key areas and produce them precisely to minimise radar signature that way, but that they have no fucking idea how the F-22s stealthy vectored thrust engines work so have just shoved some run of the mill engines into the things.

It really just lets them get something to market faster than they otherwise would that contains a fraction of the functionality of the original western version. Other areas they may struggle are by way of software, if they've stolen the latest code to actively scan radar signatures for example then that let's them match us there, but if they haven't then that's yet another way in which their aircraft will be inferior.

So it's a question of how much and what they have stolen, but it's pretty clear by the profile alone that they've made use of at least some stolen information, but how much beyond the rough external visual profile is anyone's guess.

Of course, at the end of the day, they're also just copying aircraft that we're already just churning out on the production line. As they're designing and refining their clones of aircraft we're already using in active duty, we'll already be designing the next gen quietly in the background. There are enough mysterious flights around of unknown aircraft that the chances are we're already quietly demonstrating the next gen, just as they're flying demonstrators of 5th gen.

And that's really the problem with them opting to be sheep and following, when you're just a follower you don't get to choose direction, and that's what keeps the West's qualitative advantage - the fact that we lead, the fact that by following they're always going to be one step behind us.

Comment: Re:Why does Jobs always steal the limelight? (Score 1) 225 225

How exactly did Jobs win the business game? By the time Jobs finally made something of Apple Gates had been retired for 10 years.

During Gates' tenure Jobs was an also-ran and Microsoft maintained it's position as the biggest tech company in the world.

What you're really saying is that Jobs beat Ballmer, once Gates had been winning for 20 years, and found it so easy he gave up and fucked off.

Gates has no control over how well his succesors do, just as Jobs doesn't. By your logic if Apple falls in another 10 years and Microsoft ends up larger again then Gates changes to the winner even if Jobs is dead and Gates hasn't at that point been active for over 20 years. The only comparison between them is when they were both alive and active and at that point Microsoft under Gates won by just about every conceivable metric - both business and personal from creating the larger more successful company for that period, through to drastically higher personal wealth, through to actually being capable of maintaining a stable relationship and looking after his kids.

Not that it really matters, but I mean come on, are you really that so far stuck in the reality distortion field that even history has to be rewritten to build up St. Jobs into something he wasn't?

There's no doubt Jobs was an insanely talented business leader, but he wasn't god no matter how much you try and elevate him to that status.

Comment: Re:Nope, you misunderstood, I guess ... (Score 1) 225 225

"I'm just saying it's definitely a thought that runs through the heads of immature guys when they find themselves in those kinds of situations. I watched it happen with people I knew through the crazy "dot com" era."

It's not all immature guys though that's the problem, most guys making it to adulthood without getting a girl pregnant. The only ones who do are frankly, the ones that are dicks, and I think that's kind of the point being made here.

I know the point you're trying to make, that we make more stupid decisions when we're younger, but there are some decisions that can't just be put down to immaturity, some are just down to pure dickishness. Even some dicks that get their teenage girlfriends pregnant are more than capable of sticking with their girlfriend and raising their kid with her. The only ones that don't are dicks regardless as to whether they're immature or not and I think that's the point the GP is making - immaturity isn't an excuse for some things, some things you just know are wrong no matter how old you are - things like murder, and getting a girl pregnant and then refusing to support the kid.

As such I think the point is that his immaturity just doesn't matter. It's not an excuse for that particular thing. If we were talking about driving fast and writing a car off or something, or getting high on weed and so on then sure, fair enough, but getting a girl pregnant and refusing to support her? that's not immaturity, that's just raw dickishness.

Comment: Re:Drone It (Score 1) 804 804

Yep exactly, Russia's current economic problems really do pretty make yank it out of the 5th gen fighter race.

I suspect of those 12, a few will be used as demonstrators/test beds, a few will be mothballed for spares, and 3 - 5 will be used for Putin's annual small penis parade in Red Square.

The only thing holding the project together at all right now is Indian funding, but after the 5th test jet basically caught fire and it's entire rear end just isn't salvageable coupled with the fact Russia prevented Indian technicians inspecting it, and refuse to tell India what went wrong, coupled with Russia reducing the amount of work India is allowed to do in building the jet I can't see India putting up with it much longer.

China can continue because it's both economically strong, and has stolen have of the Western plans to build a 5th gen fighter, but I don't see Russia being able to stay in the game. It's effectively traded Crimea and turmoil in Ukraine for it's ability to have a first class military. Oops.

Comment: Type 4 UUIDs (Score 1) 225 225

The combination of time (the UUID can be time boxed), activity (a successful login nullifies the UUID), and possession (control of the account's registered email address)

My concern is how to keep someone between your server and the subscriber's MUA from compromising "possession", or how to establish "possession" the first time.

Assuming the coders didn't decide to come up with their own GUID generation algorithm that is easily reverse engineered and seeded

I just use a PRNG. If I need it as a GUID, I request 120 random bits and format them as a type 4 UUID. Is that good enough?

Comment: Re:Responses (Score 1) 225 225

Or to put it shorter: "Passwords and password reset codes go in separate fields."

I've implemented a similar system that keeps the hashed password and the one-time-use code in separate fields of the user table. I just wondered if there was any good way to protect the "login ticket" (the mail containing the one-time-use code) from interception in the 24 hours between when it is sent and the expiration time that we store.

Comment: It's to confirm control of your e-mail address (Score 1) 225 225

In the message the portal not only assigned my username, but it also listed a temporary password that's good for 30 days! All of this transmitted cleartext.

This use of a one-time, soon-expiring autogenerated password is common in flows that include the step "To reset your password, confirm your e-mail address" or "To opt in to e-mail notifications, confirm your e-mail address". Is there an alternative, other than to either A. mail all customers a second factor of authentication used to reset a password, or B. require all customers to subscribe to mobile phone service with unlimited texting to receive resets through SMS?

Comment: Security theater questions (Score 2) 225 225

Send an e-mail with a verification URL

How do you encrypt this unique verification URL on its way to the subscriber to your service?

security questions

I'm sorry; I misread this as "security theater questions". See "The Curse of the Secret Question" by Bruce Schneier and "Wish-It-Was Two Factor" by Alex Papadimoulis.

Comment: Facebook defeats security theater questions (Score 1) 225 225

The questions we ask are not something that would normally be found in a users inbox

A lot of time, the answers to security theater questions are things that would be in a user's Facebook timeline, such as the name of the middle school that the user attended.

Comment: Not 100% of Internet users have unlimited SMS (Score 1) 225 225

If you want a bit more security than this you could do something like text the user the token instead of baking it into the URL.

But how do you send a text to the number "I don't have a cell phone" or to a land line? I tried to send the code to a land line on a couple sites and got "Unsupported carrier".

Lead me not into temptation... I can find it myself.

Working...