Forgot your password?

Comment: Re:not true because... (Score 1) 160

by TheCarp (#47575239) Attached to: The Problems With Drug Testing

Um.... me too, and still never been even asked. In fact my last employer was basically a hospital (or rather if them and the hospital were facebook friends, their relationship status would be 'its complicated'). Now the actual insurance industry, that I could understand....they seem more um.... uptight.

Hospitals themselves I am pretty sure have the same issue as IT given what I have heard from the horses mouthes about doctors and drug habbits

Comment: not true because... (Score -1, Offtopic) 160

by TheCarp (#47570079) Attached to: The Problems With Drug Testing

I have never, and will never, submit to a drug test. In fact, in the past decade, every single time I have been on the hunt for a new job and on the phone with an HR person, I have been silently practicing my vitriolic rant should they ask.

As of yet, nobody has asked, so nobody has gotten my rant.

People who get paid to piss in a cup for someone elses amusement are called prostitutes, and honstly, I have nothing against honest prostitutes; its only the ones who delude themselves into thinking they are something else that I take issue with.

Comment: Re:Limits of Measurement (Score 1) 135

by TheCarp (#47569611) Attached to: More Quantum Strangeness: Particles Separated From Their Properties

> I have never been a fan of the quantum "weirdness" either. Everyone gets caught up in the Copenhagen
> interpretation and Schroedingers' cat and all, and ignores a simpler explanation.

Ignores? I am a lay observer but I have yet to see one that actually explains.

> when single particles are allowed thru, we see only single points on the detector.
> It is only when a flood of electrons are allowed that we see an interference pattern similar to that of a wave.

Wrong. when single particles are allowed through a single path yes. However, if multiple paths are available even a single particle interferes with itself. Take enough samples of a single particle going through with multiple paths, and you get an interference pattern:

The problem with the simple explanations is, we already know they are wrong. Between the double slit and the bell inequality, classical theories are pretty sunk. I would love to see a simpler model that actually predicts things like single particle interference and the violation of the bell inequality!

Comment: Re:Sponsored by Mars Candies: (Score 1) 119

by TheCarp (#47568827) Attached to: The Milky Way Is Much Less Massive Than Previous Thought

Well thanks for that. I was actually wondering recently why it was so hard to shop for pants. I have a hard size anyway, as I am built for a much smaller inseam than my waist (or rest of my torso) would seem to indicate. In fact, I would say if you look at my torso vs legs, I have the torso of someone several inches taller than me, and the legs of someone an inch or two shorter.

Looking back, I think this is why my childhood doctor was always suggesting my weight should be unreasonably low based on her height charts. I mean, she was right, I was overweight, but, not nearly by as much as she made it out, once I got into HS sports I found out her "ideal weight" for me based on height was about 10 lbs less than my lean body mass!

In any case, I find this makes pants shopping hard. Often over the years I have had to buy pants that were too long and then have the legs shortened, which is no help for inseam issues at all.

Comment: Re:You can create a token but keep it off nets (Score 1) 110

by TheCarp (#47565555) Attached to: Ask Slashdot: Open Hardware/Software-Based Security Token?

I am sorry that the advice I give for free on slashdot doesn't live up to the impossibly high standard of being unassailable by major national governments with deeper pockets than the vicar of christ.

Every system has weaknesses; if you have to worry about directed attacks by dedicated actors with the resources (time and skills, or money to hire them) to focus on your systems.... then by all means, don't take the free advice you get on slashdot and feel free to raise the bar high.

However, for everyone else, raising the bar even a little bit is enough. You have to understand there is a gulf in threats between "at risk of having data casually scraped or stolen by a trojan" and "the target of a directed attack" and then again "targeted by a group with resources". Each step you can take away from the first category of risk is huge, whereas every step away from the others, really only helps a little bit....unless you have good reason to fear it.

Comment: Re:You can create a token but keep it off nets (Score 4, Interesting) 110

by TheCarp (#47560321) Attached to: Ask Slashdot: Open Hardware/Software-Based Security Token?

All true and yet, I don't see how any of that matters. The point of using the phone is it is something you have, and its not tied to the device you are connecting with. Yes, you may lose the phone more often, BUT...that just means you replace the phone and reload the software with a new key....BFD.

Stealing your phone doesn't reveal what systems you would connect to. Getting access to your laptop, doesn't provide the authentication token. Its about using two factors that are not tied to eachother in a way that a remote attacker can discern that improves the security of such a system.

which is why I strongly disagree that an app on the laptop is better.... because an app on the laptop is on the laptop, one device which connects to it all. Or another way to think of it...where is the safest place for the key to your safe.... in an unmarked envelope in your house....or in an unmarked envelope at your friend's house?

Even if your friend's house is less secure than your own, its still the better place because.... there is no way for the attacker to make the association needed to find it....even if it is your friend's house that he robs, even if he finds the key there!

Sure its not protection from specific kinds of attackers, but, if your security measures need to stand up to NSA levels of scrutiny, I have no problem declaring your requirements out of scope for this level of discussion, and far beyond most people who could benefit from simple tokens.

Comment: How long did that take? (Score 3, Insightful) 175

by TheCarp (#47560059) Attached to: Senate Bill Would Ban Most Bulk Surveillance

So this would:
> prohibit the government from collecting all information from a particular service provider or a broad geographic
> area, such as a city or area code

Sounds rather specific. My bet is this was very carefully crafted, with help of the NSA to specifically and publically ban a slice of activities so narrow and specific as to stop NOTHING that they are currently doing.

Comment: Re:You can create a token but keep it off nets (Score 3, Insightful) 110

by TheCarp (#47559083) Attached to: Ask Slashdot: Open Hardware/Software-Based Security Token?

> For fans of software scheme: you must tell how your soft tokens resist attack by malware.

A solution doesn't have to be a panacea for all attacks. A soft token could be on your phone, assuming you do not also use the phone to directly access the service, that is pretty decent protection. I would consider needing to also find and gain access to your phone, in addition to whatever access they may otherwise be able to get, as a pretty decent addition to the resistence.

> Remember that to get pay-tv signals, folks were willing and able to design special ICs.

Remember that people were willing to pay for those ICs to decode signals they already otherwise had access to, meaning there was a rather large potential market for those ICs before they were produced, especially since it is decently hard to justify how you are doing anything wrong by simply recieving and manipulating a aren't even stealing a service, you are just, not using their descrabling service, just providing your own instead; for a signal you could already recieve.....

Comment: Re:Is this an achievement? (Score 1) 47

by TheCarp (#47517755) Attached to: Autonomous Sea-Robot Survives Massive Typhoon

You are not alone at all. Forget gear and steel.... take a small glass bottle, put a piece of paper in it. Nobody will be all that shocked to find it, in tact, years from now, after surviving many such storms. There really is nothing impressive about building a small floating container that can continue to float after being shaken up....even if you have equipment inside.

Comment: Re:Automation is killing jobs faster than ever (Score 1) 435

by TheCarp (#47474447) Attached to: FBI Concerned About Criminals Using Driverless Cars

You are correct and, after a few decades of observing my brethren I really should be more fair and point out the problem is NOT the people speeding past in the right lane.... but really that the people who drive the slowest overall like to be in the middle and for some reason feel the proper speed to be at is the same speed as the car directly next to them.... like they are trying for some sort of rolling phalanx.

Comment: Re:Bah (Score 1) 280

by TheCarp (#47469005) Attached to: Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

Nope. Yubikey looks cool but it is a OTP solution that requires an OTP compliant service that works with it.

What I am talking about is a small device with not a button, but a mini-keypad on which you can enter your unlocking password. Once you do this, you select which password to send and send it....all from the device itself, with no PC interaction.

ALL it requires is an HID interface, no extra components. I can't find the original project (maybe it was arduino based? no pi based?) but it was a portable password vault not an OTP solution.

Very cool of course, but, not the same and not as universal.

Comment: Re: Here it comes (Score 1) 435

by TheCarp (#47468897) Attached to: FBI Concerned About Criminals Using Driverless Cars

Yes but, also in the real world, devices can be modified from their intended functions. Whether it is implemented via a remote command or simply autonomous identification, is immaterial, because the person in control has physical access to the hardware and can modify it.

Not that I think this is a real threat but, they are right about this as a possibilioty...and I am sure...someday.... it will happen. Luckily, blowing stuff up is already easy. "Terrorists" could have been using RC planes to deliver bombs what.... 40 years ago?

This doesn't really confer any new ability to them, just another way to accomplish the same old thing.

The ONLY real protection we have or ever had was, the vanishngly small number of people with any interest in actually killing others....and its actualy seriously effective.

I came, I saw, I deleted all your files.