Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Guardian covering their ass (Score 1) 296

by abulafia (#37288048) Attached to: WikiLeaks Publishes Cable Archive In Full

Well, no, not exactly. The Guardian published the password. Wikileaks failed to secure the encrypted payload. They both had to fail for the security breach to have happened. Irresponsibility is shared there, and as best I can tell, Julian is embarrassed and attempting to salvage ego with a dumb "I meant to do that" sort of maneuver.

The Guardian is being a bit silly in complaining now, after the data is already out there - anyone with an interest has already found a torrent.

But really, the whole thing is silly, given that the cables were available very widely to (as I understand it) millions of US folks already. I simply don't believe that documents shared with 7 figures of people, security cleared or no, don't find their way to people who have an interest in such things.

Most of the hot air being puffed about this has to do with what is public-public, instead of private-public. It makes a difference. (To pick a different example: "everybody knows" that many cops in the US arrest routinely people who annoy them on bullshit charges. This is private-public knowledge. Now imagine documents hypothetical leaking about this being policy. That would make it public-public.

Comment: Best to you, Taco (Score 1) 1521

by abulafia (#37205120) Attached to: Rob "CmdrTaco" Malda Resigns From Slashdot

End of an era.

I don't know why this particular change feels so big, but it does. /. has been a big constant in my life for over 10 years now, and /. has always been, to a significant degree, Taco.

I know you're not dying or anything, but golly.

Thanks for making the joint the kind of joint it has been.

Comment: Re:Refuse Permission? (Score 2) 507

by abulafia (#36902932) Attached to: Climate Unit Releases Virtually All Remaining Data

You can't copyright/patent/trademark facts.

In the U.S. You might notice that Trinidad and Tobago (and England, for that matter) happen to not yet be an official vassal of the empire, and is still a sovereign nation that makes its own rules.

It isn't clear from the article what rules and agreements govern here, but it certainly isn't U.S. copyright.

Comment: Eat Poop! (Score 1, Interesting) 150

by abulafia (#36657250) Attached to: More Oracle Patents Declared Invalid

Who the hell cares about corporate winners (modulo folks with stock, or other stakes)?

I care about good tech.

Eat it. It tastes good, if you chew a bit. No, there's a bit on your chin, see, there. No, well, let me help.

Jim, me need a helmet.

I'm sure this is just an episode.

Well, whatever, then. We'll need VB coders until we can't pay the cooling bills on those boxes, so... Can't fix everything.

Comment: Re:The concept of OpenID doesn't seem very secure (Score 2) 45

by abulafia (#36055944) Attached to: OpenID Warns of Serious Remote Bug, Urges Upgrade

Put all your eggs in one basket with an OpenID provider that *does* take security seriously (Google, Yahoo, etc. can function as OpenID relying parties - and you can also use two factor authentication with Google now), so that basket is extremely well protected, and dodge the issue of giving random sites on the internet a password entirely?

That's easy. I would rather use per-site passwords.

Even if you trust Google's security without qualification, which you shouldn't, as they've been compromised before both internally and externally, there is the problem of interest alignment. Your interests are not the same as Google's.

As for deducing per-site passwords, well, if you can, then I'm doing it wrong, or you have either my master key or broken SHA2. And I don't remember any of them That is what password managers are for.

Final thought- if you've convinced yourself of the wisdom depending on the almighty Google (or Yahoo, or whoever), you might want to watch and see if they happen to upgrade their OpenID system in the next little bit. Just a thought.

Comment: Re:Hmmm... (Score 1) 333

by abulafia (#35879334) Attached to: Dropbox Can't See Your Dat– Er, Never Mind

How does Dropbox define "valid legal process"?

Well, you'd have to ask Dropbox about their definitions. And I am not a lawyer. But in terms of various things to answer your questions, you might want to read up on National Security Letters, which allow demands for metadata pretty much on nothing more than the FBI thinking they want to see it. (Yeah, I know that's not what the law says, but read up on how NSLs have actually been used.) Of course, metadata in this context doesn't require decrypting the documents - it likely is going to refer to file names, IP addresses and times of connection, etc.. Also of note is the Stored Communications Act. The rules are complex and are being contested in various ways, but among other things documents held in storage for over six months can be grabbed simply on a court order, no warrant or subpoena required. It isn't clear to me if "held in storage" would mean unmodified since uploaded - the rules were written primarily to cover email, which it typically not modified after reciept, other than changes to metadata.

Comment: Re:Copyrights on facts (Score 1) 247

by abulafia (#35551454) Attached to: RMS On Header Files and Derivative Works

The reality is a lawyer will agree with any opinion the client has to make as long as there is a pay check in it. Of course that agreement will be in politispeak that can be interpreted six ways from Sunday afterwards.

Only if you have a shitty lawyer. Good ones actually add value, help strategize and avoid risk. It helps to remember that of any cohort, half are below average.

At the source of every error which is blamed on the computer you will find at least two human errors, including the error of blaming it on the computer.