Follow Slashdot stories on Twitter


Forgot your password?

Comment: Re: #2 (Score 1) 368

by abulafia (#49540413) Attached to: iTunes Stops Working For Windows XP Users
I'm not poking and prodding at Apple out of hatred, I'm doing so because, as an Apple user, I want them to succeed, but I also want them to keep going in a direction that is useful to me. As I see them shifting in a direction that is anything but, I prod them back in the direction that benefits not only myself, but also the largest number of users.

You do? What, you have late night heart-to-hearts with Tim, him spilling his hopes and fears, you providing a shoulder to cry on and gentle guidance from your decades of experience in product development and operations?

Comment: Re:Guardian covering their ass (Score 1) 296

by abulafia (#37288048) Attached to: WikiLeaks Publishes Cable Archive In Full

Well, no, not exactly. The Guardian published the password. Wikileaks failed to secure the encrypted payload. They both had to fail for the security breach to have happened. Irresponsibility is shared there, and as best I can tell, Julian is embarrassed and attempting to salvage ego with a dumb "I meant to do that" sort of maneuver.

The Guardian is being a bit silly in complaining now, after the data is already out there - anyone with an interest has already found a torrent.

But really, the whole thing is silly, given that the cables were available very widely to (as I understand it) millions of US folks already. I simply don't believe that documents shared with 7 figures of people, security cleared or no, don't find their way to people who have an interest in such things.

Most of the hot air being puffed about this has to do with what is public-public, instead of private-public. It makes a difference. (To pick a different example: "everybody knows" that many cops in the US arrest routinely people who annoy them on bullshit charges. This is private-public knowledge. Now imagine documents hypothetical leaking about this being policy. That would make it public-public.

Comment: Best to you, Taco (Score 1) 1521

by abulafia (#37205120) Attached to: Rob "CmdrTaco" Malda Resigns From Slashdot

End of an era.

I don't know why this particular change feels so big, but it does. /. has been a big constant in my life for over 10 years now, and /. has always been, to a significant degree, Taco.

I know you're not dying or anything, but golly.

Thanks for making the joint the kind of joint it has been.

Comment: Re:Refuse Permission? (Score 2) 507

by abulafia (#36902932) Attached to: Climate Unit Releases Virtually All Remaining Data

You can't copyright/patent/trademark facts.

In the U.S. You might notice that Trinidad and Tobago (and England, for that matter) happen to not yet be an official vassal of the empire, and is still a sovereign nation that makes its own rules.

It isn't clear from the article what rules and agreements govern here, but it certainly isn't U.S. copyright.

Comment: Eat Poop! (Score 1, Interesting) 150

by abulafia (#36657250) Attached to: More Oracle Patents Declared Invalid

Who the hell cares about corporate winners (modulo folks with stock, or other stakes)?

I care about good tech.

Eat it. It tastes good, if you chew a bit. No, there's a bit on your chin, see, there. No, well, let me help.

Jim, me need a helmet.

I'm sure this is just an episode.

Well, whatever, then. We'll need VB coders until we can't pay the cooling bills on those boxes, so... Can't fix everything.

Comment: Re:The concept of OpenID doesn't seem very secure (Score 2) 45

by abulafia (#36055944) Attached to: OpenID Warns of Serious Remote Bug, Urges Upgrade

Put all your eggs in one basket with an OpenID provider that *does* take security seriously (Google, Yahoo, etc. can function as OpenID relying parties - and you can also use two factor authentication with Google now), so that basket is extremely well protected, and dodge the issue of giving random sites on the internet a password entirely?

That's easy. I would rather use per-site passwords.

Even if you trust Google's security without qualification, which you shouldn't, as they've been compromised before both internally and externally, there is the problem of interest alignment. Your interests are not the same as Google's.

As for deducing per-site passwords, well, if you can, then I'm doing it wrong, or you have either my master key or broken SHA2. And I don't remember any of them That is what password managers are for.

Final thought- if you've convinced yourself of the wisdom depending on the almighty Google (or Yahoo, or whoever), you might want to watch and see if they happen to upgrade their OpenID system in the next little bit. Just a thought.

Comment: Re:Hmmm... (Score 1) 333

by abulafia (#35879334) Attached to: Dropbox Can't See Your Dat– Er, Never Mind

How does Dropbox define "valid legal process"?

Well, you'd have to ask Dropbox about their definitions. And I am not a lawyer. But in terms of various things to answer your questions, you might want to read up on National Security Letters, which allow demands for metadata pretty much on nothing more than the FBI thinking they want to see it. (Yeah, I know that's not what the law says, but read up on how NSLs have actually been used.) Of course, metadata in this context doesn't require decrypting the documents - it likely is going to refer to file names, IP addresses and times of connection, etc.. Also of note is the Stored Communications Act. The rules are complex and are being contested in various ways, but among other things documents held in storage for over six months can be grabbed simply on a court order, no warrant or subpoena required. It isn't clear to me if "held in storage" would mean unmodified since uploaded - the rules were written primarily to cover email, which it typically not modified after reciept, other than changes to metadata.

"When the going gets tough, the tough get empirical." -- Jon Carroll