Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Expect successful suits in Canada (Score 1) 54

by WillAffleckUW (#49358153) Attached to: Google Loses Ruling In Safari Tracking Case

Expect successful lawsuits in Canada, where Privacy is a Constitutional Right, and eventually in the US by EU/UK and Canadian citizens protected against such actions by the EU/US and US/Canada Data Treaties.

(note: if you don't like that they have more rights in the US than you do, don't sign treaties giving them such rights next time)

Comment: Re:Evil tech? (Score 2) 37

by pla (#49358031) Attached to: Hoax-Detecting Software Spots Fake Papers
I mean, if you were doing actual peer review, none of this would pass even a half-sentient peer's inpection.

This, so much this!

Seriously - If I don't do my job and my boss catches me playing online poker all day, should I attach a response to my HR writeup explaining that I have addressed my deficiency by rearranging my cube to make it harder for others to see my screen???


The problem here has nothing to do with people submitting fake papers, Springer. Rather, you need to stop hiring fake editors.

Comment: bullshit (Score 1) 255

by Tom (#49352371) Attached to: Generate Memorizable Passphrases That Even the NSA Can't Guess

This is total bullshit, and dangerous at that.

Firstly, a lot of software out there still has password length limits, sometimes silently discarding additional characters. You will still need ordinary passwords now and then.

Secondly, no normal human will type a five, six or more words passphrase every time they want to unlock their screen. They will do it for three days while they're hyped on how secure they are now, and then it'll become something they hate, and then they'll change it back to "123".

Thirdly, this is a bit more tricky, the real world security of almost every password scheme I've come across in 15 years of IT security experience is several orders of magnitude lower than the mathematical assumption. Because we consistently forget to take the human factor into account. Maybe some extreme nerds will actually follow this guideline, more normal people will discard words they can't remember for words they can, change things "a little" for convenience, and generally sabotage the whole system without even realizing it. It's the same as with passwords, all over again. Yes, on paper, a password has on the order of 10^16 possible combinations. But in reality, taking into account how people actually choose passwords (even ignoring the whole "password" and "123456" problem!) the actual diversity is more on the order of 10^9. Same here. You think using dice removes the human factor. omg do you underestimate humans!

+ - Passphrases You Can Memorize That Even The NSA Can't Guess 2

Submitted by HughPickens.com
HughPickens.com (3830033) writes "Micah Lee writes at The Intercept that coming up with a good passphrase by just thinking of one is incredibly hard, and if your adversary really is capable of one trillion guesses per second, you’ll probably do a bad job of it. It turns out humans are a species of patterns, and they are incapable of doing anything in a truly random fashion. But there is a method for generating passphrases that are both impossible for even the most powerful attackers to guess, yet very possible for humans to memorize. First, grab a copy of the Diceware word list, which contains 7,776 English words — 37 pages for those of you printing at home. You’ll notice that next to each word is a five-digit number, with each digit being between 1 and 6. Now grab some six-sided dice (yes, actual real physical dice), and roll them several times, writing down the numbers that you get. You’ll need a total of five dice rolls to come up with each word in your passphrase. Using Diceware, you end up with passphrases that look like “cap liz donna demon self”, “bang vivo thread duct knob train”, and “brig alert rope welsh foss rang orb”. If you want a stronger passphrase you can use more words; if a weaker passphrase is ok for your purpose you can use less words. If you choose two words for your passphrase, there are 60,466,176 different potential passphrases. A five-word passphrase would be cracked in just under six months and a six-word passphrase would take 3,505 years, on average, at a trillion guesses a second.

After you’ve generated your passphrase, the next step is to commit it to memory.You should write your new passphrase down on a piece of paper and carry it with you for as long as you need. Each time you need to type it, try typing it from memory first, but look at the paper if you need to. Assuming you type it a couple times a day, it shouldn’t take more than two or three days before you no longer need the paper, at which point you should destroy it. "Simple, random passphrases, in other words, are just as good at protecting the next whistleblowing spy as they are at securing your laptop," concludes Lee. "It’s a shame that we live in a world where ordinary citizens need that level of protection, but as long as we do, the Diceware system makes it possible to get CIA-level protection without going through black ops training""

Comment: yes, they are (Score 1) 157

by Tom (#49348935) Attached to: Many Password Strength Meters Are Downright Weak, Researchers Say

In fact, they're ridiculous. I've given a couple presentations on password strength, and password meters are to password strength what the TSA is for air travel security - a better-than-nothing baseline approach that is mostly for show.

The problem is that we have nothing better to offer at this time, even though most security experts agree that passwords are a solution whose time is over.

Comment: ethics (Score 2) 175

by Tom (#49348881) Attached to: German Auto Firms Face Roadblock In Testing Driverless Car Software

For example when faced with the decision to crash into a pedestrian or another vehicle carrying a family, it would be a challenge for a self-driving car to follow the same moral reasoning a human would in the situation

Or maybe it would follow better moral reasoning. Ours is not perfect, it's just whatever evolution came up with that gave us the best species survival rates. That doesn't mean it's really the most ethical solution.
For example, in a post-feminist society, let's assume for arguments sake that gender discrimination has been overcome, wouldn't we also do away with "women and children first" - which is a suitable survival approach in a species fighting for survival in the african prairie, but hardly for the dominant species that already is overpopulated.

Comment: Top Gear: The BBC Whovian Reboot (Score 2) 631

by WillAffleckUW (#49348033) Attached to: Jeremy Clarkson Dismissed From Top Gear

(scene) We are on a deserted airplane runway in Iceland

A car races by - with The Stig in it.

It pulls up to a shiny outdoor hot springs.

Another car races by.

It has a dark complexioned youth driving it. He's dressed in tweed and wears glasses. Thin Brit style. He gets out.

A third car races by.

It has a young short guy in it. He's done up for a footy game. He gets out.

A fourth car races by.

It opens, and the words Top Gear: Mark II appear.

It's a young British woman of mixed Asian descent.

The crowd goes wild.

The trouble with being punctual is that people think you have nothing more important to do.

Working...