Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Ending Real-Name Policies on Facebook (Score 1) 318

Back when my niece was a young teen, she and her school friends used Facebook, but would wipe out their profiles every year and build new ones with new pseudonyms. Protected their privacy that way, and automatically fixes the "erase dumb stuff you said as a kid" problems.

Comment Re: And monkeys might .... (Score 1) 109

What a hopeless article. Yes, real quantum computing would be cool, and D-Wave has been doing quantum-y things with investor money for a decade or so, and scientists have developed improved more standard kinds of quantum computers to the point that they can now factor 21, surpassing the record of factoring 15 that held for a few years, and maybe sometime in the future quantum computers will be as far advanced beyond that as today's rockets are beyond the ones Goddard had on paper a century ago or his early flying models 90 years ago, or maybe not (or maybe both at once, because YOU CAN DO THAT with quantum.)

But like most articles about quantum stuff in the popular press, and 99.9999% of content about it in the New Age business, it follows the paradigm of

1. I don't understand quantum!
2. I can imagine really cool things that I don't understand how to make!
3. ????
4. PROFIT! , err, Therefore, quantum is how to make really cool things I want! QED!

Quantum physics isn't a Simple Matter Of Engineering like rocketry (and there are reasons for the phrase "Rocket Scientist" - rocketry's also more than just a S.M.o.E, no matter what you remember from those Heinlein stories you read as a kid about building spaceships in your back yard.) Mathematics and physics breakthroughs don't just happen because you really really want them to or because you pour lots of money into the engineering (though especially for the physics, that really helps.)

And yes, D-Wave might be on to something, or they might be pursuing a dead end, and we'd learn valuable things by helping them do either one, if they publish enough detail about their work, and maybe they can build quantumy computers that are useful for real-world problems even if you can't use them to run Shor's Algorithm to crack factoring-based crypto. But just because rocketry was at sort of a cusp a century ago, and lots of other technologies have gone from "not ready/usable yet" to "useful" that doesn't mean that quantum computing is one of them; lots of other technologies have gone from "not ready/usable yet" to "old obsolete dead ends."

Comment Many special-mail things use this approach (Score 1) 199

This approach to special-handling-required email is pretty common - if the recipient has the right software (client / app / browser extension / whatever), their email client can read it directly, otherwise they have to use a web link to the provider's server. The more secure and scalable versions store only keys of some kind on the server, and include the encoded or encrypted message in the email, the simpler but less scalable and less secure ones keep it on the server and just include a link in the email.

Disappearing Inc did that back in 2000 for a self-destructing email application, and I've seen similar things for encrypted mail (e.g. Voltage Secure Mail) and other applications (often marketed as "Data Loss Prevention" or whatever), mostly for corporate users.

And yeah, if I get email from some random stranger saying "You've received a Whiffly-Mail Message, Click Here to Download", it's going in the spam bucket, but if I get it from somebody I regularly deal with I'm fairly likely to open it. Can't be much worse than opening a Microsoft Word document from a stranger. And of course, if it's from Paypal or SomeBigBank or Microsoft Technical Support, it gets junked as well.

Comment Decryption Key stored elsewhere, not content. (Score 1) 199

Yes, you could implement it by storing the message contents on a server, but the non-LOL version that Disappearing Inc implemented back in ~2000 sent the encrypted message to the recipient, and only kept the key on the server. If you had a client at the recipient's end, it would fetch the key, otherwise you'd paste it into an SSL form on a web browser that would decrypt it. DI would delete the key after whatever business rules you liked (typically N days, or read-N-times, or "recipient clicks Delete", or sender clicks "Ooops.", etc.)

Does this keep the whole message on the server or just the keys? Hopefully the latter, because it's more secure, but I don't know.

Comment It's a Limited Threat Model Definition, not DRM (Score 5, Informative) 199

Back in 2000, a company called Disappearing Inc. made a presentation to the Bay Area Cypherpunks meeting about their product, which was pretty similar except that back then most people used real email clients instead of webmail. When the guy walked in, and we were expecting him to be pushing some kind of snake oil, he started out by saying that their threat model was to let cooperating people have some guarantee that their email would go away when they wanted it to, not to keep uncooperative people from doing that because you just can't stop screenshots / cameras / sender saving a copy / etc. and anybody trying to sell you that is selling snake oil. And suddenly he had a friendly audience, instead of one that was going to beat him up, because he'd defined a problem that could be believably solved, which was cool.

So the trick is that the file's in an encrypted format, and Disappearing Inc's server keeps the keys and a delete date for them, and if the sender and recipient are both using their product, the reader program/plugin/etc. fetches the key from DI's server; if not, you drop the file into an SSL-encrypted web form on DI which decrypts it for you. When the delete date hits (or earlier, if the file's set for read-only-once), DI deletes their copy of the key, so the recipient's mail box now has an encrypted binary blob file with no decryption key. Yes, if the server gets compromised, it's all toast. Yes, if the recipient's email client or browser is compromised at the time they read it, it's all toast. But if nobody's trying to subpoena or crack the message until after the key's deleted, then it's too late to recover old messages, though you can always try to attack new ones.

It was a nice system, and they stayed in business a couple of years before getting bought by somebody who got bought by somebody and disappearing into dead-dot-com-space. Similar systems have been sold by various other companies, often under category names like "Data Loss Protection".

If you wanted to do a "no forwarding" version, you'd do it by setting rules on who could access it, whether by IP address or some ID in the reader plugin or delete-after-one-read or whatever.

Comment Re:Shut up.. (Score 1) 174

Sounds tasty (except for the "Oh, right, I don't eat it" part :-). I make up for it by fermenting stuff - mostly ciders, but also pickles and sauerkraut and such. I've made one batch of beer from a kit, and need to get around to making another batch from closer to scratch sometime soon, but meanwhile cider's easy and good, and mead was easy and I'll know if it's good after it ages another six months.

Comment Re:Politicians and Anti-Privacy Feds? (Score 1) 446

No trolling intended here - the word "Politicians" is right in the title.

The Ashley Madison crack is happening now, after several months of heavy campaigning by various US Feds and Congressmembers and their UK counterparts (like Tory Prime Minister David Cameron) who all want to ban encryption or make us put magic back doors into all our crypto systems so they can eavesdrop on conversations instead of "going dark", their term for "not getting to increase our surveillance capabilities quite as fast as we want."

With 37 million names in the database, it wouldn't be surprising if at least some of them are the same people trying to deny the public's right of privacy, and they ought to get spanked publicly about their political hypocrisy, as opposed to just getting spanked privately if that's what they were looking for.

Comment Re:RS232 and XModem/YModem/ZModem/Kermit (Score 1) 620

Oh, yeah, if you've got a desktop PC, putting an RS232 card in it works a lot more reliably. We don't have many of those around (and the ones we do are antiques that have serial and often even parallel ports), and mostly have either good laptops (really convenient in a lab full of racks) or old laptops with dead batteries that still work ok when plugged in.

Comment Re: That's because 300 baud is much faster than 96 (Score 1) 620

That's pretty much how the higher speeds work also - they negotiate 300, and if that works they signal (argh, I've forgotten if it's digitally over the 300 baud or analog tones) the higher speeds they can accept, and then send tones to see if the line will carry the sound quality needed for the higher speeds to work.

I had a while back in the 80s when one of my home phone lines could handle 2400 but the other (which used to be ok) stopped syncing at 2400 and would only do 1200. Tried to tell the phone company that it needed fixing, they asked what it sounded like, and "}i}}}}ii}}i}i" wasn't an answer they knew what to do with, so they said "sorry, your residential line isn't data rated." Eventually it degraded to the point I could call up and tell them it sounded like [LOUD STATICKY NOISES], and they came and fixed the drop line where it was rubbing against a tree branch.

Comment The GG movement long predated that (Score 0) 557

It was originally about harassing Anita Sarkissian, for pointing out the level of sexism in gaming. The trollboys didn't like ethics in video game journalism, because she was pointing out that they were clearly on the wrong side of it, and Zoe Quinn's ex-boyfriend deliberately threw his screed into their shark pond because he knew he'd get a reaction there.

"Once they go up, who cares where they come down? That's not my department." -- Werner von Braun