Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re: GPG is another TrueCrypt? (Score 1) 303

by bingoUV (#49145617) Attached to: Moxie Marlinspike: GPG Has Run Its Course

from what I've read the Blackberry's model seems to be pretty good

Bruce Schneier put it perfectly - everyone wants you to be secure, just not from themselves. So Blackberry's model is great, safe from the government of India. But not safe from Blackberry and anyone capable of twisting Blackberry's arm. Don't worry, government of India also wants you to be safe - but not safe from government of India.

Google's security model is also very awesome. But Google's users are not safe from Google and anyone capable of twisting Google's arm. Microsoft's security model is also very awesome. But Microsoft's users are not safe from Microsoft and anyone capable of twisting Microsoft's arm. Such security has already been achieved some years ago, and it is demonstrably meaningless.

As long as you continue define as "secure" as something absolute, the security is meaningless.

Now show that it is possible to get meaningful security without understanding a lot more about security than the gadget freak joe sixpack.

Comment: Re:git blame (Score 1) 303

by bingoUV (#49145331) Attached to: Moxie Marlinspike: GPG Has Run Its Course

I'm willing to bet if you polled all the people that use email, a significant majority would prefer that their email couldn't be spied on by governments or other snoops.

Not if there is a postscript mentioning they won't be able to read their own mail if they lose the key. Even less if there is a post-postscript with stats on hard disk failure rates in laptops, desktops, specifically their hard disk model in their PC model. Even less if followed by data backup advice.

Comment: Re:Another bad omen for privacy and security (Score 1) 303

by bingoUV (#49145059) Attached to: Moxie Marlinspike: GPG Has Run Its Course

guarantees that you access to your keys across platforms, at all times, and that your keys are safe and backed up. Even if it means trusting your private keys to a 3rd party like Lastpass or Google or Microsoft, and they could theoretically decrypt all of your files and communication, most people simply cannot be trusted to secure their own asses

We already have this. Just install a browser plugin to enforce HTTPS as much as possible - done. Use webmails, blogs. Since you want encryption to be only a buzzword, there you have it. Web pages will be "encrypted(TM)", so will their webmail and blogs.

I don't see any usability problem for a token usage of encryption already for a few years. Only problem is with real usage of encryption, and that necessitates third parties / intermediaries to be unable to decrypt.

Comment: apple is no less complex than data (Score 1) 237

by bingoUV (#49109835) Attached to: Ten Lies T-Mobile Told Me About My Data Plan

Did you even read the post to which you replied?

In case this was supposed to be an on-thread-topic post, apples have so many different types of matter. There is water, sugars both simpler and complex. There are trace amount of vitamins. There are proteins - both from the apple tree as well as any insects that might have made this apple their home.

Many of these are behind the scenes - i.e. under the apple skin. Why should an apple vendor have to weigh all of these to be able to sell a pound of apples? Data pipeline providers don't have to - T-Mobile is the only judge of how much data a customer used. Their "scale" or "meter" doesn't have to be approved by any regulator.

Why so much unfairness against apple vendors?

Comment: Re: One strike (Score 1) 248

by bingoUV (#49105965) Attached to: Lenovo Allegedly Installing "Superfish" Proxy Adware On New Computers

You don't need the shell of a nearly standard laptop - because buying the motherboard for it means you're dependent on that laptop's manufacturer for driver support. So any advantage of "build your own" is gone right there.

You need a shell for a small form factor non laptop motherboard.

The party adjourned to a hot tub, yes. Fully clothed, I might add. -- IBM employee, testifying in California State Supreme Court