Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Comment: Re:Popcorn time! (Score 1) 368

by bmo (#48888261) Attached to: Behind the MOOC Harassment Charges That Stunned MIT

All the property that is necessary to a Man, for the Conservation of the Individual and the Propagation of the Species, is his natural Right, which none can justly deprive him of: But all Property superfluous to such purposes is the Property of the Publick, who, by their Laws, have created it, and who may therefore by other laws dispose of it, whenever the Welfare of the Publick shall demand such Disposition. He that does not like civil Society on these Terms, let him retire and live among Savages. He can have no right to the benefits of Society, who will not pay his Club towards the Support of it.

- Benjamin Franklin, letter to Robert Morris, December 25, 1783

Comment: Re:I thought (Score 2) 197

by bmo (#48862059) Attached to: The Most Popular Passwords Are Still "123456" and "password"

I don't see stupid passwords as a problem if they're used in situations where it doesn't matter.

That's because the people who pick 123456 as passwords never consider if it matters or not. Most people consider their mail account something that matters, yet trying out various uname/pw combinations with gmail that come from a porn site invariably works.

I don't know what to tell you, man, people are stupid with passwords and it's a documented problem.

>complain about article summarizing the problem in general
>demanding hand-holding.
>your computer is connected to the largest information retrieval system ever invented.
>can't be bothered to do your own research or bother to even google

PEBKAC. Yours.

--
BMO

Comment: Re:Blender FTW (Score 3, Informative) 223

by bmo (#48861781) Attached to: The Current State of Linux Video Editing

Now all I need is a 10 button mouse and an interface reference!

This just in: Specialty software requires (or is more useful) with specialty hardware. Film at 11.

It's like the SpaceNavigator and SpacePilot never existed for CAD/modeling. It's as if all those 16 button tablet pucks never existed.

Also complex software requires documentation/references. Blender != MSPAINT.EXE

--
BMO

Comment: Re:I thought (Score 2) 197

by bmo (#48860389) Attached to: The Most Popular Passwords Are Still "123456" and "password"

ok, so it was leaked passwords....but from where?

From everywhere. From pron.com, for example. Plaintext usernames, emails, and passwords. With .mil addresses and admin addresses to boot. They are there if you bother to look.

From a csv file I have of the pronz.com list:

Hi! We like porn (sometimes) so these are email/password
combinations from pron.com which we plundered for the lulz

Check out these government and military email
addresses that signed up to the porn site...

They are too busy fapping to defend their country:

for what reasons?

For money and for the lulz, as above.

on what devices?

Everything.

Also if PWs are from web pages? what are the pages?

Pron, government, banking, shopping, etc...

because if they are not secure pages (work, banks, personal info) most people simply dont care.

This is the problem, in a nutshell. People just don't care about even their banking passwords.

I mean to leave comments on damn near any page, you need to register. I know on some pages ive created accts to leave a post and never plan on going back, im sure ive used some weak passwords for those sites.

The thing is that people use the same "throw away passwords" everywhere. The same ones, across multiple sites including banking. Many of the above uname/password pairs worked in gmail and facebook.

"But it's too much trouble to have different passwords everywhere"

No it isn't. It's actually easier. Use a password manager. It's like a keyring, but not only do the keys fit only individual locks, the "keyring" (password manager) does the typing for you for password generation and logins. For example, through some of my own dumbassery (which I realized within 10 minutes of the dumbassery), I had to reset all my passwords one day. It took me only an hour with Lastpass including generating secure passwords. It would have taken me the better part of half-a workday to reset them manually.

Yahoo lost control of my login credentials twice. Apparently I have been to Sweden and Bulgaria. After that, I got a password manager and never looked back.

You will have to take my password manager from my cold dead hands.

"But what if the password manager goes tits-up?"

You export your credentials to a .csv file and print it out and save in a safe place offsite.

All my passwords look like this: GvY0H025195BfN2MleZWx5Sra

Try finding that in a rainbow table.

its a little hard to claim anything based on this data that is worth anything.

Only because you lack imagination.

--
BMO

Comment: Re: Encryption = same as an envelope for real mai (Score 1) 35

by bmo (#48853565) Attached to: Microsoft Outlook Users In China Hit With MITM Attack

Replying to you mostly for myself, to write down what I try to explain to people when it comes to what PGP actually is and if anyone gets edumacated by what I wrote, that's fine.

The problem is sending keys - and most users would just blindly well, email them around.

This is why we have public key encryption, e.g., PGP, in the first place.

You're supposed to post/email/etc the public key to your various contacts to encrypt. It doesn't matter what the channel is that you use to transport the public key - email, web page, broadcasting as a numbers station, shouting, etc. The public key can be intercepted all the time by TLAs and other nefarious mob-related organizations. It doesn't matter.

Alice: "Hey Bob, I'm trying to figure out this encrypted mail thing. Send me some encrypted mail. Here's my public key."

public key gets sent through normal email

Bob: "OK, got it." Bob then encrypts his message professing his undying love with the public key and sends it to Alice. He also sends his public key to Alice with it.

Alice decrypts with her private half (which she never gives out) of the public/private key pair and reads the email.

Alice says "I didn't know you loved me." to Bob.

Then there's key management because you have to import those keys into your contacts.

Modern MUAs handle these easily. It's up to the user to save the keys. There is just so much hand-holding that can be done.

>Other than PGP, such as anything using AES is problematic

>GPG

Both PGP and GPG are compatible with each other.

It's not just that MUAs aren't all configurable to use other encryption algorithms, it's that anything that uses symmetric keys, like AES, requires a key exchange out-of-band for it to be any practical use. And that is problematic in itself.

--
BMO

Comment: Re:Haystack Creation (Score 1) 102

by bmo (#48844241) Attached to: Feds Operated Yet Another Secret Metadata Database Until 2013

>So if they are not using to investigate crimes, what is the end game of this mass surveillance?

To pillage. To find who's got the money, boats, cars, etc., and are morally questionable/socially insignificant enough that the general public doesn't get up-in-arms about it when the DEA takes their stuff.

--
BMO

+ - Feminist Software Foundation announces ToleranUX->

Submitted by Motor
Motor (104119) writes "Linux Torvalds, toxic patriarch of the Linux kernel, has repeatedly proved the desperate need for a safe space for womyn and trans everywhere. The Feminist Software Foundation (FSF) brings you the world's first operating system by feminists and for feminists — ToleranUX.

I'm sure we all agree that Free operating systems are too important to be left in the hands of cis white males. They must be brought onto the 'right side of history', and ToleranUX is the first step!"

Link to Original Source

Comment: Re:Fact: Free Trade doesn't work (Score 3, Informative) 482

by bmo (#48816563) Attached to: IEEE: New H-1B Bill Will "Help Destroy" US Tech Workforce

Increasing the wages of an auto-worker from 115k (average $55/hr) to 230k/yr doesn't mean that the price of the automobile goes from 30k to 60k. Wages are currently appx 10 percent of the cost of an automobile.

If you really believe that doubling wages doubles the price of goods, you don't know much at all about manufacturing.

--
BMO

Comment: Actually.... (Score 2) 154

by bmo (#48809255) Attached to: Human Language May Have Evolved To Help Our Ancestors Make Tools

Recent evidence has come to light that suggests that pyramid style chain
letters may have pre-dated Dave Rhodes by a considerable margin.
Palaentologists recently deciphered the following, painted on a cave
wall on the slopes of Kilimanjaro.
MAKE POINTY STICKS FAST!!!

Hello, not-tribe-member. Urk name Urk. Many moons ago, Urk in bad way.
Urk kicked out of cave by Thag. Thag bigger than Urk, Thag take Urk
spiky club, Urka (Urk wo-man). Urk not able kill deer, must eat leaves,
berries. Urk flee from wolves.

Today, Urk big chief. Urk have best cave, many wives, many pointy sticks.
Urk tell how.

WHAT DO: make one pointy stick and take to cave places below. Add own
cave place to bottom of list, take cave place off top. Put new message
on walls many caves. Wait. Many pointy sticks soon come! This not crime!
Urk ask shaman, gods say okay.

HERE LIST:

      1) Urk
            First cave
            Olduvai Gorge

  few) Thag (not that Thag, other Thag)
            old dead tree
            by laked shaped like mammoth

  few) Og
            big rock with overhang
            near pig game trail

Many) Zog
            river caves
            where river meet big water

Urk hope not-tribe-member do what Urk say do. That only way it work.

(c) Dave Hemming 1998. Circulate how you please, but keep my name on it.

Comment: Re:Attention all (potential) subversives (Score 2) 319

by bmo (#48773063) Attached to: MI5 Chief Seeks New Powers After Paris Magazine Attack

The point of going dark is to make surveillance expensive. You want "them" to spend as much money as possible. Currently, just about everyone sends plaintext through the Interbutt, for example. Archiving all of this in a building in Utah and using search technology to sift through it, building "instant dossiers," is well within the budget capabilities of many governments.

If everyone uses encryption, there isn't enough computing power in the universe to sift through all of that. At that point, "they" will have to devote actual warm bodies to do surveillance, aka "spies." Spies cost money. They cost a not insignificant amount of money to train and require weekly paychecks. Plus they are quite a bit slower than computers sifting through plain text and unencrypted Skype calls.

What we want to do is break their budgets.

The only drawback to all of this is the instant you mention encryption to Joe User, you get this glassy eyed stare, dead eyes, like a doll's eyes, to butcher a line from Jaws.

--
BMO

Comment: Re:Fuck the libs! (Score 5, Interesting) 216

by bmo (#48758321) Attached to: Bill Would Ban Paid Prioritization By ISPs

"That's because Republicans believe in the free market not communism."

Funny, the current bunch Ds are typically to the right of Reagan.

And no, the Rs aren't in favor of any kind of free market either. And "free markets" don't exist, ever - they are an imaginary construct much like "friction free inclined planes" in physics.

--
BMO

Comment: Re:Cyptowall is very sophisticated (Score 1) 181

by bmo (#48756433) Attached to: Inside Cryptowall 2.0 Ransomware

It's these 3rd party ad server farms that get hacked and start serving out this shit. Doesn't matter if it's Yahoo, CNN, Drudge, MSNBC, Fox News...etc. If they have a contact with one of these ad agencies (and they all do), all it takes is for one of the infected servers to rotate into view for the end user. Really nasty stuff.

This. So much this. And there are ad networks that will host anything given the right amount of money and lack of care. I sure as hell don't allow ad networks to display their crapware on any machine, no matter the architecture/OS. With adblock-plus, privacy badger, and ghostery installed on a client, third party crap gets enough of a heave-ho to make even going to places like gawker "inoffensive."

--
BMO

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...