Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment: No way is this a Sony PR stunt (Score 1) 131

I fully agree and would also point out that this hack has resulted in HD bootlegs of unreleased sony movies being posted to bittorrent. Oh, and Brad Pitt's "Fury."

The top leadership at Sony Pictures is about to be booted out of their jobs and are so tainted that no other studio will hire them. I don't think this was their idea of a way to promote a film.

Comment: Re:because the lawyers ... (Score 1) 227

by SethJohnson (#48642935) Attached to: "Team America" Gets Post-Hack Yanking At Alamo Drafthouse, Too

Your reasoning for pulling The Interview applies equally to showing Team America, if you think about it.

The difference here is that The Interview was dumped national theater chains. In the case of Team America, a few independent chains were trying to screen the film and Paramount refused. In the case of the independent theaters, Paramount was not afraid that screening Team America would impact their profits for other films opening this weekend.

Comment: Re:TOR is a fucking honey pot ! (Score 4, Insightful) 80

by Kjella (#48641095) Attached to: Tor Network May Be Attacked, Says Project Leader

You do realize that most "darknets" are built on a "bust one, bust all" model? Pretty much the only security is that the bad guys aren't in your darknet, they've never reached a popularity where there's any plausible deniability. The only other people likely to be in your darknet are the other members of your terrorist cell or whatever you're part of, it has never offered anything for "normal people" for you to hide in. And darknets have actually been used as honeypots, to make clueless people give away their IP to join a private group which turns out to be a sting. It is pretty much the exact opposite of anonymity, it's joining a conspiracy and you're at the mercy of the stupidity of everyone in it.

TOR is trying for something entirely different, which is to keep everyone at arm's length from each other. I talk to you over TOR, you get busted well tough shit they still can't find me. The users don't know the server, the server doesn't know the users. Of course by adding that glue in between you run the risk of the man in the middle working out who both ends of the connection are, but that's the trade-off. TOR is trying to do something extremely hard, it tries to offer low latency - easy to make timing attacks, arbitrary data sizes - easy to make traffic correlation attacks and interactive access - easy to manipulate services into giving responses, accessible to everyone and presumably with poison nodes in the mix. It's trying to do something so hard that you should probably assume it's not possible, not because they have any special inside access.

I actually did look at trying to do better, it was not entirely unlike Freenet done smarter only with onion routing instead of relying on statistical noise. It wouldn't try to be interactive so you could use mixmaster-style systems to avoid timing attacks and (semi-)fixed data block sizes to avoid many correlation attempts but I never felt I got the bad node issue solved well. TOR picks guard nodes, but it only makes you bet on a few horses instead of many. It was still too easy to isolate one node from the rest of the network and have it only talk to bad nodes, at which point any tricks you can play is moot because they see all your traffic. Even a small fraction of the nodes could do that on a catch-and-release basis and I never found any good countermeasures.

Comment: Re:Interesting... (Score 1) 123

by Kjella (#48638543) Attached to: Tesla About To Start Battery-Swap Pilot Program

From what they've said before they expect you to eventually return to pick up your original batteries on your way home, though they haven't said how long you can keep driving on your loaners. If you don't they'll create some kind of fee to offset the condition between the battery pack you had and the one you got. If you're permanently relocating and make arrangements I'm sure they'll offer some kind of system to choose a battery in roughly the condition you had if you want it to be free or to swap for a brand new one if you want to restore max range at your final destination. Otherwise you could swap a 7 years old/100k miles battery for an almost new one for free, that wouldn't be right.

Comment: Re:3 minutes is slow? (Score 3, Insightful) 123

by Kjella (#48638401) Attached to: Tesla About To Start Battery-Swap Pilot Program

It's not about getting it done in 3 minutes, it's about being 3rd in line at 7:20am with 35 minutes left on your drive to work.

If your commute involves a battery swap for a Tesla you should really consider changing jobs. I'm guessing it's more about the weekend rush, Friday afternoon lots of cars will be going on long range trips and return Sunday evening, I'm guessing a battery swap pad is a lot more involved than a gas station pump so they won't have very many of them. They did run a test here recently driving a Tesla ~1000 miles and they said it all worked well but there was a lot of waiting, for every 2-3 hours of driving there's was one hour of charging. I know that when we drive to the capital it takes ~7 hours and we have one 30-45 minute stop, if they could swap batteries on at least one stop they'd be down to one hour charging per 4-6 hours of driving which would roughly be the break time we'd want with an ICE car too. But Friday afternoon I'm one of a thousand lemmings trying to get out of the city, it better go fast.

Comment: Re:Is a lame Seth Rogen flick worth dying for? (Score 3, Insightful) 212

by Kjella (#48635883) Attached to: Hackers' Shutdown of 'The Interview' Confirms Coding Is a Superpower

The first amendment only says "Congress shall make no law..." but everybody understands you don't have much freedom of speech if you end up hanging from the nearest tree afterwards. Because the law isn't supposed to shield me from lawful retaliation like a boycott only retaliation that's already illegal you don't need a specific law for that. But everybody realizes that targeted action against those who exercise a particular freedom is trying to encroach on that freedom. Of course the government can just wash their hands and say we weren't the angry mob holding the rope, but it wouldn't be a very good government.

Any time you refrain from a lawful action because of the risk or threat of illegal action is a failure of the system of law IMHO. If I can't walk through a part of the city at night they're failing to keep the street safe. If they can't show this movie at the cinema without the risk of terrorism they're failing to keep the country safe. At least if it's a genuine risk and not chicken little screaming that the sky is falling, I mean you can't expect them to be everywhere and prevent every crime everyone's trying to commit. And I don't want to sell out all my rights in an attempt to make it so either. There could be a price for not caving but there's a price for caving too, the terrorists don't need to take away your freedoms if your too afraid to use them anyway.

Comment: Re:I blame Microsoft (Score 1) 145

by Kjella (#48631881) Attached to: Critical Git Security Vulnerability Announced

Yes. There is only one possible name for addressing a file. For a case-aware, but case insensitive, you get up to 2^n variants for a name n letters long. And you _can_ have the same name with different capitalization in a directory as result of errors.

Funny, since Linux does everything it can to break a canonical name model with symlinks. In fact, you could mimic a case-insensitive system with 2^n symlinks like /foo/bar/COnFiG -> /foo/bar/config. And the captialization is the cause of errors in mixed environments:

1) Create file on Windows called "Foobar.txt".
2) Copy it to your Linux machine.
3) Rename it to "FooBar.txt"
4) Do lots of work on the text
5) Copy it to your Linux machine
6) Copy the Linux directory back to Windows.

There's now a 50-50 chance that your work just got overwritten by old crap from step 2). Of course you might argue that Windows is the problem here since it wouldn't happen on two Linux systems, but then it wouldn't happen on two Windows systems either. They just don't play nice with each other.

Comment: Re:Unrelated to Github (Score 2) 145

by Kjella (#48631807) Attached to: Critical Git Security Vulnerability Announced

Tag: NOTABUG and WONTFIX. Case aware filesystems so you can have normal names and not like AUTOEXEC.BAT and CONFIG.SYS from the DOS days is great, case sensitive file systems are a really bad idea. Is there any kind of sane situation where you'd like to have two files "Config" and "config" actually coexist that isn't just begging to be confused/abused/exploited? For a marginal performance optimization all POSIX systems have shitty usability. Why am I not surprised? I guess for a server it just doesn't matter, but for the desktop you should file this as a bug against Linux, not Windows and OS X.

Comment: Re:because the lawyers ... (Score 2) 227

by SethJohnson (#48631661) Attached to: "Team America" Gets Post-Hack Yanking At Alamo Drafthouse, Too

....then Sony would be liable to the victim and victims family because Sony either knew or should have known that the controversy caused by the movie would excite DPRK loyalists into committing such an act of violence.

And that lawsuit would be gently brushed aside by Sony's legal team. Heck, they'd probably send in their youngest intern to handle the distraction.

In 1952: "The Court reverses its position on movies in Burstyn v. Wilson, asserting that "liberty of expression by means of motion pictures is guaranteed by the 1st and 14th Amendments."(citation)

The reason the Interview was pulled out of theaters is because the distributors didn't want to see the lucrative Christmas boxoffice affected by people avoiding theaters due to these threats. Annie and Night at the Museum are expected to sell far more tickets than the Interview and the theater chains didn't want to see those profits reduced. As for why Paramount prohibited these screenings of Team America, well, they're probably worried they'll fall into North Korea's crosshairs and get hacked, etc. Damn cowards.

Comment: Re:And yet again terrorism wins (Score 2) 227

by DaHat (#48629363) Attached to: "Team America" Gets Post-Hack Yanking At Alamo Drafthouse, Too

You are forgetting the implications of tort law.

Even if a physical attack is very unlikely, the costs of the lawsuits which would occurs afterwards would make proceeding a rather risky thing either way.

Don't believe me? The lawsuit against the theater which didn't prevent the Aurora theater shooting continues: http://deadline.com/2014/08/ci...

Comment: Re:seems a lot like human vision to me (Score 1) 125

by Kjella (#48621113) Attached to: Research Highlights How AI Sees and How It Knows What It's Looking At

I think it was fairly clear what was going on, the neural networks latch on to conditions that are necessary but not sufficient because they found common characteristics of real images but never got any negative feedback. Like in the peacock photo the colors and pattern are similar, but clearly not in the shape of a bird but if it's never seen any non-bird peacock colored items how's the algorithm supposed to know? At any rate, it seems like the neural network is excessively focusing on one thing, maybe it would perform better if you divided up the work so one factor didn't become dominant. For example you send outlines to one network, textures to a second network and colors to a third network then using a fourth network to try learning which of the other three to listen to. After all, the brain has very clear centers too, it's not just one big chunk of goo.

Comment: Re:Oblig ... (Score 2, Insightful) 215

by Kjella (#48620493) Attached to: What Will Microsoft's "Embrace" of Open Source Actually Achieve?

"First they ignore you, then they ridicule you, then they fight you. Then you lose and kill yourself."
- Hitler (well, not really)

I never understood what that Gandhi quote is so popular, sure that's what a victory looks like out the rear view mirror but most defeats start just the same.

Comment: Re:It's required (Score 1) 166

by Kjella (#48615171) Attached to: Verizon "End-to-End" Encrypted Calling Includes Law Enforcement Backdoor

It was the 1960s. You were lucky to have a 300 baud modem, they wanted to save two bits by chopping the "19" off 1960 and encryption was regulated as munitions. Heck, even in the 1990s they wanted to restrict my browser to 40 bits so I didn't have "export grade" cryptography. I still hear cost for servers and battery life on clients as an argument for why sites don't move to HTTPS, The very idea to build the Internet with strong encryption by default was ridiculous on technical merits and I don't recall anyone even suggesting it so feel free to quote some sources.

Yes, MITM attacks are possible. But unlike wiretapping they're also detectable and I don't just mean in the theoretical sense. You could still use CAs to "boost" the credibility of an IP encryption key fingerprint (The CA signs my cert, I sign a message saying my IP uses fingerprint aa:bb:cc:dd:ee:ff), you can verify by proxy (connect to your server from friends/family/open wifi/proxy or ask a third party to what certificate fingerprint they see) or you can use in-band ad hoc verification. For example you're in a chat and it says at the top "finger print for this session is aa:bb:cc:dd:ee:ff" you might say "reverse it and you get ff:ee:dd:cc:bb:aa" or "third pair is a double c" or "last two are 255 in hex" as part of the conversation. Even better if it's voice communication, think they can MITM a buddy saying the fingerprint?

MITM only works if there's a protocol you can use to automatically block/filter any information about the key. For example imagine you take a photo, overlay the fingerprint semi-transparently and display it on your website. Now they have to create a very custom solution for your site to create an identical photo to replace it with. Transparent MITM in an interactive process - not just your cell phone checking your mail - is going to be really tough to do on a mass scale. It won't have the perfect theoretical characteristics, but it sure will work for most people most of the time.

HELP!!!! I'm being held prisoner in /usr/games/lib!

Working...