Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:Java, [...] most bug-filled, hackable software (Score 1) 106 106

by burbilog (#49920285) Attached to: Hacks To Be Truly Paranoid About

Running a full 'sandboxed' JVM in a browser needs to be taken out the back and shot and on this basis java is indeed probably very insecure, Oracle should of flagged this as a legacy setup disabed by default a very long time ago;

So, every iLO on HP servers out there must be now obsolete?

Comment: Re:Tor's trust model has always been broken (Score 1) 50 50

by burbilog (#49830561) Attached to: Tor Connections To Hidden Services Could Be Easy To De-Anonymize

This is a primary reason why I2P (Invisible Internet Project) exists. Its much less centralized than Tor, mixes other peoples' traffic with yours by default, and over the years has typically used stronger encryption than Tor. Its just more private and secure overall.

Unfortunately it does not scale well. Some time ago Russian government created new censorship laws and popular book piracy site Flibusta responded with "trainig", turning off its regular website and leaving only Tor and I2P sites, to see how well it works. And suddently I2P was bogged down. It seems that I2P architecture wasn't designed to handle serious traffic and serious amount of users.

Comment: "Austerity" is a very dangerous thing to do (Score 1) 743 743

by burbilog (#49773953) Attached to: Greece Is Running Out of Money, Cannot Make June IMF Repayment
That's how Russia was devastated in 90x: austerity. IMF demanded to cut budget spending without caring about real situation, Eltsyn's government caved in and thus police and judges went for many, many years without adequate pay. Guess, who really rule in Russia now? The same people who HAD to exploit their position or just starve on their $10/month salary. Those who did not want to be corrupted HAD to leave law enforcement, court system and other most important positions in government -- or lean to take bribes and to extort money from population.

Comment: Re:It's weird... (Score 1) 258 258

by burbilog (#49696295) Attached to: Online Voting Should Be Verifiable -- But It's a Hard Problem

How can you provide complete secrecy of the voter's choice? Let's say I want to buy a vote. In the current system, the person I am paying disappears into a booth, and I actually have no idea how they voted.

BTW, physical presence system is easily gamed too: they intimidate you to vote for Edinaya Rossiya (ruling party in Russia) or loose the job (teachers, budget workers, government-owned companies, etc -- lots of people) and demand you to make a photo of your ballot with correct check mark. Guess what? 99% of people complied with that... the remaining 1% found some tricks like placing a short thread on empty square and the photo then mark another party. But these were minority.

Even physical voting security is hard, because they game it in many, many ways and it must be done via very strict procedure with free media watching that. Online voting is pure madness.

Comment: Re:More hoops before travelling through USA (Score 1) 200 200

by burbilog (#49690523) Attached to: Judge: Warrantless Airport Seizure of Laptop 'Cannot Be Justified'

Similar problem with deniable encryption. [wikipedia.org] It sounds great, but if the bad guys think you've fooled them, they'll just keep beating you with the $5 wrench [xkcd.com] even after you've broken and given them the real password.

The purpose of deniable encryption is not to hide something from thugs with hot iron but from LEGAL authorities. In some jurisdictions you must give up your keys or face jail time, but if you give up some keys from deniable system they can't prove that you have something else on that encrypted drive and thus you avoid jail time, loss of the job, etc.

I don't understand this idiotic binary logic -- if it can't protect you from the torture than you should not do it at all. Deniable encryption has its place and alas, there is no sensible password manager with it :(

Comment: Auto-report to police is sufficient (Score 1) 408 408

The only solution is to make it illegal to disengage the self-driving in non-accident situations and to have hefty fines for people gaming self-driving cars (perhaps by having obligatory dashcams on each of them).

Self-driving car already has excellent data from its radar and cameras. Just store accident data and report to police, immediately. People will learn FAST to avoid self-driving cars (and to hate 'em too).

Comment: I see one serious problem that can't be solved (Score 1) 477 477

The police (and other government agencies) WILL want some kind of kill switch or even "drive that criminal into the jail" feature and they WILL force manufacturers to implement it. In most stupid and 'secret' way. Now the trouble is that we see the pattern repeating during last decades: hackers are always ahead of technology and police. So they WILL get access to that 'feature' and then we'll see lots of kidnapping, robberies and other fun stuff. Just stop a victim in dark place and then send him the other way as far as possible. And no, you won't be able to press gas pedal and drive away from that mugger.

A few crimes of this kind on TV and the public will refuse any car with significant amount of intelligence.

Comment: Horrible idea (Score 1) 213 213

by burbilog (#49317771) Attached to: Finland's Education System Supersedes "Subjects" With "Topics"
How many people will regret their childish decision without any chances to switch career later, because they received "cafeteria only" education? And often parents force kids to take certain "family" career path, but kids can grow up and switch careers... if they have got generic education.

Comment: Re:The real question in my mind... (Score 1) 341 341

Yes, I agree that will eventually change, but it will likely be very slow. Many, many regulatory decisions have been made not based on the prevailing science of the time, but on what people were willing to accept.

Most probably it's going to be accepted incrementally, one by one, until we wake up with already self-driving car. Nobody (well, almost) complains about ABS now and nobody argues that ABS is much better for 99% of drivers (and remaining 1% is way too overconfident). It's just there.

The same is going to happen with automatic collision avoidance. With sign recognition. With lane following. One change at time.

Comment: Re: HUH (Score 1) 341 341

Yes, jumping in front of those automated cars, with their cameras, facial recognition, GPS, and 8G connections. I'm sure it will be huge - there's no way those punks would be easily caught!

Unless cameras could see through the fabric of the hood/mask/disguise these punks are going to be safe from poice.

Comment: Re:HUH (Score 1) 341 341

The code can be 100% reliable, and then a solar flare can be released which causes a surge in electromagnetic interference, leading to a random bit flip in memory, corrupting a portion of code meant to handle just that situation and then what?

And then another subsystem immediately detects memory checksum failure and brakes the car, broadcasting emergency braking signal to all cars around.

Comment: Password manager with plausible deniability (Score 1) 200 200

by burbilog (#49300301) Attached to: NZ Customs Wants Power To Require Passwords
Anyone?

Alas, there is no good open source password manager with built-in plausible deniability. All variants of keepass reject the idea, shifting it somewhere else and there is no good solution for Android. The best solution would be a database of X password databases (big X, a hundred or more), with only one database being encrypted and other slots filled with junk, and everything must be overwrittend during any save operation. If password manager does that by default (i.e. you don't tick special option to enable) then you might have one password db, two or several. Or 1024. Nobody can tell. And if you gave away password to innocent db with your small subset of passwords there is no way to prove that you ever had some other db inside your storage. That's going to satisfy any customs and any british judge, unless they ban such software completely.

Comment: What about real numbers of losses in power lines? (Score 1) 341 341

by burbilog (#49162639) Attached to: We Stopped At Two Nuclear Bombs; We Can Stop At Two Degrees.
Big copper cables have electrical resistance which results in line losses.

...

The line losses would be tremendous...most of the power would be lost to heat and RF emissions.

Can you prove that with math instead of just assuming abstract losses? How much real power line looses per 1000km for example? Soviet Union moved electricity around its vast spaces, using its non-high-tech united electric grid. Without any superconductors.

It is far more efficient to have highly distributed generation AND storage than to have an intercontinental power grid of supersized transmission lines.

Yes, it is. But it's much more expensive than global transmission grid.

Anyway, my point was not that we must concentrate on single solution, but rather that solutions exist in many ways, I just suggestged simpliest one (except that political fantasy part of couse).

Comment: Re:Who did the study? (Score 2) 341 341

by burbilog (#49153459) Attached to: We Stopped At Two Nuclear Bombs; We Can Stop At Two Degrees.
Those fifty thousand wind turbines and solar everything farms feeding lithium batteries the size of skyscrapers just will not happen. What's plan B?

No need for lithium batteries of that size. Just settle down politics (that's fantasy part of the plan, I know) and build power line across continents, crossing that tiny Bering StraiÐ and connecting all solar plants around the world. Then shuffle electricity around the globe as needed. It's quite doable today, with today tech and moderate expenses.

"It is better for civilization to be going down the drain than to be coming up it." -- Henry Allen

Working...