Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:Here's something worth crowdfunding. (Score 1) 96

So how does this work? Is a lawyer supposed to break their client's confidence or maintain a secret in the executive that, by its non-disclosure, perpetuates an an ongoing criminal conspiracy in violation of the constitution?

And, yes, I'll gladly chip in $10 for this guy.

Comment Re: Only needs to be *sold* without encryption (Score 1) 251

It all gets done on device. Every keystroke, touch, file, and secure key (vendor owns the trusted execution environment, too) is subject to exposure. If this were to hold, it would be bad.

What if you weren't allowed to use encryption online? Or if your front door had to use a federally approved lock for which law enforcement officers had the key?

This is a cynical (and worryingly effective) attempt to use "terrorists" as an excuse to grossly erode civil liberties.

So, yeah, fuck this guy.

Comment We've seen this before... (Score 1) 246

The British and French are reported to have pushed for weak encryption in cellular phones (A5/1 and A5/3) to make snooping easier for law enforcement. http://www.aftenposten.no/nyheter/uriks/Sources-We-were-pressured-to-weaken-the-mobile-security-in-the-80s-7413285.html.

Apparently, these governments didn't want to bother with having to serve warrants to telephone companies... Which would require, you know, legal warrants. So we ended up with 54-bit encryption (A5/1) when the engineers involved were pushing for 128.

So what happened?

What virtually everyone here will already have guessed: The back doors left for convenient government snooping made it easy for *anyone* to snoop, effectively rendering the encryption worthless. (http://www.infosecurity-magazine.com/news/3g-encryption-cracked-in-less-than-two-hours/.

Modular arithmetic is not a crime. If you make it one, French law will suddenly sit in conflict with privacy laws around the world *and in France*. And will it be illegal to transmit random bits? What about SSL?


Comment Re: In the US (Score 1) 347

You're pitting the wrong parties against each other. Yes, the families of fallen servicemen get screwed. No, a million dollars is not crazy for this suit.

You have the damages from failure to perform, and you have the punitive damages from negligence. Penalties in these rare cases are high, in part, to prevent others from acting recklessly. Add in the fact that a lawsuit is, sadly, like a negotiation when you factor in the all-too-common out of court settlement, and you have a cool million. $1.1MM send more thought it, though...

Comment Re: Sounds like an MBA plan! (Score 2) 216

Keep in mind that the number of reported bugs in a given piece of software is proportional to the probability of a bug occurring, the likelihood of a user being sufficiently competent to recognize it as a bug, and the amount of usage of the given piece of software.

The last two figures in that trio have been dropping off precipitously for Yahoo for quite some time.

The problem with dropping QA (as if there is only one) is that you lose the adversarial position of quality. The tension of a QA org, refusing to sign off on shit software, helps that software be better, just as the tension of TPM's, riding the org to hit a schedule, helps the software value scheduling constraints. Giving people causes to champion is an extremely useful way to keep an organization from developing blind spots. A bunch of devs, together, can easily become dogmatic and over index on one aspect of their work.

Domain expert QA also allows developers to solve problems that would have been incomprehensibly out of reach by providing conversational user perspective.

I'm a developer, so a visit from QA might mean something landing on my desk with a thud. Still, skipping QA altogether is going to lead to more developer hours spent on work that would have been covered by (sadly, much less costly) QAE's and more blinds spots, in code and organizational operation.

Love your QA. They are your safety net, fresh eyes, user advocate, exhaustive pounder, field-bug triage, and fire marshal.

Besides, anyone taking advice from Yahoo's tech leadership at this point is woefully out of touch.

Comment Re: expect a meaningful response. (Score 2) 152

Ephemeral primes are prime numbers (typically in pairs), used to establish persistent keys (e.g. DH, J-Pake).

So, even though you went AC to mock this commenter, you should really check your self before exposing ignorance.

That said, the Dual_EC_DRBG trick used by the NSA involved specially crafted primes that, effectively, gave the NSA a back door by which pseudorandom sequences could be inferred with comparatively little effort. It's a brutally clever bit of math, though I'm not sure it would qualify as an ephemeral prime. They seem more like static primes to me.

Comment Re: You think Hillary is tech-smart? (Score 5, Insightful) 452

I'm pretty sure that Bill knows what a backdoor is!

Honestly, trying to enlist Silicon Valley by either A) totally failing to understand what market disruption is or B) leveraging an utterly hamfisted rhetorical device? That is just failing out of the gate. Hillary looks more and more like a clueless, doddering elitist with nowhere near the mental horsepower to serve as President... And I'll probably still end up voting for her in the general...

Who the hell is running this campaign?

Comment Re: Linus rants about EVERYTHING (Score 4, Informative) 576

I have to agree. I was ready to read a melodramatic rant over slightly new semantics, but I instead found a completely justified and reasonable criticism of horribly unreadable (and kind of broken) code. With some extra swearing thrown in for Linusness.

Remember, coders, if you're doing anything with code that will be used by others or reused by you, readability is crucial. I'm not talking about comments unless the code itself needs to be less readable (e.g. Performance in a hot spot). I mean the code itself.

And, by code that others may use or you may re-use, I mean all code.

Slashdot Top Deals

"The following is not for the weak of heart or Fundamentalists." -- Dave Barry