Forgot your password?

typodupeerror

Comment: GED as a cost-cutting tool (Score 1) 224

by crow (#43448007) Attached to: Some States Dropping GED Tests Due To Price Spikes

Here's an interesting idea. What if a cash-strapped school district started giving the test to all their better students in 9th or 10th grade, so as to not have to teach them for two or three years? How hard would it be to get a quarter of the high school students to pass it a few years early?

I don't think this would be a great policy in most cases, though I'll admit that I considered taking the GED to get out of high school a year early. It could be a good option for some kids.

Electronic Frontier Foundation

DOJ Often Used Cell Tower Impersonating Devices Without Explicit Warrants 146

Posted by Unknown Lamer
from the bending-the-rules dept.
Via the EFF comes news that, during a case involving the use of a Stingray device, the DOJ revealed that it was standard practice to use the devices without explicitly requesting permission in warrants. "When Rigmaiden filed a motion to suppress the Stingray evidence as a warrantless search in violation of the Fourth Amendment, the government responded that this order was a search warrant that authorized the government to use the Stingray. Together with the ACLU of Northern California and the ACLU, we filed an amicus brief in support of Rigmaiden, noting that this 'order' wasn't a search warrant because it was directed towards Verizon, made no mention of an IMSI catcher or Stingray and didn't authorize the government — rather than Verizon — to do anything. Plus to the extent it captured loads of information from other people not suspected of criminal activity it was a 'general warrant,' the precise evil the Fourth Amendment was designed to prevent. ... The emails make clear that U.S. Attorneys in the Northern California were using Stingrays but not informing magistrates of what exactly they were doing. And once the judges got wind of what was actually going on, they were none too pleased:"

Comment: How authentication cookies should work (Score 1) 50

by crow (#43246659) Attached to: Twitter, Hotmail, LinkedIn, Yahoo Open To Hijacking

This is a very simple problem to solve. Just make the authentication cookie contain a hash of several lines of key data (MD5 or whatever is considered secure today). The key data should include your password, IP address, and the cookie expiration time. It could also include your browser ID string and other things that might be useful to keep consistent.

The only problem with the above as described is that it requires the server to save your plaintext password, but the same scheme would work with a hash of the password. The cookie could even be generated by the browser without interacting with the web site at all, except that it would need to know the IP address as seen by the web site (NAT makes that difficult to know).

If you leave out the IP address from the hash, then it is more convenient for computers that move frequently, but is obviously less secure.

Comment: Already available! (Score 1) 276

by crow (#43215487) Attached to: Galaxy S 4 Dominates In Early Benchmark Testing

You can get a dock for the Note that is compatible with the S3. It has a HDMI port and several USB ports. There are only two downsides: It costs around $80 to $100, and it doesn't necessarily work with USB ethernet.

Oh, and with the S3, you can get a simple USB OTG cable to hook up a keyboard and mouse (using a hub). It also works with USB hard drives. When I connected my USB ethernet adapter, it fried the phone. Instant death. They replaced it under warranty, but something is very wrong with the design if a standard USB device can destroy the phone.

Comment: Should be Obvious (Score 4, Insightful) 277

by crow (#43106903) Attached to: Texas Bills Would Bar Warrantless Snooping On Phone Location

All of these questions about what requires a warrant should be obvious. If civilians can do it without any special authorization, then it's fine for law enforcement to do it. If law enforcement expects special access due to their authority, then that special access needs a warrant.

Any exceptions should be clearly stated in law, such as access to criminal and DMV databases.

Comment: Re:Not checking pulse (Score 1) 156

by crow (#43009633) Attached to: Fingerprint Purchasing Technology Ensures Buyer Has a Pulse

My point isn't that this isn't an interesting technology. It's that we need to be careful in designing systems to watch out for the edge cases. As long as there's a plan in place for handling them, everything is fine.

And of course you see this sort of comment on Slashdot. I work as a software engineer. If I ignored a case that was only a ten in a million case (0.001%), I would be flooded with field issues. In the real world, you can test for the common cases, but you have to design for the tricky ones.

Comment: Re:Not checking pulse (Score 1) 156

by crow (#43009589) Attached to: Fingerprint Purchasing Technology Ensures Buyer Has a Pulse

My understanding is that he didn't (another poster pointed out that he has since received a heart transplant). I'm under the impression that the artificial heart in question produced a steady flow, more like a fan than a traditional pump. Technically, there would undoubtedly be some variation or vibration that could be considered a pulse, but it's the sort of thing that would be within the noise level of a normal pulse, not something likely to be detected. It would also likely be the case that other movements in the body would obscure it to the point of irrelevance, as well.

Comment: Not checking pulse (Score 4, Insightful) 156

by crow (#43005151) Attached to: Fingerprint Purchasing Technology Ensures Buyer Has a Pulse

The title is wrong. This is not checking for a pulse. If it were, then people with artificial heart pumps like Dick Cheney wouldn't be able to use it. They are alive, but do not have a pulse.

That said, I could see something like this checking for a pulse. This brings up the interesting problem of how to handle biometric checks for people who don't have those biometrics. Not everyone has fingers. Not everyone has eyes. Not everyone has a pulse. Maybe you don't care about that, as you don't have any of them among your target users, but what happens when that changes? You need a plan to handle that.

Comment: Embedded Market (Score 5, Informative) 107

by crow (#42992587) Attached to: Minix 3.2.1 Released

I spoke with Andy Tannenbaum when we were at the OSDI conference last October. He said that Minix has a role in the embedded market, especially in places where companies want to avoid the GPL.

It's a large and growing market. Much as I would prefer Linux, I agree that there's plenty of room for Minix in that market.

Comment: Re:Use inode space for 1st part of large files? (Score 5, Interesting) 120

by crow (#42945519) Attached to: Linux 3.8 Released

They probably store the file data in the same part of the inode that is otherwise used for the block list or extent list. So larger files must use that same space to tell the file system where the rest of the data is on the disk, which makes it difficult to also store data in the same location.

Also, putting a small amount of data into the inode would then mean that the rest of the file would no longer be neatly aligned on block boundaries, which makes doing a memmap of the file painful.

Comment: ERP (Score 1) 318

by crow (#42882507) Attached to: COBOL Will Outlive Us All

Yes, companies can spend far more time and effort on customizing an ERP system to meet their needs than the system itself costs. Then, when new releases of the system come out, the customizations need to be done again. The other alternative is to change the company's systems to match the ERP. That's what my employer did when it outgrew the previous system and realized that it was too difficult to keep customizing the system. It meant changing lots of little things throughout the company. For example, every part number had to change to match the rules for the new ERP system. All said, it was probably cheaper to make the changes in the company than in the ERP, and now we can upgrade to new releases without much difficulty.

Comment: It sort-of is Atari (Score 5, Informative) 127

by crow (#42647013) Attached to: Atari Files For Bankruptcy

Infogrames bought not just the name, but the company. Yes, it's been through a number of acquisitions and mergers. So yes, the current Atari does, in fact, own the copyrights on the 70s and 80s games that everyone associates with it, and it is still the same company. It's not just a brand that someone is licensing around (like RCA).

But you're right, it hasn't really been Atari in the emotional sense since at least 1998 when Hasbro bought them.

Nemo me impune lacessit. [No one provokes me with impunity] -- Motto of the Crown of Scotland

Working...