Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:Nobody is talking about the root causes yet.... (Score 1) 74

I think we need to go further and fundamentaly redesign the hardware architecture that the operating system runs from

Physically Isolate the operating system from the rest of the system. Let it run from completely different memory and storage so that is impossible to access from the rest of the system. Let it be a monolithic program that has its own drivers and its own network stack.

If you need to make a change to the operating system, you must physically switch to the operating system control and from within the operating system pull updates.

Support responsive drivers in user space.

Allow the operating system to pause and inspect the entire system (like a debugger). Allow it to download programs directly to userspace, like an antivirus program. Let it pause all programs while the antivirus runs. Let it remove and add programs from ram and storage while everything is halted.

Support extensive utilties in the operating system image to monitor and repair the user space.

Allow the operating system storage to be physically removed so that it can be replaced or verified.

The concept of root/admin would still exist, but would no longer have access to change anything in the operating system, only userspace.

Comment Re:Easy trumps security (Score 1) 65

If it is not easy, it won't get adopted, and if it does not get adopted what is the point. Ease of use and security need to go hand in hand. We pretty much have to trust 3rd parties. Our computer components, operating system, browser, applictions are made by 3rd parties. I am all for a better mechanism than CA for authentication, but this needs to be convenient. Distributing directly between 2 parties is not convenient. Allowing identifies (public keys) to be managed and audited by public trusted 3rd parties is a great idea, as long as it is distributed and open, so you can go to multiple trusted 3rd parties and get independant validation and audit history of identities.

Comment Re:Alarming Freedom (Score 1) 278

Research the topic "how do cloud formation affect global warming".

Is it a fact we understand the impact of cloud formation on global warming?

Read what NASA thinks about it? http://isccp.giss.nasa.gov/rol...

Here is an excerpt: "Right now, we do not know how important the cloud-radiative or cloud-precipitation effects are and can not predict possible climate changes accurately."

My point is not diminish the concern of global warming, but to make the point that when we start talking about science in absolutes, we start to sound like religous fanatics, rather than rational and objective.

Comment Windws 8.1 login not designed for security (Score 1) 58

The default login for Windows 8.1 is your Microsoft email / cloud account and password. So anyone watching you type in your password has access to your cloud account.

I don't understand why Microsoft is not given more flack for this decision.

Your alternatives is to not use their cloud, or use 4 digit PIN or a series of screen swipes, but they don't support a local password. If you understand how to set it up, you can supplement the PIN/swipe with a USB key, but it is not a visable user option and you have to understand what your doing.

Comment Re:Plenty. (Score 1) 1168

The Bible is our only significant source of information we have of Jesus, and so if you are saying the Bible is not true, that is a reasonable viewpoint, but if you are saying that you have some other source that says Jesus was trying to say something different or that the Bible was significantly distorted; what is that source?

That the details differ on different accounts of what happened after the resurection, I don't see as a test of anything. I can see the differences explained many different ways, and even the oppositie of what you are trying to imply, you could say they appear more authentic since they are not exact copies, or you could say they took different accounts, or they were trying to emphasize different themes, or a bunch of myths assembled seperately.

If you are trying to argue that Jesus was doing what many of the other Jews at the time were doing, it sounds like that is just a guess, and you have no evidence for what you are asserting. Or if you are not just guessing, what is the evidence?

Comment Re:Not so. (Score 1) 1168

The Bible itself says that Jesus was referring to his body when he said he would raid the temple in three days.

19Jesus answered them, “Destroy this temple, and I will raise it again in three days.”
20They replied, “It has taken forty-six years to build this temple, and you are going to raise it in three days?” 21But the temple he had spoken of was his body.
22After he was raised from the dead, his disciples recalled what he had said. Then they believed the scripture and the words that Jesus had spoken.

What inside information does Reza Asian have that the Bible is wrong?

Comment Re:Are the CAs that do this revoked? (Score 1) 139

If the self signed idea is combined with trust authorities (not signers), that verifiy this certificate is actually a valid one, and is say verified to be valid by several trust authorities (e.g. Google, Microsoft, Ubuntu, US.gov, etc) who you do have certificates for then I think it is a good alternative or supplemental approach to what we currently have.

Comment Re:Are the CAs that do this revoked? (Score 1) 139

I think the idea is on the right track, and that properly implemented could simplify life for everyone, including your Grandma. A good authentication standard, akin to SSL, so that we all only had to carry and manage one key manager, for all of the the items we secure: house, car, hotel room, bank account, web site, safe. No more remembering or coming up with passwords. One method to interface and manage authentication.

Comment Re:Are the CAs that do this revoked? (Score 1) 139

I second this, and add that we should start using trusted authorities to get, verify, and monitor all of the self signed public certificates, similar to how PGP works. We generally trust a few reputable companies and organizations and so these entities could setup the registries for the self signed certificates, and could monitor and establish mechanisms for generating creditibilty ratings for certificates. They can monitor for complaints, fraud, abuse, impersonations, etc. Your browser and operating system (which you already trust) would have a base line list of entities to establish the reliability of a given certificate, and you could modify that list if it suited you.

Along with your 2 way authentication proposal, establish an authentication protocol with acceptance level similar to SSL that allows the authentication to be done securely between key manager on the client side (away from any trojans or keyloggers) and a user/key database on the server side (away from any hackers). This way way we can keep the most sensitive information (the keys), in a simple isolated device or server, that does one thing, manage keys, thus drastically reducing risk of being compromised. Also, a well established authentication protocol standard, is needed if we want to rid ourselves of using passwords (not just for browsers, but also applications).

Science is what happens when preconception meets verification.