Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:Password Security 101 (Score 2) 83

Since when do systems allow brute-force attacks on PIN numbers?

Who said brute force?

The attack occurred in January and targeted an IRS Web application that taxpayers use to obtain their so-called Electronic Filing (E-file) PINs. The app requires taxpayer information such as name, Social Security number, date of birth and full address.

This sucker just harvested them.

Because, really, HOW many different places will have those 4 pieces of information? I'm betting FAR too many for comfort ... and I'm betting some combination of them have been hacked in the last few years.

Oh, and of course:

While the IRS said that externally-acquired taxpayer data was used, the agency did suffer a security breach last year that allowed attackers to gain information such as Social Security information, date of birth and street address for over 300,000 taxpayers.

the IRS has already coughed this up before.

Who needs brute force when it's just a matter of entering the information you already have?

Comment Re:Hmmm ... Czar? (Score 1) 270

This leaves the question: does looking down on the word "czar" a sign of communism?

No, because it's a massively overused term, which seems completely random and pointless for an over inflated title, and has NOTHING to do with any historical meaning. Think King, Emperor, Dictator, Supreme Leader, High Priestess.

Czar sounds like a bullshit title which is handed out for no defensible reason.

So, much like we don't have Privacy Emperor, and Internet Emperor ... why the hell do we even call these things 'czar'?

It's like some idiot heard a cool word, and then next thing you know everybody is a freaking czar of something. It just seems like a totally misplaced superlative in English, or anywhere else.

Take every place you see the word czar these days, change it for "Asshole", and it's probably a more accurate title.

Now, if you'll excuse me, I have to do see what the Marital High Priestess wishes to do for dinner.

Comment Re:And? (Score 4, Insightful) 270

Dude, it's turtles all the way down.

If your secret law which requires you to lie about not having backdoors is invoked, you also have to lie about how people can check that you don't have backdoors. The presence of the secret law which says "you can't tell them about this" pretty much means there is no scenario in which you say "oh, well, gee, they're awesome and trustworthy".

By definition, the US government has taken the public stance that results in the conclusion "NO US COMPANY CAN BE TRUSTED".

Because as soon as you assert your laws trump the laws of the countries in which Microsoft etc do business, you essentially force everyone else to have to conclude "fuck you, go away, we now must assume you're not following the law".

I don't care how fucking big of a player you are, when Uncle Sam can compel them to lie ... you must assume they're lying, and that they couldn't tell you they were lying if they wanted to. Auditing about an NSA backdoor can't be trusted if the laws which would place such a hypothetical back door prevent you from admitting to that back door.

If Microsoft loses this case:

The US government's contention is that it can demand electronic data anywhere US companies keep them, and that it doesn't need to ask a local jurisdiction's permission. A magistrate and a federal judge have agreed. If Microsoft doesn't prevail in the appeal, Smith said it will go to the US Supreme Court.

nobody outside of the US can ever trust a US company ever again.

It really is that simple. Claiming auditing fixes this misses the entire point. Auditing in this case is a fucking fairy tale.

Comment Re:And? (Score 1) 270

But Americans seem to WANT NSL's and are willing to sacrifice the entire tech sector, the basis of their economic growth, for an increased police state.

Actually, I worry they'd want it both ways ... to keep their NSLs, and then to say "hey, you can't stop buying stuff from us, you signed a trade agreement".

There seems to be a belief they can base all of their economic growth on tech, but undermine and cripple it by making it unable to be trusted ... with the unsurprising outcome of not being able to link the two.

Comment Re:Good ... (Score 1) 202

You assert this as a fact. Citation? Or are you just deciding it's true? (If it's true, I'd love to know.)

If the car won't just hand off control without warning, then I should be able to be asleep in the back. If I can't be asleep in the back, then I don't believe what you say.

If it's full stop, change control, start driving ... then I shouldn't physically be in the driver's seat, to make it 100% explicit.

So far your "simple" scenario has yet to be validate by anybody, and so far all these tests require a driver in the seat ready to take controls.

I'm afraid you're arguing a scenario which thus far isn't real.

Comment Re:And? (Score 5, Insightful) 270

When the US government is in court with Microsoft over how they could use secret laws to claim Microsoft has to break the laws of other countries ... I fail to see how Microsoft, or any US company, can really be trusted.

This seems an entirely prudent response from Russia. I'm actually surprised more companies aren't actively wondering just how much Microsoft and others can be controlled by the US government.

When the US government is actively trying to ensure backdoors in encryption and the like, why would you assume there aren't any? You think these companies are going to make the international version with no US spying capabilities?

Good luck with that.

Comment Re:What about telemetry/spying features? (Score 1) 54

Alternatively I'd love to get an official how-to on how to disable tracking in Windows 10 entirely.

You're joking right? Do you really think MS is going to officially support that? I get the distinct impression tracking and eventually ads is something they've decided you're getting whether you like it or not.

Nobody builds an ad platform into the OS unless they plan on using the hell out of it -- Google has you on the web? That won't compete with knowing every single damned thing you do and monetizing it -- and I find it unlikely that even if you turn it off they won't later say "too bad, we've enabled it". You don't build that as a one off to promote some apps for a little while.

It's their computer, you just paid for it and have the right to use it for a while.

For non-enterprise customers, they don't even get a say in when/if updates are applied. It's all remote management all the time, and too bad for you.

Comment Re:Animals escaped, close barn door (Score 3, Insightful) 54

I think you meant:

There's an old saying in Tennessee - I know it's in Texas, probably in Tennessee - that says, fool me once, shame on - shame on you. Fool me - you can't get fooled again.

They've certainly gone out of their way to mask what those updates really are ... "this update addresses issues in Windows" ... like, injecting telemetry they won't ask your permission for or care even if you say no.

So many of their updates are entirely self serving to try to force you to upgrade. I'm not sure they can regain that much lost goodwill.

Comment Re:Good ... (Score 3, Insightful) 202

That's my major problem with this technology: there's an awful lot vague answers to specific questions.

A "self driving car" means you put little Timmy in it, send him to school, and monitor it on your cell phone to confirm he gets out in the right place and a teacher has collected him ... or it means you come out of a bar, fall into the backseat, and say "home, James" ... or it means grandpa who has lost his vision and his driver's license can get in and say "take me to my doctor's appointment".

No driver's license or legal responsibility for operating the vehicle at all. You are livestock being transported. You're not driving or operating, you simply told it your destination.

This bizarre model in which the car drives, except when it doesn't, and with no clear demarcation between is damned near impossible to make sense of.

If the car decides it's got no idea what to do, and it just says "you're in charge", and before you even know what's happening you're in an accident .. and the logs say "human was driving, his fault", you're screwed. Or, worse, someone builds in code which lies and just says "human was driving" 5 minute before any crash is triggered (so they can avoid liability).

There can't be a gray area between who is in charge and who isn't. And paying for liability insurance when the computer is in charge sounds moronic to me, why would you do that? Are you accepting liability on behalf of the computer or something?

Self-driving-ish cars? Autonom-ish cars? It just seems like everybody is pretending this is a solved issue, and I don't believe it is.

Comment Re:You'd think we settled this in the 90's (Score 1) 132

You seem to think they care about such things.

I remain convinced that law-makers, or law-enforcement are particularly concerned with Constitutionality these days.

Powers that started as "yarg, terrorists" are now for basic law enforcement, and increasingly the push to say you have no such rights is what we're seeing.

Governments are increasingly deciding any hindrance to law enforcement, including such pesky things as the law and your rights, are unacceptable.

And people are saying "well, as long as you're keeping us safe, go ahead". And that's alarming.

Comment Re:Good ... (Score 1) 202

There's a reason it's called a "Driver's License" and not an "automobile operation permit".

There's also a reason it's called a self-driving car.

It's driving, or I'm driving. This isn't Schroedinger's driver.

From your link:

Click on the above, you will see that the âoestateâ requires liability insurance on the Mercedes. Travel by right requires no regulation and that means no requirement for Liability insurance, all you need to understand is that you are liable under common law.

No, because I'm not driving. I'm sleeping in the back.

If this is to be a hybrid model where the car drives until it blames you, then just drive the damned thing yourself.

Comment Re:Good ... (Score 2) 202

I'm suggesting if Google is driving, and the passengers are passengers, then why the hell would anybody pay for things like liability insurance for an AI?

Could it be because it's still going to have a "fuck it, you drive" mode which passes responsibility to the human so Google can claim they're not responsible?

A self driving car becomes useful when I can have no controls, and be asleep in the back. I don't pay liability insurance on a bus, train or taxi ... why the hell would I pay it when something created by Google is in charge of driving it?

Slashdot Top Deals

Last yeer I kudn't spel Engineer. Now I are won.