Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:Fuck Forbes, and in particular Ethan Siegel (Score 1) 176

It's clickbait and self-promotion.

Clickbait, no: there's actual, real, high-quality content to what he writes.

Self-promotion: so what? If someone writes something interesting and informative, I want it to be brought to my attention -- even if they're the ones to bring it to my attention.

Comment Re:Yes and no, but mostly no. (Score 1) 83

One, the spec is positively Byzantine. It makes OpenPGP look like a marvel of clarity. It's a very hard spec to implement correctly, and for that reason I distrust most of the S/MIME out there.

Two, S/MIME has some hardwired dependencies on SHA-1. (So does OpenPGP; S/MIME has more of them.) SHA-1 isn't looking very healthy right now. OpenPGP is migrating away from SHA-1 and the working group is actively developing a new spec. The S/MIME community isn't.

Comment Re:Yes and no, but mostly no. (Score 1) 83

The biggest problem with OpenPGP is that it doesn't protect the metadata.

It's about to. :)

Daniel Kahn Gillmor had a novel idea for how to use PGP/MIME in a creative way to extend protection to virtually all the email header information. Enigmail is implementing this, as are a few other groups. Metadata protection is coming to OpenPGP -- and very soon!

Comment Re:Yes and no, but mostly no. (Score 1) 83

Quoting myself:

And some people -- idiots who don't understand that optimizing one of these may necessarily mean pessimizing another -- smile and say, "Yes!"

You're one of those idiots: I get it. But so long as you're saying "improve everything!" I'm going to ignore you, because some of these things are incompatible.

Comment Yes and no, but mostly no. (Score 5, Insightful) 83

Yes and no, but mostly no. (ObDisclosure: I help out with Enigmail.)

  • Could we do better? Maybe. Probably. But first you'll have to define what "better" means. Some people say it means stronger crypto. Some say it means a simpler RFC. Some say it means a better user interface/user experience. And some people -- idiots who don't understand that optimizing one of these may necessarily mean pessimizing another -- smile and say, "Yes!" Honestly, when it comes to "we can do better" style criticism, my response is simple: I know we can do better -- but first you have to tell me what 'better' means.
  • But that doesn't matter. When it comes to communications security the world is divided into two camps. The first one doesn't need it right now and the second one does. If you don't need communications security right now, that gives you a great amount of luxury to sit on the sidelines and wait for something better to come along. If you do, though ... then GnuPG and Enigmail are pretty much the best thing going right now, at least when it comes to email.

  • Alternatives? What alternatives? The only alternative right now for email security is S/MIME, and that's far worse than OpenPGP. If you want to communicate using Silent Circle, go for it. Want to use OTR, be my guest. But if you need email security... "it's probably time to look into alternatives" is the kind of advice that sounds good only until you realize just how few alternatives there are, or how lousy they are.

I'll be the first to agree that GnuPG is a usability nightmare. Absolutely. If you like I'll point you towards several references in the peer-reviewed literature that show why it's so bad. But when people start talking about alternatives, I want to know which alternatives they're suggesting; when people start talking about doing it better, I want to know what better means.

Comment Re:Not to be taken seriously (Score 1) 112

I didn't say it was proven. I said it was a result. We don't have a formal proof that P != NP, but find me a single practitioner who thinks we'll find a proof of P = NP.

At some level math works on the basis of consensus. Consensus determines whether we accept a proof or reject it for omitting an important step; consensus determines which axioms we accept to be true. And so far, the consensus seems to be "BQP != NP, just like P != NP."

But yes, we're going to keep looking for the proofs. :)

Comment Re:Not to be taken seriously (Score 1) 112

Depends on what you mean by proven. It's believed about as strongly as people believe P != NP. There's zero evidence BQP can address NP-Complete (or, for that matter, even interesting parts of NP), and a lot of good reasons to believe it can't. However, a proof has been as elusive as the P != NP proof -- another thing which pretty much every CS nerd agrees to be true, but it hasn't been rigorously proven yet.

Comment Not to be taken seriously (Score 4, Interesting) 112

Quantum computers cannot solve NP-Hard or NP-Complete problems -- at least, no faster than a classical computer. This is one of the most basic results in the field, and the author keeps on making hash of it. This article should not be taken seriously if it's rife with such basic errors.

Comment Re:10 LET M$ = "Microsoft" (Score 1) 132

I was around when the M$ nickname got coined.

It was a shortening of Micro$oft. We did the same thing with the Compuserve Information Service (CIS), which charged such outrageous rates that we started calling them CI$. Replacing the "s" of rapacious firms with "$" was pretty much standard practice then -- and, at that time, nobody deserved it more than Microsoft.

Comment Re:How sad (Score 2) 132

Apparently, you missed the news from a while ago about Microsoft releasing the CLR under a free software license. Check it out.

I've been a Slashdot reader since back when it was called Chips & Dips. Back then, Microsoft deserved the M$ appellation. Today, not so much. They're cooperating a lot more with the libre software community. Now, you can either shake your fist at them and scream how they'll never be forgiven for their sins... or you can smile, extend a hand, and welcome them to the party.

The world works better if more people choose the latter. And that applies to life in general, not just Microsoft. :)

Comment Re:Using Linux would prevent these Cisco mishaps! (Score 1) 112

I've forgotten the name of the company now, but there was a presentation at the Linux conference last year (two years ago, maybe?) in New Orleans that talked about this very topic, and they (or someone else that approached me afterward because I asked a question about it) said that their company was making switching hardware that did stuff in kernel-space, maybe with a proprietary module. This is key here... you can stuff a bunch of NICs in a box and use brtables or whatever and make a switch, but that's going to be dog-slow. ASICs are needed, and at least that one Linux company is making them.

Comment Re:Other reasons (Score 1) 306

No, it wasn't like that. After graduating with a CS degree in 1998, the job offer I was planning on taking paid $25K -- or $36K in today's 2015 dollars. I wasn't happy about it, but I was happy to have an offer. At the last minute another offer came through at $35K ($50K in today's dollars), and I was the envy of that year's CS grads for getting the largest job offer. Literally no one received this "started at $40,000" business you're talking about.

Comment Re:Security is a process - not a tool (Score 1) 203

Well, in the interests of honesty I have to say the matter in '98 with the shotgun was a lot more of a chaotic mess than I made it out to be. Whenever the fecal matter strikes the rotating metal blade, there's always a whole lot more confusion than the neat after-action writeups indicate.

The incident involving the courthouse, I actually don't recall what I was carrying -- either a Glock or an FN FNP-9.

Beyond that, yes, it's factual. :)

I've never much trusted the language of patriotism or civic duty. Too often they get hijacked by scoundrels to justify their skulduggery. I like to think of it this way: I like my home, I like my neighborhood, I like my neighbors. That gives me a pretty good motivation to give a damn about them. That, to me, is all that civic virtue really is: giving a damn about the people around you.

I recommend it to everyone. Life's better if we give a damn about the people around us. :)

Comment Re:Compared to guns... (Score 1) 203

Speaking as someone who has purchased many firearms at gun shows: no commercial firearms dealer has ever sold me anything without requiring an ATF Form 4473, whatever the local equivalent state and/or municipal paperwork is, and a NICS check. No private individual has ever sold me anything without requiring a photo ID and a copy of my concealed carry permit, which guarantees that I'm not prohibited from purchasing arms.

The idea that gun shows are hotbeds of background check-free shopping is completely wrong. According to the FBI, few criminals obtain their firearms at gun shows. I suspect the reason is just simple pragmatism: there are too many cops at gun shows and too many civic-minded people who will tell the cops if they hear someone's looking for a no-paperwork sale. Then the cops get involved, ask who you are, run your ID, discover you've got a felony conviction, and *bam*, you're now under arrest.

If I was a criminal and I wanted to obtain a firearm, I'd do what the guy who stole my SIG P220 did. I left the shooting range, placed my range bag in my trunk, realized I'd left a box of ammunition inside, locked my vehicle, walked back inside, picked up the ammunition, walked outside, and discovered my hatchback's rear window had been shattered and some asshole was already fifty meters away running down the street with my range bag over my shoulder and a tire iron in his hand...

Slashdot Top Deals

It is not well to be thought of as one who meekly submits to insolence and intimidation.