Forgot your password?
typodupeerror

Comment: Re:Encryption (Score 1) 490

by indil (#31501214) Attached to: 11th Circuit Eliminates 4th Amend. In E-mail
The irony here is that nobody is going to verify your signature, so it's worthless. It could be fake, and nobody would ever know, because it's not worth it to check. Encryption and authentication are useless unless they're transparently applied and verified systematically because nobody's going to do that by hand all the time.

Comment: Re:Young programmers keep me employed! (Score 1) 599

by indil (#31177674) Attached to: "Logan's Run" Syndrome In Programming
It might have been as bad as it sounds, but I can also imagine it actually requiring two weeks for a new person to do the work you could do in a few hours. Depending on the complexity of your product/environment and the quality of your code, what could take you a few hours could take someone else weeks to dig into, investigate, and get working. The two weeks it took the junior might reflect the shitty code that's already been written (possibly by you), not their programming skills.

Comment: Underlying problem remains unsolved (Score 1) 170

by indil (#31027618) Attached to: House Overwhelmingly Passes Cybersecurity Bill
'Cyber', 'warriors', and 'troops' are embarrassing and funny, however this bill's focus on educating people about these issues is laudable, and I'm glad malicious behavior in other countries is a growing concern. But the way I see it, computer security laws disincentivize us from innovating technologies that remove known exploits, and instead we patch things up and wait for the same exploit to show up another day. Buffer overflows, injection attacks, spam, denial of service, malware, viruses, these are things we've chosen to prevent by punishment, rather than by enforcing survival of the fittest for the underlying technologies. I will have to deal with spam probably for the rest of my life, because law enforcement can only target so many spammers, and the smaller ones can get by. The responsibility is on the government to enforce good behavior, so there's no incentive for us to make anything better for ourselves.

Comment: Re:Is it that much of a deal? (Score 2, Insightful) 382

by indil (#22690202) Attached to: Japan IDs All Its Citizens

Based only on the article description, Japanese citizens are being assigned ID numbers, not ID cards. Using an ID card to authenticate yourself works well because it probably has a photo and maybe a fingerprint on it, as well as some other personal information. If someone uses your ID card, it's easy to catch them. On the other hand, using an ID number alone to authenticate yourself is a terrible idea because it's a lot easier to match an ID number with a person than using their ID card. The ID number is treated as a kind of password, as if only you could possibly know your own ID number, despite the fact that you give it to anyone who wants to know who you are (which they assume also proves that you're you). The odds are high that eventually someone, maybe even you, will make a mistake and someone else can then tie you to your ID number.

What's funny is that the U.S. government discourages you from using someone's social security number to both identify them and authenticate them, because of the obvious security problems we see every day. Yet businesses continue to use those numbers for authentication. An easy fix would be for the government to simply publish everyone's SSN at once. Then any business that uses SSNs to authenticate people will be castigated or lose business for being idiots.

I think it would be cool to separate authentication from identification. Everyone gets a unique ID number and chooses a private code that together produce a public code, or maybe many one-time throw-away codes, that you can use to identify yourself without giving away control of your identity.

God made machine language; all the rest is the work of man.

Working...