Forgot your password?

Comment: Re:Moral Imperialism (Score 1) 452

by Curunir_wolf (#48201391) Attached to: Manga Images Depicting Children Lead to Conviction in UK

Agreed. As usual, the people don't matter in Washington. They ask for universal health care, they get Obamacare. They ask to hold the banks accountable, and the banks get a bailout. They ask for safety from terrorists, and they get the PATRIOT act and ubiquitous surveillance of their lives.

And that's my point.

Comment: Re:How does it secure against spoofing? (Score 1) 116

by Opportunist (#48199749) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

No, there is no guarantee that the user will not use a mobile phone to access his online banking (and the idiocy of some banks pushing out mobile apps for online banking doesn't actually improve security in that area either).

You can't make the user secure. You can only offer it to him and hope that he's intelligent enough to accept it.

Comment: Re:Systematic bias, but also something else (Score 1) 534

by squiggleslash (#48199015) Attached to: NPR: '80s Ads Are Responsible For the Lack of Women Coders

I'm in the same boat as he is, and I know what he means.

It's not about denying access to ponies or princesses. It's about (1) not assuming an interest or lack of interest (relatively easy - my daughter seems just as fond of Cookie Monster and Thomas the Tank Engine as Abby and Madeline) and (2) not accidentally dropping the social cues that lead girls to see certain things as important in a way boys wouldn't.

It's very, very, hard, for example, for a dad not to tell my daughter how beautiful she is. But imagine, however, the effect it has on you if people around you, from the day you're born, talk about how pretty and beautiful you are. I never had that, because I'm male. My mother called me handsome from time to time, but it was never drilled into me that beauty was so important.

If she wants to consider it important, let her determine that herself.

Comment: Re:Can we stop trying to come up with a reason? (Score 1) 534

by squiggleslash (#48198935) Attached to: NPR: '80s Ads Are Responsible For the Lack of Women Coders

FWIW my experience of women as part of development teams has been largely positive, with one exception (not the woman herself, though she was fairly fiesty which in this case didn't help - or maybe it protected her, I don't know, but her supervisor, who was an out and out misogynist. She eventually left, because the company we worked for at the time kinda sucked like that.) That is, respect amongst male programmers for female programmers seem to be completely in line with what you'd expect for males respecting males.

Now, that said, I can't speak as a female in the same situation, so while the degree of respect might have been entirely reasonable, other factors may creep in that, as a male, I'm unaware of.

All I can say is as the father of a 2yo girl myself, I'm desperately hoping she has whatever opportunities she wants when she grows up. I think we in software development is decent enough that it's a field I'd have no trouble recommending to her. But, obviously, in the end it all depends on the group you end up working for.

Comment: Re:Moral Imperialism (Score 1) 452

by Curunir_wolf (#48198917) Attached to: Manga Images Depicting Children Lead to Conviction in UK

I pointed out what the regulation says, with a verbatim quote, and you accused me of lying (editing it).

Yes, it's verbatim, but it's not the rule. You quoted an introduction to the rule. Here is the entire thing:

Based on the record,227 we propose a general rule prohibiting a broadband Internet access service provider from discriminating against, or in favor of, any content, application, or service, subject to reasonable network management. More specifically we propose the following new rule:

5. Subject to reasonable network management, a provider of broadband Internet access service must treat lawful content, applications, and services in a nondiscriminatory manner.

Comment: 80s movies? Really? (Score 3, Interesting) 534

by Opportunist (#48198887) Attached to: NPR: '80s Ads Are Responsible For the Lack of Women Coders

So it's also the 80s movies to blame that women are not interested in careers like soldier, spy, pilot, policeman (apology, -woman), archaeologist, exorcist, karate fighter,...

Has anyone ever looked closer at the 80s? The 80s were not a geek decade. The only movie I can remember where geeks were not just the comic foil (ok, even in that one they were) was "Revenge of the nerds". The whole "engineering geeks" were no role model in 80s movies, and even less so in TV series. Whenever they were in some prominent role, they were the little sidekick of the actual hero. Be it Automan's creator Walter, who was mostly a comic sidekick (ok, the show wasn't that memorable, but the special effects were great for its time) or Street Hawk's Norman who was some timid, beancounter-ish scaredy-cat. The geek roles were at best meant to make the hero shine some more.

Actually, the only engineer role I can remember that was allowed to be superior in areas to the hero and be more than a nuisance to him was that of Bonnie in Knight Rider.

A woman.

Comment: Re:How does it secure against spoofing? (Score 1) 116

by Opportunist (#48198737) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

The second channel will not secure a compromised channel, but it will make it easier to detect it.

There are various defenses against replay attacks, most of them relying on keys being tied to the current time and only being valid NOW but neither before nor after. But that is only good against a replay, it is quite useless when the attacker is manipulating your own communication. That has been the staple of attacks against banking software since the advent of the OTPs, and the only sensible defense against that is actually a two channel communication. Out of band one way transmission (i.e. sending a OTP to the customer to use in the transaction) doesn't help here.

There is very little you can do to combat malware infections unless you are willing to use a second channel. At some point in the communication the data is vulnerable to modifiction, no matter how well you try to shield it. It resides in memory, unencrypted, at some point in time. And if nothing else, this is where it will be manipulated.

And it's heaps easier to do if the interface used is a browser. You can literally pick and choose just where you want to mess with the data.

Comment: Re:How does it secure against spoofing? (Score 1) 116

by Opportunist (#48198661) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

Ok, using what frequency? As far as I'm aware the whole spectrum that could be used by 3G is owned by some telcos and considering just how expensive using those freqs is they will hardly be so nice to let you use them for a little bit. They'll want to see money for that!

Comment: Re:How does it secure against spoofing? (Score 1) 116

by Opportunist (#48198589) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

The system you describe has been implemented often. Most often I've seen it with online games and the like where the main threat is the use of credentials by a malicious third party (i.e. some account hijacker stealing username and password, logging into your account and doing nefarious things with it). For that, you don't need a dongle. You need two synchronized devices that output the same (usually numeric) key at the same time. Basically you get the same if you take a timestamp, sign it using PKI and have the other side verify it. If you have two synchronized clocks, transmitting the signature (or its hash) suffices. That doesn't really require plugging anything anywhere, although it probably gets a lot easier and faster to use if you don't have to type in some numbers and instead have a USB key transmit it at the push of a button.

But that's no silver bullet. All it does is verify that whoever sits in front of the computer is supposedly who they claim to be and entitled to do what they're doing. It does NOT verify what is being sent, or that the content being sent is actually what this user wanted to send.

If anything, it protects Google rather than the user. Because all that system does is making whatever is done by the user of the account non repudiable. Because whatever is done, it MUST have been you. Nobody else could have done it, nobody else has your dongle.

Comment: Re:Moral Imperialism (Score 1) 452

by Curunir_wolf (#48198523) Attached to: Manga Images Depicting Children Lead to Conviction in UK

That takes no "new" government regulation, just applying existing laws as intended. But since the government refuses to do so, people called for the government to make more regulations (on companies, not people or the Internet) to prevent damaging behavior.

Well that's how Hitler came to power.

BOOM! DONE! You can stop calling me names for pointing out what the regulations say now.

Comment: Re:Like everything else, it depends ... (Score 1) 14

by squiggleslash (#48198495) Attached to: On posting anonymously

It's a real shame that you have to add all the disclaimers, and highlights the problems that we need anonymity for.

Yeah, though in the end... I was in part trying to keep a cool head with the disclaimers, but after a few days of research I must admit to being sufficiently unimpressed by the GG crowd, having shown it for the last few days just trying to get some straight answers, that I doubt being anonymous actually makes any difference. Ultimately it's hard to hide the fact you're the one with those opinions, unless you never say anything.

Ms. Barbara Hudson, 1312 rue Hyman, # 301, ...

I think you have a number of things going for you:

1. You know where APK lives too.
2. You live in a completely different country. ;-)

I'm glad we're maybe closer in views about the reaction of many towards Twitter death threats.

Comment: Re:How does it secure against spoofing? (Score 1) 116

by Opportunist (#48198461) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

Technically, "real" two factor authentication, with two different channels involved, require an attacker to infect and hijack BOTH channels if he doesn't want the victim to notice it.

As an example, take what many banks did with text message as confirmation for orders. You place the order on your computer, then you get a text message to your cell phone stating what the order is and a confirmation code you should enter in your computer if the order you get as confirmation on your cellphone is correct. That way an attacker would have to manipulate both, browser output on the computer and text messages on the phone, to successfully attack the user.

In other words, it does of course not avoid the infection. It makes a successful attack just much harder and a detection of the attack (with the ability to avoid damage) much more likely.

Comment: Re: Gamergate is NOT about defining "gamer" (Score 1) 162

by squiggleslash (#48198379) Attached to: For Game Developers, It's About the Labor of Love

There was an article on Slashdot about something GamerGate did that was going against the very journalists you're claiming GamerGate is ignoring. Slashcode even helpfully linked to it as a related story. It's right there at the top. The only way you missed it is if you're willfully ignoring it, which of course you are.

Not on my version of the page, no. The only link GamerGate related in the related stories list at least as rendered here is the Intel/Gamasutra/"Gamers" are dead thing (which I assume you cannot possibly mean, as it doesn't involve unethical journalism.)

FWIW, I also did your job for you. "My job?" I pretend to hear you ask. Well, yes. You're an advocate for a movement, and so the onus is on you to push forward examples of what you're fighting against, something you're refusing to do on principle.

So I trawled through a bunch of GamerGate Twitter streams, including Nero's. I looked at the Reddit KotakuInAction subreddit, which appears to be an organizing grounds for GamerGate. I looked at the negative responses to people like thequinnconspiracy and followed the links they were claiming.

And during this time, I found... zero cases. Well, let me back up a moment: there was one, involving Gawker, that was obviously a case of unethical journalism, with a journalist, as a joke, taking on a pro-bullying-nerds position, and GG rallying the troops against them. But I'm not counting it basically because it was a response to GG. The Gawker idiot would never have made the joke if there wasn't some giant group he thought represented nerds running around being apparently nasty and evil.

But in terms of independent cases of journalistic corruption? As in EA offers to swamp SuperGamerMagazine.comnetorg with expensive ads in response to good reviews for The Sims 4? As in BioWare gives Slimy McSlimepants from AGN his own Asari sex doll in exchange for a great review of Mass Effect 7?

No. Not one example. Nothing.

What I did see was primarily articles about how terrible the meida was because they're lying about GamerGate. Not lying about video games, but GamerGate.

I also saw some fake conspiracies. Yep, fake. I mean so fake it should have been obvious to everyone commenting. Like an email "leaked" from The Guardian that the "leaker" claimed contained an attack on GamerGate. Except it didn't. It contained an attack on people using the #killallmen hashtag. It was right there in the subject line. The leaker hoped that people would take a sentence that occured after the attack on #killallmen users, saying that a prominent feminist would be in the office to discuss GamerGate the next day, as meaning that the attack was about GamerGate.

Add that to the attacks on Quinn for having intimate relations with a journalist... which turned out to also be a fake conspiracy because said journalist wrote nothing about her, absolutely nothing, after the relationship started.

Add to that the attacks on Gamasutra for writing an article attacking gamers... except it didn't, it attacked the industry for only writing games aimed at "gamers" (the quotes are important, and yes, they appeared in the article), that is, a demographic of white immature teenage males that no longer makes up even a plurality of gamers. Oh, and even if it had attacked gamers... corruption? Really?

Well anyway, I'm seeing a pattern here.

Does the pattern matter? Well, probably not. In the end, the Guardian, and Gamasutra, and Quinn issues were probably peripheral, a movement desperately trying to find a positive identity when it knows there's considerable darkness holding it together. Quinn was attacked, not the journalist she had a relationship with. The death of "Gamers" article was written by a self-avowed feminist but wasn't radically different from criticism published elsewhere. The attacks on another feminist for publishing videos reviewing games from a feminist analytical point of view. The attacks on a female game developer including doxxing, her account being hacked, and a full on campaign of slander, because she documented some of the sexism she was dealing with in the industry.

And... well, we add to that SJWs. I don't mean the people, I mean the insult. The fact that GamerGate's opponents - by GamerGate's choice - are not journalists, but those who promote equality and inclusiveness and who oppose mindless sexism.

I did your job. I went out to try to find out what you were about. I did this after giving you the opportunity countless times to give examples showing GamerGate's good side, but you kept telling me to go off and do it myself. So I did. I think, based upon GamerGate's own words, that the group is primarily anti-women. The journalism thing is a smokescreen, I think in part because the GGs themselves are uncomfortable with the movement being solely about harassing female developers and developers who think about gender issues, it needed some underlying moral purpose otherwise it's just a bunch of nerds bullying women.

I'd say maybe it was a mistake not to engage me with examples of GamerGate challenging actual corrupt journalism, but I'm thinking you never had any.

Pro-tip: if I got it wrong, if you're really about corrupt journalism, then next time someone comes to you and says "I keep hearing conflicting things about GamerGate. I hear you guys are saying it's about unethical journalism, do you have anything about that?", you give them an example. Do NOT, under any circumstances, tell them to go off and search the Internet. Because they will not agree with you after they do.

As for me and you? We're done. You just asked me to wade through one of the worst cesspools of misogynist hate I've encountered in a long time. Your response to this will probably go unread.

Comment: How does it secure against spoofing? (Score 5, Insightful) 116

by Opportunist (#48196909) Attached to: Google Adds USB Security Keys To 2-Factor Authentication Options

What keeps me (or my malware, respectively) from opening a google page in the background (i.e. not visible to the user by not rendering it but making Chrome consider it "open") and fool the dongle into recognizing it and the user into pressing the a-ok button?

A machine that is compromised is no longer your machine. If you want two factor, use two channels. There is no way to secure a single channel with two factors sensibly.

It is easier to write an incorrect program than understand a correct one.