Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment: Re:Copy Online Banking (Score 1) 258

by laird (#49694119) Attached to: Online Voting Should Be Verifiable -- But It's a Hard Problem

Exactly right! Votes need to be physically recorded, so they can be physically secured, counted, audited, can only be modified physically in one location, etc. Digitally recorded votes are far too easy to manipulate, and almost all digital voting systems are impossible to audit making them completely untreatable.

Comment: Re:You cannot know *WHO* is voting (Score 1) 258

by laird (#49693997) Attached to: Online Voting Should Be Verifiable -- But It's a Hard Problem

This is exactly right - we don't need online voting - it's a horrible idea. The key problem is that it opens up vote fraud to the entire internet, with no oversight or physical control, instead of just people physically in a polling station under the observation of election monitors.

If the goal is to increase voting, the solution is to make election day a national holiday so it's equally accessible to everyone. And everyone involved in voting knows this.

The problem is that while everyone says that they want everyone to vote, one of the two parties knows they are only supported by a minority of the population and they only retain power by keeping the majority from voting, by making voting as difficult as possible.

Comment: Re:Why? (Score 1) 93

by laird (#49680547) Attached to: Apple Watch Hack Adds a Browser For Your Wrist

Exactly - "smart watches" aren't particularly for telling time, they are a small display that's visible at a glance for notifications and other information you want easily. For example, my Pebble tells me about my next meeting, including drive time, which is great to be able to easily watch so that I stay on schedule. And it's an activity tracker (running Up software) so I don't need to wear a separate activity tracker band. And it tells me who's calling so that I can decide whether to accept or reject a call w/out pulling my phone out. And check Uber cabs in the area. Think of it as the most valuable 10% of what you can do on a phone, made more convenient so that you don't have to pull your phone out as often.

Nobody dies if they don't have a smart watch, of course, but it does make life easier.

Comment: Good point (Score 1) 131

by laird (#49680419) Attached to: Beware the Ticking Internet of Things Security Time Bomb

It's a good point that as IoT devices proliferate there are security implications because your house will have dozens or even hundreds of devices all talking TCP/IP using whatever random protocols and implementations each device's manufacturer came up with.

That being said, I think it's unrealistic to imagine that each little company should hire their own security experts to make their own rock-solid stack, because many of these devices are home-made, or made by little startups, etc. And even if every manufacture aggressively tracked technology, users won't upgrade their firmware constantly.

Instead, I'd suggest that a better option would be to standardize the basic communications and develop a FOSS hardened communications stack for IoT devices, and push IoT producers to adopt it, so that everyone at least builds on a secure platform. There are many communications stacks for IoT, but the problem (IMO) is that they're generally proprietary by companies trying to "win" in a battle between IoT stacks, and because there are so many code bases, and they are proprietary, they can't be trusted, and even if they are trusted, they can't be used by all developers because they're tied to proprietary platforms.

So what we need is an IoT stack, secure and efficient enough to run on tiny processors (Arduino...) ideally grounded in an open standards group such as the IETF. And with a marketing program to drive all IoT platforms to adopt it. Of course, there can be multiple competing implementations as there are with all network stacks. That's valuable from a security perspective, because it prevents everyone from running one code base and thus having the same security vulnerabilities. And, of course, competition makes everything better, as they compete to be more efficient, secure, etc. As long as they are interoperable, and based on a fundamentally secure design.

Of course, this won't fix all problems - you can certainly build an insecure app on top of an secure protocol - but at least it'll eliminate a bunch of "basic" problems, like identity and securing streams, etc.

Comment: Re:Still don't get where the market is (Score 2) 138

I used to think this way, because if you want to know the time look at a clock or cell phone. Then I got a Pebble, and found that it's fantastically useful to have little bits of info pushed to your wrist to see at a glance, and to have your watch know your schedule and location rather than just the time, so it can tell you things like "you should leave for your next appointment now, given where you are and where you need to be and the traffic". Then you only need to pull out your phone occasionally, she you want to actually talk with someone or use a large screen. It's very convenient.

Comment: The article isn't about PGP, but web-based email.. (Score 1) 89

by laird (#49419599) Attached to: The Problem With Using End-to-End Web Crypto as a Cure-All

The article isn't actually about end-to-end email security, but about using web-based email, because you can't trust the contents of the browser window. The answer, of course, is to use a Mail app, and not web-based email. If you use a mail app, end-to-end security works great!

The real problem that needs solving isn't hacking PGP into web-mail, it's making certificate management user-friendly. And that's not even that hard to do!

Comment: Re:Supercomputer Cluster? (Score 1) 68

by laird (#49273233) Attached to: GCHQ Builds a Raspberry Pi Super Computer Cluster

Sure. But the goal was educational, not production, what they did is pretty reasonable. That is, they built a large cluster of computers for kids to learn parallel programming on, using dirt-cheap commodity components accessible to kids. Sure, it's not a supercomputer in that it won't be on the Top 100 list, but it's a good educational "trainer" supercomputer, in that learning parallel programming teaches the the programming models (though not the specific languages) used by the real supercomputers.

Now, if they could get FORTRAN running parallel on the cluster, that's be really useful for teaching kids to be ready for supercomputing! Not as 'hip' as Node.js, but really useful for doing supercomputing.

Comment: Re:The Rules (Score 1) 347

by laird (#49246879) Attached to: FCC Posts Its 400-Page Net Neutrality Order

One correction - from what I've read Netflix demanded that Comcast give them direct transit for free, Comcast insisted that it be paid transit, through a provider, which is how pretty much all web sites operate - they pay their ISP, the web site's ISP buys transit to the consumer ISPs, and the traffic gets delivered. Netflix refused to buy more bandwidth from a provider, insisting that Netflix be able to bypass their ISP and deliver transit straight to Comcast, and they should get the transit for free from Comcast. Then Netflix tried to push more traffic to Comcast then their ISP was paid to deliver, the connections from Netflix to Comcast saturated and started dropping packets (or were throttled by Comcast, hard to tell from the outside). Netflix' bet was that if their service degraded on Comcast, they could tell their customers it was Comcast's fault, and force Comcast to provide transit for free to avoid the bad PR.

Comment: Re:The Rules (Score 1) 347

by laird (#49246829) Attached to: FCC Posts Its 400-Page Net Neutrality Order

The rule only says that ISPs have to transit traffic without differentiating between it.

Paid caches aren't network transit. They're not affected by this rule.

Peering arrangements are network transit, but the rule just says the ISP has to deliver the traffic they're paid by customers to deliver, whether or not the ISP likes the specific web site the data is coming from. It's not relevant whether the transit is free (peering) or paid transit.

Comment: Albert is doing amazing work (Score 5, Informative) 43

by laird (#49246781) Attached to: Tony Stark Delivers Real 3D-Printed Bionic Arm To 7-Year Old Iron Man Fan

Albert Manero at his team at UCF are doing a great job. One bit I want to add: the community that he's working in is e-NABLE ( http://www.enablingthefuture.o... ). The "one note" stuff is just a Microsoft sponsorship deal, done after-the-fact, and while their financial and marketing sponsorship of Albert's work is awesome (his work takes time and money, even if he gives the results away for free), it would be better to credit the actual community that contributed to the design, not the made up community that MS created for marketing spin. In particular, the hand used in the Limitless design is Flexy Hand ( by Gyrobot, who's a very cool guy who deserves some credit for his work.

Comment: Re:1st Amendment (Score 1) 449

by laird (#49239977) Attached to: Cody Wilson Wants To Help You Make a Gun

No, the first amendment says that The People have the Right to form Well Regulated Militia. The Founders strongly opposed the idea of private armies, and in fact when people tried to set up their own military force outside of the Militia they were found guilty of treason and shut down by the army.

It's weird how modern gun salesmen have managed to twist "the people have a right to form well regulated militia" into "gun companies have the right to sell unlimited quantities of any kinds of guns to anonymous buyers over the internet".

Comment: Re:thanks (Score 1) 211

by laird (#49099097) Attached to: 800,000 Using Were Sent Incorrect Tax Data

Keep in perspective that the "too low" Medicare and Medicaid payment schedule that the hospitals and doctors claim they can't survive on is still much higher than is paid by any healthcare system in any other country on the planet. So why is it that doctors and hospitals in the US charge more than in Japan, Germany, France, the UK, etc., while at the same time delivering inferior medical outcomes? Are they stupider or more wasteful? Or do they just have a higher profit margin? As a patient, I want to pay for healthcare, not profit margins.

"For the man who has everything... Penicillin." -- F. Borquin