Become a fan of Slashdot on Facebook


Forgot your password?

Comment: Re:Questionable claims (Score 1) 60

by lamber45 (#48466889) Attached to: Sony To Offer Partial Refunds For PS Vita
Well, technically he still hasn't suspended deportations (or otherwise changed immigration policy) through an executive order. His "My fellow americans..." speech last Thursday was explaining a policy that the Department of Justice had told the Department of Homeland Security it could follow. He's taking credit for it for the purpose of arguing with Congress, and he would certainly veto anything that actively undoes it ("let's deport people by a random lottery", "let's deport everyone who has an anchor baby and is not yet a citizen", "let's deport everyone, Citizen or not, with a Muslim-sounding first name or an Irish-sounding last name"), but he hasn't done anything that the next President couldn't undo.

Comment: Link to law (Score 1) 256

by lamber45 (#48213421) Attached to: Michigan Latest State To Ban Direct Tesla Sales

1981 version

2014 version

Difference in clause (i):
@@ -1,7 +1,8 @@
(i) Sell any new motor vehicle directly to a retail customer other than
-through its franchised dealers, unless the retail customer is a nonprofit
+through franchised dealers, unless the retail customer is a nonprofit
organization or a federal, state, or local government or agency. This
-subdivision does not prohibit a manufacturer from providing information to
-a consumer for the purpose of marketing or facilitating the sale of new
-motor vehicles or from establishing a program to sell or offer to sell
-new motor vehicles through the manufacturer's new motor vehicle dealers.
+subdivision does not prohibit a manufacturer from providing information
+to a consumer for the purpose of marketing or facilitating the sale of
+new motor vehicles or from establishing a program to sell or offer to
+sell new motor vehicles through franchised new motor vehicle dealers
+that sell and service new motor vehicles produced by the manufacturer.

Comment: Re:Next wave of phishing? (Score 1) 149

by lamber45 (#47616027) Attached to: Gmail Recognizes Addresses Containing Non-Latin Characters
No, they're not allowing gmail accounts to use non-ASCII local parts yet. However, mail to/from other domains can have non-ASCII local part and domain name. If that other domain allows a random user to create an account "róót", that's about the extent of the possible phishing.

Comment: Re:I think it's reasonable, if it was accurate (Score 1) 276

by lamber45 (#46427515) Attached to: Should Newsweek Have Outed Satoshi Nakamoto's Personal Details?
There is value. If the creator wrote it on his free time after working 30 years in a probably thankless job he couldn't tell his family about, there's hope for me to do something similar, or at least I should advise my sons to get a good education and a stable job. On the other hand, if he was a 15-year-old kid who flunked most classes in school and spent the majority of his nights playing video games, I'd better get my sons each a latest-model gaming rig, because that ship has sailed for me.

Comment: Haven't had this issue with GMail, but with other (Score 2) 388

by lamber45 (#45928191) Attached to: Ask Slashdot: What To Do With Misdirected Email?

My GMail (and Yahoo! as well) username is (first name)(middle name)(last name), all fairly common [in fact at my current employer there are multiple matches of (first name)(last name), and my father has the same (first name)(last name) as well], and I have not had this problem with either service. Perhaps using initials instead of full names is part of it; or your last-name may have different demographic connotations.

I did, however, recently have that problem with a Comcast account. When the tech visited our home for installation, he created an account (first name)(last name) . I didn't actually give it out anywhere, yet within a few months it was filled with a hundred or so messages for someone in another state. I did try responding to one item that seemed moderately important, and whoever got the response [the help-desk of some organization] didn't seem to grasp that I had no connection with the intended recipient. Since I hadn't advertised it anywhere, it was easy to change the username, to (my first initial)(wife's first initial)(my last initial)(wife's last initial)(string of digits) While this address appears to have been reused, apparently Comcast no longer allows address reuse; I tried using a previous ID that I had used a long time ago, and it was not available.

Since you ask for advice, I recommend two courses of action:

  • 1. As long as you still have access to that address, when you receive anything that is clearly misdirected and potentially of high value, deal with it politely. Don't use a "form response", instead personalize the response to the content of the message. CC the intended recipient on the response, if you are able to divine who it is. Once you've dealt with the matter, delete the whole thread. For newsletters, try following an "unsubscribe" action, if that's not available mark as spam.
  • 2. Consider an exit strategy from your current e-mail address, no matter how much is attached to it. See the Google help posting "Change your username". For the new address, try a long nickname or full first name instead of first initial; or maybe add a string of numbers, a city your contacts will recognize, or a title. Give your important contacts plenty of advance notice, post the new address with the reasons you're switching [perhaps with a list of the confusing other identities as well] on your "old" Google+ profile. After a reasonable time (say six months or a year), delete your old account. Make sure you change your address at all the "various sites" you've registered at before doing so, in case you need to use a password reset function.

Comment: Re:Switch to an easier technology (Score 1) 399

by lamber45 (#44529823) Attached to: Ask Slashdot: How Do I Request Someone To Send Me a Public Key?
I wouldn't want to trust just the secretary of the other org. However, with public keys (HTTPS, PGP, SSH, anything else similar), it's good for the information on "how to verify" the key to be widely disseminated. For example, the org could put its key fingerprint, and a screenshot of the same as used in common applications, on an indexable part of its HTTPS-protected public website. An individual could put his PGP key fingerprint on his (paper) business card, as fine-print on his resume or CV, and in his e-mail signature. The secretary should be able to say what the key is, and how to verify that.

Comment: Makes sense (Score 1) 196

by lamber45 (#42806969) Attached to: New Secure Boot Patches Break Hibernation
Hibernation actually is a security hole. I'll ignore the kexec issue for now, but encrypted and checksummed hibernate images would be a good thing, and would be nice on a non-SecureBoot system as well. At a minumum, the hibernation image should carry a checksum of { the image data + the kernel that loaded it + relevant platform data }. That would at least prevent partially booting a suspend image with random corruption. Can SecureBoot also provide a secret key used only to encrypt the suspend image and decrypt it during boot? Or some additional data to feed into the checksum that securely identifies the platform? Or keep the suspend checksum in nonvolatile memory that can only be written to by a trusted operating system?

Comment: Re:Couldn't we just charge them tuition? (Score 2) 689

by lamber45 (#42742841) Attached to: Does US Owe the World an Education At Its Expense?
... except that bona-fide work visas for random foreigners are pretty hard to come by. For many international students, a student visa is the only way to be in this country until they graduate, after which if their grades were good enough they have a shot at an H-1B or a sponsored visa. Then there are the schools that are diploma-mills whose main purpose is to allow their students to work in "practical training" as soon as possible...

Comment: Re:Actually, the opposite (Score 1) 150

by lamber45 (#42618403) Attached to: Another Java Exploit For Sale
Several of your arguments are either false these days, or not as bad (especially versus the alternatives) as you make them sound:

-take 30 seconds to a minute to load

This load-time is for the first applet in a browsing-session, not each one; and "30 seconds to a minute" is an outer figure, on a reasonably modern system it will be less. I've seen Flash-based games that took a long time to initialize, as well.

- fonts and widgets are not native and look weird

Actually, you can have native widgets, with the old AWT components; it's the (slightly newer, still around for a long time) Swing that looks the same on every platform. Whether it's "ugly" is a matter of opinion.

Now, it's true that some people never need to run applets, those who do don't do so every day, and some applets look like something from 1995 because they really were written in 1995, and still work; but the Java plugin is not totally going away any time soon, and I think it's still a good choice for applications with unusual UI requirements that need to run "in" a browser.

Applets aren't just games, either. From my current needs:

  • The GIS browser for the city I live in;
  • My employer's expense-submission program;
  • The VPN clients (from two different vendors) for systems I access for work

And that doesn't even include JNLP (Java Web Start) programs, which aren't the same "sandbox" but which also depend on Java platform security for their sandbox.

Comment: Re:paranoid mode engaged ! (Score 1) 79

by lamber45 (#42511915) Attached to: Hiding Secret Messages In Skype Silences

Except that the packet already has at least an 8-byte UDP header, a 20-byte IPv4 (or 40-byte IPv6) header, and a link-layer header of some sort. There's probably some sort of checksum and block padding within those 70 bytes (which may in fact include the UDP or TCP header as well).

Similarly, VNC tunneled over SSH doesn't use 1-byte and 2-byte packets. For a certain block-size for which I did calculations and watched some real-life traffic, actual packet payloads for the different relevant messages are as follows:

  • SSH CHANNEL_OPEN "direct_tcp": 92 bytes
  • KeyEvent (messagetype=4): 44 bytes
  • PointerEvent (messagetype=5): 28 bytes
  • ClientCutText: at least 44 bytes

Since there are only about 90 keys on my keyboard, that seems like a lot of wasted space per packet; but remember that just the TCP and IPv4 headers are 40 bytes, so it's only 51.2% of the IP data, and even less of the link-level data.

"Life sucks, but it's better than the alternative." -- Peter da Silva