Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment: baaaannned.... (Score 1) 22 22

well dang, this is gonna get google banned in a few more countries that have human rights abuse issues and corrupt governments... with the possible exception of america, where google would fight tooth and nail to stop that happening. instead i suspect they'll work quite hard to twist what the definition of "verified editorial" is - most likely by deploying operatives within the team. this is gonna be fuun!

Comment: moderator censorship war! (Score 1) 401 401

fuck me as if we don't have enough to contend with here on slashdot with moderators (users) getting into a bun-fight over what comments are appropriate and which aren't, under this ruling the slashdot web site owners would have to review all the comments *and* the moderations *and* all the meta-moderations *anyway*! let the moderation wars begin... starting with this comment, yaay!

Comment: Re:how can we trust facebook? (Score 1) 138 138

Facebook is not doing encrypted messaging between users. Did you RTFA at all?

i did indeed... but it obviously wasn't clear enough. i believe that would come from the subject line saying "facebook is sending encrypted emails", rather than the subject saying "facebook allowing you to receive GPG-signed administrative notifications by email".

Comment: how can we trust facebook? (Score 1) 138 138

errr, so i want to send a communication, ok? it's supposed to be private, right? but it's a web service: facebook could, at any time (even under secret fascist subpoena) change or be forced to change (without informing us) the user interface so that the encrypted message is no longer encrypted, but is in fact entirely in cleartext.

you might think, "ok, well, surely we could then just have a messenger service or app which does the job, and we could trust that, right?" and the answer is "well no, absolutely not you can't... not unless the entire source code is available, and a chain of trust is established that guarantees a verifiable and traceable compile and distribution chain".

which, basically, means you need a software libre distribution (such as debian) because those have full source available, and GPG-signing right the way from the developers (whose identities are verified via key-signing parties that involve showing proof of ID on each signing), all the way through to distribution where a "Release" file containing the MD5 checksums of every package is, once again, GPG-signed by provably verified individuals.

the bottom line is that just because facebook *says* it's secure doesn't actually make it so, and announcing "yeah we provide a secure encrypted email service" is actually a dangerous DISSERVICE. you can't *EVER* guarantee that the servers have been compromised, and web browser *implicitly* trust what the servers give them to run.

the best thing that facebook could do is provide a programming API via which encrypted emails *may* be sent, and then sponsor software libre teams such as mutt, and everyone else, to provide 3rd party (entirely software libre) applications that deliver *and receive* encrypted mail. the only hurdle to get over there would be whether the software libre teams would view working with facebook to be endorsement of SaaSS (service as a software substitute - http://www.gnu.org/philosophy/...) which i can guarantee in advance that any GNU project will *not* do.

Comment: Re:Not the same, but I guess the best we can do (Score 1) 73 73

I'm afraid that willfull, destructive ignorance and barbarism isn't a problem that technology can solve. A digital copy, however perfect, remains a copy, and by nature, can't be used as proof that there ever *was* an original, which is the entire purpose of ISIS's destruction of these relics.

i disagree, outright. their aim is to destroy availability and access to anything that could cause people to have "thoughts" outside of the proscribed and permitted range as dictated by them. in that regard, it *doesn't matter* that the copies are imperfect replicas of the original.

in fact, now that i think about it: a second objection to what you say is that if anyone else notices a discrepancy, they may take a copy of the files and improve on it. so in that regard, the fact that these insane people have endeavoured to destroy the originals actually results in *more* people with access to - and thus thinking about - the origins of the artefacts that were destroyed.

either way, these insane people have *helped* spread the messages that they attempted to suppress. so i think i will mark this story as "stressandeffect".

Comment: trees cut down in the cities (Score 4, Interesting) 155 155

i visited bangalore in 2006, to see a friend living there. he explained that when the trees were cut down in the cities (so that more housing could be built), temperatures soared by an additional 10 *centigrade*. so, the ambient temperature surrounding the cities would be 45 degrees, but in bangalore it would reach *fifty five* centigrade. the point of mentioning this is that it's a much more direct version of how man has an effect on his immediate environment. change the landscape, you change the weather, it's as simple as that. we can learn from that... or simply die. it's our choice.

Comment: tried and failed... and prior art anyway (Score 1) 102 102

hang on... didn't bunnie huang do the "chumby", and didn't barbie try doing something like this - putting an interactive wifi and mic aspect into one of their barbie dolls... with a huge back-lash as a result? so (a) why is there an expectation that this will succeed (b) why was the patent granted when there is clear prior art???

Comment: debian digital signing and the GPG keyring (Score 2) 94 94

this is why debian has the GPG key-signing parties, and why all packages are GPG-signed by the package maintainer when they compile it, why the ftp masters sign the package when it's uploaded, and why the release files which include the checksums of all the packages are also GPG-signed. under this scenario there are an extremely limited number of extremely paranoid methods by which debian may be compromised. even the scenario of "cooperation between long-term sleeper agents within debian's ranks" would have a one-shot opportunity to get away with introducing malicious code, following the discovery of which their GPG keys would be revoked, the perpetrators kicked out of debian, their packages pulled immediately pending a review, and the already-effective procedures reviewed to involve multi-person GPG signing that would make it even harder for compromise to occur in the future.

now, if you recall, there was an announcement a couple of years back that the development of Mozilla's B2G was declared to be "open" to all, so i contributed with a thorough security-conscious review of how to do package distribution. it turns out that Mozilla is *NOT* open - at all. several other contributors have learned that the Mozilla Foundation is in direct violation of its charter.

basically, the Mozilla Foundation *completely* ignored the advice that i gave - which was that the use of SSL as a distribution mechanism would be vulnerable to *exactly* the kinds of attacks that we see the NSA attempting to do on google. they went so far as to enact censorship, preventing and prohibiting me from pointing out the severe security flaws inherent in their chosen method of package distribution. i remain deeply unimpressed with many aspects of so-called "open-ness" of well-funded software libre projects.

Comment: correlation between gravity and length of day (Score 1) 95 95

http://iopscience.iop.org/0295...

just to throw an appropriate spanner in the works, it's worthwhile mentioning the above article which notes a significant statistical correlation between variations in the measurement of the effect known as "gravity", and the (appx) 6.5 year cyclic variation of the earth's length of day.

now, before you go all "ooer" or "waah! gravity varies! we're all gonna dieeee spinning off into space", it's worthwhile pointing out that the author mentions, in the conclusion, that there *might* be some sort of unknown systemic errors in (a) how gravity is measured (b) how the length of day is measured which *happen* to coincide and give the *impression* that there is a statistical correlation between gravitational variation and the length of the earth's day. he does however state that in light of how the measurements are taken it would seem to be very unlikely that there are such systemic errors.

so, anyway, the point is: gravity appears not to be as simple as we assumed, hence why some long-distance space probes (Pioneer for example) have anomalous unexplained behaviour.

Comment: Re:Sociopath (Score 1) 170 170

You'd find that people who aren't training to be pros, but work out that much, are probably more common than you think.

yep - count me in. i'm currently up to about the same level of exercise as you - about 2 hours a day: tennis or street-skating. tennis is for my eyes - and the social interaction. street-skating is because i find the explosive (sprinting) nature of tennis is causing huge knots in my arm and leg muscles. without this, i am... yeah, not a nice person either :)

"Poor man... he was like an employee to me." -- The police commisioner on "Sledge Hammer" laments the death of his bodyguard

Working...