Forgot your password?

Comment: Re:ugh (Score 1) 316

by mrxak (#47764173) Attached to: Seagate Ships First 8 Terabyte Hard Drive

Man, those deathstars. My first ever harddrive failure was an IBM deathstar. I still remember that awful sound it used to make, in the days leading up to the end. I only lost a little data, though, and I've had pretty good luck since with hard drives. A few failures here and there over the decades, but not more than a few. I tend to upgrade to new drives before they get too old.

Comment: Re:All good until someone simulates biometrics... (Score 2) 383

by mrxak (#47650433) Attached to: DARPA Wants To Kill the Password

With physical keys, a lot of people forget about securing their keys. They leave them out where they can be photographed, for example, or quickly imprinted, or even just compared to another key with all the bite codes on it so the numbers can be noted.

Same goes for locks. A lot of people don't secure their locks, either, which leaves an attacker plenty of opportunity to bypass. Even an area with security which will detect an attempt to pick a lock or force it open, is still vulnerable. You see a guy go up to a door, stick a key in the lock like he belongs there, then suddenly he "forgets" something and walks away without opening the door. You might not think twice about it in a busy office building, but that guy just got pin imprints and will be back every day to do the same thing again, or send in somebody else, until one day an attacker walks up with a manufactured key that opens the lock and goes right in.

"Something you have" like physical keys aren't that great if you don't secure them. You need to make sure that the only people who have that something are authorized to have it, and you need to restrict hardware access to the lock. It's a tricky proposition in the best of cases. Biometrics are even worse than most cases, because at least a lock on an office door can be changed if a key is lost. You can't change your biometrics. Furthermore, we're talking about digital systems here, when biometrics are inherently analog. Your analog finger, eye, or whatever is being taken in as a precise yet inaccurate digital signal, some probability function is determining if you're "close enough", and then a computer chip says you're okay. It's like having a lock where if you jiggle different keys in it, the tumbler will still turn. To put it in computer terms, it's like taking a float in as input, truncating the decimal, and using it as an integer in your finely-tuned algorithm. There's all kinds of floats out there that will get you the integer you need to make your algorithm work the way you want it to. It's no longer "something you have", it's "something that's kinda like what you have".

"Something you know" like a combination or a password, has always been more secure. It uses math instead of the physical world and its inherent weaknesses. There's too many combinations to reasonably guess it in the amount of time you have, and you're forced to exploit some vulnerability in the locking mechanism to get in, like using a blow torch to melt the locking bolt, or exploit some vulnerability in the user of the lock, like he was stupid and used his birthdate as the combination, or wrote it down. Passwords, and combinations, are digital, instead of analog, which means there's exactly one password or combination that will work, instead of an infinite number of "close enoughs".

You still need security with your lock and key, whether your key is something you know or something you have, but at least with digital, changeable keys, you have the power of discrete math on your side, and if you do lose lock or key security, you can go ahead and change your key.

And if I've piqued anyone's interest in security of physical locks and physical keys, I highly recommend the books by pen-tester Deviant Ollam, specifically Keys to the Kingdom which covers a number of attacks most people never consider when they're securing their offices, server rooms, etc. Practical Lock Picking is good too, if you want to learn how locks are defeated by, surprise, picking them (bumping, shimming, and bypassing too).

Comment: Re:Beards and suspenders. (Score 1) 637

by mrxak (#47616767) Attached to: Ask Slashdot: "Real" Computer Scientists vs. Modern Curriculum?

I too am surprised people are talking about CS majors as not getting a background in assembly and C or C-based languages. At my school, only ten years ago (shit, I'm getting old), assembly was a second year class, and actually the second class you took in the department if you were coming in with an APCS credit. Yeah, there was Java, but it was just the language they used to introduce new students to computer science, and all that was left behind after the first few classes, and more serious languages came very shortly after people got the basics of OO programming. By your third year classes you were expected to be able to pick up any language at any time, no problem, and you certainly had the background to do so. All the language concepts had already been learned, it was just a matter of picking up syntax or libraries as needed, in the context of whatever CS theory you were learning in a given class.

So is Asker just at a bad school, or has computer science education really changed?

Comment: Re:I might be a start. (Score 1) 63

by mrxak (#47556759) Attached to: UK Team Claims Breakthrough In Universal Cancer Test

If they get this up and running, it'll just be another diagnostic tool for your doctor. Hopefully it'll be a quick and cheap enough test that they can run it as soon as you report symptoms, just so they can rule in/rule out cancer and more quickly diagnose you properly with more specific tests to determine what kind and how bad. If it saves some people some unneeded biopsies, I'm all for it.

Comment: Re:Seriously? (Score 1) 213

by mrxak (#47168043) Attached to: US Secret Service Wants To Identify Snark

Any kind of automated mass collection of data without a human in the loop to determine if a threat is credible or not is going to have significant problems. People are sarcastic. People exaggerate. People lie. How many innocent people are being targeted with programs like the NSA has, simply because of a benign association, a bit of sarcasm, or an imperfect algorithm?

While I'd love to believe that the USSS can create some newer, better algorithms to sort through the threats and non-threats they get, if I was one of their protectees I would be awfully nervous if an algorithm was sorting through everything, instead of actual human beings.

Comment: Re:Ellsberg got a fair trial (Score 1) 519

My entire post is a hypothetical. I don't expect Snowden to ever go on trial, fair or not. But I would like to see it happen and I would like for that trial to be fair. I have the same wishes about everybody who has committed a crime.

It's not my fault people have a hard time understanding pretty clear logical statements, and like to imagine other arguments I could be making but absolutely am not.

Comment: Re:Ellsberg got a fair trial (Score 1) 519

That is not my position. My position is if you break the law and admit you broke the law it's pretty obvious you're guilty of breaking the law. I said nothing about anyone deserving to go to prison just because they're guilty. In fact I outlined several ways by which a lawbreaker might avoid prison should they avail themselves of the justice system. Sometimes the law is wrong or misapplied.

Comment: Re:Ellsberg got a fair trial (Score 1) 519

Perhaps you should read a little closer to my post, then. Here you go:

I would very much like to see him get a fair trial, with all the evidence and arguments heard.

So yes, I am coming out in favor of a fair trial for Snowden, and people calling me all sorts of names are arguing against a straw man. Please direct your anger elsewhere.

Comment: Re:Ellsberg got a fair trial (Score 1) 519

Unfortunately people seem to be imagining my positions on other issues, rather than reading exactly what I said on this issue. I was specifically addressing the possibility of a trial for Snowden. I did not comment on other hypothetical trials because they were not mentioned in the Slashdot article I was commenting on. Staying on topic on a Slashdot story, crazy, I know. I'm a rebel.

If Slashdot were to have a story tomorrow about a potential trial for Clapper, or anyone else you care to name, you would find I am in favor of fair trials for everyone who has committed crimes, not just Snowden.

I am also aware that the system is not always fair. I addressed that point in my original post. Like I said, I want fair trials. I did not say I want unfair trials, or that I want a selective application of justice. Nothing I said is controversial unless people choose to imagine I'm saying things I'm not saying.

Comment: Re:Ellsberg got a fair trial (Score 1) 519

I don't disagree with him either. But the fact still remains, he's repeatedly and publicly admitted to the crime he's accused of. The crime may be telling the truth, but some truths are illegal to tell.

If we as a society disagree with that law, we have various methods of recourse. But denying that Snowden broke the law is ridiculous.

Yes, we will be going to OSI, Mars, and Pluto, but not necessarily in that order. -- Jeffrey Honig