Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Re:You cannot know *WHO* is voting (Score 4, Insightful) 258

by DarkOx (#49689991) Attached to: Online Voting Should Be Verifiable -- But It's a Hard Problem

I also agree with you. I do think we need to make a couple more considerations though.

First "those unavoidably out of town" should not be an excuse unless the distance between postal zip codes is greater than say 200 miles, and if the post marks indicate otherwise your ballot is invalid. That is the only way to prevent abuse.

Second right now it is possible for your boss to intimidate you into not voting and certain companies probably have a pretty good idea of the voting blocks their employees fall into. We need to be fair and make election day a National Holiday! So that everyone has the day off. We probably need to make exceptions for the groups for which anti-strike laws already exist, Health, Safety and infrastructure folks who potentially have to work the holiday. There also needs to be some kind of penalty for employees who try to ignore election day like its just another MLK day have have nonessential personnel work anyway.

I agree the only way to ensure any sort of integrity is to have people GO to the polls, but we need to make sure everyone can.

Comment: Re:I do have email bias (Score 1) 461

by DarkOx (#49684197) Attached to: Does Using an AOL Email Address Suggest You're a Tech Dinosaur?

Ever since around 2009-10 my bias has been against those with Gmail accounts.

Why because using something different gives you a sense of superiority. AOL was an ad laden mess once it go big. It really was foolish to use it if you did not have to do so.

GMAIL's only real issue is privacy concerns. Which *is* a huge issue, but other services are far from immune to that as well; short of running your own mail server you can't really know and it does matter really because chances are the person you are mailing is using Google anyway.

The reality is GMAIL works well and meets a lot of peoples needs. It also has good IMAP support if you like a local client. So I don't judge GMAIL users to harshly, because I don't know where they could go that would be demonstratively better for them, unlike AOL users back in the day where there usually was clearly superior and obvious choice for anyone's specific use cases.

Comment: Re:Usual answer to a headline question (Score 2) 461

by DarkOx (#49684091) Attached to: Does Using an AOL Email Address Suggest You're a Tech Dinosaur?

AOL always sucked, There were always better alternatives. Always.

Yes, but back in 1993 its not like you could just Google it. If you were not attacked to some organization with access, and your local public library did not offer shell accounts or something the big name BBS services (with internet gateways) AOL, CompuServe, and Prodigy were usually the way to go. At least until you could find a local ISP.

Keep in mind most folks were at the time using DOS and Windows. So you also needed to bring some software to the mix, to do PPP etc. That stuff was no on the shelf at your local shop and it was not simple to figure out without online reference materials. The AOL diskette solved both problems.

Once you got online and found an ISP with local access numbers, got the trumpet winsock installed or downloaded Slackware you switched to a real ISP with local dialup numbers. AOL was a first step to something more than a local BBS even for a lot of us techies though, because it as available AND accessible when nothing else way especially if you did not have friends who could help you.

Comment: Re: Not authorized is worse than unconstional. (Score 1) 237

You think policy don't have procedures governing the handling and questioning of persons under arrest?

Miranda is a "due process" case. Essentially the court decided the process of questioning people before apprising them of their rights was unconstitutional. There is no problem with the act of asking a question.

Comment: Re:I don't get this (Score 1) 87

I am sure you are right. The criminals would adapt quickly there are plenty of inexpensive packaging materials that could be used which be sufficient to defeat detection by a dog. The biggest challenge for drug packers would probably be developing handling protocol to avoid contaminating the outer packaging with product.

That does not need to be perfect either just 'pretty good' assuming the postal service/government deployed a detective device more sensitive than a dog it would have to be tuned down otherwise the false positive rate would be insane.

Did the guy working packing at the Amazon roll a J before coming to work? Think that canabis oil from his skin won't transfer in some quantity to the absorbent porous cardboard he handles?

I doubt TSA style x-ray scanning would work well either, I don't know how you could distinguish drugs from many perfectly legal frequently shipped substances. Its a difficult problem unless you are willing to raise the costs of parcel shipping to insane levels to pay for manual inspections and all the abuse, theft, and fraud that will entail

Comment: Re:Who uses virt floppy anymore (Score 1) 95

by DarkOx (#49682799) Attached to: 'Venom' Security Vulnerability Threatens Most Datacenters

While I realize VMware isn't effected by this vuln;

Fusion can't boot a VM off USB (why the fuck is that?) So if I want to test a USB boot stick on my MAC I have to use this to chain load the USB sticks boot loader: https://www.plop.at/en/bootman...

Its pretty convenient to just keep a VM defined with a floppy and the plop disk always attached. It would be better if it could/would boot a USB device, but the virtual floppy is my work around.

Comment: Oh my (Score 1) 152

by DarkOx (#49682303) Attached to: How Responsible Are App Developers For Decisions Their Users Make?

Nobody can just own anything any more can they, nor can they accept we live in an imperfect world where mistakes happen.

An app developer should do their best to provide users with concise, but complete, accurate, and timely information to the extent the technology allows. Perhaps developers/vendors have some responsibility to set realistic expectation about the quality of the information, but that is as far is can possibly go.

Beyond that people/users just have to make decisions and bear the responsibility. If your counter terrorism intelligence app does face recognition and determines Jim on camera is really Oliver Public Enemy No.1, and Mr.Policeman shoots Jim, its Mr.Police man who is at fault unless your application was deliberately misleading or you mislead Mr. Policeman about the accuracy and confidence possibly with your app.

Comment: Re:Typo: Digital Rights Management (Score 1) 371

by DarkOx (#49676487) Attached to: Firefox 38 Arrives With DRM Required To Watch Netflix

So were the record companies. Now amazon sells mp3 files without DRM.

DVD ripping is childs play, yet they still release their stuff on that format.

Grandparent is correct eventually they will give up, probably because the competition will be beat them. The competition being indie (which lets face it the CGI that talented folks can do in their basement now is better than what the studios did in the 90s.) and their own older unencumbered stuff, and again there is so so so much of that there really is no need to watch a 'new' movie in our own life times.

Comment: Re:Difficult? (Score 3, Interesting) 152

by DarkOx (#49672075) Attached to: The Best Way To Protect Real Passwords: Create Fake Ones

Its a damn good way to get busted as well. IDS sensors and SEIM systems will pick up on a small number of hosts performing a large number of authentication attempts or a large number of hosts making attempts against the same account.

Either way you going to at least tip off the site operator. If your target is a free webmail host or something there might not be much they could/would do but a corporate security team will probably alert the account owner, and watch that account very carefully, will other folks contact the lawyers and the authorities to hunt your ass down.

Comment: Over think (Score 3, Informative) 152

by DarkOx (#49671847) Attached to: The Best Way To Protect Real Passwords: Create Fake Ones

Honestly this should be pretty simple. The default operating mode of a password manager should be generate a password from PRNG data.

Store the value encrypted with AES a key derived from a master password extended via PBKDF-2 or similar should be used for the cipher.

Next apply the necessary mixture bitwise rules applied bytewise to the 'clear text' to ensure the password will contain type-able characters and accommodate character restrictions. (Something like x = ((x % 126); x = x | 32 if x 32; for those of us using ascii and yes its not perfect and will produce some bias maybe a crypto expert could propose a better alternative ) Store which rules must be applied as well. That should not be an information leak as the attacker probably can research the target system and divine these requirements anyway.

That will mean most of your passwords are nearly random goblody gook. (Important). No matter what master password is used a key can be derived, the decipher operations and the rules can be applied the result will appear to be a legal password, but it will be incorrect. In the event you have stored a specific less random value it should 'decipher' as well but appear highly random given that is how all your other password appear to be it will not be a strong indicator the wrong key has been chosen either.

Comment: Re:Yeah so? (Score 1) 237

I would argue they have already show the rule of law to be an absolute joke.

When senior officials at the White House argues "the law does not require us to make a formal determination as to whether a coup took place." so they can ignore restrictions on aid to Egypt you know the law is a joke.

When the Treasury department rewrite bankruptcy law on the fly and over bond holder objections allows foreign investors to take a large stake in an American auto company because..jerbs.. you know the rule of law is a joke.

When banks rig overnight lending rates bilking investors, mortgage holders, and Municipalities out of billions and there are but a few wrist slap level civil judgements and no prosecutions of individuals you know the rule of law is a joke.

When NSA officers make disproven statements before congress under oath and nothing happens...

When clearly legally questionable activities are identified and courts duck the issue resorting to arguments, like "oh well you can't know your calls logged so you don't have standing"

Lets face it, its painful obvious the "rule of law" still gets a lot of lip service but is much closer to the old rules of "might makes right" than to the found principles of this nation. (Which is not say things were ever really any different). It boils down to what it always has; does someone bigger and badder than you want something you have or dislike what you are doing, better watch out!

Comment: Re:The Real Question (Score 2) 237

Why do assume that because Obama is a two faced freckles asshole that Rand is?

Rand has essentially spent his entire life watching his fathers political career be pretty severely constrained by rigid adherence to principles. Keep in mind, Slashdot aside, the NSA generally does better in opinion polls than Snowden. Paul is seeking to win a national election.

Obama was running for office and said those things when the popular view was Iraq and all the stuff we were doing to fight terror were abusive acts by our cowboy president. Opinion has shifted with the rise of ISIS, a majority of the sheep have returned to the "whatever it takes" view that existed on 9/12/2001.

My point is that is not politically expedient for Paul to take this position really, its at best no especially harmful to his electoral hopes. I think maybe we ought to withhold some judgement until/if we some actual performance.

Comment: Re:Not authorized is worse than unconstional. (Score 2) 237

To put it succinctly: The NSA was ruled to be operating outside the law... which effectively makes them criminals

Wait a moment. For the most part that which isn't illegal, is legal. What we prosecute the NSA for exactly? Misappropriation of funds, they used to build an unauthorized massive surveillance apparatus? Acting under the color of law, when they were requesting the records? Conspiracy of some kind?

I am not really sure there is actually much to charge them with and what there is, although fairly serious, might be hard to prove.

"Who alone has reason to *lie himself out* of actuality? He who *suffers* from it." -- Friedrich Nietzsche