Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:You should title this "Patriot act to be repeal (Score 1) 184

by qwijibo (#49335405) Attached to: New Bill Would Repeal Patriot Act
You have to have faith that things will work out in the end.

The businesses that own those congressmen are being negatively impacted by the surveillance state. The US can no longer be taken seriously for security products globally because the NSA has to have a finger in every pie, and a plethora of vulnerabilities in every product.

We have the best government many can buy. It just takes time for that money to get in the hands of the large multinational corporations who can be trusted to take the most profitable path. Once the laws start to directly conflict with the ability of those companies to make a profit, and the lucrative government contracts dry up so it's no longer profitable to support the surveillance state, those companies will fight to repeal those laws, unless a third, more profitable option appears. The government would be in a real bad position now if they couldn't just arbitrarily print unlimited sums of money to keep that contract option going.

Of course, this is probably why a lot of people feel it necessary to prepare for the collapse of western civilization.

Comment: Re:Jail time (Score 1) 538

Yes, that's exactly that would happen if Anonymous Coward was appointed supreme emperor. Fortunately, the existing corrupt politicians are unlikely to give up their power that easily. AC would be floating in a river by sun up.

I suspect the sentiment was more frustration that politicians are almost never held accountable.

Best idea on term limits comes from a bumper sticker: "Two terms. One in Congress, the other in federal prison for what they did while in Congress."

Comment: Another bad omen for privacy and security (Score 4, Insightful) 309

by qwijibo (#49125781) Attached to: Moxie Marlinspike: GPG Has Run Its Course
It's a bad sign when those who care about security lose interest. The NSA is doing their part to eradicate secure crypto. Law enforcement agencies are commonly breaking the law to fish for potential criminals. The only protection available is what's written by people who are not subject to influence from the NSA. That's increasingly meaning open source or non-US-based companies.

Crypto is hard to get right. It's hard for the average person to know what ciphers or tools to use and which are just snake oil. It's hard to implement correctly so that it is secure. New ciphers are written by people who have a lot of experience in breaking the old ones. As the old guard ages out, I don't see the same depth of interest in the next generation. With crypto, there's no quick fix, and the new hotness doesn't come overnight.

On the other hand, the 1990s cryptography he mentions would be a huge improvement over many things we have today. Since the 90s, I've wanted the ability to have cryptographically signed financial transactions. Instead of financial institutions and credit reporting agencies using shared secrets, I'd like to have the ability to authenticate with a public key. I'd like to provide my public key in person to my bank so they know I'm authorizing transactions. Instead, they rely on secrets which are available to anyone who's willing to spend a few bucks and maybe break a few laws. Identity theft is so prevalent because we're basically relying on writing (at least a 4000BC technology) for security instead of good crypto. Hell, bad crypto would be an improvement over most of what's being done today.

I hope his opinion isn't representative of more people who have been involved with security and privacy issues, but unfortunately, I think it will resonate with a lot of us.

Comment: Why just nations? (Score 1) 131

by qwijibo (#49079155) Attached to: US May Sell Armed Drones

When will those of us in the flyover states be able to buy our own armed drones?

Youtube is filled with entertaining videos of rednecks with guns and explosives. Armed drones would help take this to a whole new level. Think BattleBots with truly no holds barred.

Sure, there may be some people who would want to use these for illegal purposes, but think of all the benefits. Imagine a new service for stalking victims - counter-stalking drones, now with a "resolve" button.

(For the humor impaired, yes, I'm kidding)

Comment: Re:That's why nobody sensible wants them (Score 3, Informative) 223

by qwijibo (#48989127) Attached to: US Health Insurer Anthem Suffers Massive Data Breach

Encryption is not a panacea.

I'm in full agreement that sensitive data should be encrypted, but I've seen too many cases where encryption (even bad encryption) is an excuse for lazy and bad security decisions.

SSN is a bad "secret" for anything, given how simple and ubiquitous it is. The idea that shared secrets establish identity has been wrong for many years and it's just going to keep getting worse until we, as consumers, can make companies leverage public key cryptography for authentication.

Policies that require encrypting SSN at rest and PII in transit usually results in a database table with:

That sounds like a step in the right direction, unless you consider that how easy it is to decrypt the SSN. On my laptop, it takes 62 seconds to go through every possible SSN using a script that took me less than 60 seconds to write. Add some time for doing an encrypt operation and lookup for each possible value, but it's clearly possible to brute force the entire SSN range on any computer in a very short amount of time. Ultimately, once someone can get access to the data, they can easily generate every possible encrypted SSN and match up actual value to what's in the table.

Real world example:
Cox insisted on having my SSN to get internet service through them. The last 4 of the SSN is used to confirm the user on the web site. They insisted that storing SSN on the internet was safe because it's encrypted. They really want the SSN to be able to track you down if you don't pay and skip town. Most of their customers aren't going to argue with them because they hear that encryption is magic. I eventually convinced a supervisor that their security is a joke and we agreed that my SSN would be in their system as 3.14159265, without the decimal point.

When people believe that encryption makes their data safe, it allows people to decide to make riskier choices with where the data resides. Encryption is a step in the right direction, but it's just one piece of the security puzzle.

Comment: Re: Good! 100,000 more Democrat voters! (Score 1) 331

by qwijibo (#48988609) Attached to: Massive Layoff Underway At IBM

You took that seriously?

I was just making an absurd extension to the "give everyone free money" argument. This is all under a story about mass layoffs at IBM, so I figured trying to add some levity might help.

The income tax is a percentage of income paid to the government. If there was a "negative income tax" that would (mathematically) be money the government paid to the taxpayer(taxearner?). Math jokes aren't always funny, but when they have to be explained, all humor is completely lost.

As someone (often misattributed) once said: Democracy only works until people realize they can vote themselves more money.

Comment: Re:rival IBM? (Score 1) 331

by qwijibo (#48979913) Attached to: Massive Layoff Underway At IBM

Yes, it's too optimistic.

The people who are let go during mass layoffs aren't the visionary, brilliant and rich types. Those people can get another job easily, so there's no reason for them to stick around a soul sucking company they hate until they get laid off.

To found a company you need capital. Unless one or more of the founders is rich, that means convincing others you have something worth investing in.

How many of the people let go are going to work for free or cheap for a brand new startup?
What are they going to work on?
How is that product or service going to turn into a steady income stream?

Does IBM have anything worth a startup trying to beat them on?

A bunch of legacy applications that keep getting resold to new customers? There are none in a new startup.

IBM mainframes? Is there a market for a new mainframe manufacturer? And what's the barrier to entry to design, manufacture and market a new mainframe? I suspect not, but then I don't believe that the market for new IBM mainframes consists of anything but legacy IBM mainframe customers.

Project management? This is most of what IBM does. They get a contract to scope out a project that is never defined and therefore will never succeed or fail, but there's an amazing amount of billable hours in fluffing up the "no deliverables" that these projects could be shrunk to.

Most companies who want a project management circle jerk are perfectly capable of hiring a bunch of contractors and giving them no direction. There's no need for a startup to perform some role to get into that cash bonfire. IBM gets these contracts because people play golf and drink with other people, or they throw one of these engagements in with every product. You don't have to purchase a product, IBM will be happy to bill you for trying to sell you stuff you don't want.

Comment: Re: Good! 100,000 more Democrat voters! (Score 1) 331

by qwijibo (#48979625) Attached to: Massive Layoff Underway At IBM

Wouldn't a negative income tax be the government giving people free money based on how much money they made? That would make the $15/hr minimum wage people happy, just make the negative income tax 100%.

I would also like the government to give me 100% of my income as free money. When can we get this initiative on the ballot? Everyone will vote for it. There's no down side.

Comment: Re:Levels (Score 1) 214

by qwijibo (#48922913) Attached to: Ask Slashdot: What Makes a Great Software Developer?

The "do one thing well" philosophy is about purpose, not implementation.

For example, the grep family of tools search for patterns in files or input data streams. There's egrep for regular expression matching, zgrep for searching through compressed data (decompressing before searching, of course), etc. There's oodles of options to make all types of searching easier, but those are all aimed at the central purpose.

If you need to search for all of the numbers in a file and add them together, you could use grep for searching, but need another tool to do the addition.