Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment: Re:Grinch is not a flaw - has no CVE!!! (Score 1) 74

by sjames (#48630913) Attached to: Grinch Vulnerability Could Put a Hole In Your Linux Stocking

Sure, but the potential to mis-configure a subsystem that has big red asterisks around it anyway such that a trusted user might exceed authority is a far cry from a security vulnerability that might put a hole in my Christmas stocking. Other things to avoid include making /bin/bash suid root, chmod -R o+rwx /, etc etc.

Comment: Re:fire them (Score 1) 99

by sjames (#48627397) Attached to: Hackers Compromise ICANN, Access Zone File Data System

Put the cheetoes down so you can talk with your mouth instead of your butt.

By that criterion, sales and marketing are also cost centers. It would be ever so much cheaper to do business if you could just ship product at random and actually get paid. Buty you can't, so you need sales and marketing. It would be nice if the building would clean itself so you could skip janitorial without swimming in trash and filth but you can't.

Everything is a cost and in a well run business, everything in some way contributes to income. Get over it. Trying to divide entire functions into income or expense just demonstrates an incomplete and fragmented understanding of the system.

Comment: Re:Umm, why? (Score 1) 88

by sjames (#48619327) Attached to: Brain Stimulation For Entertainment?

But we have to ignore all of that because of what it implies our society and the living conditions of the junkies. We must resolutely hold the line. No 'facts' may deter us from the message that addiction is a moral failing and so the addict deserves his fate. Now, all rise and put your fingers in your ears and sing the new national anthem: "LA LA LA LA LA".

Comment: Re:Depends... (Score 1) 162

by sjames (#48618161) Attached to: Verizon "End-to-End" Encrypted Calling Includes Law Enforcement Backdoor

Agreed, to actually be sure, the software needs to be at least verified by someone you trust. It would not be wise for that someone to be a telco. However, end-to-end has a specific meaning and Verizon's service isn't it.

As for the keys, you can identify the party through conversation. If you've never met, you would need a trusted introducer in a 3 way call to verify each of you to the other. Then transmit public keys around and read back the key fingerprints. In other words, use the PGP/GPG web of trust rather than a central authority.

From then on, you have the keys stored and so you can skip that part.

I do know very well that the company is not at all immune to government pressure. I never anywhere suggested otherwise. I suggested that claiming a thing that is untrue and legally cannot be true is immoral. A moral company simply wouldn't claim to offer end to end encryption.

Comment: Re:I never understood the warmth argument (Score 1) 432

by sjames (#48614647) Attached to: Vinyl Record Pressing Plants Struggle To Keep Up With Demand

I fully agree that a talented professional can get amazingly good results out of the hardware out there today. It is also within reach of an avid amateur.

The modern digital gear is not quite as forgiving as the old tube gear but in exchange the result when you do it right is orders of magnitude better.

Ideally, all music should be released at full dynamic range and if it needs to be compressed for FM or crappy earbuds, the radio station or player can easily handle it.

I'm going to laugh when new standards for measurement come out that punish the current 'loud' recordings.

Comment: Re:It's required (Score 1) 162

by sjames (#48614547) Attached to: Verizon "End-to-End" Encrypted Calling Includes Law Enforcement Backdoor

But that can easily be prevented in a public key system. Just a simple example that I am formulating as I type. The peers elect a master based on any arbitrary criterion (pick a number, who has the lowest mac address, who called in first, whatever). Everybody else hands it a public key. The master generates a session key and encrypts it with each authorized public key to distribute it. If LEO taps in, he gets nothing unless he can convince the master to accept his public key. If there are supposed to be 3 parties on the call, the master's owner will notice that there is an extra request for the session key.

An added benefit is that it is actual end-to-end encryption. The provider has no ability to tap the line as long as the keys are reasonable and the software doesn't have a back door in it..

If the public keys have been exchanged in advance, all the better for knowing the identity of everyone involved in the call.

"Pascal is Pascal is Pascal is dog meat." -- M. Devine and P. Larson, Computer Science 340