Follow Slashdot stories on Twitter


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Why so many trucks? Why not railroads (Score 4, Insightful) 242

by sotweed (#46391899) Attached to: Walmart Unveils Turbine-Powered WAVE Concept Truck

I don't understand how trucks, which require much more fuel, and more driver time per load, have
so thoroughly replaced railroads for long hauls. Making trucks more efficient is a fine idea, but
it's only nibbling at the edges. Why not go back to trains for medium to long distances?

Comment: Re:Fixing ECPA is not enough.. (Score 1) 29

by sotweed (#45612589) Attached to: Ask TechFreedom's Berin Szoka About Govt. Policy and Privacy Online

One other question: Is it clear what "fixing" ECPA means? Do you have a specific proposal? Or is it
just that a warrant is needed to examine "mail", regardless of how long it's been stored, whether it's
in flight or stored.

Everyone talks about "immigration reform" but I think there's a very wide spectrum of what that

Comment: Phone call data is not metadata! (Score 1) 96

by sotweed (#45420089) Attached to: Stanford's MetaPhone Project: Crowdsourcing Metadata To Challenge the NSA

It's data. It happens not to be complete - there's more, namely the audio of the call.

Intelligence agencies have been doing traffic analysis on this sort of data -- just who is
communicating with whom - for at least 70 years. For NSA to refer to it as "only metadata"
is the height of hypocrisy.


+ - NY Times reports conclusive evidence of hacking against US by Chinese Army-> 1

Submitted by sotweed
sotweed (118223) writes "The NY Times in Tuesday's paper is that a group in Shanghai is hacking against American companies and government agencies, and appears to be supported by and part of the Chinese Liberation Army. American intelligence officials have confirmed their knowledge of this organization. The Times says, "An unusually detailed 60-page study, to be released Tuesday by Mandiant, an American computer security firm, tracks for the first time individual members of the most sophisticated of the Chinese hacking groups — known to many of its victims in the United States as “Comment Crew” or “Shanghai Group” — to the doorstep of the headquarters of a People’s Liberation Army unit." Attention of the hackers is now turning to America's infrastructure: power grids, gas lines, waterworks, presumably via unsecured or inadequately secured SCADA systems."
Link to Original Source

Comment: It's a copyright violation. (Score 4, Insightful) 273

by sotweed (#39607563) Attached to: Some Hotspot Operators Secretly Intercept, Insert Ads In Web Pages

IANAL, and I don't play one on TV, but it seems pretty clearly a violation of a web site's copyright to do this. A web page
is a visual work, and at least for any country that is party to the Bern Convention (this includes the US and most or all of Europe),
a page is copyright even if it doesn't say so. So for the hotel or ISP to modify the page, especially when it is being paid to do so,
seems a clear violation. Some web site should make a big stink (lawsuit!) about this and put an end to the practice. I think it wouldn't
be a difficult case to win, particularly with all the other copyright enforcement actions going on (MPAA, etc.).

I wonder if a similar case can be made for organizations like health clubs that show TV programs at the wrong aspect ratio, making
people look as if they're 20% fatter (wider) than they actually are...

Comment: Proposal to improve visibility and raise awareness (Score 1) 339

by sotweed (#38549382) Attached to: Ask Slashdot: Changing Passwords For the New Year?

Here's an idea/meme: Create a way to describe both the password rules and storage policy for a web site in a few characters.
Then encourage sites to put those characters next to the "Enter Password" box on their site. The intended effect is to make users
aware of the rules of the site, and ultimately to force them to improve their policy. Here's an example of what I mean:

0 means "we store your password in the clear"
1 means "we encrypt your password using standard techniques"
2 means "we one-way encrypt your password and store only the encrypted value"
3 means "we one-way encrypt your password with salt, and store only encrypted, salted value"
4 means "3 and also we have an effective means in place to prevent repeated guessing by an external agent"
                                                  (some sort of time-delay for bad guesses, getting progressively longer, or something similar..)

(Any more needed?)

and maybe use a letter for the password policy:

A means "password has a short maximum length" (8?) and silly constraints on what characters must be present"
C means "No restriction on password length, but some constraints on characters" ....
Z means "Password can be arbitrarily long and include any character you can type."

So 0A would be a disaster, and the goal would be to move sites toward 4Z. And you'd see what the site does
every time you log on (assuming, of course, that they're honest, but this would be easily auditable..) Even people
who didn't understand what the specifics mean could be educated to know that closer to 4Z is better. (This is just
an example... I'm sure a better encoding is possible...)

UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn