Follow Slashdot stories on Twitter


Forgot your password?

Comment: Re:SIP Replacement? (Score 1) 233

by locofungus (#48912895) Attached to: EFF Unveils Plan For Ending Mass Surveillance

why would providers go from IPv4 to IPv6 when soon there will be a shortage of numbers

They'll drag their feet but, eventually, there will be services that people want to use that are only available via IPv6 and then there will be little choice. (Although they'll try to proxy[1] popular IPv6 sites first)

[1] fake 10.x.x.x dns records that they serve to their customers and then forward the traffic over IPv6

Comment: Paid sick leave (Score 4, Insightful) 657

by tomalpha (#48883395) Attached to: Should Disney Require Its Employees To Be Vaccinated?

they've already put some employees on paid leave until medically cleared

Would this be mitigated by Disney *always* providing paid sick leave? The quote in TFS suggests that this might be the exception rather than the rule. If you encourage employees to come in to work while they're sick, or even hide their symptoms, then I guess you're more likely to see illnesses spread...

Comment: Re:Jurors (Score 5, Interesting) 303

It's very hard to explain "this shit" to people when there's someone else equally knowledgeable as you determined to explain why your explanation is wrong.

Asymmetric encryption. Do you explain P vs NP, why NP-Complete is almost certainly not in P but the problems that asymmetric encryption are built on aren't known to be either NP-Complete or P.

NP is a decision problem - but encryption isn't a yes/no problem. How can problems that only have yes/no answers be used to encrypt?

Muddy the water some more - PRIMES is in P. Do you really want to have to explain the difference between constructive and existential proofs while someone is interrupting every time you say anything that isn't 100% accurate.

You've only got to look at the climate change "debate" to see this effect in force. Climate scientists are playing a game of whack-a-mole and the general public cannot tell which side to believe. There are always questions and doubts that can be raised - the mark of a good scientist is asking the questions for which the answer is interesting. The mark of a good defense attorney is raising questions for which cast doubt on the reliability of the witness. The role of the judge is to make sure that the questions that the lawyer asks is relevant to the case - and that's where it gets hard when you've got two experts in their field debating something and one (or both) has an agenda.

+ - Installing top 10 render your computer almost useless

Submitted by fluor2
fluor2 (242824) writes "For the purpose of this experiment, we’re going to just click through all regular installation screens with the default options using a fresh virtual machine. And we’re going to install ten applications from the most popular downloads list. And we’re going to assume the persona of a regular non-geek user." Read the full article.

Is crapware completely destroying the user experience for a non-geek user?"

Comment: Re:It's just wrong (Score 1) 335

When you already have a defined program (and machine in this case) in front of you for review, then you can determine whether or not it will halt

except when you cant

For any computer program with a finite number of states (finite memory) you can determine whether it halts by running it long enough that it must be looping.

For a computer with 16384 states (An 8 state turing machine with an 8 position binary tape. 8 states * 8 positions * 2^8 values that can be on the tape) you can tell if any arbitrary program terminates by running it for 16385 steps. Any program that doesn't terminate in 16385 steps will run forever.

Comment: Re:quick question (Score 1) 212

by locofungus (#48415905) Attached to: Launching 2015: a New Certificate Authority To Encrypt the Entire Web

Web Browsers DID used to accept self-signed certificates (and certificates signed without a known CA - or cert-chain.) People just clicked through and accepted them willy-nilly. That was a poor security model.

The poor security model was browsers asking for confirmation for self signed certificates.

What browsers should have done is:

self signed certificates or unknown CA - how the "unencrypted web" works today.
No encryption at all - popup "are you sure you want to connect"
Signed certificate - tick (check) mark (instead of padlock) to show that the site is verified.

Now that browers are hiding the "http/https" bit from most people anyway it makes even less sense to treat self signed certificates as less safe/require more warning than a normal http connection.

Comment: Re: It's what you do with it that counts (Score 1) 184

by tomalpha (#48334245) Attached to: British Spies Are Free To Target Lawyers and Journalists

Mass surveillance should never be tolerated

I agree and that's not what I said and not what TFS or TFA is about - they're about targeted surveillance of lawyers. Which is always wrong, with a few possible but very rare exceptions. Targeting lawyers of people who criticise the government is clearly wrong and a blatant abuse of power.

I'll endeavor to not be completely ignorant of history

I don't think I'm completely ignorant of history (although I wouldn't would I), but I might disagree with you about how we solve the problem. And as I said above, there is clearly a problem that needs fixing.

Comment: Re:Apologist (Score 1) 184

by tomalpha (#48334075) Attached to: British Spies Are Free To Target Lawyers and Journalists

British spies should be spying on _every_ British citizen illegally

That's not what I said and not what I believe. It's not what TFA is about either.

Trying to conflate the jobs of law enforcement and "spying"

I am dead set against that. The only example I gave was spying on a foreign leader which, as I said, I consider distasteful but (sometimes) necessary. You can, and quite possibly do, disagree with that and that's fine.

apologists don't want debate and dialogue

Whilst I don't believe I'm an apologist, debate and dialogue is what we're having here, and you'll see a previous comment of mine above where I said it's a good thing that we're outraged. And yes, I'm outraged if the government and/or intelligence agencies have been abusing their power. That doesn't necessarily mean that breaking the attorney-client privilege is always a bad thing and to be clear, it absolutely doesn't mean it's a good thing either. It's not too hard to come up with a (very unlikely but not impossible) circumstance where the majority of citizens would agree it was the right thing to do in that very individual and specific circumstance. My position is simply that I favour more scrutiny and accountability rather than more laws and absolute rules - never say never, but you must be able to, and made to, justify why you're doing something as a spy.

Comment: Re: It's what you do with it that counts (Score 1, Insightful) 184

by tomalpha (#48332825) Attached to: British Spies Are Free To Target Lawyers and Journalists
It's a nice thought but I don't think that works in the imperfect world we live in. We don't only spy because everyone else does (though I dare say there's an element of that). There has to be some way of letting the security services in their various forms do what they need to do. And to be clear: I think "need" here means what we the people as a democratic majority agree they need to do. (We the people also need to be realistic about the world we live in in doing so). Slightly changing tack as well: It's good and healthy that everyone's angry if someone abuses a position of responsibility and power. We just need to channel that productively so we make sure we don't throw the baby out with the bath water when we fix the problem. I also think that engineering a culture in our intelligence agencies that shies away from any abusive practices. You want people to avoid abusing power because they think that's right, not just because it's against a law or rule of some kind. My gut instinct is that the culture is probably well intentioned. Caveat the road to hell etc...

Comment: Re: It's what you do with it that counts (Score 1) 184

by tomalpha (#48332737) Attached to: British Spies Are Free To Target Lawyers and Journalists

Spies should respect laws and constitutions, at the very least those of their own country.

No argument from me there, but how do we balance this against other nations or groups that don't play by the same rules? (However limited or flawed the home laws might currently be).

Comment: It's what you do with it that counts (Score -1, Troll) 184

by tomalpha (#48332669) Attached to: British Spies Are Free To Target Lawyers and Journalists
Spies should listen in to whatever they need to listen in to. That's what they're there for. Nations spy on other nations. It's not pretty, but it's reality. That might include otherwise privileged or sensitive conversations - I bet Angela Merkel would feel that her conversations are in some way "privileged" (clearly not in an attorney-client sense). The worrying aspect here appears to be if, when, and how that data might have been passed to other areas of government. Passing, say, data gained from spying on defence lawyers and passing that to the government prosecutor should be criminal.

Comment: Surely not the "largest" tank? (Score 1) 163

by tomalpha (#48219371) Attached to: British Army Looking For Gamers For Their Smart-Tanks
From TFA:

the largest and smartest tank ever designed for the British Army

So my first thought was surely not - the Challenger 2 is a main battle tank and must be bigger. But it turns out I was wrong. The Challenger 2 is still 20 tonnes heavier, but significantly shorter in height:

Challenger 2: Length 27ft 3 x Height 8ft 2 x Width 11 ft 6
Scout SV: Length: 25ft x Height: 9ft 10in x Width: 11ft

Crudely multiplying those numbers to get an approximation of volume gives the Scout SV the edge (just).

Comment: Re:symbols, caps, numbers (Score 1) 549

by locofungus (#48138859) Attached to: Password Security: Why the Horse Battery Staple Is Not Correct

They ask for e.g. first, third and fifth characters of a password that must be between eight and twelve alphanumeric characters, and the dropdowns to make the selection are lower case only.

This means they're storing the password unhashed, at best locally encrypted but decrypted to check the user login.

While I suspect that this is true, I don't think it has to be true.

Step 1 - user choses password.

Step 2 - generate hash in normal way and store it.

Step 3 - generate error correcting check digits such that the password can be recovered from any three characters in known positions. (any three characters in known positions must be both necessary and sufficient - designing such an ECC is left as an exercise)

Step 4 - store the check digits but throw away the password.

Step 1 - user enters three characters

Step 2 - error correct the password
e.g. __p_pp__+CCCCC -> PPpPppPP

Step 3 - hash the corrected password and test against stored hash.

Obviously this isn't very secure - it's susceptible to a brute force attack that only requires guessing (any) three digits correctly once an attacker has gained access to the hash and the check digits.

Comment: Re:Not going to be as rosy as the YES! campaign sa (Score 1) 494

by locofungus (#47926997) Attached to: Scotland's Independence Vote Could Shake Up Industry

The UK general election will be 7th May 2015. The government that agreed to this vote almost certainly won't be the government that is negotiating.

No party is going to stand on a policy of "We're going to give your taxpayer money to this new independent Scotland because the last government agreed to the vote." They're going to stand on the "we're going to save as much money as possible for you and stop these handouts to Scotland."

Error in operator: add beer