Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment: Re:Which is why (Score 1) 136

I ask the same question again, why put this stuff online at all? Why are critical systems for infrastructure online? Why is anything of any importance for our government and nation available to the general Internet?

Because that's how the information gets from (wherever it is stored) to (the people who need to access it). The Internet is popular for a reason, and that reason is that it helps people get things done quickly and cheaply.

The alternative, of course, is to have the information and the people physically co-located, so that they can access the information only via an isolated network (or by physically sitting at the computer the information is stored on).

However, the benefits of remote access are so great that in many cases it's seen as being worth the risk of allowing it. Whether or not that assessment is correct or not depends on an estimate of how secure the networks are, but also on an estimate of how aggressive, competent, and numerous any hostile intruders will be. Clearly it's possible to get both of those estimates wrong, but I'm not sure that a knee-jerk response of "pull all the Ethernet cables and return to the 1950s" is going to be a practical solution either, as doing so would likely cause as much disruption as an actual attack.

I'm not sure what the solution is, but probably one good practice would be a lot more red-teaming -- i.e. if your network is vulnerable to intrusion, it's much better to learn how a friendly intruder got in (by asking him) and fix the hole than to pick up the pieces after a hostile intruder nuked your network.

Comment: Re:How naive... (Score 2) 68

Your use of the term "naive" suggests you think it's designed that way due to conspiracy.

SS7 is a protocol designed to do all these things because it's designed to manage the phone network. That's it's job. If it didn't do those things, it couldn't be used to route phone calls.

Does it have poor security? Yes in the 2014 world, but at the time it was developed virtually every phone company was a monopoly, and it was just assumed only a small handful of easily accountable giant telcos, usually only one in each nation, would ever use it directly. You might just as well criticize non-networked single-user circa-1977 CP/M for not having logins and user/group ownership of files.

Comment: Re:Wow. This whole sorry clusterfuck sucks (Score 1) 440

by squiggleslash (#48633937) Attached to: FBI Confirms Open Investigation Into Gamergate

Most of the people I've seen speaking out against GG seem to be the politcally correct thought police

Or... the loudest voices against GG have been those targetted by GG, who by and large are people seen by GG to be Feminists and widely misrepresented as a thought police rather than people sharing concerns they have about sexism.

Comment: Re:harassment attribution (Score 2) 440

by squiggleslash (#48633881) Attached to: FBI Confirms Open Investigation Into Gamergate

You've just proven it's easy to convince yourself of something that's obviously not true simply by creating a narrative and tying some minor details into it.

Sarkeesian needs to screenshot a Twitter user who over the last few minutes is sending her death threats. She's getting notifications every few seconds from Twitter on her mobile device, presumably her phone. She knows how to make a screenshot on a computer, and it'll capture more tweets than the four or five you can typically see on a mobile phone, so she fires up a web browser, goes to the Twitter URL of the harasser who's still in the process of sending her death threats, hits Ctrl-PtSc, and then sends the screenshot somewhere.

Completely normal. Exactly what you'd expect someone to do (I know it's technically possible to take a screenshot on your phone, but (1) you won't get many tweets and (2) personally I don't actually know how to do it, if I were in the same situation I'd have to Google for the information.)

Your idiot evidence tries to make every element of this suspicious. They... *gasp* went to a PC they weren't logged into to make the screenshot. They *horror* didn't wait until the death threat stream had finished before making the screenshot, meaning some were coming in seconds before she took it! Because you've decided she must be making this up, you've had to invent a ridiculous narrative involving tablets and logging out of PCs that has Sarkeesian apparently unaware she can have two browsers on the PC that has a keyboard.

What's even more bizarre is you make these allegations while GamerGate simultaneously acknowledges that Sarkeesian does, actually, get death threats all the time. The GG "Anti-Harassment Patrol" even trumpeted it's "success" at finding a certain Brazillian journalist who is one source of anti-Sarkeesian death threats, and got terribly upset when Sarkeesian said "Yes, I know, I've already reported him" and spun it as "Sarkeesian refuses to report harasser we found!!!1!!"

GamerGate is about harassment. Stop trying to cover it up.

Comment: Re:Hardware keyboards not the issue with Blackberr (Score 1) 119

by squiggleslash (#48633733) Attached to: Review: The BlackBerry Classic Is One of the Best Phones of 2009

Android phone makers experimented with physical keyboards for a while, and lately seem to have decided to just issue the same bland iPhone-but-with-Android form factors and forget about being innovative in that area.

I hope BlackBerry stays relevent enough to undo that and get manufacturers looking at text input again. The current situation may suit many, but I see a 50/50 split between people who are happy with Swype-like text input, and people who really prefer the accuracy of physical push buttons. Me, I'm generally OK with the former, but want to have the latter to fall back on.

Comment: Re:harassment attribution (Score 2) 440

by squiggleslash (#48633409) Attached to: FBI Confirms Open Investigation Into Gamergate

What's happening here is the standard (especially in GG) circle-j where GamerGaters theorize that something is a "false flag", then someone digs out some minor coincidence, KIA has a field day and declares that the case has been proven, and nobody there revisits the issue, usually genuinely shocked that anyone would disagree.

I'm _still_ arguing with people who think (or claim to think) that Nathan Grayson wrote anything at all as a result of his fling with "LW1" [the GamerGate term for their primary target, who isn't a journalist FWIW. The women herself has suffered enough harassment, so I'll subvert this term to actually avoid mentioning her by name respecting her wish she be kept out of it.] They read Grayson did, they've only listened to people who said he did, as far as they're concerned it's true, and no amount of "OK, point me at the articles he supposedly wrote" will change that. Given this is the original attempt to redefine GamerGate as an "ethics" campaign, something even this story has fallen for, that's a pretty bad thing.

Another example:

1. Eron Gjoni initially tried to post his revenge-ex "tell all" about "LW1", to the forums of Something Awful. SA deleted it immediately and banned Gjoni.
2. Gjoni shops around, finally finding 4chan tolerates it long enough to stir up support from various anti-women trolls (well, it's 4chan, of course they're trolls.) Yadayadayada Adam Baldwin yadayadayadayada front page of New York Times, article about GamerGate's harassment and death threat campaign.
3. Goons (SA's term for forum members) discussing the trainwreck on Something Awful's forums notice the New York Times is covering a controversy that started at... Something Awful and post words to the effect of "What started here ended up on the NYT!"

So what happened then? Well, GamerGate developed a consensus, immediately, without any evidence whatsoever beyond forgetting, somehow, that SA was where Gjoni started trying to destroy "LW1", that Something Awful was behind all the death threats and was making them to make GamerGate look bad.

Because that totally makes sense. One, out of context, forum comment, with no actual quotes from SA members organizing this shadow campaign.

I mention this because it's one case where you specifically see the mindset. Something is "proven" because it gets repeated within KIA enough that it becomes an unquestioned fact. This is how GG holds on to its useful idiots long enough for them to make idiots of themselves.

Comment: Re:Unrelated to Github (Score 1) 132

by spitzak (#48631239) Attached to: Critical Git Security Vulnerability Announced

No, stop being an idiot.

"regular users" click on files in a list or 2-d grid. They would not even notice if the filesystem allowed more than one file with the same name, and the certainly do not give a damn about case insensitivity. Even if they type at a terminal they use filename-completion and do not care either.

It is also clear that it has nothing to do with user-friendliness or they would map more common errors, such as multiple spaces to single ones, removing leading and trailing whitespace, or mapping equivalent unicode to the same files. They don't do this because they realize that such complex details of the encoding do not belong in the file system api.

Case-insensitivity is a throwback to ancient ASCII-only systems. If you live in the stone age you may think it is a good idea. If you have been exposed to it all your life you may think it is a good idea. But if you were actually intelligent you would know it is wrong.

Comment: Re:I blame Microsoft (Score 1) 132

by spitzak (#48631219) Attached to: Critical Git Security Vulnerability Announced

No. Two different byte strings should identify two different files (unless one or both of them are invalid byte streams). Anything else is introducing complexity into the filesystem and potential bugs and security violations, of which this it an excellent example. Sorry, but Unix has it right, and Microsoft and lots of other systems are *WRONG*.

Comment: Re:No winner here, except for us all (Score 1) 572

by spitzak (#48628791) Attached to: Top Five Theaters Won't Show "The Interview" Sony Cancels Release

The new news that the government thinks they did it certainly changes my opinion, though I would be curious exactly what the evidence is. I find it hard to believe they would risk making a stupid blunder of an incorrect accusation, so the info must be pretty good, such as directly from a spy inside NK at the hacker facility.

My gut feeling is this is disgruntled Sony employees. Somebody thought it would sound cool to threaten theaters and are probably amazed at the result.

Comment: Re:Home of the brave? (Score 4, Insightful) 572

by squiggleslash (#48622985) Attached to: Top Five Theaters Won't Show "The Interview" Sony Cancels Release

Yes, I'd go to the mall. And if I didn't, it'd solely be because I'd turn back if I saw over-zealous TSA-style "security" at all entrances. That's right, I'm more afraid of the TSA (guaranteed to cause misery) than a terrorist (can only cause misery if extremely lucky.)

I lived the first 25 years of my life in a county regularly attacked by real terrorists - not cartoonish villains wearing head dresses, but the sociopathic extreme of a (rightly, in my view, but that's another story) angry Irish Catholic community. I can honestly say I never changed anything I did based upon fear of being killed by terrorists. You don't live your life that way.

In this case, Sony and various theater chains are pissing their pants over a group that has no record of terrorism and which, having "warned" us, is highly unlikely to get away with an attack anyway. And whose justification for an attack anyway is absurd and highly improbable to drive anyone into a murderous rampage.

Wusses.

This is the logical continuation of the Bush response to terrorism: show the entire world we're terrified and lashing out at everyone, because somehow that's helpful, moral, and not going to encourage more terror.

It's time this nation stood up, and stopped pissing its pants every time someone phones in a bomb threat.

It was kinda like stuffing the wrong card in a computer, when you're stickin' those artificial stimulants in your arm. -- Dion, noted computer scientist

Working...