Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

Comment: Re:Technically, probably not a good move to dodge (Score 1) 130

by vux984 (#49503751) Attached to: Twitter Moves Non-US Accounts To Ireland, and Away From the NSA

Now, the NSA can do whatever they want, because they're completely
A: outside of the USA
B: totally foreign SIGINT

This is correct but also wrong.

For example, one thing the NSA can't do now is simply get a court to order the company to bend over, hand over the data, and then stick a gag order on it so the company isn't allowed to even resist.

By moving it outside the company, yes the NSA is now free to target them without restraint, but they are also free to talk about any attacks, and they are free to actively resist the NSA.

Also:

then they would be *safer* here in the USA where the NSA is not allowed to spy on them, because it's
A: in the USA (FBI territory, right?)

Not really.

B: whoever it is would need a warrant.

Which they can get, from a secret court, that rubber stamps warrants. And they can also broadly interpret various legislation (patriot act, etc) to grant them all sorts of priviledges to collect data without a warrant...

And again, if they have a warrant, with a silence gag on it, you cannot resist. In any other country, the NSA can attack you all they like - but you can defend yourself. They don't get to just order you around.

Comment: Re: For work I use really bad passwords (Score 1) 136

by vux984 (#49482157) Attached to: Cracking Passwords With Statistics

An algorithm-on-a-chip (with tiny keypad and LCD) never stores any sensitive data. It's never connected to a potentially-compromised desktop. It can't be brute-forced, since there's nothing present to "unlock".

That's fair, but its also slightly different from your original proposal as it now explicitly requires custom dedicated hardware. You originally just stipulated "hardware assist" and allowed for "trusted desktop" or other otherware (e.g. smartphone/tablet/etc..)

Its not a practical solution if it doesn't actually exist.

Although there might be a market for a such a device.

It also still requires you need to memorize a password (even an easy one) for each situation. I have well over 100 passwords; and could not remember them all even if they were "easy" -- some I don't use for over a year at a time, unless I relied on a system -- and relying on a system breaks down as soon a site is compromised as I would then need to come up with a new password that deviates from the "system".

I would suggest that perhaps a combination of the two is the holy-grail. Password safe-like functionality for the majority of relatively unimportant passwords, and then some dedicated hardware for a smaller subset of important passwords.

Comment: Re: For work I use really bad passwords (Score 1) 136

by vux984 (#49481275) Attached to: Cracking Passwords With Statistics

I read your link.

The only problem left is that we can't compute hashes in our head, but there are hardware answers to that.

At which point using a password safe(s) on a trusted device is basically the same thing. Except more convenient. Since you can have as many safes as you want, with an arbitrary number of records in them, protected by passwords as is suitable to the class of passwords in them. Its less data entry on average to retreive a password, and it eliminates having to worry about which sites you need a 123!@# tacked on the end, and which sites don't, etc.

Decent password safes also let you securely store notes, usernames, urls, and so forth... which is often just as important and just as difficult to remember as the actual password.

Comment: Re: For work I use really bad passwords (Score 1) 136

by vux984 (#49480325) Attached to: Cracking Passwords With Statistics

You can concatenate a strong password system with their weak requirements, and the result is still strong.

But this requires I memorize "their weak requirements" for each site as this is not usually disclosed on the usual login page?!

And it still doesn't address the fact that if they get compromised I have to CHANGE my password.

If I'm using a 'system' to generate passwords, then I can't use that system for this site anymore, because the password the system generates for the site is compromised.

Comment: Re: For work I use really bad passwords (Score 1) 136

by vux984 (#49479813) Attached to: Cracking Passwords With Statistics

You could also use a system to vary the passwords.
[... describes system loosely...]

The problem I have with systems like this is:

One site won't let you have punctuation... another site requires it. One site says your password is too short. Another says its too long. A site that was happy with your "system" password gets hacked and you have to change it.... and these exceptions build up over time rendering the system an excercise in futility.

Then eventually you get fed up with the exceptions devise a new system and start all over again...

But if you miss any sites when you switch over you have to retain your old system as well.

This sort of all defeats the purpose of a system.

So I have a loose system for the passwords I need daily. And a password app for everything else.

Comment: Re: For work I use really bad passwords (Score 1) 136

by vux984 (#49476565) Attached to: Cracking Passwords With Statistics

. One is for sites that I have some stakes in, like accounts in online games and such, where you could do some damage in the sense of destroying something that took me time to create (delete my GW2 characters, I'd hate you for it, but no real damage has been done).

And one I use for sites where you could do some damage that I could probably reverse, but it would take effort and might cause me real-world inconveniences, such as shopping sites where you could order something in my name and I'd have to go and cancel the order or send it back or whatever.

I had a similar system for a while. The problem? One of the sites that had one of my passwords got hacked. Then I had to change it for every other site in that "category" which was a lot of sites, and I'm sure even now that I've missed some. Plus now I have to remember a new password; but still the old one for any sites I missed...

Then another site I used got hacked. And at that point I decided I was better off using a password manager and using different passwords for each site.

Because if some rinky-dink forum I use gets hacked I don't want to have to change my p/w on 40 other sites.

I still use passwords I can remember on sites I log into daily, but my utilities, random stores I rarely shop at, etc all have random strings in a password manager.

Comment: Re:Not a surprise (Score 1) 250

by vux984 (#49474477) Attached to: Verdict Reached In Boston Bombing Trial

When some jackass on the Internet disagrees with reality, I'll go with reality

I'm not saying it didn't actually happen. I'm saying had you challenged it, they would legally have HAD to give you more time. Of course, if you didn't challenge it and just said ok, then its ok. Its like the police demanding to search your car... if you say "ok"... then they can.

Comment: Re:Not a surprise (Score 1) 250

by vux984 (#49474169) Attached to: Verdict Reached In Boston Bombing Trial

Doesn't work.

Well it did work just fine for me. So "doesn't always work" is probably accurate.

They changed the charge after I got there to one I wasn't prepared to disprove (but was no more valid).

Yeah that seems pretty dubious. But if they had actually pulled that on me I'd have responded that I'll need time to prepare a new defense against these new charges; and time to consult my lawyer.

There's no way they can charge you with a new offense AT YOUR TRIAL and then prosecute you for it immediately like that.

I got a ticket when I crashed a motorbike because the cop that responded thought I deserved punishment for his trouble of showing up. Speeding (30 in a 55,

Speeding is more than just exceeding the posted limit. Driving too fast to maintain safe control of the vehicle is illegal. You lost control of your vehicle. That the issue was your own inexperience more than the weather or the condition of the road doesn't really matter.

with lots of witnesses), and passing in a no-passing zone, because I crossed the center line when I crashed.

Crossing the center line (when not part of a legal passing maneuver is also illegal.)

You can of course legitimately argue that those aren't the best offenses to charge you under; and you might even be right. But face facts -- you were driving and you crashed and you were 100% responsible for the crash -- its pretty hard to do that and not run afoul of the motor vehicle acts in some way.

so he flat made-up tickets unrelated to what I actually did

I think the tickets, while perhaps not ideal, were reasonable choices.

to make sure I got punished for bothering him on a Saturday Afternoon.

Perhaps; perhaps not. I don't know what happened, what the damage / injury level was. It certainly could have been him just being a dick -- or it could be that he felt you were a legitimate danger to yourself and to the public and wanted to send you that message.

Comment: Re:regulation? (Score 1) 244

by vux984 (#49449131) Attached to: 3D Printed Guns Might Lead To Law Changes In Australia

At this moment, as rare as it might be it does happen,

Do you have actual stats on the frequency? Context is important after all. After all, people fall down and die in bathtubs more often than your scenario happens -- and its the reason you need a gun. But what have you done to make your bathtub safe?

don't you have the right to defend yourself with the finest armament of your choice?"

Why? Because your life *might* be at some point be at risk? Therefore you should, nay, MUST have the means to kill people via point-and-click in your closet? Maybe its not-reasonable, but I'm not convinced by your argument that its the only reasonable conclusion.

And not just you, a fine upstanding responsible adult, (that's you right?) but every american should have this option; no matter how stupid or irresponsible they prove themselves to be, and they shouldn't have to take any sort of firearms training or competency test to show they have any idea how to use one either. They should even be allowed to have one if they are clinically depressed, or taking anti-psychotics, or if they are habitual drug users etc without any sort of evaluation at all.

I own guns to protect myself from a crazed psychotic individual"

Maybe if you didn't let crazed psychotics have guns in the first place (see above) you wouldn't need to defend yourself against them with guns as often.

or government.

Wait, was it the governement breaking down your closet door? No? I didn't think so. Someone mentioned dictators becoming president for life etc earlier -- have the rebels in the civil wars and rebellions that followed ever shown much difficulty getting their hands on small arms when it came time to fight? Large armanents sure - its are to get surface to air missiles, but pistols and rifles and such? They flow like water. Why do you think you need one in your closet in advance, just in case "of the government"?

Comment: Re:cryptobracelet (Score 1) 116

by vux984 (#49448571) Attached to: 'Let's Encrypt' Project Strives To Make Encryption Simple

The problem with phones is that you can lose them or break them or have them stolen. I agree that it's a good place to start, though.

How is that "not a problem" with a bracelet? Perhaps the bracelets are slightly less likely to be lost or stolen. Then again, I've found a lot more lost bracelets in the last 10 years than lost phones... and if they are valuable for identity theft, stealing them might well become a real thing.

Comment: Re:I know! (Score 1) 183

by vux984 (#49437495) Attached to: The Key To Interviewing At Google

Basic geometry dictates that any regular polygon can be inscribed in a circle.

The radius of the circle will be the distance from the center of the polygon to any point. And the diameter double that.

Its pretty self evident (and easily proven) that a regular polygon with an even number of sides will have pairs of parallel sizes opposite each other.

Its pretty self evident (and easily proven) that these pairs of opposite sites form parallel chords.

Bisect the polygon through the centers of a pair of chords.

The length of from the center of the circle to the center of a chord is necessarily less than the radius. (Because the chord is inside the circle.)

Therefor the length of the polygon from point to opposite point through the center is the diamter.

The length of the polygon from chord-center to chord center is less.

So its clear you can rotate the polygon to align the chord centers ol the cover with the points on the hole. Rotate the cover upright so that looking down, you are now fitting a line that is less than the distance between two points between two points.

The cover will drop into the hole.*

* assuming its not to thick

Q.E.D.

Comment: Re:Not a surprise (Score 1) 250

by vux984 (#49433087) Attached to: Verdict Reached In Boston Bombing Trial

That's because almost everyone in court for speeding is guilty and hoping for a reduced sentence or guilty and an idiot.

Yup plus

- guilty, but is protesting the system by showing up. (if they are going to steal $200+ from me via a speed trap, I'm going to at least force them to lose a percentage of that to paying a judge, and police officer, etc to formally take it from me. Especially when it was a BS speed trap on a stretch of road where the flow of traffic is always higher than the posted limit.

- guilty, but hoping the police officer doesn't attend to win a default judgement. Hey, if you've got nowhere else to be that day, why not try for a free pass on a ticket.

- guilty, but the police officer screwed up the ticket. I've won on prima facie cases before. ... well not won... in actual fact the police at the very last second asked that the case be dismissed. (So they too are playing the "hope I don't show up in court to win a default judgement game"; because they knew damned well they'd have lost their case the moment I opened my mouth.

- actually not guilty; it happens. Especially with speed camera based systems, where the ticket was issued by mail.

Comment: Re:Contacts? (Score 1) 104

by vux984 (#49430447) Attached to: Biometrics Are Making Espionage Harder

or maybe have special contacts that doesnt pass any light from behind them but reflects what you want and be able to pass as someone else

Uh... no.

A rigid non-moving pattern, either complete, or just a partial overlay would be pretty trivially detectable by equipment programmed to look for it. (or monitored by a human being).

https://www.youtube.com/watch?...

The iris is much more alive and dynamic than a fingerprint. That said, sure, I guess an iris scanner, made by the lowest bidder, with no eye towards security despite being a security device could fail spectacularly; and be just as happy with a random marble or contact lens as an actual iris.

Comment: Re:Too many pixels = slooooooow (Score 1) 263

by vux984 (#49419143) Attached to: LG Accidentally Leaks Apple iMac 8K Is Coming Later This Year

With a PPI value, anyone can figure out if it will benefit them at their viewing distance, and based on that viewing distance, what resolution is their 'sweet spot'.

True enough.

The resolution value without the PPI is meaningless.

If you have the resolution value; and the screen dimensions you've got PPI, if you want it. Or you can add viewing distance and go straight for PPD.

PPI is, at best, an intermediate calculation step that really doesn't need to be used. I suppose its somewhat useful to save you some calculation effort to find your sweet spot; but the truly educated don't need it and calculate it themselves. And the general consumer should really just be given PPD at standard viewing distances; with a caveat that human eyes get 400 PPD or 900PPD... or whatever the number is scientifically valid...

Comment: Re:Too many pixels = slooooooow (Score 1) 263

by vux984 (#49417987) Attached to: LG Accidentally Leaks Apple iMac 8K Is Coming Later This Year

8k resolution is 7680x4320. At 32" that's only 275 PPI. My OnePlus One phone is 400 PPI, and even an iPhone manages 325 PPI. It's not actually that extreme for the largest monitor you would reasonably want on a typical desk.

PPI is a meaningless stat. An inch 11' feet away (my TV) is not the same as an inch 3' away (my PC monitors), is not the same as an inch 12" away (rougly where I usually hold my phone.)

pixels per degree (of field of view) is what matters. This is why a phone needs hundreds of PPI while a movier theatre 40 feet away needs a fraction of that to look just as good. The human eye only has so many receptors after all.

There is some debate on just how many pixels per degree the human eye can discern, and there are things like moire patterns and aliasing show that humans can detect "artifacts" in motion even when the actual resolution is sufficient for a still image. But whatever we come to agree the maximums of human eyesight are, it will be the case that we will need more PPI in a phone than a monitor, and in a monitor than a TV.

Like I said, I think long term 8k and beyond is going to happen and desireable. But today, the price premium and performance hit to driving that many pixels just isn't justifiable.

For games, just run at 1/2 or even 1/4 (full HD) of the native resolution and there are no scaling issues.

Rather defeating the point of the investment.

Ma Bell is a mean mother!

Working...