Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Comment EFF bites Orwell (Score 1) 405

If the EFF really wants to take a bite of Orwellian ass, they should campaign relentlessly to have the phrase "identity theft" replaced by the phrase "credential theft".

FFS, no-one can steal my gosh-darned identity until they can call up any of my nearest and dearest family members and convince them that it is really me over the course of an hour-long phone conversation.

I'd count that as actual identity theft.

All we get for this careless throwing around of the phrase "identity theft" is taking the spotlight off how poorly designed and implemented many of these credential mechanisms really are. The big institutions ought to wear their own failures, rather than making their customers take the heat, in particular, the insane persistence of black marks even after one has conclusively demonstrated that the black mark was a bungle to begin with.

How this isn't covered under "slander" is scandalous.

Comment supercilious bastress (Score 5, Interesting) 40

The man deserves it. He rocks. I've loved the precision of his engagement with fundamental assumptions since my first encounter with the Baker's algorithm.

My Writings is a good time killer. One of my favorite passages is this one:

Writing the proofs turned out to be much more difficult than I had expected. I worked very hard to make them as short and easy to understand as I could. So, I was rather annoyed when a referee said that the proofs seemed to have been written quickly and could be simplified with a little effort. In my replies to the reviews, I referred to that referee as a "supercilious bastard". Some time later, Nancy Lynch confessed to being that referee. She had by then written her own proofs of clock synchronization and realized how hard they were.

They did a fair amount of work together, judging by all the other places her name appears.

Comment I welcome the centenarian SAT (Score 1) 334

I welcome the centenarian SAT, wherein the desiccated (if not decrepit) demonstrate that they retain the mental flexibility to allow necessary social change to redefine the terms of continued living.

The movement loses most of its gloss when retirement age gets bumped to 165. Under present conditions, the extremely gifted can amass enough wealth by the present retirement age to coast on equity for a long time.

This of course all changes once life extension begins to rock the boat. Living forever will, however, always remain highly appealing for the 1% of the 1% of the 1%.

Comment decomposing correctly (Score 0) 167

Nice. What's different or unfamiliar is incorrect.

'cause on the first day God wrote a specification document, on the third day he coded madly, on the sixth day God ticked off the last box on the acceptance test plan, and then he sat back and cracked open a can of Galactic Suds.

It comes in galaxies? You bet.

Comment untenable nanoseconds (Score 1) 193

That view is no longer tenable

I've attentively followed every stray tidbit to cross my radar about the shadow sector since the publication of The Puzzle Palace, about the peripheral ghosts of which my algebra professor had direct experience.

The gold box agencies can do traffic analysis at scale. They can model metadata at scale. They can't break every damn cipher at scale—neither can they employ the rubber hose password-getter at large scale (the Soviets managed to cover about 10% of their population with blue welts over a thirty year period, but ultimately this did no favours to their economy).

The best approach to scaling crackers is to leak key bits in the purportedly pseudo-random number nonce stream. This is the hardest tampering to identify from the outside of a black box. Even when the black box is reverse engineered and one discovers that random is far from uniformly random (with no stray key-space correlates), some idiot applies Hanlon's razor: Never attribute to malice that which can be adequately explained by stupidity.

How about we agree to make a small exception for the industrial-scale tainting of purportedly random numbers, where discerning the difference between malice and stupidity achieves an elite level of algebraic epsilon? Oh, look, one digit in the source code for the random number generator has a wrong digit. Must have been a careless mistake—as if careless mistakes are a dime a dozen in the land where a poor man's nonce is a persistent agency's key-space collapsing back-channel.

The NSA does not randomly shoot holes in the protection of the American public. Worse than having no back door is having a back-door that somehow becomes shared with the wrong people. What they want is to inject a weakness that only they can exploit, even when their adversaries discover their handiwork.

Just off the top of my head, one way to achieve this is to require that exploiting the leak requires having the intercept history of the channel in hand since day one. The unfortunate flip side is that the specificity of these methods of single-party Achilles-heal exploitation becomes a smoking gun to the presence of a far-from-blind watch master. No ruse is totally perfect.

But you can always keep 90% of the population busy debating whether metadata has any value, such that any debate that makes any progress at all contains only those people who were already sophisticated cranks (recruitment/rubber-hose scale, to mention the carrot and stick). It all works out.

If scale matters, assigning a scant value to metadata can not be so much as trivially entertained by a thinking person. Pity we have so few.

Comment self-reply (Score 1) 172

s/basis rule/basic rule

That's a natural error, where my brain had the right word, and my speedy fingers went "close enough" as they often do when there's a hot, fresh, unfinished coffee on my desk they're trying to rush off and levitate.

Semantic interference often contributes. I think my brain went square dancing for a brief moment with the Peano postulates.

Comment get your mental back-light fixed (Score 1, Informative) 172

He huge amount of time he spent trying to get things done made much of his time at ORI 'the very worst job I have ever had'.

Have people stopped reading the last sentence of the typically summary altogether with the part of the brain that doesn't type?

On a not-so-tangential side note, it would be nice in the eagerly awaited Beta Redux to be able to click preview prior to furnishing the subject line, and actually get the preview to go along with the lecture. Just about every time this happens to me I want to paste "cat got your tongue" into the subject line until I've actually seen the damn preview I requested, at which point I'm far less than entirely motivated to go back and remove the shim.

It's like childhood. You ask a question. Someone corrects how you presented the question. The question itself never gets answered. If the question can't be properly understood, it needs to be addressed before diving off into an answer. If it's just a matter of persnicketty dress code, probably the answer needs to come first if you're raising a young scientist rather than a young bureauocrat.

However, one must make an exception to this basis rule in extreme cases of shifting the burden: when someone publishes something for thousands to read, and every damn reader has to read the final sentence three times because you've changed "The" into "He"—a hundred times worse than the natural error "he"—which is enough to turn us all into syntactic Cylons.

FFS whoever submitted that, get your mental back-light fixed.

Comment because fifteen years (Score 1) 417

Please, also don't act like your the first person ever that this has happened to. It's been standard practice for at least the last 15 years I've been working IT in schools in the UK.

Your post is constructive right up to phrase "the last 15 years" which apparently justifies how little your network reveals to the surveilled about the actual extent of the surveillance, even to the point of having software installed that they know little to nothing about on their own equipment that could open back doors to the device when employed outside of the school network if by some extraordinary turn of events proves to be slightly less than 100% bullet proof in its coding, implementation, and deployment. Nothing ever goes wrong with WEP or SSL.

Would it damage the small little minds to know more about how this all became "bog standard" without so much as a public whimper? Probably. Does that mean your Slashdot post is filtered on your own school network? Probably.

In my world, forged SSL certificates should be clearly marked as such. There should even be a "forger identity" field and a "forger authority" field (containing the pertinent parental agreement UUID).

None of this would interfere whatsoever with your legal authority to protect your network or your success in achieving this protection. It would increase the awareness of the surveilled of what externalities they have actually taken on downstream of their agreement with you to allow you to do so.

The fact that you've been doing this for fifteen years already without any of this in place is a sad argument.

If this is the school's equipment so that the school absorbs it's own externalities of having badly-coded surveillance kits forcibly installed (I'm guessing the rock stars on that coding team were on the guaranteed forcible-installation side of the house) and the equipment is emblazoned with a giant warning "abandon privacy all ye who input here" there should still be a giant warning screen that comes up whenever a user tries to access a major financial institution (I'm told the government tracks the identities of these organizations) which warns the user "you are attempted to access a financial institution through a forged SSL root chain which is potentially a far leakier pipe than regular SSL, are you really sure you want to do this?"

So you're justified in doing what you do, but you're also so damn sneaky about doing it, that fires spring up in public opinion when the least of what goes on is exposed to public discussion.

No need to hammer the state of affairs in the daily consciousness so that these public fires don't flare up. Because fifteen years.

My bank has a security mechanism where they show a set of images unique to my account so that I can detect impostor sites that entice me to enter my credentials where they shouldn't go (the impostor site doesn't know the unique images associated with each banking account). There really should be a law against these security fingerprint images being conveyed through a forged-certificate SSL proxy no matter how legitimate the usage agreement. Once those images are scraped and laundered, one more safeguard we've be taught to trust is down the spiral tube.

If it's rational, necessary, and you're proud of it, do it out in the open as democracy conceptually demands, with plenty of loud warning signs where the externalities impose heightened risk.

Comment I want to cure dying (Score 1) 64

Too many people suffer and die from too many diseases that we more or less understand, but can't effectively treat.

Yes, this is what classical Greek rhetoric describes as a regressive mirage: the more you learn, the worse it gets, no matter how diseases you cure along the way.

Here's the amazing thing. Understanding tends to outpace effective intervention. Any snooker player can tell you which ball on the table he'd really like to move next. It's rarely the ball he's presently shooting at. In Genomics, we're talking 30,000 balls on the snooker table, and the snooker table is gravity golf in a twenty dimensional space. Even with your trillion dollar Laplacian pool cue, you're struggling to pull off exactly the shot you want.

When I was young and we were on a long trip and the moon was hanging there on the horizon, I always wanted to go faster, so we could see the other side.

Then I got a little bit older. Perhaps a month older. And I thought to myself, "you know, there are reasons why this is probably not going to happen the way I want it to".

Slashdot Top Deals

IN MY OPINION anyone interested in improving himself should not rule out becoming pure energy. -- Jack Handley, The New Mexican, 1988.

Working...