Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Re:The Numbers Lie. (Score 1) 846

You become a pariah if you publish Anti Global Warming stuff.

You might also become a "pariah" if you try to push astrology in an astronomy journal.
You might also become a "pariah" if you try to publish denials of tobacco-lung-cancer link in medical journals.
You might also become a "pariah" if you try to publish atom denialism in a chemistry journal.
You might also become a "pariah" if you try to publish 2+2=5 in math journals.

So yeah, if you demonstrate scientific incompetence, if you try to publish flawed science papers twisted to push some crackpot ideological position, yeah, it's kinda possible that the general scientific community will no longer consider you a respectable scientist.

By the way, did you notice that you're making the exact argument that creationists make? They like to believe that there are tons of scientists who reject evolution, and they have this fantasy that there's some vast body of invisible evolution-rejecting scientists who are merely poor victims of oppression, that they are all hiding.

The most powerful and most important red flag that you're sliding into paranoidconspiracytheoryism is when an absence of evidence supporting your case itself becomes a key element supporting the theory.

You've got an invisible army of climate scientists who agree with you, and the fact that they're all in hiding proves how vast and powerful the conspiracy is.


Comment Re:An ode to wankery (Score 3, Informative) 846

Yes, denialist.

And here's a graph showing exactly how your denialism works, and exactly how laughably wrong it is:

Global temperature graph.

The wiggly red-orange line is global mean temperatures for the last 50 years.
The pale blue straight line on the right, that's the fictitious cooling period we've had for the last 12 years. The straight purple line is the preceding 5 years of fictional global cooling. And before that is the blue line in the middle, 8 years of fictitious global cooling. And the decade before that is the green line, another fictitious period of global cooling. And the straight red line on the left is the preceding 12 year period of fictional global cooling.

That graph shows that we've had nothing but (fictional) cooling periods or "leveling off periods" essentially EVERY YEAR FOR THE LAST FIFTY YEARS.

The series of straight lines.... average declining temperatures lines... is a blatant staircase going up. And it illustrates just how absurd and wrong it is when denialists trot out your claim that warming has stopped or flattened. It is blatantly fraudulent to claim any of the straight lines in the posted graph represent any halt or even slowing in the rate of temperature rise.

There has been no halt in the temperature rise. There has been no slowing in the temperature rise. You're just grabbing at cherry-picked random fluctuations to draw a fictional staircase composed of fictional horizontal (or declining) steps.


Comment Re:White Coats vs solar output (Score 1) 846

Hell yeah!

Screw those stupid laws of physics which say sunlight comes in through the atmosphere, turns into thermal radiation, which is then blocked from escaping building up heat.

Look at that squirrel over there. This year I saw it bury twice as many nuts as last year. And buried nuts make more trees grow. And trees affect the weather. No one has been able to explain why the squirrel buried more nuts this year. And they don't have any really reliable prediction for how many nuts squirrels are going to bury next year. This is an enormous hole in the knowledge needed to do predictions that mean anything. Until you can accurately predict squirrel behavior with some degree of proven accuracy, the climatologists are, well, just guessing. We need a mathematical model of squirrel behavior, but we simply do NOT HAVE IT.

Those other so-called-scientists are biased, they have a financial interest in getting grant money, and all their physics calculations on the heat trapping properties of CO2 is nothing but a scam to get more grant money.


Comment Re:Has anybody seen the actual "evidence"? (Score 1) 112

The BSafe and TIPEM source code are NOT "freely" available.

I never said they were.
I said, "The algorithm and source code for it is public".
And they are. The Dual_EC_DRBG algorithm is a standard published by the U.S. government.

We know the code in the RSA products are functionally identical to the published algorithm and code because if it weren't then they would fail the test suite and never have received certification.

More likely, the NSA paid for a source code license at $10M..made a modification and then put the modified source back into their source control - perhaps removing the old code in the process.

You seem to be misunderstanding the problem here. There was no code modification, there was no need for code modification. The algorithm as originally published by the government had an embedded back door. The algorithm was so blatantly atrocious and so blatantly insecure that no half-educated security professional would ever want to select it. The government paid RSA to include the algorithm, and furthermore paid RSA to set it as the default. RSA then faithfully copied the blatantly backdoored algorithm to their products, and set it as the default.

When someone chooses to confirm nor deny an accusation, it isn't an admission of guilt - Like pleading the 5th

This isn't a courtroom, and this isn't an abstract exercise on what is and isn't theoretically possible. This is a corporation that is doubtless losing millions of dollars in business, and has taken devastating and potentially permanent damage to their reputation for trustworthiness in an industry where trustworthiness is the end-all-be-all of a product. To suggest that RSA management knew the widely reported $10-million-NSA-contract report was false, and declined to say so, is beyond implausible. In fact I suspect failing to say so would get them in serious legal trouble for violating their fiduciary responsibility to stockholders.

And just to bury them even deeper, a minimum of three RSA employees were explicitly aware of the backdoor issue, as they were all members of the ANSI X9F1 Tool Standards and Guidelines Group where the backdoor issue was initially raised.


Comment Re:Has anybody seen the actual "evidence"? (Score 2) 112


I'll break this issue down into three levels. First there's the compromised algorithm itself. The algorithm and source code for it is public. Anyone can trivially test that it's about a hundred times SLOWER than the alternative algorithms. It has zero redeeming features. And anyone with the slightest security knowledge can see that it was covered in huge red flags all over it (unexplained magic numbers pulled out of the algorithm-submitter's ass are a HUGE security no-no). It had squat track record of being vetted by the global security community for flaws. No one with the slightest security expertise would ever willingly use it, much less set it as a default algorithm.

Second, there's RSA's products. Anyone who bought it can check the configuration to see that the compromised algorithm is in there, and that it's set as the default. Anyone with an internet connection can do a search and check the product specs. I'll admit I haven't personally checked this detail, but it's beyond implausible that the story has run this long without anyone here posting a fact-check on it if it were false.

So that just leaves the third aspect. Whether RSA got paid twenty pieces of silver.... errr.... I mean ten million set the compromised algorithm as the default in their products. I would say that is a forgone issue when RSA's response on the story was an astonishingly lame we-didn't-know-it-was-compromised and we-would-never-knowingly-compromise-our-customer's-security. If they hadn't been paid $10 million by the NSA to do, then the first words out of their mouths would have been to deny the $10 million NSA payment.

So that just leaves us with two possibilities. Either RSA knowingly took a $10 million payoff to look the other way and install a compromised back door as the default setting in their products, or they don't have a single competent security person on their entire staff.

It's hard to say which of those two possibility would be worse for a security company, but we don't have to ponder which applies here. It is utterly implausible that RSA doesn't have competent security experts on staff. They make highly sophisticated security products. They know damn well how to make products that will strongly protect you from attack by random hackers. However they are also willing to sell out your security so that the US Government has a back door into your system.

So... if you want top tier security products to protect your business and you don't give a hoot that it comes with a back door for US spook agencies, sure, go with RSA. They've got some of the top security experts. But if you want security products that don't come with back doors, there are other world-class security companies to turn to. World class security companies with world class security experts who, even in a drunken stupor, would neverselect an unproven absurdly slow ugly blatantly-backdoored random number generator to use.


Slashdot Top Deals

Chairman of the Bored.