Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Chocolate, Ice Cream, and Thanks all work. (Score 4, Interesting) 128

When I worked IT Security for a University, we took extra effort to thank anybody who reported a security issue. Here are some examples:
  • * We had an alert clerk notice that "something was off" when 3 people tried to sweet talk their way into a storage area. She flirted with them, while her co-worker called campus security. The cops had the penetration team spread and handcuffed before they could present their "Get Out Of Jail" documentation. Even then, they kept them handcuffed, until the cops called and verified the documentation. It was the first time that the penetration team had EVER had to use their documentation. I personally called and thanked everybody. I also arranged for the clerk to get a 2 pound box of the local Blue Bird Chocolates:
  • * When we started our "Internet Skeptic" awareness campaign: we would send a coupon for a free Aggie Ice Cream Cone: to the first person to report a new phish.
  • * Later, we found that prompt, public thanks worked as well as ice cream. We would promptly analyse every report, and then send out 2 sets of emails. The first would be the thank-you to the reporter. It included: Personalized thanks; A description of the scam; A report of how many others at USU were warned, thanks to their alertness. The second set of email would go out to everybody who had received a copy of the phishing scam. It included: A notification that the prior message was a fraud; Instructions for how to recover, if they had fallen for the fraud; A report of how many others also received the phish; A public acknowledgement of the alert reporter.
  • * This spring, we had a "Phishing Tournament" with various awards for reporting fraudulent emails. The grand prize was a tackle box full of goodies.

The small amount we spend on thanks was more than repaid by the savings created by a community of alert, careful internet skeptics.

Comment The best answer isn't more anonymity. (Score 1) 177

Well, daaang.

Last night, my computer and Slashdot combined to throw away a 4 hour description on how to maintain anonymity when under omnipresent surveillance. That was frustrating. But, after a night's sleep and some reflection, I think it was for the best. The required skills and commitment are almost superhuman. Today, US citizens can expect little privacy in their purchases, travel, interpersonal communication or internet activity. We need better answers that will help everybody. If we train ourselves to defeat the current generation of surveillance and discovery, we will be faced with even more intrusive measures. We need to change the game in fundamental ways.

The initial problem seems to be that we don't trust each other or government. The cause of that distrust seems to be that we all keep secrets from each other. But, when you look at the cause of the secrets, you find that we have created incentives for secrecy and distrust. In our current laws and culture we benefit from keeping secrets from each other and from the government. Our government benefits from keeping secrets from us. We all have created an economy of discovering and exploiting each other's secrets. Thus, we have created incentives that motivate secrecy, deceit, surveillance, and betrayal. This is not a good way to live.

It seems like we aren't valuing privacy enough. But, I think it is just the opposite. We value privacy enough spend resources to penetrate, subvert, and deny it. The answer isn't to increase the value of anonymity. That will just increase the incentive to destroy privacy. We somehow need to regain privacy and anonymity by devaluing the secrets. We also need to increase the value of trust, while we increase the cost of betrayed trust.

I can see how to accomplish this at the local level. If I am more open, honest and involved with my friends, family and community, then we increase in trust towards each other and know each other's secrets. At that point, our secrets have no value and there is everything to lose and nothing to gain from surveillance, deceit, or betrayal.

I've got no idea how the fix my broken relationship with the highest levels of government.

Local government is small and well behaved. I know them and they know me. We have no meaningful secrets. We have years of mutual support and trust.

I have no problem with telling my next door neighbor, the-city-councilman all the details of my life. We have lived next to each other for almost 4 decades. We have raised each other's children. I know several good policemen and women. I know a good FBI agent. But, somewhere at the top, it all goes sour.

The Feds seem to get great benefit from lying to me, and betraying my trust. I don't know how to make it stop. The CPI (Consumer Price Index) is a bad, blatant lie. I can't imagine why they feel they need to lie about things that are intimate knowledge to every American. It's embarrassing. And the lie damages almost every American. The published employment rates don't pass any kind of simple fact checking. We all nodded along for decades while the Feds inflated the dangers of marijuana. And, now that it is all revealed as an colossal fabrication, they refuse to admit error or correct the damage. All for no obvious reason. The Feds can't admit mistake. The Feds can't correct mistake. And, it appears that they can't tell fact from wild delusion. With that history, I can't stand the idea of giving them more power over me.

And the Feds keep trying to pass their bad habits to my state and local governments.

Comment Re:Lots of other stuff too.. (Score 1) 112

The actual inflation rate is a rather personal thing. And, it depends on some rather personal questions:
  • * Has the price of the stuff that YOU buy gone up or down?
  • * Why did you buy that stuff?
  • * What do you actually need to buy to survive?
  • * What do you need to buy to be content?

In specific, only you can answer these questions. However, there are some common general trends:

  • * The measure of inflation published by the US government: http://www.usinflationcalculat... will be different from the measure of inflation that you experience. The pressures to influence the rate of inflation published by the US government are different from the pressures that influence YOUR purchasing. A couple years ago, Forbes had an interesting opinion piece that pointed out some of the pressures on the US government to manipulate the published rate of inflation:
  • * It is very hard to interpret the published US rate of inflation, because they change their methodology ALL THE TIME:
  • * In general, these changes in methodology tend to minimize the published rate of inflation. Older methods, yield a much higher rate of inflation:
  • * If any of the things that YOU buy experience higher rates of inflation, then it's costs will dominate your budget. This is particularly compelling when the item is a non-optional part of your expenses, such as food, housing, clothing, medical, maintenance of income, community interaction, or interaction with family.

To add an insignificant personal data point, every time I have measured the increase in the expense of food, housing, medical or maintenance of income in the last 30 years, my results have traced the US methodology used back in the early '80s instead of current methodology. For the last 35 years, I have held jobs at the same university in the leading edge of IT. Back then, my monthly salary was about $35K. If my salary increases had matched the cost of living according to the methodology used in 1982, my current monthly salary would exceed $250K. The current actual costs of food, housing, medical and maintenance of income would be about the same percentage of my budget NOW as they were then. Instead, my salary has trailed the actual published inflation rate, and my current mandatory costs are crippling me.

Comment Re:The way to do it (Score 1) 222

I think the most important key to solving the current problems with credit cards is to finally accept that a single approach will not work well for many use cases.

I am looking for something that gives ME (the owner of the account/money) a number of solutions. I need the following:

  • * Options to securely manage my underlying account over the internet. I can understand why some options aren't default, but my bank doesn't seem to even know that problems exist. I would like to protect my connections with overbuilt encryption. Or choose to require refused connections unless it is the latest, strongest encryption. Or reject weak ciphers and key sizes. Or require multi-factor authentication. Or require a range of source IP addresses. Or require a single, secure, pre-distributed OS (distributed on a cheap, reliable USB stick.). Currently, they don't allow me to require any of these.
  • * I want my bank to enable single, on-time, cheap, secure, online transactions. It is crazy that my bank continues to pretend that it is not connected to the internet. Or that online commerce can only exist by using ancient, insecure, expensive, slow 19th century methods. Online purchasing should be more (not less) secure than "chip and pin", because we have much greater capability to confirm the identity of the participants and the nature of the transaction. It can also be much quicker and cheaper. Having Apple, Google, or Paypal add another non-transparent layer between me, my bank, my vendor and his bank just seems insane.
  • * I want my bank to enable ongoing, cheap, secure, ongoing static payments to pay bills. Currently, I don't allow automatic payments of my bills because Comcast (and others) think they should be able to spontaneously increase their charges. I want to set up a "Only this much, this often, to this entity" payment. Then, if somebody want's to charge more, we re-negotiate with full knowledge of the change.
  • * Chip and Pin seems to be an acceptable compromise for the current transition to payment via trusted device. I need to figure out what device method I can trust. So far, no help from my bank on that front either.

Is Paypal capable and trusted enough to be used as a bank?

Submission + - Malibu Media stay lifted, motion to quash denied

NewYorkCountryLawyer writes: In the federal court for the Eastern District of New York, where all Malibu Media cases have been stayed for the past year, the Court has lifted the stay and denied the motion to quash in the lead case, thus permitting all 84 cases to move forward. In his 28-page decision (PDF), Magistrate Judge Steven I. Locke accepted the representations of Malibu's expert, one Michael Patzer from a company called Excipio, that in detecting BitTorrent infringement he relies on "direct detection" rather than "indirect detection", and that it is "not possible" for there to be misidentification.

Comment Potential market for upscale Faraday cages. (Score 1) 107

I think there is a potential market for upscale Faraday cages. I mentioned this a while ago on BoingBoing.

The more ostentatious, the better. It should be about the size and beauty of a fine humidor. Some would be gold, silver or platinum plated. But, you could also have ones that appeared to be mahogany, rosewood or teak. Market it as "The Privacy Box", or perhaps just pBox. You pitch it as a critical accessory for the upwardly mobile. When you absolutely need privacy, just put the phone in the "Pbox".

Expensive lawyers would use it to reassure clients that they took their privacy seriously. C-level executives would use it to highlight the importance of their discussions. The ritual of placing the cell phones in the "Privacy Box" would help seal the deal.

The primary attributes of this product would be:

  • * It must demonstrate "Tasteful Expense" like a fine watch.
  • * It must look good on an executive's desk.
  • * It must block the sensors of any cell phone that is placed inside.
  • * It must close with a smooth, audible click.

For extra points, you could easily design it to:

  • * Restrict interaction between multiple cell phones in the same container, tho this isn't as critical as looking expensive.
  • * Automatically trigger airplane mode (to limit battery drain.)
  • * Recharge the phone(s).

Wish I had the capability to make something that looked expensive and tasteful. I think this would sell itself.

Comment Re:Depends (Score 1) 286

I tailor my note-taking device, depending on how I want to interact with others. I have found that some people are more willing to interact with me if I am taking notes with pen and paper. I have also found that the later work of transcribing paper to electronic form is not really wasted if it helps me to organize my followup.

But, sometimes, a phone is all I have. And sometimes, I just need the speed and organization of taking notes with a laptop.

Comment Re:Actually 3rd point was agreement with trial jud (Score 1) 23

Actually whoever the new guy is, I don't find the site to be "improved" at all; seems a little crummy. The story was butchered and incorrectly interpreted, and the all important software for interaction seems less interactive.

But what do I know?

As to my absence I've been a bit overwhelmed by work stuff, sorry about that, it's no excuse :)

Comment Actually 3rd point was agreement with trial judge (Score 4, Informative) 23

The story as published implies that the ruling overruled the lower court on the 3 issues. In fact, it was agreeing with the trial court on the third issue -- that the sporadic instances of Vimeo employees making light of copyright law did not amount to adopting a "policy of willful blindness".

Submission + - Appeals court slams record companies on DMCA in Vimeo case

NewYorkCountryLawyer writes: In the long-simmering appeal in Capitol Records v. Vimeo, the US Court of Appeals for the 2nd Circuit upheld Vimeo's positions on many points regarding the Digital Millenium Copyright Act. In its 55 page decision (PDF) the Court ruled that (a) the Copyright Office was dead wrong in concluding that pre-1972 sound recordings aren't covered by the DMCA, (b) the judge was wrong to think that Vimeo employees' merely viewing infringing videos was sufficient evidence of "red flag knowledge", and (c) a few sporadic instances of employees being cavalier about copyright law did not amount to a "policy of willful blindness" on the part of the company. The Court seemed to take particular pleasure in eviscerating the Copyright Office's rationales. Amicus curiae briefs in support of Vimeo had been submitted by a host of companies and organizations including the Electronic Frontier Foundation, the Computer & Communications Industry Association, Public Knowledge, Google, Yahoo!, Facebook, Microsoft, Pinterest, Tumblr, and Twitter.

Comment Re:Patent != Innovation (Score 1) 54

It is nice to see that the exponential growth in the number of patents has finally faltered: It's a pity that the current rate of patent creation is more than sufficient to destroy almost all production and innovation.

We have been fooled into thinking that patents are innovation. But, the current rate of patent creation is anti-innovation and anti-productive.

Patents are not Innovation. Patents are not Progress. Patents are simply grounds to file a lawsuit against an industry. More Patents are simply more grounds for more lawsuits. Patents don't guarantee production or innovation. They only enable lawsuits.

An occasional lawsuit might possibly spur innovation. BUT LAWSUITS DO NOT PRODUCE. Lawsuits are parasitic on innovation and production. The current patent industry is responsible for enormous numbers of lawsuits every year. This legal deathtrap has captured marketplaces, destroyed production and stagnated innovation.

Comment Similar problem, better outcome. (Score 3, Insightful) 172

We had a similar problem. Fortunately we had a better outcome.

On of our university's IT group noticed that the university's police were using a packaged IT police support solution that had no security. An attacker could change arrest reports, access and change all the secret log entries, and track the real-time deployment and activity of the police. We verified that the problem existed across hundreds of police departments all over the country. The university police were horrified, when we presented the problem to them.

I think the main thing that led to a better outcome was the university IT team worked closely with the university police team to present the problem to the external vendor. During the presentation, the external vendor went through all the stages of grief: denial, anger, bargaining, depression and acceptance. When the vendor got to the anger stage, they threatened to have us arrested. We just kept asking how arresting somebody would fix the code, until they got on to the next stage.

Still, it took months before the vendor deployed fixed code.

Slashdot Top Deals

The solution to a problem changes the nature of the problem. -- Peer