Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment Telecoms not interested in security (Score 4, Interesting) 10

About twenty years ago, I was privileged to be one of the authors of a security specification written at the behest of cable-based telecom companies that described the detailed design of a system for securing phone conversations that were carried over their networks. https://www.cablelabs.com/spec.... The design specifically started with the assumption that the network was penetrated, and was designed to ensure that the attacker could neither disrupt service nor learn anything useful about the traffic (for example, taken from the specification: "All media packets and all sensitive signaling communication across the network [are] safe from eavesdropping. Unauthorized message modification, insertion, deletion and replays anywhere in the network [are] easily detectable and [do] not affect proper network operation").

Once the specification was completed and it came time to deploy, all the telecom companies decided (whether in concert or individually, I do not know) that they were not going to deploy the design. When the lead security VP at one of the major telecom companies explained their decision to me: "We don't need gold-plated security like you've designed: we have firewalls"; I knew that the battle was lost. I also wondered how long it would be before the kind of intrusion like the one described in the article would occur.

Frankly, I'm amazed that it took this long; perhaps, though, what took the time was not the fact of a thorough intrusion, but, rather, the detecting of one.

Comment Re:Local connections (Score 2) 52

When you call the store three miles from you using a local number, you won't get routed to Vidhya who's sitting in a call center somewhere in India.

Not true: I had exactly this happen to me this past week. FWIW, it was the local UPS store... and I got routed to India instead of the phone at the local store despite having called the local number.

Then not only did I have to navigate a phone tree that very nearly caused me to throw the phone across the room, but then (after hitting '0' so many times I lost count) got to speak to two lovely Indians, neither of whom -- as far as I could tell - had more than a very basic grasp of English. I say "as far as I could tell" because both the initial person and her supervisor had accents that were all but incomprehensible. In the end, I slammed the phone down, got into my car, and drove several miles to the store to talk to one of the people there in person (I should mention that they were very nice, sympathetic and apologised for the experience I'd been put through, even though, obviously, there was nothing they could have done about it).

Still, corporate UPS -- like so many companies these days -- are obviously unconcerned about the image they are projecting to the public.

Comment Re:It's amazing how mileage varies. (Score 1) 202

I'm with TFA.

Similar breakage happened here several years earlier. I used to use Ubuntu on all my machines. In particular, it was very good on my rarely-used but important-for-travel laptop. After several more-or-less trouble-free years, suddenly one of the biannual upgrades caused the laptop to throw a kernel panic when booting. I figured that such a show-stopping bug would quickly be fixed, so kept running with the old version of the kernel and waited six months, when I fully expected the problem to be fixed (filing bug reports, I had already found, was an exercise in frustration that accomplished nothing obvious but an increase in my blood pressure). But nope, that next upgrade also threw a kernel panic. That was the last time I tried to use Ubuntu. Since then, it's been debian stable on the desktop machines and, throwing in the towel, I bought a Mac laptop for travel.

Comment A solved problem, but not deployed (Score 3, Interesting) 27

More than two decades ago now, I was privileged to be on a team of security experts that fully defined a system for deploying legal wiretap capability in cable ISPs in a secure manner.

To the best of my knowledge, not a single ISP deployed what we defined. Instead, they listened to the marketing people from various companies that sold them proprietary equipment.

The real problem, it seemed to me then, and still seems to me, is that the people in charge of making deployment decisions really don't understand this stuff (a classic statement from one very large ISP at the time: "We don't need more security; we have firewalls") -- instead, they seem only too happy to be wined/dined/golf-gamed into deploying something that any reasonably competent security expert would recognise as, let us say, sub-optimal.

Comment Re:Carts and horses scattered everywhere. (Score 2) 127

I miss tech being exciting and fun. I wonder if that'll ever swing back around, or if we're so fully into "fuck you, gimme" in tech that it's now circling an ever expanding drain that will eventually suck us all under the surface.

I find projects and problems that interest me, and write code (and, mostly, make it available). I don't actually care whether no one else finds the projects/problems/code interesting. It keeps me somewhat sane in a world that has essentially forgotten what it is like to be a human being.

Comment Re:Clarification (Score 2) 113

the Morse Code contest recorded about 12% more contacts than the radio telephony (i.e., speech) contest

Actually, it was about 25% more contacts for the Morse code contest last year... I should learn to check my numbers before posting.

Comment Re:Clarification (Score 3, Interesting) 113

To clarify, Morse code is still alive and well in the Amateur Radio community

Indeed, in last year's running of the American Radio Relay League-sponsored amateur radio contests in which US and Canadian ham radio operators contact the rest of the world, the Morse Code contest recorded about 12% more contacts than the radio telephony (i.e., speech) contest. In years with fewer sunspots, there are typically about twice as many Morse Code contacts as telephony ones.

Comment Re:It's nigh magic what ... (Score 4, Interesting) 34

..color imaging was added as a software update a few decades into their flights.

Effing amazing, that's what.

Er... I was a co-Investigator on Voyager; the "photos" we are familiar with were actually from an old-fashioned vidicon tube (well, there are two: one narrow-angle and one wide-angle). It took the system 48 seconds to acquire a single monochrome slow-scan image, at 800x800 quasi-pixels. To generate the colour pictures we all know and love, colour filters (red, green, blue) were moved in front of the lens, then three sequential images were taken over the course of (at least) 144 seconds (i.e., 3 times 48 seconds). These were combined back at Earth into a single colour image.

(And between the time the (monochrome) images were acquired and the time that they were transmitted they stored on board... on the DTR -- an actual, physical Digital Tape Recorder.)

Comment Re:Proton has/had a problem for me. (Score 2) 37

Yes - Proton bridge is a local client that allows you access the proton mail servers (via encryption) but locally decrypt and interface with any mail client.

https://proton.me/mail/bridge

I went to go and try out this new, improved, proton.me. And quickly discovered that in order to continue to use my regular e-mail client (Thunderbird), I have to have a paid account and download and then download and install the above bridge program. That suggests that something about the client/server interaction is non-standard; in any case, I'm not inclined to get a paid account just to try something out to see if it is actually useful for my situation.

Also, as far as I can tell, the bridge program isn't open source (I could be wrong about that, but pointers to the source weren't obvious on the pages that talk about e-mail); I certainly wouldn't willingly install a proprietary blob into my e-mail chain.

Also also, the idea that if I want to access my e-mail from a different computer using Thunderbird or some other MUA I would have to install the bridge program there as well does not exactly overwhelm me with enthusiasm.

Comment Re:I'm no fan of Elon Musk... (Score 3, Interesting) 116

If this new service provides a real WAN address instead of being double-natted.

And right there is why Starlink isn't installed here. If it doesn't provide an option for a real, publicly-routable static IP address at a reasonable price, I don't consider it a replacement for a terrestrial ISP. Last I looked (which I admit has been perhaps a year at this point), such an address wasn't available with Starlink at any price, reasonable or otherwise.

I realise that probably more than 99% of people don't care about that capability, so I fully expect Starlink to be a great success. But unless something changes, I won't be a customer.

Comment Re:Mandatory? (Score 4, Informative) 84

https://www.nature.com/article...

Older Israelis who have received a third dose of a COVID-19 vaccine are much less likely to test positive for SARS-CoV-2 or to develop severe COVID-19 than are those who have had only two jabs, according to a highly anticipated study published on 15 September.

The standard regimen for messenger RNA-based COVID-19 vaccines is two doses, but some governments, including Israel’s, have started administering third ‘booster’ shots. The latest study evaluated 1.1 million Israelis over the age of 60 who had received their first two doses at least five months earlier. Twelve or more days after receiving a third jab, participants were about 19.5 times less likely to have severe COVID-19 than were people in the same age group who had received only two jabs and were studied during a similar time period.

A correct quote, and I nearly modded you Informative. But then I wondered about the obvious possibility of selection bias and saw the following later in the same paper:

But Ellie Murray, an epidemiologist at Boston University in Massachusetts, cautions that observational studies such as this analysis can contain biases that are difficult to identify and account for. For example, people who sign up to get a booster might have a different risk of COVID-19, or behave differently, from people who do not get a third jab.

Ellenberg says that the authors try to address some of these potential biases. Even if not all biases have been eliminated, she says, the magnitude of the effect suggests that the booster offers some protection, at least in the short term.

So the situation at this point seems rather less clear-cut than it would appear from the initial quotation. "[S]uggests that the booster offers some protection" is much less dramatic than "are much less likely to test positive". So it seems that more data are necessary before a definitive conclusion can be drawn.

Comment Re:Quote of the Article... (Score 1) 53

They found that an ideal clock — one that ticks with perfect periodicity — would burn an infinite amount of energy and produce infinite entropy, which isn’t possible. Thus, the accuracy of clocks is fundamentally limited.

That's just one way of stating the Uncertainty Principle, so there must be more to it than that. (No; I haven't [yet] read the paper, although I am planning to do so.)

Slashdot Top Deals

Parts that positively cannot be assembled in improper order will be.

Working...