Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Seriously, security dongles. That's the old new? (Score 1) 162

We run general purpose computers. Can't we trust our own operating systems enough to think they might store a couple bits of secretish data? If not, what good is any encryption since the attackers get every session key anyway? (not to mention the keylogger with the raw password and the memory debugger that sees every block encrypted and decrypted)

The only thing a dongle provides is certainty that another computer can't impersonate a fully compromised device without the dongle. Of course, dongle-failure could very well lock you out of your own services. (and with a back-door in place, session hijacking is very possible)

Many sites, like gmail for example, require "registering" each new device via phone IM or pre-shared key. This happens after password success. Secret keys are then created and stored as securely as the device is maintained. Only if the device is deeply compromised will they be stolen.

If we create a landscape where 90% of computers AREN'T compromised thoroughly this really isn't that horrible. Throw in a bit of geo-location and email warnings about every interesting event (password change, new device registration, stale device login, Computer moved to Ukraine) and really things aren't all that bleak especially for services used every day or even once a week.

Then of course, there's cracking down on IP's and ISP's generating compromising packets, but that's a whole other subject.
See: 18 U.S. Code 2701 - Unlawful access to stored communications

Comment Re:Dougla's Adams said it best (Score 1) 689

Plurality voting with single member districts leads to two party systems. It would require seriously amending the Constitution to change that.

Actually it wouldn't take amending the Constitution [which says nothing about requiring plurality or First-Past-the-Post voting], only changing Federal election laws, in order to completely break the plurality system.

First, there are two states (Maine and Nebraska) where the Electoral College vote can be split; increasing which states with this system would then magnify the value of 3rd-party efforts [as each such state greatly increases the odds of a minor candidate earning the one or two electoral vote(s) which might deadlock the EC, forcing the election to be determined by the House instead]. As seen by the fact this system already exists, this change could be implemented without requiring changes to the Constitution or federal election laws, only state laws.

Secondly, change could be instituted within the House of Representatives by revising the laws on how members are elected: Federal law requires the current separate district methodology but we could move towards a state-level proportional representation system. This would grant easier third-party access to Congress and, while not directly contributing to Presidential aspirations, would elevate the visibility of those platforms and policies. Again, this change would not require a Constitutional amendment, but only altering existing Federal election laws.

Because FPTP/plurality voting sustains the current two-party system even in the face of such hatred the electorate shows for Clinton and Trump, saying these changes do not require amending the Constitution does seem to discount the resistance these changes would face... but I believe the unprecedented hatred for those two candidates and the extreme partisanship on display by their supporters together indicate the importance of making them.


Comey Denies Clinton Email 'Reddit' Cover-Up (politico.com) 459

An anonymous reader quotes a report from Politico: The FBI concluded that a computer technician working on Clinton's email was not engaged in an illicit cover-up when he asked on the Reddit website for a tool that could delete a "VIP" email address throughout a large file, FBI Director James Comey said Wednesday. Republican lawmakers have suggested that the July 2014 Reddit post from a user believed to be Platte River Networks specialist Paul Combetta showed an effort to hide Clinton's emails from investigators. However, at a House Judiciary Committee hearing Wednesday, Comey said FBI agents concluded that all the computer aide was trying to do was replace Clinton's email address so it wouldn't be revealed to the public. "Our team concluded that what he was trying to do was when they produced emails not have the actual address but have some name or placeholder instead of the actual dot-com address in the 'From:' line," Comey said. Comey said he wasn't sure whether the FBI knew about the Reddit posting when prosecutors granted Combetta immunity to get statements from him about what transpired. However, he added that such a deletion wouldn't automatically be considered an effort to destroy evidence. "Not necessarily ... It would depend what his intention was and why he wanted to do it," the FBI director said.

Comment Re:Never report security vulnerabilites (Score 1) 85

You can't use a system without "testing" it in some way.

Purposely taking control of a computer system above your sanction is breaking the law.

These are OK:
Oops my keyboard slipped and I accidentally typed: John Smith'
Oops my name is: O'Riley

Not OK:
Robert'); DROP TABLE Students; --

Comment Re:Heart broken ... (Score 1) 69

Honestly, the only thing which has cumulatively had more security holes than Flash is Windows. I honestly don't know why people keep trusting it, because it really has been a terrible security risk forever, and disabling it is usually the first thing I do in a browser.

I expect a large portion of the Slashdot commentariat also have "disable Windows" as the first thing on their to-do list.

Comment Re:Private sector will always do it better. (Score 1) 352

> People *need* healthcare. They get sick. They don't *need* Internet access;

Ok so give up your telephone, electricity and plumbing. You don't *need* any of that. People may not need Facebook and Twitter, but some level of remote communication makes life a whole lot easier (not to mention efficient). If I have internet I don't need any other telecommunications, internet is the modern information carrier.

Slashdot Top Deals

A language that doesn't affect the way you think about programming is not worth knowing.