Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Compare cell phone plans using Wirefly's innovative plan comparison tool ×

Comment Hostname leaks and internal CA (Score 5, Insightful) 62

1) Hostnames leak all the time. A client will make a DNS request and the name becomes known even if it is not resolvable on the public Internet.

2) If you really care that much, run an internal CA. Lots of ways to do it, most server OS's have built-in or easily available internal CA software.

Keeping a hostname out of the certificate log is pretty much pointless security by obscurity.

Comment Old stuff "discovered" by the ignorant (Score 5, Informative) 519

I am an economist. Economists have already extensively studied this kind of approach. It's called an Input/Output Model. Communist countries used it in their approach to central planning during the 1970's. It failed miserably for two reasons:

1) It assumes zero substitutability between inputs. E.g., to make a car you need exactly 1.35 tons of steel, 52.7 kg of rubber, 217 kg of glass, 1.73 KW of electricity, 29.4 hours of labor, etc. No other formula is possible, you can't use more energy and less labor, for instance. For reference, the production function is known as a Leontief production function. To be fair, adding any kind of substitutability between inputs results in a completely intractable problem. However, without substitutability this is a lousy way to actually model an economy.

2) It assumes perfect information on the part of the central planner. While this is an oft-used simplification in economic models, it's a lousy reflection of reality. It's simply impossible for a central planner to gather and correlate sufficient information to make it work.

Yet another piece-of-crap opinion article written by someone who couldn't be bothered to do an hour's research on Wikipedia.

Submission + - Asian Americans use Google Docs to Fight Prejudice

plsuh writes: Little-known outside the Asian American community there is a strong strain of racism against blacks, especially among the older generation. As reported in the Washington Post, in the wake of the shootings in Louisiana and Minnesota Christina Xu and a group of online contributors used the joint editing capabilities of Google Docs to create an open letter about the significance of the Black Lives Matter movement. The letter is addressed to "Mom, Dad, Uncle, Auntie" — the first generation of immigrants who may not understand and harbor prejudices of their own from the old country. Translations into Chinese, Korean, Japanese, Vietnamese, and tens of other languages are in progress.

Comment *yawn* (Score 5, Informative) 13

This is a second-order attack that only affects MDM clients, and then only if they've installed a rogue app AND the MDM is pre-provisioning with sensitive data. It's also already patched. It's easy to check the OS version on iOS devices tied to an MDM so that the IT department knows which ones need updates.

Nice catch on the security side, but not a real humdinger.

--Paul

Comment A matter of priorities (Score 3, Insightful) 212

The US government has lost sight of the larger issue here. The tail (NSA and law enforcement) is wagging the dog.

The NSA and law enforcement agencies want to be able to intercept anything, since it makes their jobs easier. However, this runs counter to the larger national interest of the United States.

Which country has the highest level of connectedness and dependence on the Internet? Which country would be worst hurt if a sophisticated attacker was able to penetrate and conduct malicious actions using the systems connected to the Internet? The US, that's who. It is by far in the US's overall national interest to properly secure the Internet and communications infrastructure. Eavesdropping on everyone else is a secondary benefit, in comparison.

The proper role of the President and the Attorney General is to separate the desire of the NSA and law enforcement to make their jobs easier from the greater benefit to the country as a whole. They need to tell the ambitious underlings "NO" in unequivocal terms, then bitch slap them if they keep whining about it.

--Paul

Comment Accessibility for Apple and Microsoft products (Score 1, Informative) 100

You didn't say what platform, but this has been an on-going emphasis for both Apple and Microsoft for a long time.

For OS X and iOS, see

http://www.apple.com/accessibi...
http://www.apple.com/accessibi...

For Windows, see

http://www.microsoft.com/enabl...

Hope this helps.

--Paul

Comment End-to-End Audible Voting Systems (Score 1) 480

FFS, doesn't anyone do any research before posting stories? 60 seconds of research would turn up the Wikipedia entry on End-to-end audible voting systems. The problem of being able to verify that your vote is recorded as you intended without revealing the actual content of your vote has been solved by several teams. The ones that seem to have the best handle on things are Scantegrity, Pret-a-Voter, and Punchscan (the predecessor of Scantegrity) .

Using Bitcoin (which in fact has anti-anonymity properties) as an engine for voting is like attaching a tractor to a horse carriage. It may get you where you want to go, but it's nothing like a proper motor vehicle.

--Paul

Comment Really, really weak evidence (Score 4, Informative) 158

Folks,

The evidence here is really, really weak. The connection is tenuous enough and the original pool of possible suspects via their methodology is large enough that I sure as heck wouldn't rule out a connection via random chance. Until we get better evidence, this isn't worth very much.

Norse Security says as much in The Fine Article:

Stammberger was careful to note that his company's findings are hardly conclusive, and may just add wrinkles to an already wrinkled picture of what happened at Sony Pictures. He said Norse employees will be briefing the FBI on Monday about their findings.

"They're the investigators," Stammberger said. "We're going to show them our data and where it points us. As far as whether it is proof that would stand up in a court of law? That's not our job to determine, it is theirs," he said of the FBI.

--Paul

Comment It's not a tank (Score 1) 163

Geez how the press gets this sort of thing so wrong. It's not a tank, it's an Infantry Fighting Vehicle (IFV). It's lightly armored against small arms and small-bore auto-cannon rounds, not against ATGMs, tank main guns, or RPGs.

https://en.wikipedia.org/wiki/...

The weight at 34 tonnes is much less than that of any current front-line tank (according to Wikipedia the Challenger 2 is 62.5 tonnes, almost double the Scout SV). It is a lot heavier than most current IFV's (e.g., the German Marder at 28 tonnes or BMP-3 at 18.7 tonnes), but that may not be such a good thing. It makes strategic mobility more of a problem and ensures that the Scout SV can't swim across rivers by itself.

Some reporter just cut and pasted from the press release. Feh!

--Paul

Slashdot Top Deals

The trouble with being punctual is that people think you have nothing more important to do.

Working...