Slashdot Mirror


User: dgatwood

dgatwood's activity in the archive.

Stories
0
Comments
14,277
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 14,277

  1. With online voting, it is impossible to prevent coercion.

    Not true. You can prevent coercion by designing it like this:

    • Votes can be verified only immediately after voting.
    • Vote as often as you want; only the last one counts.

    Now, in theory, somebody could hover over you from the moment you cast your vote until the polls close, but in practice, that doesn't scale. Instead, most vote coercion merely requires showing proof of voting. Because the rules above preclude proving that a given vote was the last vote cast, coercion is impossible, and nobody sensible would even attempt it.

  2. This "Conservative site" is also profiting from Snowden with their bulls**t click-bait article.

    That about sums it up. Their analysis is fundamentally flawed. As a general rule, "Son of Sam" laws make it illegal to profit from your own crime. Snowden can't legally sell his movie rights. They don't prevent him from giving those rights away, nor prevent anyone from making a movie about him or profiting from it, so long as those people were not involved in the original crime. Any law that went further than that would almost certainly fail a first-amendment challenge.

    More significantly, those laws apply only after conviction for that crime, or in some cases after a plea bargain. In this case, he hasn't been tried (even in absentia), so those laws don't factor in.

    And that's assuming those laws even pass constitutional muster. Many of these laws have been overturned for unconstitutionality. And because laws can't generally be overturned until someone can show harm from the law, the fact that they haven't been overturned yet does not necessarily mean that the laws are constitutional, because there may not have been anyone with standing to challenge them yet.

  3. The reality is that people rarely have zero sets of keys. Usually, they lose one and need to replace that one set. As a result, in the more common case, the design where you add the set of keys to the car is much simpler for dealers than one that involves reprogramming the keys with specialized hardware. The process is something like: put the old key in, turn the car on with it, push a button on the new fob, turn it back off and back on, push a button on the new fob, repeat n times. No hardware needed, no knowledge of how to program the key, no special database. The fobs are just standard, off-the-shelf devices, and any random person in the garage can do the work with five minutes of training and no need for any sort of security clearance.

    That's why most systems that are designed by sane people work the other way. The fob has a fixed digital key, and you turn the physical key several times in a row to put the ECU in a programming mode, after which time it will accept codes from the next fob that tries to talk to it. To steal those cars, you would have to have a key cutter and know how to put the ECU into programming mode (and on newer vehicles, you would also need one functioning fob to put it into reprogramming mode, without which the car would fail to detect the chip in the key and would either refuse to start the car or would refuse to put the ECU into programming mode even if it did decide to start and run for a short period of time).

    Granted, with those designs, in the rare situation where you have no keys, you usually have to physically replace the ECU, though in some cases it is possible to force the ECU into programming mode using vehicle-specific OBD-II magic. Either way, this is the right approach, because it minimizes the risk of theft, is easier to reprogram in the common case, and is only marginally more painful in one rare edge case.

  4. It's actually very different. Most car thieves can't physically carry around the $10k+ worth of specialized equipment needed to cut a mechanical key (and I'm assuming that it is even possible to get a single cutter that will cut them all, such that you don't need one of those $10k cutters plus five or six different kinds of $5k cutters).

  5. Rage, rage against the machine built by your competitors.

  6. Re:I think it's time for the corporate death penal on Banner Health Alerts 3.7 Million Potential Victims of Hack (bannerhealth.com) · · Score: 1

    I can't give them a free pass just for being a nonprofit. The same HIPAA laws apply to them as to a for-profit company. And somebody will get screwed if any health insurance/care provider (for-profit or otherwise) disappears or has to scale back because of huge financial overruns from fines due to gross negligence with patient data. But the alternative to that is to not punish anyone for HIPAA violations, and if there's no punishment for breaking the law, there's no incentive to do the right thing, and no one will.

    I really don't see any other solution besides the whole "head on a pike" thing, except perhaps piercing the corporate veil and pressing criminal charges against a bunch of high-ranking executives. That might work, but only if the courts upheld it.

  7. Re:If I thought it would help... on Ask Slashdot: Should The DHS Designate Elections As Critical Infrastructure? (politico.com) · · Score: 1

    Back in 1937, a large constituency of the economically marginal blacks in the deep south would have been involved in subsistence farming, which in the extreme case can almost function as a cash-free economy.

    I would argue that things are worse for the poor now. Subsistence farmers could trivially raise a small amount of extra income by raising their prices slightly. They had some degree of control over their income, albeit not infinitely (because of supply and demand). Most of the poor now don't have that ability; they get paid a fixed wage and rarely have opportunities to take overtime voluntarily. For them, every extra dollar matters.

  8. Re:If I thought it would help... on Ask Slashdot: Should The DHS Designate Elections As Critical Infrastructure? (politico.com) · · Score: 1

    In theory, sure. In practice, shifts in the court have almost invariably resulted in laws that were previously seen as constitutional to be seen as unconstitutional after presentation of additional justification for overturning those laws. I'm not aware of any case where the courts later decided that the constitutional issues with a law no longer mattered. More to the point, if the courts did so, we should worry, because that would almost invariably mean that our rights are being eroded rather than strengthened over time.

  9. I think it's time for the corporate death penalty. on Banner Health Alerts 3.7 Million Potential Victims of Hack (bannerhealth.com) · · Score: 2

    We keep seeing companies losing the highly private health data of millions of people. At this point, in my opinion, the only thing that will stop this is a couple of high-profile companies getting successfully sued or fined out of existence. If companies see the most likely punishment as a small slap on the wrist with little chance of getting caught in the first place, then they'll continue to be sloppy with medical records and other similarly private data. If a couple of dozen insurance companies went Chapter 7 overnight, that would serve as sufficient warning to others that this sort of nonsense will not be tolerated, and the others would be forced to pay attention and take security and privacy seriously.

  10. Re:If I thought it would help... on Ask Slashdot: Should The DHS Designate Elections As Critical Infrastructure? (politico.com) · · Score: 4, Interesting

    This. There are good reasons that poll taxes were found unconstitutional fifty years ago. And this is basically a poll tax. Adjusted for inflation, those unconstitutional poll taxes were about the same cost as California's ID card. If it was unconstitutional then, there's no reason it shouldn't be unconstitutional now.

  11. Re:Time to release OS/X to OEM's? on Apple Should Stop Selling Four-Year-Old Computers (theverge.com) · · Score: 1

    As a long-time Mac user, I'm all for this. I'd love it if Apple's Mac laptops still met my needs, but they just don't come close. I've been stuck at 1 TB of storage since the last time I upgraded my black MacBook's hard drive about seven or eight years ago. Every subsequent laptop upgrade—the non-retina MacBook Pro and the Retina MacBook Pro after that—have had exactly the same maximum capacity. And every time, I've hit the capacity limit within six months (even without migrating files from the previous machine), requiring me to carry multiple external hard drives around with me at all times.

    Meanwhile, the rest of the world has moved on, because other companies didn't foolishly lock themselves into 100% solid state storage for everything by making the laptops too thin to hold a spinning hard drive. As a result, I can stick up to a 4 TB drive in just about anybody else's laptops, and in some models, I can fit two of them. I would kill for a supported OS X laptop with 8 TB of storage, or even a 4TB drive and a 1 TB SSD. I would have those options if Apple opened up OS X licensing.

  12. Re:HTTPS Everywhere. on Comcast Wants To Charge Broadband Users More For Privacy (dslreports.com) · · Score: 1

    As I said, they would know the domain name, and that's it.

    As for an ISP installing a new root cert, most operating systems require explicit authentication before installing a new root cert. If Comcast asked me to run something that requires root as part of setting up my service, the answer would be "h**l, no." And it should be that way for every user, though I know that for a lot of folks, it wouldn't be.

    The thing is, though, if Comcast tried that, they would quickly get caught and excoriated. After all, most Internet connections end up with more than one machine behind it, e.g. your friend coming over and using your Wi-Fi connection. And if they start MiTMing HTTPS connections, that other user would get all sorts of scary browser warnings, and would start asking questions.

    HTTPS doesn't have to protect against 100% of abuses to be effective. It just has to make it infeasible to do mass MiTMing without getting caught in a timely manner, which IMO, it does do.

  13. Re:Funny, my modern TV doesn't do that crap on TVs Are Still Too Complicated, and It's Not Your Fault (theverge.com) · · Score: 3, Insightful

    HOWEVER, I predict that eventually *all* TVs will be "smart" TVs, even the cheap ones. So, we'll have to have a plan on midigating the "spying" thing.

    Step 1: Do not connect it to a network.

    Mitigation plan complete.

  14. HTTPS Everywhere. on Comcast Wants To Charge Broadband Users More For Privacy (dslreports.com) · · Score: 1

    Really, moving the world to encrypted-by-default is the only solution for this sort of silliness. Then, they can do deep packet inspection all they want to, and all they'll get is a hostname, at best.

  15. Re: More that HGST are reliable on 8TB Drives Are Highly Reliable, Says Backblaze (yahoo.com) · · Score: 2

    I dunno about you, but 3.3 vs 3.2 isn't blowing anyone's mind. Not even back blaze, and they make their money by crunching the numbers.

    They're both terrible numbers, though perhaps not terrible by Seagate standards. The best of the HGST 4 TB drives had an annualized failure rate of only 0.4%. If these numbers are correct, then these drives are about an order of magnitude less reliable than previous generations of hardware....

    Of course, the confidence intervals on these numbers are huge. On the low end, the HGST 8 TB drive could be approximately as reliable as the 4 TB HGST drives (.4%). On the high end, it could be as bad as a 12% annualized failure rate, which would put it into the "complete junk" category. In other words, 45 drives just aren't enough data points to be much more reliable than the anecdotal evidence from folks posting on Slashdot.

  16. Re:For those who may have forgotten on AT&T Violated Rule Requiring Low Prices For Schools, FCC Says (arstechnica.com) · · Score: 1

    That certain was an important decision, but the Bell System was still requiring customers to have expensive coupler equipment installed for many years afterwards (that article was from 1974). Those couplers involved transformers that would have made even 56k modems impractical, much less DSL.

    For sure, where I lived, the Bell breakup was the dividing line, after which we were allowed to buy phones from someone other than the phone company. I still remember when we got our first non-Bell telephone, though I was a young kid at the time, and it was after Bell broke up. More amusingly, we weren't even in Bell territory; we were served by GTE. That's how wide-ranging the implications of the breakup were. It rocked the industry, and changed things pretty dramatically for the better.

  17. Re:Yes, deleted files are (sometimes) recoverable on WhatsApp Isn't Fully Deleting Its 'Deleted' Chats (theverge.com) · · Score: 1

    For spinning rust that works just fine, most of the time. Flash is another story entirely. It's likely that your overwrites will get put into _other_ free cells, and the flash controller will mark the cells you're trying to overwrite as free, rather than overwriting them. Depending on your usage patterns, they might _never_ get overwritten. Aaaaaaand we're back to the problem we were trying to solve... just one layer lower. :(

    There actually is a way, but it involves creating a file that's as big as the remaining space on the volume, to ensure that there are no flash pages that don't get rewritten. And even then, that doesn't quite guarantee that it will get overwritten because the flash page you're trying to overwrite could get spared and replaced with a free page. Obviously if you do that enough times, it will eventually get overwritten, but you'll also drastically shorten the life of the flash disk.

    A better solution, of course, is to have a flash controller that supports TRIM properly and guarantees that overwritten pages get zeroed in a timely manner. If you have that, then overwriting the data once is sufficient, because the data will eventually get zeroed. And frankly, there's no good reason for a flash controller to not aggressively erase pages that are no longer tied to the filesystem (the old version of the data), because they are unlikely to ever be used again.

  18. Re:For example on Instagram Will Soon Allow Users To Filter Comments (bbc.co.uk) · · Score: 1

    Oh, that's right, she uses two Ls. My bad.

  19. Re:Not a SQLite problem on WhatsApp Isn't Fully Deleting Its 'Deleted' Chats (theverge.com) · · Score: 1

    In SQLite, you can do "PRAGMA secure_delete=ON;" and it will subsequently overwrite all deleted information with zeros. This is turned off by default because it does more disk I/O. Alternatively, one can run "VACUUM" at any time to ensure that all deleted content has been purged from the database file.

    The concern goes deeper than just disk I/O. On flash, there's a limited number of writes per flash erasure block, and using it in a mode that continuously overwrites everything you delete significantly increases the rate at which you burn through those write cycles. The OS is likely to coalesce a lot of those writes if they happen close enough together, but you're still abusing the hardware pretty badly by doing that.

    The right approach is to come up with a reasonable policy for retention, e.g. "Guaranteed to not retain data more than n hours" and then vacuum the database every n hours, or when the OS tells you that your app is about to get terminated (assuming you can safely do it in such a short time), or when your app gets backgrounded (if you can't). Either way, vacuuming constantly is bad for the hardware, and never vacuuming is bad for security. The key is to find the right balance, and that pretty much requires your programmers to know that this issue exists, which most SQLite users no doubt do not.

    And a couple of aspects of the design of iOS contribute to this problem negatively. If this were on a real computer:

    • You'd probably have a MySQL or PostgreSQL instance holding that data, and it would scrub periodically in the background. You can't do that you iOS, because you can't have a background daemon running when your app isn't running, so everybody ends up using SQLite, which is just barely enough of a database to be usable.
    • You wouldn't have the OS killing your app randomly while it is backgrounded, making it impractical to guarantee that you'll get n seconds to scrub every so many hours.

    I'd love to see iOS add a centralized SQL database running on it at all times, with periodic scrubbing, with the ability to selectively share tables across apps, etc.

  20. For example on Instagram Will Soon Allow Users To Filter Comments (bbc.co.uk) · · Score: 1

    Blocklist: Trump, Hilary, Clinton, DNC, RNC, Democrat, Republican, Libertarian, Green, gun control, s**t, f**k, h**l, ...

    Actual posts filtered:

    • Google Trumps Apple as #1 on NASDAQ
    • California Drought Finally Over? Green Grass Says "Maybe"
    • Shitake Mushrooms Pulled Over E. Coli Concerns
    • Hello. My Name is...

    Word bans don't work. They never did. To do this right would involve significant amounts of machine learning, and you wouldn't need a list of things to ban if they were doing that.

  21. Re:For those who may have forgotten on AT&T Violated Rule Requiring Low Prices For Schools, FCC Says (arstechnica.com) · · Score: 3, Interesting

    Are you kidding? The breakup removed Bell's ability to prevent people from attaching arbitrary non-Bell equipment to the phone lines, which made modems practical, which basically made the Internet viable. It also made multiple long distance carriers available to a lot more people than had options previously, which was responsible for a lot of the cash that Sprint eventually used to build a cellular network. So basically, we have the Internet and multiple cellular carriers because the government broke up Ma Bell.

  22. Re:Billions and Billions Served! on One Billion iPhones Have Been Sold, Apple Says (apple.com) · · Score: 1

    Apple and McDonald's have reached common ground.

    I'm just hoping they'll raise the sign at 1 Infinite Loop to about fifty feet off the ground and put that text underneath it.

  23. There's only one sane way for companies to respond: by continuing to post about the Ol****cs, but avoid using any of their trademarked terminology. For example, they could censor it (eg. Ol****c G***s), or even better, use hashtag #LameGames reflecting the way they are running things.

    And if they sue, countersue. Try for at least a ten-figure payout.

  24. Re:Is there really a need for this? on MIT Developed A Movie Screen That Brings Glasses-Free 3D To All Seats (techcrunch.com) · · Score: 1

    Well, yeah, but they're not going to give you that with the cost of a movie ticket. :-D

  25. Re:Is there really a need for this? on MIT Developed A Movie Screen That Brings Glasses-Free 3D To All Seats (techcrunch.com) · · Score: 1

    That's probably because there's no such thing as perfect 90 degree polarization. Each signal will interfere with the other a little bit, and you always get a bit of bleed from one eye into the other and vice versa near areas of high contrast.