Slashdot Mirror


User: dgatwood

dgatwood's activity in the archive.

Stories
0
Comments
14,277
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 14,277

  1. Re:repeat after me... on Australian Telcos Declare SMS Unsafe For Bank Transactions · · Score: 1

    Not at all. If you never enter your bank password or pin through the phone in the first place, there is no way a compromised phone will be able to obtain it. I do all of my online banking from a computer, so a second factor being the phone would work fine (unfortunately only the least important of my three banks uses two factor).

    Fair point. But that kind of negates the purpose of all the mobile banking apps at that point, which the banks are eager to promote because they think it makes them look more in touch with their customers' needs. Besides, you're basically assuming security-conscious users with that assertion. :-)

    Unfortunately, even if we very optimistically estimate the security knowledge of a bank's customers, I doubt that more than 1% would know enough about computer security to understand that a single device cannot safely be used for both purposes. Therefore, it is the banks' responsibility to ensure that it is not possible for them to set up their account in this way. In practice, this probably means that you either have the ability to do banking on the web (and/or with a mobile app) or you allow text messages as a second factor, but not both.

    I mean, sure, they could ostensibly disable the use of text messages as a second factor when you first log in with their mobile banking app or using any mobile device to access their website, but the sheer number of hairy edge cases that would cause means that such a design would get very, very complicated very, very quickly.

  2. Re:LOL on Romney Campaign Accidentally Launches Transition Web Site · · Score: 4, Funny

    They should hold on to the site, you never know what the final count will be once Florida finishes.

    Yeah. Florida might find another eighty electoral votes somewhere.

  3. Re:repeat after me... on Australian Telcos Declare SMS Unsafe For Bank Transactions · · Score: 1, Informative

    something you know, something you have, and something you are

    The problem is that superficially, a phone looks like a great second factor. You know your password, and you have your phone. Unfortunately, in practice, it is not a second factor at all because the phone is a party to the communication of the first factor (password/PIN), so compromising the phone compromises a second factor implicitly. Fundamentally, no phone can ever be a second factor for authentication purposes, period, so long as it is possible to enter your password or PIN through that phone.

    The ability to clone phones is just the icing on the cake. It's the beach ball floating through the gaping hole that nobody noticed previously that calls attention to the flaw in the minds of people who were otherwise not sufficiently security-minded to see it.

  4. Re:Very interesting on The Data Crunchers Who Helped Win The Election · · Score: 1

    It's not that people can't compare the "what if" scenario so much as that it is meaningless to do so. For abortions in the past, you can't go back and prevent them, and for abortions in the future, the hypothetical "What if I vote Republican and they overturn Roe v. Wade" scenario is a pipe dream. It's a fantasy that will never happen. Thus, that "what if" scenario isn't meaningful except in a purely academic discussion. By contrast, providing material support for the poor so that they are much less likely to decide to have an abortion in the first place is something that can and does reduce abortion deaths every day.

    For example, Obamacare's improvements to the availability of drug and alcohol treatment programs will likely do more to reduce the number of abortions and substance-induced miscarriages in this country than everything the Republicans have done since Roe v. Wade put together. It has its flaws, sure, but on the whole, it's a win.

    That's the key difference between the Republicans and the Democrats. The Republicans try to make it harder to do what they consider wrong, whereas the Democrats try to make it easier to do what they think is right. The Republicans want a pure rule that bans everything that they consider bad, whereas the Democrats accept that there will always be wrong in the world, and the only thing we can do as a people is to try to make it easier to do right and to lead by example.

  5. Re:Sorry.. can't agree. on EFF Sues to Block New Internet Sex-Offender Law · · Score: 4, Insightful

    The main reason I object to these laws is that they are basically permanent punishment. The fundamental design of a functioning legal system is one of rehabilitation—once you've done your time, you become part of society again. Unfortunately, there are a few parts of our government that violate that design—disenfranchisement for convicted felons, sex offender registries, limits on where convicted sex offenders are allowed to live, and so on—by creating permanent or near-permanent punishments.

    Unfortunately, such policies are a big part of why the U.S. has such a staggeringly high recidivism rate. They serve as a constant reminder of what the criminal did—a constant reminder that they're not like the rest of society—which makes complete reintegration with society impossible, forcing them to live on the fringes of society. Every time somebody asks if they voted, they either have to lie or have a very awkward conversation. When somebody asks them to pick up their kids, same problem. And so on.

    Regardless of the type of crime, if you think someone is likely to reoffend, you shouldn't be letting them out, and if you don't, then you shouldn't be treating them like they're expected to reoffend, because doing so will significantly increase the odds that they will. That's basic psychology. Anyone who can't grasp that concept has absolutely no business setting any sort of policy on crime prevention. Unfortunately, most of the people setting policies on crime prevention don't understand that concept. And that's why crime in the U.S. is likely to keep getting worse.

  6. Re:Very interesting on The Data Crunchers Who Helped Win The Election · · Score: 5, Interesting

    The rank and file Catholics can’t even agree on the abortion issue.

    It's not that Catholics don't mostly agree that abortion is bad. It's that Catholics tend to be a lot more pragmatic as a group than their clergy would perhaps like. There are three factors here:

    • Catholics don't universally agree on whether it should be illegal—that is, whether their moral objection to it outweighs the need for a clear separation of church and state—whether they have the right to push what is essentially a religious belief on those who do not share that belief.
    • A sizable percentage of American Catholics realize that making it completely illegal has the potential to actually cost lives in some medical cases. That certainly isn't something that the Church as an institution will likely ever accept, but it is a reality that most American Catholics will concede. If your choice truly is whether to abort a fetus (or administer medical treatment that has the potential to kill the fetus) or let two people inevitably die, even most people who are against abortion in general have a hard time stomaching the latter.
    • Most Catholics recognize that there are more important issues that are more likely to actually have a real impact on the world. Roe v. Wade is a wedge that Republicans use to try to get votes, but in reality, they almost never actually do anything to try to change it.

    That last one is crucial to understanding Catholic voters. The abortion debate is full of sound and fury, signifying nothing—all talk, no action. As long as that remains the case, it makes sense to evaluate the candidates based on issues that they might realistically act upon—health care, civil rights, care for the poor, etc.

  7. Re:Not GPL, and suitable for JIT on FreeBSD Throws the Clang/LLVM Switch: Future Releases Use LLVM · · Score: 1

    GPL is for people and companies that think "I wrote this software [together with X, Y and Z] and if somebody else makes it better they must share it with all the world, as I did."

    BSD is for people and companies that think "I wrote this software [together with X, Y and Z] and I accept the loss that somebody else makes it better and keep it for themselves because I want to have the option of getting somebody's else software, make it better and keep it for me without sharing it back."

    No, that's a fundamental mischaracterization.

    The GPL is for people and companies who think, "I wrote this software, and if anybody else wants to use it, they should have to give back not only any changes they make to this software, but also any software whose functionality depends on this software or portions of this software."

    The BSD license is for people and companies who think, "I wrote this software, and I'm willing to accept that some people may use it as part of a proprietary piece of software and may or may not give back changes, confident that most of them will want to give back their changes because doing so reduces their maintenance costs, and thus I will get patches from those proprietary companies whereas with the GPL, they would reimplement the wheel and I'll get nothing."

    Sometimes the GPL people rant about not being able to include BSD code in their projects.

    Unless it's the ancient four-clause BSD license or its predecessor (with no enumerated clauses), those GPL people are wrong. You can freely include BSD-licensed code in GPLed projects. Just not the other way around.

  8. Re:WOW on FreeBSD Throws the Clang/LLVM Switch: Future Releases Use LLVM · · Score: 1

    To be fair, though, most Mac and iOS developers probably have no real reason to care whether FreeBSD is using the same compiler.

  9. Re:Look at who they appoint to the SCOTUS. on Barack Obama Retains US Presidency · · Score: 1

    In 1995, Congress failed to introduce term limits and the results have been a disaster. Our Federal-level politics have become polarized, and no one is willing to work together for the common good. They just want to make a name for themselves so that they can move on to cushy consulting jobs in private industry. We have no one in the legislature who is able to create a reasonable budget or work with the other party because most career politicians have no real experience in budget writing or politicking.

    Never attribute to causation what can be attributed to national political trends just as easily.

  10. Re:No. on Is It Time To Commit To Ongoing Payphone Availability? · · Score: 1

    Oh, yeah. I also forgot the sadly still common mother of all technical reasons:

    • Don't have a static IP option
  11. Re:No. on Is It Time To Commit To Ongoing Payphone Availability? · · Score: 1

    They still offer a technically feasible and useful solution to your problem, you've just decided not to count them for political or social reasons.

    You're making the incorrect assumption that the only reasons to reject one provider are political or social. There are also companies that:

    • Cap your bandwidth below your typical usage.
    • Disallow servers.
    • Block certain ports that you use.
    • Don't allow multiple computers to share the connection.

    And so on. There may be very valid technical reasons why you have to reject one provider or another, and none of those reasons are particularly uncommon.

  12. Re:One good reason for a landline on Is It Time To Commit To Ongoing Payphone Availability? · · Score: 1

    Or truck one in, which is the usual fix. Again, though, it is worth remembering that fixing cell towers in the cities will always get priority.

  13. Re:No. on Is It Time To Commit To Ongoing Payphone Availability? · · Score: 2

    Or, to put it another way: If you were too cold hearted to subsidize the land line network by subscribing to it, and chose instead to save a few bucks, I'm too cold hearted to help you for free. Pay me the amount you saved on turning off your land line, and I'll let you use my phone.

    Except that's not the way it works. The telcos want the wired land lines to go away because of the overhead. That means that they have policies that make it difficult, if not impossible, to keep your wired line.

    For example, most telcos won't activate service on any form of fiber-based connection without permanently severing your ability to get a dial tone on the original wired-line service at that address. So you have a choice: high speed Internet service above DSL speeds or wired voice. You can't have both unless you have a multi-unit dwelling and can add the high speed Internet service to the second unit.

    For many people, it has nothing to do with saving a few bucks.

  14. Re:One good reason for a landline on Is It Time To Commit To Ongoing Payphone Availability? · · Score: 2

    This is actually pretty typical after most disasters. SMS is the most reliable way to get messages back and forth. It can be a high-latency channel for communication, but the message eventually gets delivered. By contrast, a voice call requires a continuous channel that is hard to maintain when everybody is trying to place calls.

    None of which helps if the cell tower isn't there anymore or has no power, of course, but with the cell tower density in most places, that's probably not a huge concern unless you're out in the middle of nowhere.

  15. Re:Where is the arm? on Curiosity Snaps 'Arm's Length' Self Portrait · · Score: 1

    I'm waiting for the one with Marvin.

  16. Re:Fuel logistics on Con Ed Says NYC Datacenters Should Get Power Saturday · · Score: 2

    Many compressor stations do run on gas, but not all.

  17. Re:Fuel logistics on Con Ed Says NYC Datacenters Should Get Power Saturday · · Score: 1

    Ruptured lines may not be a big issue, but as a disaster preparedness scheme, relying on natural gas might not be a good idea unless you store it yourself. Natural gas is pumped to you, and in many cases, the compressor stations are powered by electricity, which means that if power goes down, so does your natural gas supply. In those areas, using natural gas for your backup power is basically equivalent to having no backup power at all, localized power outages notwithstanding.

  18. Re:Explanation on Why Does a Voting Machine Need Calibration? · · Score: 4, Informative

    Because... ooh! Shiny!

  19. Re:gov just destroyed the cloud business on US Government: You Don't Own Your Cloud Data So We Can Access It At Any Time · · Score: 1

    in a way, I like the fact that the gov is killing the privacy-encroaching thing we call The Cloud. really great that people will see it for the unsecure thing that it is.

    Except that's not really what's happening here. What's happening is that any cloud providers that don't encrypt the data with a key that is under the user's sole control are going to wither and die as they get replaced by services that do.

    Then, after that great purge, the government is going to demand a backdoor into all of the major cloud providers that still exist, and they will dutifully comply. At that point, the people will have no real security, but most will believe that they do. This is just the first step in creating that false sense of security.

  20. Re:old and arm on Ask Slashdot: Little Boxes Around the Edge of the Data Center? · · Score: 1

    I'm in Northern California. My top tier of power costs either 35 or 38 cents, I forget which. So a small savings in continuous consumption adds up very quickly. That's also why an electric vehicle would not be cost effective for me. A Nissan leaf, cost-wise, is only equivalent to a car getting 35 MPG, which is significantly worse fuel economy than the similarly sized Prius, has a fraction of the range, and costs half again more.

  21. Re:old and arm on Ask Slashdot: Little Boxes Around the Edge of the Data Center? · · Score: 0

    I just moved my backup DNS server to a Raspberry Pi. I shed 38 Watts of continuous power consumption. If my math is correct, this change will save me about $116 per year in electricity.

  22. Re:Add to that, NYI... on NYC Data Centers Struggle To Recover After Sandy · · Score: 1

    If the fire code bans that, then the fire code is broken. If anything, a fire in the basement is worse than a fire on an upper floor because the whole building becomes a chimney, including the stairwells and elevator shafts. By contrast, the only added risks from having tanks on a higher floor are the risk of leakage (which is easily detected and prevented through proper multi-hull tank design) and the risk posed by having pipes filled with fuel in your walls (which is far less dangerous than the natural gas pipes you already have in those walls).

    Okay, so there's a small additional risk if a fire and massive leakage somehow occur simultaneously (catastrophic tank failure combined with an outside ignition source, e.g. a terrorist bombing), but even then, the risk is primarily to folks close to the source of fuel, which is still a lot better than a fire in the basement that puts the entire building in immediate danger and makes exiting the building difficult for everyone on every floor.

    What we have here is a situation where regulations created to solve a theoretical problem that is better solved in other ways prevents solving a very real problem that can't be solved in any other way. Such regulations need to be rethought.

  23. Re:Stupid. on Court Rules Website Terms of Service Agreement Completely Invalid · · Score: 1

    I don't have any handy. I tend to rapidly reject them when I have an alternative, after which there's no point in keeping them. ;-)

  24. Re:Stupid. on Court Rules Website Terms of Service Agreement Completely Invalid · · Score: 1

    FWIW, most of the binding arbitration clauses I've read lately have specified that the megacorp pays for the arbitration. YMMV.

  25. Re:Why the hell would you even want to try? on Ask Slashdot: Is TSA's PreCheck System Easy To Game? · · Score: 1

    Nonsense. You're only saying that because none of them ever have. :-D

    • Adding hardware to detect bomb residue in the air would potentially be useful (if it works).
    • Adding thermal imaging to detect concealed weapons or seriously sick people would potentially be useful.
    • X-ray checks of baggage are at least moderately useful even if they miss things once in a while.
    • The background checks they run against lists of known or suspected terrorists to help inform the screening process is potentially of at least slight utility, though probably only slight in light of the way the system was designed....

    The problem with the TSA is that they seem to have a goal of being usefulness-neutral—for every one thing that they do to improve security, they have to come up with one additional useless hoop for people to jump through for no good reason, so that on average, their actions will never get more useful than they currently are....