Slashdot Mirror


User: sexconker

sexconker's activity in the archive.

Stories
0
Comments
13,379
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,379

  1. Re:But is is on WikiLeaks Publishes Cable Archive In Full · · Score: 1

    Similar to the password that I use:

    "My 33 character password is boobs"

    Now I need to change my password.

    No.
    You 33 character password is FOUR boobs
    33

  2. Re:Skeptical on Man Becomes Artist When He Sleeps · · Score: 1

    I'm pretty skeptical, it says he's been doing this since he was four and has some funny stories of such but do we have any actual proof that this is true? Are we sure he's not an artist with a gimmick to get his stuff sold? He wouldn't be the first.

    If you watch the video you'll notice everything about him screams hipster art snob douche roll.
    While he's awake.

    Yup - dude is faking.

  3. Re:What would this accomplish? on EPIC Uncovers: Mobile Scanners Not 'Certified People Scanners' · · Score: 1

    The courts have disagreed with your assertion and effectively neutered the 2nd, 4th, and 5th Amendments when it comes to air travel.

    Look up "implied consent."

    And I disagree with the court's decisions because they're simply wrong. Look up "wrong".

  4. Re:Serial murderers think too small.. on EPIC Uncovers: Mobile Scanners Not 'Certified People Scanners' · · Score: 1

    They could take a lesson from the CPU manufacturers. Serial murder just doesn't scale as well as parallel murder.

    I think it's more of a SIMD vs MIMD issue.

  5. Re:Fart on Battle of the SATA 3.0 Controllers · · Score: 1

    Intel isn't the only standard. Otherwise, you're correct.

    Obviously when I said "standard" I didn't mean a technical specification. I meant the baseline, no-frills, ubiquitous, workhorse implementation that Intel provides.

  6. Fart on Battle of the SATA 3.0 Controllers · · Score: 1

    I farted and it smelled a bit like vanilla bean extract.
    I learned more from that fart than I did from this submission.

    Marvell produces bargain chipsets. They work, and that's about it.
    If you want performance you get a dedicated part, or at least the standard Intel chip.

  7. As Expected on Google Explores Re-Ranking Search Results Using +1 Button Data · · Score: 1

    This is exactly what they said +1 wouldn't do.
    When they rolled out +1, it was...

    See +1s and get more relevant results/reviews/etc.!
    But I don't want to see other people's +1s, and I don't want them to see mine.

    You'll only see your friends's +1s, and you can choose not to share your own.
    But I don't have any friends on Google, or a Google profile.

    No problem, when there aren't enough +1s from your circles, sometimes we'll display +1s from people outside of your circles.
    I don't want that shit at all.

    Don't worry, the +1s are just extra information, they don't affect the search rankings! ...

    Fast forward to today:
    +1s affect the search rankings! Enjoy the SEO bullshit!

    Google's problem is that they are fundamentally in a conflict of interest with themselves. To provide better search results, they need to throw out the bullshit. To sell ads, they need to tell sites how their voodoo rankings work. Google's method has been to provide a grey box - telling people what kind of shit affects their ranking, but not divulging the specific details, and then constantly changing shit. People who spend big money on Google's ads get some extra "support" with regards to getting their results higher. People who don't buy Google's ads have to trudge through the swamp that is the ever changing indexing and ranking scheme and hope for the best, or hire a "SEO" person/company to do it for them, by hook or by crook, and then pray for the best.

    Page Rank was thrown out because people were gaming it.
    +1 is Page Rank without the down direction. Just like Facebook Likes without Dislikes.

    +1 will have the same problem as Page Rank, but it will stick around because:
    Without a -1 option, advertisers and big sites won't be able to attack each other by -1ing competitors, thus they'll claim to have "solved" the problems with Page Rank.
    By introducing +1 as a social feature, Google wants you to think (and thus marketers will think) that it has some inherent value.
    By rolling out Google Plus, +1s are further ingrained into the users's minds.

    Get them used to seeing +1.
    Get them trained in clicking +1.
    Get them conditioned to trust +1.
    Indirectly sell search rankings by making +1 affect search rankings.

    Since Google already sell ads / page impressions / clicks, they're indirectly selling +1s clicks. Furthermore, they allow and encourage content from Twitter / Youtube / Facebook / etc. to be funneled in to Goolge Plus, thus all that content gets exposed to +1s without directly exposing the user to the originating site (and their ads). If you want the top spot on Google, you'll need +1s. If you want +1s, you'll have to spam, buy ads, and hold contests telling users to click +1.

    The bottom line is that allowing user clicks to affect search ranking is the single best method of determining relevance.
    But allowing those clicks to be tracked means the sites can, and will, game the system.

    Bing tracks user clicks and uses them in their weighting algorithm. They do a great job of filtering out spam clicks (as evidenced by Google's recent attempts to poison their results). Google will always fail when they try to incorporate user clicks into search rankings. They will fail because they are in the business of selling clicks. The degree to which +1 will affect rankings, and the degree to which users are willing to put up with it, remains to be seen. Google will be adjusting the weighting to achieve a precarious balance between sites and advertisers whining and users getting fed up with spammy search results.

  8. Re:you miss the point on MIT Researchers Defend Against Wireless Attacks · · Score: 1

    The client sees the "lie", and doesn't trust either of the offers because it isn't sure which is real.

    Based on this, it's possible to DOS a router by sending out connection offers, but you can't do a MITM attack.

    You can do a MITM attack just as you could with any other wireless system.
    Sit at the edge of the AP and pose as it, targeting people outside of the AP's range.

    If you used a preshared key, the attacker would have to know the key to do a MITM attack - be it a password or other authentication system.
    This idea is all about tossing out preshared keys. That's fundamentally not viable in terms of authentication.

  9. Re:Tamper Evident on MIT Researchers Defend Against Wireless Attacks · · Score: 1

    Bending over and a taking a DoS up the ass is no solution.
    Using a preshared key (either a password or whatever other shit) works far better.

  10. Re:Tamper Evident on MIT Researchers Defend Against Wireless Attacks · · Score: 1

    And on page one of thinking for 5 seconds, you'd know that such a MITM is a perfect DoS attack.
    Beyond that, a MITM can sit at the edge of an AP's range, pose as the AP, and target people within his own range, but outside of the AP's range.

  11. Re:Nope on MIT Researchers Defend Against Wireless Attacks · · Score: 1

    The MITM doesn't have to surround you, he just has to prevent you from hearing the legit AP, the easiest way is to sit at the edge of the AP's range and then pose as the AP. People in the MITM's range, but outside the AP's range, will never hear the AP or it's tamper-evident screaming.
    People in range of both will see both and will be DoSd hard.

  12. Re:Nope on MIT Researchers Defend Against Wireless Attacks · · Score: 1

    Victim --- MITM --- AP

    The MITM just sits at the edge of the AP's range and poses as the AP. Any victims in range of the MITM and NOT in the range of the AP will get fucked because they won't hear the AP screaming it's noise pattern, and they will trust the fact that they hear only ONE noise pattern as an indication that the scheme is working.

    Furthermore, a MITM can:
      - Use a triangulation scheme to only attack when the user is estimated to be outside of the AP's range (thus going unnoticed).
      - Use directional antennae to extend his own range, and thus his victim pool.
      - Use directional antennae to prevent the legitimate AP from hearing his attacks (thus going unnoticed).

  13. Re:Nope on MIT Researchers Defend Against Wireless Attacks · · Score: 1

    All MITM attacks then become DoS attacks.
    The user will just disable the extra security to get it to work.
    Alternatively, users will feel more secure when they hear only one (pair) of messages. But if it's a situation where a MITM is in range of the AP, and the victim is not, the victim is feeling more secure only because they don't hear the AP shouting, and they walk right into the MITM's trap.

    Preshared keys are the only way.

  14. Re:Collision Domain on MIT Researchers Defend Against Wireless Attacks · · Score: 2

    An attacker can tamper with a wireless message in three ways: by altering a message sent by one party to match his own Diffie-Hellman key; by hiding the fact that Party A has sent a message at all; and by blocking a message from being sent. TEP is designed to defang each of these tampering techniques.

    It does this by compelling Party A to follow its message transmission with another: a pattern of energy "pulses" and "silences." Party A's wireless radio computes a hash of the original message, creating a sequence of ones and zeros. For each one, the radio sends a random packet; for each zero, it sends nothing -- it's silent. This combined pattern is unique to the original message.

    If the attacker alters the contents of Party A's message, he, too, has to follow up with a new "silence pattern" that corresponds to the altered contents. But the two silence patterns will be different: The attacker "cannot generate silence" from Party A's "one bits." Party B can detect that difference and in effect refuse the connection offered by the attacker.

    Aha, using the fact that all this comm is occurring in the same collision domain to your advantage against MITM attacks, I wonder if this would actually stand up to scrutiny?

    The client can't refuse the connection by the attacker.
    The client can only refuse ALL connections when it suspect foul pay (by hearing two shits).

    Just as before, it's a race/range condition. Sit at the edge of an AP's range with two radios and people connecting to yours will never even hear the router shouting shit at them as sit in the middle.
    AP ---- You ---- Victim
    Victim and AP can't hear eachother, and thus have no indication that what you're saying isn't coming from you.

  15. Re:Tamper Evident on MIT Researchers Defend Against Wireless Attacks · · Score: 4, Informative

    If you RTFA you'd know their scheme works like this:
    Client says "Hey, let's connect and be secure.".
    Router says "Hey, let's connect and be secure using this key.".
    Router yells "BEEP .... BEEP BOOP BOOP BEEP .... BEEP BEEP!".
    Client says "That pointless noise lined up exactly with the 1s in the message about the key. And the little pauses of silence lined up with the 0s. I should trust it.".

    This does nothing.

    A MITM will be able to construct his own lie message about using his key instead, as well as be able to construct his own noise pattern.
    All a client can see is "Hey, there are TWO packets telling me which keys to use!".

    Exactly the same as current implementations that don't rely on pre-shared keys or out-of-band authentication.

  16. Re:Nope on MIT Researchers Defend Against Wireless Attacks · · Score: 1

    ...and after reading... yup.
    All they've done is create a shouting match that is still vulnerable to race conditions, which, in the wireless world, is all MITM is about once you're authenticated with the other host or the AP.
    Prior to authentication, any MITM can cause a denial of service by just blarting out their own bullshit in the same fashion, so the victim won't know which one to trust.

    The only protection comes from tight timing windows, and who's louder. And in the wireless world, you can be a MITM without actually being in the middle.

  17. Nope on MIT Researchers Defend Against Wireless Attacks · · Score: 3, Insightful

    Anything a legit user can do a MITM can do better.

    This "all-software" solution is either bullshit, or relies on pre-shared keys (be they specific keys or hardware-derived).
    Without keys / hardware, there is absolutely nothing a legit user can send out that a MITM can't.

  18. Re:AGW on Michael Mann Vindicated (Again) Over Climategate · · Score: 1

    I hope your coffee this morning is 0.003675% sewage.

    It's likely not too far off.

  19. Re:Great now if ticketmaster can... on Ticketmaster Lets You Sit With Facebook Friends · · Score: 1

    make the fucking website usable, I might be able to buy tickets. I've only tried to buy from it once and it was like getting kicked in the face a few times and I got about as much out of it.

    Log in at 9 for tickets going on sale at 9, website fails to load, website eventually loads, tickets sold out. Its not even 5 past 9. Why not just use a bloody email sign up lottery system? Enter email, you can sign up and enter your friends emails to ensure you get seats together because the system can process it that way once all entered on same form. If your submission number gets picked in lottery then you all get the seats unless there is not enough seats left for your group in which case it picks a new number until it finds a match.

    Why can't such a system just be put in place over the current everybody rush for the doors and see if you all fit through mechanism? Isn't this the sort of moronic real world problem that the Internet allows us to solve? Why replicate the real world problem onto the Internet?

    TicketMaster instantly sells out because behind the scenes they're shuffling off 99% of the tickets to TicketsNow.com .
    TicketsNow.com is, of course, complete owned by TicketMaster. It's basically scalper.com - tickets are listed and sold by people (TicketMaster bots), and the site takes a percentage of each sale.
    Now if a show/event doesn't do too well, the tickets that were moved from TicketNaster to TicketsNow magically go back to TicketMaster, with all listing fees forgiven, and TicketMaster advertises the fact that they have more tickets to sell, only to repeat the process.

    They do this so they can say they're selling the tickets at the advertised price, while actually selling the bulk of them for much more on TicketsNow.com .

    Any event / venue that uses TicketMaster is retarded.

  20. TED Talks on When Algorithms Control the World · · Score: 1

    There's nothing worse than a TED talk.

    At BEST, they're mildly interesting, factually inaccurate, thinly-veiled agenda pushers presented by self-acclaimed experts who want money/attention/a line on a resume. 5 minutes after it's over you realize it's bullshit, wrong, or technically correct but inconsequential, and then you've got to think of some reply to give your friend who sent you the link, without straight out saying "This is dumb and a waste of my time. Stop sending me this shit - I don't consider you smarter because you're "into" this kind of shit.".

    Giving a TED talk is about as significant as saying "I'm a Phoenix.".

  21. Re:Home on the Web? on Facebook Makes Privacy Settings More Obvious · · Score: 1

    Your profile should feel like your home on the web

    Um, no. A Facebook profile feels like a cheap apartment. They all look the same, feel the same, and even smell the same (okay, that last one, I don't know what I'm talking about.)

    A personal website, on the other hand, now THAT feels like my home on the Web.

    Cheap apartment?
    A facebook profile is more like a window in the red light district.

  22. Re:doing it wrong on Oracle vs Google: Copyright Claims Must Remain · · Score: 1

    An API is a huge set of interfaces with specific names and behaviors.

    A good API is nimble, lightweight, and efficient. If you think it's huge, you're doing it wrong.

    Wrong. A good API is:

    Functional
    Covering
    Fast

    Whether or not the API is "lightweight" is more a testament to whether or not your application/service is trivial and pointless.
    Arguing for lightweight over functionality and coverage is like arguing for a keyboard with fewer keys. Who needs that fucking Q anyway?

  23. Re:API? on Oracle vs Google: Copyright Claims Must Remain · · Score: 0

    Please don't confuse copyrights and patents. Despite the stupid term "intellectual property", these are very distinct things.

    Please don't intentionally confuse people by insisting copyrights and patents are fundamentally different and offering no explanation as to how or why.
    Despite the different terms and mediums (physical implementation vs written work), they are essentially the same fucking thing.

    A copyright gives you the right to produce a copy of a written work.
    A patent gives you the right to produce an implementation of a design.
    Both things essentially say "This is mine, you can't steal it without paying me.".

  24. Re:WTF? Pre-post comment. on Chinese Propaganda Accidentally Reveals Cyberwar · · Score: 2, Insightful

    ...actually, they were the ones who caused the earthquake. Next time, they'll hit DC on the nose. Our base is theirs.

    And nothing of value would be lost.

  25. Re:The real reason on Rare Earth Restrictions To Raise Hard Drive Cost · · Score: 0

    HDD industry was consolidated. The competition was reduced. There are now basically two producers - WD and Seagate.

    How dare you sensical and factual information on Slashdot.
    How is Commander Tachole going to generate clicks if you don't start spreading some FUD about China?