If modifying the installer for new redistributables is a manual process, than there are other problems than just a auto-updated toolchain.
Previously, any security bugfix to a redistributable would also have gone unnoticed if updating the installer requires manual intervention. Meaning that the installer was always broken, just silently.
Would you rather have it that they _could_ potently deal with international crisis? That they _could_ effectively and decisively project military power? Do you really _want_ a world-wide super-state?
Because that is what the implication would be. That is what would be needed. A world-wide superstate that could project military power into its own 'provinces' to bring those 'provinces' back in line.
Let's just leave the UN as a meeting place for countries. A bit toothless, yes, but better than the alternative.
I was just listening to the news today, and some marketing yahoo was extolling the virtues of Egnos (http://en.wikipedia.org/wiki/European_Geostationary_Navigation_Overlay_Service) and how one of the features it would enable was taxation of vehicles per kilometer driven.
There are really people who think having a tracker in every single road vehicle is good. And they are busy lobbying for it.
Perhaps getting these checkboxes to a default of 'off' is something that should be added to the Windows Logo Requirements. Difficult to police though, because even on Slashdot not everybody is in agreement.
You can't take a (full-quality) screencapture of a DRM'd video. But given the correct software you can sure un-DRM the video. And unless I'm mistaken, this system is still the same as the Vista DRM.
You can come back to the Slashdot _pool_ table. As for the cool table, we're out of ice right now.
Re:Transactions need 3 elements to be safe...
on
Banking Via Twitter?
·
· Score: 1
Pretty much taken care of is not entirely taken care of.
For number 1 an attacker can always do MITM attack and replay the banks auth codes. Without relying on certificates for the comm channel it's very, very hard to establish the source of these codes. Possible, but hard. You would essentially need to redo the steps SSL takes.
Encryption and authorization are hard problem domains. If you think its simple, you're usually mistaken.
Re:Transactions need 3 elements to be safe...
on
Banking Via Twitter?
·
· Score: 1
True, but only if you trust your mobile phone.
Maybe you do, maybe you don't. It all depends on how far you want to take the level of security.
Re:"See anything seriously wrong with this story?"
on
Banking Via Twitter?
·
· Score: 1
I think it's a bad idea, if only because the bank should not be promoting twitter as trustworthy communication method. However, presumably the bank is not completely brain-dead, and while you can monitor the account to your leisure, you can't actually transfer money out of your accounts through a twitter message.
Still it's a mistake to allow transfers to occur inside of an account. Escalation of privileges anyone? (Don't want a way for the wife to transfer all your money to a joint account through a twitter message.)
Re:Transactions need 3 elements to be safe...
on
Banking Via Twitter?
·
· Score: 1
Nr 1 is hard. Really, really hard. I don't think there is really a way to do this (if you are discounting certificates). I think the system should then be built in the supposition that the target is hostile while only doing a best effort in authenticating the target.
2 is easily done. My bank uses a small hardware device that interacts with the banks smartcard to provide two-factor authentication.
3 is hard again because the hardware device needs to authenticate and display all details of the transaction to assure proper affirmation.
The UN weapons inspections of Iraq and subsequent invasion made it perfectly clear to anyone in the region that complying with the weapons inspectors doesn't help. At all.
I'm not saying Iraq was in compliance. Who is really. Just that Iraq didn't have any WMD's. Iran must have looked at that, and told itself; "if you're going to be invaded over having nuclear weapons, it's best to actually have them."
Wouldn't it be funny if Israel destroys Iran's nuclear centers in a preemptive strike, and Iran turns out to already _have_ nuclear weapons & delivery system?
Phones? Telephone calls to cancel a service? No way. Signed, sealed and delivered mail works just fine. "Dear FuckCorp, I'm giving you notice that I, John Doe, cancel renewal of service Fubar. Yours sincerely, Asshat." Some of the advantages; The postoffice gives you documentation that your mail was delivered _and_ accepted. They can't make you wait on hold. They don't get to make you jump through hoops ("noooo, you need to call department Y, this is department Z").
Seriously though, any reason why you didn't fire of a mail?
I know nothing of Canadian politics. Sorry. But aren't there representatives calling for the cleanly chopped off, fresh, blood spattered heads of the CRTC bosses? Isn't anyone being called to some house of Parliament for a six-day, no bathroom break, questioning?
I'm in the EU, and just as a counter-example, our Nation's equivalent of the CRTC does the exact opposite, mandating (relatively low) inter-telecommunication company pricing for access to physical lines.
A factor is also the steady and significant EU pressure to open any public service markets with companies that recieve, have recieved or have somehow benefited from state support. (Mail, telecom, energy,...)
It is just you. My Pentium 90 took something like 20-30 seconds to boot to the DOS prompt. Anecdotal, true, but it's nice to remind yourself that even booting into DOS was by no means instantaneous.
I don't think I have a point beyond that. Sorry, carry on about those days. Was it something about marching up hill in the snow?
Suppose 50% of people filling in the CAPTCHA are malicious. They type in things like "penis", "B00BIES", "qwerty", "asdf", etc. 12,5% of people fail at deciphering the captcha completely. 12,5 of people fail, but succeed in providing near matches with one or two letters wrong. 25% of people succeed in deciphering the CAPTCHA.
I'm just taking a guess at the percentages. But still, with a bit of analysis, it would become quite easy for reCAPTCHA to filter out the noise. The only way reCAPTCHA would fail at the analysis is if the malicious people organize with the explicit purpose of poisoning the reCAPTCHA results. While possible, I think this is unlikely unless reCAPTCHA starts say... sponsoring expeditions to kill baby seals.
Slashdot Mirror
If modifying the installer for new redistributables is a manual process, than there are other problems than just a auto-updated toolchain.
Previously, any security bugfix to a redistributable would also have gone unnoticed if updating the installer requires manual intervention. Meaning that the installer was always broken, just silently.
No.
kthxbyeseeya
Would you rather have it that they _could_ potently deal with international crisis? That they _could_ effectively and decisively project military power? Do you really _want_ a world-wide super-state?
Because that is what the implication would be. That is what would be needed. A world-wide superstate that could project military power into its own 'provinces' to bring those 'provinces' back in line.
Let's just leave the UN as a meeting place for countries. A bit toothless, yes, but better than the alternative.
Driving-while-distracted is hard to prove. But all it would take is somebody high-up telling the police; "make an effort to enforce it anyway"
Dear police officers,
enforce the driving-while-distracted laws.
kthxbye,
Minister of justice
I was just listening to the news today, and some marketing yahoo was extolling the virtues of Egnos (http://en.wikipedia.org/wiki/European_Geostationary_Navigation_Overlay_Service) and how one of the features it would enable was taxation of vehicles per kilometer driven.
There are really people who think having a tracker in every single road vehicle is good. And they are busy lobbying for it.
Perhaps getting these checkboxes to a default of 'off' is something that should be added to the Windows Logo Requirements. Difficult to police though, because even on Slashdot not everybody is in agreement.
You can't take a (full-quality) screencapture of a DRM'd video. But given the correct software you can sure un-DRM the video. And unless I'm mistaken, this system is still the same as the Vista DRM.
You can come back to the Slashdot _pool_ table. As for the cool table, we're out of ice right now.
Pretty much taken care of is not entirely taken care of.
For number 1 an attacker can always do MITM attack and replay the banks auth codes. Without relying on certificates for the comm channel it's very, very hard to establish the source of these codes. Possible, but hard. You would essentially need to redo the steps SSL takes.
Encryption and authorization are hard problem domains. If you think its simple, you're usually mistaken.
True, but only if you trust your mobile phone.
Maybe you do, maybe you don't. It all depends on how far you want to take the level of security.
Depends on how much beer there is at that party.
If somebody is talking about the glory in IT; they really just want to be like this guy: http://www.salon.com/tech/feature/1999/08/17/elon_musk/index.html
http://www.askmen.com/celebs/men/business_politics/elon-musk/index.html
I think it's a bad idea, if only because the bank should not be promoting twitter as trustworthy communication method. However, presumably the bank is not completely brain-dead, and while you can monitor the account to your leisure, you can't actually transfer money out of your accounts through a twitter message.
Still it's a mistake to allow transfers to occur inside of an account. Escalation of privileges anyone? (Don't want a way for the wife to transfer all your money to a joint account through a twitter message.)
Nr 1 is hard. Really, really hard. I don't think there is really a way to do this (if you are discounting certificates). I think the system should then be built in the supposition that the target is hostile while only doing a best effort in authenticating the target.
2 is easily done. My bank uses a small hardware device that interacts with the banks smartcard to provide two-factor authentication.
3 is hard again because the hardware device needs to authenticate and display all details of the transaction to assure proper affirmation.
The UN weapons inspections of Iraq and subsequent invasion made it perfectly clear to anyone in the region that complying with the weapons inspectors doesn't help. At all.
I'm not saying Iraq was in compliance. Who is really. Just that Iraq didn't have any WMD's. Iran must have looked at that, and told itself; "if you're going to be invaded over having nuclear weapons, it's best to actually have them."
Wouldn't it be funny if Israel destroys Iran's nuclear centers in a preemptive strike, and Iran turns out to already _have_ nuclear weapons & delivery system?
It would be funny for all of twenty minutes.
You still have a P133 in active use?
*Tips hat to IntlHarvester*
Phones? Telephone calls to cancel a service? No way. Signed, sealed and delivered mail works just fine. "Dear FuckCorp, I'm giving you notice that I, John Doe, cancel renewal of service Fubar. Yours sincerely, Asshat."
Some of the advantages;
The postoffice gives you documentation that your mail was delivered _and_ accepted.
They can't make you wait on hold.
They don't get to make you jump through hoops ("noooo, you need to call department Y, this is department Z").
Seriously though, any reason why you didn't fire of a mail?
I know nothing of Canadian politics. Sorry. But aren't there representatives calling for the cleanly chopped off, fresh, blood spattered heads of the CRTC bosses? Isn't anyone being called to some house of Parliament for a six-day, no bathroom break, questioning?
I'm in the EU, and just as a counter-example, our Nation's equivalent of the CRTC does the exact opposite, mandating (relatively low) inter-telecommunication company pricing for access to physical lines.
A factor is also the steady and significant EU pressure to open any public service markets with companies that recieve, have recieved or have somehow benefited from state support. (Mail, telecom, energy,...)
I use Linux and
Oh stop it.
My uptime is currently some 350 hours on my Game/Dev/browsing/multimedia WinXP machine. That's quite enough for me.
It is just you. My Pentium 90 took something like 20-30 seconds to boot to the DOS prompt. Anecdotal, true, but it's nice to remind yourself that even booting into DOS was by no means instantaneous.
I don't think I have a point beyond that. Sorry, carry on about those days. Was it something about marching up hill in the snow?
The same world where UAC is not a security barrier but seperate logon id's are.
A world where a closed gate is not a security barrier, but a marine with a side arm is.
On doosmday devices: TFA made me remember this: http://en.wikipedia.org/wiki/Dead_Man's_Switch_(The_Outer_Limits)
Brings to mind this quote: "No, no. Psychopaths kill for no reason. I kill for *money*. It's a *job*."
Suppose 50% of people filling in the CAPTCHA are malicious. They type in things like "penis", "B00BIES", "qwerty", "asdf", etc. 12,5% of people fail at deciphering the captcha completely. 12,5 of people fail, but succeed in providing near matches with one or two letters wrong. 25% of people succeed in deciphering the CAPTCHA.
I'm just taking a guess at the percentages. But still, with a bit of analysis, it would become quite easy for reCAPTCHA to filter out the noise. The only way reCAPTCHA would fail at the analysis is if the malicious people organize with the explicit purpose of poisoning the reCAPTCHA results. While possible, I think this is unlikely unless reCAPTCHA starts say... sponsoring expeditions to kill baby seals.