Slashdot Mirror


User: plover

plover's activity in the archive.

Stories
0
Comments
7,233
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,233

  1. Re:Proud to be a fart on Canadian Sony Rootkit Settlement Stirs Controversy · · Score: 2, Insightful
    Big Brother? Check. Evening News 2 Minute Hate? Check. Telescreens? Check. We have always been at war with Terrorism.

    Callaghan, RK-858110! You forgot the part where they dressed Emmanuel Goldstein up in a turban and renamed him "Osama".

    Oops, I almost forgot, his name always was Osama.

    I love George Bush.

  2. Re:Absolutely correct... on Is the Do Not Call System Working? · · Score: 1

    This device does exactly what you want. While I think the user interface is a poster child of badness, the function of it is major-league cool.

  3. Re:Absolutely correct... on Is the Do Not Call System Working? · · Score: 5, Insightful
    I've heard stories of telemarketers saying anything
    I wouldn't know if I ever got a call like that because I never let a telemarketing call last that long. I've been squacking the same phrase at telemarketers for the last 5 years or so: "Please add me to your do-not-call list and never call this number again." I politely say it at the first break in conversation I get from them, or I interrupt them after just a few seconds if they begin their shpiel without a pause. Usually I get an "OK", at which point I hang up; but some times I get an argument or a question from them, at which point I enunciate the phrase in a less-friendly voice and wait for a positive confirmation before hanging up.

    What I haven't done is 'track' any of these telemarketers. As far as I can tell they never call back -- a non-communicative party who doesn't listen to them never translates into a sale, and they have an endless supply of other numbers to call.

    The Federal do-not-call list seems to be working fairly well. We do not get nearly the number of calls we used to get (although political and charitable calls haven't dropped.) The phrase also appears to have stopped the polling firms, who used to be the worst time sinks. You'll find my f'ing opinion after election day along with the rest of America, thank you very nothing.

    What does NOT work is to screen telemarketers with Caller ID (which is what my wife does.) She doesn't answer when it says something like "CRAPPY CARPET CLEANERS", or she'll tell me "don't answer, it's those damn carpet people again." But they'll call back over and over and over for like a week or two. Finally, I'll answer with my magic phrase, and lo! they quit calling instantly. It's easier on everybody to be brisk with them earlier rather than later.

  4. Re:Tracking is good on The Drawbacks of Anonymous Surfing · · Score: 2, Insightful
    Tracking helps you by targeting information to you based on your activity

    What activities do I want tracked? Where does that benefit me? So I get annoying local advertisements, or that I get annoying tech advertisements? In what way is this different from getting annoying generic advertisements?

    Here's the real tinfoil hat scenario that has me not liking tracks: what are the chances that an RIAA investigator is paying for Google AdWords targeting the search words "mp3" and/or "download music"? Google will happily spit out the address of everyone who sees the ad, not just those who click on the link. Other services provide "location information" based on an IP address, so the investigator can simply investigate people who are nearby.

    Are you still sure being tracked is good?

    And what information about my surfing habits are site designers going to use? If I find a "link rich" page, I keep that page around and open and close the children from it in tabs. I never use the "BACK" link on a web page, I just close the tab. What good does it do a site designer to provide ever more fancy navigational devices that I continue to ignore?

    Finally, how do you personally decide which sites are "illegal?" It's not illegal to read (or author) a site on "how to grow bacteria" or "how to grown an erythomycin-resistant bacteria." But that same information could be used by terrarists to create a bacteriological WMD. So, if you should happen to surf to a site like that, (even just in a link from Make magazine) your IP address could be recorded, and you could end up attracting Secret Service attention.

  5. Greedo didn't do it! on Original Star Wars on DVD... Sorta · · Score: 5, Funny
    Han posted first!

    Sorry, I couldn't help myself :-)

  6. Re:security through obscurity on Detecting Video & Audio Tampering · · Score: 1
    in terms of tying elements of a photograph back to an individual camera, why not just use the same camera?

    Even that might not be good enough. The camera will have to be in the same orientation, as that will affect both JPEG quantization and Moire artifacts. You may need the "paste-in" subject to be at the same part of the image sensor as he'll be in the final image. And it still has to be edited to match the other attributes -- depth of field, lighting, and focus, all of which are features experts commonly use to determine validity.

    Think about what an expert would do if he were to verify your picture. He'd yse your camera to photograph a "white" card several times, and would examine the output carefully for dead pixels. Let's say that he found a green cell was out at (1000,500), leaving a single tiny purple pixel, and a blue cell was weak at (1010,550), leaving a yellow pixel. Next, he'd look at your photographic "evidence". If the cell at (1000,500) has any green component or the cell at (1010,550) has more than 25% blue, he'd suspect the image of having been manipulated. Similarly, if he finds an anomalous dead green pixel in your output image at (1500,750) and a weak blue pixel at (1510,800) he might question that as well.

    Yes, I realize you'll remove (or obscure) many of the differences by using the same camera. It covers a lot of faults that his tamper detector supposedly can find. But without access to the analysis program, are you still really, really sure that you won't get caught?

    If you're interested in the topic, I'd suggest googling for steganography and especially steganalysis. They've done a lot of work in finding "hidden" data, which is where a lot of the photoshop trickery becomes evident.

  7. Re:security through obscurity on Detecting Video & Audio Tampering · · Score: 1
    Quantization is only one facet of many means of detecting manipulation. If you're trying to claim a certain picture is legitimate, you may be requested to submit the camera for evidence. If anything but an image completely consistent with the camera's capabilities shows up, the image could be disregarded, and you may be liable for perjury.

    A real world image will have a lot of artifacts tying it back to a particular camera make and model, and a base noise level that is a virtual fingerprint identifiable to a specific camera. Are you sure you can manipulate an image that still defeats ALL of these checks, even though you don't know what they all are?

    Yes, it's absolutely a case of security through obscurity. He'd like to keep the program "away" from untrustworthy photographers who would use it as a photoshop-litmus test, and place it only in the hands of editors and police forensics labs. And researchers vetting data in submitted conference papers. And professional "expert witnesses." And the list of exceptions will grow as long as your arm, as if a program like this will never end up in "the wrong hands".

    The real question is: did you do such a good job photoshopping that you'll score a "perfect 10" in a courtroom WITHOUT the luxury of first running his program yourself? Are you willing to bet 2 years in prison for perjury on that picture?

    Of course, can anyone prove you do or don't have a copy of his program?

    There'd be an awful lot of things you'd have to get right. Does the EXIF data exactly match the EXIF data the camera's firmware version produces? Are all the values legitimate (if the SD450 camera can't do 1/400th of a second exposure or f1.8, how'd they get set?) Do all the shadows line up correctly? Is the sun in the right position for the time of day and location the image indicates? Does the "noise level" change around the face where you may have used the 'magic wand' tool to cut and paste a second image? Do the foreground and background show evidence of differing resolutions? Does the image size match one of the possible image sizes produced by this camera? Do any black/white transition areas have "false colors" consistent with the arrangement of image sensors in that particular camera, and do they ALL match? Is depth-of-field consistent with the EXIF data, or is the background too sharp/blurry? Is flash evident, and consistent with the camera's make/model? Is the sensor 'noise level' consistent, and does it match the noise profile of the camera? Does the weather match the almanac for that day?

    Those are just some off-the-cuff things I'd expect an analysis program to check for. It would be a lot of work to make an image pass all of these checks.

  8. Re:Congress Asks HP for Information? on Congress Asks HP for Information · · Score: 3, Funny

    "PC Load Letter?" What the fsck?

  9. Re:Why bother!? on Microsoft Research Builds 'BrowserShield' · · Score: 1
    I design perfectly legitimate sites that use ajax to do certain things.
    First, let me start by saying I'm not defending Microsoft, just explaining what they're purporting to have done.

    TFA says they've developed this with a plug-in architecture to support different kinds of scripting environments (and they already have a plug in for AJAX.)

    Think of this proxy more like the C preprocessor. It doesn't execute the code, it just recognizes certain language features and outputs them. Things it doesn't understand, or things it's been told are bad, it doesn't pass through.

    I was assuming before (because I mis-read the original article) that they were translating the output completely into HTML/DHTML (which does sound useless for JavaScript.) After re-reading the article a couple of times, it looks only like they're "rewriting" the script, meaning it could remain in its original JavaScript language.

    So this really is nothing more than what I was doing with the Proxomitron several years ago to strip naughty JavaScripts out of web pages. While it's a pretty simplistic approach, I have to say it's really effective -- I never had a single unwanted pop-up or pop-under when I was using it, and this was in the heyday of the popups. I dropped the Proxomitron only after I started using AdBlock heavily in Firefox (and after Firefox became good at stopping popups.)

  10. Re:Why bother!? on Microsoft Research Builds 'BrowserShield' · · Score: 1
    The reason why an exploit works is because the original software developers never thought about it. So let's add a layer, and what about the thing that the original software developers never thought about? Will the developers behind the extra layer think about it? I rather doubt it.

    Consider how this works, and maybe it'll make it clearer why it should be more effective than just browser patching.

    It's a "translator" layer, translating from JavaScript to HTML (or DHTML or whatever.) ALL JavaScript is retranslated into equivalent HTML, so that JavaScript is never executed client-side. If it's JavaScript that's known to have potentially dangerous side effects, then its translation is an innocuous rendition.

    Exploits often take advantage of tricks in the language to cause the malware to get executed. If every byte of the language is translated into "known safe" equivalents, those tricks will not work.

    This is very much like the "sandbox" theory that .NET uses. In .NET you can't use pointer math to get to stack memory because the bytecode doesn't support letting the developer use pointer math at all. Similarly, this proxy won't support JavaScript tricks.

    Finally, because the translator doesn't have to exist as part of the browser, it can be implemented as a filtering proxy. These proxies could be run by ISPs everywhere to offer protection to their clueless users, especially those who don't patch their Windows boxes.

  11. Re:Profiling is worse than random searches. on You Have Been 'Randomly' Selected? · · Score: 1
    profiling is based on skin color

    -1, Wrong.

    You're thinking of "racial profiling", which is indeed based on your race. But "profiling" does not necessarily imply race, only that certain non-random criteria have been met.

  12. Re:Has anyone here read Red Mars? It's FICTION on NASA Still Wants Space Elevator · · Score: 1
    If the ribbon doesn't burn up, what would the terminal velocity of the ribbon be?

    Well, that's part of why I asked the questions. Since there is no drag, terminal velocity is different. I think the tail of the ribbon could conceivably reenter at speeds of Mach 5 or even higher. Sure, the leading edge would burn up, but would it consume the entire ribbon on the way in?

  13. Re:Invincible on Steve Irwin Dead · · Score: 2, Informative
    "That's a joke... I say, that's a joke, son."

    Actually, it's a line from The Princess Bride. Sorry, I thought EVERYBODY had seen that movie, it's a classic.

  14. Re:Invincible on Steve Irwin Dead · · Score: 4, Funny
    its just almost inconceivable.

    You keep using that word. I do not think it means what you think it means.

  15. Re:Snake Oil on Crypto Snake Oil · · Score: 1
    The difference between the snake oil hucksters and the crypto-hucksters was not made clear in TFA.

    The snake oil salesman KNOWS that his product is worthless. The crypto-huckster believes that his product is the strongest encryption tool known to mankind.

    I've seen a lot of the snake-oil type crypto products that claim "this key is used to generate a one-time pad, and a one-time pad is the only truly unbreakable cryptographic algorithm." The authors understand so little of what they're doing that they don't realize the key generation has become the true security comoponent of their algorithm, but continue to sell their products as if there's no cracking them.

  16. Re:Has anyone here read Red Mars? It's FICTION on NASA Still Wants Space Elevator · · Score: 1
    If it falls, it'll flutter down to the ground.

    OK, I'll bite. Why would it "flutter" if all but the last 100 miles are beyond the atmosphere? As the NASA "feather falling on the moon" experiment demonstrates, 99.5% of the ribbon would fall accelerating at the rate of gravity.

    Let's say the failure is at the geosynchronous point, which I would believe to be the worst case scenario (and perhaps a likely point, as it would be the point with the highest tension stresses on the ribbon.) If I'm right, everything nearer to earth at that point will begin to fall, accellerating at 9.8 m/s^2. Sure, the part of the ribbon that began its fall in the atmosphere would "flutter", but everything above 100 miles would experience no drag to slow it. It would enter the atmosphere at a much higher velocity.

    Would a carbon fiber ribbon, designed to withstand solar and Van Allen radiation plus the cyclic temperature stresses of nights and days, simply "burn up" on reentry? Keep in mind that only the leading edge would suffer the full brunt of reentry friction, leaving the rest of this highly engineered ribbon to slip straight in. Or could part of it "bunch up" (perhaps led by the mass where the climber was) and enter as a large mass? Could that serve as a "whip handle" to pull the rest of the fiber in, causing a "red Mars"-type whip effect? Sure, it's not "sequoia sized" and wouldn't have the same mass that caused the devastation in the novel, but it'll have enough of its own mass to still pose a threat. If nothing else, the falling ribbon could potentially tangle and slice through the rest of the elevator ribbons.

    I'm sure there is some science you based your statement on, but I think it's less simple than just stating "it'll flutter down because it's shaped like Saran wrap."

  17. Re:Cloes on Google to Use PC Microphones to Listen In? · · Score: 4, Funny
    Never before have I been GLAD not to be able to plug a mic into my 4G Mac

    Pfft. I have more microphone security than that. I'm running Windows XP.

    I can hardly get my f'ing microphone to work even in the applications where I to WANT it to work. There's always some level set wrong or gain turned up too high or something that keeps it from actually capturing my speech. I doubt even mighty Google can penetrate the obscurity layer that is the Creative Labs mixer on top of DirectX.

  18. Re:LED based lighting would do even better on The Light Bulb That Can Change the World · · Score: 1
    I've seen a few LED bulbs, and they all seem to flicker at an annoying frequency.

    The Luxeon data sheets I've seen say that any frequency below 100 Hz will produce a visible flicker. They specifically caution that using 60 Hz mains frequency will be quite noticable to people.

  19. Alice Kahn got it right on Why Do Companies Stick with Voice Menus? · · Score: 1

    "For a list of all the ways technology has failed to improve the quality of life, please press 'three'."

  20. Re:Explained it wrong on Stolen Laptop Calls In! - Will Police Act? · · Score: 1
    You mis-read the post. The guy was complaining that his stereo was stolen, not his car. And taking a used car stereo is not "grand theft auto", it's petty larceny. Unless they've absolutely nothing better to do, cops won't dust for fingerprints for a minor offense like this.

    And I don't know how much the cops have to do in your fair city, but here we've got enough gangs, violence and drugs to keep an awful lot of them busy all the time. I'm not slagging the cops -- they simply are too busy for these little crimes that have a high expense-to-prosecution ratio.

  21. Re:Remote sensors on How to Run a Computer in a Sub-Zero Environment? · · Score: 1
    Agreed. If you're simply looking to acquire data from sensors, there's likely an RF solution that doesn't involve operating a server farm at subzero temperatures -- just the sensors. Of course, you might be doing some really sophisticated analysis requiring precise timing, enoromous volumes of data, etc., but how much of that has to be both "precise" AND "real-time"? Can you collect the data offline with minimal hardware, and perform the analysis later?

    To me it sounds like you're thinking of an SPC-type process. In a normal factory you might have a PC at each machine station connected to a half-dozen sensors, and your QC inspector would use those to measure your process. Sometimes the software in those situations doesn't require the inspector to actually use the PC -- the inspector selects the sensor via a hardware switch, takes a measurement, then switches to the next sensor. That's a perfect situation for using short-haul modems to machines located safely out of the harsh environment. The QC inspectors can continue to use the tools inside to measure your process, but the data would be recorded outside the freezer. Someone on the outside could let you know if the process is heading out-of-bounds.

  22. Re:Explained it wrong on Stolen Laptop Calls In! - Will Police Act? · · Score: 4, Insightful
    Hate to disappoint you, but no cop will bother with fingerprints for a simple auto burglary. It's a simple matter of priorities. There are way too many things for the police to do than track down petty criminals.

    The biggest reason is that even if they did pull good fingerprints from your window, tracked them to a known criminal, got a warrant, entered his place, and found him along with your stereo in his bedroom, the criminal would get an average sentence of a few days to a few weeks, (most likely suspended,) plus probation and possibly reparations.

    But that entire scenario is highly unlikely, from the first assumption to the last. Too many people see smeary fingerprints taken on CSI and assume that every precint has a "Bat Computer" sitting in the back where they can just upload a print and out pops a name and an arrest warrant. And every one of those people expects the same care devoted to catching a car-stereo thief.

    There's just nothing in it for the lesser crimes. No real punishments, just a lot of work for absolutely nothing resembling justice. Someone might take pity on you if you didn't have insurance, but even that's highly unlikely unless the value of the stolen merchandise was high.

    The cops will definitely take it seriously if there's been a violent crime (again, keep in mind the difference between what you'd consider a serious assault and what they'd consider serious.) And even then, the backlog clogging the BCA labs usually runs over a year before forensic evidence is processed! There are simply too many criminals and too many crimes at this point in history.

  23. Re:Hardware solution (screwdriver) on War Declared on Caps Lock Key · · Score: 1
    Then you want the Logitech G15 keyboard. It comes with a curiously iconed switch, with a picture of a monitor in one direction, and a joystick in the other. I had no idea what it was for. After reading the manual, I discovered it was to lock out the Windows key, with the intention of preventing a gamer from accidentally switching applications during a firefight.

    A clever solution.

  24. Re:Not really that serious on Microsoft Bracing for Worm Attack · · Score: 1
    As for your son, I ran a windows box on that network for four years, and with a good firewall, virus protection, Firefox, and some common sense, he should be fine.

    Thanks for the confirmation! He has all four of those in spades, so I'm not at all worried. Anyway, his summer job for the last three years has been building, upgrading, installing and repairing various Windows machines. I think he'll know what to do (and that is "charge other students for degunking their computers!" :-)

  25. Re:IRC the weakpoint? on Botnet Herders Attack MS06-040 Worm Hole · · Score: 1
    Whats to stop virus writers using a proxy?

    Nothing. They are doing exactly that.

    Modern botnets are organized more like terrorist cells than anything else. What they're doing is opening encrypted channels only between the infecting and infected machines, and run as a peer-to-peer network. It's very much run like a Tor network.

    So now, there's no single IRC server. The botherder can connect to any infected machine and issue a command, and the command will propagate peer-to-peer. The communications channel is encrypted, so casual snooping of the data won't reveal the tell-tale signs of spam that might cause a firewall to block it.