Slashdot Mirror


User: Lord+Ender

Lord+Ender's activity in the archive.

Stories
0
Comments
5,191
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,191

  1. surround sound? on Analog Revival Means Vinyl Will Outlive CD · · Score: 1

    Some newer CDs and audio DVDs come with support for 6-speaker sound systems. Is this even possible with records?

    Also, can iTunes (AAC) or MP3 or WMA do surround sound?

  2. Re:editors are for wimps on A Visual Walkthrough of New Features in Vim 7.0 · · Score: 1

    Cat? Cat is for girlie-men! If ye had anything hangin between those skinny legs, ye'd write using copy con!

  3. Re:Oh, give it up, already! on How Hackers Identify Their Targets · · Score: 1

    If "hacker" is a term for skill, then it holds no moral value. A "good" hacker is just as much a hacker as a "bad" hacker.

    And good hackers are hardly ever newsworthy...

  4. Re:um... on Answers From Lawyers Who Defend Against RIAA Suits · · Score: 1

    What part of this: "When you buy a copy of something you have rights in the copy, that's it. No metaphysical rights to listen, reproduce additional copies, etc." do you think I'm misunderstanding?

    Saying "No ... rights to ... reproduce additional copies" is a lie.

    Or are you AC because you are trolling?

  5. Re:um... on Answers From Lawyers Who Defend Against RIAA Suits · · Score: 1

    When a lawyer tells a guy he has no rights to make copies, he is WRONG. Everyone explicitly has the right to make copies for any of several purposes. Your quote makes that VERY clear. So, thanks.

  6. Re:can we just agree on Don't Be Evil — Hire It Done · · Score: 1

    Google's real motto is to make money by producing the least annoying, most effective advertising.

    In the advertising world, annoying == evil. With that terminology, google does no evil.

    But in the REAL world, evil means a lot more. At best, google can claim they are less evil than most.

  7. um... on Answers From Lawyers Who Defend Against RIAA Suits · · Score: 2, Insightful
    you seem to have a general misunderstanding about the basic principles of copyright law. When you buy a copy of something you have rights in the copy, that's it. No metaphysical rights to listen, reproduce additional copies, etc. I don't know what gives you this idea.

    It seems strange to me that a copyright lawyer hasn't heard of the fair use rights granted by US copyright law (Title 17, section 107).

    The person asking the legal question is better informed than the lawyer!
  8. Re:Why would you trust Microsoft? on Responsible Disclosure — 16 Opinions · · Score: 1

    That's true. But since a lot of these things are discovered by researchers in countries with failed economies (like former USSR), $10kUS would be worth keeping quiet about.

    And I am sure avoiding a 0-day exploit is worth more than $10k to MS.

  9. Re:Why would you trust Microsoft? on Responsible Disclosure — 16 Opinions · · Score: 1

    Did you see the word "first" in there? The suggestion is that anyone who independently discovers and reports the vulnerability before the patch is released gets paid. That gives MS motivation to patch more quickly.

    And if they decide to never patch, there is nothing to stop the researcher from publishing it 0-day, anyway.

    But I didn't say this was what is best for everyone. I said this would be a good one for MS, because they would get all the time they need to fix the problems, and encourage people to come to them first.

  10. If I were Microsoft on Responsible Disclosure — 16 Opinions · · Score: 5, Interesting

    If I were deciding policy for MS or any other big vendor, I would publish a "hush money" policy on security vulnerabilities.

    Basically, it would go like this:

    "If you discover a vlunerability and report it only to us, when we eventually release the patch, we will give you credit for discovering it (what researchers really want), and we will give you $10,000. If you report it to anyone else before we release the patch, you will get no money and no credit."

  11. Re:I think they need a new PR firm on US Air Force to Test Hi-Tech Weapons on Americans? · · Score: 1

    I think the usual use of this is on crowds which have become violent and are looting or vandalizing.

    Before we had nonlethal weapons, such crowds where beaten with clubs, bitten by dogs, sprayed by fire hoses, or sometimes shot with real bullets.

    In some cases, corrupt leaders have ordered these (occasionally deadly) tactics be used on peaceful crowds.

    I would think most people in charge here would be interested in the looting-type crowds. But with either type, I would rather the government use non-lethal weapons.

  12. Re:Business or Foundation on Wikipedia Won't Bow to Chinese Censors · · Score: 1
    if you're a shareholder and you don't like what the corporation is doing you can sell and invest in some other corporation -- that's the whole point of a public company!

    No! The point of a public company is that if you don't like what management is doing, you vote for a new Board which will replace the management with someone you DO like.

    If you buy shares, you OWN part of the company. The CEO works on your (plural, collective) terms, you don't work on his!
  13. Re:It is companies that should improve id checking on Selling Other People's Identities · · Score: 1

    The FEDERAL government should start an X.509 PKI. It should issue CA keys all the state governments. They can pass them down to the birth-certificate-issuing level. Then, instead of a birth certificate, you get a credit card with a smart card which has a key signed up through the federal one.

    Any COTS smart card reader could verify that you are legit.

    This would cost a little bit of money initially, but it would pay for itself thousands of times over due to the reduction it fraud.

    It isn't perfect--it is as close as we could get, though. CRL distribution? Hell, it could be broadcast over AM radio, from GPS sats, whatever. Not a big deal.

    Whether you have been a victim of identity fraud or not, YOU ARE PAYING FOR IT in terms of increased costs on everything you buy. Federal PKI is the solution to identity fraud.

  14. for the finance people: on Xerox Reveals Transient Documents · · Score: 1

    How much would you save on paper costs, vs how much would you pay to fix all the paper jams from wrinkled paper going back in the printer?

  15. Re:Yeah, but... on How To Fight Spam Using Your Postfix Configuration · · Score: 1

    "everyone else capitializes it these days"

    Sure, if by "everyone," you mean "a small minority."

    But I'm always willing to share insight with the sightless masses.

    Actually, I'm doing you a favor. Just like someone would be doing the President a favor if they mentioned to him that he was pronouncing "nucular" incorrectly.

  16. Re:Yeah, but... on How To Fight Spam Using Your Postfix Configuration · · Score: 1

    What do you think SPAM stands for?

  17. Re:Reputation ID on Will Solve Captcha for Money? · · Score: 1

    Since when was there a slashdot captcha box? I've never seen this.

  18. Re:Peer review, One-Time Pads, and Strong Crypto on Crypto Snake Oil · · Score: 1

    I never suggested anyone use OTP. I said it was the only one that was provably secure. Everything else relies on the fundamental tennet of cryptography.

  19. Re:Still not too bad on Crypto Snake Oil · · Score: 1
    I'd say that if the software is popular and open, then yes, you'll probably have fairly good security.

    It sounds like we are mostly in agreement.
    So an expensive piece of commercial niche software (i.e. impopular) will be secure even if very few people looked at the code, if the vendor prioritized security and spent money on hiring good people to do so.

    I can't disagree with what you are saying. But when evaluating products, I have no way of knowing for sure "if the vendor prioritized secrity and spent money."

    If I were stuck in academia and trying to make a name for myself in crypto, I would begin by trying to find flaws in something that is popular and open source. I'm not the only person who thinks that way, I'm sure.
  20. Re:Truecrypt on Crypto Snake Oil · · Score: 1
    There are some subtle watermarking attacks if you can get access to different encryptions of the same sector.

    Care to explain that a little bit further?
  21. Re:No, it's much harder than you think. on Crypto Snake Oil · · Score: 1
    I shudder when I see a copy of "Applied Cryptography" on the shelves because it is just enough knowledge to be dangerous.

    Which books would you want to see on someone's bookshelf for you to consider respecting them?
  22. Re:Crypto is scary stuff on Crypto Snake Oil · · Score: 1

    You really do sound paranoid. Unless you are totally ignorant, you must know that any math/copsci student who could show a well-established crypto system is easily breakable would have his career set for life.

    So you must think it is possible that every time one of these students publishes a paper on a fast way to factor large numbers, he vanishes, never to be seen again. How many people vanished from the math dept. of your school? That just doesn't happen. Unlless "they" (meaning all of academia) are also in on it.

    Come on, think it through. It's unreasonable.

  23. Re:Still not too bad on Crypto Snake Oil · · Score: 2, Informative
    Peer reviewed does not equal security. It could be there are several known flaws in something that's had "peer reviews"...

    Yes, "it could be" that many unlikely things are true. But they are still unlikely.

    Are you new to cryptogology? It seems you are unfamiliar with the fundamental tenet of cryptography: "If lots of smart people have failed to solve a problem, then it probably will not be solved anytime soon."

    You seem to think peer review doesn't have much to do with cryptography, but I would argue that it is the most important thing. If you expect an algorithm to be "provably" secure, then the only algorithm you have any business using is OTP.

    Because it is unreasonable to expect you to hire "lots of smart people" to review any crypto you use, the next best thing is to go for using a solution that lots of people (in general) use, and assume that a subset of those people were smart :-)

    You really should pick up this book as a basic intro to crypto.
  24. Re:Still not too bad on Crypto Snake Oil · · Score: 5, Interesting

    I would say that there is an inverse relation (at least somewhat) between price of crypto software and real security.

    The cheaper the software is, the greater the number of people who could have peer-reviewed it for correctness. The more open the software, likewise.

    Really expensive software could only have been peer-reviewed by a small number of people, while free, open source software could have been reviewed by a huge number of people.

    I recently was asked to recommend a way for my CEO and several other executives to securie thier IMs. I recommended gaim + gaim-encryption because it was all open source and free, so if there were a flaw in the crypto implementation, it would likely have been discovered already.

    I also made sure the CEO knew that he was using open source software, and I told him why. He was totally down with it :-)

  25. Re:There's a gene that confers some resistance... on Humanity Gene Found? · · Score: 1

    The same mutation that gave some europeans immunity to the plague also blocks HIV. Don't you watch PBS? Bad geek!