Slashdot Mirror


User: hawguy

hawguy's activity in the archive.

Stories
0
Comments
5,882
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,882

  1. Even the "experts" have problems on Corporate Boardrooms Open To Eavesdropping · · Score: 4, Interesting

    When we bought our video conferencing system, the vendor that implemented gave us their VTC unit's number for testing. Their test VTC system is in their main conference room.

    Well, one day we were demoing the unit to a group of people and we called the vendor's unit. They were in the middle of an intense meeting, the CTO of the company was nearly yelling at his staff about a missed sale - I guess he saw the camera swivel into position and yelled "Who turned that bloody thing on! Turn it off!"

    Pretty funny from our point of view, and our sales rep called later to apologize.

    So if the vendor that implements these for a living can't remember to turn off auto-answer when it's important, how can anyone else? I'm surprised at the number of companies that leave auto-answer turned on. (and am also surprised at the number of companies that re-use conference bridge numbers, I accidentally called into a conference bridge an hour early for a meeting, and got to listen to the vendor talking with a competitor about a new project).

  2. Great logic on Piratbyran Co-Founder Says Stop DDoSing Polish Sites · · Score: 5, Insightful

    The government says "Hey, we really didn't consult the public before we agreed to this, but you know, since some anonymous organization from outside our country is attacking our internet sites, we have no choice but to screw the public as we originally intended and the blame rests soley on Anonymous."

    Sounds like a convenient excuse to do what they were going to do anyway, but now they have a scapegoat.

  3. Re:Coffee shop? on Ask Slashdot: Choosing Anonymous Proxies? · · Score: 2

    Why?

    Your laptop running a Live linux distro and USB drive. Untraceable, or do you think that Mac addresses can not be changed.

    It is perfectly safe to use the same laptop for good and evil.

    Topping that, why even bother spoofing your mac address when you can get a "disposable" usb wifi adapter for less than 10 $.

    Because unless you dispose of it regularly, if the cops confiscate it and find that it matches the MAC address linked with questionable activity at a coffee shop, then you're screwed. If you set your MAC address to some randomly generated number on each visit, then they can't easily link your hardware to the coffee shop logs. (i'm ignoring other fingerprinting that they could be doing to identify your hardware since if someone is interested in you enough to do advanced network analysis to find you, they're interested enough to track down your Wifi signal the next time you get online.)

    But if you are worried about Wifi fingerprinting, then the disposable Wifi adapters you mentioned would be the way to go - as long as you really do dispose of them.

  4. Re:Fake passphrase on US Judge Rules Defendant Can Be Forced To Decrypt Hard Drive · · Score: 1

    Or steganographically hide it in plain sight in the digital picture frame with your kid's pictures. Without the passphrase, they can't prove that a suitably random key exists in a JPG.

    Most steg tools leave signatures that clearly indicate that steganography was applied to the image. Many steg tools use sub-par security. I wouldn't go that route.

    Of course, if all you're hiding is an encryption key protected by a passphrase, you can hide the key in any image (or any file, really) and make it completely undetectable.

    If your passphrase is "1234", your encryption key can be a sha-1 sum of 1k blocks 1,2, 3, and 4 in the file (naturally, all of the safe password guidelines would apply so it would be a complex (or long (or both)) passphrase). No alteration of the file is needed so the existence of the key in the file is undetectable. However, without possession of both the file and your passphrase, the passphrase is useless. Not that it would have made any difference in this case unless she could tell the cops that without her digital photo frame (which has since gone missing), the passphrase is useless. She can even "prove" it by giving them the passphrase (which could be completely made up since no one would ever know).

    It would be impossible to prove otherwise, if she says her password was encoded in a picture of her son's birthday in her digital picture frame and the cops can't find her digital picture frame (which may have been destroyed by her husband after her arrest), there's no way to prove that she's lying - Bonus points if crime scene evidence photos show the photo frame, but a subsequent search can't find it, or finds it with memory card missing (husband can say that the pictures were a painful reminder of his imprisoned wife so he threw the card away). Simply providing a similar digital photo file would be insufficient since cropping, resizing, even re-saving it as a jpg would all alter the file. Or better, carry around a USB memory stick with known I/O errors - make up your passphrase, tell them how to recover the key from your image file, and give them the name of one of the images that's returning an I/O error.

    It's all about deniable plausibility, and it would be easy to find an expert witness who will agree that such an encryption key would be completely unrecoverable.

  5. Coffee shop? on Ask Slashdot: Choosing Anonymous Proxies? · · Score: 4, Interesting

    How about a coffee shop's free Wifi using a spoofed MAC address while I'm sitting at the restaurant next door?

  6. Re:Fake passphrase on US Judge Rules Defendant Can Be Forced To Decrypt Hard Drive · · Score: 4, Informative

    "Prosecutors in this case have stressed that they don't actually require the passphrase itself, and today's order appears to permit Fricosu to type it in and unlock the files without anyone looking over her shoulder. They say they want only the decrypted data and are not demanding "the password to the drive, either orally or in written form."

    So this quote makes me wonder, what encryption software is out there that can be configured with a "doomsday" passphrase that will automatically begin some sort of secure delete process when entered? Of course with a fancy "decryption in progress" dialog window or something?

    I guess if they figure out what you did, you could be charged with destruction of evidence but if that is a lesser sentence than the wire fraud it wouldn't be a bad move.

    I think one of the first things they do is make an image of your hard drive, preserving the data, no matter what you do to it. Much better to keep the key itself on destructible media and destroy it when the cops knock at your door. Or steganographically hide it in plain sight in the digital picture frame with your kid's pictures. Without the passphrase, they can't prove that a suitably random key exists in a JPG.

  7. What's the point? on A Data Center That Looks Like a Mansion · · Score: 1

    I still don't see the point of this - while I'm sure land is cheaper there than in a city, unless it's located unusually close to some major telecommunications lines, they're going to have to pay for trenching in connectivity over multiple physical paths.

    The only reason I can think of for locating a datacenter in a luxury neighborhood is to house the security camera DVRs and other security equipment for those homes, but that hardly seems like it will support a datacenter.

  8. Re:doesn't require big oil on Chevy Volt Passes Safety Investigation · · Score: 2

    If you ran a 1500watt space heater and 2 150 watt computers for 10 hours/day for $88/month, that works out to around 16 cents/kwh ($88 / 540KWh)

    If you put 10KWh into the battery each day to go 20 miles, that's 300Kwh, or $48 to go 600 miles.

    You don't mention which Kia you have, but if you get 30mpg, 600 miles at $3.50/gallon would cost you 600 / 30 * $3.50 = $70

    So you'd still come out ahead with the Volt if you're only comparing fuel costs.

    But since you're only putting $20 every 3 weeks into your car, your average commute is only around 11 miles ($20 / $3.50 * 30mpg / 15 days) so if fuel costs are important to you, you might be better served with a bicycle.

  9. Re:Not to defend GMs horrendous safety and quality on Chevy Volt Passes Safety Investigation · · Score: 3, Insightful

    In the end, the Volt turned out to be a lemon .... the battery charge does not deliver the promise (miserable) 30 miles per charge and the gas engine has an efficiency about as bad as a small SUV (~22 mpg). And for $40K that is a crappy deal. Maybe that is why GM just canceled the model.

    When consumer reports tested the car, on their 150 mile trip of mixed city/highway driving they got 70mpg.

    They said that the battery-only range varied from a low of 20 miles (with electric heater on) to up to 50 miles at moderate speeds with no climate control switched on. 25 miles of electric range would cover most of the typical American's commute (USA average is 29 miles per day)

  10. Re:No official word from GM ... on Chevy Volt Passes Safety Investigation · · Score: 2

    In the article you quoted, they said they haven't even kept up with demand. So it sounds like they are selling cars as fast as they can build them.

    GM’s North American President Mark Reuss said the automaker is still filling orders and may not know until around the second quarter.
    “There’s no trend because we haven’t satisfied demand,” Reuss said to reporters. “I told everybody that we’d be looking at satisfying demand right around second quarter. We’re not there yet, so I don’t know.”

    Of course, it remains to be seen how well demand holds up for the remainder of the year. If there is a spike in gas prices this summer as some have predicted, the Volt should do well.

  11. Are they paying tax? on Is Facebook Becoming a Central Bank? · · Score: 1

    Is someone paying tax on these transactions?

    Lately Credits have become more intriguing. Warner Brothers this summer offered movie-goers a chance to watch Harry Potter and The Dark Knight for 30 Credits apiece. Miramax and Paramount countered with film-viewing offers, too

    This sounds like a barter transaction:

    http://www.irs.gov/businesses/small/article/0,,id=215975,00.html

    Exchanges occurring through a barter exchange are reported to IRS on Form 1099-B and show the value of cash, property, services, credits or scrip added to your account by the barter exchange.

  12. Easier way on What To Do With a 1,000 Foot Wrecked Cruise Ship? · · Score: 1

    I think this documentary film shows an easier way to lift the ship off the rocks:

    http://www.youtube.com/watch?v=NyN9ojKYVIU&feature=related

    Most cruise ships already have the necessary supplies on board.

  13. Shouldn't they be arrested? on Police Investigate Offensive Wi-Fi Network Name · · Score: 2

    I thought unauthorized access of a network was supposed to be a crime. Just because I broadcast my SSID in plain text, that doesn't mean that I'm authorizing you to view it:

    http://www.dba-oracle.com/t_unauthorized_access_computer_network_crime.htm
    http://tech.slashdot.org/story/11/07/01/1637211/judge-oks-wiretap-lawsuit-over-google-wi-fi-sniffing

    Apparently the law thinks that intentionally broadcasting something in plain text doesn't mean that it's free for everyone to use.

    If you read my SSID without my permission, I'm calling the cops!

  14. Only as good as the auditor on Do Data Center Audits Mean Anything? · · Score: 2

    I'd say that data center audits, just like financial audits, are only as good as the auditor. If you're a big enough client, the auditor will say pretty much any thing you want:

    http://en.wikipedia.org/wiki/Arthur_Andersen#Demise

    But still, I look for the certifications to cover my butt. Of course, that's what all of these standards are about - just saying that you've implemented procedures to cover your butt. It doesn't matter whether or not the procedure actually does anything worthwhile or even if there are big gaping holes elsewhere. As long as you can say you've implemented it fully, then you're covered.

  15. Re:surprisingly on Fake IPad 2s Made of Clay Sold At Canadian Stores · · Score: 1

    LOL, I see what you did there, by insulting the iPad and all. ANDROID RULES!!!!!1

    That's hardly an iPad insult since it applies equally well to any tablet. Relax, not everyone is trying to make fun of your iPad.

  16. Re:Returns on Fake IPad 2s Made of Clay Sold At Canadian Stores · · Score: 2

    I returned an un-opened set of sockets to Canadian Tire once. The sockets were still in the original shrink wrap, and the clerk cut it open in front of me before she gave me a refund. When I asked her why, she said that they've had people return socket sets full of rocks.

    Not surprised really.

    I returned a car floor jack to Sears once - after I explained to the sales clerk that it was missing a key hinge pin that I didn't notice until I tried to use it and bent several support struts making the jack completely unusable, she put a "Clearance - used" tag on it. I pointed out again that it was broken and she said "uh-huh". I stopped by the next weekend and sure enough, it was sitting on the shelf - with a price marked 20% off. In theory it's fixable if you have the tools to disassemble it and straighten the bent parts (some parts are held together with crimped pins that you'd have to grind or cut off), I can't imagine someone is going to think the $20 they saved on the jack is going to be worth it.

  17. Re:Nothing you can do on Ask Slashdot: What Can You Do About SOPA and PIPA? · · Score: 1

    Representatives, like diapers, should be replaced regularly and often, and for the very same reason

    That makes no sense, I only replace diapers when they are full of sh*t, but....oh wait...I see what you did there!

  18. Re:California wants to split off on Predicting Life 100 Years From Now · · Score: 2

    Actually, California gets less back from the federal government then we pay out. We would be in much better financial shape if we didn't have to subsidize other states.

    This infographic says that California gets back 78 cents of every dollar paid to the federal government. Only 7 states have a lower ratio.

    http://visualizingeconomics.com/2010/02/17/federal-taxes-paidreceived-for-each-state/

  19. Re:Stop limiting password length on Passwords Not Going Away Any Time Soon · · Score: 4, Interesting

    Why does web site x have an 8 character length limit, alphanumeric only?

    Why does web site y have more allowable character types, but minimum of 5 chars, max of 18?

    And why won't they tell me what their password restrictions are until I've failed 3 times and need to reset my password? I use the same (or similar) password at all non-important sites (discussion forums, etc, not anything that involves a credit card, bank account, or personal email). If they'd just post their password requirements when I'm entering the password (or at least after the first time I mistype the password), I'd be able to remember what password I used.

    I can't believe hiding the password requirements makes life any harder for a hacker (who could just create a dummy account to see the password requirements).

  20. Re:Get it right the first time? on Passwords Not Going Away Any Time Soon · · Score: 1

    Good luck typing any password as long as "correct horse battery staple" correctly on the first time on a handheld device's on-screen keyboard.

    I have a much easier time typing long alphabetic passwords than I do alpha+numeric+symbol passwords.

    And how did you know my password was "correcthorsebatterystaple"!? I followed the XKCD comic *exactly* to generate a secure password, it should have taken you 550 years to guess it.

  21. Re:job security on Passwords Not Going Away Any Time Soon · · Score: 4, Insightful

    Sounds like job security for those of us who reset passwords for a living.

    Drat.

    Better to reset a password than find that your fingerprint scanners can be compromised by silly putty or your retinal scanners can be compromised by a picture painted on the back of a marble and instead of resetting a password, you're replacing hardware.

  22. Re:Lean? on "Learn To Code, Get a Job" According To CNN · · Score: 4, Insightful

    Don't we want all of our code lean?

    Not really - I've run into too many coders that think "lean" code is the same as "terse code". They skip comments, compress loops into a single line or use all sorts of other tricks to compress code into a single line, etc. Anything they can do to make their code "lean". Which of course, makes their code write-only.

  23. Who needs coders? on "Learn To Code, Get a Job" According To CNN · · Score: 5, Insightful

    We already have too many coders at my current employer, what we need are software developers that know how to architect a maintainable system.

  24. Re:Yep. on Do Companies Punish Workers Who Take Vacations? · · Score: 2

    I certainly agree that employees that use their vacation days are at a disadvantage. Who are you more likely to promote? Joe Schmoe who 'abandons his post' for two weeks a year, or John Doe who hasn't taken so much as a sick day in ages and never takes vacation? You don't have to cross-train someone to hold down John's side of the fort for a week or two at a time, so promoting him will save you a few man-hours of time in the future. In the mean time, you'll keep telling Joe he can't take vacation because someone else on the far other end of the vacation always has the two weeks he wants reserved off....

    On the other hand, you don't know what will break when John's out and unreachable for 2 weeks after a bad car accident, and no one but him really understands his job so when he's out, you're screwed. I already know what happens when Joe is out, he's trained Suzy to take over for him.

    I never look at vacation days when deciding on who to promote or how to allocate pay increases. But I do look at sick days - especially if they are always on a Friday, or surround holiday weekends.

  25. Re:Not enough on Do Companies Punish Workers Who Take Vacations? · · Score: 4, Informative

    What kind of slave driver company would only give 2 weeks of vacation per year??? I don't know anyone that has less than 5-6 weeks per year.

    In the USA? I don't know any non-executive that has that much vacation unless they've been at the company for a long time.

    When I negotiated for my last job, I tried hard to get another week of vacation, they refused, but instead gave me 3% higher salary. I don't understand that logic at all, why refuse to give another week (2%) of vacation, trading it for a 3% bump in salary? I didn't stay there long enough to even use all of my 2 weeks of vacation due to some dissatisfaction in other areas. But at my new job, I got a firm 2 weeks (after 3 years it's 3 weeks)