Slashdot Mirror


User: jd

jd's activity in the archive.

Stories
0
Comments
13,841
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,841

  1. Re:Two-Factor on Comodo Says Two More RAs Compromised · · Score: 1

    That would be nine factor via eight species authentication. Should be quite effective.

  2. Re:Its not their fault... on Comodo Says Two More RAs Compromised · · Score: 1

    I dunno. If all thousand were skript kiddies, it should be easy.

  3. Re:Chronically incompetent on BP Loses Laptop With Oil-Spill Claimants' Personal Info · · Score: 1

    The morons are the ones who would work best under the managers. It's not deliberate selection, merely a compatibility issue.

  4. Just typical, I'm afraid. on BP Loses Laptop With Oil-Spill Claimants' Personal Info · · Score: 1

    Not malicious, just another spill. Likely into deep water. It'll now take them three or four months to figure out how to recover it.

  5. Re:So you can't buy a plane? Buy a ship instead! on Man Accused of Selling US Military Drones On EBay · · Score: 1

    Plenty of space to stow things!

  6. Re:should the ISP intervene? on Are the Days of Individual Security Over? · · Score: 1

    Depends on how "intervene" is defined within the document.

    For example, ISPs with intrusion detection systems, up-to-date firewall and router patches, secure DNS (and if necessary DHCP) servers, minimum password standards for any webmail they provide, a policy of always digitally signing their e-mails to customers, protection against router table poisoning, and security on the BGP upstream routing links, etc, are unquestionably interfering at the network level.

    I'd also consider them doing an adequate job.

    The above would also provide no censorship whatsoever.

    And that is the correct way to do security - minimal impact for maximal effectiveness against genuine threats and zero impact on legitimate (regardless of how fringe) interests.

  7. So you can't buy a plane? Buy a ship instead! on Man Accused of Selling US Military Drones On EBay · · Score: 3, Insightful

    One 19,000 tonne aircraft carrier for sale, one careful owner, only used to drive to church on sundays and launch fearsome aircraft into the skies to intimidate the enemy and drink their blood.

  8. Re:What, people measure scientific output? on China To Overtake US In Science In Two Years · · Score: 1

    Cambridge claims it was a murder in this history.
    Cambridge clarifies that it was a murder of a woman, as a prelude to a book review

    Ok, I'm going to have to say I was mistaken on the crime itself, but not of the effect.

  9. Re:What, people measure scientific output? on China To Overtake US In Science In Two Years · · Score: 1

    Everything's relative. Compared to the Creationist Museums around the world, Crystal Clear radio, or the Tea Party, then yes, governments are (relatively speaking) very neutral indeed.

    Personally, I think that if you replaced one of the Houses (in any dual-house system) with a meritocratic selection system and the other with some form of proportional representation, you'd get far more neutrality and far more sense. However, that's just my opinion and you can't have it. So nyah!

    However, you're missing the point entirely. I said "funded", not "run". The BBC is partly funded by the British Government but it is not run by it. They have a charter, agreeing in general terms a vague framework in exchange for the right to levy by license fee, but that's it. And that's how I like it. A corporate, semi-autonomous quango.

    Universities should be run the same way. Indeed, until this year in Britain, they were. In Britain, universities were partly Government-funded under a charter that agreed there would be certain standards maintained, a certain minimum level of research, etc. The Government had no authority to dictate terms or to say what research had to be done. The current Government has violated this charter this year and risks a major collapse in the system and potentially severe social unrest (these kinds of charters are not just legally-binding, they're also honour-bound and extremely traditional - brushing them aside is a move likely to upset a LOT of people).

    America has no real quangos. NASA's boss obeys Congress and can be hired/fired according to the political mood of the time. NPR isn't really a quango - it has the semi-autonomy but the Republican move to eliminate funding means there's no way to build up a charter-driven system.

    As such, Americans generally don't comprehend this idea of someone being given money without having to give back devout loyalty. There just aren't that many parallels in society in the US, with most levels having abandoned any form of mutual benefit idea a long time ago. (Most people work for their paycheck, they do not work for the mutual benefit of anything or anyone. If others benefit, it's merely an incidental effect of others happening to be on the path of acquiring absolute independence.)

  10. Re:What, people measure scientific output? on China To Overtake US In Science In Two Years · · Score: 1

    That was caught almost immediately as bad science by virtually every academic in Britain. Not their fault that the medical scamming in the US has made everyone too paranoid to believe anything positive.

    However, I =WILL= use that example to prove a point. In order to disprove the original paper, it had to be cited. By being cited by all of the critics, it automatically raised its ranking. This was a BAD paper that, by the current scoring system, became also a very valuable paper. This is precisely why such a primitive system is flawed.

  11. Re:It's a bad idea... on Can We Fix Federated Authentication? · · Score: 3, Informative

    I'll agree with the excessive trust. Mind you, banks persuaded the plebians out there than a 4-digit PIN was secure, so I'm not terribly enthused as to their understanding of the issues.

    I'm not, however, convinced of the risks. If that were wholly true, Kerberos V would not be a leading sign-on mechanism for security-conscious organizations. (Once you are assigned a kerberos ticket, you are authenticated on all machines that talk to the same Kerberos network.)

    Nor would SASL2 be as significant as it is. Shibboleth (which uses SASL2 as the underlying mechanism) wouldn't be a fairly mainstream tool on Internet 2 - well, as far as you can call anything mainstream on Internet 2...!

    The DoD uses a form of federated authentication in the form of smart cards that contain client-side digital certificates that act as authentication tokens on behalf of the users.

    Clearly there are situations where federated authentication works and works well (most of the time).

  12. Re:What, people measure scientific output? on China To Overtake US In Science In Two Years · · Score: 3, Interesting

    That's just sour grapes. Just because the Chinese tried to fraudulantly deny Perelman his claim to solving one of the world's toughest maths problems (amongst other academic misdeeds)! Besides, academic fraud is widespread. Any South Korean cloning experts come to mind? Then there's the US medical researchers who won't publish papers that would make their sponsors look bad. The truth is, academia needs to be properly and heavily funded by Governments and those trusts that can demonstrate neutrality, not by private organizations, and there really should be a heavy crackdown on corruption.

  13. Re:What, people measure scientific output? on China To Overtake US In Science In Two Years · · Score: 1

    It's some function of the number of papers published and the number of times each paper is cited. (It is assumed that the more a paper is cited, the higher the quality of the paper. In a number of countries, Universities are funded according to this measure, so underfunded institutions tend to be penalized for outputing less and rich, and rich, popular institutions tend to get extra funding as they tend to publish more, get into glossier journals, and get their stuff noticed better.)

    It's not a particularly rational measure, but it's one of the few measures that allow the US to excell at anything and the only measure by which the savagely mutilated British university system can get any recognition at all. Personally, I think both countries aught to fund their academic systems properly, sensibly and maturely. But please remember, ever since Cambridge University was founded by rapists escaping from Oxford University in the 12th century, there's been questions as to whether much of academia is capable of doing much with sense or maturity.

  14. Re:Yeah,. right on Geohot Battles Back Against Sony · · Score: 1

    Do you need "California" and "whacky"? Surely one makes the other redundant in the sentance.

  15. Re:Won't matter on Geohot Battles Back Against Sony · · Score: 3, Informative

    Sure, but copyright has nothing to do with logic. If you have any sound recordings from 1972 or earlier, they're all copyright (in the US). I mean ANY amount earlier. It is an act of piracy to download an MP3 rip from one of Edison's wax cylinders. Those most definitely should also be public domain by now, but they won't be until 2067.

  16. Re:Won't matter on Geohot Battles Back Against Sony · · Score: 4, Funny

    Depends on how many ninjas the EFF can call on. A few magic mushrooms in Sony's lawyers' coffee and even the courts would have a hard time being sympathetic.

  17. Re:So uh on Americans Favor Moratorium On New Nuclear Reactors · · Score: 1

    Care to name any significant minable uranium ore deposits found in the last 50 years? You can say what you like, but you're still wrong.

  18. Re:Horatio says... on Samsung Galaxy Ad Misleads With Fake Interviews · · Score: 1

    Damn. Peril-Sensitive Sunglasses would make the fight scenes more interesting than usual.

  19. Re:So uh on Americans Favor Moratorium On New Nuclear Reactors · · Score: 1

    Blame the governments for that. The paranoia engendered during the Cold War (including execution of some for treason in the US) over anything nuclear was beyond imagination. The anti-nuke-weapons campaigners added to this with such docu-dramas as Threads (which, if you've not seen it, you should).

    The consequence is that the public has only terrifying images of global catastrophe to work with. Education being controlled by lobbyists isn't helping. What can we expect from this?

  20. Re:which kind of nuclear? on Americans Favor Moratorium On New Nuclear Reactors · · Score: 1

    Fusion reactors would produce helium-4, which is stable. Wouldn't matter too much if that leaked, but the flight attendents in the aircraft overhead might start squeaking.

    Fusion reactions also extinguish easily, which is why creating a sustained one is so much of a problem. Sustaining a fission reation merely requires the radioisotopes are nearby. A fusion reactor should never be able to go critical.

  21. Re:So uh on Americans Favor Moratorium On New Nuclear Reactors · · Score: 1

    There hasn't been a single uranium deposit found in like 50 years. If we switch to nuclear power, the reactors had best be damn efficient and have provision for recycling fuel or the fuel will run out before oil and coal.

    Fusion power is the best long-term hope but efforts on building ITER are stalled for political gain and universities get more funding from publishing research results than they'd get from a corporation by publishing a HOW-TO. That's not to say I think anyone's holding onto any secrets, but rather that there's too much incentive to not be looking very hard. Apologies to those who actually ARE looking hard. The three of you will get free luncheon vouchers after the rant.

    Renewable energy is currently in its infancy and I'm suspicious as to some of the approaches used. The "eggwhisk" design for a wind turbine is surely more stable than a windmill, will work no matter what direction the wind blows (without needing huge motors to turn it the right way), but aside from seeing it used in practice at an alternative energy center/community, I've not seen it used in the field much. Solar panels for generating electricity aren't nearly as efficient at extracting power as solar panels for heating water. Since a fair chunk of power goes into heating water, it would seem more efficient to cut out the middle step (as far as possible) and go to direct heating.

    As for fission power, the Japanese apparently made a conscious choice to ignore historic data prior to the late 1800s (ie: all historic events relating to mega earthquakes and mega tsunami). The owner of the plant has also been making a conscious choice to mis-inform and/or ill-inform the public - presumably on the theory that an ignorant public won't panic. No, ignorant publics tend to panic. Well-informed publics, even if they don't understand a word that is said, are happier for knowing that someone knows what is happening and what to do about it. To mis-quote the popular British legal phrase, problem-solving must not only be done, it must be seen to be done.

    The accepted practice* (now) in America and Europe is to take the worst historical combination of events a given area has suffered (ignoring asteroid strikes, supervolcanoes and Mayan calendar prophecies) and build on the assumption that this worst possible combination of events is one that may well happen and the reactor should be able to survive it. Had the Japanese reactor site been built using these methods, the earthquake would have done less damage, the retaining wall would have held water up to the levels that (historically) happen on that coast during major earthquakes, and the emergency generators would have been at least ten feet further off the ground. (Geologists can point to three almost-identical events in the past 3,000 years, tsunami-hights included, and have been saying since 2001 that that part of the coast was overdue for exactly this.)

    *It may be "accepted pratice" in the nuke industry, but that kind of engineering certainly doesn't apply to the rest of the infrastructure, which is a total mess, badly built and badly maintained. And just because it's accepted doesn't mean nuke engineers adhere to the standards, merely that the standards exst and that the engineers accept they really should adhere to them. If the Republican plan in the last presidential election had gone through, to build 30 reactors in a short time, I can see corner-cutting and cost-cutting being a major part of that,

  22. Re:What can users do about it on Mozilla Says It Erred On SSL Attack Disclosure · · Score: 1

    You still want verification of the actual details, that the individual authorized for the cert is the one authorized to have the website, ad nausium, but your idea is excellent.

    Ok, how about this:

    A DNS site's certificate has to be master-signed by a CA at level 3 trust (since it's infrastructure we're talking about) and then has to be counter-signed by one or more of the upstream DNS suppliers. This combines the web of trust with a superskeleton of validation that is independent of the web of trust. Compromising one or the other won't allow for fake certs.

    An IPSec tunnel would do the same (again, it's infrastructure), but would get counter-signatures from each of the DNS vendors supplying the A record for each endpoint. Not sure what to do about MPLS.

    A website does the reverse. It must be master-signed by an upstream DNS supplier (the one holding the information on who owns that record would do nicely) and then counter-signed by a CA at level 2 at minimum, level 3 for anything corporate. Again, dual keys making it harder to compromise any given organization.

    DNS servers, IPSec tunnels and web browsers must positively validate all signatures present as being correct and from public keys that are not revoked AND positively validate the cert is not itself classed as revoked before validating the cert as correct.

    Note that "positively". The system should be fail-safe. Revocation lists should be widely distributed and effectively impossible to block, but if a machine cannot reach any locatable revocation list (service location protocol is your friend, as is anycasting) then the cert should be disabled rather than assumed valid.

    SASL2 should be implemented in browsers and should be used when it would be more appropriate than SSL/TLS.

    Certain network regulations should be introduced (or re-introduced). Level 2 certs should be the lowest standard acceptable from any public CA. Level 1 should be strictly kept to roll-your-own sites. Level 3 should be mandated as the minimum for eCommerce or other "Commercially Confidential" information. No cert should EVER use RC4, MD5 or any other hash certified as broken for ANY part of the process, even with roll-your-own. That should be banned. A copy of the Hash Lounge with the SHA3 lounge added on should be kept in XML form at standard locations. Hashes with no known breakage are good for level 1. Hashes with no known weaknesses to any extent are good for level 2. Hashes that are compliant with the latest FIPS180 are good for level 3. (That means level 2 security may be better, but level 3 has better trust, which is what level 3 is about.)

    DNSSEC (although I'll agree there's better DNS security mechanisms out there) should be mandated. Well, except where the better DNS security mechanisms exist and there's a decent bridge between the two.

    ISP-to-ISP (ie: not host-to-host or server-to-server) connections should be over IPSec. Where the IPSec connection is not ad-hoc, digital certificates or other means of proving endpoint and tunnel validity should be used. (The user won't necessarily know or care.)

    You've now got a validated set of ingress and egress points to reach the destination, the destination is doubly validated (hostname and website name) and a validated tunnel to go from start to finish if it's supposed to be a permanent link*, where none of the authentication has a single-point-of-failure that can be exploited. Is that or is that not a secure system?

    *In real-world terms, you validate the start and end points of a cab ride, but not the company. If you're going by air, you validate the end-points, the carrier, and everything else you can imagine. This is the difference between ad-hoc and a permanent/semi-permanent link.

  23. Re:Isn't this contradictory? on Microsoft Sniffs Out Unused Wireless Spectrum · · Score: 1

    I'm not arguing that it can't be done, I'm simply arguing that it's more expensive than sharing the higher-end gear. You can get a gigabit router for around $100. On the Google Maps link we were given, there's a village off Acampo Road with around 7 dwellings per block on average. One fibre router and 7 gigabit CAT6 routers will therefore run you $1700. 7 fibre routers runs you to $7000. There's about 15 blocks that you'd need to take care of. That's a savings of $79,500 by using communal routers. That's a significant savings for no difference in result.

  24. Re:Isn't this contradictory? on Microsoft Sniffs Out Unused Wireless Spectrum · · Score: 1

    Rural American farmers are convinced by Sarah Palin. That doesn't show me that it's particularly difficult to convince them of anything. I'm willing to bet that many believe ghost stories and the moon landing conspiracy theories too. And these are the people you don't think can be convinced to put some cable in? Besides, look at the picture again. Those three houses on North May Road? Mid-point is not in any of their land. It's on the road. So what's your problem? Don't like losing the argument with your own data?

    Secondly, what agricultural activities are likely to damage infrastructure? Stubble burning? About the most dangerous activity is breaking the soil in spring and they simply don't plough that deep.

    Third, your solution increases the cable needed (my solution minimizes distances) and increases the routers needed (my solution minimizes network devices). Therefore your solution is expensive.

  25. Re:Horatio says... on Samsung Galaxy Ad Misleads With Fake Interviews · · Score: 1

    Are those the Peril-Sensitive Sunglasses?