Slashdot Mirror


User: Doc+Ruby

Doc+Ruby's activity in the archive.

Stories
0
Comments
21,318
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 21,318

  1. Re:What are your sources? on The Making of a Motherboard at ECS · · Score: 1

    "When we find (piracy rings), we confiscate the products and the equipment they use to make them and turn to execute the persons or organizations involved," said the Waigaoqiao Free Trade Zone's Jian."

    Chinese torture is very well documented. Your inability to believe it when referenced in my simple, detailed post, and your failure to just google for details leads me to believe that you are either just in denial of Chinese tyranny, willfully ignorant, or just as naive as the reviewer I posted about.

    I would have hoped I couldn't prove you wrong, that China doesn't execute pirates or torture people.

  2. Re:Manmaking on Immaturity Level Rising in Adults · · Score: 1

    I didn't say "all Europeans". I said "Europeans". At one time, for centuries, practically all Europeans were Roman Catholics.

    Next you'll be trying to argue with me about the definition of "Europe". Like I said in another reply to your ridiculous hairsplitting, you need to grow up.

  3. Re:Manmaking on Immaturity Level Rising in Adults · · Score: 1

    The value of Catholic Confirmation, like other coming of age rituals, is primarily the change in the person going through the ritual. Secondarily in the people around them. I didn't talk about "society at large", though "European Catholics" certainly was (and is) society at large. I talked about the people undergoing the ritual, or not.

    You try to dismiss this simple anthropological fact of Western "coming of age" rituals by saying they didn't exist. Then, that the vast majority (Roman Catholic) culture wasn't "society at large". Then that the resulting minority cultures, which you concede had them, don't count.

    It really sounds like you've got some kind of problem with "pop psychology", whatever that is, which you invert to deny something that "pop psychology" agrees with.

    I've already given you a citation to a well-known Western ceremony that helped define Western civilization. I'm not going to spend any more time plugging every hole in the weak argument you're posting.

    Frankly, I think you need to grow up.

  4. Re:Good Riddance on Freenode Network Hijacked, Passwords Compromised? · · Score: 1

    Secure systems generate a new hash for each transaction to protect from replay attacks.

  5. Re:Good Riddance on Freenode Network Hijacked, Passwords Compromised? · · Score: 2, Informative

    Which is why good hash functions generate different hashes for every transaction from the same plaintext. Like including a timestamp.

    Hashes are proven deterrents to attacks that raise the cost of attacks much higher than their returns. Of course they have to be used correctly. That's how security works: you can't protect your house by taping a lock to the welcome mat.

  6. Re:What kind of auth protocol? I'll tell you... on Freenode Network Hijacked, Passwords Compromised? · · Score: 2, Interesting

    Which is why HTTP clients tell users that such forms are insecure, right where the user is entering the password. While the HTTPS protocol is indicated to be secure by the client, because it is secure during the part of the transaction that includes the client.

    That is of course not as secure as transmitting only a hash, which can help ensure the password doesn't get exposed. But it is a lot more secure than the nearly totally insecure IRC protocol we're talking about. And therefore a lot less vulnerable, therefore more trustworthy. IRC doesn't indicate how untrustworthy is its password authentication, so the public exposure of its failure in this case is valuable, in educating users. At higher cost, and lower return, than just making the protocol use hashes instead.

  7. Worker's Paradise on The Making of a Motherboard at ECS · · Score: 5, Interesting

    The last page has the completely naive part about working conditions. The reviewer, Carl Nelson, has no way to know whether the redfaced employee was just embarassed at their bad day report being photographed, or whether there are severe punishments. China's mafia government executes people for software/content piracy, among other fascist means of keeping people in line with their "discipline". They routinely torture people for interfering with official government policy.

    (FWIW, I'm not comparing China to the US or elsewhere, where there is also too much torture and executions, for whatever reason. There is no relativism that justifies torturing people, certainly not over economics.)

    The first page has the claim that "Pretty soon every computer you buy is going to have an ECS motherboard in it!" Although that's probably just wrong, it shows how naive is the reviewer about the real world outside motherboard specs. If it were true, I'd be worried about a single company, a single factory (which can halt or be destroyed) representing a single point of failure for every computer in the world, or even (especially) in the US.

    That article is about as analytical as a videogame review. That is, not at all, after being bought off by a free trip to the factory where their toys get made.

  8. Re:Good Riddance on Freenode Network Hijacked, Passwords Compromised? · · Score: 1

    If they stored only the hash, how does a password get exposed? That's the whole point of a "one way" hash.

    If the password is sent in the clear across the network, that's even worse, and doesn't need the DB to be compromised.

  9. Re:Manmaking on Immaturity Level Rising in Adults · · Score: 1

    Europeans practice Confirmation in the Roman Catholic Church. Which in turn was adapted from the cultures it supplanted. There are other rituals in other Western cultures. What does "pop psychology" have to do with this documented history?

  10. Re:Good Riddance on Freenode Network Hijacked, Passwords Compromised? · · Score: 1

    There's obviously a lot wrong with IRC security. As I said in my original post, the public exposure of this insecurity is a welcome development, to immunize people against trusting it too much.

    But there's no reason to remember the hash. The "identify" function should take "apple" as its argument, hash it, and send the hash to the server. That's what software is for. If you use the same hash every time for the same "password", then the hash has become a cleartext password, which can be sniffed on the network etc.

    This is basic security. IRC lacking it makes IRC a joke - which we already knew, but too many people have to learn for the first time every day, because IRC looks like actually secure password-protected systems to beginners.

  11. Re:Good Riddance on Freenode Network Hijacked, Passwords Compromised? · · Score: 1

    In that case there's no need to replace NickServ to get the passwords. I'd assume that cracking FreeNode to point it at a trap instead of NickServ is harder than just sniffing the network for these passwords, but not necessarily. Sniff the FreeNode superuser's password on the network, login to FreeNode, reconfig it to point at the trap, collect the rest of the passwords. The only problem is that you can't tell correct passwords from typos or just wrong ones, so you let everyone login. But at that point there's little difference, especially if the cracker is posting brags to the log, and kicking the real superuser.

  12. Re:Good Riddance on Freenode Network Hijacked, Passwords Compromised? · · Score: 1

    Usually passwords protect the service, even if IRC is an exception, so most people expect them to do so. Responsible sysadmins would include the warning when users register that their passwords aren't secure, that the IDs of people on the site aren't necessarily authentic, if the passwords are compromised. Your security is helpful in getting the system to reflect how users use it, even if admins want to use it insecurely.

    This public exposure at FreeNode does something to help educate users, but only momentarily.

  13. Re:Good Riddance on Freenode Network Hijacked, Passwords Compromised? · · Score: 1

    Most IRC users don't realize that their passwords don't protect them - passwords generally do protect users, when the user uses them correctly. That creates a "reasonable service expectation" that was not met by this popular system.

    That's why I said it was good that this crack was exposed publicly: now people know better than to trust it. Or at least know better than they did before.

  14. Re:Good Riddance on Freenode Network Hijacked, Passwords Compromised? · · Score: 1

    It doesn't matter if the passwords are stored in plaintext or transferrred in plaintext. In fact, transferring in plaintext is worse, as it doesn't take filesystem privileges to sniff the network.

    So it's good that this thing went down in public, though it's bad that its loss damaged so many people. Rather than just get "fixed" secretly, without people revising their trust of it.

    As I said. Which you would understand, if you weren't just yet another Anonymous idiot Coward.

  15. Re:Mod parent up, grandparent down. on Freenode Network Hijacked, Passwords Compromised? · · Score: 1

    There's no way to tell from the article or the summary where the plaintext passwords are being intercepted. Guessing that NickServ has been cracked is a good guess, but it doesn't matter.

    Try getting a grip on the problem before shooting off your mouth about moderation demands. You might learn something.

  16. Re:Good Riddance on Freenode Network Hijacked, Passwords Compromised? · · Score: 2, Interesting

    What kind of auth protocol sends passwords in plaintext across the network, rather than hashing them at the client for comparison at the server? Especially among a complex 3-party auth?

    There might be a technical difference in the topology, but the insecure design is just as bad, if not worse.

    Why should NickServ have access to the clear passwords? What happens if FreeNode switches to another auth service, especially if a result of a dispute? That system is really too insecure to trust at all.

  17. Manmaking on Immaturity Level Rising in Adults · · Score: 3, Interesting

    Becoming an adult used to take an explicit ceremony, with months or more of preparation, which every adult completed. Encoding cultural history as well as the expectations of adult behavior.

    As more traditional culture is lost, more people go through life without the benefits of it, or a "new version" that can update it to work in modern society.

    Girls have lost more of these procedures, filtered out along with lots of oppressive female institutions, and probably represent lots of the people not converted into adult personalities. If women's culture included explicit "rites of passage" from girlhood into womenhood, more girls would become women. At least some men have the bar mitzva, or the fraternity pledging.

    I think that if every girl learned about the biology of becoming a woman in "midwife clubs" assisting a group of adult midwifes for a year, then celebrated their own "coming of age", they'd be a lot better integrated with their gender identity as well as their maturity identity. Boys would benefit from it as well, but not as much as girls, just as girls benefit from the masculine cultural bar mitzva, but not as much as boys.

  18. Good Riddance on Freenode Network Hijacked, Passwords Compromised? · · Score: 1, Insightful

    The largest FOSS IRC network stores all its user passwords in plaintext, not a hash against which incoming passwords can be checked? Its superuser could look at any password they wanted?

    It's a good think that firetrap finally collapsed publicly. It should have happened much earlier, before its loss damaged so many people.

  19. Re:Wow on U.S. Secretly Tapping Bank Databases · · Score: 1

    Moderation +3
        40% Insightful
        20% Redundant
        20% Interesting

    Just because there's so much evidence of the same criminals screwing us so many times, that's not "Redundant". TrollMods doing the unnecessary coverup jobs are redundant.

  20. Re: Wow on U.S. Secretly Tapping Bank Databases · · Score: 1

    I said
    "you're an even bigger coward than the silent deniers: you're scared of your own shadow, and you're bullying it into submission. "

    You said
    "I'm just as sure that nothing that I say will change his mind - thus, I can hardly bully him into submission. He said his piece, I said mine. I wasn't debating the issue - if I was debating, you'd know it."

    You're denying that you're debating and bullying your own shadow. You don't need psychoanalysis: you're crazier than a scene from _Fight Club_. Add projection to your list of major malfunctions.

  21. Re:Wow on U.S. Secretly Tapping Bank Databases · · Score: 3, Insightful

    Tell me about the Iran/Contra Democrats.

  22. Re:Wow on U.S. Secretly Tapping Bank Databases · · Score: 5, Insightful

    They had the intelligence, and the power to cherrypick, to invade the country, Iraq, that was right for them. The Bush administration is the Iran/Contra administration . All these people made their bones in the 1980s CIA/NSA cocaine and guns conspiracy. That hijacked American foreign policy to wage secret wars in Central America. To raise money for secret wars elsewhere, like in Africa, and Osama bin Laden's Afghanistan. With secret Saudi funding and Iranian funding. As seed money for robbing the Savings and Loans of over a $TRILLION (in 1980s dollars: our GDP was 1/4 what it is today).

    These same people, like Poindexter, Negroponte, Bolton and so many others, wrench our country into invading Iraq to the benefit of Saudi Arabia and Iran, giving the NSA and CIA powers previously forbidden by our constititional democratic republic. While spying on all Americans for the political power that ensures their corporate backers will make all the money they want, forever.

    They're pulling it off. As measured by $TRILLIONS in profits and unlimited power, killing thousands around the world and leaving our country to rot. How can we possibly deny that they're smart, that they're doing it all on purpose, that it's malice, even evil, that is driving all their actions? Because the truth is too much to admit, especially since we like to believe what we see in the media: the Republican government works for us, not themselves and their corporate masters.

  23. Re:Corporate advantage? on U.S. Secretly Tapping Bank Databases · · Score: 1

    US corporate welfare isn't just "hypocritical", it's antidemocratic. Covering up our subsidies of our corporations prevents voters from voting for politicians who would do it differently. European voters know about their subsidies, so are responsible for them. That's a democratic republic, that American invention we've abandoned to others more interested in liberty than in pretending to trade it off for money.

  24. Re: Wow on U.S. Secretly Tapping Bank Databases · · Score: 1, Insightful

    You need to publicly insist that the poster is crazy to reinforce your own denial. You need to keep shouting down your own little voice whispering that what they say might be true. If you weren't so insecure, you'd just keep your smug willful ignorance to yourself.

    You're an even bigger coward than the silent deniers: you're scared of your own shadow, and you're bullying it into submission.

  25. Re:Queue up the proof by anecdote posts on Earth's Temperature at Highest Levels in 400 Years · · Score: 1

    No, I said "People who say things like that at this stage of the game aren't just not reading the reports. They're deep in denial. It's good that enough of us are charitable enough to think they're just ignorant, but they're really deeply stupid, or worse.". That's pretty nutshell already.

    Your "nutshell" is exactly what I'm talking about: denial, the deep stupidity or worse that convinces you that you merely disagree. When you qualify with negated hyperbole like "not claiming to be the world's greatest authority", you show your denial colors, like some kind of Rumsfeld.

    I point out that college debating the Greenhouse qualifies you to lie about it, not understand it. You turn around and try to tell me that I said something different from what I said. You're not even a good debater.