Slashdot Mirror


User: mysidia

mysidia's activity in the archive.

Stories
0
Comments
13,354
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,354

  1. Configure software restriction policies on Ask Slashdot: How Would You Secure Your Parents' PC? · · Score: 1

    Take a look at this article

    basically, set software restriction policies such as PATH RULE
    C:\Users\ DISALLOW

    Or better yet, set to DISALLOW by default. And whitelist specific system directories, including the default allowed directories.

    Only allow installed software to run, and software in C:\Windows c:\program files c:\program files (x86) etc.

    And perhaps some temporary directories

    For web browsers such as Chrome, I suggest you should use "Chrome for business" installed globally, instead of installed in the individual user's directory.

    You may need to allow some programs to execute from some temporary directories of the user profile to allow automatic updates running as the user instead of admin.

  2. Re:Laws alone don't prevent arrest on UK Men Arrested For Anti-Semitic Tweets After Football Game · · Score: 1

    Very scary. An audit. One that found there was no wrongdoing. I believed you claimed there would be an arrest involved.

    No... in this case an audit is the punishment. In other cases, arrest (that doesn't lead to a proper conviction) is the punishment.

    Since you've effectively conceded that US laws on free speech are far better than the ones in the UK, and require conspiracies to circumvent them, the original point that you criticized has been proven.

    Not really.

    My point is the free speech laws in the US may be better de jure, but the result essentially may very well be de-facto equivalent.

    Free speech law in the US in theory is better, but in actual fact -- it seems to suffer.

    On the face; UK free speech law would appear to be weaker, but in fact, it's not as weak as alleged....

  3. Re:And google will retain that info exclusively. on Google Makes It Harder For Marketers To Collect User Data · · Score: 2

    In which case, a broken link or no image will be shown to the user, and it might result in your message being marked spam.

  4. Re:End of certificates, please? on IETF To Change TLS Implementation In Applications · · Score: 1

    The problem is it doesn't make any difference because you still need to be able to connect to servers that are only signed by one CA, and you have no way to know ahead of time how many signers there should be for any given host. And if all clients accept one signer, why would anyone pay for two?

    My suggestion would be that browsers out of the box require a minimum of 4 current signers, for certificates issued after date X; and be configurable to require between 3 and 10 signers; at least one of the certifications must be High Assurance, at least one of the certifications must validate something other than the requestor merely being the e-mail address of a WHOIS contact for a domain. Certificates issued before date X would generate a warning message after date Y. And that signatures, not certificates, have an expiration date.

    The certificate should contain attributes associated with the signature identifying what standards of validation the CA claims to have performed, and which fields additional validations were done on, before signing the certificate.

    Suggest all certificates must contain (1) A valid Organization field, that must be the name of an entity authorized to operate a website, on behalf of the registrant of the domain; generic, or common names such as a DNS domain name, will be treated by the browser as a questionable cert. (2) A validatable OU or department field, certificates with generic or common names such as "Domain Control Validated", should be treated as doubtful. (2) At least one valid e-mail address; at a minimum, every CA signing a cert has verified this at the time of certification. (3) At least one valid telephone number additional attribute, belonging to a contact of the registrant, not the CA.

    You may have one standard of verification; that simply consists of proving domain ownership by using e-mail to contacts, or setting DNS records. And that an automated machine contacted the phone number of the domain registrant, and presented a PIN code, which was entered online.

    You might have a standard of verification; that consists of proving ownership of a DNSSEC secured zone, by publishing a signed record with specified content, within a specified TLD scope.

    You might have a standard of verification, that requires proving the identity of the requestor, requires proving the identity of the organization, using a paper-based process; requiring submission of identification documents such as government-issued Identification and a LOA, matching the registrant of the domain name. SCOPED to CAs based on (1) Country and Province of company/domain registrant, (2) Country of contact requesting a certificate, and (3) TLD of domain name.

    You might have a standard of verification, that requires a notarized attestation from a domain registrar, a notarized attestation from a company officer, with a LOA to the requestor, and a notarized attestation from the requestor. Scoped to CAs based on (1) Country, State, and Province of the domain registrant, and (2) TLD of the domain name

    You might have a standard of verification, that requires an in-person meeting between representatives with a domain registrar, company officer, where a copy of the public key is validated in person, before a signature can be issued.

    Etc.

    You might have a standard of verification, that requires a government body the requestor interacted with, to provide the evidence in a certified manner, that the data is valid.

    The list of means of verification used to verify the signature should be coded by the CA as part of the signature; together with an assurance level such as Low Assurance or High Assurance.

    Also; the means of verification that a CA has been proven to be able to do, and security management systems that have been audited to compliance with ISO27001 standards as the CA capable of performing to adequate standard, should be part of the CA department's attributes,

  5. Re:End of certificates, please? on IETF To Change TLS Implementation In Applications · · Score: 1

    That is the ITU's current plan. It was also a core concept of the X.400/X.500 based email systems.

    Bleh... noone would use X.500 email systems though.... isn't Microsoft Exchange the only system that uses X500 addressing for e-mail ; everyone else doing SMTP / RFC8xx style Mailbox@Example.com style email addresses ?

  6. Re:End of certificates, please? on IETF To Change TLS Implementation In Applications · · Score: 1

    In this video Moxie Marlinspike discusses the problem and convergence.

    The trouble with Convergence; I think, is the reliance on online notaries; which become highly-centralized single points of failure.

    Remember; for the most part --- users will just use their web browser's default settings.

    I believe for it to be highly scalable --- the web server must gather signed notary responses and provide these to the user for dissemination.

    The internet standards should focus on changing the nature of SSL certificates to enable Web of Trust and multiple certifications of a certificate.

    The work of getting multiple certifications needs to be loaded onto the webmasters, and perhaps some 3rd party authorities verifying trust; not solely the user's problems.

  7. Re:First things first, limiting CA's scope, please on IETF To Change TLS Implementation In Applications · · Score: 2

    Can someone, please, if they can justify why for example Türktrust can sign a certificate for a *.gov and .*mil domain? Or why Spanish CA issued a wildcard *.google.com to someone, please?

    Personally; I would favor requiring Server certificates to be signed by a minimum of 3 CAs; perhaps by using a separate trust document file; "Third party CA a auxillary attestation of certificate trust".

    The standard could then be --- at least two of the authorities must reside in different geographical jurisdictions. At least three of the attestations must be from authorities that have no business relationship with each other.

    And: The user can specify a number of "points" to assign to each CA on a scale from 1 to 5; with a browser default value of 3 for major CAs such as Verisign.

    If the score of the certificate is less than 8, or another value user-configured, then the cert is untrusted.

  8. Re:Ok on IETF To Change TLS Implementation In Applications · · Score: 1

    I would suggest reading all about Engima, Enigma after ww2

    See enigma was pretty cool, but only the military units got the crucial plugboard feature -- and they all suffered a flaw that a letter could not encode to itself.

  9. Re:What's next? on No Longer "Noble"; Argon Compound Found In Space · · Score: 2

    Do we categorize Argon as a non-noble gas, or do we redefine what a noble gas actually is?

    We don't necessarily need to do either; the article headline is a little bit misleading.

    Non-reactivity, or the non-existence of molecules is not inherent to the definition of Noble gas. Non-reactivity is a description of what is believed to be true about noble gasses. The noble gasses were long believed to be completely nonreactive; but now, compounds of Xenon, Krypton, Radon.... and now Argon are known. We just need to find some compounds of Helium and Neon, and then.... compounds will be known of all the noble gasses.

    Well, for two: explosive nucleosynthesis in a core-collapse supernova is not exactly your every day chemical reaction.

    For three: Argon is still relatively inert. For the most part; you will not find compounds of argon in nature, or common materials that Argon will readily form compounds with in ordinary chemical reactions.

  10. Re:Is this legal? on Indiana State Police Acknowledge Use of Cell Phone Tracking Device · · Score: 1

    Even if it is technically illegal, and I don't know whether it is or not, who is going to arrest them?

    Perhaps they could target the manufacturer's first

    Someone manufactured and distributed these devices -- which is only lawful with the proper licenses..

    The FCC could start by revoking their certification of all their manufacturer's goods, and requiring a mandatory recall ---- and penalize the manufacturer by impairing their certifications for all products (even unrelated goods that just happen to be intentional or unintentional RF emitters).

  11. Re:End of certificates, please? on IETF To Change TLS Implementation In Applications · · Score: 4, Interesting

    Making encryption stronger is just pointless if you can fake a ceritificate.

    We should start, by allowing certificates to have multiple signers

    Instead of everyone trusting a small number of CAs --- the certificate should bear a number of signatures, and you should be able to score a certificate based on how much you trust the signers.

  12. Re:My Question is on Indiana State Police Acknowledge Use of Cell Phone Tracking Device · · Score: 2

    Cop pulls exec's Mercedes over. "Looks like you've got a broken taillight there, buddy." [Smash, tinkle, tinkle.]

    Not likely. They couldn't even get Steve Jobs for parking in the handicapped spot, and he was driving around with no license plates.

  13. Re:Is this legal? on Indiana State Police Acknowledge Use of Cell Phone Tracking Device · · Score: 1

    I do not know if FCC allows the law enforcement to violate FCC's own rules and regulations.

    The FCC agents can deliver a forfeiture order to the local law officers, ordering them to pay a $100,000 fine, for operating an unlawful radio station, same as anyone else.

  14. Re:Laws alone don't prevent arrest on UK Men Arrested For Anti-Semitic Tweets After Football Game · · Score: 1

    Such an arrest would still be possible only if you were to ignore several inconvenient words in the statute

    LEOs may very well ignore some inconvenient parts of the statute, and still cite the statute.

    False equivalency is not equivaleny. Regardless of your other appeals to unlawful arrests, conspiracies involving the IRS

    Conspiracy theory is the exact word that is used to draw attention away from abuses of power.

  15. Re:Laws alone don't prevent arrest on UK Men Arrested For Anti-Semitic Tweets After Football Game · · Score: 1

    If that were true (it isn't), what bearing does it have on the comment? Such laws are bad no matter where they exist.

    The article was implying the British specifically have a problem with a lack of free speech laws.

    The US has free speech embedded in the constitution, and such an arrest would still be possible.

  16. Re:Laws alone don't prevent arrest on UK Men Arrested For Anti-Semitic Tweets After Football Game · · Score: 1

    There have been times when the First Amendment was ignored, like the Communist cases during the cold war, but that was an abuse of the legal system.

    My point is the first amendment can be ignored at-will by the police officers, as long as they have a law to cite that you violated --- they can arrest: they can search and seize, THEY can turn your life upside down, and the existence of the law will be sufficient to defend themselves against any claims of false arrest.

    It does not matter if you prevail in court You were still punished, due to all the disruption and inconvenience that was caused by the police officers' abuse of you.

    Even when you won in court --- you were still audited by the IRS due to your political statement against the powers that be, you still spent time in jail, awaiting trial, or before you found someone to bail you out. You lost your job for being arrested. The local government withdrew or refused your new construction permits, after finding you had been accused of a crime..... the list goes on....

    All your technology devices such as computers and iPads got seized as evidence, putting a stop to your normal daily life ---- maybe killed your home business and communications with friends reliant on technology to communicate, etc, etc.

    A great deal of "punishment" for exercising your 1st amendment rights can be dealt out by officials, in a retaliatory fashion, without you ever being found guilty.

    Furthermore.... you really have no recourse

  17. Laws alone don't prevent arrest on UK Men Arrested For Anti-Semitic Tweets After Football Game · · Score: 4, Interesting

    Perhaps the British should also work on reforming their laws on free speech (or lack thereof)."

    You could be arrested for the same activity in the US under the 18 USC 245 -- Federally protected activities, act. There is the first amendment, but there is some separation between constitutional theory, and law enforcement fact. You might or might not ultimately prevail incourt.

    (b) Whoever, whether or not acting under color of law, by force or threat of force willfully injures, intimidates or interferes with, or attempts to injure, intimidate or interfere with ....

    (2) any person because of his race, color, religion or national origin and because he is or has been—

    (F) enjoying the goods, services, facilities, privileges, advantages, or accommodations of any inn, hotel, motel, [...] , or of any motion picture house, theater, concert hall, sports arena, stadium, or any other place of exhibition or entertainment which serves the public, or of any other establishment which serves the public and ....

    shall be fined under this title, or imprisoned not more than one year, or both

  18. Re:Word unlocked. on North Korea Erases Executed Official From the Internet · · Score: 2, Insightful

    Just remember that Germany voted for Hitler. History can and does happen again, unless we care to learn from it.

    And the US voted for Obama.

    There is frequently a disconnect between the reason people vote for someone, and what that person actually does once elected.

  19. Re:Simple solution on Some Londoners Cut Off As Failed Copper Thieves Take Fiber · · Score: 1

    it would not do anything for the copper thief (who already though this was a power cable), actually, it would be worse - now the thief would at least get a consolation prize - the embedded power wire.

    Yeah... instead they should use steel-clad or kevlar-clad armored cabling; with cut-resistance: inside pressurized conduit, that will set off alarms, and sound like they hit a gas line, if depressurized.

  20. Re:what? on Senators Propose Bill Prohibiting Phone Calls On Planes · · Score: 1

    It should be up to the airlines whether or not allowing voice calls would cater to their passengers, but airlines should have leeway on how they enforce their policy, such as being able to forcibly disembark a passenger immediately upon violating a voice-call prohibition.

    I suppose this is acceptable, but if they want to kick a passenger off a plane in-flight, then they must provide a parachute.

  21. Re:Rocket liftoff from Europa. on Hubble Discovers Water Plumes Over Europa · · Score: 1

    Maybe an intelligent alien life form under the ocean just sent a spaceship to outerspace.

    Or a test fire of a new ballistic missile, with the capacity to destroy a planet.

    Its effectiveness to be determined, after it hits the third planet, and they determine whether they see a planet with no intelligent life on it incinerated.

  22. Re:Far from harmless fun... but on Bitcoin Token Maker Suspends Operation After Hearing From Federal Gov't · · Score: 1

    No. He is not "transmitting money". He is selling physical bitcoin tokens.

    Collectible commemorative coins that have things printed on them such as "1 Bitcoin".

    These tokens have artistic features such as gold plaining, or construction with fine silver.

    The coins have a public key / QR code printed on them of a bitcoin wallet that has the specified number of coins, and a tamper-evident seal. Inside the seal is a piece of paper with the corresponding private key.

    However, the bitcoin amount that had been spent to the wallet whose private key is included --- are Bitcoins, not dollars.

    An intangible asset like warcraft gold; not money like US dollars.

  23. Re:A US perspective on UK Retailer Mistakenly Sends PS Vitas, Threatens Legal Action To Get Them Back · · Score: 1

    the more restrictive law wins in all cases.

    In this case, when the federal law says the recipient may use or dispose of as they see fit; this overrides any state requirement to the contrary.

    Federal law never trumps state law.

    Wrong. See the supremacy clause.

    The "supremacy clause" is the most important guarantor of national union. It assures that the Constitution and federal laws and treaties take precedence over state law and binds all judges to adhere to that principle in their courts. - United States Senate[1]

  24. Re:A US perspective on UK Retailer Mistakenly Sends PS Vitas, Threatens Legal Action To Get Them Back · · Score: 1

    disagrees with you. Too bad it was posted by an AC, someone could earn a bit of karma.

    The Federal law (39 USC 3009) has precedence over state law, particularly with regards to interstate transactions; therefore, if the UCC is in disagreement, then the federal law wins.

    The UCC is not law per se, but one revision or another has been adopted by each of the 50 states.

    Anyways... the citation you linked to doesn't say anything about the Buyer having any liabilities it just lists some Buyer's rights; with respect to sales.

    Again, the more-specific federal law, that lists more recipients' rights, wins.

  25. Re:loud quiet loud quiet on A Year After Ban On Loud TV Commercials: Has It Worked? · · Score: 1

    It says that on average they must be the same audio level as the programming.

    No problem then.... boost the programming audio, near the upper end of the frequency; where humans can barely hear it.

    Boost the advertisements' audio near the lower end of the audible frequency spectrum; where human hearing is most sensitive.

    They'll be at the same "level"