Slashdot Mirror


User: mysidia

mysidia's activity in the archive.

Stories
0
Comments
13,354
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,354

  1. Re:KGB better than NSA? on Ask Slashdot: Recommendations For Non-US Based Email Providers? · · Score: 1

    As a US citizen, I sure as hell would prefer the KGB looking over my shoulder. the chance that it has any kind of impact on my life is far lower.

    That all depends on how much you're willing to pay the KGB agents blackmailing you.

    If the amount is deemed insufficient, you may find the pertinent details mysteriously arriving in the hands of your friendly neighborhood field office, anyways.

  2. Re:Runbox.com on Ask Slashdot: Recommendations For Non-US Based Email Providers? · · Score: 2

    By the way, the email headers are never encrypted. Only the body of the email is

    False. IPSec, SSL, TLS, or SMTP tunnneled over SSH, or other ad-hoc encapsulation protocols with encryption features can be used to secure the transport between cooperating mail servers.

  3. Re:Not sure I understand the question. on Ask Slashdot: Recommendations For Non-US Based Email Providers? · · Score: 1

    In my experience, having a mail server provider in Europe (e.g.) and using PGP/GPG could help. The problem is of course that your recipient also needs PGP/GPG.

    Encrypting with GPG/PGP just hides the content of the message. If the recipient is in the US, the NSA will still get the log that shows the two of you communicated

    Also, since the communication is now international --- it now falls under lawful interception; because the NSA is free and expected to snoop on international communications, this bit about using an overseas provider essentially in all likelihood guarantees the NSA will receive a copy of the metadata... whereas, otherwise, it would not be so certain

  4. Re:Not sure I understand the question. on Ask Slashdot: Recommendations For Non-US Based Email Providers? · · Score: 1

    Your random mail idea does screw with them in a nice way tho as it'd mess up their social graph and probably get yourself classified as an uninteresting spammer

    But is he really an uninteresting spammer, or someone using spam as a ruse, and coupling some unknown advanced steganography to hide messages for insurgents in the spam?

  5. Re:how long before it's blocked by a windows updat on The Pirate Bay Launches Browser To Evade ISP Blockades · · Score: 1

    Surely one of those patch Tuesdays will nuke it out of existance? Or the Windows Malicious Software Removal tool? :-)

    And then there will be a new patched version of the browser that removes the malware (Windows Update service) that nuked it.

  6. Re:"Unity web player"? on DEF CON Hackers Unveil a New Way of Visualizing Web Vulnerabilities · · Score: 1

    Erm. Unity is a well-known 3D gaming engine, dude....

    Could of fooled me. As far as I know, Unity is a very expensive product from Cisco for providing voicemail integrated with Microsoft Outlook and Exchange.

    So apparently there is some niche product that is a 3D engine of some sort, and I get that. But the publisher should still not be doing something that requires me to install software, to view it.

    If they're posting it online, they should use a standard format such as HTML5.

  7. "Unity web player"? on DEF CON Hackers Unveil a New Way of Visualizing Web Vulnerabilities · · Score: 4, Informative

    When I visit the demo site it prompts me to install some software I never heard of, before showing the demo.

    Seriously.... they make a malware visualization demo requiring me install some browser malware in order to view it?

  8. Re:not again on Samsung Infringed On Apple Patents, Says ITC · · Score: 3, Interesting

    They both blatantly copied each other constantly, misused patents, misused lawsuits and injunctions, etc. All these individual little patent disputes are really annoying. They should each be barred from suing each other for anything that happened prior to a certain date so we can be done with this. Then, if they want, they can just duke it out in a paintball game or Mario Party 9 or something.

    This is not just about the past. They are both selling phones in the present that each of them claims is infringing on their patents.

    The courts should examine the patent, determine how fundamental it is, assign an economic value to each of the patents as a price per phone sold; and then force the two to allow the other's use of the patent: require them to pay each other a royalty of their sales based on the court's valuation of each of their patents, and prohibit any further litigation between the two based on those patents, so long as they pay as required.

  9. Re:Switch to an easier technology on Ask Slashdot: How Do I Request Someone To Send Me a Public Key? · · Score: 1

    The secretary should be able to say what the key is, and how to verify that.

    The secretary should be able to provide a reference about where to download or to send the file.

    I would be extremely impressed if ANYONE were ever able to SAY a real public RSA (or DSA) key.

  10. Re:Switch to an easier technology on Ask Slashdot: How Do I Request Someone To Send Me a Public Key? · · Score: 1

    Just don't use Word (.doc). That was some of the stupidest password protecting I have ever seen.

    Right... the original protection scheme prior to Office 97 was very weak XOR encryption. In Word 2000 it was 56 bit RC4 encryption, which can be brute forced.

    You need to use a Word 2007 or 2010 document format to achieve strong protection, and preferably 2010.

  11. Re:Switch to an easier technology on Ask Slashdot: How Do I Request Someone To Send Me a Public Key? · · Score: 1

    This is a terrible idea. What self-respecting corporation would store a document in an encrypted format, which they did not have the means to decrypt without external assistance? Consumers may be dumb enough to do this, but any IT department worth their salt wouldn't permit it.

    The other organization's IT department doesn't have a legal say in how you as author of a document choose to license your work to their IT organization. Protection of privacy rights trumps the recipient's rights.

    You don't need assistance to open it; the recipient does --- if you rights management services, the recipient needs your assistance (license) to open the document; it's your information and therefore your document, not the recipient's.

    You can also control such functions as copy and paste and printing, and expire their access to a rights protected document. Depending on why the other organization needs the information.

    Although they may be able to copy information from the document manually; they may do so at their own legal risk.

  12. Switch to an easier technology on Ask Slashdot: How Do I Request Someone To Send Me a Public Key? · · Score: 5, Informative

    PGP is beyond the grasp of the average secretary or other end user. Unless you know for a fact that the person disseminating the data is familiar with PGP; you should probably not be asking them for their public key.

    I strongly recommend an encrypted PDF, Word Document (.DOCX), or Excel file (.XLSX); make sure to choose a strong password.

    I like the Office 2010 strong encryption and use of key stretching to make brute force password attacks hard --- but there is a free of charge reader available for PDF documents, and you should pick a strong password for encrypted documents anyways.

    Technically, you could implement DRM rights management services on your end, so the user has to contact your organization's RMS server over HTTPS for a license every time the document is opened, but it requires a trust relationship between orgs, or you having an account for the user.

    But the simple password protection is a very nice way to protect it. You can include a note in the e-mail message that you will be calling them to give them the password, so they can see the document.

    Then there is no confusion about what a 'PGP key is'. If you _regularly_ exchange a lot of documents with them, then you might ask to discuss using PGP

  13. Re:PGP won't help you on Ask Slashdot: How Do I Request Someone To Send Me a Public Key? · · Score: 1

    The recipient will decrypt you data and lose it or possibly misuse it. That is the risk. But by all means ask for a secure way to get the data to them.

    You could always print it out and fax it or snail mail it. Probably more secure. Even if there is now one copy of the data in the trash after they are done with it.

    Maybe talk to them about privacy concerns and ask if their operation has an ISO 27001 info security certification to help validate proven safe handling of data.

  14. Re:Why bother with the panic? on Request to Falsify Data Published In Chemistry Journal · · Score: 1

    The beauty of (natural) science is that you can replicate the results. Why spark a debate (which is more in social sciences ballpark) when you can just run the experiments and validate the statement that way?

    Because the journals tend to have an affirmative results bias. If someone replicates the experiment and fails to produce a result; it probably will not get published. On the other hand, if they replicate the experiment, and get the desired result -- perhaps it will.

    People care about the replication of results -- only in as much as it substantiated the prior research.

    If it shows the original research cannot be replicated, then that fact is likely to be ignored.

    Therefore.... it's quite important to get it right the first time and not have falsified data.

    It's not as if there can be an audit and the article based on some fabricated data pulled or ignored, with that fact unknown.

  15. Re:stupid on Campaign To Kill CAPTCHA Kicks Off · · Score: 1

    So, scaring users away with wall of text and (more) complex instructions (than usual) while making it easy for the bots

    No... only a few questions need to be asked. There are already a lot of questions on a signup form.

    - they only have to know answer to few questions and refresh the page until three of those come up.

    What makes you think they can refresh the page and get more questions?

    I would limit signups to 1 signup per IP address per 2 hours, and use a hash of a timestamp with a 60 minute resolution concatenated with their IP address to uniquely select questions.

    If they refresh the page; they will get the same questions.

  16. Re:I don't think ... on Federal Judge Declares Bitcoin a Currency · · Score: 1

    So, Bitcoin could be a commodity like bushels of wheat. One can exchange it for dollars, so it has a market value. But the commodity itself is just something farmers produce.

    The problem with that idea is... bushels of wheat have intrinsic value. You exert work to grow and harvest the wheat -- it has utility, people can eat it.

    Wheats value comes not from the fact that you can trade it, but from the fact that people can eat it to survive

    On the other hand... Bitcoin has no intrinsic value. It is much like dollar bills, in that its sole purpose of existence is to be scarce and allow people to trade it for goods, or trade goods for it.

    So bitcoin is like a currency, and wheat is not.

  17. Maybe legislation is ignored on Talking On the Phone While Driving Not So Dangerous After All · · Score: 1

    researchers analyzed the effects of legislation banning cellphone use, enacted in several states, and similarly found that the legislation had no effect on the crash rate.

    The conclusion you can draw from that observation is not that cell phones don't affect crash rates; to do so, you would have to assume the kind of people who talk on cell phones while driving are the kind of people who would be affected by legislation

    If instead, they ignored the passage of the legislation -- there might be no affect. This could be an excuse to ramp up on the awareness campaigns and strict enforcement efforts.

  18. Re:I don't think ... on Federal Judge Declares Bitcoin a Currency · · Score: 2

    So, which is it? A currency, subject to income reporting rules? Or a security, under the SEC's authority? IANAL, so I'd really like some enlightened input on what is being decided here.

    Arguably neither. You can convert your warcraft gold into US Dollars; that doesn't make your warcraft gold money.

    Arguably bitcoin could be not a security, and "Bitcoin Savings and Trust" still subject to SEC regulation, and could be a ponzi scheme --- not because bitcoin was a currency, but because They promised they were an investment service, and bitcoins are something of value, so the 'customers' provided something of value in expectation of a return.

    So the bitcoin itself doesn't have to be a security for that -- instead of bitcoins, they could have used gold nuggets, poker chips, or platinum bars: the principles are still the same, the customer gives something of value to the "company" in exchange for an I-O-U. The I-O-U is a security.

  19. The real upshot is 2048 bits is not sufficient on Math Advance Suggest RSA Encryption Could Fall Within 5 Years · · Score: 1

    For keys that need to be 'safe up to 10 years away, recommend a minimum RSA key size of 16,384 bits.

    I said from the beginning... the recent move of MS to require a minimum of 2048 bits is too little too late -- we need an order of magnitude increase in RSA key lengths to keep RSA as secure as it was 10 years ago.

    Even an 'efficient' algorithm for attacking the problem is likely to have certain resource constraints.

  20. Re:sounds like a wetware problem on Campaign To Kill CAPTCHA Kicks Off · · Score: 1

    If someone isn't moderating which "popular choice" words are added in the describe the image

    You mean like the word "prostitute" or "whore" appearing for the Queen of England, or "Dick" appearing as a choice for a picture of fmr. president George Bush?

    I assume there'd need to be a dictionary of known English words, a totally banned words list and a 'suspicious words list'. With words on the suspicious list requiring approval before use with an image.

    Also, any word that a significant portion of the population would fail to select from the pick list more frequently than some threshold would be omitted or deemed 'bad/junk'

  21. Re:This is a very hard problem on Campaign To Kill CAPTCHA Kicks Off · · Score: 1

    You can look forward to payments from spammers made via stolen credit card numbers.

    CVV required for verification. AVS checking mandatory. If the street address they provide doesn't match the card's billing address, then the transaction is rejected.

    To avoid additional e-mail based verification, the transaction must be over Paypal with a verified Paypal user via a confirmed home address.

  22. Re:So you want a Google monopoly on YouTube Adds Play Icon To Page Titles To Show Which Tabs Are Making Noise · · Score: 1

    Granting Google and its subsidiaries a monopoly on web video won't work so well for videos that violate YouTube's content guidelines

    In the rare occasion that I choose to visit a site containing 3rd party video content, or embedded Youtube/other content for that matter; I would be doing a temporary manual unmute on a case-by-case basis.

  23. Re:Trust and how to gain it on YouTube Adds Play Icon To Page Titles To Show Which Tabs Are Making Noise · · Score: 1

    So what should site operators do to gain your trust?

    Be Google or Youtube; and not in an iframe, embed, or other remotely sourced location on a page.

    The point of having an enumerated list is not necessarily "trust" per se ---- it's about maintaining control.

    If the mute was more annoying than the alternative for a certain site; i'd add them to the list. If it ever came to bite me; I would be in control to be able to remove them from the list.

    That way i'm in control; and trust (in that case) is just a metaphor for control.

  24. Re:This is a very hard problem on Campaign To Kill CAPTCHA Kicks Off · · Score: 1

    Voice isn't that hard for machines anymore... TTS and voice recognition are reasonably good. Not to mention people who are either deaf or mute are screwed, so you're cutting off another group instead of the blind.

    The image-based Captcha can be offered as an alternative for the deaf or mute.

    If they are blind, deaf AND mute all 3 at the same time, then yeah, there is a problem. Although as mentioned earlier.... I think the Alternative to Captcha should be pay $1 --- $1 from a confirmed Paypal address, and you get signed up -- no questions asked. Only a small number of sites should need to go to extreme lengths -- the financial sites. Everyone else can leech off that identification and proof of humanness by leveraging a token financial transaction or security-token based identity to do so; try as they might, bots can't readily clone such things.

    State ID's are easily forged with basic image manipulation. The app only gets a photo, it doesn't know you're injecting a still PNG into the video stream, or that you're holding-up a print-out of an ID.

    There are commercial services that specialize in that sort of thing, and I am certain they have given some thought to that risk. You don't get to just have a still image of the ID; you have to rotate it on camera.

    If the forums/sites are using the same service; you don't think it will raise alarm bells if the same ID is being used to attempt automated signups to large numbers of forums?

  25. Re:stupid on Campaign To Kill CAPTCHA Kicks Off · · Score: 1

    I think this would alienate about 90% of the target audience while making it easier for bots to decipher and bypass.

    We need to ask 4 or 5 questions, and allow the visitor to "Choose which question to answer"

    Please answer three of the following, and leave the rest blank:

    1. If it's a leap year, and February 29th is a Tuesday. How many days will there be in February next year, and what day of the week will it be come March 1?
    2. If you turn on the television and there is no signal, what might you hear?
    3. If Google, Yahoo, and Bing, are my favorite search engines, in that order. And Google shuts down permanently, which of these could still be my favorite?
    4. If the policeman decides to arrest a person, he binds their hands with what?
    5. If you are supposed to be at work at 4:30 AM, and you are 10 minutes early, then what time did you arrive at?
    6. If Barrack Obama was elected in 2012, what year does the term of office legally end?
    7. If John borrows $1000 from his bank on February 1 2014 and repays the loan with a lump sum payment on February 1 2014. How much does he have to pay if his bank charges 10% APR monthly compound interest over the period?
    8. What lies at the root of suffering?
    9. The 8th commandment says that you shall not what?
    10. What number is missing from the sequence? 1,1,2,2,3,3,4,4,5,5,6,__?__,7,7,8,8,9,9
    11. The person who was president of the United States in 1998 had a pet dog. What was its name?
    12. What actor played Luke Skywalker's father?
    13. What does Bilbo Baggins hate?
    14. What title did Gryffindor first appear in?
    15. If you mix yellow paint and blue paint in equal proportion, what kind of paint do you get?
    16. If you bought a $5 lottery ticket once a week for 22 weeks, how much money did you spend?
    17. The globe coordinates 28 degrees N, 81.9 degrees W are nearest which continent?
    18. A right triangle has a 45 degree angle. Please list the measures of the other angles in ascending order:

    ...