Slashdot Mirror


User: mysidia

mysidia's activity in the archive.

Stories
0
Comments
13,354
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,354

  1. Re:Are you kidding? on Is the DEA Lying About iMessage Security? · · Score: 1

    The truth is that it's impossible DEA to obtain the encryption key, as Apple doesn't have it.

    Did you read the summary?

    if you switch to a new iDevice, you still are able to access your old iMessages, suggesting that Apple has the key somewhere in the cloud

    How is it possible that switching to a new iDevice would let you access your old iMessages, if Apple doesn't have the key, and the new iDevice never communicated with the old iDevice?

  2. Re:The secret of Google's success on Google's Idea of Productivity Is a Bad Fit For Many Other Workplaces · · Score: 5, Insightful

    When a company is successful - especially a sexy tech company - other companies always seem to try to copy their working practices to try and emulate that success.

    Also.... Google's current practices might be what they need to do to stay ahead; Not what you need to do, if you are not at the top and want to get there and win.

    When you're not at the top... you may be better served by concentrating your efforts on a smaller number of products, to become the best; small number of products/innovations, to become the leader in one specific product -- choose a product that can easily be expanded upon (Search can be expanded upon naturally, because you get people visiting your site for search, now you have a chance to start offering them additional things later).
    Because your available cash is very limited, and the risk of not producing is high; even if you were to develop a large number of ideas, it would probably be fiscally irresponsible to attempt to pursue or use all the resources to consider as many product ideas as Google could consider...

    For a non-leader, innovation is important, BUT constraint on innovation is also important. You need a way of deciding upon a few innovations, that can be protected or are not easily replicated, in order to win.

    Then once you are at the top, you have succeeded, after you have committed all the appropriate investments into strategic uses and maintaining leadership and expanding your business... you might want to devote some resources to expanding into other areas mainly as a hedge against risk from competitors, innovating is a lot harder -- and you can afford some extra costs in terms of inneficiency, if it will probably help give you the ideas and ability to execute you need to expand into additional territory, maintain your edge, and avoid being eclipsed by a competitor.

    Since you are already on the top in one area -- what's the worst that could go wrong? You could have a secondary product fail at a small cost, but huge prospects for more profit.

    Maybe loss of worker productivity does not adversly affect the bottom line for an internet business like Google; which have few interactions to manage with customers or users of their products.

    Maybe the way you define productivity (And therefore: what kind of influence Telework would have on it), is inherently connected to the current goals and state of the company.

    What workers are more likely to do who telework or with random encounters, might translate differently dependant on the company's needs

    In other words: someone who accomplishes the exact same amount of work, and comes up with the exact same amount type and nature of ideas and collaborations, has the exact same discussions

    Might be defined to be less productive in one company, and more productive in another company.

    Because different things that they did (such as participation in discussions) might have different value.

    In other words company-relative productivity. In this case, there are no hard and fast rules, about what makes workers more productive, because different companies get different utility, and a single-dimensional numerical access is a misleading way of representing worker utility

  3. Re:Windows 95 on Set Your Watches For the End of Windows XP · · Score: 1

    Good luck trying to trick a DOS user into clicking a link or finding holes in DOS's (inexistant) network stack.

    There are TCP stacks available for DOS, and network enabled applications.

    One of them was a multitasking shell for DOS named Windows for workgroups.

    There were also Netware IPX networking drivers that could be loaded by config.sys

    Furthermore, LANMAN protocol might be used for file sharing purposes on the DOS workstation, in order to access data files stored on shared network servers.

    DOS malware/trojan payload might be inserted into the datafiles, being used with the DOS based application

  4. Re:Windows 95 on Set Your Watches For the End of Windows XP · · Score: 1

    So what? No system is resistant to things like that.

    There are unix systems which are resistant to that. They're not invincible to it, but they are resistant where DOS is not.

  5. Re:Is this the point in time.. on Set Your Watches For the End of Windows XP · · Score: 1

    Hiding insecure machines behind a firewall is not a good plan, in order to actually use it for anything you will need to open holes in the firewall

    Nonsense. You can just use a stateful firewall, with a web proxy for surfing. There are no 'openings'; connections can only be initiated from inside.

  6. Re:Is this the point in time.. on Set Your Watches For the End of Windows XP · · Score: 1

    So you add "Authenticated Users" to "Local Admins" on the machine - still a horrible practice

    As soon as a domain admin eventually types their credentials into the machine that has that configuration, it's equivalent, because of the fact that any authenticated user has the full power to arrange for the admin's credentials to be captured (they just need a keylogger to grab a copy of the password, or other tools to snatch a copy of the Kerberos TGT, when it gets issued).

  7. My watch is set on Set Your Watches For the End of Windows XP · · Score: 2

    for January 19, 2038. Because that's when Windows XP stops working

  8. Re:Are you kidding? on Is the DEA Lying About iMessage Security? · · Score: 2

    There have been several incidents over the years suggesting that authorities cannot decrypt PGP encrypted data.

    I think it's that authorities can't always decrypt PGP encrypted data.

    In some earlier versions of PGP, or on some certain OS versions, the entropy producing functions of the OS (secure random number generator), were broken, in such a way, that one or more of the asymmetric keys protecting an encrypted document would be a weak keypair, OR one of the symmetric keys protecting an encrypted document would be a weak symmetric key.

    The authorities are more likely to break the encryption by obtaining the IDEA encrypted keyfile, and launching a dictionary/phrase-based attack in order to gain access to the key material.

    Another option is to subvert the recipient; through lawful wiretaps, or a sneak-and-peak type warrant, where malware or covert keylogger is deployed on the recipient's machine, so the key material is exposed, through routine operations.

  9. Re:Are you kidding? on Is the DEA Lying About iMessage Security? · · Score: 2

    Bcrypt is a wonderful tool but it is not strong encryption. PGP now yields to decoding.

    That's not true... BCrypt for a specified number of rounds (adaptation of the blowfish cipher) is stronger than PBKDF2; that is, more resistant against dictionary/brute force attacks using GPUs and other embedded hardware.

    Furthermore, these have nothing to do with PGP.

    All 3 are key derivation functions, which are used to generate an encryption key from a password, and may be salted; such that the key generated is dependent upon both password and salt.

    These are strong, because the computational power required to test whether one specific password is the right one to provide access to the key, is large, and the algorithms cannot be efficiently scaled (at least not as efficiently as the use of a simple hashing algorithm such as SHA256).

    the strength of all 3 algorithms can be varied, according to the computational power available, and the required strength of the key derivation function.

    AES256 is still extremely strong cryptography, when the key is well-protected.

  10. Re:MS support as common as tooth fairy on Set Your Watches For the End of Windows XP · · Score: 1

    Microsoft does also provide telephone support. I don't know what kind of experience they provide for end users with a desktop FPP / retail consumers, but they seem to handle business critical issues impacting the desktops, at the organization wide / Enterprise Agreement license level, without a lot of time on hold.

  11. Re:Windows 95 on Set Your Watches For the End of Windows XP · · Score: 1

    They are resistant to the average malware. They are not resistant to a targetted attack from a hacker practiced in social engineering, and sufficiently skilled to look up one of the old exploits, or to write their own trojan.

  12. Re:Is this the point in time.. on Set Your Watches For the End of Windows XP · · Score: 2

    the underlying model is far more advanced than what traditional Unix has to offer.

    No. That's exactly what part of makes Windows so insecure.

    The security model is so "advanced", convoluted, and complicated, that the implementation cannot possibly be correct in any realistic universe.

    There are so many errors and holes in Windows' implementation of security, AND holes in administrator practices, that you are pretty much guaranteed things will be insecure.

    Yeah, you can do fancy things like run different services as unprivileged users. What does the average admin wind up doing, when installing software?

    Accepting insecure defaults... run the application as administrator... run the service as LOCAL SYSTEM, etc.

  13. Re:Is this the point in time.. on Set Your Watches For the End of Windows XP · · Score: 1

    There are already plenty of unpatched remote exploits already. There is this thing called a firewall, host intrusion prevention system (HIPS) software, and possibly application-based white listing.

    The security issues with XP can be mitigated, without Microsoft's help, pretty much, just as well as with Microsoft's help.

    Now what's harder to deal with is, the problem of new hardware coming out, that XP has not been extended to support...

  14. Re:Are you kidding? on Is the DEA Lying About iMessage Security? · · Score: 5, Informative

    Getting the key from Apple isn't really "technically interceptible" anyway. The problem, from their end, is likely that they need to subpoena the information from Apple (both past messages and the key for future use),

    This assumes a certain architecture. If the cryptosystem is strong, there is probably a frequent key rotation schedule, in which, the same key that encrypted past messages will potentially be replaced in the future by the time any new messages are exchanged.

    It would be ideal, if some portion of this key were secured by the password, e.g. a SCRPT, BCRYPT or PBKDF2 hash of the password, is part of the secret material required to decrypt the key on the client, and any change of the user's password results in key rotation.

    It is conceivable that Apple could design a system, in which, the keys would be available on multiple of your devices (because you knew an additional secret), but not available to Apple, to extract or find out what the key is (because Apple denies themselves access to the secret)

    Do I think it's designed that way? No... it would not happen by coincidence, for sure.

    Could they have designed it that way? Yes

  15. Consider a change to your network architecture on Ask Slashdot: Dealing With Unwanted But Official Security Probes? · · Score: 2

    "The doctors want to maintain a relationship with the hospital and are worried that involving law enforcement would destroy the relationship. What would you advise the doctors to do next?"

    Drop the issue, and secure their network, so the hospital, or anyone else outside their practice's internal LAN is not capable of probing or making unapproved connections; insert an IDS, and ensure offending IP addresses are blocked from access.

  16. Re:Gravitational tides will kill you on How Would an Astronaut Falling Into a Black Hole Die? · · Score: 1

    You could drop a chair from an airplane and see... marvel at that incredible force that is gravity, see how it easily defeats that feeble electromagnetic force, and turns what was once a chair into a pile of splinters, and in due time-- they will make their way into the earth...

    Both the particle and the antiparticle are affected equally by gravity, but gravity is the weakest force in nature. Think about it: a simple chair, held together by the electromagnetic force, supports you above the ground by counteracting the gravitational attraction of the entire Earth pulling you down.

    That's really not a great argument for it. The particles in the chair are bound tightly together, a very short distance from one another.

    The entire mass of the earth is not concentrated into a small piece of ground directly beneath your feet, or into a single point in space like a black hole.

    Instead, the mass of the earth is distributed over a relatively great distance, and it's not all located directly beneath your feet.

    The earth has a non-trivial diameter; and a non-trivial spherical volume over which its entire mass is distributed non-uniformly.

    The distance is very great, and the strength of gravity decays by orders by a great amount over any significant distance.

    Electromagnetic attraction also decays by a great amount over any significant distance...

  17. Re:Really? on Firing a Laser Into Your Brain Could Help Beat a Drug Addiction · · Score: 1

    We can do this in humans, we just have to drill a hole in their face and wire 'em up.

    How does this differ from Electroconvulsive therapy?

  18. Re:This is very big... on Indian Supreme Court Denies Novartis Cancer Drug Patent · · Score: 1

    "Evergreening" This is a process where pharma companies make teeny weeny changes to compound and get a new patent, bypassing the 20 year limit on patents

    The changes must not be teeny weeny at all; otherwise, the generics manufacturers could just produce the drug without the minor changes, and consumers would have the same benefit...

    If in fact, the new adjustments are so crucial, then the changes weren't really so small or insignificant

  19. Re:Gun Makers on Build a Secret Compartment, Go To Jail · · Score: 1

    This means he should have reasonably known that his compartmemts were being used for house and smuggle illegal goods.

    Eh? Last I checked, money was not an illegal good. It is legal to own cash, and if you own it: it is legal to store large amounts of it in a safe or vault, even a hidden safe or vault.

    And the authors of various E-mail clients and webmail services such as Gmail knwo or should have reasonably known that sometimes, their software is being used to facilitate illegal transactions over e-mail. (They just don't know exactly who or exactly what transactions)

  20. Re:a tragedy all around on A Sea Story: the Wreck of the Replica HMS Bounty · · Score: 2

    Except they also put other people in danger when they do so. Other ships in the area also would have felt obligated to take a risk with their own crews to try to save the crew of the Bounty if they were in the area.

    Except they most likely they wouldn't be suicidal enough to go into the area, until the storm passed.

    These are possible reasons their conduct of sailing into a storm should have been prohibited, and got their captain wreckless endangerment and manslaughter charges of some sort; but not operation of theit boat. Any boat sailing so close to a hurricane would likely have been capsized.

    The Coast Guard is obligated by law to put their own lives on the line to save people when they reasonably can. These sailors risk their life and limb often enough without someone foolishly compelling them to do so on their behalf

    Coast guard crews are trained for rescue situations and not obligated to endanger themselves. If the hazard is too great, they may choose to wait.

    His crew had no ability to get back home, no offer of a job if they got off and would have effectively been made homeless (some lived on the ship) if they got off. This was not a democracy and the crew were not in a position to vote.

    The article says the crew consented.

    If they had a difficult choice to make, regarding being made homeless VS putting their very life in danger, I feel sorry for them; However, they put themselves in that situation. If they couldn't trust the captain's judgement with their lives, they shouldn't have done that.

    It's not the government's job to prevent people from having to make difficult choices either.

  21. Re:Safest at sea? on A Sea Story: the Wreck of the Replica HMS Bounty · · Score: 2

    In either way, once caught in a storm, you certainly do not try to reach a harbor.

    The point is, if your boat is already at harbor, get your crew off the boat, and leave it properly secured; don't continue with your planned departure.

    If you know there is a storm, and you are at sea: don't steer into it, or anywhere near its potential path.

    If you're in its path, get out of its path.

    If you've gotten into a serious storm already while at sea, may be basically screwed, or you just have to ride it out, because storms can be very large, and you have limited possible chances of escape...

    That's not because at sea is the best place to be though, it's because you got stuck there, and there are no safe means of escape available, other than sailng out of reach of the storm (which may not be feasible to do within sufficient time period before the storm blows over)

  22. Re:Safest at sea? on A Sea Story: the Wreck of the Replica HMS Bounty · · Score: 3, Informative

    I frequently come across the maxim that the safest place for a ship to be during a storm is at sea, the logic being a ship in port will be thrown against piers, reefs, etc. and destroyed instead of at sea where, presumably, you can sail away from or around danger. Any sailors care to weigh in on this?

    The only way a ship at sea is going to properly steer around any danger, is if there are people on board. And those people will be in much more danger than if they were on land.

    Damaged ships can be repaired or replaced, by spending money. Lives of lost crewmembers cannot be restored by paying money.

    At sea, waves can sink the boat unrecoverably too.

    At port, the boat may be at risk of damage, especially if not properly and thoroughly secured at a sufficient distance from reefs.

  23. Re:a tragedy all around on A Sea Story: the Wreck of the Replica HMS Bounty · · Score: 4, Insightful

    The captain meant well, but his ship wasn't the measure of the dreams that sailed it.

    People do stupid shit, and put themselves in danger -- and they have a right to do so. We don't need to change the law in this case.

    His crew understood or should have understood the risks.

    The knowledge of the tragedy should serve as a bigger deterrant than any to sailors who would otherwise be so fool-hardy as to sail within reach of a hurricane.

  24. Re:SELL!!! on Bitcoin Currency Surpasses 20 National Currencies In Total Value · · Score: 1

    Income is taxed differently from gains. Stock paid for work done is taxed with bizarre complexity. But gains from trading gold, or stamps, or pokemon cards, is taxes differently from all of the abov

    Correct... however, if you are awarded bitcoins from conducting bitcoin mining,there is both income from mining coins, and then, later, gains from trading them (if you exchange them for goods, based on the value of the goods per BTC, or sell them, based on the value of the cash per BTC)

    If you mined 50 bitcoins, and claimed they were worth $0 the year you mined them, so no taxes due, then you sold them later the next year for a "gain" of $100 per BTC.

    Then I do believe the IRS' word for that would be 'tax fraud'

    When you earned the bitcoins through mining, your duty was to figure out the fair market value of the coins at the time you mined the coins, and report the income.

    When you later traded BTC in a future year, your capital gains are a sum of average dollar value per unit of BTC spent on cash or goods minus cost basis for each unit of BTC spent.

    Supposing through mining you gain undisputed ownership of 50 bitcoins which are appraised to be worth $15 USD each, based on your neutral appraiser's evaluation that comes from market rates of bitcoins. Then a year later, you trade 1 Bitcoin (BTC) to a dealer in order to purchase a new car with a retail value of $30,000.

    In Year1, you had $750 of income to report from earning BTC

    In Year2, when you traded 1 BTC, you had $29,985 in gains to report (30,000 car MINUS $15 USD cost basis of your 1 BTC).

    Both events are taxable in the year that they occur.

  25. Re:By Design on Misconfigured Open DNS Resolvers Key To Massive DDoS Attacks · · Score: 1

    Since an authoritative DNS server only handles requests from recursive caching servers it can implement rate limiting, thus making reflection attacks useless.

    Rate limiting on the authoritative doesn't make reflection attacks useless.

    It just means that a larger number of authoritative nameserver targets are required for the attack to be effective. The spoofed query rate against any one authoritative nameserver doesn't have to be excessive.

    There happens to be no shortage of authoritative nameservers.