Slashdot Mirror


User: mysidia

mysidia's activity in the archive.

Stories
0
Comments
13,354
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,354

  1. Sue the city on Pedestrian Follows Google Map, Gets Run Over, Sues · · Score: 1

    For not having no-pedestrian signs allowed signs at highway access points.

    Just because you are using a map, even a map that makes route suggestions based on calculation of a path, does not mean you can turn your brain off.

  2. Re:A new privacy issue I saw today: on Congressman Steps Up Pressure On Google, Facebook · · Score: 1

    1: Contract with Vasco or RSA and have a rebranded ID token. PayPal does this. eBay does this. Blizzard does this. Even AOL used to offer this for users.

    PayPal uses a Verisign ID, it's essentially a rebranded "Verisign Identity Protection" token.

    And Facebook should use something like that, so the tokens are not specific to their site.

    I sure as hell don't want to have to carry around 30 security tokens to be able to login to 30 different websites.

  3. Re:Simple solution. on Congressman Steps Up Pressure On Google, Facebook · · Score: 0, Redundant

    Hi.. I didn't opt in to your communication. I was reading slashdot minding my own business, reading other people's comments, then you chimed in.

    You know what that means? You would have committed a felony. Have fun, jailbird. :)

  4. Re:Perspective on Earthlink Announces It Must Honor Comcast Cap · · Score: 2, Insightful

    A Cable broadband provider imposing bandwidth caps to 'alleviate congestion' is like the DOT trying to fix traffic jams on roads, by lowering speed limits or raising gas prices.

    Yes... as if raising gas prices 50% or capping how much gas you can buy, will reduce congestion during morning rush hour.

  5. Re:100Mb/s for pennies on A New Neutral, Long-Haul Fiber Network · · Score: 2, Insightful

    Except you still need a cable to bring each consumer to the aggregation points where the fiber is, and those are expensive....

    Also, what happens when a big carrier like AT&T just buys out all the dark fiber between two places to hold onto it, and doesn't use WDM?

  6. Re:People, people everywhere on Intel Sucks Up Water Amid Drought In China · · Score: 1

    Their problem is not purely one of consumption. It's mostly to do with polluted rivers and streams, which reduce the local availability of clean water.

    Rivers and streams that get polluted when industrial users of water dump waste products.

  7. Re:People, people everywhere on Intel Sucks Up Water Amid Drought In China · · Score: 2, Informative

    I would say the resources are available, but not being allocated to that purpose. Bottled drinks basically being a luxury/fun item..

    So think.. the bottling companies are like the network engineer that sits on the computer at work all day streaming Youtube and playing world of warcraft, using all the bandwidth on the T1, enjoying the luxury of the comuter game.

    Eventually a fight is going to break out between the Network engineer and the users trying to get actual work done, since WoW is making their connection so slow, and for some reason, nobody will do anything about the horribly slow T1 network connection...

    Meanwhile, there is a T3 sitting dormant, because it hasn't gotten configured yet, it's bought, and hooked up, but not linked into the network yet... so the CEO asks the IT manager why...

    'Well, the answer is, we are too busy, and we don't have enough network engineers to get all this stuff done... It's an infrastructure problem -- and we seem to not have enough engineering resources right now'

    See? Even if you have the resources, there's no guarantee an infrastructure problem gets solved. Even with all the $$$ and raw materials in the world, you need people to actually decide to have the work done, and lose the potential benefit of other ways they could use those resources instead :)

  8. Re:People, people everywhere on Intel Sucks Up Water Amid Drought In China · · Score: 5, Insightful

    It's not a resource availability problem: it's an infrastructure problem.

    Infrastructure is not in place to get the water (in sufficient quantities) from (potentially distant) places where it is available, to satisfy everyone's needs, and perform any processing required to make it usable.

    Water can be difficult to carry over long distances in large quantities (such as from the ocean) to remote areas of a continent, due to its tendency to corrode metal and other materials -- not just anything can carry it.

    It also requires energy to pump water, or keep it under pressure.

    Not to mention, that Ocean water is fairly dirty and requires desalination, and other processing to make it usable, which would be the highest cost. So usually water is taken from sources that are cheaper because they are closer or less processing is involved.

    If you ask me... Intel, Bottling companies, and others like them, are creating the bulk of the scarcity problem, and they should foot the bill for the additional delivery infrastructure their presence is causing to be required.

    They have a choice of where they build their large facilities, and the money to build new ones in places where water is not scarce, and close down old ones.

    They just do not have the financial justification to do so. If the local government makes it massively more expensive to operate facilities in the areas where water is more scarce, the companies will be able to justify opening new plants, or finding alternative means to obtain resources, rather than competing for limited locally available resources.

    As well, the plant operators should compensate for any other ongoing or any specific lasting impacts, required by their operations.

    For example, if Intel generates a waste substance, such as ruined/spoiled water, there should be metering they are required to do, and a per-pound/per-milliliter charge that they have to pay to cover the risk and eventual cost of that to the public, as an insurance/security deposit, with annual multiple independent 3rd-party investigations, and have the amount that must be paid per unit automatically increased retroactively, if the impact causes harm, spoiling to the environment, or the public, including harm to any animals, any aesthetic damage, or hidden damage to the future utility of any land above ground or underground, in order to pay for fully reversing the impact.

    Consumption or spoilage of any resources being a harm.

  9. Re:EOL XP already... on The Man At Microsoft Charged With Destroying IE6 · · Score: 1

    Cost of doing that is high... due to how vSMP works... giving a VM 2 vCPUs means that for the VM to run code, both CPUs will be locked for the VM during its execution.

    The guest OS may handle this better resulting in better performance, but the CPUs are being used inefficiently, and if the guest OS doesn't handle it better (depends on guest), it will actually be slower.

    Other tasks besides that particular VM will definitely be slowed down.

  10. Re:EOL XP already... on The Man At Microsoft Charged With Destroying IE6 · · Score: 1

    Not only is 7 "getting there". It's a great OS. Sufficient to displace both Windows 7 and MacOS.

    I predict any users that switched to MacOS over vista will soon be drooling over 7 and buying new PCs running 7 within 12 months, once they see how low the price tag is, how much they get, and the fact that the UI is just as good.

    Ubuntu will probably even be adversly effected by 7 in the long run (though moreso by ChromeOS)

  11. Re:EOL XP already... on The Man At Microsoft Charged With Destroying IE6 · · Score: 1

    Enjoy your botnet, then. Or are you expecting them to support it forever for free?

    No. They received payment to support it.

    Based on the cost of Windows XP ($260). And based on the cost of other OSes that come with no support ($0), in my estimation, the $260 should get me approximately 20 years of support for XP at the rate of approximately $1.50 a month, which is actually pretty high to pay in terms of support for any general software product.

  12. Re:Interesting! on Flash Destroyer Tests Limit of Solid State Storage · · Score: 2, Interesting

    See, that's the thing. Once a sector is written to, it won't be touched again, unless the data changes. You end up with some subset of sectors which are frequently modified, while others never are. That is NOT an even distribution of writes across all sectors, nor is it "perfect" in any sense of the word.

    If you have a copy on write filesystem such as ZFS, changes might be written to new blocks.

    It seems that in the future storage agents (or the SSDs themselves) might eventually evolve to relocate certain regions physically, in order to put rarely written data, or data that is 'stable' due to the existence of snapshots, onto the most worn sectors.

    Once wear on the commonly written sectors exceeds certain ranges...

  13. Re:Interesting! on Flash Destroyer Tests Limit of Solid State Storage · · Score: 2, Insightful

    He said an oven not a nuclear fusion core.

    The response was a Prescott P4 at 100% CPU, not an SCC / 48-CORE Intel Many-Cores(TM) chip with all cores at continuous 100% utilization

  14. Re:Fraud Alert != Fraud Immunity on Lifelock Worries After Employee Data Leaked To Web · · Score: 1

    CheXsystems is not a Credit Reporting Agency. They do not report on creditworthiness.

    They only report on negative items, and do not 'score' consumers.

    Their service is basically a blacklist. And used by retailers.

    So if you could place a 'security freeze' on your ChexSystems data, you would likely soon find all your bank accounts closed, and most businesses would refuse your paper checks (after running through the CheXsystems scanner and getting a reject code due to the security freeze).

    That's definitely not zero-impact to the consumer.

    Unlike credit reporting agencies.... stores don't expect to pull a credit report every time you make a purchase with CC. They do expect to check you are not in the ChexSystems database, before stores will accept a cheque.

  15. Re:Fraud Alert != Fraud Immunity on Lifelock Worries After Employee Data Leaked To Web · · Score: 2, Informative

    I'll agree a security freeze is better.

    But a Credit card or Loan isn't the only type of account an ID thief can try to open fraudulently in a victim's name.

    They might try to open a checking account instead, which does not involve a CRA inquiry. Instead, the inquiry would go to CheXsystems or similar, which do not provide a 'security freeze' option

    The ID thief may also create a bogus instrument, such as a 'checkbook' of fake checks in victim's name.

    If the ID thief is up to title fraud, they also may be able to take out certain type of mortgages on the victim's property, without a credit check.

    Or "rent" out certain items in their name and not return them. In any case the bad checks /non-returned items will result in probably nastygrams for the victim, telephone calls, threats, possibly attempts at legal action.

  16. Fraud Alert != Fraud Immunity on Lifelock Worries After Employee Data Leaked To Web · · Score: 5, Informative

    Not everyone reviews a credit report before issuing any type of credit.

    ID thieves can potentially abuse personal information, no matter how many types of fraud alerts you put, there is no guarantee that it will be seen by every third party.

    Or the ID thief may employee social engineering and even defeat the 'fraud alert'

    Todd Davis' publishing his social security number is a gimmick, and he should understand the risks, and chose to do so anyway, clearly as a publicity stunt.

    As CEO and well-known media figure he can probably more easily deal with any ills that result than the average joe, and rely on his company to pay all the money and take all the hassle haggling with creditors of ID thief.

    Minor cost well worth the publicity.

    His SSN is also more likely to be recognized by banks, and (I suspect) he has little need to himself apply for credit, personally, otherwise he would not do it.

    As for other employees of the company.... they have not agreed to this, not agreed to the hassle, and are in a much poorer position to defend themselves against ID theft. They have every right to their privacy, and to not have media organizations publish redacted/legally sealed or legally witheld info.

  17. Re:Interesting side effect on Google Offers Encrypted Web Search Option · · Score: 1

    I've not looked into the detail, but if a webserver can handle huge numbers of SSL connections then I wouldn't have expected a firewall/filter to struggle much either.

    This is dependant on cipher. Right now https://www.google.com/ is using RC4 128 bit. One of the cheapest (CPU wise) and least secure ciphers.

    A firewall creating fake SSL connections with clients would not have the same luxuries, if it encrypted with a RC4 cipher, it would be creating a security risk, since the RC4 cipher is unacceptable for other applications, such as online banking which should use 3DES, AES256 or better.

    Also, for webservers, the latency introduced isn't so bad, since they only need to decrypt once for each bit, and encrypt once for each bit.

    A firewall in between would be adding significant latency, due to the double-sided nature of the sessions.

    Another dirty secret you may be unaware of is webservers actually cannot handle massive numbers of SSL sessions. Typically the SSL sessions would get load balanced over many web servers at the TCP connection level, OR more common... the web farm has SSL frontend servers (probably with crypto hardware) to terminate the SSL sessions, and forward to the actual webservers over plain HTTP through a backend network.

    It's not practical at all for a common firewall to handle 100 simultaneous SSL interceptions. Of course firewalls could be designed with hardware crypto to allow it, just like Firewalls are designed with hardware crypto to handle VPN sessions, but the cost is not zero or a small number.

    I'm not sure how that would work. If all of the communication from the filter/firewall to the client is within the corporate LAN then having the certificate is useless without remaining within the LAN.

    The attack scenario is you have an insider attack originating from the local LAN, and they were able to quietly obtain the private key for the SSL Certificate used by the firewall.

    This is sufficient to MITM all SSL sessions they can see, and discover the session keys for all the SSL sessions without brute force.

    This also hides information from applications that they might need in order to make a good security decision.

    For example, if the firewall constructs a fake SSL session, the information about the effective encryption has been hidden... they can no longer verify that the session is encrypted end to end using a cipher strong enough for the information they are about to send.

    They can also no longer verify the remote end's certificate.

    Or else, the Firewall could impose a policy which will disrupt effective web access.

    Many websites use self-signed certificates, or have expired certificates.

    A decision needs to be made based on how the site will be used whether to proceed or not despite the error.. A Firewall quietly hiding errors will result in an insecure situation, since the user proceeds to a site under false pretense of security.

    A Firewall producing spurious errors in result of self-signed certificates or expired certs, will result in user complaints. And a demand from vendors that they simply 'OK' the cert warning.

  18. Re:Interesting side effect on Google Offers Encrypted Web Search Option · · Score: 1

    Yes, that will work, but it has a few problems:

    • It is not simple. Most proxy servers/firewalls are not capable of this 'MITM', and it would be a highly specialized solution (I would guess that it is elaborate enough that some organization will eventually patent the basic technology to perform the MITM).
    • The CPU requirements to deconstruct and reconstruct SSL sessions are not insignificant. This would have to be some monster of a firewall or filter (as in 3ghz quad-core+ equipment normally used for servers/workstations, or hardware crypto, in any case, an expense, and requiring lots more electricity than a simple firewall) in order to avoid introducing latency that would hurt the entire enterprise.
    • It is actually compromising security of SSL. This represents a substantial security risk, and if the Enterprise actually has a security policy designed to ensure protection of Enterprise data, a MITM of this nature is probably a violation of security policy in and of itself.

      The "new root-signed cert" becomes a point of attack, any intruder who can compromise that endpoint, now has full access to all the Enterprise's encrypted SSL transmissions, banking, etc.

  19. Re:Aiming to be a "textbook device" is mistake #1. on Amazon Kindle Fails First College Test · · Score: 1

    That's interesting... but unfortunate. I'd want an eReader/Netbook on both sides.

    Meaning, the ability to dynamically switch either side from eReader/Netbook at any moment, or have both sides eReader at once with different pages side by side on each half...

  20. Re:Odd choice on Amazon Kindle Fails First College Test · · Score: 1

    Even better... I found an e-mail from a guy in Nigeria that says all I have to do is send him my Social security number, 'Routing Number' and 'Account Number' from a check, and fax him a copy of my driver's license and passport, and he'll send me one for free, along with $100,000 cash, for passing $1,000,000 for him.

    Then I don't have to go through all the trouble of filling out some survey or completing offers.

  21. Re:Slashdot's catering to its CRONIES? on Tabnapping Scams Around the Corner? · · Score: 1

    Krebs on security appears to be a "crony" (or what's the word SEO optimization scammers use? Oh, yes: "Affiliates") of the editors here!

    You have evidence of this accusation against the integrity of Slashdot's Editors and (therefore) the Slashdot site itself?

    AGAIN: The editors here are in fact violating what you said yourself about "driving traffic to someone else's site

    Without evidence to the contrary, it seems like they are just doing their jobs and selecting which source is best to link to for the subject at hand. This is not necessarily always the 'discoverer'. Sometimes a better summary, or a more well-known site indicates a better link.

    I feel that this is within the editors' discretion, so long as you are not able to provide tangible evidence of an alterior motive (such as financial gain); the editors of Slashdot deserve the benefit of the doubt, with regards to their motives.

    Nor is either one better than the other, imo @ least, editorially!

    In your opinion

    being multiply internationally published for my works in this science, plus being featured as tech shows like MS TechEd 2 yrs in a row as a finalist for commercial code work & ideas in the hardest category

    You claim the foregoing, and yet, you are posting this anonymously, and not identifying yourself, or showing any cause that permits an unbiased reader to believe you actually possess credentials like that (other than you claim to have them).

    Of course, this casts suspicion that you probably don't actually have the credentials, or there is a catch, and you have something to hide.

    In any case, your credentials don't automatically make your opinion the correct one, they don't form a logical argument.

    I would expect someone who actually has these credentials to understand that much, that listing your accomplishments doesn't make your opinion correct, particularly on matters, those creds don't validate.

    Also, the Slashdot editors have some excellent credentials -- one of the most important ones, is, they are the editors of slashdot, and you are not.

    A CV with extensive experience in CS (Computer Security) or Management Information Systems, does not add up to editorial experience, for the slashdot audience.

  22. Re:This is one of those stupidly smart things. on Tabnapping Scams Around the Corner? · · Score: 1

    Average Joe wouldn't have bothered to memorize which tab had which page

    Um.. problem: Average Joe doesn't know about tabbed browsing in the first place, let-alone clicking or opening 30 tabs.

  23. Re:This is one of those stupidly smart things. on Tabnapping Scams Around the Corner? · · Score: 1

    It's no problem... the user is already logged in, so there is no need to ever present them a login prompt again (until some later date when they close their browser).

  24. "Deceny" groups are fun on Decency Group Says "$#*!" Is Indecent · · Score: 1

    Trying to think of more titles that would p*** them off...

    How about ****

    No, too subtle.. how about

    Erection in Peniston and Scunthorpe with Libshitz' Shitake Mushrooms

    Which of course would be a show about construction and cooking.

  25. Re:This is one of those stupidly smart things. on Tabnapping Scams Around the Corner? · · Score: 1

    If I was logged into it, why on earth would it be prompting me to login again ?

    It wouldn't.... the display of a new login prompt is inherently suspicious.