Slashdot Mirror


User: blueg3

blueg3's activity in the archive.

Stories
0
Comments
4,435
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,435

  1. Re:Get A Mac on Schneier, UW Team Show Flaw In TrueCrypt Deniability · · Score: 4, Informative

    Really?

    All of Mac OS X encryption operates on user-managed encrypted disk images (volumes) or "encrypted home directories" (FileVault), which is really an OS-managed encrypted disk image.

    FileVault home directories are no stronger than your login password. As this password is stored hashed only once (albeit salted, as of 10.4), it had better be immune to brute-force-guessing. They're also only as strong as your system-wide FileVault recovery keychain, as a copy of the key is stored in that, too.

    Non-FileVault encrypted images at least use 1000-round PBKDF rather than a single hash and don't, by default, use a recovery keychain. At only 1k rounds, though, it had still better be immune to brute-force guessing.

    None of this addresses the fact that using a Mac OS X system with an encrypted directory still leaks information about the contents of that directory onto the unencrypted parts of the drive. In fact, if anything, TrueCrypt is better about not doing this than the Mac, though neither of them hide their tracks all that well. The best approach is to have TrueCrypt running full-disk encryption so that there's nowhere for data to leak to.

  2. Re:Get A Mac on Schneier, UW Team Show Flaw In TrueCrypt Deniability · · Score: 4, Informative

    Spotlight's index is stored in the root of the volume it's indexing. Encrypted filesystems are independent volumes, so their indexes are stored in their volume root. The index of the primary filesystem isn't altered.

    I'm not sure it leaks zero information -- there have been some bugs with Spotlight indexes and FileVault-encrypted home directories.

  3. Re:Urine? Is that all? on NASA Contractor Needs Urine · · Score: 1

    That's quite true, it's not unusual. It is, for some reason, stretching the university regulations, but we started using "legitimate" samples well before discussing the research publicly.

  4. Urine? Is that all? on NASA Contractor Needs Urine · · Score: 5, Interesting

    A professor I used to work for did research on the cryogenic preservation of sperm. The grad student who was working on this project wanted to run some initial tests, and we were not yet shipments of an appropriate animal substitute, so he acquired some samples himself.

  5. Re:Just use on Fallout From the Fall of CAPTCHAs · · Score: 1

    1 in 50,000 is probably a good barrier against brute-forcing, but solving five at once with 10 choices each probably would irritate the hell out of humans. :-)

  6. Re:Anyone usinging specialised tests? on Fallout From the Fall of CAPTCHAs · · Score: 1

    First, there is a computerized solution for "choose the cats versus the dogs" or even "choose the cats versus the arbitrary objects". There are some quite respectable computer-vision algorithms that could be trained to identify, say, cats versus other objects. While their accuracy is not comparable to a human, it's far better than random guessing.

    Second, spammers are quite good at evading traditional blocking methods (if you get this wrong N times in a row, you're blocked for T amount of time). The CAPTCHA solution needs to be fundamentally resilient to a brute-force attack by having a large solution space, or it is ineffective.

  7. Re:Anyone usinging specialised tests? on Fallout From the Fall of CAPTCHAs · · Score: 1

    Yes, I mean 120 unique solutions. :-P

    There are a number of CAPTCHAs that are case-sensitive and use numbers, so I did mean ~56 billion. Of course, that was only as a rough estimate -- most of them are variable-length, too.

  8. Re:Bzzt on The Push For Quotas For Women In Science · · Score: 1

    While a factor, that doesn't entirely account for the different. Most statistics actually use lower-level positions with people early in their careers that haven't taken that time -- it's a bit tougher to do higher-end statistics, though it can be done.

  9. Re:How about the reverse quotas? on The Push For Quotas For Women In Science · · Score: 1

    The more extreme statistic is done by comparing earnings over all recent graduates, and it's not very useful.

    Perhaps I should clarify. If the person citing the statistic has done no research (by which I mean reading and understanding other people's research), they're not reliable.

    I come from a background of science and engineering, and we only talked about pay differences between genders in terms of finding and solving problems, so I'm not really familiar with this "making men feel bad" PC nonsense you refer to.

    There is still a wage-difference problem, though nothing near what it was 20 years ago. It's also nothing near what certain organization would have you believe, which I think does them a great disservice. (This is especially true in science and engineering, where people are often fairly good at spotting cherry-picked data.)

  10. Re:How about the reverse quotas? on The Push For Quotas For Women In Science · · Score: 1

    I don't see your point. I said there is a difference, even if you account for difference in choices. This person you cite says the exact same thing, but also "thinks" that "probably not all, but most of" that remaining difference is "hard-to-measure factors". Not only does that agree with my claim, it doesn't take a mathematician to tell you that "thinking" a difference is "probably mostly" explainable but hard-to-measure (read: unmeasured) factors is not statistics.

  11. Re:One problem with women in chemistry on The Push For Quotas For Women In Science · · Score: 1

    All of the times I've known a professor or postdoc to have a child, it hasn't negatively impacted their work -- no more than the impact of the male postdocs that are sleeping at their desks, having been kept awake all night by their children.

  12. Re:How about the reverse quotas? on The Push For Quotas For Women In Science · · Score: 4, Insightful

    If anyone reliable actually cites that statistic, they give you a proper statistic -- comparisons between large groups of similar people going into similar jobs. Women do still make less in a fair comparison, but it's not as bad as if you bias the statistic by averaging everyone regardless of what job they're going into.

  13. Re:Anyone usinging specialised tests? on Fallout From the Fall of CAPTCHAs · · Score: 2, Insightful

    That's better, but it still has only 720 unique solutions, which is still within brute-force range. Your image library would need to be vast, or paying someone a small amount to label all the images once is an effective attack.

    By comparison, a text CAPTCHA has something like 56 billion unique solutions for a 6-digit string.

  14. Re:Just use on Fallout From the Fall of CAPTCHAs · · Score: 2, Insightful

    It seems you'd have to provide a list of possible ways in which the two sets of images are different. Any solution where random-guessing has a non-negligible solution rate isn't a solution for spam. Anything vaguely multiple-choice fails. The CAPTCHA scheme, on the other hand, has an enormous solution space.

  15. Re:Anyone usinging specialised tests? on Fallout From the Fall of CAPTCHAs · · Score: 2, Informative

    While that's a class of problem that's tricky (though not impossible) to address, giving you the choice of a few different animals it might be is insufficient. Even if there are 10 choices, random guessing will be right 10% of the time, and that's enough for spammers. Subjective answers (showing a picture of a dog and having someone type "dog") are tricky because not everyone will type "dog", and you don't want to reject humans.

    The current design fits the requirements well because the answer is distinctly objective (you're entering exactly the letters you see), but the number of possible answers is enormous, so learning the answers or hoping to guess well is unreasonable.

  16. Re:Uh, where's the warming dude? on Two Powerful Blows Against Air Pollution Controls · · Score: 1

    To be honest, that's also true. I don't really listen to unscientific opinions on matters of science, so I really tune out all of the people who are doing global warming advocacy or whatever you call it.

  17. Re:Uh, where's the warming dude? on Two Powerful Blows Against Air Pollution Controls · · Score: 1

    Global warming deniers generally are neither good at science nor at statistics.

  18. Re:What we know about global warming (for sure) on Two Powerful Blows Against Air Pollution Controls · · Score: 1

    Your aptitude with science and systemic modeling is flawless. If only somehow people were able to quantify the effects of multiple factors in a complex system! Then we could have an analysis that is more accurate than "some things are increasing, some other things are decreasing, and we can't tell f

  19. Re:Inconsistency on ACLU Files Lawsuit Challenging FISA · · Score: 1

    While I agree that FISA falls into the category of trading essential liberty for security that's not worth what was traded, it's also true that the adjectives in Franklin's statement are important. Trading some liberty for security is one of the central components of government.

  20. Re:Parent = "Interesting", not "Offtopic" on ACLU Files Lawsuit Challenging FISA · · Score: 1

    "Incidentally, the "F" in FISA will be a sticky obstacle... non-citizens do not share in US rights by default."

    That's not true; most of the rights granted by the Constitution are limitations on the powers of government and apply to all people within the purview of the US, regardless of citizenship. When the Constitution means "citizen", it says so.

  21. Re:Huh? on New Particle Found, the Bottom-Most Bottomonium · · Score: 4, Informative

    No, the antibottom quark is the bottom quark's antiparticle. It's just that antimatter doesn't work quite the way science fiction stories make it sound.

  22. Re:You're an idiot. on Nanomaterials More Dangerous Than We Think · · Score: 1

    Actually, nanotubes do exist in nature, and are produced naturally in many carbon-burning reactions.

  23. Re:Vendors sign with keys. on Package Managers As Achilles Heel · · Score: 1

    I could answer that, but the short article you didn't read already does.

  24. Re:Depends on bugs in old software on Package Managers As Achilles Heel · · Score: 1

    Or, require the "list of most recent packages" to be signed, sign it with a timestamp, and have the package manager reject old package lists.

    There are plenty of other, more complicated schemes where packages known to have vulnerabilities could have their signatures invalidated.

  25. Re:Vendors sign with keys. on Package Managers As Achilles Heel · · Score: 2, Informative

    The article actually discusses attacks that can be made by a malicious mirror even if you are only accepting signed packages.