Slashdot Mirror


User: julesh

julesh's activity in the archive.

Stories
0
Comments
8,446
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 8,446

  1. Re:Plausible deniability on UK Government Can Demand You Hand Over Encryption Keys · · Score: 1

    Those aren't encrypted files. I just like to keep a few multi-gigabyte files of random data on my system at all times -- it's a fetish of mine.

    Speaking as someone who possesses hundreds of megabytes of random data (/dev/random only produces it so fast, and you never know when you'll need a large OTP), I can tell you it ain't really a fetish.

  2. Re:Truecrypt on UK Government Can Demand You Hand Over Encryption Keys · · Score: 1

    If you use truecrypt it is therefore plausible that there *IS* a hidden volume, especially if the first volume has not used the space at the end of the volume.

    Yes, but it's also plausible that there isn't, especially as the filesystem chosen by Truecrypt (FAT) stores data beginning at the start of the disk, so there is usually an empty space at the end (unless the disk has been filled up completely at some point). See, that's why it's called plausible denyibility. If I say "my truecrypt file doesn't have a hidden volume in it", that is plausible because (a) it could be true and (b) there is no way for you to prove it isn't.

  3. Re:Solution? on UK Government Can Demand You Hand Over Encryption Keys · · Score: 1

    Governments have a nasty habit of taking innocuous data and trying to make something sinister out of it. They can either try to make something out of the information itself directly or choose to draw strange inferences out of it.

    Citation needed.

    "If you give me six lines written by the most honest man, I will find something in them to hang him." -- Cardinal Richelieu
  4. Re:Hand the keys over on UK Government Can Demand You Hand Over Encryption Keys · · Score: 2, Informative

    If a judge asked you to hand over the keys to your house.. or your car.. or your safety deposit box.. you are legally required to follow that order....

    Are we surprised that digital keys have the same requirement?


    The requirement is not the same. If a judge orders you to do something, and you state that you cannot, it is usually up to the judge (or prosecution) to show beyond reasonable doubt that you could do it before you can be punished for that offence. Under the RIPA, it is up to you to show that you cannot. There is also a right of appeal against a court order like the one you describe; there is no right of appeal against a section 49 notice under the RIPA 2000.

  5. Re:The difference between UK and US on UK Government Can Demand You Hand Over Encryption Keys · · Score: 1

    In the UK, the rights of the people are what the Parliament decides. Tradition is what holds them back from being tyrants. Unwritten constitution and all that.

    Bullshit. We have plenty of written documents that provide our rights, dating back to the Magna Carta and most recently the Human Rights Act 1998 (which forms part of several international treaties so is not something the government can back out of easily). Most of the British constitution is written, however it isn't written in a single document like the US constitution. This makes it harder to understand in full, but doesn't really diminish its power.

  6. Re:Just do what the USA administration does on UK Government Can Demand You Hand Over Encryption Keys · · Score: 1

    Claim you:

    1. Can not recall your key
    2. You have no recollection of ever setting up encryption


    Unfortunately they seem to have thought of this. Not being able to recall your key is not a defence, unless you can provide evidence that you've forgotten it. And they only have to show reasonable grounds to believe you ever had it, not that you actually did.

  7. Re:You're missing the point. on UK Government Can Demand You Hand Over Encryption Keys · · Score: 1

    Frankly, this story just about sums up what the internet has become, a place for people to whine and bitch and moan about the things they could have done something about if they hadn't all become so god damn lazy.

    Actually, a lot of us did do things about this at the right time, thank you. Lot of good it did us, of course, but at least we tried rather than just complaining about people who aren't trying.

  8. Re:Old News on UK Government Can Demand You Hand Over Encryption Keys · · Score: 2, Informative

    This laws was implemented years ago. The article author seems to know very little about the law in this respect, especially as it has barely changed since introduction in its 2000/20001. Thankfully, it appears it has yet to be used in a non-terrorism related case.

    No, the law was *made* years ago. It has yet to be used because it first entered into force yesterday. Give them time! :(

  9. Re:Been like this for years on UK Government Can Demand You Hand Over Encryption Keys · · Score: 3, Informative

    Yes, here it is. It passed in july.

  10. Re:Been like this for years on UK Government Can Demand You Hand Over Encryption Keys · · Score: 2, Informative

    This law has been around for years. In fact, back when PGP was big, some UK residents on Usenet would have sigs saying something like, "If I revoke a key without explaining why, it is due to that law".

    The legislation was passed in 2000, yes. However the law was phrased so that it wouldn't become active until parliament provided a code of practice and announced a date for it to become active on. The last I heard there was a draft code planning to commence the law on 1 October 2007. I hadn't heard about this passing parliament, though, so thought it was going to happen. I may be wrong, though.

  11. Re:Not just J2ME on Best Platform For Hobbyist Mobile Development? · · Score: 2, Insightful

    JSP, JCA, JCE, JAI...

    It's crazy isn't it. What's most infuriating is it means when you go for a Java job half the time you'd get turned down because you haven't got the latest three letter abbreviation in your CV (resume) even though you're perfectly capable of churning out Java code and you'd be familiar with whichever two APIs they use most pretty quickly.


    There are only 676 possible TLAs that start with 'J'. Why not just list them all?

  12. Re:My Take on Best Platform For Hobbyist Mobile Development? · · Score: 1

    Personally I was put on the spot with no mobile device experience -whatsoever-, with a 2 weeks deadline to learn it AND deliver a tested, fully working and deployable (on customer devices) remote real time inventory management software su pporting most mainstream Windows Mobile enabled barcode scanners (I realise I'm not talking hobby anymore) with nothing but the lowest version of Visual Studio that supported it (which is incredibly cheap, especially since you can get an upgrade from virtually anything, including competing products), and I actually finished ahead of time.

    Impressive, but my experience developing for PalmOS devices (Symbol SPT200) was actually pretty similar. As long as your application's UI is simple, Palm is pretty nice to program for. That project was completed using free development tools (at least the inventory management part... it turned out that the free tools were incompatible with the Palm's dial-up features, so I had to switch to Codewarrior to complete the project).

  13. Re:Missing the point on VM-Based Rootkits Proved Easily Detectable · · Score: 2, Interesting

    Joanna's argument is that in a few years, everything is going to be using VM technology and you won't be able to tell a "good" VM from a "bad" one.

    I fail to see what purpose the average user has for VM technology. Sure, it's great for server systems, and as a developer I find it extremely handy, but if all you do with your computer is read e-mail, browse the web and run MS Word, why would you want a VM?

  14. Re:What did Debian do for the US DST change? on Debian Refuses To Push Timezone Update For NZ DST · · Score: 1

    It takes 5 minutes to test DST settings - they either work or they don't :)

    They're in a binary file format that's read by libc. There may be an obscure bug that could be triggered by particular combinations of settings. I know this is unlikely, but hey -- we're talking about Debian-stable here. You pick this distribution if you want everything to be absolutely certain. Normal people should be using unstable.

  15. Re:Debian are refusing to push the update on Debian Refuses To Push Timezone Update For NZ DST · · Score: 1

    The difference is statistical. The plural occurs in the same situations in American English, but only at a lower rate.

    All linguistic variations are statistical. I know Americans who use the spellings theatre and dialogue, however we still say that theater and dialog are the US English spellings of these words.

  16. Re:Debian are refusing to push the update on Debian Refuses To Push Timezone Update For NZ DST · · Score: 1

    And Debian is the plural for what...?

    Debian is a collective noun, refering to a group of people. Therefore it may take the plural form in British English.

  17. Re:What did Debian do for the US DST change? on Debian Refuses To Push Timezone Update For NZ DST · · Score: 1

    Ah... found it (and in a link from the FA, as well... go figure). The US DST changes, according to this bug report went into tzdata2006p - which, sure enough, got the changelog got pushed to stable Nov 28.

    Because it wasn't a last minute change. I'm not sure which version I have here on my Sarge installation, but the zone info files are dated 2006-04-19 and do include the update (zdump -v America/New_York | grep 2007 gives Mar 11 and Nov 4 as change dates, which I believe is correct). That means they had at least 7 months to test those changes in before they were added to stable. The NZ patch was only made less than a month ago. Some of us value stability enough that we would rather not see any changes to core packages (however minor) with that little time to test. It's not like there's any rule that prevents you installing the updates from volatile if you need them.

  18. Re:Is it a security update? on Debian Refuses To Push Timezone Update For NZ DST · · Score: 1

    So pray explain why they pushed a timezone update for the US changes earlier in the year?

    They didn't. They did exactly the same for the US updates as they are doing for the NZ updates. A list of the pushed security updates can be seen here. You'll note it doesn't include tzinfo. Here is the list of packages that have been updated via the 'volatile' distribution. It does include tzinfo, which it seems (if I interpret the versioning system correctly) has been updated 6 times this year.

  19. Re:Debian did the right thing on Debian Refuses To Push Timezone Update For NZ DST · · Score: 2, Informative

    "This update is not security-related"

    Yes, in fact, it is. Have you ever heard of log timestamps?


    If you are using log timestamps for security-sensitive applications, you really should be using UTC (or at least a timezone that doesn't have daylight saving changes), because otherwise you will get ambiguities cropping up: there is a one hour window every year for which the timestamps will repeat an hour later making it impossible in some circumstances to tell when exactly stamps left during these two hours occurred. This has substantially worse security consequences than merely not adjusting your clock for DST, which can always be corrected for later.

  20. Re:Windows is an example of bad proprietary code? on What's So Precious About Bad Software? · · Score: 2, Insightful

    Exhibit A is Windows itself?

    I don't need to read any further.


    Right. Because, of course, Windows is perfect, so the article must be wrong.

    You don't need to be a zealot to realise that Windows is probably pretty close to the classic definition of the codebase that's outgrown its original purpose by an order of magnitude or more and is now getting pretty hard to maintain. Why else did it take MS 6 years to release Vista, which isn't really much more of an upgrade over XP than XP was over 2K (which took them only 1.5 years)?

  21. Re:What should I do! on Mutant Algae to Fuel Cars of Tomorrow? · · Score: 1

    The planet covered in mutant algae - reminds me of something, a musical i think. But that was Red.

    You may be thinking of Jeff Wayne's Musical Version of The War of the Worlds, and specifically the section of it about the red weed.

  22. Re:Solution looking for a Problem on Jon Udell on the Nerd's Spreadsheet · · Score: 1

    Interesting, but I see no link to the specific spreadsheet we're talking about, which is described by its commercial producer as a windows-only application.

  23. Re:Compatibility on Do You Recommend Google Maps API or Microsoft Live Maps? · · Score: 1

    But if you're getting a lot of hits on Firefox, Safari, or other alternative browsers, then the wider Google compatibility would be preferable.

    I'll admit to not having tried Safari, but Live Maps works flawlessly for me on Firefox.

  24. Re:Python on Jon Udell on the Nerd's Spreadsheet · · Score: 1

    IronPython is not a language!

    Actually, I believe it is. There are substantial differences between IronPython and the reference Python implementation. C++/CLI is a language, IMO, and so is IronPython.

  25. Re:What's the difference? on Jon Udell on the Nerd's Spreadsheet · · Score: 1

    Aside from having a console window for custom formulae and a debug output window, it is not that much different from a typical spreadsheet program. This can easily be built on top of existing office suites, if they haven't include them already.

    While I haven't used this program yet, I believe the major difference is that it allows you to declare new classes and use values of those classes as cells in the sheet. This sounds remarkably useful to me.

    Imagine having a CurrencyAmount object. A1 contains =CurrencyAmount(50.00, "USD"). B1 is =A1.ConvertTo("GBP"). CurrencyAmount includes the code to look up the exchange rate on a web server, so whenever you click recalculate you get an up-to-date sheet.

    Also consider other cell types you could use: complex numbers, vectors, matrices, value with unit: A1: =UnitValue(50,"meters") B1: =UnitValue(17,"seconds") C1: =(A1/B1).In("miles per hour")