Slashdot Mirror


User: raymorris

raymorris's activity in the archive.

Stories
0
Comments
10,114
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,114

  1. Too late to vote, but SCOTUS could fix things on Yahoo Email Scan Shows US Spy Push To Recast Constitutional Privacy (reuters.com) · · Score: 4, Interesting

    > the US has been into mass surveillance for so damn long with the approval of the American public ... I don't think there is any turning back now

    I don't see public opinion forcing major changes, except possibly as part of a larger party platform, if for example the Libertarian party came to power of the next 20 years.

    However, the Constitution already bars unreasonable searches, and the Supreme Court can strike down the Foreign Intelligence Surveillance Act, without any massive political movement or cooperation from any government agency. In fact, the Southern District has already struck down the section of the Patriot Act which allows National Security Letters. The court ruled that the NSA mass phone records program was unconstitutional. That's already happened, and more decisions along those lines may be coming.

  2. My thoughts exactly on France Becomes First Federal Postal Service To Use Drones To Deliver Mail (vice.com) · · Score: 3, Informative

    My thoughts exactly. Someone said it's pedantic to make note of this, and one could argue that *because* the error isn't related to the point of the story, the error should be ignored. Perhaps so.

    However, it is important that in general people remember that a federal system is *not* a national government like France has. A federal system (compare "federation") has a group of independent states/units who grant the union government powers in specific areas, for specific purposes. The power of a federal government can be at most level with the power of it's members (though member states can delegate *specific areas* to the common government and defer to the federal government in those specified topics.

  3. If the act is intentional, vs red light crash on Uber Admits To Self-driving Car 'Problem' in Bike Lanes As Safety Concerns Mount (theguardian.com) · · Score: 2

    > You can't take insurance against being caught committing a crime. If what Uber is doing is illegal and there is an *accident*, insurance won't cover it
    [Emphasis added]

    Running a red light is illegal. Insurance will cover an accident caused by running a red light. The key word is *accident*. In most jurisdictions, insurance doesn't cover liability for *intentional* criminal acts; it does cover liability for illegal / unlawful acts where the damage is not intentional (either the unlawful act doesn't require intent, or the damage was the unexpected result of an intentional unlawful act).

    Unlawful acts frequently have a *risk* of causing damage. Jurisdictions, and courts, are divided on where to draw the line - if you look and it appears to be clear before you purposely cut through the bike line, but accidentally hit someone, that's borderline. You didn't hit someone on purpose, but you did cut through the bike lane on purpose.

  4. 20 years programming security, I don't do crypto on Google Releases Tool To Find Common Crypto Bugs (onthewire.io) · · Score: 3, Interesting

    I've been programming security-related systems for 20 years. There's no chance I'd ever roll my own crypto. Tools to crack crypto? Yeah I do those. Write an IPSec / IKE implementation from scratch? I did that last week. You bet your ass it uses standard crypto libraries; I'm not writing those.

  5. Do some work or something on Samsung Could Look To LG For Phone Batteries After Note 7 Debacle (cnet.com) · · Score: 1

    > My third first post this week

    You might be spending too much time on Slashdot.

  6. 40 car brands you shouldn't buy; most cars use QNX on BlackBerry Unveils Autonomous Vehicle Hub In Canada (venturebeat.com) · · Score: 2

    > If I knew a car I was about to buy had Blackberry software in it, I wouldnt buy it,

    Most cars user QNX. It'll be a challenge to find one that doesn't, because 40 different car makers use it.

  7. He borrows, and Forbes does the math - $3.7B on A Century of Surveillance: An Interactive Timeline Of FBI Investigations (muckrock.com) · · Score: 1

    Trump does use mortgages and other forms of "other people's money" to build things. Heck, the owners of the Empire State Building GAVE him a 50% interest, gave him half the building, in exchange for nothing but his promise to use his knowledge and experience make it more profitable.

    Forbes magazine has been doing the math on Trump's net worth (assets minus liabilities) for 35 years. As you may know, they do a list of wealthiest people very year, and they've gotten reasonably good at it. According to Forbes, Trump's net worth, the value of his assets minus what he owes, is $3.7 billion.
    http://www.forbes.com/donald-t...

  8. Excellent example of a self-refuting post on Oracle Begins Aggressively Pursuing Java Licensing Fees (theregister.co.uk) · · Score: 1

    That's a very concise way to refute your points. Your appear to be indicating that:

    a) Millennials are highly competent, at least at at programming / mathematical type tasks.

    b) You take personal offense at anything you perceive as a criticism of "millennials".

    c) Half of younger people, and most older peopler (more than half of all people) are below average.

    Points (a) and (b) strongly suggest that you *are* a millennial, point (c) demonstrates you are incapable of understanding fourth grade arithmetic.

  9. Good example on Oracle Begins Aggressively Pursuing Java Licensing Fees (theregister.co.uk) · · Score: 1

    Let me be a bit more explicit, since you had trouble understanding the more diplomatic language:

    There are 3 million Java programmers who aren't that bright. They won't be able to easily switch to a completely different way of doing things.

    Speaking of the fact that many people aren't that bright and have trouble understanding new things ...

  10. Android created a generation of Java programmers on Oracle Begins Aggressively Pursuing Java Licensing Fees (theregister.co.uk) · · Score: 1

    Most computing devices sold in the last few years run Android, and are therefore programmed primarily in Java. As a result we now have a whole new generation of programmers raised on Java.

    One can certainly make the argument that Java SHOULD die, but half of young programmers are below average and therefore would have difficulty switching to a new language built around a different paradigm. They'll stick to Java.

  11. Only if they aren't aimed on The UN Will Consider Banning Killer Robots (hrw.org) · · Score: 1

    The proposed ban is on devices which "select and attack targets without meaningful human control". That's quoting the summary at the top of this page.

    > All killer robots as is every modern torpedo and missile.

    I'm pretty sure that with "every modern torpedo and missile" a human selects the target and initiates the attack. The definition could be stretched to include certain types of IEDs, though, aka land mines, which are already banned by international law.

  12. "Select and attack targets without human control" on The UN Will Consider Banning Killer Robots (hrw.org) · · Score: 2, Insightful

    As the summary says, the proposed ban is on devices which "select and attack targets without meaningful human control". So basically none of what you wrote applies.

    In fact, it's the exact opposite of "macrocosm of 2nd amendment arguments in the US" - supporters of the second amendment point out that "guns don't kill people, people kill people"; their argument is that the device is controlled by a person, who can do good or bad with a steel pipe too.

  13. I maintain *exactly* that system Monday-Friday on Does Code Reuse Endanger Secure Software Development? (threatpost.com) · · Score: 1

    > central repository which lists which, say, linux packages are secure and which are not. Which algorithms, hashes and cryptosystems are compromised or not.
    >
    > Then there needs to be an API - running a production system live on the Internet? It will check its version numbers and package hashes against the centralised "uncompromised" versions service

    That's precisely what I spend 40 hours a week building and maintaining. It's a very helpful part of a comprehensive security strategy. Other good parts are having security experts available to help you make sense of the flags and decide on the best way to remedy the issues. You mentioned MD5. If you find out your HTTPS server is running MD5 and RC4, which aren't strong, which algorithms should you replace them with? Should you allow either as a fallback? Also similarly monitoring and analyzing your logs, using both good automated tools and experts. The last thing I'll mention is actually the most important - tested off-site backups.

    The version and configuration testing that you mentioned, the system I maintain for a living, is called Cloud Insight.

  14. I write the hacking scripts, and that's misinforme on Does Code Reuse Endanger Secure Software Development? (threatpost.com) · · Score: 2

    I understand your logic. You're not being stupid, but you are misinformed.

    > hacking scripts will become useless since every system will have different vulnerabilities

    The fact is, over 90% of the CVEs are the SAME 12 or so vulnerabilities - hard-coded default passwords, SQL injection, etc. I can and do write scripts that find "new" vulnerabilities in software we've never seen before. One-off, custom software, especially web applications will pretty reliably have one or more of a gew specific vulnerabilities. You may have heard of the "OWASP Top 10"; most one-off software contains at least two or three of those ten.

    Once I (or the script) detects anything else about the software, we can know more specifically which vulnerabilities it has, before we even test it. For example, I've seen a dozen different scripts named "download.php" or similar. All but one suffered from the exact same three vulnerabilities.

  15. Yep, between the net & user Windows. IPS for L on McAfee Takes Six Months To Patch Remote Code Exploit In Linux VirusScan Enterprise (theregister.co.uk) · · Score: 1

    Exactly as he said. You put profesionally managed Linux or FreeBSD boxes directly connected to the internet, between the net and your users on Windows desktops. Especially 5-20 years ago, when Windows was SO vulnerable, it made (and makes) good sense to put some protection between the users and the internet.

    To protect *nix boxes, especially servers, some people use an intrusion detection system / intrusion prevention system (IDS/IPS). You can set it to alert you if any files change on the server, other than the types of changes you expect in the data files. Mod_security can block and report any suspicious web requests, etc. Because the servers typically have one job to do, or just a few tasks, you can configure it to block everything other than the expected traffic and behavior. Therefore you don't need to detect malware or other bad stuff, you just define the few things that *are* allowed and deny anything else.

  16. Non-default network is a great idea (I do that) on Netgear Releases 'Beta' Patches For Additional Routers Found With Root Vulnerability (netgear.com) · · Score: 1

    Switching the router to use something other than 192.168.1.0 sure is easy, and will stop many attacks which hardcode 192.168.1.1. That's a great idea.

  17. Lack of trusted options conveniently available? on Netgear Releases 'Beta' Patches For Additional Routers Found With Root Vulnerability (netgear.com) · · Score: 1

    I've been doing network security professionally for 20 years, and my primary home router is a Netgear. Your post prompted me to ask "why do *I*, knowing better, run a Netgear?

    When my last router died, I didn't want to wait a week to have an OpenWRT based router from inet.com delivered. I wanted to get back online right away. I didn't want to pay for an up-to-data Cisco ASA, including additional fees for feature licenses. So like most people I went to the store and bought something available right away. If one of routers on the shelf was labeled "Security Certified by US-CERT", I probably would have bought it. There are no such labels on the packages. The choices to get back online today are pretty much:
    Netgear
    Linksys
    Random off-brand

    It's hard to know that one of those is clearly better than the others. Obviously Netgear and Linksys have advantages over off-brand stuff.

    What I probably should have done, and in fact tried to do, was install OpenWRT on an available Linksys or Netgear that works very well with OpenWRT, using a mainstream build that is updated regularly. Unfortunately the OpenWRT web site doesn't make it easy to figure out which models are best, which ones "just work" without annoying little issues. So I had a router which will boot OpenWRT, but who knows whether it works smoothly and reliably.

    Also, in order to make sure the hardware even works properly, I had to set it up with the default firmware first, in case I needed to return it. So I have a router that's working fine with the default firmware. Of the 450 items on my TODO list, "install OpenWRT" isn't top priority. I'd like to get that done, but I have probably 40 other tasks with higher priority to do first.

    Possible solutions therefore include a reputable security certification on routers that are actually available in stores, or a clear list of "10 well supported routers for 2016" for the reliable firmware projects.

    Anybody here a writer? A guide to which router to buy for *wrt could be popular with a lot of nerds.

  18. The money in the mall wouldn't be theft, for three on Rogue Lawyers Made $6 Million Shaking Down Porn Pirates, Feds Say (theverge.com) · · Score: 1

    > For example, I could purposefully bend over and place a $100 bill on the floor of a busy mall and walk away and if someone came up and took it they are still, as far as the law is concerned, guilty of theft

    If some of the facts were a bit different, it would be theft. Your exact example wouldn't be, for a couple of reasons.

    California Penal Code 485 is the same as common law in this regard:

    --

    One who finds lost property under circumstances which give him knowledge of or means of inquiry as to the true owner, and who appropriates such property to his own use, or to the use of another person not entitled thereto, without first making reasonable and just efforts to find the owner and to restore the property to him, is guilty of theft.
    --

    The finder possibly has no "knowledge of or means of inquiry as to the true owner", so it's not theft. (Reporting it to the mall security guard is arguable, they would present evidence that with *cash*, the security guard is as likely to pocket it as protect it.) Also, the property doesn't met the definition of "lost property" since you intentionally discarded it. Lastly, there would need to be evidence that the person who picked it up planned to keep it for themselves, rather than attempt to find the owner in some way.

  19. Lithium batteries suck after 360 charges (1 year) on Apple Will Charge You $69 To Replace a Lost AirPod (macrumors.com) · · Score: 2

    Lithium-ion and lithium-polymer batteries have significantly reduced capacity after 300-400 charge-discharge cycles. With a typical usage of carrying it during the day and charging it at night, that's one year.

    A typical battery for a phone costs about $15 from the battery store, sometimes the phone manufactures charge more if you want want with their sticker on it. With an Android phone, after about a year you can get all-day battery life again by spending $15 and 60 seconds popping in a fresh battery.

  20. It's ancillary to, and necessary for, the sharing on Google May Prevent Samsung From Adding Viv AI Assistant To Galaxy S8 (ibtimes.co.uk) · · Score: 2

    The agreement which contains this clause is an agreement in which Samsung and Google allow each other to use their patented inventions. The agreement overall allows *more* competition, Samsung can offer many features they couldn't offer otherwise due to patents.

    Agreements which include a clause not to compete in specific ways, for a specific period of time, are allowable when they are ancillary to, and reasonably necessary for, a larger agreement which is otherwise in harmony with public policy, if they are limited to only reasonably necessary restrictions.

    The example which set the precendent in the US was a bakery. A baker sold his business. The buyer was buying the business, not just the equipment. The seller agreed not to re-open a competing bakery in the same area within 5 years. The seller broke the agreement, re-opening his bakery down the block, directly competing with the person who had purchased his business. The court ruled that the non-compete agreement was legal because:
    It was part of a larger transaction, selling the bakery.
    It was necessary to that larger transaction - you haven't really sold your business if you re-open it two blocks down.
    The agreement was limited to a) that town only and b) five years. The seller was free to open a bakery somewhere else.

  21. True, Trump may be worth more than Twitter on Twitter Cut Out of Trump Tech Meeting Over Failed Emoji Deal, Says Report (politico.com) · · Score: 1

    That's true, using other valuation methods Twitter may be worth $1 billion. Meanwhile, Trump's *personal* net worth is around $4 billion.

  22. s/enjoyment/employment/ on Twitter Cut Out of Trump Tech Meeting Over Failed Emoji Deal, Says Report (politico.com) · · Score: 1

    The final word of my post should be employment, not enjoyment. Something magical turned the self- interest of Jobs into 100,000 jobs. A neat trick, turning self-interest into EMPLOYMENT.

  23. Next you'll tell me water is wet. Your point? on Twitter Cut Out of Trump Tech Meeting Over Failed Emoji Deal, Says Report (politico.com) · · Score: 1

    > Amazon is making more money off those workers than they pay them.

    OMG really? Is water wet too? Do you have a point?
    That's quite true of course. Twitter was losing money from the things their workers were doing, so they had to lay off 9% of their workers; Amazon is making money, so they hired 50% more workers. Businesses hire when they're making more money, lay people off when there is less business.

    > No business employes people just to get them paid.

    Not quite true, I myself created a corporation and a business specifically for the purpose of keeping people employed. Come to think of, MOST businesses in the US exist solely to get workers paid, but you're thinking of a different type of business. Can you figure put which type of business this is?:
    Most businesses in the US are this type.
    Exists only so that the workers get paid.

    Anyway, Amazon is the type of business you're thinking of, which isn't there just to employ people. Yet they DO employ a ton of people. Amazing. Same with Apple. Whatever mechanism turned the self-interest of Steve Jobs into thousands of jobs is pretty amazing. I'm glad Trump is finding out more about how to turn self-interest into enjoyment.

  24. Amazon hired 180,000 people last year on Twitter Cut Out of Trump Tech Meeting Over Failed Emoji Deal, Says Report (politico.com) · · Score: 1

    Last year Amazon created 180,000 new jobs for "schmucks that do the actual work, like you and I." I'm glad President-elect Trump wants to learn more about how they do that.

  25. Apple and Amazon are each 60X the size of Twitter on Twitter Cut Out of Trump Tech Meeting Over Failed Emoji Deal, Says Report (politico.com) · · Score: 5, Informative

    Twitter is worth $13 billion. Amazon $372 billion, Apple $624 billion. President-elect Trump can spend that time talking to a company that employs 3,500 people and shrinking (Twitter), 116,000 (Apple), or 230,000 and growing (Amazon).

    If I were becoming president and I could spend a day talking with someone who hired 80,000 new people last year (plus 100,000 temps), I think I's focus on them for the day rather than Twitter, whose recent "major layoff" was 330 people or so. Amazon hired more people *last month* than Twitter has in it's entire history.