Slashdot Mirror


User: raymorris

raymorris's activity in the archive.

Stories
0
Comments
10,114
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,114

  1. people are forgetful . political?! on Law Professor: Genetic Engineering Is (Probably) Protected By the First Amendment · · Score: 1

    We might want another amendment. The first amendment is,pretty plainly written, and it protects four things:

    Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.

    That's what the first amendment protects. Freedom of speech, the press, right to assemble, and petition. That list is followed by a period, which means "the end". Notice the list of four things does not say "the privilege to do anything and everything that is politically controversial ". In fact, the word political isn't there at all. If you think other things SHOULD be protected, perhaps you want to propose another amendment. Personally, I think it's time for another amendment or two.

    It's quite strange that he said "political " as though that ADDS protection. In fact, political messages, like pornography, are one of the very few classes that the Supreme Court has ruled do NOT have the normal level of protection. Campaign finance law exists and legally limits who much you can spend spreading political messages. There is no such limit on jokes, instructional materials, or any other type of speech. As another example, you can't do your political speech near a polling place. Political messages have been ruled to have LESS protection, not more.

    Yes, I am aware that some supreme court justices have ignored the Constitutionally defined amendment process and claimed to change the Constitution by simply writing down their thoughts. The Constitution gives them no such power. The process for changing the Constitution is written in the document itself, and it does not say "this document shall by be changed by a justice writing down their opinions."

  2. you expect me to call you personally? on Intelligence Start-Up Goes Behind Enemy Lines To Get Ahead of Hackers · · Score: 2

    > By not telling some of the potential victims they are conspiring with the hackers. I'm sure some lawyer would have a go with it.

    What, you expect me to call you, and every other person in the world, personally? Why don't YOU have a go at that. YOU go monitor the cracker forums and such, then call me when you see something interesting. For free. You'll start doing that tomorrow, right?

    No? Well those of us who spend our working hours on this stuff have to eat too. So yeah, if you want instant analysis of what's important to you, you get buy one of my kid's meals. Other than that, sign up at Threatpost and sift through it yourselc every day.

    Lazy self-entitled liberal bastards.

  3. just like you, except better on Intelligence Start-Up Goes Behind Enemy Lines To Get Ahead of Hackers · · Score: 4, Informative

    "Allowing the bad guys to continue operating" you say. You've "allowed" crime just as much as anyone else has. You have just as much right to track down individual criminals and fly around the world trying to stop them as do the researchers working for these companies. We're not cops, we're nerds. You could register in the cracker forums, follow the social media feeds, and try to do what you seem to expect us to do. Why haven't you done it?

    The difference between you and I is only that I HAVE contacted the FBI or National Center for Missing and Exploited Children the few times that I've come across a situation that warranted it. What have you done? I warned Wikipedia of an attack that would have taken them down, warned them in time to prevent the attack. What have you done?

    99.99% of the time, we don't have the real name and home address of the bad guys. We have screen names, like you see on Slashdot, and we see what types of vulnerabilities and attacks they're talking about this month. Then we protect our clients, which may include your bank, from the types of attacks that are being discussed by the bad guys.

    99% of my coworkers don't have any authority to arrest anyone. That's not our job. Our job is secure the systems you rely on. There is one person at the company I work for who used ton have the authority to arrest certain specific criminals. That happens to be me. I successfully found and arrested most of the people I was granted authority to go after. So yeah, we've actually personally put a few criminals behind bars, though that's not our day job. "Allowing criminals to continue operating", eh? I've told you what I've done to stop criminal activity. I ask you again, what have you done? You've done nothing, you have allowed them to continue.

  4. Govt is required to be worse. FOIA, MD5 on Sen. Ron Wyden Says CISA Data Collection Could Put Americans At Risk · · Score: 2

    Based on 20 years of experience in both, my experience is that I'd rank private industry 3/10 and government 1/10. The nature of the type of government we seek to have means we often have to balance priorities like openness and fairness against things like efficiency and security.

    For one clear example, consider the "need to know" versus the Freedom of Information Act. A private organization publishes about themselves what they want to publish*. They don't publish anything about their network infrastructure or anything, because they have no reason to. "Need to know"is a fundamental security principle, meaning that it's more secure to avoid spreading any information to anyone who doesn't need that information. In government, any and all records are wide open to the public under FOIA, every email ever sent, every order placed, every network diagram, unless it's specifically declared to do be secret, with appropriate justification. You can see how making all of your documents, your network infrastructure plans, model numbers of security appliances, list of security services, etc. available to the public can give attackers a head start. That doesn't mean FOIA is a BAD thing overall, it just makes them a tad easier to attack.

    Further, the government tends to have private information on EVERYONE legally in the country. A bad hack on a bank might release a million social security numbers. The government databases have all 320 million social security numbers, everybody's tax return, etc. That means they are a) a more attractive target and b) the damage is much worse when they are hacked.

    Also, the bigger an organization is, the slower they are, in general. No private organization is anywhere near the size of the US government. Some government security requirements still REQUIRE the use of MD5. As you may know, MD5 was broken in 2010. We're still required to use it. On one project we fought to be allowed to use a secure algorithm, but the documents require what they require. Maybe they'll be revised in another ten years.

    Along with the last point, at Apple or Google, the CEO (or CSO) can make a decision and send out an email "don't collect any more social security numbers" and within weeks it's done. Making changes to the US government sometimes requires an act of Congress - _and_that_is_a_good_thing_. We WANT changes to the government which controls so much of our lives to be done carefully, thoughtfully, slowly. That's a good thing, but it reduces their ability to respond quickly to emerging threats.

    One last point just to demonstrate that the government isn't just another big organization. What company in the world fires their entire senior management team, the CEO, CIO, CFO, and company president every four years? Nobody. That would be catastrophic. The US government does that. The federal government really is a special case. Not necessarily _bad_ - it's great that changes are up for public debate. And it took more than 20 years to make the decision to change to a different health plan, Hilarycare/Obamacare, plus another 10 years to fully implement it. What company takes 30 years to switch to a different health plan after the executives have decided they want to do so?

    * If corporations sell stock publicly, they do have to release a high-level overview of their financial situation. That summary info is nothing compared to being forced to release all of your emails.

  5. embezzlement: taking for your own use ANYTHING en on Mt. Gox CEO Charged With Stealing $2.7 Million · · Score: 4, Informative

    embezzlement:
    The fraudulent appropriation to his own use or benefit of property or money in trusted to him by another
    -Black's Law Dictionary

    One can embezzle any type of property, including horses, currency, and chocolate. The distinguishing feature of embezzlement is that the culprit as been entrusted with the property. Theft would be if he took the thing from you without your permission. Embezzlement is when you hand him the thing, expecting him to hold it for you, but he uses it for himself.

    Embezzlement applies to Mt Gox because people sent their stuff to Mt Gox willingly.

  6. also more driver assist, similar to what we have n on Philosophical Differences In Autonomous Car Tech · · Score: 4, Insightful

    > better piecemeal solution would be to have it only engage on known safe highways.

    Also, what we're already seeing is more and more driver assist. My 2012 Dodge has an option for "smart" cruise control where is slows down if you're getting too close to the car In front. Most cars these days have traction control, where the computer automatically brakes the wheels independently in order to turn the car in the direction the steering wheel is pointed. Do we already have systems that will nudge the steering a bit when you start to drift out of your lane? If not, that could be added. Not overriding a clear steering input from the driver, just a slight torque so that the existing self-centering action of the steering wheel follows the lines which mark the lanes. In other words, with today's cars, if you let go if the steering it'll tend to go straight ahead. Mayb with tomorrow's cars if you let go of the wheel they'll TEND to follow the lane.

      On my 2012, the headlights automatically turn on and off as needed.

    I could see more and more of that stuff being added, stuff where the computer insures that the car does what the driver wants/expects it to do. Eventually, you slowly get to the point where "what the driver expects" is defined by the destination they select in the gps.

  7. Re:It doesn't necessarily need to be an all or not on Philosophical Differences In Autonomous Car Tech · · Score: 1

    > better piecemeal solution would be to have it only engage on known safe highways.

  8. I don't recommend shooting your servers on Sony Decides Its Waterproof Xperia Phones Are Not Actually Waterproof · · Score: 1

    It appears that it does meet the long-established standard, and Sony explains what the standard requires. The ad showing the person in the swimming pool may be a bit questionable , though. On that note ...

    We offer an inexpensive hot spare service, so that if anything happens to your server, our copy takes over. Right at the top of the order form, it says clearly that this is designed to be an inexpensive service, to provide great value. Everything is therefore fully automated and nobody has tested it with your specific setup. I thought about doing an ad in which, for dramatic effect, we take a machine gun to a running web server and watch as the site switches over to the hot spare. That SHOULD work, but I wouldn't RECOMMEND actually shooting up your datacenter. Sony may be in a similar position - testing suggests it should work okay, but they don't recommend pushing the limits.

  9. not trusting is hard work on Debian Working on Reproducible Builds To Make Binaries Trustable · · Score: 1

    Well, since you're not familiar with either format, let me give you an analogy. Go build a mold for making intake manifolds to fit all 2040 model year cars. That's essentially equalivent to what Borland would have had to do in order to include a Linux elf trojan in the 1980s.

    The Thompson paper reminds us that the normal workflow involves trusting the toolchain. It in no way indicates that we can't choose a paranoid workflow instead. One type of paranoid workflow involves validating our modern tools by using much older and much different tools. Because attackers of the 1980s couldn't predict the future, they couldn't code surreptitious trojans for the 2015 toolchain.

  10. "vector" has a specific meaning, and TFA uses wron on Hackers' Latest Targets: Google's Webmaster Tools · · Score: 3, Informative

    The headline says that Google webmaster tools (wmt) is the TARGET. That's more correct than saying wmt is the vector, because vector actually does have a specific meaning in information security. Calling wmt the "attack" would also be wrong.

    The vector is basically the specific method used in an attack. An attack is an event, in which an actor exploits a vulnerability , using a specific vector, against a target. The vector is HOW the attacker gains control of the gmt account.

  11. watch them to see what they need on Hire a Developer, Watch Them Work In Real-Time · · Score: 2

    > they really don't know what they need, they think they do, until they see the project in action, then they will need other stuff.

    This part jumped out at me. Absolutely users rarely know what they need. Very often they'll tell you they need A. When pressed further, they'll explain that they need A in order to get to B. Which they need in order to get to C. Of course, it's much easier and more correct to just give them C, skipping A and B altogether.

      However, in my experience, if you walk over to their desk and watch them work, you can normally see what they need. That's been incredibly valuable, watching users work and seeing what they do, so I can actually see the whole process and also take note of the problems they run into.

  12. Borland predates Linux, ELF on Debian Working on Reproducible Builds To Make Binaries Trustable · · Score: 1

    Are you under the impression that the DOS .exe files produced by Borland 1.0 are approximately compatible with Linux ELF files? Maybe you're thinking that because neither are Windows, Linux must be DOS? No, there's nothing "stable" between the two completely different formats. So the Borland compiler couldn't possibly include a trojan for an operating system that didn't yet exist, using an executable format that didn't yet exist.

  13. that does make it hard. re-encrypt biannually? on Spy Industry Leaders Befuddled Over 'Deep Cynicism' of American Public · · Score: 1

    > As for having encryption that just strong enough for $0.5M in resources it wouldn't take long for that to be affordable considering that computers double in speed every 12 to 18 months

    That does make it a bit difficult. Not impossible, but difficult. I'm not fully sure how I'd feel if we COULD do that. Somewhere between a half million and two million dollars per decryption WOULD mean that it's hard enough that it wouldn't be done in bulk. In fact, if you're going to spend a million dollars, the getting a proper warrant or other proper authorization wouldn't be a significant extra "hassle". So on the one hand it seems like it would greatly limit the potential for a abuse, while still allowing them to read Osama bin Laden's files. I do want them to be able to read Osama's files. On the other hand, strong privacy is certainly atttactive.

    What do you think? I mean ignoring for the moment the technical difficulty. If we COULD limit access to only the most important files by making it very expensive to decrypt, should we?

    One first idea of how we COULD would be to use an algorithm that can take different size keys. Maybe this year a 512 bit symmetric key is strong enough to take a million bucks to decrypt. Two years from now, your phone would automatically encrypt with a few more bits. By re-encrypting every year or five with longer keys, the encryption strength could keep up with the speed of processors. In that way, it would ALWAYS cost about a million dollars to decrypt someone's phone. That's just a first idea, a rough draft. People more clever than I can probably come up with better ways.

  14. Some files, yes. Personal AOL messages? No. Lincol on Vint Cerf Wants Help Figuring Out the Future of the Internet and Communications · · Score: 1

    I too have some files from almost 20 years ago that I can still read. I save most things as ASCII text.

    On the other hand, we can still read President Lincoln's letters to his wife. I WISH I could read the messages I sent my wife just eight years ago.

  15. settings menu on Purdue 'HUSH' Tool Promises 16% Battery Life Gain For Wasteful Android Phones · · Score: 3, Informative

    If a specific app has some function that is important to you, make sure it's unchecked on tbe settings page. That UI has implemented here:

    https://github.com/hushnymous/...

  16. even if you were right you'd still be wrong on Spy Industry Leaders Befuddled Over 'Deep Cynicism' of American Public · · Score: 1

    Let's pretend for a moment you hadn't just stretched the truth beyond recognition. (Even liberal comedian Bill Maher won't let people get away with those claims - on a comedy show.)

    Even the 9/11 conspiracy theorists don't claim that the Reagan administration supported anti-Soviet forces BECAUSE HE WANTED THEM TO LIKE US. No, he supported people who fighting because he was determined to DEFEAT the Soviets, not make friends with them.

    So even if your "facts" were correct (and they're not close) , your conclusion would still be opposite of his actual approach.

    Someone who had the wisdom to combine Reagan's philosophy of strength with the friendly tactics that Obama is misusing was Secretary of State Colin Powell. At the time, there was little communication or understanding between Beijing and Washington. Phone calls at cabinet level were planned months in advance. Powell starting calling his Chinese counterpart every week, and chit-chatting about family and such. He developed personal goodwill and understanding, so the two men could talk more openly and understand one another's positions. He continued to maintain a position of strength issues as well. He made friends by being friendly, not by giving up everything that was important to the country. Too bad he didn't run for president; he would have been better than Romney, Perry, or Obama.

  17. one would be wrong on New Tech Puts the Brakes On Bullets Fired From Police Sidearms · · Score: 1

    > One can almost think that you simplistic model doesn't apply if you direct the energy to a small part of the body that unlike the arms aren't flexible enough to dampen the force.

    One can think that. One would be wrong.

    First, no, the force of a punch rarely knocks someone down. What happens is that the force of a punch to the jaw rotates the skull quickly. The skull impacts the brain. The brain is controlling the legs. When the neurons in the brain misfire from the impact, the person falls due to gravity.

    In a few cases, an attacker might launch their entire body weight toward the target. That might be enough force to knock someone down . Note that if the attacker/ tackler misses, THEY are likely to fall down. The very same force which might knock the target down remains with the attacker if they miss, and this equal force puts them down - without impacting a small part of their body a big part or any part.

    Newton's laws DO start to break down near the speed of light, 186,000 miles per second.

  18. way to entirely miss the point. Read next time on New Tech Puts the Brakes On Bullets Fired From Police Sidearms · · Score: 1

    Wow, you completely and utterly missed the point. This discussion started when I said a gun shot won't knock a person down. I then described how you can know that even if you've never touched a gun. So calling me an idiot because I think it will simply demonstrates that you can't read .

    The post you replied to was about the distinction between a literal description of an actual effect of physics (often signaled by phrases such as "kinetic energy" ) versus more artistic use of descriptive imagery that's not describing the actual physics (signaled by evocative words such as "impact" or "punch" rather than physics terms like "kinetic energy").

  19. lawyer letter says article misrepresented the fact on Ex-Ashley Madison CTO Threatens Libel Suit Against Journalist · · Score: 5, Interesting

    The lawyer's letter lays out his position. We don't the facts, but here's his position, which may be reasonable g

    The letter to Krebs says that in the very emails Krebs relied on, the former CTO explicitly said that he did NOT download the account database. He said there is a clear vulnerability so someone COULD download the database, and he did not do so. The Krebs article appears to suggest that he did, so the Krebs article might be misrepresenting what is actually said in the emails.

    The letter also seeks to distinguish between noticing a readily apparent vulnerability vs "hacking" the web site. Those are kind of two degrees of the same thing, but Krebs said "hacked". If the truth is more like "noticed", a retraction is in order.

    Lastly, thr letter seeks to clarify that he was not AM's CTO, or even working for AM, at the time. Reading the article one might well get the impression that AM's CTO, on behalf of AM, hacked a competitor. That's not factually correct, the lawyer says.

  20. kinetic energy over area vs hit or impact on New Tech Puts the Brakes On Bullets Fired From Police Sidearms · · Score: 1

    If they said the impact of would knock them out, that's descriptive language. When you talk about kinetic energy over area, that's scientific language. Getting hit by the ball might smack you, stating that the application of kinetic force has a given effect implies that you're speaking of actual physical effects.

  21. also, Newton's 3rd law says it doesn't on New Tech Puts the Brakes On Bullets Fired From Police Sidearms · · Score: 3, Interesting

    > it will transfer enough kinetic energy across a wide surface to knock a suspect down with less chance of a lethal outcome.

    Does the recoil of a pistol knock th shooter down? No. Newton's third law tells us that the kinetic energy of the projectile is equal to the kinetic energy energy of the recoil. So the claim made in the summary is utter BS.

    It IS enough kinetic energy to get your attention, however.

  22. ps: million $ per phone to decrypt would be good on Spy Industry Leaders Befuddled Over 'Deep Cynicism' of American Public · · Score: 0

    Ps: as an example of the type of answer I'd like to have for his question, imagine if we could come up with encryption just strong enough that it takes about $500,000 worth of resources to decrypt a phone. Somewhat like how minting bitcoins costs $X per coin to mine.

    If we had that, the CIA would have no problem spending a million dollars to decrypt Mohammed Atta's phone, and nobody would spend a million dollars to decrypt your phone or mine.

    It would be very hard to design such an encryption, but the example of bitcoin suggests that it may be possible.

  23. Re:that implementation won't work. ISIS has $billi on Spy Industry Leaders Befuddled Over 'Deep Cynicism' of American Public · · Score: 1

    I pretty much agree with you. Trying to see things from the CIA's perspective ...

    > Not electronically, though it does have it's place.

    So a couple of CIA agents have a warrant and they intercepted the iPhone of the terrorist ringleader while it's in the shop. It mysteriously stopped working correctly yesterday. :) They are holding the iPhone in their hands. Because it uses super-strong encryption by default, it's useless - they can't read any of the text messages or anything.

        I understand how that could be INCREDIBLY frustrating. If I were in their shoes, I might well talk to the computer nerds about either using encryption that takes several hours and expertise to break, or a special national security key or something. They are ASKING the tech industry to consider this type of situation and come up with suggestions. I don't have an great answer. Privacy is very important. Sometimes, the ability to carry out a lawful search warrant is also pretty important. How do you have both? There may well be a clever answer that manages to do both.

  24. sure, the Obama doctrine has worked wonders on Spy Industry Leaders Befuddled Over 'Deep Cynicism' of American Public · · Score: 1

    The idea that we can "make nice" with monsters who kill everyone who doesn't believe in their particular brand of Islam is known as the Obama Doctrine. If we're nicer to them, they will stop raping eight-year- olds, the thinking goes. Same thing with Iran, North Korea, etc - just keep being nicer and nicer to those who want to take you down. This is in direct contrast with the Reagan doctrine of peace through strength.
    Under the Reagan doctrine, our opponent, the only other superpower in the world, crumbled. A couple of years ago I personally heard Gorbachev refer to that time period as "after Reagan defeated us ..." Under the Obama doctrine, Russia is once again invading its neighbors and ISIS has taken over large swaths of the middle east, while we agreed to allow Iran to develop nuclear weapons. We deal with Iran them as "equals", Obama says.

    Both approaches have been tried. One was very successful, the other a horrible failure. The time for debate is done. Obama's approach, of being soft, might have sounded good BEFORE he tried it. Now he has already done it, and we see the results.

    Iran is in fact NOT an equal to the United States. The US is far, far more powerful and does not have to allow them to have nuclear weapons. Obama's decision to allow that, because we "deal as equals" is based on a fundamental failure to understand the basic facts of the world.

  25. Javascript has to run after page loads on Benchmark Battle, September 2015: Chrome Vs. Firefox Vs. Edge · · Score: 1

    > Frankly I think browser programmers should not stop the spinning load icons until the javascript has stopped loading shit and the content of the page is actually visible. I'm so tired of "Oh look the browser thinks the page has finished loading...but it's wrong."

    I understand your frustration. There is a good solution too, which is used on most projects I'm involved with. The technical reason for that is that very, very often the JavaScript manipulates things on the page, so it has to wait for the things to be there before it can start. If your JavaScript says "put this image in the footer", it HAS to wait until the footer is there, then run. So the page (the dom and elements mentioned in the HTML) has loaded when the spinner stops. The JavaScript is set to start immediately after.

    Probably the best solution, what I use, is to make sure that the page is usable without JavaScript. When it says it's done, it's ready to use. Then JavaScript can add convenient but not critical features like autocomplete when it runs, if JavaScript is enabled.