Slashdot Mirror


User: raymorris

raymorris's activity in the archive.

Stories
0
Comments
10,114
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,114

  1. that's the question for the judge and jury on Investor Lawsuit Blames NSA For $12B Loss In IBM Value · · Score: 2

    That's the question that will be before the judge and jury - did court orders, NSLs, etc. prohibit IBM from revealing more than they did about ALL of the risky cooperation? It may be that a vague disclosure as suggested by TFA would have hurt the business, and therefore stockholders. It may be that some of the data sharing wasn't covered by gag orders, or maybe all of it was. We don't have the necessary facts to know. You and I haven't seen the gag orders (yet). Maybe the executive's hands were tied , maybe not. We don't yet have sufficient facts to know for sure.

  2. What sucks is that the idiot might be right on Investor Lawsuit Blames NSA For $12B Loss In IBM Value · · Score: 3, Insightful

    He sounds like the crazy person who two years ago claimed that the government is tracking all of our emails and phone calls. He probably also believes Vince Foster didn't shoot himself in the back of the head and then drive to that park. That's what's so aggravating about this NSA stuff - it shows that sometimes crazy conspiracy theories are true.

  3. upper class are the stockholders who were hurt on Investor Lawsuit Blames NSA For $12B Loss In IBM Value · · Score: 1

    Funny you should make that claim in the context of an article about the losses to stockholders caused by NSA. The "upper class" is the people who have a lot invested in these companies - the people who lost part of their savings. The upper class is the executives getting sued for complying with court orders. It's the "upper class" who are MATERIALLY harmed by the NSA's actions. The rest of us are merely offended by the violation of our rights, but not really materially harmed.

    The NSA serves two masters, neither of which is the upper class. Mainly they serve the government politicians, of course. Secondly, though recognizing this fact doesn't support our righteous indignation, they serve the safety of the American people, at the cost of those same citizens' rights, and most of those citizens don't seem to mind. Spying has been going on for thousands of years because SPYING WORKS. Historically, spying on high value targets has done alot of good for the country. What's new is the technical ability to spy on EVERYONE, not just carefully selected targets. That brings up privacy questions that need to be answered by the public and our leaders, not by the people whose job is to collect as much useful information as possible.

  4. no, failure to disclose risk to owners is illegal on Investor Lawsuit Blames NSA For $12B Loss In IBM Value · · Score: 1

    I'm afraid you're mistaken. They have a legal duty to inform owners (stockholders) and potential owners about any significant risks. Suppose I'm selling you some stock in my tiny software company. Suppose Microsoft has threatened to sue my company out of existence. Should I tell you about the impending lawsuit before you invest your savings in a business that is at risk? Of course I should, and the law requires that I do so.

      The three questions are:
    A) Did IBM executives know this posed a risk to IBM's business in China and elsewhere?
    B) Did the executives inform the stockholders of the risk?
    C) Does the law specifically grant an exception for this type of risk, allowing the company to keep it secret?

    A and B are probably true, so IBM's lawyers will need to find something in the law that helps them argue C. To the extent it involves NSLs (national security letters), C probably applies because it would have been illegal for IBM to reveal significant information.

  5. yes, 4 Gw rarely used capacity 2 Gw used consis on Six Electric Cars Can Power an Office Building · · Score: 1

    Yes, the power company pays for capacity. For example, the copper wires need to be thick enough to handle the peak , amperage and the transformers have to be big enough for the peak amperage. Spreading the load out means the wiring, transformers, etc. don't have to be upgraded as soon.

    The only two costs can think of that are NOT reduced are fuel and customer service. Everything else is sized based on the peak instantaneous load. If you take the heaviest 15 minutes and spread that out over 30 minutes, lower amperage parts can be used.

    Of course bracketed costs tend to offset that. If a transformer is available sized for 2 megawatt or 3 megawatt, a 5% reduction isn't going to delay the need to upgrade for long - but it will delay that requirement.

  6. reduced peak = no new generator on Six Electric Cars Can Power an Office Building · · Score: 1

    If the peak usage is reduced, that directly reduces the infrastructure the power company has to buy and maintain. For example, if peak usage is 2Gw, the power company needs four generators capable of 500 Mw each, even if average usage is only 1 Gw. By eliminating the high peak usage, the power company can have two or three generators instead of four. That means they could, in some cases, REDUCE rates overall while INCREASING profit margin, because it reduces costs.

  7. First sentence missing the word "not" on OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein · · Score: 1

    The first sentence should read "security absolutely DOES rely on there NOT being easy attacks that
    are well known - the obscurity of any attack".

  8. That's fine if no attacks exist on OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein · · Score: 1

    > The security of modern cryptosystems is in the key, not in the obscurity of the algorithms or (at least not intentionally) the attacks.

    Normally, we don't intentionally create attacks, but security absolutely DOES rely on there being easy attacks that
    are well known - the obscurity of the attack. If there is an attack (and there's ALWAYS an attack), you're better of not
    performing the attack yourself, but forcing the bad guy to first find, then carry out the attack.

    An example from the physical world make it crystal clear:

    Approximately all locks can be picked. Still, it is _more_ secure to lock your door than to not lock it.
    You are arguing that it's just as secure for you to lock it, then pick your own lock and leave it unlocked.
    "The bad guy could pick the lock himself", you say. That's true, he could, but requiring the bad guy
    to pick the lock before he can get in is more secure than picking it yourself and leaving the door unlocked.

    Let's do a select some specific values for your original claim, which was:

    > Proof: if [the combined method] IS weaker, the attacker could just [use the outer method as an attack] ...
    > on [the inner method], which means [the inner method] is exactly as strong as [the
    > combined method]

    If [leaving the door unlocked] IS weaker, the attacker could just [pick the lock] ... on the [locked door],
    which means that the [locked door] is exactly as strong as [leaving he door unlocked]

    The ellipses is where you said "with a small constant complexity". The complexity of F2 is not guaranteed to be constant.
    Nor F2 guaranteed to return the plaintext. If it SOMETIMES returns the plaintext, because that timer tick happened
    to have a zero as the least significant 32 bits, finding that 1 in 4,294,967,295 for them reduces their burden.

  9. attacker may on OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein · · Score: 1

    > If F2 exposes a flaw in F1, that flaw was already there from the start.

    Flaws exist. Turning a possible flaw into plaintext counts.
    Take for example a leaked database of 10 million encrypted credit card numbers. 99.99% of those look exactly like you'd expect encrypted text to look, random bytes. Of the 10 million, a few look exactly like credit card numbers, because those are the cases with the "multiply by zero" issue.

    Yes, without F2, the attacker COULD do their own cryptanalysis and devise F2 themselves, then run it 10 million times. That's harder than not doing cryptanalysis because the developer already ran F2 for them.

    Is it ridiculous to think that someone might run what ends up being the inverse of F1? That's almost what 3DES does by design.

  10. two examples where combined weaker than inner on OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein · · Score: 1

    > Combining two encryption methods using separate keys can never be weaker than the inner encryption.

    Here are two trivial cases which each prove that false.
    F1 is the inner encryption. It's flaw is something like multiplying by some X where X can be zero. Any flaw where one step in the method sometimes nullifies the earlier key-dependant step qualifies. That means that in those cases, some part of the key actually doesn't matter.

    F2, the outer algorithm, is inverse of F1.

    Thus, in those cases where the non-identical part of the key doesn't effect the output, the following holds:
    ciphertext == F2(F1) == 'F1(F1) == plaintext

    Obviously ciphertext == plaintext is a little weak.

    Another case follows. F1, the inner encryption, is inspired by steganography. C code for F1c, which encrypts one character of the plaintext:

    char * f1c(char chr, int key, char * randstr) {
          randstr[key] = chr;
          return randstr;
    }

    Oops, sorry I gotta run but I bet you can come up with F2 from there.

  11. yes, I misspoke. Still, be careful chaining encryp on OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein · · Score: 1

    You're right, of course. Unlike hashes (md5, sha, etc), it's possible to chain different encryption without reducing security. Your rot13 & ssh example demonstrates that nicely.

  12. yes, the other keying option == DES on OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein · · Score: 3, Interesting

    Indeed I misspoke. It's the allowed keying option K1=K2=K3 that's strictly equivalent to DES.

    The keying option K1=K3 is slightly more secure than DES.

  13. internet is telecommunications. citation? on Google Fiber In Austin Hits a Snag: Incumbent AT&T · · Score: 1

    They have cooperate with telecommunication companies. The internet is telecommunications, therefore a fiber ISP is a telecommunications company and they must cooperate.

    If you happen to know of some regulation on "telecommunications companies", including any that are completely irrelevant to the issue, which Google does not abide by, please cite that regulation . AT&T and you seem to be assuming that's the case without mentioning anything specific.

    I wouldn't be surprised if their were regulations on "entities holding a government charter (monopoly)". Google has no such government granted monopoly, so those regulations don't apply to them. The federal law doesn't say AT&T has to share with monopoly telecommunications companies, it says they have to lease to telecommunications companies in general.
     

  14. I think it means 2D MySQL can describe reality on Simulations Back Up Theory That Universe Is a Hologram · · Score: 1

    My understanding of what it REALLY means is that a model with few dimensions can describe a reality with many dimensions. TFS presumes that the small model is "real" and the many-dimensioned model is the "projection". Database designers see that it's the opposite - reality is complex, but it can be represented using a calculus that has two dimensions, like tables in MySql.

  15. But NOT des(des(des())). Don't do that! on OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein · · Score: 2

    > I can't see anything strange about "triple-DES". "triple-DES" is exactly what the name suggests: three times DES.

    True for the purpose for which you posted it, but let me take this opportunity to point out something that
    some programmers naively think makes encryption more secure. 3DES does not encrypt with DES three times.
    So don't do that. Repeating encryption makes it WEAKER, not stronger, unless other sophisticated
    stuff is done between the rounds of encryption.

    Repeating the SAME encryption allows for a meet in the middle attack, used by rainbow tables.
    Layering DIFFERENT types of encryption, or especially hashing, is no more secure than the weakest layer.
    That's trivially provable without any math knowledge in the case of hashing.

    3DES, in it's recommended form*, uses three different keys and first ENCRYPTS with key1, then DECRYPTS with key2, then ENCRYPTS with key3, so it's not three encryptions, but two rather encrypt, decrypt, encrypt.

    * It's legal 3DES to set k1 and k3 the same, which results in exactly the same output as weak old DES, it's just a waste of cycles. It was allowed for backward compatibility.

  16. knowing DJB, I don't trust it on OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein · · Score: -1, Offtopic

    Based on my interactions with DJB, I wouldn't trust an algorithm he created. He's a smart guy, but he has one failing which tends to negate that - he thinks he's the ONLY smart person in the world. He's ten times as smart as everyone else, he thinks, and he sets out to prove it by consistently doing exactly what all the experts say you should NOT do. A well known example is that everyone says you shouldn't put executables or config files in /var, so DJB does. He's consistent about that, he ALWAYS does what experts say not to do. So I'm sure in the design of this algorithm he was careful to break as many time-tested principles of security as possible.

  17. Free market? Gov't gave AT&T the ROW to begin on Google Fiber In Austin Hits a Snag: Incumbent AT&T · · Score: 5, Informative

    The city government gave AT&T the exclusive right of way to put up poles all over everyone's property in the first place.
    Under existing federal law, that ROW came under the condition that other "telecommunications providers" can lease space on the poles. The city is really just insisting that AT&T comply with the spirit of the original deal.

    So we have an exclusive right granted by government, both federal and city, and now the government (still) attaches strings to that government grant. This doesn't really have anything to do with the free market at all.

  18. that adjustment is included. Rice 8 cents per serv on Africa, Clooney, and an Unlikely Space Race · · Score: 3, Insightful

    You're mistaken, it really is $2 / day, exactly like if you lived on $2 / day. You THINK you'd starve. In fact, you'd find out rice is 8 cents per serving. Potatos are slightly more. You've probably bought ramen noodles at 12 cents. You can eat on 30 cents per day. You're not eating at Olive Garden or drinking Starbucks, but you're eating.

    At that, some people in Africa DO starve because they don't jhave the 30 cents per day. You could live off three packs of ramen per day, so can they - it's exactly the same. The only difference is that you and I complain about overdone pizza, they would rejoice over the same pizza.

  19. agreed. If 1000, separate whatsnew. my kernel fix on Ask Slashdot: To Publish Change Logs Or Not? · · Score: 1

    Absolutely. I ran into a kernel bug, which I helped fix. Now when installing a distro kernel I can check the changelog for my name to see if the bug that effects me is fixed in that kernel. I've done the same with firmware updates, like checking a RAID card firmware to see that it had a RAID 5 performance fix that effects me. For those things, a complete changelog is good.

    For the main software I work on, the users normally want to know about the top 2 - 4 biggest changes.

  20. dictionary.com/sarcasm Slashdot is slow on Linux Voice Passes Its Crowdfunding Target · · Score: 2

    The joke is that Slashdot is slower to post stories than the time it takes for a print magazine to go through copy editing, layout, printing, and mailing via extra slow post.

  21. print - for nerds want news more timely than /. on Linux Voice Passes Its Crowdfunding Target · · Score: 5, Funny

    If you get a monthly Linux magazine in the mail, you can read your nerdy news two weeks before it's on Slashdot.

  22. what's new, don't need 1000, positive phrasing on Ask Slashdot: To Publish Change Logs Or Not? · · Score: 1

    Since someone is worried about it, entries could be listed as "improved metafile handling" rather than "fixed horribly broken metafile handling". One could even institute a convention that all commits messages indicate the type of change by starting with the either "New Feature:" or "Improvement". Show the complainer a list of 200 new features and 500 improvements and they may see it's value to customers.

    Barring that, as a customer I don't really NEED 1,000 entries. I might very well ask "what's new in this version?", though. Mark the 50 most significant ones and pull those for the changelog.

  23. tainted? mpeg said you can use it, no patent worry on Firefox Gains Support for VP9 Video Codec · · Score: 4, Informative

    How exactly is it tainted? Mpeg LA agreed you can use it and not worry about their patents. How is THAT a problem?

    Fyi, no, they can't change the license in a way that creates problems for using the codec. It's called "promissory estoppel". Basically, it means that once they promise to let you use it freely, that stops them from suing anyone.

  24. 99.5% water & sand. Also food like guar gum, a on US Issues 30-Year Eagle-Killing Permits To Wind Industry · · Score: 1

    It's 99.5% water and sand. The other 0.5% includes things like guar gum, alcohol, and various other things that are also in your dinner. Also a few scarier sounding things, mainly petroleum products like propane and hexane. More on these *ane chemicals in paragraph 3. That's not to say that a specific type of fracturing, in some very specific type of circumstance, might not have some undesirable effects, but those effects aren't due to "huge amounts of nasty chemicals".

    It may be useful to note there are two major types of fracturing. In the most common, cracks a few inches long are re-created along the bore hole, which had been polished smooth by the drill. This type of fracturing effects only a few inches from the bore. This has been extremely common for many years. The well your tap water comes from is likely fractured.

    The second category of fracturing creates much larger fractures. It's not used much for water wells. More often, it's used for wells that take chemicals out of the ground, like petroleum (all of those *ane chemicals we mentioned earlier). They pump in a little bit of propane, petroleum jelly, etc., in order to get a lot more of the same type of products out. On net, they take a lot more *ane out than they put in. That's because they aren't stupid - putting in more than they are going to get out would be a huge waste of money.

  25. nuke waste 101 on Climatologist James Hansen Defends Nuclear Energy · · Score: 1, Insightful

    Everything you said makes perfect sense - unless you spend two minutes learning the most basic facts about nuclear waste.

    There are basically two kinds of radioactive waste.
    There is a small amount of highly radioactive waste. Highly radioactive means it emits it's radiation quickly. That's bad because it emits a lot right now, and good because because by emitting it quickly, the radiation is gone pretty quick. That stuff you want to store in very thick steel containers for a hundred years or so. Since there isn't much of it, that's no problem.

    Then, there's the stuff that emits its radiation slowly, so it lasts a long time. On the other hand, because it is emitting slowly, you'd need to have it in your house for a few hundred years before it would make you sick. As a demo, I was going to eat a spoonful of it, which would probably give me a belly ache similar to eating an entire pizza. So no problem with that part either.

    The only problem with nuclear waste is that some people don't know the difference. It's purely a political problem, there's no engineering problem. Safe storage is easy, technically speaking. Getting people to understand that after 50 years of misinformation by the anti-business lobby is the hard part. You'll notice that the exact same environmental organizations and leaders who convinced you that nuclear was bad are now trying to undo their earlier misinformation campaign, nowtthat it's obvious that nuclear is the only workable alternative to petroleum for 90% of our needs. Most environmentalists have realized that they can't continue to pander to their traditional allies, the purely anti-business constituency. To save the planet, they have to leave those old allies behind and tell the truth - for most of our needs, it's either nuclear or petroleum, and nuclear is by far the better choice.