Slashdot Mirror


User: jfengel

jfengel's activity in the archive.

Stories
0
Comments
4,037
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,037

  1. Re:What is an LM hash? on Letters-Only LM Hash Database · · Score: 1

    Thanks for the corrections. I actually should have waited for somebody who knew the Windows details; I was answering based on what I knew at the time. I'm not actually familiar with the details of the Windows challenge/response schemes.

    I note, however, that early Unices didn't have a shadow password file; they really did keep the hashed passwords right out there in the open. Linux even supports this today.

  2. Re:uhh... on Battery-powered Cigarettes? · · Score: 1

    Conceivably a non-smoker could pick up a nicotine inhaler, but they're a LOT more expensive than cigarettes, about a buck a dose. Where I live you can get 20 cigarettes for four bucks, or about 20 cents a piece. Even in New York City with its massive taxes it's still less than half what a nic stick would cost.

    That's with the taxes, which are designed partly to keep you from smoking (and to pay for the ugly effects after you do.) I assume that the nicotrol sticks don't suffer from that tax effect. If it weren't for that, cigarettes would cost even less, less than half as much in most places. It's just leaves wrapped up in paper.

    So if you're interested in picking up a nicotine habit I'd recommend just getting over the difficulty of breathing burning leaves. Once you get used to it you can suck down a lot of nicotine-laden smoke very quickly.

    (This is all based on observation. I don't touch the things myself; never have. The last thing I need is an addiction.)

  3. Re:What is an LM hash? on Letters-Only LM Hash Database · · Score: 4, Informative

    LM = Lan Manager, the Windows 95 way of handling network passwords.

    hash = a way of storing passwords without leaving the password on the disk. You encrypt the password into a hash code and store that instead. You can't unencrypt it to derive the password but you can check a password guess by encrypting the guess the same way. If the guess hash == the password hash, you get in.

    The best part is, you don't have to keep the hash code a secret, because it's not the hard part. You're not asked to provide the hash value; you're asked to provide something that hashes to the value. So you can store it on the disk and even send it out over the LAN where it can be sniffed.

    That's very convenient: you can cache the hash code on every computer without having to trouble the central server to do the work. You don't want to send the password over the network (where it could be sniffed); nor is sending the hash code to the server for verification (because that could be spoofed). You distribute the hash to each computer, then let it decide if the password guess is correct. The password never goes across the network.

    That works as long as you can't decrypt the hash. But if you work long enough you can just brute force it: just run all the passwords until you come up with the one that hashes to the same value. And you can do it offline: you take the hash code back to your own computer(s) and do the brute force there. You're not sitting in front of the computer you want to hack.

    The old LM hash code was relatively short; ten years ago when it was developed disk drives were much smaller. Now a combination of big disks and big processors (and clever algorithms) make it possible to brute-force it.

    The thing is, Windows NT and later use NT hashes instead, which are more secure. But for compatability with Windows 95 and 98, by default they also store the LM hash code. Which means that your password is sitting on a visible place on the disk, encrypted in a way which is readily reversible to modern hackers.

    That's been true for a while, but this new hack makes it trivial to decrypt; it used to take hours.

  4. Re:This won't change their minds... on The Eye: Evolution versus Creationism · · Score: 1

    That was a very insightful reply; thank you.

    It is very true that a miracle that happens which I observe directly presents rather a challenge to me: I cannot go on to believe precisely the way I believe now, because I would have the evidence of my eyes, but neither do I have an event I can study since it's non-repeatable.

    Since no miracle as such has happened to me it would be easy to dismiss them as nonexistent, but you have the evidence of your eyes, and from your post you're not an unreasonable person (somebody trying to manipulate me to advance his religious goals).

    This leaves me with an epistemological problem to which I admit my theology does not admit a ready solution. The simplest way would be to accuse you of being mistaken, and then to accuse myself of being mistaken if I had observed a clearly miraculous event. But that seems to beg the question by ignoring evidence, which is a very un-scientific thing to do.

    So as you say, I can't say much about a supremely free-willed being. If he exists, I hope that he observes that my behavior (predicated on His non-existence) still matches His moral goals for me. I like to think that my secular-humanist morality matches most modern religions as far as behavior is concerned, except in matters of faith. If I'm wrong, well, I suppose one can't be sanguine about being in Hell, but I'll try.

  5. Re:mitochondria were living organisms on The Eye: Evolution versus Creationism · · Score: 1

    It seems to me very likely that the cell has a symbosis with with a once-independent mitochondrion. To be honest I don't really know why the intelligent-design folks hold mitochondira up as an example, since it seems that an explanation is very possible even if not entirely understood yet.

    Then again, it always seemed pretty obvious to me that eyes evolved out of less-complicated light-sensing structures, too, but that was held up as the highlight of intelligent design theory. In my post I tried to give the theory as much benefit of the doubt as I could, but personally I find that it wilfully ignores the obvious in pursuit of a religiously-minded goal.

  6. Re:This won't change their minds... on The Eye: Evolution versus Creationism · · Score: 1

    So you can falsify the hypothesis that intelligent design is NECESSARY to explain some phenomenon. You can't falsify the argument that intelligent design is a POSSIBLE explanation for some phenomenon.

    Correct. So at that point I take it as "simpler" to believe that there is no intelligent designer, a rather complex entity whose rules I do not understand (and which I gather I cannot understand).

    If you find the world a more beautiful place if there is an intelligent designer as a possible explanation for the things you observe, then there appears to be no point of contention between us, and peace be with you too.

  7. Re:This won't change their minds... on The Eye: Evolution versus Creationism · · Score: 1

    Why is this question inherently un-falsifiable, any more or less than any other question?

    Let's put it this way: what piece of evidence can you imagine that would make you say, "You're right. There is clearly no intelligent designer."

    I'm not asking you for existing evidence. I'm asking for hypothetical evidence that could be gathered, no matter how much money it cost or how long it took. That's what falsifiable means: that there is some conceivable way for it to be not true.

    To put it another way, make a prediction based on the ID hypothesis which I could conceivably test, even if it's impractical for me to make that test.

    If I found a mammal walking around on Earth which breathed methane, I'd be pretty sure it didn't evolve, because there's no way for methane-breather to live in this atmosphere. (It may have evolved elsewhere, but I'll forgo that at the moment). If you showed me a creature whose mother was a rutabaga and whose father was a koala, I'd know that evolution was wrong; it predicts that such creatures cannot exist.

    That is, evolution predicts that such things are impossible, and therefore finding such would falsify evolution. The ID hypothesis is under no such constraints that I am aware of. Which means that it's impossible to disprove, but it also means that it's impossible to prove.

    So I'd say, "Yeah, fine, sure, there's an intelligent designer out there, but it doesn't matter because there's no way to contact him, he left no instructions, and there's no evidence that he cares what I do." Thus a non-falsifiable hypothesis is a meaningless one which you can accept or reject without it making any difference.

  8. Re:Serious questions on The Votemaster Is...Andrew Tanenbaum · · Score: 2, Interesting

    Peace cannot be imposed from without, but there are many ways in which the US (or another nation) could help. For example, it can propose a compromise, and then provide disinterested security during the transition to that compromise.

    Also, since the US holds power over Israel (in the form of foreign aid), it has the ability to convince the Israelis to accept a compromise which is more tilted towards the Palestinians. Since the Palestinians have little power, any compromise Israel offers is likely to be less than fair to them. Or more to the point, they have so little power that there's no difference to them between accepting the compromise the Israelis would offer and continuing the intifada. The Israeli wall is a perfect example of that: it's a two-state solution as designed by the Israelis, and because the Israelis have the power they draw the line outside (sometimes well outside) the 1967 borders that many people agree is fair (if somewhat arbitrary to my mind).

    Israel's unilateral compromise may eventually evolve into a peace; the Palestinians will have their de facto state and choose to leave peaceably in it. But if the US had forced Israel to draw the border less aggressively, that would have been more likely. The present border is the compromise Sharon draws between the conservatives and the liberals, and therefore offers the Palestinians rather less than most of the world believes they are entitled to.

    Ultimately it will rest with the Israelis to say, "We now have enough land and we need not take more" and the Palestinians to say, "We're tired of war; let's try living with the compromise we've got." And then for the Israelis to say, "They seem peaceable enough, let's stop killing their radicals, which usually kills a few bystanders". And then the Palestinians to say, "This is pretty good; if any more terrorists try to jeopardize what we have we risk losing everything and we will stop them ourselves rather than making the Israelis do it."

    But it starts somewhere, and I'd love to see the US or the EU or the UN find an effective way to jump start it. I have some hope that Israel's unilateral solution will go into effect (possible) and will lead to the cascade I describe (doubtful; both sides have parties who want it to fail). But it may be the best they can impose without help from a more agressive power, which doesn't need to provide genocide, only police and diplomatic pressure.

  9. Re:This won't change their minds... on The Eye: Evolution versus Creationism · · Score: 1

    I'm glad I amuse you; it's good to know my life hasn't been totally wasted.

    I wouldn't say that I criticize God for using the same technique more than once. I'd criticize God for using a bunch of lousy design choices; surely an omnipotent designer could have avoided SIDS and brain tumors and bad knees.

    Rather, I say that the combination of design flaws (at least from my point of view; surely if they are God's will then it's all part of that ineffable plan that I don't get to see) and repeated elements strikes me as similar to an evolved design. Evolution is conservative; according to it you have four limbs because apes have four limbs, who descended from quadrupeds with four limbs, who descended from fish with two dorsal fins and two anal fins, etc.

    That observation is not proof of the non-existence of an intelligent designer, who could have done the same thing by choice. I merely note that evidence against evolution could easily exist, in the form of creatures which couldn't have evolved (say, for example, a squirrel with the beak of a toucan). If that's because God is acting like a good software engineer, then good for Him, but I have a few user-requested features for the next release.

  10. Re:This won't change their minds... on The Eye: Evolution versus Creationism · · Score: 1

    Sadly, this is true. Worse, each side believes that the other is out to introduce a morally reprehensible state. Creationists believe that evolutionists want to create a humanistic state (true) with no moral compass and no values (false, but hard to convince people of).

    Evolutionists believe that "intelligent design" is a thinly disguised argument for teaching religion in the schools, and not just religion: Christian religion, generally of the more fundamentalist sort. As in, once you believe chapter 1 of this book, you're obligated to believe the remaining chapters, particularly those banning homosexuality and witches, and since there's "no way to come unto the Father but through me" you gotta give a whole bunch of money to Christian churches.

    I believe that I can logically refute the rephrasing of my argument, but clearly at this point there's so much distrust between the sides mere logic is insufficient.

    I believe that I'm willing to be proven wrong (it would be easy to imagine a creature which could not possibly have evolved; we see them all the time in science-fiction movies), and that a willingness to be proven wrong is crucial to any real debate. It's ad hominem of me to accuse those who wish to debate against me on this of being unwilling to be proven wrong, but I'm afraid the evidence appears to be on my side in that.

    Not to mention that they may well not consider willingness to be wrong an important element in a debate. If you've got omnipotence on your side, who needs rhetoric?

  11. Re:Adding a "learning" process.... on Virtual Stuntmen Ready for Hollywood · · Score: 4, Interesting

    There are advantages to doing your own stunts. At least today the virtual actors are shown only from a distance, since facial features still don't quite look real enough (though even before Troy there were some lovely examples in Lord of the Rings. Those were keyframed rather than virtual actors.)

    Being able to focus up-close on an actor doing a stunt gives a verisimilitude that the audience really appreciates; they believe that the character is in danger. But they can also detect the jump-cuts that usually surround a stunt (since a stunt is shot on its own, with lots of preparation beforehand, and the camera is immediately stopped so that everybody can be checked out.)

    So when they're ready to seamlessly slip a virtual actor into the frame, then back to the human actor at the end, and make it look like a single shot, you'll really be thrilled. You will believe Brad Pitt can kick ass. (I once played Achilles myself and I loved Brad Pitt's work.)

  12. Re:This won't change their minds... on The Eye: Evolution versus Creationism · · Score: 1

    I don't consider logical positivism defeated. I'm well aware that it's rejected by many philosophers, but Quine's not quite dead yet. (Actually, he is, but only comparatively recently, and his students are still around.)

    I haven't read Swinburne, but I've read Hick and I reject the eschatological argument as a difference which makes no difference: I restrict my world to that of the living and treat any other world as fiction until I have at least some shred of evidence for it under Occam's razor (an axiom which I admit I accept only because I believe it is beautiful and convenient, not because it contains any objective truth.)

    I will someday perform Hick's experiment, and if he's right I will reject my argument (though of course I can't tell you about it, since I'll be dead), but in the meantime I refuse to allow the thin edge of the wedge to force a theist interpretation into daily life (prayer in schools, teaching of creationism over evolution, etc.) for the sake of an argument which will be proven over my dead body, as it were.

    That may well mean, by Pascal's argument, that I'm going to hell for eternity, but I don't think that Rawls would find that just.

    So in the end I'm depending on a pair of theories (verification and Occam's razor) which are not analytically true, but they are not analytically false and are empirically true, at least as long as I'm willing to reject Hick. As for Hick, well, if he turns out to be right I promise to do my damnedest (pardon the pun) to come back and apologize.

  13. Re:This won't change their minds... on The Eye: Evolution versus Creationism · · Score: 1

    Progress is made by accepting a second axiom, Occam's Razor. While it's true that there are always an infinite number of valid hypotheses (including the one that suggests that there has been an elephant following you your entire life who always manages to stay just out of your line of sight), you tentatively accept the simplest one while holding the others in the back of your mind.

    If evidence comes out that forces you to accept a new entity, you reject that hypothesis (since it's no longer valid) and pick a new one according to whatever seems most beautiful/simple/etc to you.

    That seems to me the only valid way to make progress. In the end I rely on hunches in my day-to-day beliefs, but I have not rejected permanently potentially valid hypotheses.

    Ultimately this is just a restatement of your argument, except that I don't bother assigning probabilities; I simply say "tentatively true" and "tentatively false" and don't rank them (since I don't believe that a single number between 0 and 1 is a useful way to discriminate.) More importantly I treat one theory as true and the others as false rather treating them all as partially true, which can lead to some weird epistemological side effects.

    Thus I make progress without rejecting potentially true theories and without violating the scientific method, which never treats any theory as true but which only rejects known false ones.

  14. Re:One of many options on DoubleClick On The Blocks? · · Score: 2, Informative

    In fact, with more cash than debt, and a price-to-earnings ratio of 31, that's actually not an entirely bad bet. Buy a share of DCLK for $7.20 and you're buying $4.50 in book value and perhaps $.25 a year in earnings.

    I wouldn't buy it since I don't invest in companies I don't like, but purely on the basis of the numbers this is a solvent and profitable company. I don't think that their earnings are likely to increase enough to justify the P/E of 30, because I think that more Firefox and less IE will decrease their revenue. But this is hardly a fire sale.

  15. Re:Who is an "Evolutionist" anyway? on The Eye: Evolution versus Creationism · · Score: 1

    Has any creationist every put out a scientific paper?

    Yeah, they do. Surprisingly often. Even in the biological field. I used to work for an orthodox Jew with a PhD in biochemistry who believed in the Bible as the word of God. And it's even more common for scientists of other disciplines to be creationists. They do great work on non-evolutionary stuff (even if it comes tantalizingly close).

    It's stunning to me, but they seem to compartmentalize their lives, taking a rigorous approach to their daily work but not applying it to their moral beliefs. It seems to work for them so I'll not quibble.

    If you mean a scientific paper on creationism, well, that's pretty unlikely. Creationists frequently put out papers that they claim are scientific (often under the name of "scientific creationism"). You'll never see it in Science or Nature, since the peer-review process rejects them, but that's pretty stringent category; I've never been published in Science either. But I have been published in less-prominent journals which are no less well-respected in their domains; they just happen to be more specific and less important.

    There are anti-evolution articles which are truly scientific, though I'm afraid I can't name them. They point out gaps in the evolutionary theory and as such are science, albeit of a somewhat poor sort since most such cases (flagella, eyes, mitochondria) seem to fit into "things we don't know yet" rather than "things for which explanations don't exist".

    At least, those which avoid promoting "intelligent design" as an alternative hypothesis could be considered scientific, so they're scientific as long as they're of poor quality (since good quality papers would propose alternative predictive hypotheses). The Intelligent Design hypothesis can't be considered a scientific theory since it's largely non-falsifiable, and any paper promoting it cannot be considered scientific.

  16. Re:This won't change their minds... on The Eye: Evolution versus Creationism · · Score: 5, Insightful

    Since the "God planned it all along" argument is non-falsifiable, those promoting it will never have reason to abandon it.

    Non-falsifiability means that it's useless from a scientific point of view. A useful scientific theory must make predictions; if those predictions turn out to be wrong, then you discard the theory. You almost never know anything 100% certainly in science, but falsifiability lets you know 100% for certain when something is wrong. Lack of falsifiability means that it makes no predictions and is therefore useless. I can assume that it's true, or that it's false, but that doesn't change what I expect to happen in the world.

    Intelligent design arguments are not necessarily non-falsifiable. They predict the existence of features which could not have evolved. The eye was one such feature, but this discovery tends to refute that. There are others, such as mitochondria, which are basically a challenge to evolutionary theory that says, "Show me how that could have evolved".

    (Not to mention that God himself could, someday, speak from the sky, cause plagues of locusts, and generally prove his existence in the scientific sense. His reasons for not doing so remain obscure to me, but then, by definition they would.)

    Personally, I believe that if there were an intelligent designer we wouldn't have to search so hard for evidence. An intelligent designer had many, many options; if we're not descended from ape-like species, then it was unnecessarily parsimonious of that designer to make us so extraordinarily similar, down the the levels of individual bones and individual nucleic acids. Those pieces of evidence that claim to falsify evolution are few and far between and it generally seems possible to find the refutations for them, given time either to piece out the genetics or the necessarily gap-ridden fossil record.

    But that won't change the minds of anybody who believes a non-falsifiable theory in the first place. They don't place the same priority that I do on predictive powers of theories. They're more interested in the moral implications, and will disregard any theory that denies their morality, no matter how much closer it comes to "truth" in the scientific sense. It's just not something they care about.

    It's not my cup of tea, and of course I'm upset when they try to force on me a version of truth that I can prove is wrong (using a version of "proof" that they don't accept but which has proven very useful for developing things like toaster ovens and rocket ships). Especially when that version of truth contradicts my moral beliefs. But without even a single point of overlap between us there appears to be no rational place to resolve that. It must be an article of faith. If you wish your faith to contradict perceived reaility, or to make no statements whatever about perceived reality, then I will certainly outcompete you in the building of toaster-ovens and rocket ships, but that may not matter.

  17. Re:Serious questions on The Votemaster Is...Andrew Tanenbaum · · Score: 1

    George W. Bush had originally tried to get the US to butt out of Middle East policy. Clinton very much wanted his Nobel Peace Prize, but Bush wished to be rather more isolationist.

    Unfortunately, September 11, 2001 made it difficult for him to ignore the Middle East. Islamic radicalists hate Israel for two reasons, first for its existence as a Jewish state, and second for its treatment of Palestinians. Israel being a close ally of the US (and indeed of the West in general until a few years ago; it's only in the past decade that its horrific treatment of Palestinians has lost it the moral high ground), it had to provide a safe place for Israel to be. One way to do that is to bring less radical regimes to the surrounding countries.

    I think that most of the world would argue that a better approach would be to resolve the Israeli/Palestinian crisis. You can see why that wouldn't appeal to George Bush: Clinton (a far superior diplomat) had failed, and failed miserably. The crisis is largely perceived in the US, from both the left and the right, as being almost entirely the fault of the Palestinians, and that any atrocities committed by the Israelis are done purely in the name of defending innocents from terrorism (who are the target of such attacks, as opposed to the incidental casualties of Israeli attacks against believed Islamist terrorists.)

    I'm not defending the perception, I'm merely reporting it. The rest of the world sees it very differently, but it means that the US is simply not going to be too hard on Israel, and that's just a fact of political life that you have to take into account when strategizing for the US.

    So as of 9/11, Bush was faced with the same crisis that faces Kerry with respect to the war in Iraq: terrible mistakes have gotten us here, but we cannot undo the past and must somehow find a way forward. It may well have been best for the US to have meddled less in Middle Eastern affairs in the 50s and 60s; it would have been nice if France and Britain (and, to a smaller degree, the Netherlands from which your URL comes) hadn't wrecked the political situation in Africa.

    For the US to pull unilaterally out of Iraq, and the Middle East in general, would likely be disastrous. A sibling post to yours points out that the Iraqis do not want a theocracy, but I reply that if the theocrats are the ones with guns that may well be what they get. The US could well be sowing the seeds of the next Osama bin Laden among its "allies" in the Middle East, but that is a risk it must take, since a unilateral departure would almost certainly be worse (on that Bush and Kerry agree.)

    Bringing democracy to Iraq and the Middle East may not be the best approach, but at this point "regime change" from Saddam Hussein is a fact and something must be put in place. Democracy seems generally the least-worst alternative, especially since the US has a terrible habit of supporting dictators who then turn on us. The alternative of stepping away altogether... well, I wouldn't vote for a candidate who proposed that.

  18. Re:Nuclear waste is no more dangerous... on Mother Nature Does Nuclear Power · · Score: 1

    Except that radioactive rock is buried well away from things, and it takes a major effort to go get it. People burying radioactive waste have a tendency to go to the minimum level of effort to get rid of it. Radioactive waste at Yucca Mountain won't be buried, not in that sense: the doors will still be open until the thing is sealed. At which point we'll still have radioactive waste, and be looking for another place to put it.

    Also, I'm not convinced that nuclear waste is no more radioactive than radioactive ore. High-level waste is far more radioactive than radioactive ore. Low-level waste, which is far more prevalent, may be no more radioactive than most ore, but there are vast quantities of it, and right now it's sitting out there right on the surface.

  19. Re:Time spans on Mother Nature Does Nuclear Power · · Score: 4, Insightful

    This is true. But the existence of a safe nuclear reactor doesn't mean that any particular power plant is safe. The plants currently in existence are run by people, are located within tens of miles of human homes, and are vastly complicated pieces of machinery. When they're done they leave radioactive bits lying around; even self-contained they're potentially dangerous for thousands of years.

    You're right: if somebody were to mimic nature's design by building a totally safe and self-contained a bunch of know-nothing, knee-jerk environmentalists would protest against it anyway. But that doesn't imply that the same know-nothing, knee-jerk environmentalists are wrong to protest current designs.

    The Oklo reactor has a number of design advantages (as it were) over ours. For one thing it doesn't actually have to generate any power, so it can run at an arbitrarily low level and far away from anybody who might care what it does. For another it didn't have to cope with the possibility of somebody attempting to steal its fuels or attempting to destroy it hoping to cause injury.

    For a third, it didn't consider the possibility that its waste products would be a danger to anybody walking by. Our waste products must not only be sealed, but potentially people may even forget where they are, and warnings must be placed for thousands of years.

    I don't think that these problems are insoluble. I believe safe reactors can be built, the risks reduced to acceptable levels. There will be those who don't understand, and I get frustrated at them, too. But neither will I pretend that nuclear power is totally safe, especially in its present implementation. Those opposed to nuclear power are not completely off base, and it's wise to listen to the smart ones. As for the stupid ones... well, there are stupid people on every side of every argument.

  20. Re:Nader on Halloween Fun · · Score: 1

    I gotta come clean. I stole that joke from Aaron McGruder, author of Boondocks. He did that joke four years ago, and it's nearly as funny today.

  21. Re:Nader on Halloween Fun · · Score: 4, Funny

    Nader's easy. You just go to the party then stand out in the cold.

  22. Seconded on Two New TLD's Near Approval · · Score: 4, Insightful

    If you were registering a new domain foo, and foo.com were taken, what exactly do you get for yourself by registering it as foo.biz? Or foo.us? You risk having your mail sent over to foo.com anyway, because that's what people know.

    I have no idea what the Belgium post office thinks it can accomplish with the .post TLD. If they think they can get people's minds to believe "Oh, that's a postal facility, I'll check under .post first", well, maybe they're right, but I wouldn't bet on it.

    I concur that geographic names have some use; it would perhaps have been better never to have introduced .com and for most of those current .coms to be .us. The language differences are useful; I expect amazon.de to speak German and to mail cheaply to addresses in Germany. The .com TLD should perhaps be reserved for the truly multinational site that directs you to your country/language specific sites. So perhaps it really should be amazon.us instead, but it's too late now.

    At this point whenever I see companies with irregular TLDs, I think of them as second-rate. Often those TLDs are cheaper, and so the companies seem shady or fly-by-night (especially if they're trying to save a measly five bucks on makealotofcashlegally.biz). If you have a name and you can't get .com, get a new name.

    Actually, I myself use a personal .net address which I've owned since the days when .net had a meaning, but if I had it all to do over again I'd grab a .com instead. I wonder how much mail I've lost to people sending it to the .com equivalent. If it were a business I'd change the name, but it's just me.

  23. Re:Backdoor.... on PostNuke Open Source CMS Attacked · · Score: 1

    E-voting software must have its source open. I consider that non-negotiable. There's no way I would trust any company with that responsibility. I will be voting on a closed-source voting machine one week from today, and I have no idea whether it will be counted correctly. But then, I never did.

    I don't trust mechanical machines, either. How do I know what goes on inside them? Nor do I trust the punch-card counters or optical counters or whatever.

    Proper voting requires a hell of a chain of authenticity. I want the CPU checked, the memory checked, the software loader validated, MD5s on every piece of code going in, including the operating system. Any opening is an opening. So yeah, I'd feel better if I could check the source myself, but there's a lot of components between me and Dan Rather announcing the result and they all scare the hell out of me.

  24. Re:Backdoor.... on PostNuke Open Source CMS Attacked · · Score: 2, Informative

    Provable? Really? When was the last time you saw any product proven secure, even with the source?

    Perhaps I'm being over-literal; "proof" is a very, very high standard which almost nothing ever lives up to. Even if the code doesn't contain obviously:

    if(password == guess || guess == "b4ckd00r")) { ... }

    there are a million ways for a clever programmer to insinuate a back door that would survive substantial scrutiny.

    You don't need me to rehash the various security advantages of closed vs. open source; that's happening all over this thread. But I don't think it's up to closed source developers to prove their safety, since it's an impossibly high standard. The have the advantage of a more tightly controlled software development base (in contrast to community-developed software, although I realize that not all open-source is developed that way.) It's not perfect, but nothing is perfect shy of genuine proof, and the merits of each are debatable.

    I would personally love to see open source programs written in a language that admitted proofs; it's impossible in C and C++ and extremely unlikely in Java and C#. I'd love to see projects make formally stated claims like "only allows users with valid passwords" and have you run your proof-checker against the source code, just like you check the MD5s of all the software you download. (You do check all those MD5s, don't you?)

    It doesn't even have to be open source; both Java's VM and C#'s VM run substantial proofs on the object code. They're not sufficient to guarantee against malicious modification of the source code base. A proof language could be.

  25. Re:Polygraphs and plants. on Challenging The 'Unbeatable' Polygraph · · Score: 1

    What exactly does it mean to hook a polygraph up to a plant? A polygraph usually includes a heart rate monitor, a respiration monitor, a blood pressure cuff, and a galvanic skin response monitor. I suppose I could pretend that plants sweat in response to stress, but what is the heart rate monitor going to do? And where do you hook up the respiration sensor (which counts chest motion, not gas composition)? Can you have systolic pressure in something which doesn't have a heart?

    In other words, not only is this guy an idiot (you knew that because he was on Art Bell's show), but he's clearly talking out his ass and has never even seen a polygraph, much less hooked one up to anything.