Slashdot Mirror


User: jonwil

jonwil's activity in the archive.

Stories
0
Comments
5,010
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,010

  1. The right way to treat encryption keys is... on British Police Demand Access To Encryption Keys · · Score: 1

    Like the combination to a safe.

    There are already rules about how and when the cops can force you to open your safe.
    The same rules should apply to encryption keys and computer passwords since (after all) they are the electronic equivalent of putting physical documents into a locked file cabinet or safe.

  2. why Aladdin 4D? on Slashback: Lapses, Maps, Ludwig Van · · Score: 1

    How come no-one has ever tried this for stuff like old games or something?

  3. Re:Where is the stargate? on Slashback: Lapses, Maps, Ludwig Van · · Score: 1

    Duh, the stargate is inside a mountain and wouldnt show up on arial/sattelite photos anyway.

  4. Re:Conspiracy! on Google Moon Debuts · · Score: 1

    Would there not be images of either landers that have landed and left or of landers still on the moon taken from lunar orbit by the apollo crews?
    The later apollo missions landed with pinpoint accuracy and the Command Module Pilots were able to see the landers from space so there would be pictures of them somewhere one would think.

  5. My idea for a way to stop phishing on SiteKey to Prevent Phishing · · Score: 1

    1.You go to the bank website.
    2.The login form has a username and password field plus a randomly generated number and a field for a hash.
    3.You input the randomly generated number into a little calculator containing a unique-to-you number which uses a hash algorithim and spits out another number.
    If the calculator and bank details are stolen or lost, you can get a new calculator with a different unique-to-you number. (well the number might not be unique-to-you but it would be random enough to not be something one could figure out)
    Assume that the number inside the secret calculator is N and the number you key into it is K, the output is o = f(n,k). The hash algorithim should be designed so that the value of k that would produce o = n is different for each value of n.
    4.You then input your username and password plus the output from the calculator. The bank generates the same hash as the calculator does using the same number as stored in the calculator.
    5.Then if they match, it lets you into the bank site.
    and 6.When you want to do a funds transfer to someone, you have to plug another number into the calculator and get another hash.

    This system would stop phishers since the first number returned (i.e. when you first see the login screen) is only valid for a very short time (e.g. 5 minutes or even less) and is linked to the IP address of the machine that sent the http request.

    This means that even if the phishers are able to get you to input the number into the little calculator and then the result into their login form, the number is useless because the number they capture is linked to the IP address of the machine making the http request to get the number and also only valid for a limited time.

    Also, the second hash that is generated would be specifically linked to the specific set of transaction numbers (destination account and amount). Lets say they steal the first set of numbers and manage to log in from the correct machine at the correct time, they would still then need to prompt you for a second password in order to actually do funds transfer.

    To prevent phishers doing a trick like "Your password is invalid, please enter it again" to get the second login, the hash algorithim used for the calculator should take as input for the second hash, the unique number AND the amount. If you enter an amount thats different to what the bank thinks you want to transfer, the hashes wont match up.

    What this would mean is that people would need to type the actual amount the phishers are going to transfer from their account into the little calculator and anyone who is stupid enough to blindly press "Funds Transfer" "1000.00" "OK" "" "OK" into the little calculator (assuming of course that they arent actually legitimatly transfering $1000.00) probobly shouldnt be using a computer, let alone online banking.

    So that this would be easier on the customer (especially if you transfer money to the same account all the time), there would be an "approved payee" list. To add an account to the white list you would visit the page and get another random hash. You then press "Add Approved Payee" "" "OK" "" "OK".

    It might take a little bit more effort but it would be resistant to all attacks (even a man-in-the-middle attack wouldnt work since no-one except the user has the right little calculator to input "Funds Transfer" "1000.00" "OK" "" "OK" into).

    This has an advantage over the "one time use password" type systems since with those systems the phishing scam can just ask you to input enough of the codes so that they get one they can then use.
    Its certainly more secure than the simple "username + password" login my bank uses (you do need to enter the password again in order to do a funds transfer though)

  6. This wont fly on Microsoft Sues Google For Hiring MS Exec · · Score: 1

    Unless Microsoft can proove that google knew that mr lee had a non compete clause that prevented mr lee from working for google, there is no way google could be liable

    It is mr lee who is liable (for taking a job with google in violation of the non-compete and for not telling google about the non-compete)

  7. Re:An interesting thing about the story... on Microsoft Sues Google For Hiring MS Exec · · Score: 1

    Ummm, an NDA (or similar) would be (one would think) a permanent thing (or certainly very long) and as soon as google revealed the stuff it pilfered from microsoft via this ex MS employee, microsoft could sue.
    Doesnt matter if its 1 day, 1 year or 20 years after the guy left MS.

  8. Re:Is IBM is stupid? on User Group Urges IBM To Open OS/2 · · Score: 1

    Its less legal if the people writing it are using OS/2 source code, trade secrets and stuff without the permission of the right people (for example, given that Microsoft owns chunks of OS/2, its highly likely that IBM legal was worried about Microsoft code ending up in the OS/2 emulation layer which would likely be in violation of the very limited aggreement IBM has with Microsoft)

  9. Re:I hope... on Doom Movie Might Not Be Terrible · · Score: 1

    Yeah, the whole "demons from hell" thing is central to the idea of DOOM, if they dont have it, it will just be a lame Ghosts Of Mars clone.

  10. Re:Will it have the hidden level? on Doom Movie Might Not Be Terrible · · Score: 1

    Unfortunatly, just like the game way back when, if they did that, they would have to censor the Wolfenstien 3D like bits in germany (some crap about "you cant kill germans even if they are nazis)

  11. Re:Mature vs. Adult Only on How the ESRB Rates Games · · Score: 1

    I think AO only exists to give the ESRB a place to put all the stuff that the moral conservative idiots consider "wrong".
    So, Violence, Blood, Guts, Gore etc = M
    Sex, Nudity, Porn = AO
    Profanity = ? (not sure what the US standards on it are)

  12. Re:Um, what? on EA To Publish for Valve · · Score: 2, Informative

    Firstly, they need a publisher for the X-Box version (presumably the fact that they went with EA means that they couldnt or didnt want to self-publish this)
    And secondly they need a publisher to get copies of things like expansions, mods (and also the eventual Half-Life 3) onto store shelves (not everyone is prepared/able to buy HL2 from Steam)

  13. Re:I hope Valve was hard-nosed on EA To Publish for Valve · · Score: 1

    For an example of developer vs publisher when it comes to patches, look at the PC version of HALO and what happened with the whole Halo CE thing.

  14. Re:Customers on Bill Gates Swears Vow Against 'Son of iPod' · · Score: 4, Interesting

    In order for downloads of video (movies & TV) to be a hit like the iTunes Music Store was, they will need to have the following attributes:
    1.They must either be DVD quality (including all the extras) or they must be cheaper than the equivilant DVD (to make up for the loss of quality)
    2.They must be available at the same time as the DVD release (if not earlier)
    3.They must be in a format (or convertable to a format) that you can record onto something (be it a recordable DVD or a recordable HD-DVD/BluRay disk) and play on your TV setup (be it a home theater system with a big TV or a smaller TV and a simple cheap DVD player)
    I for one dont want to watch movies or TV on my computer, I want to watch on my TV sitting in my comfortable chair.

    Bit Torrent and other P2P services are popular with people because of:
    A.Availability. For those in america, its a great way to get TV shows not playing where you live (including e.g. foriegn TV shows american networks arent playing or shows only on pay TV services you cant get or cant afford)
    And for those abroad, its a great way to get TV shows that just havent reached your country yet (anyone who lives in australia knows how great BitTorrent etc is for downloading all those Yank shows that we just wont see because no local network is prepared to show them or whatever)

    B.Cost. Its very hard to beat free. Even though it is illegal, a lot of people dont care and download anyway (especially since a lot of people believe that just downloading without actually "sharing" anything means they cant get caught and that only the big fish with a large number of shared files are going to be targeted)

    and C.Range. You can get stuff on BitTorrent that just isnt available on DVD (and isnt going to be), things like reality TV and stuff.

    For a download service to work, it would have to come as close as possible to the availability of shows as BitTorrent and other P2P services do (if you cant download it from the download service until 12-18 months after it has aired, people will continue to download from BitTorrent which may well have it 12-18 hours after it first airs). It would also have to have better quality files than what you find on BitTorrent (the files available on the download site for current shows/movies could probobly be produced directly from the same digital master files that are used to produce the over-the-air copies and the DVD masters which means they are as close to perfect as the codec and bitrate used on the files will allow). Also, a download service could offer things DVD cant, including series where the cost to release DVDs is considered too much given likely sales (the cost to make files available on the download service would be cheaper than the cost to make DVDs) and also things like reality TV or sports games which just dont make sense to put on DVD.

    The iTunes Music Store works because:
    1.You are gauranteed to be able to get the song you want (and not a "fake" garbage song file or a song thats not what you want or getting no search results because no-one has the song you want shared)

    2.In a lot of cases, you can preview the song to make sure its what you are looking for before you commit to purchasing it)

    3.Once you have the song, you can put it onto an iPod, an iTunes phone (the new one with ITMS supoprt) or a completly normal no copy protection anywhere audio CD (which can be played on pretty much anything that can read audio CDs)

    And the songs are cheap enough too.

    In short, it has none of the disadvantages of P2P (risk of being caught by the RIAA, lack of sources for the song you want, poor quality rips, fake or garbage song files, songs that arent what the filename claims they are) whilst coming as close to the advantages of P2P (low cost and unrestricted files) as its possible for a legal download service to get.

  15. Re:I find it hard to believe on What's On Your Network? · · Score: 1

    There is a big difference between "You cant use Firefox, use Mozilla instead" and "You cant use Firefox, use Intercrap Exploder instead" :)

  16. Re:Swords overrated on IGN on the State of the CRPG · · Score: 1

    Sentinel Worlds 1 Future Magic.
    The top weapon in that game is a gun of some kind (most probobly the Neutron Gun acording to the documentation)

    And that game definatly qualifies as an RPG.

  17. Re:I can think of some existing places needing wor on Five PC Innovations the Industry Should Get To · · Score: 1

    Why arent companies spending more effort to make desktop computers use less electricity?
    If someone like Dell (with a new CPU and motherboard and graphics from Intel and other components from wherever) came out with a lower-power desktop machine, it would sell like hotcakes (especially to e.g. corperations who would see it as a way to save on their energy bills)

  18. Re:3D! on Five PC Innovations the Industry Should Get To · · Score: 1

    Yeah, why cant we get the same thing as seen in the first part of "Paycheck"?

  19. Re:My list on Five PC Innovations the Industry Should Get To · · Score: 1

    I seem to remember a number of macs that had a power button on the keyboard to turn it on and a "shut down" option on the menu to turn it off.

  20. Re:Game Keys. on Five PC Innovations the Industry Should Get To · · Score: 1

    Such a device would probobly be similar to this:
    http://www.aladdin.com/hasp/

  21. Re:I find it hard to believe on What's On Your Network? · · Score: 1

    Its not "You cant use Firefox", its more likely "You cant use anything we havent approved" because of the risks that might entail.

  22. Re:user agent on MS Urging Developers To Prep For IE 7 · · Score: 1

    Simple, write to the subset of HTML, CSS and JavaScript supported by IE6, IE7, Mozilla/Firefox/Netscape 8, and Safari.

    If you do that, you have most of the web.
    The rest are then people using outdated tech
    (like Netscape 4.x, IE 4/5 etc)

  23. Re:Windows compatibility.. the real hidden reason. on Another Theory on Apple's Move To Intel · · Score: 4, Interesting

    Someone with access to an OSX Intel DEV box actually posted patches to the WINE lists which appear to be "make WINE work on OSX intel" patches.

  24. Re:Will it stop a semi-serious pirate? on Longhorn to Require Monitor-Based DRM · · Score: 1

    Gogle for "hdcp crack" to see how much (or rather how little) of an obstacle encrypted video streams can be.

  25. Its not control of the Internet... on Governing the Internet Report Released · · Score: 2, Interesting

    Its control of the key parts of it.

    Basicly, the internet consists of the following core elements:
    1.The core Protocols that underly it (that are drawn up as RFCs and put out by the IETF). The IETF seems to be doing a good job of this (although its slow to get a RFC out, there is no reason you cant go and use without one plusd RFCs need to be very well thought out in order to work)

    2.IP address allocation.
    Right now various agencies (I know the IANA used to do this but they dont do it anymore, someone else does) hand out IP address blocks. That function seems to be running right (other than the physical lack of usable addresses that is)
    If IPV6 was more widely deployed, you wouldnt have any address problems since IPV6 provides so many addersses that even a home user could have an IPV6 block where the upper 120 bits were fixed and then they would get 8 bits of address to allocate to devices (IANA IPV6 guru so 8 bits for a normal home user might be too much but even 6 bits would give them 64 or so addresses to use)
    You could give different countries a block of IP addresses which could then give ISPs and hosts etc parts of that block and so on down to the users.

    Also IPV6 adoption would mean a greater adoption of encryption (via IPSecV6 or something similar) and multicasting.

    3.DNS. Right now, this is controled by those who run the root servers. And by ICANN and DOC who ultimatly control the root zone file (which points to the ccTLD and gTLD nameservers run by verisign and others). Then, verisign and others control the ccTLDs and gTLDs. What is needed here is for control of the root zone file as well as control over the key gTLDs (like .com, .net, .org etc) be given to one organization who is specifically set up as a non-profit (i.e. is not allowed to make any money or charge more for addresses in the TLDs than it costs them to run things). This organization would be prohibited from doing anything not connected with running the DNS (e.g. setting up sitefinder type ads) and would be controled and managed in a way that looks after the interests of ALL the stakeholders in the global Internet (i.e. governments, ISPs, big net companies like google etc). No one government, country or organization would have control over DNS and the root zone file (which would go back to the central idea of the Internet being a network of networks with those who run the individual networks having collective power over those parts of the internet where their networks link up).
    Special gTLDs like .edu, .mil or .gov would be run by the relavent organization (e.g. .mil would be run by the US militay).
    ccTLDs would be run by whatever agency the governments of those countries decides should run them (e.g. .uk, .co.uk etc would be run by whoever the UK government decides should run it)

    and 4.the cables, routers and systems that actually make the core of the Internet work. The problem right now (IMO) is that too much of this infrastructure is held by too few companies (a lot of it is held by phone companies/large ISPs)
    There is not enough redundancy (and this isnt just to do with a lack of physical cables, its also to do with the fact that the large ISPs and phone cos that own the backbone wont allow/dont want/charge to much for their systems to talk to each other and route data over the other guys links when theirs is down.
    In addition to this, the consolodation of data links (including the fact that there are not as many possible ways for data to get from A to B as their should be) makes it easier for governments, police forces, spy agencies (friendly and otherwise), corperations (MPAA/RIAA/etc for one) and others to "Spy on" and "Monitor" and "Censor/control/block" internet traffic.

    So, the question is, exactly which of the 4 key parts that make up the Internet as we know it is the part that people seem to think could be run better by an agency other than ICANN or the US Goverment?