Slashdot Mirror


User: Kadin2048

Kadin2048's activity in the archive.

Stories
0
Comments
6,648
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,648

  1. Re:It's a matter of trust and privacy on Linux Biometrics Site Opens Doors · · Score: 1
    The security of an open source system depends principally upon the simple fact that there are more good people out there than there are bad people. (This is basically an assumed premise in most FOSS discussions.) If this is true, then the more open you make your source code, then the more secure it will become. Some people will find exploits and use them for their own advantage, certainly, but when the exploit is discovered it will be much more rapidly fixed than it would have been otherwise.


    For evidence just look at the turnaround time patching security holes in Linux versus in Windows. I don't mean to turn this into an MS/Linux flame war, but there is a distinct advantage here in having an army of programmers around the globe combing over the code, and patching it when an exploit is found.


    I'm not sure that I can argue that an open source architecture is inherently more secure than a totally closed-source "black box," where nobody knows the code or even has the foggiest idea about how the internals of a given mechanism work. But that black box doesn't really exist in real life. Details always leak out. Intelligent people apply themselves to the same problem and make educated guesses at what the engineers must have done inside. Reverse engineering happens in the real world.


    It is in this real world, and not in the theoretical vacuum, where open source software has a real advantage. Because the code is already out in the open, exposed to the gazes of would-be hackers and patchers alike, there are no surprises. Contrast that to when code from a closed-source project is leaked (your Half Life example is perfect) and everyone waits with baited breath to see what the thousands of outside programmers will find in the code!


    The question that open source asks is: wouldn't you like more than one try at that? Wouldn't you, as the user of a security application, prefer to use software whose code has been grown and developed not in the isolated network of some NDA-ridden research lab, but by early adopters all over the internet? And where all the obvious exploits have already been ironed out and removed? Where no programmer dares leave a backdoor, knowing that his or her work will be peer-reviewed by hundreds of other programmers? That's the question facing security software, and frankly, I have yet to see one convincing argument for anything but FOSS.

  2. Re:Be careful with biometrics! on Linux Biometrics Site Opens Doors · · Score: 1
    Well, not necessarily true. A good system would store the result of a one-way hash function run on some quantifiable aspect (the distances and azimuths between places where lines converge, etc.) of the fingerprint, that way the original biometric data couldn't be reconstructed if the database were compromised. The actual "fingerprint" would only go between the scanner and the microcontroller performing the hash function.


    I'm not saying that your fingerprint couldn't be stolen, just that there are systems you could put in place that would make sure that thieves have to steal them individually at 'point of sale' or wherever, instead of just grabbing them wholesale from some database.

  3. Re:This site looks like spam.. on Linux Biometrics Site Opens Doors · · Score: 1
    Really what this system is, is a whole lot of ass-covering on behalf of the pharmacy's owners. With a biometric system, in the case of a misprinted label, the pharmacy can place the blame squarely at the pharmacist that day, since they can "prove" who it was that ordered the approval label printed. It severely weakens the pharmacists' defense that "hey, it wasn't me, somebody must have used my code."


    I've seen similar systems used in healthcare on narcotics lockers and in other controlled areas. The system isn't really any more secure than just having a pushbutton combination lock or something, but it eliminates the after-the-fact excuse that 'somebody stole my code.' At least right now, when there haven't been any widely publicized exploits of biometric technology by thieves or hackers, it does. Whether in the future when this inevitably occurs the demand for biometrics goes down proportional to the increase in "they stole my fingerprint" excuses, remains to be seen.

  4. Re:is it wise? on Hole Drilled to Bottom of Earth's Crust · · Score: 4, Informative
    Huh? Certainly you don't think that if you stick a straw down to the bottom of the ocean, that water will flow UP it, higher than the surface of the water up above...do you?


    If you do, then you should review some basic physics concepts. The pressure differential that exists between the water on top of the ocean and at the bottom would also exist between the bottom of the pipe and the top. So you would have exactly the same level of water inside your straw, as you would outside. Just like in a bottle of Coke or something. Putting one end of the straw at the bottom of the bottle doesn't cause the soda to come shooting out the other end towards your face (although it would be funny if it did, wouldn't it?).


    The only exception is if you were to lower the 'straw' down while filled with air (by keeping the top closed and equalizing the pressure against the water using compressed air) and then when you got down to the desired depth, releasing the cap on top -- this would cause water to rush in the bottom to equalize the fluid levels between the inside and outside of the pipe. If the differential is big enough it may in fact be moving quickly enough to 'overshoot' the water level of the ocean and come out the top of the pipe, but this is temporary only -- the steady state solution is with both fluid levels equal.


    If you don't believe me, go get a clear straw and a glass of water and come back when you've tried it.

  5. Re:The Robot Apocalypse draws one step nearer... on S. Korea Considers Using Armed Robots Along DMZ · · Score: 1
    Yeah really. Brings a whole new meaning to 'blue screen of death,' doesn't it?


    I do wonder though what operating systems the embedded military systems run on. I've seen a few of them and they look totally custom (at least the interfaces). I'm curious about the backend, though.

  6. Re:Robot Apocalypse of Nature is one step closer on S. Korea Considers Using Armed Robots Along DMZ · · Score: 1

    I just tend to wonder how long anything would last in the DMZ. I mean, it IS a free-fire zone ... how many minutes will it be out there before some NK border guards decide to use it for target practice? The DMZ isn't that wide, you can pretty much shoot anything inside it from the edges (where hopefully the robot wouldn't be programmed to shoot into, lest it start a war). And low tech as they may be, I'm sure the North has anti-tank (anti-robot?) missiles or rockets somewhere.

  7. Re:The Robot Apocalypse draws one step nearer... on S. Korea Considers Using Armed Robots Along DMZ · · Score: 1
    Well, although I suppose that a demonstration might have been an option, but given that it took the destruction of not one but two cities to force a surrender out of the Imperialists, I think it would have just been a lot of wasted time. And time was of the essence, because every day that went by was another day the Japanese had to solidify their home islands against the eventual invasion that would have to take place if the bombs didn't work.


    And it wasn't as if the atom bomb was a complete surprise, the Potsdam declaration was pretty specific when it talked about the "inevitable and complete destruction of the Japanese armed forces and just as inevitably the utter devastation of the Japanese homeland" (cite). The method is of course not specified, but given the option to 'surrender or else,' they picked 'or else.'


    But mostly my problem with the whole 'there should have been a demonstration' line of thinking is that it's a moot point: the Imperialists didn't surrender even after one city was destroyed, and they almost didn't surrender after two. I can't honestly imagine that anyone thinks they would have surrendered after some offshore demonstration.

  8. Re:The Robot Apocalypse draws one step nearer... on S. Korea Considers Using Armed Robots Along DMZ · · Score: 1
    I see two distinct possibilities:
    You could build a small number of very expensive, very heavily armed robots... something like an unmanned tank or Bradley but with a lot more sensors, and probably different weaponry. (I'm rather partial to these.)
    But given that the DMZ is a free-fire zone to both sides, and that anti-tank technology is pretty advanced and inexpensive versus the construction cost to build something like that, I'm not sure how good an investment it would be. I mean, two North Koreans, one with a good set of binoculars to keep an eye on it, and another with an RPG-7 (or an improved version of such) when they finally want the robot to go away, and there goes your defensive system.


    The more creative solution would be large number of mass produced, inexpensive, lightly armed robots. Either autonomous or remote-controlled, you'd put so many of them out there that the loss of one or two wouldn't be significant.
    I imagine something the size of one of those Roomba automatic vacuum cleaners, armed with one small rocket or missile and a hefty self-destruct charge.

  9. Re:IFF on S. Korea Considers Using Armed Robots Along DMZ · · Score: 3, Insightful
    An excellent point. Something which I don't think is discussed enough, especially in relation to the (IMO lame) arguments over Predator drones, is that aircraft shoot at each other all the time when there is no possible way of observation except through some equipment-mediated method.


    With over-the-horizion air-to-air missiles, satellite-guided bombs, and long range artillery, there are lots of situations where a human being can be there at the weapon pulling the trigger and have the exact same knowledge that someone in a bunker 5,000 miles away might have. And quite possibly less. And quite certainly they're a lot more distracted/frustrated/tired/sweaty than someone who's entire job that day is to fly the [bomb/drone/artillery shell] to its target on a computer screen.


    With the exception of infantry and special operations units, who still get to meet their enemies up-close and personal on a regular basis, many groups of warriors on the modern battlefield never see their adversaries with the naked eye, and hunt, engage, and destroy them through the intermediary of a computer or other electronic viewer. UAVs, taking one example, just take the wire between the camera/sensor on the outside of the aircraft (i.e. the FLIR) and the pilot's display, and extend it from 15' or so, to a few thousand miles. The decision is still being made the same way.

  10. Re:The Robot Apocalypse draws one step nearer... on S. Korea Considers Using Armed Robots Along DMZ · · Score: 1
    Maybe they could turn controlling these things into a video game? Might be kind of boring if there wasn't a war on, but I still bet you could get a lot of volunteers.


    More seriously, a distributed solution to processing all the data obtained by a network of observation drones and then fed to hunter/killer robots seems to beg for a distributed processing solution. Rather than create a bottleneck with one office processing the imagery or whatever, you could send each photo of a possible contact to several different people who'd review it in real time. They'd only have to be reasonably trusted, and if the system was set up right it could be very resistant to outside attack. (And wasn't that the point of the Internet anyway?)

  11. Re:The Robot Apocalypse draws one step nearer... on S. Korea Considers Using Armed Robots Along DMZ · · Score: 1
    Your argument doesn't even make sense.


    In 1944, there were two options: massed invasion of the home islands of Japan with 14 combat divisions, widespread use of chemical weapons, etc. Or, try this new thing that the physicists had cooked up. Truman decided for the latter, a few weeks later the war was over.


    In the Balkans, again there were two options: blow the power plants into rubble with high explosives, or try these new 'graphite bombs' the R&D boys had cooked up. The commanders opted for the latter. It did not work. They went back and used the other option. It worked.


    The only thing your post says to me is that given the decision between a potentially less destructive but unproven technology and a more destructive but surefire one, we tend to choose the less destructive one, and keep the more destructive one in reserve. This seems like good policy to me.


    As for your conspiracy theory angle, sometimes the logical explanation which justifies an action is just that, a logical explanation. People who are faced with decisions of grave importance I highly doubt make them because of spur of the moment whims. Although one moment's logical explanation can be the next moment's fallacy, due to bad information or any number of factors, you need a lot more evidence to undermine the decision-making process in the first place.

  12. Re:The Robot Apocalypse draws one step nearer... on S. Korea Considers Using Armed Robots Along DMZ · · Score: 1
    No. Offensive and defensive operations are by their nature different, and machines are incredibly suited to defensive ones and incredibly ill-suited to offensive ones.


    Defensive operations require never-ending patience and alertness, something that humans are notoriously bad at. Even the best-trained unit will be worn down with enough boring routine, and units have to be constantly rotated in and out of high-stress / low-action jobs like border monitoring lest they start to become lax.
    Machines, on the other hand, do not become tired, do not become bored, and provided they are well maintained, do not become lax over time. I wouldn't want to trust machines for my entire defensive strategy, because any intelligent enemy will eventually find ways to get around a mechanized defense, and human intelligence is needed to discern new types of enemy incursions and tell the computer what to watch for and what is noise.


    The offensive side of warfare, IMO will never be fought entirely machines. Barring the creation of sentient life in silicon, the limits of any computer's programming can be found and exploited by a motivated enough human adversary. (And because I know someone will mention it, war is not chess, and cannot be solved by brute force a la Deep Blue.)


    This is not to say that 'robots,' in the form of remote-controlled devices, will not be used in an offensive role -- they already are -- but I doubt they will replace humans at the controls for more than a very few niche positions. On the defensive side though, where there is less of a requirement for creative thinking and more need for absolute and uncompromising thoroughness and deficit-free attention, I could see many robot observers with one human master replacing a large number of bored PFCs in guard towers.

  13. Re:Something to Think About on Midsize Businesses Not Considering Linux? · · Score: 1
    I think this is very true, based on my personal experience.
    There are a lot of mid-sized businesses that have just been "coasting" along for the past 10+ years in some cases, taking piecemeal upgrades here and there, and think that they can't afford to change to a completely different OS.


    Really big companies can afford consultants to come in, look at their business model and its core requirements, and then tell them what to get that's open source / Free, and then implement that solution. To them it's a good buy because it realizes a long term savings in MS licensing. And maybe also in being able to customize software more easily (to me this would be a big advantage, but I'm not sure whether companies actually are interested in this aspect).
    The small businesses are starting off from a clean slate as it is, or can 'clean' the slate they have with minimum investment. And the savings is immediate in not having to license another copy of Windows again.
    The midsize businesses have already paid Microsoft, probably have a system they perceive as working OK, maybe have some critical legacy applications that they aren't sure how to get rid of, and don't have IT people that know anything else. Also, they can't afford outside consultants to show them solutions that may never occur to them.


    The other difference which I think hasn't be addressed -- and which I have no real proof of other than my own observations -- is where the talent in IT is going. Free Software in the corporate world seems to be a product of the last few years, and so may be further forward in the minds of recent grads than people who've been working in a MS-centric workplace for 5-10 years.
    From my experience, most recent graduates tend to head either to the top of the corporate food chain, to big corporations with extensive new-hire training programs (IBM comes to mind), or to fairly small startups with lots of room to grow. Mid-size companies rarely have the resources to thoroughly train new people, nor the qualities which attract recent grads to startups. They tend to hire people with more experience who are looking for stability at the cost of some upward movement in the near future.
    This IMO selects against some of the same people who might be the strongest advocates of replacing an existing working system and replacing it with a Linux based one.


    I'm sure there are good, recently graduated people who are big fans of Free Software working in the middle-market segment, but I just don't see this area drawing as much new talent as the top and bottom, and I think this is reflected in the adoption of Linux.
    The corporate world isn't necessarily a 'trickle-down' one as much as it's a 'trickle-together' one, with ideas being adopted by the biggest of the big and the smallest of the small first, then slowly crawling up and down the corporate ladder until they meet in the mid-cap segment of the market.

  14. Re:It happens a lot on Best Buy Has Man Arrested for Using $2 Bills · · Score: 1
    Yes. Which is why I qualified that statement with "although never an elimination" of paper / physical currency.


    There's always a place for physical money, and not just for underground purposes, but because it's direct, immediate, and requires no middleman (e.g. PayPal) who can put restrictions on the sale.


    However, for most day-to-day transactions, I think we will see a further decline in the role physical currency plays in our lives. (Unless you're a drug dealer, in which I suppose you'll be mostly unaffected.) But an increasing number of people are being paid directly into their checking accounts, and then drawing that money out with debit cards, without ever having had it as cash. I think this trend will increase.
    One of the last holdouts of cash in my area was McDonalds restaurants. Like them or hate them, they were a big enough force that they could keep people going to the ATM. They just started accepting various credit and debit cards, and Wendy's and Burger King have followed suit. Dunkin Donuts has already taken them for a while. This is significant because if you think of the things that people buy in an average day or week, fast food is probably one of the last items that you couldn't use a credit card for. Groceries, most entertainment, gasoline, etc all are payable electronically.


    So my point was cash is never going to go away completely (and how can it? If the government were to stop printing paper money you could always use gold, or barter) but that it's role in an average, upstanding citizen's life probably is on the downswing. I'm sure there are case-by-case exceptions to this, but I'm speaking in general terms here.

  15. Re:It happens a lot on Best Buy Has Man Arrested for Using $2 Bills · · Score: 1
    Oh I agree. I have a soft spot for them, but that doesn't mean that I want to replace $1 bills with them tomorrow. (If you did do that, I think you'd have to replace the $1 bill with the $2 instead, otherwise there wouldn't be a low denomination bill with which to make change.)
    Not only for the reasons you mentioned, but also because I think you'd see a lot more items immediately go up from $0.50 - $0.75 to $1.00 overnight. Canned sodas for instance, are still generally less than a buck, but if the dollar became mentally devalued to coin status, I'm not sure they'd stay that way.


    Frankly it's all an academic argument, we'll probably have the same selection of physical money right up until it becomes replaced in wide circulation by electronic transfers, as it seems to have been in some other countries. For example, I spent three weeks in Iceland and never once actually saw a single piece of Icelandic currency--everything was being done with plastic. Although the U.S. has a lot more 'mindshare mass' and will change slowly, I think a decline (although never an elimination) of physical currency is inevitable.

  16. Re:sudo on Mac OS X Tiger Goes Gold · · Score: 1
    Yes you can run GUI applications as root if you want ... just go to the Terminal and type:
    sudo open {application path}
    and type your password. I believe this will run the application as root, allowing you to edit system config files, etc. (If you're lazy, you can get the application path without typing or changing out of your working directory by just dragging the app's icon into the Terminal window. Drop, and it inserts the appropriate path from the filesystem root. Although I'm sure some hardcore CLI wizards will scoff at it, I'm a reasonably advanced user and I use it all the time.)


    I haven't tried doing this in a while, and the time I'm thinking of when I used it was probably OS 10.0, if that. If it doesn't work, I suppose the alternative would be going into NetInfo Prefs and enabling the 'real' root user and logging in as that (although I think that's generally bad practice except when absolutely necessary).

  17. Re:It happens a lot on Best Buy Has Man Arrested for Using $2 Bills · · Score: 1
    I know of several local car-washes (the automated ones, not the ones with the mouth-breathing high school students who brush off your fenders) which run on $1 coins.


    There are several change machines where you put in bills and get coins (used to be Susan B.'s, now they're Golden Dollar coins), then you put three of them into the control consoles in the bay you want to use, to turn the water on. I assume the reason for this is so the car wash operator doesn't have to empty the coin boxes as often as they would if the machines used quarters. I do know of one car wash that does use quarters, and you have to stand there and load 12 into the machine before it turns on ... doesn't take more than one use of that to decide that the $1 coin machines aren't bad.


    Also, I can't believe nobody's mentioned what has to be the biggest use of dollar coins around: casino slot machines.


    Personally I've always had a soft spot for $1 coins. Back when the Golden Dollar ones came out I got a few rolls of them and used them at various places, but it looks like they didn't catch on and will eventually go the way of the Susan B. and $2 bill.

  18. Re:entitlement? on Is Obtaining a Windows Refund Still Difficult? · · Score: 1
    Yeah -- and have you tried buying a car with manual windows lately?


    Either way, you're screwed when it comes to "windows."

  19. Re:Why shouldn't he charge you extra? on Is Obtaining a Windows Refund Still Difficult? · · Score: 2, Insightful
    This is a moot point, the guy could have just bought the laptop without the hard drive then.


    In that case, the company would have had no excuse to charge him extra for not installing Windows (or de-installing it, whatever). Unless of course all the laptops already have hard drives in them, pre-installed in China or wherever they're being assembled. In which case I would say that a company that's not even assembling the computers on-site isn't one that I'd really want to buy a 'custom' system from, and is a bit hypocritical to be doing so.

  20. Re:Of course it's not on U.S. to Require Passport To Re-Enter Country · · Score: 1
    Yes, but this is fairly recent. My understanding is that proof-of-citizenship requirements have been added to driver's licenses in response to the influx of illegals, mostly from Mexico. The underlying assumption seems to be that because people tend to accept a driver's license as meaning you're here legitimately, they shouldn't be given out to people who are breaking the law with their presence.


    They go back and forth about it in California every once in a while. It's interesting that Tennessee has that requirement in place, I wonder what its history was.


    Personally I can see both sides of the issue -- obviously giving out driver's licenses to illegal immigrants is bad policy if people use those driver's licenses as some sort of proof that you're here legitimately; but as was mentioned further up in the thread, they're not SUPPOSED to mean that you're a citizen, or here legally, or anything else of the sort. All they mean is that you know how to drive a car.

  21. Re:More power to you, Jon! on Jon Johansen Breaks iTunes DRM Yet Again · · Score: 1
    This is an excellent point. I suppose I should clarify myself (not that it's particularly important): the thing which makes me most nervous, or least comfortable, with FairPlay is the way in which Apple can make changes remotely and remove rights that you (thought you) used to have. So while I don't mind the system now, I certainly would if they changed it, which is not out of their power to do if the music companies forced them.


    I don't think Apple will clamp down any more than they have to -- they have no interest in making their users angry at them, and frankly when you look at the original feature sets of iTunes I think that if Apple had things their own way, the DRM would be a lot less restrictive. But I have little evidence for that, except that the original iTunes 4.0 had some great features, and they've been steadily reduced in response to exploits / publicity.


    That said, they're never going to do anything less than whatever the music companies demand, because Apple's beholden to them for content. At least for the foreseeable future, the music industry is going to exist as a vestigial middleman between the content creators and the content distributors, controlling who gets what and what they can do with it.


    What I think is unfortunate is that the DRM is universal across the board: if you're an independent artist, you can't sell your music on iTMS with less protection--even though it ought to be technically feasible for the system to assign individual controls to different songs.

  22. Linux version only on Jon Johansen Breaks iTunes DRM Yet Again · · Score: 1
    One of the most interesting things about this release of PyMusique is that the programmers, at least according to the News.com article, say that they don't plan on releasing a windows version (by which I take to mean a precompiled binary) of this update.


    Instead it's going to be left as Linux-only for the time being. Not that somebody couldn't port it to Windows, but it's an interesting choice. Maybe they figure they'll get less opposition this way? It certainly solidifies their primary 'excuse' for making the software, which is that they wanted to make an iTunes client program for Linux. If I were a judge and saw that they had made a Windows version and a Linux version, and that the Windows version had 1300% more downloads than the Linux one (which it probably would, just from script kiddies who think it'll let them get free music alone), it certainly makes the software look much more suspect.

  23. Re:More power to you, Jon! on Jon Johansen Breaks iTunes DRM Yet Again · · Score: 5, Insightful
    If you don't like the terms music purchased on the iTunes music store is sold under, don't buy it, don't use it, and don't subvert it.


    You certainly don't have to buy it, nor use it (especially since using without buying it would be stealing it), but frankly I don't think it's your place or anyone else's to tell people not to subvert it. People have a moral right, and perhaps a duty, to work to subvert things they think are unjust. And while I personally don't really feel that FairPlay is terribly unjust, I have a certain amount of understanding for those that do. If you want to argue morals, fine--but as someone who otherwise agrees with you, I take offense to the suggestion that people should not actively work against causes they find repressive.


    If people think it's wrong, they're going to do their best to subvert it (regardless of what 'it' is). And as long as they're doing it from countries where this subversion is legal (ones without DMCA-like laws, in the case of DRM) then ... as the article says, more power to them.

  24. Hardware vs. Software DRM on iTunes DRM Hole Closed · · Score: 1
    Because this was done by the now (in?)famous DVD Jon, I think it's worth comparing to the deCSS crack, because it provides an interesting dichotomy.


    DeCSS arguably opened up the DVD format, like it or not, to a variety of new platforms, and to a slew of other utilities that allowed end users to do various new and different things with the digital video. Although most ripping utilities now use different cracks and exploits than the original deCSS did (unless someone wants to correct me on this, last time I checked the fastest exploit was not Jon's), basically once the cat was out of the bag, it was out. The DVD format isn't going to suddenly get more secure tomorrow. The investment in non-upgradable hardware and firmware means that the DVD specification isn't going to change in response to cracks.


    Contrast that to the FairPlay DRM, which by its very nature exists almost solely on computers that are connected (at least intermittently) to the internet. Through this medium, Apple remains in partial control of the client/user side of the software, and can thus issue changes like the iTunes 4.7.1 change that we just saw, to patch present and future exploits. Barring some huge flaw in the FairPlay DRM, or a complete surrender by either the music companies or the fair use groups, I don't see any particular end in sight to this cat-and-mouse game of cracks and patches.


    To me, this underscores a fundamental difference between DRM on digital files, and on whole formats. While encryption-based DRM of files can be maintained for some time, given sufficient resources and control over the client programs, it doesn't seem possible to exercise this degree of control over consumer electronics-type hardware. Perhaps in the future (let's hope not), but definitely not today.


    Summary: DRM on files seems to work and be maintainable, with a lot of effort. But on hardware devices it's so far been a dismal failure.

  25. Re:Impressive on iTunes DRM Hole Closed · · Score: 1
    The fact that you just wrote "commoner in the USA" makes me more than a bit hesitant to accept your grammatical advice.


    Here's a hint: 'commoner' is a noun, not an adjective.


    And saying 'could care less' when what you mean is 'couldn't care less' is still wrong. You might get away with saying it that way and not having anyone notice, but if you write it, you're an idiot. (Exceptions to people for whom English is not their native language, dyslexics, etc.) The fact that a large percentage of the population may in fact be idiots notwithstanding.