Slashdot Mirror


User: v1

v1's activity in the archive.

Stories
0
Comments
4,784
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,784

  1. I realize most of you already figured this out on Opening Diebold Source, the Hard Way · · Score: 1

    but for those that don't get it (like those mentioned in the article, apparently) any security that cannot withstand public scrutiny is highly likely to contain serious security holes.

    Security auditing is expensive. For big systems that are "mission critical" such as voting, it's very expensive. You can either pay the piper and get your code audited by professionals, and after it's cleaned up you can release it to the public for scrutiny, or you can go cheap and not pay to have it looked at. A person that refuses to have their code audited is quite justifiable in being afraid of anyone studying their code, because they know there are going to be some holes in it and are fearful of the day they will be exposed. Unfortunately most of this subset dilute themselves into believing that this will never happen, or at the very least they will have made a proper clean getaway before it happens.

    Sometimes they are right, but most often they are not. The only reason they have for this behavior is to save money. It must be saving them a great deal of cash if they are fighting it so hard.

    In either case, we lose. I personally would lean toward voting for any candidate that vowed to push legislation that required all voting code to be publicly audited before it can be used for voting.

  2. Re:james bond bad guy radar on Wikipedia's $100 Million Dream · · Score: 1

    This was overhead satelite imagaery. The older areas were still in black and white, but the newer ones were in what appeared to be poor quality color. It was odd that the cutoff was halfway from east to west in my town. Unfortuately my half of the town was the old shots.

    From what I've read, some organization (govt? USGS?) has a program to continually rephotograph overhead. I actually saw them in town three years ago, placing 4 ft x 4ft white "X"s all over town, with a round black dot in their middle. I assume those are placed at exact locations so they can line up the shots and get the coordinates as accurate as possible. I have yet to see the results of their new photography in my area, guess they move slowly.

    My house is on the shots, and my property is about 6 x 8 pixels. I hope they improve the resolution.

  3. james bond bad guy radar on Wikipedia's $100 Million Dream · · Score: 3, Interesting

    A few years ago I took a GPS that kicked out serial positioning data, and a laptop that I had used to suck overhead satellite potography from teraserver, and had a genuine james bond dashboard radar thing. Novelty, but fun anyway to watch the red dot move around on the satellite map and know it's you. Found some places and roads in town that I didn't know existed and that were not on any map.

    I had a hard time finding additional imagery after teraserver sold out. (to MS iirc?) I would like to have even been able to order it, but USGS charges a fortune for their quarter quads and you don't get the high resolution coordinates for each area on the map due to them not being photographed perfectly square. This is something that I would like to see opened up.

    One thing to bear in mind unfortuantely is that this information goes stale. google maps is about 15 years out of date for half my city. So this would have to be renewed occasionally to stay of value.

  4. bush gets out his bottlerockets on Canadians Vie for Space Elevator Victory · · Score: 1

    Didn't good 'ol George just say something about attacking anyone that tried to walk "on his turf"?

  5. Re:This is great! on Trojan Installs Anti-Virus, Removes Other Malware · · Score: 3, Interesting

    You would think the authors of the "botnet takeover" viruses would make them such that once they gained control of a computer, that they would do just this... patch the vulnerability that they used to get in in the first place, to prevent "compettion" on the owned system?

  6. haven't they learned yet? on Opera to Start Phoning Home? · · Score: 1

    Every time some single internet entity tries something to stop spam, banners, or viruses, the dark forces they are trying to stop collaborate against them and next thing you know your server is a smouldering pile od slag attached to what's left of the stain on the table that was your router.

    What makes them think they are flood-proof, against people that have thousands of zombies at their command?

  7. Re:I'm not convinced by extraterrestrial argument on Strange Bacteria Sustains Itself Without Sunlight · · Score: 3, Interesting

    The emergence of the "first life" on earth is widely agreeed to have been a serendipity - a fortunate accident, that produced a self-sustaining, replicating, chain reaction, which eventually through chance developed the qualities we use to describe life. So unless you insist that some diety had a part in it, it was all luck. A very unusual circumstance occurring, and the environment it developed in happened to be friendly enough to the system to not destroy it immediately.

    If you can accept this, then realize there are two more things that follow naturally.

    1. this has happened before. Probably more than once. The "spark of life" likely happened repeatedly over the eons on earth and was simply snuffed out by a falling rock or blob of lava or unfriendly temperatures or a sudden shift of pH or whathaveyou. The one that eventually led to what we consider "life" here just got a little luckier than the rest.

    2. since this is already being attributed to absurd chance, take a gambler's perpective on it. If the odds of winning one lottery are one in a million, and the odds of winning another lottery are one in five million, and we have already seen someone win the $1m lottery, is it sensible to say that no one can win the $5m lottery because the odds are too low? If you have already seen the high odds fail to deny a winner, why does making the odds a little worse suddenly preclude the possibility?

    Really, it doesn't matter what the odds are, so long as they are nonzero. If you roll the dice enough times it doesn't matter. Everything that can happen eventually will happen.

    True, it would be easier for life to evolve into this radiation-sustained form from another form of life, but it's certainly not impossible for genesis in that situation. Just a lot less likely. But when you are talking about things that have the patience of and that operate on the timescale of genesis or evolution, if the odds are one in a billion you may as well say it's going to happen sometime this morning.

  8. Re:voting ideas on Building a Better Voting Machine · · Score: 1

    giving any one state power is the other half of the broken system. We have on at least one occasion that I can recall, gotten a president elected that LOST the popular vote.

    The EC is a throwback from the colonial days where individual states were very close to being separate countries. Our electoral and our judicial systems still behave very much the way they do because the original colonies wanted to be able to be goverened differently from each other. Not many nowadays here are interested in that. That's the reason the system was set up as a "winner take all", which is probably now the worst part of the whole system.

    The EC now gives us presidential races where canddates focus on states with lots of electoral votes and ignore the rest, and that can't be considered a good thing.

    Really, when you think about it, your "large state" problem.... is there any reason to believe that an american living in utah should not have as much say as a person living in california? So if you believe they are the same, then a person living in california is likely to vote on the average about the same as a person living in california. That being the case, then what difference does it make if there are more californians or more utaans in the voting pool if we assume they all vote more or less the same?

    One reason women were originally not allowed to vote is that men were afraid that the women would vote differently. When women gained the right to vote, surprise, the women voted about the same as the men. It's not really a lot different between states as it is between sexes. At least we got that one fixed.

    Look at it this way. If you are a democrat and living in a "republican state", where the majority of your neighbors are republicans, does your vote matter that much? Lets say the absurd happens and your neighboring state is down to the very last vote in the election, it's a tie breaker. If you happened to live there instead of where you lived, the EC would have one more democratic vote and one less republican vote. Or if you carried the whole state maybe several more and less. One person can shift that balance. That alone proves the system is broken if WHERE you vote can determine the outcome of the election. (see "gerrymandering" on google for an example of how this perversion of the electoral system actually has been employed and works in practice, and is now illegal)

  9. the riaa wil never go for this... on Decoy Files on P2P Sites Become Ad Vehicles · · Score: 1, Interesting

    because it makes too much sense. Instead of seeding junk advertisements, seed DEMOS. Lets say I want a copy of Love Shack on my ipod. I hit edonkey or whatever and download LoveShack.MP3. Surprise though, after 20 seconds of listening to it the music fades to the background and an announcer comes up.

    Want a copy of Love Shack to put on your iPod? Just go to (pick a music store URL).com and enter coupon code 49152128 to purchase this track for only 75 cents.

    Announcer voice goes out, and you hear another 30 seconds of the song. Then the announcer repeats his message. This announcement repeats 3-4 times during the song.

    This would be an incredible hit with the public, they get the preview of the song, longer than usual, and get it at a reduced rate, and they pay for the music. Since the p2p network is doing the distro, there are not even any bandwidth costs involved for the labels. (for the advertising anyway) Everyone wins.

    But nah, that'd make too much sense. Lets just sue them.

  10. voting ideas on Building a Better Voting Machine · · Score: 1

    If I had it to make myself, I would use some unique identifier, like ssn but longer, and people could vote either at the polls or on the internet. The number would be hashed in such a way that a list of legal voting IDs would be verifiable but not traceable to the owner. This would prevent duplicate or fraudulent votes. This would also allow you, with your ID, to go in and see how the system recorded your vote. This would allow for unprecidented accountability as any voter could hop on the internet and check in and make sure the system recorded their vote correctly following the election. It would eliminate the question of whether voting machines were rigged or if precincts didn't get added into the tally.

    That and the whole electoral college BS needs to go away! Who is still in favor of this? (besides the ppl that are getting elected as a result)

    So, is anyone besides me SICK of hearing ads on the radio four times an hour for senators etc? If I run into Dan Rassmussen on the street I am gonna club him I'm so tired of hearing his name. (one of those highly irritating commercials where they say his name every 8 seconds during the 45 second commercial)

  11. Re:Sue/address the IRC networks, first. on Is the Botnet Battle Already Lost? · · Score: 1

    >> Detecting whether a interviewee has MacOS experience prior to OS X: yell "Frog blast the vent core!" If they run, yes.

    that sig made my morning, thank you!

  12. so let me see if I get this on Zango Under Fire From Adult Webmasters · · Score: 1

    so if some poor schmuck's computer is infected with the Zango adware, when they go to certain pages that have annoying popup banners, zango hijacks the url request to the banner site and injects its own "affiliate code" ("pay THIS spammer for that popup" code), so instead of the web page owner getting paid to spam you, Zango gets paid for the spam.

    I don't see how this affects the owner of the computer. I also don't see how this can be illegal. However, I can see how this may violate the contract terms that Zango has with the banner sites that are cutting the checks.

    Keep in mind though, the banner sites have already gotten their "impression" so they have their goods. The only thing they can really do about this is to slap Zango on the hand and pay the impression count money to the web page owner where it was intended. So, does Zango really hurt the banner site? They got their impression remember, they have their goods, it's just a matter of who gets the coin for it. Seems like more of a headache for the banner sites to muck with it, it's not like the web admins that use the banners are likely to abandon them, though no doubt they are sore about losing maybe 30% of their ad revenue.

    So unless a lot of web sites go away from using the Zango-targetted ads and force the banner sites to bar the practice, I don't see any motivation for them to force Zango to do jack. Though the web page owners will no doubt do a great deal of whining.

    Know what I say to them? (the spammers/banner whores) "waaaah!"

    let them kill each other.

  13. riaa doesn't undertand legal system? on RIAA Drops Case In Chicago · · Score: 1

    Last I checked, it's the riaa's job to find the evidence. It seems like in this case they are saying they don't have enough evidence to prove guilt, but because they "strongly suspect" the other party is guilty, that the courts should go on a legal fishing expedition to try to find evidence against him.

    That's why we don't just issue search warrants because someone suspects you are guilty. You have to have credible evidence to go looking (legally) for additional corroborating evidence. You use evidence to go digging for more evidence. Not suspicion.

  14. oh those pesky little details... on Airport To Tag Passengers With RFID · · Score: 4, Insightful

    the article vaguely and briefly states that 'The issue of infringement of civil liberties will also be key,' but doesn't bother to go into any pesky details."

    That's because the people setting all this up consider "civil liberties" to be one of those "pesky details".

    Civil Liberties is not a set of rules that inconvenience you, that you should work to find ways around. If you are trying to find ways around laws designed to protect the public from abuse, you are not assulting the law, you are assulting the principles and ideals that the law was made for, and endangering those people whom those laws are designed to protect.

  15. lets just simplify things on Vista Licenses Limit OS Transfers, Ban VM Use · · Score: 1

    Vista's new EULA is not 58 pages, its two sentences.

    "You are allowed to do anything that provides us with maximum proffit. Anything that potentially deprives us of even a penny that we might otherwise get from you, you agreee not to do."

    (AGREE) / (DISAGREE)

  16. why wants to be first on Swiss to Use Spyware to Listen to VoIP · · Score: 1

    to point out how utterly foolhearty "security through obscurity" is?

    it will only be distributed to investigation agencies in the hopes of keeping it out of the hands of malicious hackers since firewalls apparently 'do not present a problem' for the software."

    Last I checked, a hacker's main activity is finding things that you are trying to hide from them?

  17. old school games on What Are Your Top Five 'Comfort' Games? · · Score: 1

    Most of my favorites are from the Apple II days. Ultima IV and V, Montezuma's Revenge, Mario Brothers, Conan, and a personal favorite, Wings of Fury. I'd like to play that again but I don't have a II anymore.

    Talk of playing blindfolded.... if you beat Montezuma's Revenge enough the light would start being removed from the lower levels. Beat it enough times in a row and the first room was dark!

    If you want a little fun with those games, play Ultima V and ask the water what he forgot. (to tell you in Ultima IV, oops you can't win the game!) Or in Wings of Fury, try to land on your carrier... from the RIGHT side. (land downwind, with no tailhooks) Or sink a carrier before it manages to get all its planes off the deck.

  18. blaming others for your mistakes on Hackers Find Use for Google Code Search · · Score: 5, Insightful

    People need to stop blaming those that provide tools and research for their finding or their ability to find bugs and errors. It's not their fault. If you screw up and someone finds it, it's not their fault, it's yours. Take responsibility and deal with the consequences.

    The people that make the problems usually cry that the entire world needs to tell them about their mistakes in a nice quiet, private way, so they can silently fix them and avoid any unnecessary damage. The reality of this, as we have seen time and time again, is that when they are informed of these problems, so often they go ignored for months and months. And then the issue is finally leaked and they cry you didn't give us enough time! No, it was your fault to begin with, it doesn't matter if someone else made your mistake worse, none of this would have hapened without you screwing it up to begin with. This is how the world encourages you to try harder to get it right the first time instead of tossing us crap and fixing it later.

    In summary, anyone that fights against auditing tools clearly has a quality control or security issue they are unwilling to fix and are afraid to have exposed.

    (The whole model of "sell crap, fix later" is broken from the get-go. That's why we have crappy software hustled to the store in "version 1.0.0" form and have to beg the authors for bug fixes for the next half year. Problem is they already have your money, and that upgrade is free, so why should they pour resources into a 1.1 when there's no more money to be made? It's a losing proposition if you don't intend to release a paid 2.0 later, or if you think you can sucker them a second time)

  19. in 5.. 4.. 3.. on Sexy Intel Computer Design Worth Big Bucks · · Score: 0, Redundant

    we will see a comment mentioning apple getting copied.

  20. Re:so you're saying on Linguist Tweaks MS For Redefining "Genuine" · · Score: 1

    does dial tone count?

  21. so you're saying on Linguist Tweaks MS For Redefining "Genuine" · · Score: 1

    that microsoft gives you phone support on your unregistered windows installation?

  22. a matter of understanding more than symantics on Linguist Tweaks MS For Redefining "Genuine" · · Score: 1

    One needs to remember that microsoft is not selling you the software, it is selling you the license. The software just comes with it, and the license makes it legal to use the software. So in effect, it is not the software that is genuine, but it is the license. And you cannot deny that there is less hassel and better support from microsoft if you have a "genuine" windows license for your windows software.

  23. somebody save me! on Can Banks Shift Phishing Losses to Customers? · · Score: 1

    Too many people nowadays are saying the whole world needs to protect them, from themselves. I hate that.

    If you are stupid, the world does not have a responsibility to save you from yourself. Stupidity in this case acts like Darwinism. If you are stupid enough to give your bank account number to a phisher, he will do you the service of taking all your money. And then you don't have to worry about being phished again.

    I believe a person should be 100% responsible for being phished.

  24. Re:Another idea on The Internet Not for Old People · · Score: 1

    You had to know that would attract a troll

    You should show that you posses the basic common sense that ensures that you won't let your PC be turned into a zombie. Of course, that means that about 80% of the current population would be barred.

    80% that's about right, that's how many people use windows right?

    A windows box without malware is like a cake without mustard

  25. an old problem on Crypto Snake Oil · · Score: 3, Interesting

    I worked for sevearal years on a programming language called REALbasic. In the latter releases that I saw, it featured "encryption". A compiler is basically a tool that takes human readable commands and turns them into a program that a computer can run. This process is not easily reversable, and once compiled, it's difficult at best to make changes to the progam.

    Encryption was added to RB so that it was possible for you to give away portions of your program's "source code" (the human readable part) without anyone actually being able to READ it. They could incorporate your souce into their new project and use it normally, they could just not read it or make changes to it.

    This sounds like a nice idea, until you realize that when you get someone's "encrypted" source code and add it to your program, the compiler has to be able to read the source code, because it needs to translate it for your new program. This means one thing: the encryption is not secure because the compiler itself must somehow posess a "master key" of sorts so that it can read the source code to do its thing. So... when you select the module and try to open it to look at it, it's not that it can't read it.. it's that it won't read it. A sufficiently skilled programmer could go into the compiler and flip a switch inside it and basically say "ignore that", and you would have unrestricted access to the so called "encrypted" informataion.

    I assisted with a project where we found out how this information was encrypted. In short, a fixed key was used to encrypt the project data. Then a different fixed key was used to encrypt the passcode you would use to "protect" the project. Thus, the compiler could ask you for the password if you wanted to read your own project, and it could verify you typed in the correct passcode. If you did, it would decrypt the project for you to view. So you see, the compiler does not NEED the passcode, it simply WANTS it.

    It took us about a week to write a program that would read in the projects, decrypt them using the fixed key and completely ignoring the passcode thing, and saved an unprotected naked project file that anyone could edit or view.

    This is probably not too far from the mark on how a LOT of programs "protect your privacy". In reality they are only protecting you from the casual inspection. Anyone that really wants your data can get it, all too easily. Be sure that with any program you are certain that the program NEEDS the passcode to unlock your data. If it only WANTS it, (is there a password reset option available?) then you know it's "security through obscurity", and we know how totally worthless that is.

    You thought your windows or OS X keychain was secure? You have auto login turned on? Does the computer need your password? Think about it.