Slashdot Mirror


User: DarkOx

DarkOx's activity in the archive.

Stories
0
Comments
6,020
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,020

  1. Re:Sigh. on QR Codes As Anti-Forgery On Currency Could Infect Banks · · Score: 1

    That was my first thought. Not sure why types of forgery they are aiming to protect against. Once common attack is bleaching. Basically the counterfeiter tries erase the print on small bill like $5 and replace it with that of $100.

    If say the Treasury signs the bills serial number with their private key, banks would be able to make sure the value encoded in the QR matches the serial number on the bill and has a valid signature using the Treasury's public key. The could than check a database to make sure that serial number is valid for the denomination and the year.

    Now an attacker can't pwn the bank using the QR unless the bank is aggressively stupid. After tall the scanner is not taking any action based on the content of the QR it does the same looks no matter what bytes come out of decoding the QR and always treats them as data never code. They match the database or not, the signature is valid or its not. The same fixed number of bytes are read every time, extra data is ignored, so not over flows should happen. Its SAFE.

    Attackers could clone a valid bill. This would be detected by the fact that if the Bank has seen the same bill checked in twice, their is problem, and again they could test to see if the bill has shown up at other branches to recently as well.

  2. Re:Even Jesus Said on Space Vs. Poverty Debate In India · · Score: 1

    You don't think some technological and scientific advances in the meantime might have changed the game a little? That advances in philopsophy and economic theory and ethics might make a difference?

    Sure the might make a difference and they might not. Somethings are pretty well rooting in nature and humans, as much as we hate to admit it most of the time, are a part of nature. Its worth considering that the existence of an under class might be entirely normal perhaps even necessary. Ideas don't become wrong because they are old, they become wrong when you who disagree find some that are better supported by the observable facts.

    I think its funny you cite advances in philosophy, economics, and ethics. If you stopped to think for a few seconds prior to posting you'd really all three of those are deeply root in work that began with the classical thinkers, who predated the Bible you hate so much. I am not saying everything or even anything in the Bible is correct, just that truth is what it is.

  3. Re:Boo frickin' Hoo on It's Easy To Steal Identities (Of Corporations) · · Score: 1

    He is right, in order to preserve the rights of individuals we MUST preserve the rights of corporations which really are just individuals. I have no problem with the legal fiction that corporations are people, and I agree they ought to have ALL the same rights. What is missing is they should face the same risks. Obviously you can't jail a corporation but you can freeze assests and bar them from doing business under their trade name when they break the law.

    We through kids in jail for writing mail worms, when Sony pushes out a root kit the response by government should be the same. US assets frozen, no doing business under the name for X years. Yes that means everyone looses, investors, owners, employees get laid off etc. Its painful, just like jailing someone is often painful for their family members. Its also they only way you can have freedom and corporate responsibility.

  4. Re:Boo frickin' Hoo on It's Easy To Steal Identities (Of Corporations) · · Score: 1

    I think the grandparents point, and I agree. Is that to be consistent in our own thinking we should really call it, "identity infringement".

  5. Re:Wow. on Arctic Sea Ice Hits Record Low · · Score: 5, Insightful

    For some reason, "alarmists" seem a lot more willing to put their money where their mouth is than "skeptics". So far, they have also won a lot more on it.

    Because skeptics are um skeptical. There are many of us who don't adopt a position of belief on this subject. Its clear the climate is changing. Its also clear there is lots we don't know about how the system works, and its not entirely clear where things are headed and its even less clear that its man made.

    I am not saying it is not man made. It very well might be! I don't want to put money down that its not. I also don't want to adopt economically ruinous measures; on the possibility it is. I want to let the scientists do more science. That is really not an extreme position. Especially when its already to late to fix the problem by 'controlling emissions' if our current level of understanding does turn out to be mostly correct. The focus should be on enhancing our understanding of the climate model and figuring out how we might directly and actively control it.

  6. Re:Is it really secure anyways? on UPEK Fingerprint Reader Software Puts Windows Passwords At Risk · · Score: 1

    In general the error rate on the ones cheap enough to put on portable computers is to high to use a sole security device anyway, despite everyone and the brother pretending that they are. If you tune it for to favor type II errors, they can be secure but will be overly frustrating for the user, it will take many swipes most of the time before a good read and match. If it biases toward type Its most likely that if I line up a room full of random people one of them is going to have a finger that will work at least once, and that really should not be acceptable from a security perspective.

    Personally I think these things are best used as a second factor, you know your password and your figure print is a likely match. There is very little software that does this however.

  7. Re:Remember George W. Bush's draft dodging? on Secret Service Investigating Romney Tax Hack Claim · · Score: 3, Interesting

    The thing is I don't really see tax returns as all that interesting or a 'legitmate' issue.

    We mostly know what sort of business Romeny was in and we known plently about the caracteristics and behavior of those businesses. That said Bain Capital's tax returns would be of far more interest than Romeny's personal returns. They would provide lots of detail about the business and the kind of action Romeny voluntarily engagues in.

    Personal returns won't tell us much. How much money did he make. Well we already know it was dumptruck loads, from most of our personal prespectives. Honestly does it matter if it was 3M or 5M?

    What part of it was salaray and what was investment income? We know from what has been released most of it is going to be investment income.

    Did Romney use tax advantaged vehicles to protect as much of his personal wealth from the tax man as possible? I am sure he did, just as I do and I am sure you do as well. Got a 401k, IRA, one of the college savings plans for your kids, did you chose to buy a home rather than rent to get the advantage of the Intrest deduction? I bet you did and that does not make you a tax cheat. Romeny did not get to make the rules. I don't think its fair to expect him to leave anything one the table when you and I don't and won't.

    Now had he been a sitting Senator or House Rep and actually voted on tax rules that he himself could take advantage of there might be some scandal there but that is not true of his case. McCain and Obama were a different story.

    I think this noise about individual tax returns is just that noise.

  8. Re:This is why we need people in space on Space Station Saved By a Toothbrush? · · Score: 2

    True, but not everybody's success rate is the same. One good trick is to start by turning the screw backwards until you feel it click, then start tightening.

    WTF. You mean they WEREN'T doing it this way? I thought everyone did this -- It's how you start a screw.

    Might take more time, but I always just start'em forward by hand unless they are in an inaccessible place on then end of an extension or something, then I use the method above. I have never cross threaded a hand started bolt or screw, the trouble with the above method is there are often lots of ways to make a 'click' or have it feel like the thread has dropped into place. Its a pretty good method but mistakes are still possible.

  9. Re:Yeah, and? on Did Sweden Pay Cambodia For the Pirate Bay Co-founder? · · Score: 2

    You understand that she was making a joke, and they it might well be possible to remotely enable the gps on smart phone via one of the many alternate communications channels they off and that its likely possible to have that phone send its gps coordinates to you via that same channel, Right?

  10. Re:Conspiracy or not on Did Sweden Pay Cambodia For the Pirate Bay Co-founder? · · Score: 3, Insightful

    since most US charity is done for tax purposes and is highly ineffective as anything but constructions to avoid tax

    That is just crazy talk. In the US you get to write charitable gifts off against income, not your final tax bill.

    So most filers are a per dollar basis will be in the situation that $Gift $TaxSavings. There may be some corner cases where you are right on the cusp of a tax bracket and a large value for $Gift might push you down into the next lowest bracket. That might bring $Gift and $TaxSavings much closer together, it might even invert the relationship, but its still very unlikely to be significant source of savings.

    If anything many people do give because they'd rather support some organization they see as doing good, rather than our Government, which will probably use the money to violate the 4th Amendment rights of your friends and neighbors, kill some brown skin toned people on the other side of the planet, conduct some social experiment many find unethical, etc. Actually I mostly feel guilty paying taxes. I love my country but I think we may have crossed the line where actions directly attributable to Washington amount to more harm than good. I am all for "Stave the Beast."

     

  11. Re:Inexperienced exchange providers on BitFloor Joins List of Compromised BitCoin Exchanges · · Score: 1

    Alas, the FDIC is one of the very reasons we have mega banks and by extension the financial crisis in the first place. Think about it. If there was not FDIC how would you protect yourself?

    You would 1) select institutions that could demonstrate they were secure in the physical and financial sense. 2) You would diversify, put no more money than you could tolerate the loss of at anyone one bank.

    Left alone the market would have required many rather than a handful of nation wide financials. None of which could have been bigger than our current big banks as the total deposit would not be expected to increase; and because depositors would have looked on a bank with greater leverage as inferior to its peers.

  12. Re:The actual advantage is dubious, though! on AMD64 Surpasses i386 As Debian's Most Popular Architecture · · Score: 1

    Depends on the code. One thing you left out is long mode gives you access to more registers. That can give you an incredible speed boost with the right compiler and work load combination.

    Its also true that memory, primary and secondary has fallen in price dramatically. So needed 9% more of it for typical loads is, not a relevant performance metric for most desktop / workstation deployments and even many types of servers.

    Finally PAE can be a significant performance hit. So I don't think its fare to suggest that you need a single thread using an image larger than 4GB before you see gains in that sense either.

    I would say if you have a clear reason not do so fine; but otherwise if in doubt put the 64-bit version of your platform on your AMD64 machine. That is were you going see the best performance for the widest variety of use cases.

  13. Re:like soviet russia and nazi germany on Hugo Awards Live Stream Cut By Copyright Enforcement Bot · · Score: 2

    Well yes we believe that or did so we created a legal document that spelled it out and was supposed to set up a government that would make it happen. To bad its become so corrupt. Your human rights might be ethically inalienable but they certainly are not practically.

    Why enough men with badges and guns can probably force you do or not do just about anything. Which was the Bill of Rights and Constitution were so novel it was an attempt to use the men and guns to protect those rights rather than trample them, it was to give them the force of law. So it is very much a *legal* problem and for those of us in America, its very much and American problem.

    We need to recapture control of our government and legal system from the special interests and cartels. Because if we don't control those things, and have people who behave ethically running them all our rights are just a bunch of words of little value; well until someone copyrights them anyway.

  14. Re:Not just infected PCs... on Knocking Infected PCs Off the Internet · · Score: 1

    My suggestion. Clean the system again, preferably fresh install. Flash the router with its latest firmware (downloaded from an other location), this way if its image has been compromised it should get over written. Configure the router ( before you put it back online ) to drop any traffic OUTBOUND that is not 80, or 443. Sounds like this person only really used web. If its possible log all the outbound connections; you might stand up another box to host the log server. That box could be any old PC but running a minimal hardened Linux with iptables rules allowing nothing but DHCP and syslog to talk to it. That's going be a pretty hard target for the attacker to compromise.

    Either these steps will keep the guy out or will provide clues to how he is doing this.

  15. Re:Not just infected PCs... on Knocking Infected PCs Off the Internet · · Score: 2

    Its all a matter of degree. As to if its a privacy violation. I think there are some bright lines though.

    If all you doing is statistics on traffic flows and ports used that is ok. Its just like the real world when you send mail from your house you expect the postal carrier will know who the addressee is, but you would not expect them to know anything about the content of a sealed envelop.

    Certainly if you make any attempt to break into an encrypted flow, you have crossed the privacy line. I would say on a organizational therefore semi-private network like a university crude signature based IDSing is probably alright but the moment you step into any sorta of MITM or content aware proxying you have gone to far again. The would be certainly true for a commercial ISP. Obviously where the network and its use are whole owned like a Corporate body anything goes.

  16. DNS changer on Knocking Infected PCs Off the Internet · · Score: 2

    The DNS Changer clean up saw some PCs prevented from accessing the web.

    No the maleware would have done that after the fraudulent DNS servers got shutdown. DNS change is a case where COMPROMISED SYSTEMS WERE ACTIVELY KEPT ON THE NETWORK, what should have been done is those machines should have been allowed to fail to resolve hosts, after the fake DNS servers where shut down, than would have had them fixed literally months sooner.

  17. Re:WTF. on Torvalds Takes Issue With De Icaza's Linux Desktop Claims · · Score: 4, Insightful

    He was against it because it would have forced either settling on interfaces that were immature and hamstrung all future development or required probably a new abstraction layer and tons of bloat bloat to support backward compatible versions of everything all time.

    It would have made development slower and debugging harder. The whole project would have suffered for it. It was a practical and correct answer to "How do I rapidly develop a high quality feature rich kernel?" There was no 'tude there really. The choice was work fast and build a state of the art platform, or stabilize to make some lazy hardware vendors who only care about schedules and ship dates happy. The vendors did not really care about Linux at the time that decision was made either. It was too small a market.

    Any time there was a driver provided for anything it was second or third tier quality usually community drivers were better. It was nothing like the Nvidia situation that exists today. Arguably had Linus decided on a stable ABI, Linux(the kernel) would still be playing catch up to proprietary UNIX and Windows today rather than being a first rate platform, that frankly dominates the embed world, and has a healthy chunk of the back office space.

    D'Icaza is an idiot, period. Linus succeeded, he failed and its all sour grapes. Gnome is heap junk compared to its competitors, where Linux is as good as most better than many. Mono is mostly worthless, and 99% of the FOSS community can say "I told you so."

  18. Re:CRC on Ask Slashdot: How Do I De-Dupe a System With 4.2 Million Files? · · Score: 1

    Right and these are backs so its useful to have not just every unique file but their layout. If they were all in a folder together at one time, its useful to preserve that fact.

    It sounds like the poster is somewhat organized, he was making backups in the first place. What he failed to do was manage versioning and generations. My inclination would be to copy the entire thing into some other file system that does block-level dedupe. Keep all the files, mapp them onto the same media underneath, where they are similar. Likely he will save more space this way as well. All the other suggestions about using sha-1 or some form of CRC are going to result in keeping full copies of files that 99% the same. The transaction history file from a personal finance app is a perfect example.

    It might have some headers in the first block that get updated and then more data appended to the end, all the stuff in the middle never changes. That might get backed up every week or every day. Its mostly not unquie, he would save lots of space deduping at the block layer rather than the file.

  19. Not just true of programmers, and new team really on The Truth About Hiring "Rock Star" Developers · · Score: 1

    Existing teams where everyone has know each other and worked together for a long time have their own functional relationships, but for new teams you kinda need a hierarchy.

    I don't think this matters if its a team of developers putting together an inside sales support system or a team of carpenters putting up a barn. You simply can't have a team of all equals because if you do everything becomes a debate and no actual work gets done. Or even worse everyone needs to shine and get some recognition outside the team and so is pushing for their 'plan' so they can be the hero.

    You have to have some social order. Teams are happiest when the guys at the top are their tacitly because of their widely acknowledged talent, and or successful experience. It really helps if those guys are also personable but is not always a requirement. Nobody wants feel someone has arbitrarily stifled their career so that Bob can be tech lead. OOTH some competent but not so senior developers might love working with RockStar Bob on a project. They would feel its an opportunity to learn how Bob does does it, technically or socially, so they can use that knowledge going forward for their own gain.

    In the mean time you'd hope Bob is happy that he has some people he can farm out tasks to and after pointing in a general direction, perhaps even taking some feedback, can just leave them to it without having to hold their hand the whole time or worry he is going to get 10KLOC of useless spaghetti as a 'deliverable'.

  20. Re:Leveling the field on 2nd Largest Liquefied Natural Gas Producer Knocked Offline In Malware Attack · · Score: 1

    Not sure what history you read but yea people pretty much decided it was okay after that for the better part of century. They even defended that position with their lives.

  21. Re:Leveling the field on 2nd Largest Liquefied Natural Gas Producer Knocked Offline In Malware Attack · · Score: 1

    Yes they would have however it could have made them pariahs on the world stage. Now if we ever condim such an attack or take umbridge It's gonna ring a bit hollow, the first reachion is going to be "well you are not exactly above that sorta thing either". It's not how you build coalitions and reliable partners

  22. Re:Not really about Bitcoin on Large Bitcoin Ponzi Scheme Collapses With a Loss of $5.6 Million · · Score: 2

    A ponzi scheme has the very specific properties that generates its promised return for investors by paying them from the investments made by new investors who WILL NOT be paid their promised returns as soon as there is insufficient number of new investors. That does not describe Bitcoin, therefore Bitcoin is not a Ponzi scheme, full stop.

    Another poster pointed out BitCoin is open. Well that's nice but something being open does not make it inherently safe. It makes it safer but if you haven't got the facility to analyze and understand it or access to the opinion of people you can trust that do, it may still be very bad for you and you know no more than if it were closed.

    Still others keep tossing the idea around that the early adopters are reward with easy money and later comers don't have the same opportunity. This also appears to be true at least on the surface. Its true of lots of investments as well. You got a much bigger reward if you bought Apple when they first announced the iPhone than you are likely to get if you buy it today. Ultimately though its supposed to be a currency users are not really supposed to be generating wealth by mining it. They are supposed to be doing other economic activities and using it as a medium of exchange. After all the easy Btc are mined, its essentially intended to be deflationary. Which punishes borrowers and rewards savers. We could easily have an entirely separate 600+ comment thread on the economic effects, social merits, justice, and societal impacts of that as compared to implicitly inflationary monetary system we use now. I think its to early to make a value judgement about Bitcoin here on these topics, its just something to be very *aware* when you consider your personal situation and if you should swap wealth in or our of Bitcoin.

  23. Re:Amazon knows me better than myself . . . ? on Don't Build a Database of Ruin · · Score: 3, Insightful

    That is a really important element here, I think you have nailed. Its not a big deal that Amazon or Target can guess you are pregnant from the products you buy.

    So could they guy running the general store in your small 18th and early 19th century town. It was the only place you had to go for goods and his list of customers was short enough he could pay attention to everyone's specific needs, which he did so he knew what products to order / stock. He also knew allot about you regardless of how much or little your spoke to each other because of what you bought and how often. It was only a brief period human history late 19th thru 20th century that our economic options for providers grew faster than our ability to collect and correlate information about individuals.

    The issue do we need to address / control what information entities are allowed to exchange with each other. Target knows my buying habits, I shop there. That is sorta implicit in the activity. Should there be rules about them selling / giving / exchanging information with other entities be they corporate, government, individuals? Knowing my buying habits at Target and having access to the other sources you mention paints a much more compete picture of my life and destroys my ability to protect my privacy. Where if there was some product I needed that I was really really embarrassed about before for example I had the option of driving across town and making a single purchase at some other vendor.

  24. Re:In Romney's case, no. on Can Data Mining Win a Presidential Campaign? · · Score: 1

    With all due respect you have it all wrong. The one way you CANT win is without your base.

    There is lots of talk about how the base is going to go vote against Obama, and many will but even though he is probably the worst president we have had since Lincoln, people just don't go to polls to vote against someone. They don't. They go to vote for someone.

    The mistake the GOP made is letting Romney like McCain before him run. Like McCain he is not a real conservative and rank and file votes are not motivated by him. That forced them to use the same 'fix' they did last time with Palin. They had to add someone to the ticket motive conservative voters.

    What they *should* have done if they really were set on winning this election is run Ryan on the top of the ticket and softened his positions by adding a candidate like Romney or McCain as a VP pick.

  25. You know its funny on Experts Develop 3rd-Party Patch For New Java Zero-Day · · Score: 2, Interesting

    We were told Java was going to be the answer to all our security problems. No more buffer over flows, and few if any other remote code exploits would be possible with applications written in Java.

    Its to bad someone finds a critical vulnerability in the platform every other month seemingly.