Slashdot Mirror


User: Ungrounded+Lightning

Ungrounded+Lightning's activity in the archive.

Stories
0
Comments
8,936
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 8,936

  1. Five federally mandated ID chips in all new cars. on California's Wireless Road Tolls Easily Hackable · · Score: 1

    We mustn't assume that these vehicle transponder only use is for for toll collection. They work anywhere they want to place a Transponder reporting unit.and they they can even read transponder from other states.

    But it won't do you any good to not have one, at least if you have a new car.

    The federal government has mandated remote tire pressure sensor systems in all new cars. These involve a device that replaces the old rubber tire valve stem and has a pressure sensor, multi-year battery, and transmitter inside the wheel. It periodically transmits the tire pressure, along with its unique serial number (so the car's dashboard computer can sort out the tires and ignore those on other cars.)

    These transmitters (except maybe the one in the spare, which might be shielded too well) can all be read using a buried coil antenna in the road.

  2. Re:This is nothing new... on California's Wireless Road Tolls Easily Hackable · · Score: 1

    Personally I doubt anyone actually looks at any of the cameras unless and until there is a problem, and I find it highly unlikely that the system actually bothers to do any recognition (on the license plate or on the make/model of car).

    It's pretty clear that the camera is doing plate recognition and is tied into the system, at least in the SF Bay area bridges, because they also bill you by plate number if you left your transponder at home or go through one of the lanes where the transponder interrogation is defective. It would be an excessively expensive human resource load to have humans do this recognition when there is fine software available (and no doubt already being used for other purposes on the same cameras.)

    As for the grandparent poster's question... The transponder lets the system respond quickly enough to register the car on its way through the tollbooth at 25 MPH or so and provide feedback in the toll booth display and the transponder's sounder that the toll has been paid. It also serves as belt-and-suspenders if the license plate isn't readable with sufficient accuracy or at all.

  3. Re:Fifth Amendment kills that. on Should Companies Share Criminal Blame In ID Theft? · · Score: 1

    The fifth amendment should not apply to corporations, only to the people employed by the corporation.

    Criminal acts by corporations are also criminal acts of the decision makers who caused the criminal act to occur. In such cases the execs are also criminally liable. So the 5th applies to them.

    Also, when there are losses or damages as a result of criminal acts the "corporate veil" can be "pierced", putting the actors on the hook for the financial losses as well.

    Limiting liability to the corporate assets, thus is the entire reason for corporations and their status as pseudo-persons. But that limit is not a license to commit crimes with immunity to retribution. So corporate officials have to stay squeaky-clean on criminal law or go to jail and/or have their assets seized. Note both Martha Stewart (a minor stock trading info and memory issue) and the officials of Enron (major embezzlement via "energy laundering".)

  4. What about software vendors? on Should Companies Share Criminal Blame In ID Theft? · · Score: 1

    While we're at it, why let the manufacturers of buggy commercial software off the hook?

  5. Re:Nominal "crime": leaving the keys in the igniti on Should Companies Share Criminal Blame In ID Theft? · · Score: 3, Informative

    In Texas (and in other states, it seems), it is against the law to leave your keys in the ignition. I haven't yet figured out exactly what the purpose is for that law, ...

    It reduces car theft, thus reducing the load on law enforcement and insurance rates. It also makes it harder to steal getaway cars and increases the likelihood of catching the perps before they do something like rob a bank, reducing that victimization.

    Or at least that's the sort of theory I'd expect to be behind the rule.

    (At least one rural western state has had a requirement that any gun carried in a car must be loaded - so it can be used by the driver to defend against its own theft. They'd had a lot of trouble with walkaways from prison jacking good samaritans who rescued them in the desert.)

  6. Sorry, wrong: on Should Companies Share Criminal Blame In ID Theft? · · Score: 1

    Leaked data, by itself, isn't a crime in this regard. No harm comes to anyone until someone with criminal intent actually does something to it.

    Harm comes even before the data is misused (or if this never occurs) because the people whose data was leaked now must take extra effort to protect and monitor their financial and other records. This has costs in both money and time that could be spent on more enjoyable pursuits. The added stress is also damaging, both to enjoyment of life and to physical health.

  7. Criminal no, big-bucks civil yes. on Should Companies Share Criminal Blame In ID Theft? · · Score: 1

    I do believe however that much of the blame needs to be placed at the company level. Many times the risks are known ahead of time by both IT and the business, but the business has decided not to spend the money to fix the problem and have signed off on the risk. Sometimes there is nothing further the IT department can do without the express permission of business. In fact, this is fairly frequent.

    And the remedy for that is to make collecting the data and leaking it through substandard care in its handling a very costly thing for the company. Then the risk/reward ratio for protecting it will tend to sway upper management - and give the IT department a strong argument for the necessary budget to accomplish the work.

    Criminal penalties are the wrong way to create this incentive structure. Big-bucks civil penalties (payable to the people whose information is leaked), however, look like something that could do the job - and make a start on compensating the actual victims for the harm done to them.

  8. Fifth Amendment kills that. on Should Companies Share Criminal Blame In ID Theft? · · Score: 2, Interesting

    Not only should there be criminal damages, but attempting to keep the thieft secret should carry an even heavier penalty.

    And the famous part of the Fifth Amendment hits that head on:

    "... nor shall [any person] be compelled in any criminal case to be a witness against himself, ..."

    So it's not going to happen in the US. Give it up.

    = = = =

    The people harmed are easily identified. It makes more sense for this to be a civil matter, with heavy financial penalties being paid by the company to the victims of the identity theft, rather than into government coffers.

    If the government were to legislate or rule-make the penalties and/or automate the process in corporate regulations, rather than waiting for class action suits to lay the ground rules (and line the pockets of the litigating class while the victims get pennies), so much the better. (Assuming the legislators don't just write a slap-on-the-wrist preemption law for their corporate sponsors. B-( )

  9. Depends on where the MITM is. on Browser Extension Defeats Internet Eavesdropping · · Score: 1

    So the MiTM attacks the notaries as well. I call Fail.

    You would have to successfully attack the notary. That will be harder than successfully attacking the client.

    It's easy to see how a browser plugin, which potentially has canned cerdentials for some notaries, could work even if the MITM is between the user and all the notaries.

    But TFA is too sketchy to tell us what, if anything, prevents a MITM who is intercepting all traffic with the far end - both from the user and the notaries - from faking things identically for all the observers.

    (Another risk is the MITM corrupting the download of the plugin - after which point all bets are off.)

  10. Re:Or low sunspots cause another "little ice age" on 2008 Is the Coldest Year of the 21st Century · · Score: 1

    I thought the LIA was caused by volcanic eruptions. Has the theory on that changed?

    Yeah: Quiet sun. (Unless they changed their minds again.) They think they finally figured out how that works:

    Solar activity -> solar wind -> bending the mag field near the earth -> magnetic shielding modulates cosmic rays -> cosmic rays cause ionization in atmosphere -> ions nucleate condensation, modulating cloud cover by causing clouds to form sooner/more densely. (More clouds also lead to more snow cover and still more reflection.)

    Low solar wind leads to enough of an increase in albedo to make a significant change in planetary surface temperature. So when the sun goes quiet for a while things get cold on Earth, even if the sun itself is putting out essentially the same amount of light and heat.

  11. Or low sunspots cause another "little ice age" on 2008 Is the Coldest Year of the 21st Century · · Score: 3, Interesting

    ... unless the heat output from the sun is decreasing rather than increasing or the heat being absorbed by the earth is decreasing due to changes in the earth's albedo.

    TFA missed one: ... or the current sunspot shortage continues, as it did in the "little ice age", causing another one.

    Given that, by at least one model, we only have maybe 8 or so centuries until the fossil carbon runs out and we plunge back onto the orbital-mechanics driven end of the current interglacial and dive into a BIG ice age (whose steepening slope we may have been holding off with greenhouse gases since about the dawn of agriculture) we might not see any significant "global warming" at all.

    All of this is assuming that we don't establish enough space industrialization to let us tune the insolation and just FIX the issue. (Which seems likely. The current government prescriptions for patching "global warming" would destroy the wealth and technology bases needed to drive a space program.)

    And also assuming that polywell, POPS (Periodically Oscillating Plasma Sphere), and other fusion power approaches ALL don't work out. (Cheap aneutronic hydrogen fusion power would drive fossil-carbon based fuels out of the market for most uses and provide the energy needed to drive several technologies that could tune the Earth's temperature.)

  12. Copyright misuse? on Fair Use Must Be Considered In DMCA Notices · · Score: 1

    Perhaps this case can lead to a determination that such bogus suits constitute "copyright misuse", leading to the loss of copyright protection on any song involved in such a suit.

    Such a precedent would put RIAA in the following position:
      - Bring a solid case, win some bux.
      - Bring a bogus case and get caught, the songs involved lose copyright protection.

    Perhaps that sort of risk would get them to evaluate the cases more carefully before firing the scattergun.

    Then again, perhaps they still wouldn't. In which case the member organizations might decide to bail out once the RIAA had lost them the copyright protection of a bunch of their "intellectual property".

    (And of course the denizens of the internet would be carefully tracking which "IP" had lost its copyright protection as a result. B-) )

  13. Can't copyright titles. on Fair Use Must Be Considered In DMCA Notices · · Score: 2, Informative

    You can't copyright titles: Song names, book names, movie names, etc.

    Otherwise Alan E. Nourse would have a dandy suit against Warner Brothers over _Bladerunner_.

  14. Another confounding factor. on Research Suggests Polygamous Men Live Longer · · Score: 2, Interesting

    Another possible confounding factor: Polygamy is often associated with religions (Mormon offshoots, Islam, ...) whose practitioners also have less exposure to a number of biochemical health risks due to religious prohibitions or discouragements: Alcohol, tobacco, caffeine, other psychotropic drugs, pork-borne diseases, ...

    Other aspects of their cultural or religious practices (such as their legal system, requirements to self-suppor and, support the family rather than depending on government charity, individually defend self, home, family, and/or society against human predators, etc.) may also reduce risk - from criminal activity, lack or mistiming of acquisition of important resources, etc.

  15. Re:Maybe you should look at the Protect Act? on Judge Rules Man Cannot Be Forced To Decrypt HD · · Score: 1

    Did you even read my post? Ashcroft v. Free Speech Coalition invalidated portions of the COPA Act in 2002. The PROTECT Act was passed in 2003 ...

    Sorry. Posted that during a (very short) break at work. I sit corrected.

  16. Re:Slashdot crazies who know nothing about the law on Judge Rules Man Cannot Be Forced To Decrypt HD · · Score: 5, Insightful

    I fail to understand how a court can't order the asshole to produce the data.

    Because the data is in his head, not on a physical document. If he had written it down the court could order him to hand over the hardcopy. But if they could order him to divulge the contents of his memory to be used as evidence against him they could do it, not just for passwords, but for anything else. (Like: "Did you kill Jane Doe?") The famous part of the 5th Amendment expressly prohibits that.

    What would "enforcing" such an order consist of? Torture. That's WHY it's prohibited.

    This case is going to come down to two sworn officers asserting they saw kiddie porn on exhibit A, the laptop. Almost any jury is going to be willing to accept that as proof beyond a reasonable doubt considering the defense could rebutt by simply unlocking the laptop and proving their innocence.

    It's not up to the defendant in a criminal case to prove his innocence. It's up to the prosecution to prove his guilt. Are the officers such experts in video synthesis and manipulation that they can determine, at a glance, that the images were of actual children? No? Tough luck. If that's all they have I'd expect the judge to direct the verdict or throw it out for lack of evidence.

  17. Anti-free-speech cases are ALWAYS against scumbags on Judge Rules Man Cannot Be Forced To Decrypt HD · · Score: 4, Insightful

    In short: Why, why does our potential landmark 5th amendment case have to be a kiddie porn case?

    Because the prosecutors ALWAYS go after the least-sympathetic scumbag they can find (or create the appearance of) when trying to establish a break-the-bill-of-rights precedent.

    In the case of trying to clamp down on new forms of speech, press, or association this is USUALLY a child pornography or child molestation case.

    Once they've got the precedent in place they can go after the real target: Anybody they don't like.

  18. Re:Maybe you should look at the Protect Act? on Judge Rules Man Cannot Be Forced To Decrypt HD · · Score: 2, Informative

    Maybe you should read the case finding that provision unconstitutional?

    How about you find it for us. I bet you can't.

    It's already referenced a bit farther back in this slashdot article. By now it's modded up so it should be visible in your browser unless you've hacked your settings. So use your browser's find function to look for "Ashcroft".

  19. DIP will likely be rolled out to support QoS. on DPI and Net Neutrality's Overseas Weak Spot · · Score: 3, Insightful

    IMHO Deep Packet Inspection will be rolled out to identify the protocols in use on connections, to support assigning the correct QoS to different protocols.

    For instance: File transfers accelerate until they consume (and equally divide) all bandwidth at the most congested link in their path, but just slow down if they're artificially limited below that level. Meanwhile Streams are band limited but must go to the front of the line to meet their jitter and delivery reliability requirements, though delayed stream packets are useless and should be dropped to avoid also delaying their successors.

    Unfortunately the tagging of the packet itself can't be trusted because there is an incentive to achieve improved service by cheating, requesting better service than necessary. (And a Microsoft IP stack, widely deployed, made just this "improvement".)

    My take: The right solution is to write a contract for various rates of "premium" packets, then accept the labeling but demote the QoS on packets above the running limit. Then the incentive is on the user to obtain software that doesn't cheat, and the ISP doesn't need to deep inspect.

    Unfortunately, the ISPs and equipment vendors seem to be going with the DPI identification approach. And that means deploying DPI, which can then be misused by the ISPs to do the bad kind of non-neutrality.

  20. Just remember whose perspective is at issue on Support Grows For Blanket Music Licensing · · Score: 1

    Seriously? You're comparing finding a way to sell music with SPLITTING THE ATOM?!?

    The quote is from Jim Griffin, a consultant to Warner.

    From his perspective it's no doubt a bigger issue than nuclear power. Nuclear power only impacts him by a small effect on his electric rates. Figuring out how to continue monetize music as recording distribution transitions from sale of physical recordings to internet distribution of music-as-data affects his big-bucks income and the fortunes of his 56 billion market-cap employer.

  21. Re:Not a good design for power on Amateur Scientists Seek Fusion Reaction · · Score: 1

    Polywell is just a better idea. Hopefully EMCC will finally build the large scale one and prove it.

    We're due a report from them in another couple weeks or so.

  22. Re:Good grief... on Amateur Scientists Seek Fusion Reaction · · Score: 5, Informative

    Are these the same yahoos that post videos of "perpetual" motion machines on Youtube?

    No. Wikipedia is your friend.

    Farnsworth - Hirsch - Meeks fusors are quite real and effective. They're easy to build even by hobbyists using readily obtainable parts. Commercial versions serve as controllable neutron sources. Fusion neutron output of up to a trillion per second has been reported and rates in the billions per second are easily obtainable. To date it is estimated that Farnsworth-Hirsch-Meeks fusors have produced far more total fusion neutrons than all other non-bomb fusion devices combined.

    Downside is that they involve ions moving in a trajectory past a metal electrode, which they must pass without hitting many thousands of times on the average before they participate in a fusion reaction. Hitting the electrode loses the energy used to create the ion and attempt to confine it, dumping the energy as heat in the electrode. Getting the electrode to be sufficiently "transparent" to achieve breakeven seems to be a lost cause.

    Bussard's family of Polywell fusion machine designs apparently started as an attempt to steer the ions around the inner electrode of a Farnsworth-Hirsch-Meeks machine using a magnetic field. But it has since developed into a different (though related) principle: Use the magnetic field from the self-shielding magnet/electrodes to confine electrons (which are much easier to handle), creating a high-density space charge in the center of the machine. Use the electrostatic field of the electrons to attract and confine the ions in this region at high density and temperature, resulting in fusion. The magnetic field still shields the inner structures and the field is convex toward the plasma, limiting the plasma instabilities the plague "conventional" fusion machines.

  23. If it's worth doing, it's worth doing at a profit. on Where Has All My Spam Gone? · · Score: 2, Funny

    ... independent helpers ... have programs that you can download that do most of the work with minimal hassle.

    Hi. I'm a spammer working for the Patriotic Russian effort to defend South Ossetia from the imperialists of Georgia. If you want to help this patriotic effort I have written for you a tool to let you participate in our DDoS attack on Georgia's network. Just click THIS LINK to download the tool, then enter the decryption password to unpack and install it. The password is "ImASucker"

  24. Re:Hmm on Where Has All My Spam Gone? · · Score: 1

    Its also possible they may also be overutilized and prioritized for cyberwarfare and not for spam.

    Perhaps the poster lucked out and all the machines that had his addresses were in the portion of the botnet that was retargeted against Georgia.

  25. Re:"Jigsaw elections"? You mean Electoral Eollege? on 30% of Americans Want "Balanced" Blogging · · Score: 1

    I don't follow, how does the electoral system prevent a corrupt metropolitan government from impacting the national election?

    It doesn't prevent them from having an impact. (Or even prevent a corrupt metropolis from swinging a presidential election: Nixon lost to Kennedy by losing Illinois and he lost that by less than one vote per precinct in Mayor Daley's Cook County. And the next time he ran the governor of Illinois was alleged to have kept Chicago in check by threatening to delay the outstate count until after Cook County had reported and fake as many Republican votes as the Chicago machine faked Democrat votes.)

    What it does is LIMIT the impact.

    With the Electoral College the most they can swing is their own state's electors (which in turn are limited by the population figures from the last census).

    With direct popular vote they can come up with a bunch of fake voters and a bogus landslide margin which can easily swamp the REAL margin from several larger-but-honest cities - or the total margin in an election that is at all close.

    Remember the Bush/Gore vote recounting in Florida? Imagine if the election was by popular vote, the margin was a couple thousand votes, and you had to recount the WHOLE COUNTRY. B-(