Slashdot Mirror


User: LostCluster

LostCluster's activity in the archive.

Stories
0
Comments
5,986
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,986

  1. A card is more than just a magnetic strip... on The Universal Card · · Score: 5, Insightful

    It's not quite clear if Visa or Mastercard will allow its member stores to accept Chameleon Cards in place of real plastic cards. Afterall, that card won't be able to mimic the Visa or MS holigram, the color-printed signature strip with code number on it, or the physical impression of the card numbers.

    Accepting non-original cards opens up the risk of accepting any card with a magnetic stripe as being a stand-in for the real credit card. It would effectively turn all in-person credit card transaction to being as insecure as a web transaction. There's a reason why web merchants have to pay more for their credit card services, and it's that insecurity.

    So, it's near certian that Visa and Mastercard accepting stores will be ordered by the card networks not to accept Chameleon Cards from customers. Game over for this technology... it works in the lab but won't work in the real world.

  2. Warning: Vaporware Company Detected on The Universal Card · · Score: 4, Insightful

    Any company that has a hyperlink marked "Investor Information" above-the-fold (shown without a need to scroll down on a typical 800x600 setup) is automatically a bit suspect.

    I fear that Slashdot's logo is now going to get added to their brag-about-press-coverage page. For the record, the "Boston's WB in the Morning" program they brag about was canceled in 2002.

    I'm not suggesting that this company's technology doesn't exist, but their product is pure vaporware and they have lists of good reasons why a merchant, bank, or large company should partner with them, but they can't name any merchant, bank, or large companies who have agreed to partner with them. At least they have a patent appilcation pending.

  3. Re:Slashdotters==Curmudgeons? on iPod Mini Sells Out · · Score: 1

    Nah, they're surrounded by blockers to either side. This level could go on forever so long as the user doesn't click the nuclear icon.

  4. Re:An anglefire site on Chernobyl...18 Years Later · · Score: 5, Informative

    For the record, a free Angelfire site presently gets 1 GB of monthly bandwidth on which to serve up to 20 MB of content. Which means, when /. finishes off this site's bandwidth allowance, this site's gone for the month.

    If somebody were to give this unfortunate person Angelfire's highest "element plan", it would cost $15 for the setup and $14.95 for the first month, and give her 30 GB of monthly traffic. That might be enough to survive a slashdotting.

  5. Re:Absolutley true story (for unix nerds) on The Oft Frustrating Job of a Sysadmin · · Score: 1

    Users left on their own to learn a system will always learn exactly one way to make the computer do what they want it to do. Users who learn a way that works but isn't the right way can go on forever until stops.

  6. This just in... on Bloggers' Plagiarism Scientifically Proven · · Score: 1

    TechTV's The Screen Savers just ran the story about how blogs spread stories that other more popular blogs and news sources without crediting the intermediairy source who they saw it first on. No credit was given to Slashdot in Sarah Lane's report.

  7. Re:Mcafee, Norton, Hello? on Spyware on One in Twenty Computers? · · Score: 2, Insightful

    No, they're not ignoring their responsiblities, but they both subscribe to a tight definition of "virus" that requires self replication. Malware distributed by a voluntary download or a tricky question posed by a website doesn't count, so you have to buy another product from them to get their anti-spyware solution.

    We really should have one bad program scanner to rule them all, and I'm starting to notice that AdAware is starting to define the major worms and viruses as something their program can clean up. If AdAware just catches up with having a virus list as deep as their spyware list, I just might shell out the money and lay off Norton as redundant.

  8. Re:Statistics suspect on Spyware on One in Twenty Computers? · · Score: 1

    The difference is, porn is a problem that some people are willing to pay extra for to get rid of. Consumers aren't aware enough to know what port blocking against spyware would do, nevermind pay extra for it.

  9. Re:1 : 1 on Spyware on One in Twenty Computers? · · Score: 2, Informative

    Yeah, but that's like saying that IE's history file creates an unsecured log of where you've been unless you clear it or disable it. It's not spyware until something tries to send that log outward...

  10. Re:Ad-Aware on Spyware on One in Twenty Computers? · · Score: 1

    Ad-Aware alerts on a lot of questionable programs that some users might be willing to tolerate, such as any program distributed by iWon. Even if no privacy threats have been discovered in a specific program, it's just generally assumed that since this site has such a bad history a user should at least think twice before keeping such a program.

    Ad Aware recognizes it, which is why it has a list of exceptions that a user can use to certify that otherwise alertable files have permission to be there. However, I've never found a situation where I've had to use it.

  11. So easy to get onto college kids machines on Spyware on One in Twenty Computers? · · Score: 2, Insightful

    AllAdvantage.com discovered this back in the late 90s. College students gladly downloaded a program that provides them no function, displays an ad bar, and has a TOS that says that their unused clock cycles can be sold to distributed computing projects, in exchange for a promise of a small payment.

    Kazza is proving that you don't even need to promise the small payment to bundle the spyware, just free access to a P2P network which has a lot of copyrighted content (that it doesn't have license to have) on it.

    The average college student is not majoring in tech. They don't understand what they're giving up when they run a service without understanding what it does. User education is not as good as it needs to be.

  12. Re:Perfect Security is infinite... on Security Warrior · · Score: 1

    Non-routable address space is only secure if all points on the internal network are secure. If an internal machine is compromised, then the non-routable address space is then reachable through that compromised point.

    Any time you give network access, you're trading away some unit of security. Sneakernet is more secure than non-routable space. Of course, taking updates in by disk gets too annoying, that's a trade you'll be willing to make, just don't lie to yourself and say you didn't give up any security, just that you gave up only a very small unit of security.

  13. Re:Paradox of Open yet Closed on Security Warrior · · Score: 3, Insightful

    "Trustworthiness" is created when somebody given the opportunity to screw up does not do so, and is the best predictor we have for whether somebody will screw up in the future.

    To banks, in order for you to have perfect credit credentials, you must have taken loans before and not violated the terms. Never taking a loan is a nuetral value... you haven't screwed up, but on the other hand you haven't had the chance to either. There's no data on you, which means the system has nothing upon which to make a decision, and therefore it's the system's least confident prediction.

    Tokens of committment can only be used to prevent somebody from breaching trust when what they've put up at stake is more valuable to them than what they might get as a result of breaching the trust. A token that isn't strong enough doesn't really create trust. However too strong of a token also will turn away those who don't trust you, which can deny the project you're trying to protect from getting the help it needs.

    The paradox of open yet closed is not one that can be solved, it just has to be dealt with.

  14. Re:The more things change, the more they stay ... on Security Warrior · · Score: 4, Insightful

    Now... Who wants to give me a book deal?

    The reason why there's so many security books out there is that people need to be shown how to do all the things that you list. Somebody who doesn't understand that a form which is browser-limited to only send numbers still has the ability to send back characters isn't going to bother to code in the line that bounces non-numeric input.

    It's hard to tell somebody who doesn't know what i's and t's look like to dot and cross them correctly.

  15. Re:Perfect Security is infinite... on Security Warrior · · Score: 2, Interesting

    However, physical security and network security are somewhat different issues. If you unplug from the net you are entirely secure from attacks over the net. Yeah, somebody can still drop a bomb on you, just as someone can drop a bomb on your house. Motivation to do so is often lacking though, since that denies them the ability to walk off with your TV set.

    Unplugging from the 'net is a good idea for servers that offer no services to the 'net. (Software updates can be delivered to it by sneakernet when needed.) Unplugging a server that does offer a service while under attack, however, is a security failure that's contained. Yeah, you're protected from any further breaches, but now your service is down for security reasons, and not letting your service out is a Type II security failure.

  16. Perfect Security is infinite... on Security Warrior · · Score: 5, Insightful

    There's no such thing as a physical lock that can't be broken. It's only a matter of how much force needs to be gathered to break down the door, or break a hole in the wall.

    An entirely secure site can be breached by a bomb being dropped on top of it. Now, some people might say that's cheating, because demolishing the site, and therefore whatever valuable was being protected too, doesn't give control of the valuable to the atacker. However, it does deny the services of the valuable to its owner as well. That's a security failure, the job is to keep the services of that valuable always available.

    Computer security should be thought of in those terms. There's no such thing as unbreachable security, you just want to set the threshholds of what it takes to breach the security high enough so that it becomes highly unlikely that anybody can come up with the force it takes to defeat them.

    Clearly, if somebody comes up with a processor that can quickly factor large numbers, then a good chunk of today's security theory will go straight out the window. However, since to our knowledge nobody has done so and nobody's close to doing so, we can consider that a good security technique to use now.

    One must always keep up with what tools the bad guys have available, because once they have something that can knock down a defensive tool with ease, that defensive tool had better have another line of defense behind it.

  17. Re:Oh, gotta rant, gotta rant on this one... on Compensation for Bandwidth Costs is Extortion? · · Score: 3, Insightful

    Nope... he was operating on the "free drugs" model of business...

    Give the county free services for three years, then hit them with the price and tell them that they can't live without him... that's not true, the county can take those three years of free service and give him nothing but a thank you, and then take their business elsewhere.

    While the extortion charge is a bit extreme, he's lost all hope of doing business with any local government in the area ever again. He should know that local governments have to follow strict purchasing rules, and usually any contract worth $300,000 a year has to go out to bid.

    His claim of ownership of the domain is a bit weak. He's not the Macomb Sheriff. The sheriff's office could very well create a trademark and then sue for posession of the domain name.

  18. Not the way to make an offer on Compensation for Bandwidth Costs is Extortion? · · Score: 3, Insightful

    The way the website offer should have started the process was by sending them a registered letter informing the sheriff that he no longer could afford to offer the county his services for free, and that as of a certain date he intends on terminating the service unless another agreement can be made.

    He could then conclude the letter by informing them that he is willing to provide services to the county at less then his normal prices, and would be willing to consider a request for an extention of the deadline for a reasonable time if needed to ensure continuity.

    Extortion charges are a bit extreme, but if he's trying to show his power over the site to the sheriff, he shouldn't overreach. He managed to get the sheriff to overreach as well, and while the charges will likely be overruled by a court, that isn't a fun thing to have to go through.

  19. Re:CNN? FoxNews? NYTimes? on Bloggers' Plagiarism Scientifically Proven · · Score: 1

    CNN and Fox News also get a lot of their content through sharing agreements with localized news outlets. Usually, it's a pure swap with no cash involved, the local station gets to use the network's reports for stories outside its area, while the network gets to use and distribute stories that the local station puts out that are of national interest.

    Newspapers have had such a system for years as well. They call it the Associated Press.

  20. Re:Next Question... on Bloggers' Plagiarism Scientifically Proven · · Score: 2, Insightful

    That's a very interesting one. Slashdot is definitely a blog in its layout of article and comments, but it also has news credibility that most blogs don't.

    It's kind of the difference between the tabloid news paper format, and the tabloid style of news reporting. There are some credible newspapers, such as the Boston Herald which publish in the tabloid shape. Meanwhile, the not so credible The Onion has a broadsheet shape.

  21. That's not just blogs... on Bloggers' Plagiarism Scientifically Proven · · Score: 5, Insightful

    It's also how news spreads. Afterall, Slashdot is very rarely the first to report a story, it just links to somebody else who has posted information on a topic. From there, several other media outlets see the story on Slashdot and therefore report on it themselves.

  22. Retiring, or just resting... on Godzilla To Retire (for now) · · Score: 4, Insightful

    Popular fictional characters never retire, they just get put away for a spell to create a pent-up demand. There will likely be more, but it'll likely be 10 to 20 years before somebody realizes they have a popular franchise that they're not using and it's time to revive it.

  23. Re:If it crashes... on The Disposable Computer · · Score: 5, Funny

    Microsoft is saving time... their paper computers will be made out of blue construction paper.

  24. Is it allowed to call itself a "computer"? on The Disposable Computer · · Score: 4, Interesting

    There are devices marketed as calculators that have more than 32k of memory these days...

    High-end wristwatches are starting to behave like low-powered computers with a small black and white pixel-based display, the beeping speaker, and ability to accept wireless input. We're not calling those computers, just "smart watches".

    So, this really is more about "smart paper"... paper with a few chips in it and therefore the ability to beep. Only a small upgrade over the musical greeting card. :)

  25. On the next The Screen Savers... on The Disposable Computer · · Score: 3, Funny

    Their mod specialist Yoshi DeHerrera will show off a cardboard case PC. (Web story is already posted here.)

    This was actually a delayed segment from last week. Yoshi cut his hand working on setting up his demo on how he did it last time he tried to do this segment. He needed to leave the studio to get stitches and missed most of the show as a result.