Slashdot Mirror


User: AK+Marc

AK+Marc's activity in the archive.

Stories
0
Comments
31,875
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 31,875

  1. Re:Biological Basis to Race on Geneticists Decry Book On Race and Evolution · · Score: 1

    The issue is pre-judging individuals and even worse, acting on that pre-judgment.

    The problem is that the human brain is genetically programmed to make that pre-judgment. We put things into categories, and refine those categories. But it's impossible to not put things into categories. So pre-judging will happen, regardless of whether it "should".

  2. Re:Normal now on F-Secure: Xiaomi Smartphones Do Secretly Steal Your Data · · Score: 1

    You didn't refute any of my points, just insulted me and confused everyone with broken formatting. Your 30 second problem was invalid. I prove it, and you got mad.

  3. Re: There we go again on DARPA Wants To Kill the Password · · Score: 1

    I used one of those and they realitime reject passwords that don't match the attacked server. "I'm sorry, your password isn't strong enough, please try another", until it logs into the battle.net account, and then it takes it and tells you everything is ok.

    More nefarious would be to have bizarre unpublished rules that require you take 10 tries to make a password, then try all the "failures" with the email to log into all the popular sites.

    All you need is the email password, and you can compromise everything else, anyway.

  4. Re:As long as certain rules are kept on DARPA Wants To Kill the Password · · Score: 1

    Only happens as part of specific death methods. And unrelated to rigor.

  5. Re:Send your data to the CCP faster? on Google Is Backing a New $300 Million High-Speed Internet Trans-Pacific Cable · · Score: 1

    Hence why it's all theoretical.

  6. Re:Send your data to the CCP faster? on Google Is Backing a New $300 Million High-Speed Internet Trans-Pacific Cable · · Score: 1

    Add that to conspiracy theories, and the cable cuts in the middle east were not from sloppy sailors, but US agents cutting the cable so a tap could be installed elsewhere undetected.

    Because if you do actually cut the cable (with a boat anchor, near shore), then you can do whatever you want with it in the middle and nobody would notice.

  7. Re:Send your data to the CCP faster? on Google Is Backing a New $300 Million High-Speed Internet Trans-Pacific Cable · · Score: 1

    I have no idea what I'm talking about here, but could the tap be applied while they're still laying the cable?

    In practice, the tap would go in without a problem, but the diagnostics at either end would detect a problem with the cable and give an approximate location Then it's up to the operator whether they want to accept a known damaged cable, or pay to investigate the "damage" before going live. It's possible they'd look for a rebate from the cable manufacturer, and just light it up. But I've not seen anything indicating any cable was "lightly damaged" and put into service. The liklihood that "damage" would get worse and lead to failure would be too high.

  8. Re:I can't change my fingerprint on DARPA Wants To Kill the Password · · Score: 1

    I don't see your point. They publicize the collection before they start, and those areas can be avoided. I'm not trying to avoid the collection of my information tinfoil-hat style, I've already given it to the government willingly twice. I'm just pointing out that you are wrong. Nobody is currently, or proposing to do what you say, and those with a US passport are exempt from the lines of collection in the US.

    You are FUDing things which haven't happened. That makes it seem like you are OK with everything else, as if you weren't, you'd have something "real" to complain about.

  9. Re:So which agencies' backdoors are in there? on Google Is Backing a New $300 Million High-Speed Internet Trans-Pacific Cable · · Score: 1

    There is a high rate of Americans kidnapping their child

    It's impossible to kidnap your kid, they are kidnapping their ex's kid, who they might share genetic code with.

    What's funny is that when I left the US, the three of us had three different surnames on our passport, and nobody said a thing. We had all the extra paperwork to prove who the 3 year old belonged to, but nobody cared. Flew from Hawaii to Fiji, no questions asked. I guess one parent with a kid is suspicions, a married-looking couple with a kid can go wherever, even if not married and the kid isn't theirs (not the case for us, but for all anyone knew, it was).

  10. Re:Send your data to the CCP faster? on Google Is Backing a New $300 Million High-Speed Internet Trans-Pacific Cable · · Score: 2

    Yeah, break into an optical network timed to the nanosecond without triggering any alarms? They (THE "they") can't even snoop a line without the operators finding out. A 2dB loss in power for a tap would be obvious. Well, unless they set up a machine that bent the fiber at 2 degrees per day, for 90 days. Most of the non-destructive ("hidden" or "secret" taps) pick up light leakage. But a 2-3 dB drop from a sudden bend for the tap, and the monitoring systems will set off alarms. Some can even locate the bend from dispersion and reflections (designed to find breaks, but sensitive enough to find the bends of a non-destructive tap). But bend it slowly over many days, and the "damage" will look like a problem with the line, perhaps a water incursion. Likely, before you start setting off power loss alarms, they'll re-set the alarm thresholds. Best if you had someone on the inside to report the actions in relation to the slow power loss. But blindly bending it over a 90 day period would likely get you a tap with nobody realizing it was a tap. But tap it in 10 seconds, and they'll have a "non-destructive tap alarm" go off. No really, some equipment has that built in.

    But a destructive tap, like the parent suggests, will never go unnoticed.

  11. Re:I can't change my fingerprint on DARPA Wants To Kill the Password · · Score: 1

    Hm, haven't traveled through the UK. But I don't see anything to indicate that they take anything biometric upon entering. I'm due to go there next month, so I'll see what happens then.

  12. Re:Translated into English on Floridian (and Southern) Governmental Regulations Are Unfriendly To Solar Power · · Score: 1

    yep, correct, the lease business model states that they sell at full consumer rates to the electric company, not at the producers rate ( which is cheaper )

    The article didn't say that there was an unfavorable buy-back rate that discourages leasing. But they said leasing was "illegal". Also, everywhere I've lived, they bill based on net use 1-month. So if you take 400kWh from the grid, and sell back 399kWh in the month of June, you pay for 1 kWh. If you sold back 401kWh, you'd get a "refund" for 1 kWh. So the question of whether that 1 kWh is 0.12 or 0.08 isn't an issue.

    Most lease-backs work with the lease paid from power savings, not from on-sold power sold at a profit. I spend $200 per month on electric, so cutting that in half and charging me $100 a month on a lease agreement is a break-even. It's a win if power goes up 3% per year for the life of the 10 year lease.

  13. Re:Translated into English on Floridian (and Southern) Governmental Regulations Are Unfriendly To Solar Power · · Score: 1

    "Several [states] also have rules that specifically discourage homeowners from going solar. In addition to the bans and restrictions on leasing arrangements, some Southern states assess taxes and fees on solar equipment and generation that do not exist elsewhere."

    That's not just lack of subsidies, that's active blocking of financing and technical options for solar.

  14. Re:As long as certain rules are kept on DARPA Wants To Kill the Password · · Score: 1

    Yeah, that's when the muscles tighten up. There are no muscles in that organ.

  15. Re:I can't change my fingerprint on DARPA Wants To Kill the Password · · Score: 1

    That's why it's nice having a US passport. I don't have to get recorded if I visit/transit.

  16. Re:All good until someone simulates biometrics... on DARPA Wants To Kill the Password · · Score: 1

    Biometrics, plus a card, plus a PIN would be great. Only have to remember to keep your token on you, and a short numerical string. That's still better/easier than hard passwords for everything.

  17. Re:All good until someone simulates biometrics... on DARPA Wants To Kill the Password · · Score: 1

    Biometrics are rarely even good. They are a 3-7 byte key based on a hash of something. Any more, and the repeatability starts to fail. So if you "hack" the system to be able to key in the keys directly, rather than going through the scanning hardware, you have a very good chance of guessing a "password".

  18. Re: There we go again on DARPA Wants To Kill the Password · · Score: 3, Interesting

    Sometimes it seems like the sites make their password rules match banks. Then, if you can't find anything else that works, use your bank password. The site then has your email, name and bank password. They can try that combo on all the major bank sites, and could get access.

    I'm surprised more black-hats don't set up "free" services with that intention.

  19. Re: There we go again on DARPA Wants To Kill the Password · · Score: 3

    Yup. Because SQL injection attacks work in passwords, especially when you have a 4,000 old COBOL system.

  20. Re:Comcast engineer here on The Hidden Cost of Your New Xfinity Router · · Score: 1

    It won't be long before you won't be able to buy a bunch of v4 addresses for them. Or maybe you will, but they'll be expensive enough to seriously impact your bottom line. Will an extra $5/mo on each customer's bill be enough to count as an inferior experience for them? What about $10/mo? $20/mo?

    I just bought a /19. Buying (permanent for all time) for under $5 per IP. Eventually it'll cause a problem, but we are still 5+ years from that. There's almost a black market of IPs out there, but they are available and "easy" to get.

    If you have v6, you can accept inbound connections on any of your computers without dealing with port forwarding/NAT.

    You "can" do that with v4 now, if only you own a public range for your private network. Though, in practice, NAT was sold as a firewall, so abandoning NAT will make people think it's less secure. It also assumes you are giving out multiple public v6 addresses to end users, when I've not seen that in practice.

    Who running dual stack gives out blocks of v6 to end users as part of the "standard" residential low-cost service? What sizes are the blocks?

  21. Re: There we go again on DARPA Wants To Kill the Password · · Score: 1

    And if I spoof my source IP to your valid user's IPs? Your DOS prevention will be worse than the DOS itself. Lockout all your actual users because one guy is attacking you.

  22. Re: There we go again on DARPA Wants To Kill the Password · · Score: 1

    So are *any* attacks performed live, rate limited? What are they called? Rate limiting is a *response* to brute/dictionary attacks being performed on live login servers. Obviously someone did it, or they wouldn't have shut down that vector. Security is very reactive, and seldom proactive.

  23. Re: There we go again on DARPA Wants To Kill the Password · · Score: 2

    If the attacker is performing the attack "offline" then you've already lost the security battle. That's the point. If you lose your password database, assume the passwords are all broken, no matter whether you have "must have 3.2 uppercase and 4.35 lowercase letters, 0.6 special characters and as many numbers as you like, so long as it doesn't start or end with a number" rules or let them use plain English sentences. A hashed " " is as meaningful as a hashed "a" so "cat dog run fast" is better than a very random 8-char password. http://xkcd.com/936/ Even if you know it's susceptible to a dictionary attack, it'll be better than most.

    But the point is, once they have your hash, you've already screwed up your security. Especially if you don't then change all the passwords.

  24. Re:Comcast engineer here on The Hidden Cost of Your New Xfinity Router · · Score: 1

    And if you read my above posts, you'll see that I believe dual stack uses resources that increases cost and complexity for the end users, and I don't want to subject them to an inferior service. I'll go v6 when v6 works. It doesn't yet. It's not about the users, it's about the content. The content (specifically Skype) isn't ready, so dual-stack won't "help" any user, and will cause increased problems/cost for users. There's nothing that v6 helps them do that they can't do on v4. But there's lots on v4 they can't do on v6.

    v6 isn't ready. When it is, I'll look at it. What benefit does dual stack give that v4 doesn't? If you can't name a single one that isn't "religious", then I'll reconsider. Yes, I understand that "someday" it'll be good, but if I have to go out and buy a bunch of v4 addresses for them anyway, why shouldn't I just give them standard v4 Internet?

  25. Re:Books on Slashdot Asks: Should Schooling Be Year-Round? · · Score: 1

    Take your bragging about how many books you had to read. I find it pretty hard to believe that you took anything meaningful from reading alot of quite difficult books.

    You don't have to take much "meaningful" from a book to learn from it. You'll remember some of the general themes, but you'll also pass 100+ words you didn't know, and you'll solve them in context, so that you then know them, but don't even remember learning them. Reading is a good vocabulary lesson, even if there's nothing in Moby Dick worth learning.