Slashdot Mirror


User: Antique+Geekmeister

Antique+Geekmeister's activity in the archive.

Stories
0
Comments
7,305
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,305

  1. Re:Run it on the GPU on A New Vulnerability In RSA Cryptography · · Score: 1

    Using GPU's for general purpose computing has been tried for years: it's never really gotten effective, especially since GPU's vary enough that it's difficult to write robust low-level drivers and compilers, then to get them accepted.

    No, if you're doing a lot of SSL work and are worried about this, take a look at SSL accelerator cards. They range from $100 to $1000, and seem quite useful for website hosting that will be doing a lot of encrypted traffic.

  2. Re:Disagree with a point on The Failure of the $100 Laptop? · · Score: 2, Interesting

    I urge you to rethink this: external information is a scarce commodity among the poor, as are education and keeping records. This is a potentially very useful tool on a small poor farm, to provide much-needed record keeping and information access. With a very modest investment in village infrastructure, the farm has access to information about weather, local government laws, and cash-free communications to family and relatives around the world.

    Simple access to Google to look up "low cost birth control" and "AIDS" could save many billions of dollars of moneyy and human destruction, with much less interference of local religious and political forces.

  3. Re:Cops on Youtube Video Prompts FBI Probe of LAPD · · Score: 1

    You seem to have it right. I'll add that it's often a departmental problem: like a family where child abuse occurs, or a school where frats are allowed to haze, the people in charge turn a blind eye to the evidence of abuses, or even hush it up to protect themselves and their peers.

    The blue wall is understandable: loyalty in a tough job is necessary. But that loyalty and avoiding outside interference means you have to deal with it internally. And LAPD has a long history of completely failing to do that.

  4. Re:I'd start hitting the guy too. on Youtube Video Prompts FBI Probe of LAPD · · Score: 2, Informative

    You've obviously never engaged seriously in judo, wrestling, or other sports where serious restraint is involved. Getting that much pressure on the carotid and sustaining it is very difficult with something blunt, like a knee. Squeezing and even brusing a windpipe is far simpler, and it will cause the restrained person to panic. Even a "law-abiding" citizen will often panic iin such a situation. Punching him at the time is not only adding insult to injury, it's criminal assault. And playing the macho game of "don't you move, bitch, or I'll punch you again" can break down the restrained person is extremely dangerous, because not only will some victims of such handling panic and lash out unpredictably, but it means the next cop or guard who faces that person is in far more danger, because they know they have nothing to lose: unless they escape, they're going to get hurt, anyway. Unfortunately, I see your attitude far too often in people who've never actually been restrained by a cop, or had to restrain soomeone violent. And people like you are usually the first to wind up bent over for the soap in a prison shower, pretending they know how to fight or how to handle danger and learning the hard way that the other guy just doesn't care if you know where a carotid is. Oh, and by the way? The carotid pinch actually takes about 30 seconds to make someone unconscious, less if they're struggling and burning oxygen wildly, more if they can keep their head down and neck clenched to protect the arteries and throat.

  5. Re:Are we all really that suprised? on Youtube Video Prompts FBI Probe of LAPD · · Score: 1

    Not in the LAPD: that department has one of the worst records in the US for police brutality, corruption, mis-arrests, and beating prisoners. This has been the case for decades: films such as this one, and the Rodney King incident, only reinforce the historical abuses of that group.

    The average cop on the street, even there, is doing a very difficult job, but it's very clear that the department permits officers and behaviors that should never be condoned by a policeman. Like a nurse at a hospital, respect the difficulty of their work, but keep an eye on them because they can hurt you tremendously, even by accident, and many of them do not appreciate any civilian oversight that questions their judgment.

  6. Re:Remove passwords on Successful Alternatives To Password Authentication? · · Score: 1

    No, I can get your fingerprintn from your unwashed coffeecup or the pen I loaned you or your bathroom door on your way out. They're fairly easily lifted with transparent tape.

  7. Re:Fingerprint login on Successful Alternatives To Password Authentication? · · Score: 1

    Nonsense. The problem with fingerprint biometrics is that the object being measured has poorly defined and definable measurable characteristics affected by body fluid content, dirt, sweat, ordinary wear and tear on hands, scarring from ordinary work environments, and which noticeably alter over time. Once you've made a system that can consistently identify the same user, you've introduced enough slack to easily match fairly poor fakes. These include the demonstrated "gummy finger" technique of taking a stored fingerprint image from a police file or successful fingerprint lifted from a casual contact, embedding it on a gelatin fingertip, and getting better than 80% success faking out the best available fingerprint sensors.

    The distortions due to synthetic fingerprinting are basically indistinguishable from those inherent in a slightly clever fake fingerprint. And unfortunately, sensors that can reliably determine the presence of a live finger as opposed to a fake finger are hideously expensive.

  8. Where do you need someone? on Transitioning From Small Shop IT To Enterprise? · · Score: 1

    Given that each new machine will take some worktime, say 10 minutes/machine/week if you fully automate and have good plenty of spare equipment on service contracts, 200 machines is 2000 minutes/week, or easily 33 hours/week. You obviously need new staff to handle this: the first hire you make should be a competent contractor who's done seriously automated network build systems, suitable for CGI or Beowulf clusters, to reduce the load of OS imaging new machines or rebuilding your existing hardware into some kind of standard.

    Where are you, physically? Perhaps someone on /. could recommend someone in your area to help you get past the hurdle of that initial auto-install or auto-management setup.

  9. Re:Read The Declaration of Independence. on FBI Raids Security Researcher's Home · · Score: 1

    For an example of how to stage a very public Internet protest, in the face of attack lawyers and criminal private eyes, take a look at the old "Scamizdat" publications of the secrets of Scientology on alt.religion.scientology. The cult not only went after public critics, they got one judge (Judge Ronald White of Microsoft trial fame, demonstrating his famous ability to bend over for the lawyers with the most corporate funding) to turn over private hard drives and documents of the defendants, then successfully refused to give them back to the court on the grounds that it would be a religious violation to do so, even though there was no evidence of illegal activity found on those documents or hard drives.

    The documents continued to be posted under the name "SCAMIZDAT" through various anonymous services, including the old anon.penet.fi server. This server was then raided by the cult, with fraudulent charges that it had been used to steal documents from their systems, so the owner shut it down permanently to protect other users from future abuse.

    Doing public protests, anonymously, is serious business: there are good examples of how and when to do it.

  10. Re:It's not that easy... on Will Red Hat Survive? · · Score: 1

    Oracle will have to hire a lot of RedHat's best support staff, or equivalently skilled engineers, to even begin to support this. Oracle is amazingly painful to install and manage: they do extremely customized things to disk partitions and use some of the worst installation and system management tools I have ever seen.

    What Oracle can do is create a pre-built Linux OS tarball that can be blown onto an approved server and simply replace anything local, which would simplify quite a lot of the installation whackiness and save having to rebuild a machine 5 times anyway to get Oracle installed correctly. (I've had to do this, several times.)

  11. Re:True of false? on When Stallman is Attacked · · Score: 1

    Richard's hands are also pretty trashed, at least the last time I saw him at a conference. He's had to become more thoughtful and subtle in writing really good but verbose code, or guiding someone else to write it for him. So just doing a line-count on his contributions is misleading: they're lines of really good code, not just a newbie's spew.

    Mind you, the destruction of his hands is to a great extent his own fault: Ctrl-Alt-Esc-two-handed-combos, anyone?

  12. Re:Now what about gold? on Lab Created Diamonds Come to Market · · Score: 1

    Not a chance. You know all that energy involved in nuclear power, where large unstable atoms split into smaller, more stable ones? That's the amount of energy involved in synthesizing gold. The energy costs are absolutely ridiculous: if we had that kind of energy available cheaply, it would still be vastly cheaper to send ships out to the asteroid belt and mine it in bulk there, or to filter it from ocean water, even if the source is extremely poor.

  13. Re:Real importance beyond jewelry? on Lab Created Diamonds Come to Market · · Score: 2

    They can, and have, undersold new diamond miners and put them right out of business by dumping, then jacking the prices back up later. We see the exact thing with other monopolies, such as Microsoft, where they will sell at a loss to prevent a competitor from entering a small market and getting a toehold, and where they will apply illegal behind-the-scenes pressure to prevent retailers from starting any business with a competitor.

    Killing the market for "conscript" diamonds also threatens some very dangerous people in the Ivory Coast, just as making artificial petroleum more cheaply would threaten some dangerous politcal groups. There are going to be deaths involved, I'm sure. But breaking these kinds of monopoly will free up a lot of repressed people, so they seem well worth it.

  14. Re:I don't get it on Extended Validation SSL, More Secure or Just a Racket? · · Score: 1

    Either way, the certificates will remain easy to steal due to the poor system security of many websites. Having an expensive Verisign certificate with extra special verification, at 3 times the price, does no good if some cracker has a rootkit on your sales-people's machines and succeeds in ripping the certificates out of your improperly secured webserver that they had access to because they push changes to it regularly, or have access to the backup system to pull the keys off the backup tapes, or there's a known exploit in IIS that hasn't been addressed yet on a production server, etc., etc. It's especially bad if they steal an SSL key with key-signing permissions such as many large corporations require, in which case they can play all sorts of interesting games.

    Expect SSL keys for defunct companies and domains to also increase in value, as the old domains can be purchased trivially and their old SSL keys used for all sorts of abuse. Given the growth right now in the web market, I'd expect to see another dot-bomb happen within 3 years and free up a lot of those.

  15. Re:Secure? on Extended Validation SSL, More Secure or Just a Racket? · · Score: 1

    Not cryptographically. The theft of certificates from poorly secured servers, however, seems to be pretty common: and since registering a throwaway domain that looks at first glance like that of a legitimate domain (such as www.register-paypal.com) to obscure the fact that it's a phishing site means that the certificate itself is not very useful to prove that a site is legitimate.

    SSL really needs to be thought of as only an encryption technology, not an authentication technology. The keys have never been managed well enough, and by now never will be managed well enough, to rely on them for authentication of servers. Too many people simply see that a key is automatically accepted because some scammer bought a Verisign signature with no noticeable difficulty, and go ahead and log in.

  16. Re:Why not just fix Windows? on Microsoft Releases Patent on SenderID · · Score: 1

    I was ranting at Fred A, not at you, Tiny Mouse: I'm sorry if you missed his comment. Fred sounded like lots of whining home Linux and BSD users who want to run their own mail servers but don't realize the magnitude of the problem they emulate: almost all port 25 traffic from anything other than an ISP's core mail servers is spam or worms, sent from email worms and spambots. In many cases, it's one of the largest uses of bandwidth for an ISP and represents a serious bandwidth cost, as well as a tech support cost.

    Fred, go ahead, get mad at your ISP for cutting off port 25. But allowing it can put them out of business in the cutthroat world of small or even large ISP's. Losing a few customers like you will probably save them a lot of trouble in the short term and the long term as well, as you demand business level services for home connections and take up their valuable time far more than you pay them in money or good will for other customers.

  17. Re:This is a bad idea on Securing a High School Windows XP Computer Lab? · · Score: 1

    It's not difficult at all: it should be a nightly procedure to re-image all the machines. Many large universities use this approach to preventn password sniffing tools, inappropriate file-sharing sites, and especially IRC botnets from being left active on their systems.

    If you don't scrub the machines regularly, they will be infected. Count on it.

  18. Re:nice, but lacking teeth on Microsoft Releases Patent on SenderID · · Score: 1

    Try another reason: by controlling the patent, but publishing it for "free" use, they avoid anyone else publishing a variant of it with a differnt signature authority. Microsoft is the owner, vendor, and signer of the SenderID keys: if another signature authority, that refuses to sell to spammers, shows up to use the same technology, Microsoft can slap them with a patent lawsuit.

    We've seen very similar issues with SSL keys and the restrictions on the root signature authorities: Microsoft wants to remain the root keyholder for SenderID keys. The patent lets them do this.

  19. Re:Why not just fix Windows? on Microsoft Releases Patent on SenderID · · Score: 1

    No, the spambots are almost entirely Windows. Take a look at the reports from the MIT spam conferences. The claim of "security capabilities" of Windows versus those of most other operating systems is nonsense for anyone with experience in the field.

  20. Re:Why not just fix Windows? on Microsoft Releases Patent on SenderID · · Score: 1

    Nice FUD. You've confused SPF and SenderID with port filtering, and railed against all of them with claims about it being "worse than the problem they pretend to solve".

    You obviously haven't experienced the problem of running a large mail server and having 50,000 fake email worm messages with your client's "FROM " addresses or other forged data cause the bounces to hammer your mail server into uselessness. The fakery of the "FROM " line is different than the classic "From:" forgery: it causes the faked server to get the bounce message. It makes complete sense for an ISP to say "only mail from these addresses is allowed to pretend it's directly from our domain", and publish DNS records that reflect this. This takes a huge load off of a lot of mail servers, and let's people who want to track the spam talk to the right address about it.

  21. Re:Have they released a SenderID SDK? on Microsoft Releases Patent on SenderID · · Score: 1, Informative

    Email clients are not what SenderID is for: it's for mail servers, to reject the spam before it even gets into the user's cue. Unfortunately SenderID is not only patented, the Microsoft license prevents other people from modifying it for other uses. This means it should not and cannot be used in Sendmail, Postfix, or other open source MTA's due to license restrictions.

    SenderID is also cryptographic. This prevents software with it integrated from being exported to "restricted" companies, due to the strange rules about encryption being a material of war.

    SenderID is also fundamentally broken: SPF rejects spam messages in a way that is very lightweight and free to implement (publish a TXT record in your domain's DNS), and rejects the message before its contents are even sent, based on the "FROM" line used for email bounces. SenderID requires purchased keys from Microsoft, and requires the MTA to accept the email message to process the SenderID key, which seriously burdens the server.

    SenderID basically has nothing to do with SPF or anti-spam: it has to do with selling keys for bulk emailers, legitimate or not, to send bulk email while avoiding anti-spam messages. Its presence in a message is actually a very powerful sign that the message is spam, just as those "Haiku" messages in email headers used to be.

    Unfortunately, the creators of SPF accepted Microsoft sponsorship and involvement with SenderID to get Microsoft support, integrating SPF-like features into Hotmail and other Microsoft tools in order to get a larger user base, but unfortunately accepting a corrupt influence that has actively hindered the acceptance of SPF.

    Make no mistake, SPF has problems. It breaks most email forwarding unless the forwarder uses SRS or some other tool to rewrite the email address to send bounce messages to. But it's very lightweight and effective, and the email forwarding was already badly broken and needs fixing.

  22. Re:You're kidding right? on Battlestar Galactica 'Webisodes' Conflict Brewing · · Score: 1

    Find a friend in the US to do an SSH or SSL tunnel for you.

  23. Re:Clue on Apple Should Get Out of Hardware? · · Score: 1

    Gardner isn't in the "having a clue" business. They're in the "selling advice" business. With that in mind, it's easy to see where they want to stir the pot and start acquisition rumors, as long as those rumors are not aimed against their own current customers.

    It's very similar to the arms business, where selling to both sides and keeping fears at a slow boil is safer and more profitable to the dealer.

  24. Re:Competition on IE7 Released and Available for Download · · Score: 1

    The competition of FireFox is one reason, but the timing of the release of IE7 has other reasons. Notice that it's being released *after* Win95, Win98, WinME (and all DOS based releases), and even earilier the versions of NT based releases up through WinXP SP1 have all had support ended. This makes weaving IE7 inextricably into the operating system, since they really only have to support a few operating systems and can rely on the presence of Microsoft's latest OS level tools and updates. This makes coding in new "features", such as tight integration with Windows Media, .NET, Active Directory, and Microsoft-sold DRM such as Trusted Computing tools vastly easier for the authors of this new tool.

    And the need to do Microsoft updates continues to force people to use Internet Explorer: FireFox cannot easily fix that, unless they can create a plug-in to deal with the requirements for Windows update sites. I'd love to see that: it would help me migrate my clients from Internet Explorer.

  25. Re:Several Mangers? on IE7 Released and Available for Download · · Score: 1

    Or the farmhands who have to shovel out the place after the animals leave their little deposits of webpages written with FrontPage and Visual Studio.