Slashdot Mirror


User: fyngyrz

fyngyrz's activity in the archive.

Stories
0
Comments
10,605
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,605

  1. Re:Software Patents Should Be Abolished on What If Android Lost the Patent War? · · Score: 1

    You are clearly under the mistaken impression that business should be conducted in a friendly, evenhanded, "fair" manner. Many business folk use the adage "business is war" as a means of planning, and conducting, product marketing and drive. Fair doesn't even come into it (in fact, unfairness is the very basis for the entire patent system... you and I can put exactly the same amount of work in on ideas that are entirely equal in every way, but if you get the patent, *I* have to pay *you* to use my own idea, if in fact you even let me do so.)

    Let me put in it other terms: If you pick a fight with me, and I am the superior fighter, this does not mean that (a) I will refuse to engage, or (b) that I won't hit you again, even if it is clear that you are not winning, or that I won't use techniques that you either are unfamiliar with, or don't have the proper tools to engage with. I will hit you until you go down. I rather suspect that's closer to Apple's strategy than your idea (paraphrasing, feel free to correct me if I have this wrong) of if the iPhone is better, they don't need to engage on all fronts to support it.

  2. Re:Software Patents Should Be Abolished on What If Android Lost the Patent War? · · Score: 4, Interesting

    And the fact hat Apple is choosing to beat Android into submission with them, rather than make a superior product, is very telling indeed.

    That's not a fact. That's an opinion. An argument can be made that Apple is making the superior product and beating down Android/Google with patents (which are not all software patents, I should point out.)

    I'm no fan of software patents, I think they're entirely wrong-headed, but if you're going to hold Apple's feet to the fire, at least do it with a clear view of what is going on. They make plenty of real mistakes and do lots of obnoxious things, no need to invent fictitious ones.

  3. On topic on Power Companies Brace For Solar Storms · · Score: 1

    I got a decent shot of the aurora resulting from the CMEs here in Montana early Saturday morning. I've collected my aurora shots here.

    I have to say that although this was (visually) a moderately strong event, it wasn't even close to some of the auroral storms of the 90's. The power in the auroral oval wasn't very high, either.

  4. Re:I want my free encryption on Ask Slashdot: Does SSL Validation Matter? · · Score: 1

    What it does indicate is that [the machine] is controlled by somebody who the owner of the cert in question [gave access to] the private key.

    No. I'll correct that for you: What it does indicate is that [some machine, somewhere] is controlled by somebody who [has obtained the] private key.

    The actual number of means that can be used to obtain the cert, or otherwise compromise it, are almost endless, and are just as easily (ok, perhaps more so) compromised at the user's end, where you cannot even hope for a modicum of secure procedures and machines. If the chain breaks anywhere then it doesn't work anywhere and claiming that it is able to assure authentication and/or ownership is purest nonsense.

    As soon as you realize these things are 100% true -- and they are -- and that consequently the owner of the cert can easily be completely out of control, you realize that verification of site identity cannot be the result of using the cert. And really, that's the end of the argument.

  5. Re:The scam will always win -- its all about the s on Ask Slashdot: Does SSL Validation Matter? · · Score: 4, Informative

    1) Yes certificates can validate your identity, provided the roots and intermediates are kept secure.

    Which you cannot guarantee, therefore you cannot use them to validate identity.

    The entire industry -- from scamming fees out of site owners to fooling the consumer and coercing and co-opting the browser authors -- is predicated upon the single critical idea that certs imbue a transaction with safety because you know who you're talking to. But the fact is, you don't have any idea who you're talking to; and furthermore, you cannot, and furtherestmore, the cert couldn't tell the user or the browser or the source site if the folks at both ends were the "right ones" even if it was true. All the cert does is implement intermediate communications line security -- as far as we know, presuming the NSA hasn't done what we all know it would most like to do and is either in the process of doing or has already done.

    The flaws you describe result from an insecure implementation.

    If there were such a thing as a "secure implementation" (which there isn't -- you have no idea where the hack will come from... a business associate? The cert authority? A lover? An intrusion? Use of force? Installation error? Stray gamma ray? Bad chip? Browser vulnerability? Language vulnerability? Worm? Virus? Some combination of the foregoing? Or etc., ad infinitum), certificates still wouldn't assure you it was in place. Claiming that they in any way validate identity is purest scamming.

    2) Yes, encryption is one use of SSL. The question was about SSL validation.

    No. The fact is that as far as we outside the government know, the SSL mechanism presently legitimately encrypts between points, IE the intermediate channel. The next fact is that certificates cannot, period, end of story, provide validation, nor have they ever done so. It's a scam to say that they do if you understand them; if you don't understand them -- and by that, I don't mean just the mechanism, I mean the environment they exist in and are expected to function in and the ways and means people are known to go to to get around such efforts, and the immense benefits available from doing so when they are circumvented -- then you're simply ill-informed and wrong.

    Again, we're talking about crappy implementation here

    Again, we are not. We are talking about the impossibility of implementation, in response to the bogus claim that identification and authentication are possible with the certificate mechanism. Which Verisign (used here as a placeholder for every CA) knows, and is why Verisign and etc don't seriously try to do it. They know perfectly well it's a scam. If they give you something to point at, like the hilarious methods they claim provide your identity (never mind the site's identity), then you'll be misled into trying to address the wrong issue. The actual issue is that this is a scam and cannot work at all, not just that the CAs have no serious knowledge who the certificate holders really are. It's not about identification and authentication. It's about the illusion of identification and authentication. All they have to do is put up a solid enough false front to make it look like they're trying, then misdirect the tech types into tech issues instead of thinking about how the whole system works, and they're golden.

  6. Re:I want my free encryption on Ask Slashdot: Does SSL Validation Matter? · · Score: 1

    Certificates in NO way prevent the problem you describe. They simply provide encryption.

    The "middle" is anywhere between your fingers and the desired target. I can get in the "middle" with a brain dead keyboard scanner, and steal your stuff, fake your browser, etc, etc. Or at the other end and simply steal the cert from the target server and then spoof the DNS, either in your machine or elsewhere. Certs do NOT provide assurance that you are only (or at all) speaking to who you think you are. They provide, IF actually used (also cannot be guaranteed) encryption of the intermediate channel. That's all they can do, that's all they've ever done, that's all they ever will do.

    The idea that the "middle" must be out on the net is misleading and deceptive, does no one any good except those who charge money for a fake service, claiming to provide authorization and ID when in fact, they cannot do so.

  7. Re:I want my free encryption on Ask Slashdot: Does SSL Validation Matter? · · Score: 1


    Encryption and identity have to be tied together. It's a fundamental aspect of the mathematics. If you can't verify identity on an insecure channel, encryption is useless

    No. Your base assumptions are wrong. The thing is you can't verify identity. I break into your server. I take your cert. I throw it in my apache directory. I pwn your nameserver. Now, I am you. None of these steps take a rocket scientist.

    Or, I break into the user's computer, even less to do. Now I compromise the browser end. It says its talking to party2 --- but it isn't, because I rewrote the browser code; or maybe you're not even actually running the browser, or maybe I'm just stealing your keystrokes, or maybe I physically stole your computer, or I have a gun to your head.

    If identity and authority on either end is compromised -- which certs CANNOT protect against -- the channel is equally fouled up. But they can STILL ensure that the intermediate channel itself is free from onlookers, even if one or both ends are wearing bad hats.

    What encryption does -- ALL it has EVER done -- is secure the channel between the two servers from INTERMEDIATE spying; it has never secured either end as to identity or authority. The identity function of certs is 100% bullshit -- and it's always been bullshit. No matter what lengths you go to. It's a scam, lies by people whose goal is scamming money from cert users, and you, sir, have been scammed at the most basic level, that is, you're deep into trying to understand the tech when the entire concept was dysfunctional before it even got out the door.

  8. The scam will always win -- its all about the scam on Ask Slashdot: Does SSL Validation Matter? · · Score: 5, Interesting

    1) Stop selling the idea that certificates "verify" who you're talking to. They don't. They never did. As soon as I compromise your server -- easily done, as history shows -- I have your certificate. If it is remote across your network, a little more work, but still, soon I'll have it. Now you have still encryption of the intermediate channel, but the wrong person is catching the data.

    2) Tell the truth for once, and let people know that certificates provide encryption of the intermediate channel, hardening ONLY that channel against interception (but NOT proofing it.) ID is NOT provided, only an invalid assumption of ID built out of the lies of Verisign and its co-scammers.

    3) Stop "allowing" certificates at all. We can easily make them at zero cost, and we should. The whole "Verisign" thing is a complete and utter scam, and always has been, one with the collusion of the browser makers with the fake warnings and "scare the user" policies. Giving ownership of the encrypted data channel to profit making operations was a stupid, stupid move, and has served only to cripple e-commerce from the day it began -- it's one more useless and endless cost for the small entrepreneur to have to absorb, and therefore in the end, the consumer. Further, it has evolved into a higher stakes / cost game of buying that little green verification bar in some browsers. Scams upon scams.

    ...but of course, this will never be fixed, because the whole "that's who you're talking to" scam is big, big money (extorted from merchants and others who want to provide encryption to the general public), and big money wins out over reality every bloody time.

    Doesn't matter how "smart" the people are working on this. They'll go with the money.

  9. Re:Easy reason on Wikipedia Losing Contributors, Says Wales · · Score: 1

    For the smart ones, their first experience with a divorce will generally do it.

  10. Slashdot as a model for wikipedia? Please. on Wikipedia Losing Contributors, Says Wales · · Score: 1

    By using metamoderation and karma system.

    Slashdot has *exactly* the same problems -- unfair moderations, an ultimately ineffective meta moderation process, complete lack of accountability for the official editors, wrong-headed bans, known, repeated misbehavior on the part of the official editors; part of this is because of secret moderation (not anonymous -- I don't care who an editor *is*, but I sure want to know which specific editor is responsible for a bad moderation so their reputation on the site may be associated with their actions on the site), there's more too, but it's pointless to go into -- slashdot is run as an authoritarian, top-down system where far too little care has been used in selecting the all-powerful top tier, and consequently we get extremely bad moderations in bulk quantities.

    Just like Wikipedia.

  11. Re:CK ref: on Wikipedia Losing Contributors, Says Wales · · Score: 2


    Result? Reversion, every time.

    Fuck it.

    Or, if not outright reversion by the site, careful editing of a subject one knows well and are working to make accurate re-edited into oblivion by people who know it considerably less well.

    And then there are the "locked" subjects, where really poorly put together subject matter can become perpetual; you couldn't fix it if you wanted to.

    It's one thing to be asked to contribute to a global knowledge resource; it is quite another to do so and have your work tossed aside for all the wrong reasons, or be locked out in favor of someone considerably less qualified than you are.

    There is a vast swath of the population that is poorly informed (to be kind) and the idea of editing open to all is never going to fly as long as no one oversees the quality of people's work; on the other hand, if the clueless and/or deluded are in charge of such oversight, it can't work well either. I think it would take a very, very careful set of policies and people -- and a solid review process -- to make this work any better than it does (which isn't very well, frankly.) Add that to the sheer amount of data involved in a concept like wikipedia... and you get chaos -- no matter how orderly the formatting of the site and the cute little notes about "this article needs..." make it seem.

  12. Here's my take: on Wall Street Predicts Merge of OS X and iOS · · Score: 5, Insightful

    OSX doesn't need -- and never has needed, and likely never will need -- the simplifications and limits that presently show up all over IOS. The current glitch in thinking over at Apple that has informed Lion with IOS like features is, I am confident, in error. On the other hand, the reason IOS needs these limits is because as of this point in time, the hardware itself is extremely limited... fast memory to support real multitasking, video (and main) memory to cache windows, the power budget presently required for same, small space to stuff the OS in, consequent loss of support for things like USB devices and complete bluetooth profiles... these things create IOS's limits; they're not there because they're a better way to do things, they are there because they are one of the only ways to do things, given the present environmental limits.

    But electronics, if nothing else, follow a fairly predictable path of increasing compute and display power in less space with a lower power budget. So IOS can -- and therefore should -- leave its limits and its modality behind, bring the capability to do more complex work with it. OSX, on the other hand should continue forward -- not backwards into ISO land.

    Finally, since access to Apple's App Store software library isn't open to competing tablet manufacturers, they (the competitors) are likely to strongly differentiate their tablets with USB, broad bluetooth support, a real filesystem and related file management the user can get at if they like, memory cards, and so on... putting some pressure on Apple to do the same (and thereby bringing over already existing OSX capabilities.) And of course consumers like more features -- the more they can do on an iPad, the better they will like it, as long as it doesn't get in the way of the things they could already do. That's the design challenge, but I don't think it is a challenge that Apple will have any trouble at all meeting.

    So yeah, we will almost certainly see a merge, eventually. But hopefully it won't be IOS into OSX; just the opposite.

  13. Re:Thus spoke Ben on Facebook Exec: Online Anonymity Must Go Away · · Score: 1

    Well said, sir.

  14. Re:Thus spoke Ben on Facebook Exec: Online Anonymity Must Go Away · · Score: 1

    Anonymity does indeed detract from the message in this type of case.

    But, see, that's not because the message is worth any less -- that's because you're stupid and you prefer argument from authority.

  15. Re:Thus spoke Ben on Facebook Exec: Online Anonymity Must Go Away · · Score: 1

    That's fine, IF, and it's a big if, Chris Smith wants you to find him. So Chris should be able to, if CHRIS wants to, to use Chris Smith as his name..... OR FUCKING NOT!

  16. Re:Thus spoke Ben on Facebook Exec: Online Anonymity Must Go Away · · Score: 1

    c'mon mods, pay attention --- mod parent up. Spot bloody on.

  17. Uh oh, I've awkened a mommas boy... on 3D Printing and the Replicator Economy · · Score: 1

    So you sell your house to someone, and it collapses and kills them?

    My house is far LESS likely to "collapse and kill someone" because the materials it is made out of are significantly stronger and better braced and better fastened than anything you're likely to find as the output of a typical contractor. Even the stairs have triple the usual support (3x 2x10" + trusses, like bridge construction.) It is LESS likely to burn, because it actually has excellent built-in fire suppression systems, not to mention it has exactly ZERO electrical junctions within its walls and all electrical AC cabling is heavy gauge to 20 amp outlets, where every single load has its own breaker AND sub-breaker, not to mention GFI outlets on just about every line. The floors are thrice as thick, and the trusses that support them twice as dense and a third again as hefty, as the code would have a contractor use. You could park a loaded pickup truck in my bedroom and the floor wouldn't deform. Building to code is FAR less strict than what we did here; my home makes any "standard" built home look like the proverbial pig's straw house.

    Or your own family members get injured or killed because you don't know how to install a furnace?

    Again, you leap to unwarranted assumptions. I know exactly how to install a furnace. I don't need any help doing it. At all. If I had to, I could *build* a furnace, including a modern safety ignition controller and sequencer. As it happens, I didn't build ours -- there were acceptable units available -- but I *did* build the power failover system for it. When the power fails around here in the winter, guess whose house still has heat and power for critical utilities? That's right: mine. Safe as heck, too.

    Should that be only up to you?

    In a word, yes. It's mine. Not yours. You are not my mother. It's MY decision if I want to hand off that responsibility to a third party, and I don't -- because standard construction techniques bring numerous inherent flaws and shortcomings that I don't intend to have in my home. If I sold my home to you (not likely, it's willed to my kids), no matter who, or how, it was built, you should inspect every detail about it before you commit to buying. And you could; every wall interior and floor interior is safely and easily accessible, every fastener can be non-destructively removed and re-applied, every AC line has pre- and post-attachment resistance test points, every breaker has a current monitor, every inch of plumbing, in and out, is accessible right to the city-owned lines, all non-power cabling is routed sensibly and may be removed, updated, etc., with almost no extra work. The exterior is covered with fireproof material, as is the roof, and again, there are appropriately located fire suppression systems even so. The roof structure is comprised by double the number of trusses that are "standard" for its size (which is quite large), and they are enhanced with three types of specific reinforcement for high wind survivability (this is tornado country.) The windows are multi-layer Lexan, the exterior doors steel, and the house is equipped with 16-channels of security monitoring onto several terabytes (several days worth) of recordings. The exterior insulation FAR exceeds the norm (both in thickness and in R value) for this latitude, is non-toxic, fully removable and fully maintainable because as I mentioned previously, you can get into any wall without a problem and I designed it so that it would be maintainable.

    And you know what? There are a lot of places in the US where I could not have built this house this way. Because "the community" is stupid. It acts by rote; not by thoughtful cognition. I'd just as soon y'all stayed as far away from me as possible.

    The community most definitely has a responsibility to prevent construction incompetence from hurting or killing people

  18. Re:Why do I need a newer version of XP? on Windows XP Market Share Finally Falls Below 50% · · Score: 1

    Same way I run XP; VMware under Leopard; I sandbox XP away from the Intertubez, I keep a nice saved copy of the VM, and no worries at all.

    What's really fun is when I'm running XP under OSX in a VM, and under XP, I'm running my 6809 emulation, and in the 6809 emulation, I'm running the debugger. It's like the "13th Floor", only better.

  19. Re:Yes, but... on Windows XP Market Share Finally Falls Below 50% · · Score: 2

    Maybe by then the windows-XP-compatible project will be mature. :^)

  20. Re:Won't have it all on 3D Printing and the Replicator Economy · · Score: 2

    If all else fails, you can hit them over the head with the printer.

  21. maker weapons on 3D Printing and the Replicator Economy · · Score: 1

    Hard to make plastic guns with explosive propellants; not so hard, perhaps, to make one with an accelerator track (or tracks) in it. The power supply is the main problem there, but ultracaps are moving slowly ahead too... imagine a relatively svelte sintered iron dart as the projectile, carrying something toxic at the tip, for instance.

  22. Re:Replicator economy or peak employment? on 3D Printing and the Replicator Economy · · Score: 1

    This: Non-AI Robots.

    Most work is very simple in nature; they can do it. That can improve things a great deal.

  23. Re:Replicator economy or peak employment? on 3D Printing and the Replicator Economy · · Score: 1
  24. Re:"Business As Usual, During Alterations" on 3D Printing and the Replicator Economy · · Score: 1

    You LEGO house needs to be structurally sound.

    Only to the degree that I determine it needs to be. Artificially enforcing community rules can disqualify anything.

    It needs to be fire resistant.

    No it doesn't; for instance, wood isn't fire resistant, yet makes superb homes. The house just needs not to be set on fire. Otherwise Darwin steps in.

    The plastic must not off-gas toxic fumes.

    Um. Well, depends on what you mean by "toxic." If we're talking *actually* toxic, that is, you get sick or die if you inhale them, then yeah, of course. Nylon sintering already meets this goal. If you're talking your basic flaky new-ager who throws a fit at the smell of a new car... yeah, something's toxic all right, but it isn't the material.

    All this and more has to be documented and certified in a way that will be persuasive to your local zoning board, building inspector, real estate agent, your Savings & Loan.

    Well, no. Wrong approach. What we really need to do is get rid of said zoning board and building inspector, not to mention the legislators that are under the mistaken impression they can legitimately tell us what we can do on our own property.

    Many places in the country are worse than others re zoning; I built the interior of my house -- the walls, I'm talking about -- out of wood, not sheetrock and so forth. Why? Because wood is a much better (stronger, multi-use, considerably more extensible) building material with integral structural properties sheetrock can't even hope to match. Not as fireproof as sheetrock, but then again, I didn't build my home in order to see how well it burns or to impress some inspector with his head up his ass. Instead, I built in fire suppression systems, and my home is WAY better than most others built today.

    We are vastly over-regulated and over-controlled. It's a racket.

  25. Re:stock up on bullets EMP don't work on them on 3D Printing and the Replicator Economy · · Score: 1

    When a significant amount of the frontal mass of the incoming projectile explodes into vapor, that's going to have an effect on both the trajectory and velocity. Do it far enough out, you should be able to dependably drive the bullet into the ground or off to the side before it reaches its target. Larger bullets take larger barrels, more propellant, kick harder or require more complex gas venting to somewhat control the kick, are harder to keep on target if handheld (kick and venting both typically foul up aim) -- at some point, they aren't all that practical for anything but mounted weapons. When you have a mount, you're at a point you can fire projectiles lasers can't stop anyway. Like an M1 120mm sabot round...