Slashdot Mirror


User: nine-times

nine-times's activity in the archive.

Stories
0
Comments
11,859
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,859

  1. Re:Easy slashdot links on Spammers Sue Spam Victim For $4 Million · · Score: 2, Funny

    Thanks for the referral! I've been looking for a way to plan my next vacation, so I'll have to try these fine companies out.

  2. Re:A question worth asking on MS to Trade Passwords for 2-Factor Authentication · · Score: 1
    I don't think they are the hardest to steal at all, I would argue that they are the easiest

    Again, they're hard (if not impossible) to steal, even if it's easy to get someone to give them to you. And no, it's not hard to get someone to lend you their key-cards either. Even though it's a thing they can hold in their hands, how long will it be before someone says, "Eh... I left my card in my other pants, but I really need to log in, can I borrow yours?" or some such thing. Users will give that up as easily as their password. Therefore, that users will "give it up" is not an inherent inferiority of the "something you know" factor.

    Part of the reason why "something you have" and "something you are" are easy to fake and therefore "hard to implement" is that it's hard to make a system that will read something physical easily and reliably without getting false positives or being "fake-able".

    The concept of "something you have" is not new, so let's compare passwords to an similarly simple "something you have": people have had these things called "keys" for years.

    • It's really not that hard steal keys, whereas passwords can't really be stolen.
    • Both passwords and keys can be given.
    • You need machinery to copy keys, but it isn't hard, nor is that machinery rare. Passwords are copied automatically by being given.
    • You might write a password down, but that's almost an example of "giving" to anyone who would take it. It amounts to leaving copies of your keys for anyone to copy on a whim.
    • Passwords can be cracked, and key locks can be picked.
    • Passwords can be guessed based on knowledge of the user, and a locksmith could try to make the key based on his knowledge of knowledge of the lock.

    Now, the idea of an ID card isn't new either. You could print a bar-code on a piece of plastic, but that's pretty easy to reproduce. It's hard to make a good fingerprint scanner that will give you enough leeway to read your prints even if you have a paper-cut or some dust or the skin is stretched a slightly different way, but that can't be fooled. Part of the reasons there aren't standards is that it's really complicated to come up with a good system.

    It's because the simple versions of these technologies are easy to get around that such expensive and complex technologies are required. And that's at least a large part of the reason why the "something you have" and "something you are" factors are, as you say, more expensive and harder to implement.

    (and putting "generally" in front of it doesn't change that)

    I was going to let this go, but that's really rude and snotty. In case you didn't notice, I wasn't adding "generally", I was quoting my original post. As a matter of fact, putting "generally" does make it a more true statement, as it admits exception. Your response, however, didn't really add anything new, and in my estimation amounted to, "sorry, I still disagree, and I'll repeat what I originally said." Well, I still believe that the "something you know" is not inferior to the other security measures merely by being "less cool", and repeating yourself isn't going to change that.

  3. Re:A question worth asking on MS to Trade Passwords for 2-Factor Authentication · · Score: 1
    The reason it has been passwords for so long is because they have been the cheapest and easiest to implement.

    Well, I'd say that's *a* reason why they've been used for so long. I would say that *another* reason why they're used is the reason that I said.

    Also, I would argue it's much easier to steal a password (social engineering or brute forcing in some cases) then it would be a token or a biometric.

    You're right, in a sense. However, in another way of looking at it, a password always needs to be given, and can't really be taken. In order to be able to leave a password lying around, you first need the extra step of "giving" it by writing it down. Someone can trick you into telling him your password, but likewise someone can trick you into giving him your keycard.

    So, yes, a keycard requires a certain level of physical access to steal, and therein lies its advantage over the "something you know" factor. However, until there is an effective way to read minds without the subject knowing, the "something you know" factor will also have its advantage over the "something you have factor".

    Likewise with Biometrics, in that the "something you are" factor is really a "something you have" factor that isn't easily removable from the subject. However, biometrics have the unfortunate factor of being readable and measurable publicly. We walk around with our faces and hands exposed, so the possibility of someone reading your biometrics without your knowledge is there, and then replicating your readings is more a technological issue than an inherent impossibility. And in the case that your metrics become "in the wild", it's not a simple task to change them. So again, they have their advantage and disadvantage.

    BTW, I'd consider "generally hardest to steal, hardest to fake, and easiest to change" as part of the explanation as to why they're cheapest and easiest to implement.

  4. Re:A question worth asking on MS to Trade Passwords for 2-Factor Authentication · · Score: 5, Insightful
    A password and a key, or a fingerprint and a smartcard, etc. Basically oyu have three ways you can authenticate yourself:

    Something you have (a key, a smartcard)
    Something you know (a password, a PIN)
    Something you are (a fingerprint, a voiceprint)

    It's much more secure to use two of those than it is to use just one. Each one has a failing, security wise, and it's different than the failings of the others. So if you use two, you make it much less likely that someone will be able to compramise your security.

    On a side note, although the idea of biometrics and keycards sounds cooler than a password, there's a reason why computer security has been using the "something you know" for so long. Of the three, it's generally hardest to steal, hardest to fake, and easiest to change (in case someone else does gain access).

    I'm not arguing that using 2 (or 3) factors won't be generally more secure than using 1, but people do tend to be quick to jump on the bandwagon of shiney new things, and the fact is that a good password is a good start to a good security setup.

  5. Re:Like, render Slashdot the same way every time? on Opera Lays Down Acid2 Challenge · · Score: 2
    That being said, I think some sort of Ultimate Browser Agony Test is a good idea.

    Agreed. What's surprising is that this apparently hasn't already been done. Or has it?

    It seems to me that creating such a page should go along with setting the standards in the first place. I mean, when the w3c settles on a standard, don't they create example code and explanations for how things should be rendered? When developers are creating their HTML renderers, don't they test out there renderer against some sort of page that uses tricky examples to make sure it renders properly? Doesn't someone have a page or set of pages lying around already?

    If not, it seems a reasonable suggestion that when the standards are being divised and hashed out that a set of examples are created to illustrate how rendering should happen, if for no other reason then to diminish ambiguity as to what the standard specifies. The same way W3C offers HTML validators, could they offer a browser-standards-compliance validator (even if it wasn't fully automated but required visual verification)? Or is there some reason why that's a bad idea?

  6. Re:Audio corollary on Flickering Curiosity? · · Score: 1
    Wow. This little thread is quite a revelation for me. My parents were always turning off the cable box and leaving the TV on, and I never understood how they could stand the noise. I'd walk in and hear the TV from the other side of the house (I can hear the whine of the TV from much further away than the volume being put out from the speakers), so I'd expect to find them watching. When I came into the room and found them reading, I'd be shocked, turn off the TV, and mutter something about, "Why do you just leave the TV on like that?!"

    I guess it never occurred to me that they didn't know the TV was on or even that other people couldn't hear the sound. I had just assumed it was some function of them being old and technologically illiterate.

  7. Re:Yes on Apple Developing Two-Button Mouse · · Score: 2, Insightful
    Frankly, I'd be very surprised if Apple chose to release a mouse that wasn't a stanard USB HID device with the normal buttons. They're pretty good about that sort of thing these days.

    Frankly, I'd be surprised if Apple released a completely standard two-button mouse without putting any kind of a twist on things. They're pretty good these days about adhering to standards, but they also like to innovate rather than releasing old, clunky designs. Along with everything else, it doesn't seem to me that there'd be much of a point-- there are already plenty of vendors of 2-button USB mice to choose from, so why bother reversing their position if they weren't going to do something interesting?

    I guess they might do something like detect it by device ID and select different default behaviour though...

    No reason why they couldn't, given that they would control both the hardware and the OS...

  8. Re:Brilliant on Google and Their Server Farm · · Score: 1
    I imagine that the reason Apple runs iTunes the way they do is because of bandwidth. In short, they probably don't want people re-downloading their songs whenever they want to listen to them since (I'm guessing) a lot of the day-to-day operating costs for iTunes come from bandwidth. So they say you get 1 download, and then you're on your own to keep that copy safe.

    I agree that I'd be nice if Apple would allow you to re-download songs that you might have lost, as long as you didn't abuse the system (maybe they could track requests and look out for repeat offenders?). Honestly, though, I'm not sure they don't do this so some extent. I know when my downloaded version turned up corrupted when I tried to listen to it, I complained and they let me download a new copy. However, I've never asked them to let me re-download 100 songs that I bought 6 months ago, so I don't really have any idea what the response would be. (if I had to guess, I'd guess they'd say no)

  9. Re:Yes on Apple Developing Two-Button Mouse · · Score: 1
    First, I don't know what you mean by this term "a real mouse". Apple users have been using imaginary mice, or what? Second, I wasn't questioning whether existing 3rd-party 2-button mice are set up, by default, to bring up a context menu with the second button. I was wondering whether, given that this is just a rumor and we don't yet know much, it might be possible that the Apple 2-button mouse wouldn't work the way existing 3rd-party 2-button mice do.

    And not to be repetitive, but part of the reason I ask this is because Apple has never made their context menus particularly useful, let alone necessary. Generally, the best use of an additional mouse button might be for some other function, such as an Expose function, which might lead us to question whether the mouse will even be set up like existing 2 button mice (two equal buttons, right-click and left-click).

  10. Re:Increase in functionality on Apple Developing Two-Button Mouse · · Score: 2, Interesting
    Probably because you gain a *lot* more functionality/convenience from a two button mouse, and arguably quite a bit less from three.

    I've been wondering, though, as I've read this thread, will the second mouse button be used to bring up context menus?

    I mean, is Apple simply giving in to the pressure, or are they doing something else? Honestly, as an OSX user, I don't find the context menus in OSX that useful. Giving quick access to context menus... I can to without it. If you give me a three button mouse on OSX, at least one (maybe two) are going to be for Expose functions. If I use a button for anything else, it'll be for opening pages in new tabs while browsing the web.

  11. Re:the link is one-time on Gmail Goes Public · · Score: 1

    Yeah, in case anyone's confused, Gmail still isn't exactly public. It's still saying "beta", and if you go to gmail.google.com, there won't be an option to "sign up for a new account" yet. It's just that it's really easy to get a Gmail account, as though it wasn't easy enough already.

  12. Re:Two questions spring to mind: on Ask Mozilla Foundation Chief Mitchell Baker · · Score: 1
    If it was stated on the roadmap 2 or 3 years ago that there would be no Mozilla 1.8...

    No, 2 or three years ago, there wasn't going to be anything after 1.4, but things had to be pushed back because Firefox and Thunderbird too longer than expected to reach version 1.0. However, it was stated publicly that Seamonkey would be discontinued after the stand-alone apps were complete. IIRC, there were rumblings at the time that 1.7 was designated the new stable branch that it would probably be final.

    Criticize all you want, but big organizations would be eaten alive by their customers if they pulled something like this. Microsoft has trouble discontinuing Win98 support YEARS in advance.

    It's not exactly the same thing, though, is it? Microsoft has gotten some flack for wanting to cease creation of security updates on old versions of Windows (which it's reasonable to think that, at some point, they would cease support on Win98), while Mozilla has pledged to continue security updates on Seamonkey. So it's not like Microsoft dropping support on Win98, it's a little closer to Microsoft choosing not to release "Windows 98 Third Edition" or "Windows ME Second Edition" (whichever would be the next version that they didn't release).

    I don't think it's fair to simply bash Mozilla for their mistakes, but I believe they could have dealt with the situation better than they did, and it would benefit the project if they learned how to handle these situations better, especially now that they're getting the attention of the public in general.

    I don't think the "public in general" is much of an issue, given that all that attention Mozilla has been getting recently has been directed at Firefox and oblivious to Seamonkey. However, I would agree that there is some sort of problem, given that developers were somehow caught off-guard. I mean, somewhere, somehow, there was a breakdown in communications.

    So that brings me back to my question: Why do you think this caught people so off-guard, given that the Mozilla Foundation announced its intention to do so several years ago, and it has been clearly stated on the development roadmap for 2 or 3 years? What could you have done to be more clear?

    Because, somehow, I was aware of this without being a Mozilla developer, by only reading public statements and the development roadmap. So is the problem that developers don't read the roadmap and don't read the Mozilla Foundation's public statements? Should Mozilla have put extra notices in places like in Bugzilla where developers would be more likely to read them? Is the problem that Mozilla talked about this too infrequently, leading developers somehow to believe they had changed their minds about focusing on Firefox/Thunderbird? Or did Mozilla just not ram it home enough times to get through to developers who were in denial about things that were publicly stated?

    I really don't know what the answer is, but perhaps Mitchell can hazard an guess.

  13. Re:I can answer that one for you on Ask Mozilla Foundation Chief Mitchell Baker · · Score: 1
    Well, it's not so much that that's a problem (I don't even use chatzilla), but I am still curious as to whether the Mozilla Foundation has any intention to release their own stand-alone app.

    Someone has made a calendar extention to Firefox/Thunderbird, but Mozilla is still making Sunbird. Someone has made an extension to edit html, but we're still asking about composer.

    So, I'm not complaining, and it's not as though I can't find a calendar or HTML editor or chat program. Still, I'm curious about whether there are other apps in the pipeline.

  14. Re:Too little, too late on AOL Changing IM Terms of Service · · Score: 1
    Foiled again! I'll get you Microsoft, you and that dog of yours!

    hmmmm... maybe then I'll construct a language where I'll drop consonants from the ends of my words, and on occasional words, I'll take the first consonant-sound of the word I mean to say, and replace the rest of the word with "izzle". It'll be so inane that Microsoft will never guess it....

    fo' shizzle.

  15. Re:I can answer that one for you on Ask Mozilla Foundation Chief Mitchell Baker · · Score: 0, Redundant

    In a related issue, I'm curious generally whether Mozilla intends to take on projects to create stand-alone apps to complete the functionality of the old suite (as mentioned, a composer and stand-alone chat app) or give those functions up for others to handle, as well as whether there is any talk or plans for new applications.

  16. Re:I can answer that one for you on Ask Mozilla Foundation Chief Mitchell Baker · · Score: 1

    "...as an official Mozilla Foundation project..."

  17. Re:Two questions spring to mind: on Ask Mozilla Foundation Chief Mitchell Baker · · Score: 3, Insightful
    What do you think about asking this:

    Why do you think it is that so many people continue to claim that the Mozilla suit was "cancelled" when the Mozilla foundation has just spent several years upgrading the suite to a new code-base which breaks the suite from a single executable into stand-alone applications?

    Why do you think this caught people so off-guard, given that the Mozilla Foundation announced its intention to do so several years ago, and it has been clearly stated on the development roadmap for 2 or 3 years? What could you have done to be more clear?

  18. Re:I can answer that one for you on Ask Mozilla Foundation Chief Mitchell Baker · · Score: 2, Interesting

    How about asking if the Mozilla Foundation has any plans to take on Nvu as an official MoFo project, if the MoFo has plans to work with Linspire on updates/integration, or perhaps even just generally, "Hey, what's the deal with Nvu?"

  19. Re:Irony vs Coincidence on The Fate of The Free Newspaper · · Score: 2, Informative
    Well, technically, coincidence only means 'things that happen together'-- or any occurrence of things which co-incide.

    It became a common usage to talk about things which seemed connected but were not as "mere coincidence", meaning the fact that they happened together only indicated that they happened together, and nothing else. However, this grew into a colloquial use of the word "coincidence", all by itself, to mean "an occurrence of multiple events which seem connected but are not," which is, perhaps, the most common usage.

    Irony, on the other hand, has many senses. The generally accepted idea behind irony is that what occurs somehow opposes what was expected to occur. Therefore, a coincidence can be ironic if it is somehow unexpected or contrary to intuition.

    Perhaps ironically, the association of "coincidence" and "ironic" as synonyms may have come from conventions of ironic (sarcastic) speech-- i.e. the phrases "what a coincidence..." and "that's ironic..." can both be spoken sarcastically to emphasize that two events are connected in exactly the way they seem to be.

  20. Re:Apple? on LinuxPPC64 Contest · · Score: 1
    I was wondering that myself, but I guess then there's the question: how many vendors are there selling PPC-based desktops?

    Are there any that move anywhere near Apple's volume? So maybe in that sense, there's a de facto association, even if not a necessary one.

  21. Re:Maybe there should be an edit... on AOL: We're Not Spying on AIM Users · · Score: 1
    I've been wondering, does AIM traffic even go through AOL's servers? If so, does it need to?

    It seems to me that you could have enough going on on their servers to monitor online/busy/away status and such, but when you go to have a conversation with someone, AOL just points the client software in the direction of the other guy, and the rest is a direct connection to clients. Until reading this, I guess I had assumed that that was what IM clients were doing, since I'm not sure what the point of transmitting the messages through AOL would be.

    Any thoughts?

  22. Re:Let us thank, not criticize, Gnome Developers on GNOME Ignoring its Own Users? · · Score: 1
    As I said, I never billed my projects "enterprise product". Many open source developers have never claimed so. In fact, most people who claim so are users, not developers (or corporate people who really are selling enterprise products). So why do you keep generalizing and blaming everything on the hobby developers?

    I don't know what products are yours, so if you say you've never billed your products as "enterprise products", I'll just take your word for it. Yes, you're right, many open source developers are working on hobby projects. Also, many hobbyist open source developers are working on non-hobby projects. Gnome isn't a hobby project, whether some of the developers are working on it as a hobby or not.

    And what exactly do you think I'm "blaming" hobby developers for? I'd explain what I was actually saying, but I've already repeated myself a few times.

  23. Re:Let us thank, not criticize, Gnome Developers on GNOME Ignoring its Own Users? · · Score: 1

    As I said in the post you're responding to, I'm not sure the openness of the code has anything to do with it. Responsibility is a funny thing. Sometimes you take on responsibility by your actions even if you've never agreed to take on the responsibility and even when there's no law that says your libel. Like I said, it's one thing to have a little hobby project, and it's another to participate in what's billed as an enterprise product. I'm not sure the fact that it's open source is sufficient to shirk the responsibility you take on by encouraging people to rely on your software.

  24. Re:Call me an idiot... on GNOME Ignoring its Own Users? · · Score: 1

    ...because people have convinced the CIOs and CFOs that FOSS is serious software for use in professional settings? I was trying to point out that it might not be so good for the community to go around convincing everyone that open-source development is only good for hobby projects, since a whole lot of funding comes from these businesses who "don't give anything back to the community".

  25. Re:Fork Gnome! on GNOME Ignoring its Own Users? · · Score: 1

    Great, that's all we're missing... an Apple flamewar. In fact, are there any more raving lunatic zealots we can attract here? Let's just come up with a way to badmouth Gentoo while we're at it.