Slashdot Mirror


User: billstewart

billstewart's activity in the archive.

Stories
0
Comments
7,948
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,948

  1. 1960s/70s Privacy Paranoia vs. Moore's Law on Inescapable Data · · Score: 3, Interesting
    Privacy was a real concern back in the 1960s and 1970s, because computer databases were making it possible to track, bend, fold, spindle, and mutilate people and their credit records, and government agencies were spying on leftists, union organizers, and peaceniks. The US passed lots of laws about fair credit reporting and later the Privacy Act of 1974, and European countries passed lots of laws forbidding data to be handled on computers.

    Computers back then were wimpy - a million dollars worth of 1970 mainframe had under a MIPS of power and required a large staff to feed it and care for it, disk drives weren't bigger than a couple of megabytes, you needed low-density magtapes to store any volume of data. Because of the cost and limitations of the computers and most programming environments, database projects typically took months to years to develop, requiring whole departments worth of people and budget.
    RAM costs per bit have come down by about 6 orders of magnitude since then, CPU speeds increased by about four orders of magnitude (and price/performance by 6-8 orders), disk storage is large and cheap enough that there's a quarter-terabyte of disk in a consumer appliance sitting under my television.

    The big impacts aren't just on how much data can be stored (all of it, basically), but on who can decide to access it for what reason - the database analysis that used to take a department a year of planning is now an ad-hoc query that a random employee can type into a spreadsheet at lunchtime. A cop driving down the road can scan all the license plate numbers of the parked cars and see if anything interesting comes up. An "anonymous tip" can accuse somebody of being vaguely suspicious and get passed along to a list that keeps anybody with a vaguely similar name from flying on airplanes, and even though it would not be difficult to track where the information came from, it's government policy not to do that or not to admit it if they do.

  2. Brin's "The Transparent Society" - video privacy on Inescapable Data · · Score: 1
    David Brin's 1998 book, "The Transparent Society (website) talks about video technology and privacy, and argued that video technology is becoming sufficiently cheap (Moore's Law, blah blah, cheap storage, compression, wireless, blah blah) that we're going to have to deal with nearly-universal video surveillance, and that the important thing to do is make sure that the use of this technology is open rather than closed, with the people watching government and each other rather than the likely alternative, which is the government watching everybody and not letting anybody watch it.

    Of course, that was before George Bush was elected. So there's nothing to worry about.

  3. Scaremonger recycles hype, newsguy recycles story on Beware the iPod 'slurping' Employee · · Score: 1
    A year or two ago, this sort of thing was popular consultant/pundit scaremongering, and the newsies writing the stories without really understanding them were at least writing _new_ cluelessness. By now it's really old hype except that the iPod comes in cool Bono-colored black and the Nano just got its price cut. USB thumbdrives are down to $9.99 on sale for 128MB, USB memory is available in wristwatches and Swiss Army Knives, CDROMs are a dime, or a bit more money for the small pocket-sized ones.

    It was bogus hype when consultants first started copying it from each other (to give them some credit, most of them saw an initial article written by some newsie and reinvented the scaremongering detail themselves, because it's simply not that hard.) By 1999, almost every techie sales person had a Palm Pilot with inadequate amounts of memory, by 2000, WinCE PocketPCs had USB, and by about 2002, most WinCE machines let you use standard-format flash cards, typically CF, so you could get enough memory to copy something useful. But the bogus hype didn't really heat up until the iPod caught on, though the scaremongers had kept busy with digital cameras for a couple of years, even before everybody's phone had one.

  4. Reinventing it *Well* or *Badly*? on Faster Feeds Using FeedTree Peer-To-Peer · · Score: 1
    Feedtree and Netnews both allow users to wrote blobs of text, in specified open formats that originally came from other applications, and use multicast technology to flood-propagate them to a network of servers where a wide range of clients can fetch them for display to people who want to read them. The indexing details are different, and the specific formats are different, and the clients are different even though people have written Mozilla readers and probably Emacs macros for both, but it's really the same problem. Originally netnews was just text, there wasn't any spam, and people complained if somebody put HP or DEC escape sequences in their messages for _highlighting_ as opposed to *ascii* cues like SHOUTING.

    The question is whether Feedtree has done its reinvention well or badly, and whether it can scale adequately as its user base changes, which will happen if it's actually useful. It probably won't have the same scaling stress as Usenet had - the load has increased by four-six orders of magnitude in the last 15 years. I started reading Netnews when there were a few dozen machines on it, maybe up to a hundred, with 1-200KB/day of traffic, and the most common network connections the first few years were 1200-baud dialup modems, and stopped running my own news server when the technical newsgroups carried about 5MB/day. I lost count of how much traffic Usenet had when a full feed passed 45 Mbits/sec (some time in the late 90s, one of my ISPs described the traffic level as "about a T1 if you don't get the binary pr0n groups, or a couple more if you do".) The sizes of servers changed, the way people accessed them changed, the business model changed radically, people like Henry Spencer did amazing work to get Usenet server software to run efficiently as it grew, partly so he could keep using his PDP-11s, somewhat the way people run Linux or BSD to keep older PCs running usefully today.

  5. Hiding in 247000 Google Hits - but world's small on Infamous Emails Don't Always Kill Careers · · Score: 1

    The usual line is that there's no such thing as bad publicity, just make sure they spell your name correctly. Google, of course, will offer to correct your name's spelling, which works if you've got the more common spelling. In more anonymous environments, you get some protection, at least if you've got a relatively common name (I'm not on the first page of Google's 247000 hits, for instance), but if you're in a more specialized field, it's a surprisingly small world, especially if you've been ranting on the net since the early 80s. So people that matter might know you, for good or bad, even though the net's really large.

  6. PDF *authors* want to control presentation on Unipage - A PDF Alternative? · · Score: 1
    Web pages and PDF documents aren't written by readers, they're written by authors. Readers often _do_ prefer HTML, because it gives them control of display format, etc., but document authors who use PDF generally do it because either
    • they're trying to ship a copy of their dead-tree brochures
    • they want to send an exactly-formatted hard-to-modify document so the readers just read it and don't do anything interesting with it, or
    • they've written a paper for a dead-tree publication, where PDF makes sense, and don't want to take the time to reformat it for web pages (which can often be a lot of work.)
    If you think I'm being unfriendly to people who distribute PDFs, well, yes, I am. (:-). PDF is a form of Postscript, a page description language, which has a much different purpose than content description languages like HTML and XML. It's really nice and powerful for describing how to make black or colored marks on dead trees, and if that's what you like, fine, but that's not as useful to the average reader as giving them content.
  7. People have radically different abilities, tastes on Literacy Limps Into the Kill Zone · · Score: 1
    I never had the fine motor control to have good penmanship when forced to spend endless hours on it in second-fourth grades in elementary school. I learned to do draftsman-quality printing in junior high school wood and metal shop, but I don't know how common that is any more - it's a definitely legible style, just as block printing is, but it's not aesthetically pleasing stuff, just functional. It's certainly not the artful penmanship that the school systems wanted us to learn.

    Spelling and grammar sloppiness irk me too, and I use spell checkers to supplement my sloppy typing abilities, not my innate understanding of the atrociously complex rules of English spelling, though grammar checkers mainly have an inadequate understanding of the beauties of complex grammar that our language affords - in general they either catch accidental double words or else bitch about sentences being too long even though they're perfectly correct.

    However, lots of other bright hackers I know don't seem to instinctively grok English grammar or spelling the way they do artificial grammars such as C, Python, etc. It's not just sloppiness, or deliberate leet-speek jargon, and probably not just a lack of education (at least for native English-speakers and Indians) it's apparently a difference in the way they understand language. Frustrating to read, and their lack of use of spell-checkers and grammar-checkers _is_ sloppy, but it's a surprisingly strong pattern.

  8. Sophocles, too. Hey you kids, get off my lawn! on Literacy Limps Into the Kill Zone · · Score: 1
    Sophocles also ranted about kids having no respect for their elders these days. And while I had no intention of being an English lit major in college, I _did_ study Latin in junior high, and German, and Greek in college, and English grammar in junior high when they tried to tell us to treat it like Latin, and Southern English grammar later on, which helped correct that set of pedanticism ....

    The article doesn't say much, but it does point to some other references that were quite insightful, such as the one about email often not being understood because the authors are too often writing egocentrically rather than thinking about how the recipient of their communications would understand what they said. And at least the author doesn't waste more than a sentence or two on LOL/ROFL/etc., which is really just the same HYKGOML kids-these-days rant that most generations of elders inflict on young people's slang and music and evolution of their language. Ranting about 5-second soundbites and the need to think before writing are more valuable.

    It surprises me that he fails to rant about kids not using spell checkers and grammar tools on their writing, since they're obviously close at hand when using most email clients and pretty much transparent.

  9. Meng's SPF Was Supposed to Help This on Meng Wong's Perspectives on Antispam · · Score: 1
    Meng Wong's article doesn't mention SPF, which is ironic since he was the big promoter of it, and it is somewhat helpful against phishing. It's more effective against joejobs, where they need to get your domain name correct as opposed to just getting something you'll believe - fewer people will fall for mail from BankSecurityDepartment@yahoo.com than security@YourActualBankNameSlightlyMisspelled.com , but banks aren't even using SPF to protect against forgeries of their correctly-spelled domains.

    In practice, yes, people are more likely to read mail from people they know, and social-network things are good ways to do filtering, but that doesn't mean we need full default-deny. Even a yes/maybe/spam prioritization system helps - read the mail that's got some reason to believe it's authentic first, and the maybe-box later.

  10. Phishing doesn't require *banks* to send email on Meng Wong's Perspectives on Antispam · · Score: 1

    Even if banks entirely stop sending email, it won't stop phishing - as long as the gullible recipient believes the email, and can give the phisher some information he can use to get money, phishing will work. If the bank provides web access to their account, or the credit card number can be used by itself, and a login/account/password or other static information is enough to access it, the phisher can win. Smartcards, one-time passwords, etc. cut down on the risk, by limiting the phisher's ability to make money to active attacks rather than collecting info and selling it or using it later, but it's hard to say if that's enough. Banks can improve safety by careful use of REFERER variables and captchas and such, but unless they're willing to stop giving accounts to gullible customers, they probably need to do something like client-side certificates.

  11. *Javascript* Security holes aren't just one update on Online Ajax Pages The New Web Desktop? · · Score: 1

    Sure, if somebody you trust makes a mistake in the AJAX application, it's easy for them to update it, whether it's a security fix or just a functional bug. But if Javascript itself leaves your machine vulnerable, which it does, then you either need to turn it off and ignore all the cool AJAX sites, or leave it on and risk that if you visit malware.example.com you'll get handed something that rips your browser to shreds (or at least something that pops up annoying popups - Javascript seems to be the popular workaround for Mozilla popup blockers.) It's dangerous, and needs to be killed or replaced.

  12. Thursday, when Javascript killed my browser on Online Ajax Pages The New Web Desktop? · · Score: 1
    No, it wasn't Google's Javascript - but I had to have Javascript turned on to run all this AJAX stuff like Google maps, so my machine was vulnerable, and
    • last Thursday a chunk of Javascript killed Mozilla in ways that freaked out Windows's window manager, probably with wayyyy too many tabs or too much memory consumption or interrupts or something,
    • today I killed Mozilla myself because something, probably Javascript in some ad window, was burning up the entire CPU, an event that's pretty much weekly,
    • two weeks ago I killed Mozilla because some Indian online newspaper was using Javascript to pop up windows in ways Mozilla didn't block.
    Mozilla lets me turn scripts on/off for browser and for mail/news, but doesn't give me a way to enable Javascript only for pages or domains I trust, and that's a major security hole.

    AJAX lets you make really cool programming decisions about what work gets done in the browser vs. the web-server application, letting us take advantage of things we learned in the 70s, 80s, and 90s, and kept forgetting each time. Gosling's NeWS window manager did similar things with Postscript, which let you really get good-looking WYSIWYG displays, but it was a security and reliability mess, and Java was a way to re-invent some of the good parts while providing decent security models. Javascript has some good programming capabilities, but it's simply not a security model that's trustable, and any time somebody whines about how *they* know how to write perfectly safe reliable Javascript, they need to get whacked with a clue-by-four, because even if they write good programs, leaving Javascript enabled exposes their users to all the malware writers and the much bigger crowd of incompetentware writers out there.

  13. Tell other people not to vote for him on Circumventing CAN-SPAM · · Score: 1

    Of course, you can't do that in a really cheap easy way like sending all his constituents unsolicited email telling them that he's a spammer (or at least, not without diluting your message a lot...) - but it's certainly worth embarassing him in public. He can't see the difference between political spamming and commercial spamming - but he calls himself a "Jeb Bush Republican", so counting is probably not one of his strong points either.

  14. Compliance is trivially easy on Circumventing CAN-SPAM · · Score: 1
    If you read the terms of CAN-SPAM, compliance is trivially easy. And a "valid physical postal address" just means that the Post Office can figure out where to deliver it - it doesn't mean that the miscreant sleeps there. Doesn't even need to be in the US.

    I've tracked down one spammer's WHOIS registrations and got the address of The Company Corporation in Delaware, which is the canonical place to spend $100 to register a Delaware corporation - so there's a file folder in a desk drawer there that has the registration information for Annoying Spammer Inc, and that's where the bill for annoying-spammer-example.com has their domain registration. And if the US Department of Justice were serious about prosecuting spammers, this corporation might find their corporate charter papers shipped down to Guantanemo Bay and waterboarded, but nothing would happen to the stockholders except they'd lose the trivial value of their stock and half a month's lease on a PC in colo space somewhere - and they'd probably spend another $100 to go start a new company, Another Annoying Spammer Inc., lease another PC in another colo space, and get back to work.

  15. Diffie-Hellman Ephemeral Keys for Forward Secrecy on New Secure IM Client from NTT Due this Year · · Score: 1
    So here's the main difference - OTR uses Diffie-Hellman key exchange to create an ephemeral session key, and when the session's over both ends can discard the key. DH is an older technique than RSA, and works differently.

    In RSA-based systems, like PGP and most implementations of SSL, etc., Alice creates a secret session key, encrypts it with Bob's public key, Bob decrypts it with his private key, and then they can talk, but if Bob's private key is compromised in the future, an attacker can decrypt the encrypted session key.

    In Diffie-Hellman, Alice and Bob each create a secret half-key, send a hash to the other side, and combine their secret half-key with the hashed half-key they received from the other side. Because the hash is exponentiation in a prime field with an appropriate generator, each side recovers the same combined session key, and they can delete the secret material once they've got the session key. (There aren't many functions that are reversable this way - elliptic curves have some similiar functions.) To prevent man-in-the-middle attacks, one standard approach is to use a digital signature public-key system to sign the hashed key-parts, but in many environments you can use other methods, such as comparing the session key (or a hash of it) to make sure you're both using the same session key with each other instead of using different session keys with the man in the middle. There are a variety of ways to make this more complex - it's not uncommon to have a publicly known modulus and generator that's used to set up an initial session, which is then used to negotiate crypto parameters, identities, etc. for a second DH session that carries the real traffic.

  16. Google and Hotmail win if Goodmail goes bad on AOL and Yahoo to Offer Filter Circumvention · · Score: 1

    AOL is betting that their paid subscribers will be happier if this works. Yahoo is betting that their free-beer subscribers will be happier if this works. If Goodmail allows too much spam to get through, AOL and Yahoo will lose customers to GMail and Hotmail and other free-beer mailbox providers, and maybe other paid providers, so they've got an incentive to make sure Goodmail doesn't support spam. At a quarter-cent per message, they'd need to allow 4000 messages to make up losing for a $10/month subscriber, and if I got 4000 spams in a month, I'd be long long gone. (Not from Yahoo - my free-beer accounts would sit there unused and happily accumulate spams...) But AOL supposedly gets only 25% of the revenue and Goodmail gets the rest - so AOL would need to allow 16000 paid spams/month, about 500/day. Not gonna happen.

  17. Tighter filters on non-certified bulk mail on AOL and Yahoo to Offer Filter Circumvention · · Score: 1
    How this is supposed to work is that the ISPs whitelist bulk mail from Goodmail and tighten up their spam filters on bulk mail that's not whitelisted, and Goodmail certifies that their customers are not spamming, partly by enforcing policies against spamming (complaint-tracking etc.) and partly by charging money per message, which gets rid of the lower-value spam. Goodmail's policies for confirmed opt-in mail strike me as somewhat wimpy, and their complaint-response speeds seem fairly slow, but they're better than nothing, I guess.

    If banks, eBay, Paypal, and credit card companies were to all start using Goodmail certification, AOL and Yahoo could trash any uncertified mail claiming to come from them, which would make a big difference in phishing traffic - but they could do the same thing today with SPF or DKIM, and you'd think that Paypal would be more willing to adopt SPF or DKIM for free than to pay money to Goodmail.

    But don't worry - spammers would *never* copy Goodmail's certification logo - that would be Trademark Violation!

  18. Yahoo's plans are much more annoying on AOL and Yahoo to Offer Filter Circumvention · · Score: 1
    I'm much more annoyed that Yahoo is planning to do this than AOL. The only people I email on AOL are a couple of family members that I send mail to directly, and if I need to reach them in a hurry I can call them on the phone.

    But lots of people use free Yahoo mail as a disposable contact address, and I run a small social mailing list that already has occasional trouble reaching Yahoo subscribers, using majordomo on a friend's static-DSL Linux box. At least Yahoo has the decency to bouncegram some mail it's rejecting, which apparently AOL doesn't. Unfortunately, it doesn't provide useful feedback about what it's objecting to, and doesn't have useful contacts other than the abuse@yahoo blackhole to ask about it.

  19. Run as Admin vs. Install as Admin, run as User on UNIX Security: Don't Believe the Truth? · · Score: 1
    Windows LUA does have a lot of knobs to tweak and opportunities to do things more or less securely. I try to run my home machine as Dumb User, and only log in as Root when I need it, but my wife has enough critical applications (e.g. tax software) that she doesn't like to run her account as non-Administrator (sigh.) A big issue appears to be what activities need to be Administrator:
    • Some software doesn't run at all if you're not Admin.
    • Some software needs Admin to install but runs just fine without it.
    • Some software needs Admin to install, doesn't need it to run, but needs Admin to install update versions that show up periodically.
    • Some software needs Admin to install, and creates separate user data for each user - so my WinXP install of iTunes has separate databases for "bill's music" and "root's music", which is really annoying....
  20. Telescopes of Unusual Size? on Scientists Expand Knowledge of Dark Matter · · Score: 1

    I don't believe they exist....

  21. AOL's pretty rough on mailing lists already on AOL to Charge Senders for Incoming Email · · Score: 1
    From a mailbox provider standpoint, the main differences between bulk mail sent by a commercial sender, a non-commercial friendly mailing list, and a spammer aren't technical* - they're the extent to which your subscriber will be grumpy if they do or don't receive the mail, and the success rate in contacting the sender about delivery problems. AOL's already aggressively on the side of rejecting mail even if it might not be spam - I see lots of complaints from people on various discussion lists about how their mail is getting silently rejected (there are ways to get it noisily rejected instead, but it's still annoying, and the automated whitelist stuff has a reputation of flakiness.) This will just make it worse for non-commercial mailing lists, where there's no obvious funding model, and extort money from commercial mailing list providers.

    * Ok, for some spammers there _are_ technical differences, and that makes them easier to detect and reject - things like using open relays, or known zombies. But it's the less obvious spammers who are the problem. And some of the technical differences detectable about some spammers, such as running mail servers on home broadband machines, also disproportionately affect Linux users and other people who run real mail systems at home.

  22. Audio Voicing vs. Literary/Textual Voicing on Choosing Your Voice For Online Gaming · · Score: 2, Interesting
    When I saw the article title, I was expecting it to be about audio voicing - using voice chat systems, or picking what text-to-speech voice to use, or (for game designers) picking what kind of voices to have the characters speaking in.

    Instead it's really more about voicing in a literary sense - picking what to say based on the social context - and to some extent about textual expression such as '1337-sp33k. That's ok, but for me it didn't seem to go that deep - MMORPGs are catching up with the MUD world in that aspect, or maybe have gone beyond it, and then there's a big fuzzy boundary between MUDs and LiveJournal/ilk.

    I don't play the particular games used in the examples, but it's sort of obvious even to a socially inept introvert that there are some games where you should say things like "Eat Hot Flaming Death, Suckah! Bwahhahahah!" while fragging strangers or friends and other games where you don't do that, such as the racing-game example the author gave about apologizing for getting in another racer's way. There _are_ more interesting cases - more cooperative multiplayer games where you and other people are ganging up on the {bad guys / treasure / other groups of players}, and it might make sense for your character to be chatty or quiet or bossy or like Obi-Wan or Jay or Silent Bob. Do you tell the other player things that ought to be obvious, like the fact that the monster's running towards him from his left, distracting him with your blather when he's trying to figure out what to do about it, or do you only tell him when the monster's somewhere he probably can't see, or do you wait until afterwards to tell him he should have known better than to pick up a duck in a dungeon? Is it helpful to tell the other player "You bash the Balrog, and I'll climb the tree" or shout "Run Away! Run Away!" at every appropriate opportunity? (Normally, no it's not, that's why you're choosing a literary voice for your character, who might have other opinions or different wisdom/charisma/intelligence levels than your own.)

  23. Outsourced IT is usually even *less* flexible on Overwhelming Bureaucracy in the IT Department? · · Score: 4, Insightful
    Dealing with your own IT staff is bad enough. Dealing with outsourced IT is usually _less_ flexible, whether that's remote support from India or local support from companies like EDS, CSC, etc. Outsourcing saves money by replacing individual attention with mass production, so most of the work gets done by low-paid grunts working from standardized scripts instead of sysadmin wizards who can figure out what you really need.

    There are some exceptions, but they'll charge you more money for the flexibility. That's the other way outsourcers make you money - precisely defining the scope of work and charging higher prices for anything outside of it. Sometimes that's a Great Thing - outsiders who want to charge money are often much more willing to do what you want than insiders whose reward structure is that they're a Cost Center incentivized to cut costs. But the kinds of bean-counters who outsourced your IT department on you are usually going to prevent you from getting the extra-value services if they can.

  24. C, C+, Bloating on Beyond Java · · Score: 2

    I'd have said that C bloated _precisely_ by becoming C++ (and ObjC, Visual C++, etc.). Sure, there are other things that have been added since K&R v1, but mostly it was the "let's take C and add object-oriented programming" that opened the door to lots of new complexity.

  25. Re:Oh please oh please oh please oh please... on Words Affect Our Reality - On The Right · · Score: 1

    Sure - Those postings just get marked "OffTopic" or "Troll", so you never actuall see any of them, but they're really around, right next to the fnords...