Slashdot Mirror


User: Jah-Wren+Ryel

Jah-Wren+Ryel's activity in the archive.

Stories
0
Comments
11,071
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,071

  1. Re:No Hurry on Disabling the RFID in the New U.S. Passports · · Score: 2, Interesting

    Your answer says nothing about why RFID was chosen over another technology like 2D barcodes - you know, the OP's question about "why not just print the data in the first place."

    Current state of the art gets about 64K plus error correction on a piece of paper the size of one passport page. That's plenty for passport use.

    Furthermore, this focus on forgery is completely short-sighted. All it will do is change the business of forging passports from one of making them up on the spot to one of collecting copies of thousands of valid ones so that the forger can more easily provide a dupe that closely matches their client. Since a passport is suppossed to last for 10 years, there will always be a lot of leeway in interpreting the "biometrics" that are stored there.

    It would not surprise me in the least to see a black-market in databases of passport dupes spring up - any place that "holds" yours passport, like a hotel, will be an easy point of vulnerability - desk clerks don't make much money, especially in 3rd world countries. 50 cents per valid dupe would be extremely cost effective and more than enough incentive.

    The real goal is supposed to be increased security, but all this system does is re-arrange the pieces on the chess board - and line the pockets of a bunch of government contractors.

  2. Re:No Hurry on Disabling the RFID in the New U.S. Passports · · Score: 1

    What unintended consequences? Given a small modification in how you carry your passport -- and you always had to be careful about how and where you carried it -- there are no consequences, except the intended one that passports are now effectively unforgeable.

    As I said to another poster, do you actually realize what you are advocating? That every single American on foreign travel carry around a handful of rubberbands because the system designers couldn't do it right in the first place. If it were a free market, that product would be a loser real quick.

    That comment clearly indicates complete ignorance of the anti-forgery goals, the issues involved in passport reliance, the complexities of key management and the security analysis that drove the decision to use the MRZ as the basis for the key.

    No, that comment clearly indicates what the people who are required to use the new system will think. The two issues are in no way mutually exclusive. I've been critiquing bad government crypto policies since before the Clipper chip initiative, and implementing secure authentication systems for many of those years too -- my "I do it for a living" internet dick is big enough here.

    The security design of the US passports is very good.

    Spoken like someone who has never had to worry about more than a nice, clean controlled environment with a handful of pre-defined threats. Classic heads-down engineer mentality.

  3. Re:sure, but.. on Is Ubuntu a Serious Desktop Contender? · · Score: 1

    And Free Software is not always about being better, it's about being Free.
    That statement sums up why Ubuntu, and probably Linux, will never be a suitable replacement OS on most desktop systems.

    Making software Free can eventually result in it becoming "better",
    but making software "better" never results in it becoming Free.
  4. Re:What? You don't like your own poison? on Liberating & Restricting C-SPAN's Floor Footage · · Score: 2, Insightful
    I don't see how they're avoiding they're "own poison" and "hiding stuff."

    If anything, I am surprised that they are refusing to privatize this information. I would expect any congressthief to jump at the chance of private ownership of the recordings, because that's just one step away from only releasing edited footage. I guess C-SPAN just hasn't hired a lobbyist who can explain that clearly enough.

    I suggest they hire George Orwell to lobby this issue, he said it pretty well:
    Who controls the past controls the future.
    Who controls the present controls the past.
  5. Re:No Hurry on Disabling the RFID in the New U.S. Passports · · Score: 1

    Do you just break every rubber band you use every time you use it? You'd only need a couple rubber bands, not a whole bag, and that's still assuming you're so incompetent you can't pull one off and put it back on a few times over the course of your trip without breaking it.

    Step back for a second. Are you seriously arguing in support of a half-assed solution to a problem that shouldn't exist in the first place? That every single American traveling abroad should keep a rubber-band around their passport and a handful of spares because their own government can't get basic security right?

  6. Re:No Hurry on Disabling the RFID in the New U.S. Passports · · Score: 1

    Mmmm.... Get another one???

    So, are you in the habit of traveling internationally with a bag of spare rubberbands? You sure they will let you on the airplane with those? A terrorist could use one to take the pilot's eyes out and crash the airplane.

  7. Re:No Hurry on Disabling the RFID in the New U.S. Passports · · Score: 1

    The US State Dept. has issued the same recommendation.

    I call bullshit. Let's see some backup for that claim.

    Besides, what are you supposed to do when the rubberband breaks?

    What strikes me as sad is how often people like you automatically assume that the designers of sophisticated systems were stupid, rather than considering that perhaps you just don't understand the problems they were trying to solve.

    Yadda, yadda, yadda. What strikes ME as sad is how often people like YOU automatically assume that critics of these systems are stupid, rather than considering that perhaps you just don't understand the full scope of the issues involved.

    Passports do not exist in a vacuum. Just because the designers had a narrowly defined goal, doesn't excuse them from worrying about unintended consequences of their solution. Particularly if those unintended consequences compromise the root goal, increased safety, that prompted the redesign in the first place.

    You want to advocate for a heads-down engineering approach? Go ahead, but don't get all sanctimonious about it when people point out that reality can easily bite you in the ass.

  8. Re:Alternatives to Intellectual Property on Nobel Laureate Attacks Medical Intellectual Property · · Score: 1

    For one thing, time isn't necessarily free. Especially if you are looking for the cure for a disease. It needn't even be a fatal disease - putting up with disfigurement or discomfort sucks each and every day you have to do it.

  9. Re:No Hurry on Disabling the RFID in the New U.S. Passports · · Score: 2, Insightful

    Or you could put a rubber band around the passport to keep it closed.

    Yeah. Somehow, I don't expect to see THAT in the instructions from the State Department anytime soon. That's the kind of thing that gets noticed, it would end up in Leno's monologue, maybe even a skit or two on SNL.

    The whole point of putting shielding in was that the average joe traveler would not need to worry about band-aid security because the people whose damn job it was to get it right did so.

  10. Re:Alternatives to Intellectual Property on Nobel Laureate Attacks Medical Intellectual Property · · Score: 1

    Why is pure research funded today? Because someone thinks it is worthwhile.

    There is no reason that a contract for pure research could not be funded in the same fashion as applied research. All it takes is enough people with enough money who think it is worthwhile.

  11. Re:Alternatives to Intellectual Property on Nobel Laureate Attacks Medical Intellectual Property · · Score: 1

    Let's say you are the last person to decide whether or not he wishes to contribute. You will be getting the $10B return even if you contribute nothing.

    You are making a false assumption. If you are indeed the last person to decide to contribute or not and you decide not to contribute, then you (and everyone else) gets nothing and loses nothing. That's the whole point of escrow.

  12. Re:Somebody doesn't grok RFID... on Disabling the RFID in the New U.S. Passports · · Score: 4, Informative

    I do this stuff (among other things) for a living. ...
    Passive tags (like the one in the passport) can only be read a few inches away and someone with even a basic knowledge of physics knows that the power requirement to maintain an adequate magnetic field increases exponentially with distance.


    While you may "do" it for a living, it sounds like you don't hack it for a living. It takes a whole different mindset to look for vulnerabilities to exploit.

    Even the State Department admits the RFIDs used in the passports can be read from at least 10 feet away. NIST says they've been able to do 30 feet and are working on clever ways to get beyond even that. These numbers are for ISO 14443 RFIDs which seem to be the type used in US passports.

    one has to remember that tags operating on the same frequency will tend to interfere with each other, reducing the chance of getting a good read.

    There are plenty of situations in which just knowing that the RFID and associated passport are present are trouble enough. The classic example being the bomb with an "american detector" - left out in a public area it only needs to get enough of a signal fingerprint to differentiate american passports from others in order to make that passport's owner very unhappy. Put one of those into the doorframe of a mcdonalds somewhere and you don't even need to worry about long-range fancy-smancy stuff.

  13. Re:No Hurry on Disabling the RFID in the New U.S. Passports · · Score: 5, Informative

    the shielding in the passport cover hold the chip incommunicado unless the passport is open

    That's true if your definition of "open" is anything not held tightly closed.

    It has already been demonstrated that the faraday cage effect of the shielding is negated if the passport is only open a centimeter or so, as could easily happen with a passport carried in a handbag, or pretty much anywhere there is not much pressure to hold it closed.

    So, while you may not be able to crack the data from the RFID, you can certainly talk to it under conditions that are reasonably common in the field.

    it requires execution of a cryptographic authentication protocol using an AES key derived from data printed inside the passport cover (called the MRZ)before it will divulge anything; and

    Doesn't this strike anyone as ironic? The RFID is of no value for official use without first having to read something printed on the inside. So much for any improvement in convenience or ease of use over the previous implementation. Seems like an RFID manufacturer (patent holder?) hired a really good lobbyist.

  14. Re:Alternatives to Intellectual Property on Nobel Laureate Attacks Medical Intellectual Property · · Score: 1

    Except, you've expressed an idea COMPLETELY incompatible with intellectual property.

    Uh yeah, that's why the subject line of your post is Alternatives to Intellectual Property.

  15. Re:Patented Breast Cancer Genes? on Nobel Laureate Attacks Medical Intellectual Property · · Score: 1

    Maybe because Article I, section 8 of the Constitution allows Congress to grant exclusive rights to authors and inventors for their respective "writings and discoveries".

    You mean the Constitution that doesn't say diddly squat about inventions?
    I guess all those patents issued for inventions are invalid then, huh?

  16. Re:Alternatives to Intellectual Property on Nobel Laureate Attacks Medical Intellectual Property · · Score: 1

    However, it may result in a "free rider problem" - if 999,999,999 people have already promised $10 for that cure, there is no incentive for that last person to pledge their share. As the pot grows, people will receive more of a benefit by paying for existing treatments for themselves than pitching in for further research.

    You have that completely backwards. If 999,999,999 people have already put their money in, the last guy to put in $10 is effectively getting $10B return for his $10. The larger the pot, the greater the incentive, not the smaller.

  17. Re:Alternatives to Intellectual Property on Nobel Laureate Attacks Medical Intellectual Property · · Score: 2, Interesting

    The economist Henry George proposed replacing the system of patents and copyrights with a system of prize awards over 100 years ago. However, determining what inventions should be rewarded is still going to be difficult.

    Let the free market decide.

    We need a large-scale system where either a buyer or a creator could publicly propose a "prize" for any new creation of their specification. Interested buyers could put whatever it was personally worth to them into an escrow account and interested creators could bid for a contract on that escrowed money. When they come to an agreement and there is enough money in escrow, the creator gets busy creating.

    Such a system need not even be limited to finished products - it could be done iteratively. Because the end result of each "prize" is put into the public domain, each iteration need not necessarily even employ the same creators as the last one.

    The key is for the system to be large-scale. Large enough for everyone with a computer and a bank account to participate. It can bankrupt a drug company if it spends $10B on developing a drug that doesn't pan out. But when 1 billion people spend $10 each and it doesn't work out, its not much worse than skipping dinner. And you get the benefit of all that $10B worth of work now in the public domain some of it might be salvageable for some other use, instead of being locked away in some company's vault of "intellectual property" that no one looks at and no one can use.

  18. Re:Hmm on Snake-Robots To Assist Surgeons in Tight Spots · · Score: 2, Funny

    The Sequel:

    I have had it with these motherfucking robots on this motherfucking plane!

  19. Re:Unions blow on America's Worst Christmas Parties · · Score: 1

    Unions don't exist to get the best package for ALL employees, they exist to get the best package for THE AVERAGE EMPLOYEE

    That would be false. There is nothing about collective bargaining that requires that stars be penalized or ignored as part of the process. Sure, some unions have ended up like that because it is a deceptively easy path to take, but there is no law of physics or man that requires it to be.

  20. Re:Bah humbug. on America's Worst Christmas Parties · · Score: 3, Insightful

    There is no contradiction between doing a good job and only doing what you have agreed to do. If an employer wants employees that will do a good job, then they need to make sure that is part of the employment agreement. For example, as a contractor who bills top-dollar I promise and deliver top-quality work -- my clients are happy with the results and I am happy with the compensation. In fact, that's the underlying premise of free markets - both parties derive value from the transaction and neither party is exploited.

    Furthermore, I do tend to shop at minimum service stores for exactly that reason - no matter how up-scale the store, there is no guarantee of quality of service. I've been screwed over enough times - paying up-scale prices and receiving down-scale service, that I've learned not to play that game any more.

  21. Re:Cheapskates! on America's Worst Christmas Parties · · Score: 1

    After meeting or exceeding all of our yearly company goals and setting a new profit level, each of us salaried folks received a bonus envelope with 25 brand-new,consecutively-numbered one-dollar bills in it.

    I had a similar experience with a bonus all out of proportion with level of "above and beyond" effort I had been asked to put in. That was my wake-up call to go independent.

    Now, when I go "above and beyond" its in my contract and I get paid commensurate with the work I put in.

  22. Re:Bah humbug. on America's Worst Christmas Parties · · Score: 5, Insightful

    When advice on to how to deal with the current state of the employment market is summed up as, "They're already paying you to do you job," perhaps it is time for workers to get pissed off about people who deliberately misquote summaries.

  23. Re:What about non-internet sources? on College Freshmen Struggle With Tech Literacy · · Score: 1

    Yeah, and what percent of incoming freshmen new how to narrow an overly broad search using whatever ancient, proprietary electronic card catalog system the school uses without being taught? Probably less than 35%.

    The difference is that internet searches are now common every day tasks performed by regular people. Not just academics, not just research librarians, but everybody. It's the modern day equivalent of being literate. In some countries, more people use the net than know how to drive a car.

    The flip-side is that just as kids are formally taught how to read starting from an early age, we ought to be formally educating them on how to use the net. And not just mechanics like how to use google - a skill that would be useless once a new search engine company displaces google - but also the general logic of searching - set theory, boolean operations, etc. Not that you would have to use the fancy names, just teach the kids the application of those topics.

  24. Re:Talk about american values on White House Forces Censorship of New York Times · · Score: 1

    Off the top of my head, France has laws against insulting the president. And they rank 35th in that list.
    Ditto for most European nations and their anti "hate speech" laws.


    Wow, unsubstantiated anecdotes versus broad-based survey of thousands of incidents.
    No wonder you posted AC.

  25. Re:I like Red Hat's attitude on Red Hat CEO on Microsoft-Novell Deal · · Score: 1

    They don't go running to big mama regulator to help them out from the mean old Microsoft bully.

    You sure about that?