Slashdot Mirror


User: gweihir

gweihir's activity in the archive.

Stories
0
Comments
19,136
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 19,136

  1. Re:With or without good passphrase protection? on Adobe Security Team Accidentally Posts Private PGP Key On Blog (arstechnica.com) · · Score: 1

    IDEA is not supported by modern PGP implementations anymore, AFAIK. Maybe some commercial ones still do it though.

  2. Re:With or without good passphrase protection? on Adobe Security Team Accidentally Posts Private PGP Key On Blog (arstechnica.com) · · Score: 1

    Indeed. The other question is what the substance of the "billion year" estimate actually was. This estimate was likely faulty, which is easy to do when you have no clue how things work. For example, estimate the passphrase at 1.5bit/char of entropy, get, say, 150 bit, but then hash it down to 64 bit. That makes attacking the hash directly a lot easier. Or do one of the cardinal sins and use a phrase that is publicly known, like a citation form a book.

    "20 minutes on a server farm" does sound a lot like somebody screwed pretty badly, including in the "billion year" estimate.

  3. Re:With or without good passphrase protection? on Adobe Security Team Accidentally Posts Private PGP Key On Blog (arstechnica.com) · · Score: 1

    The security of your "passphrase" is pretty irrelevant when attacking your "password". Are you sure you do understand what happened there?

  4. I find it fascinating how anybody that does not have a solid grounding in crypto feels competent to comment on what crypto can do and what it cannot do. Of course, the statements made by such people are routinely wayyyyy off. That is one reason why people like me charge a high consulting fee when making such statements professionally, because it makes it more likely that the customer (who does not understand what is going on, just like you) actually listens.

  5. Re:"PGP security is harder than it should be." on Adobe Security Team Accidentally Posts Private PGP Key On Blog (arstechnica.com) · · Score: 1

    The "computers are easy" statements come from marketing. They have no basis in reality. We all spend several years learning how to read and write. My estimate is that about the same amount of learning and time is needed to use computers competently. Most people are unwilling to spend that time and will stay on low amateur level. Eventually, it will have to become a major subject in school, because the cost of not doing that is just far too high. At the moment tings are still moving too fast for that though.

  6. Re:Like letting an Uber driver in your home on Walmart Wants To Deliver Groceries Straight To Your Fridge (consumerist.com) · · Score: 0

    Ah, yes, one common sign of paranoia is the insistence of being perfectly rational in the face of overwhelming counterarguments. Have fun being afraid all the time for no good reason. Of course you can waste and destroy your own life any way you want.

  7. Re:Like letting an Uber driver in your home on Walmart Wants To Deliver Groceries Straight To Your Fridge (consumerist.com) · · Score: 1

    When you are paranoid, you miss actual signs of danger, because your system is overloaded.

  8. No, I just do understand how this works.

  9. Re:Like letting an Uber driver in your home on Walmart Wants To Deliver Groceries Straight To Your Fridge (consumerist.com) · · Score: 0

    My logic works, yours is broken. There have been all sorts of people prosecuted for rape. The thing is that this supposedly risky behavior is not more risky than pretty much anything else. You are not more likely to be raped because you let people in that are known to be coming to your house. The whole idea a completely irrational paranoia, which, incidentally, is one of the things that does make it more likely that you will be the victim of a crime.

  10. Actually, if the private key is protected by a good passphrase, this operation is not risky at all.

  11. Re:"PGP security is harder than it should be." on Adobe Security Team Accidentally Posts Private PGP Key On Blog (arstechnica.com) · · Score: 3, Insightful

    Actually, it is not. Just as with the functioning of a house-key, there is a minimal understanding that is required for public-key crypto, or security will not be provided. Yes, that means many people cannot have secure encryption. That is just the way things are. Wishing things to be different does not change them.

  12. With or without good passphrase protection? on Adobe Security Team Accidentally Posts Private PGP Key On Blog (arstechnica.com) · · Score: 2

    Because if a good passphrase is used, then this is a complete non-issue.

  13. Re:Like letting an Uber driver in your home on Walmart Wants To Deliver Groceries Straight To Your Fridge (consumerist.com) · · Score: 0

    That must be the most demented comment all week. The name of whoever made that delivery is in a f****** database, for crying out loud! Even rapists have some desire not to get identified and caught.

  14. Seriously? on Walmart Wants To Deliver Groceries Straight To Your Fridge (consumerist.com) · · Score: 4, Insightful

    What I do when shopping for food is a) I decide on what I want to cook and eat. This is based on what is fresh, looks good, is in season and generally appeals to me. And b) it is low-stress time that I take off from all other things and concerns. The last thing I want is for this to be taken away and automatized. May as well automatize away going for a walk. This is seriously messed up.

  15. I do agree to that.

  16. Re:I propose a law... on Major Cyber-Attack Will Happen Soon, Warns UK's Security Boss (theguardian.com) · · Score: 1

    I would be completely on-board with that. "Cyber" immediately marks you as clueless and unaware of it.

  17. Somebody wants more power and budget.... on Major Cyber-Attack Will Happen Soon, Warns UK's Security Boss (theguardian.com) · · Score: 1

    Pretty obviously.

  18. I find that I do not need this "premium" content on Corporations Just Quietly Changed How the Web Works (theoutline.com) · · Score: 1

    The only things I watch (a very small number of TV series) are not available were I live anyways, just horrible dubbed versions later. So I download them, which is legally tolerated here. For the rest: You DRM, I do not watch. That is far worse for you than for me. Make me a decent legal offer and you _will_ get my money. Decent includes that I can store this locally in as many copies as I want, can play it on Linux and the quality of sound and image is good. Do not make that offer and I will certainly not become your victim.

    Incidentally, the EU has been keeping a study under wraps which basically says that the only thing negatively impacted by "piracy" is blockbuster movies. I used to pirate the occasional one, but have given up because they are all so extremely stupid and bad. The whole idea of DRM is the embodiment of the utterly stupid belief that the customer must be fucked over in order to maximize profit. Well, it does not work that way. Not anymore.

  19. Indeed.

  20. Re:when coders don't have a broad understanding on Computer Science Degrees Aren't Returning On Investment For Coders, Research Finds (theregister.co.uk) · · Score: 1

    Says the AC. Alternatively, I have seen a lot of the field and noticed said strong correlation you would like to wish away. My guess would be you are one of those that lack said degree and are desperately trying to cover up the problems in your skill-set that cause. Not that over-inflated sense of ones own skills is rare among students. But they do run into an enforced reality-check: Exams and thesis work. Self-taught coders do not have that benefit and routinely massively overestimate their skills.

  21. Re:when coders don't have a broad understanding on Computer Science Degrees Aren't Returning On Investment For Coders, Research Finds (theregister.co.uk) · · Score: 1

    No. But really bad programming skills are much, much more prevalent without that education and many of those without that education think they are actually pretty good at what they do when they are anything but. That is a serious problem and it becomes worse when these people move into management.

  22. Bullshit. And Bullshit again. These developers you think are "the best" are just an example form the class of people that screw more complicated things up badly and then people like me have to come in to fix it. I see this time and again. Oh, sure, some actually manage complicated things from time to time, but they do not really understand what they are doing and they take really long too do it and in the end their solutions quite often cause significant problems down the road. Of course, that happens with people with CS degree as well. But it is basically assured for those without as they do not have a reasonable overview over the CS field.

    The advice to prospective employers these days must be a) do not hire people without a relevant degree and good grades b) look very carefully at all others. The average level of skill of today's coders is shockingly low and coders seen as really competent by their co-workers are often still pathetically incompetent (even if still above average).

  23. If you have to ask...

  24. I agree to that. These people do exists but their number is very, very small. The number of people that falsely believe they are one of these exceptional people is pretty high though.

  25. Oh, yes. Mathematicians are the worst. Sure, their code will usually do what it should, but it will be bad in any other respect. Quite often you cannot even read it and forget about trying to modify it. That makes it unusable for anything besides run-once-then-throw-away projects.

    There are exceptions though. I personally know one mathematician that can code really well. His problem was that his last employer did not allow him to code (a large insurance), because they made extremely bad experiences with mathematicians coding.