Slashdot Mirror


User: gweihir

gweihir's activity in the archive.

Stories
0
Comments
19,136
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 19,136

  1. Re:Paper covers rock on Apple Purchases Software Company To Read Users' Expressions (thestack.com) · · Score: 1

    I think the problem with shutters is that they make the phone thicker. So no, I do not know of any.

  2. Re:Paper covers rock on Apple Purchases Software Company To Read Users' Expressions (thestack.com) · · Score: 1

    I also happen to have a phone with an easy to remove battery. No accident.

  3. Re:Paper covers rock on Apple Purchases Software Company To Read Users' Expressions (thestack.com) · · Score: 2

    No idea. I have black electrical tape over all of them, including ones from customers and the front-camera on my mobile phone. I would also disable the microphones, but that usually requires a lot more effort.

  4. Indeed. While I would not call it "socialist", it is what happens when non-STEM people tell STEM people how they should work, live, think. (The sheer arrogance involved is staggering...) You may end up with a bit better "culture", but it will always kill the quality of the engineering and science done, so that is a rather extreme net loss for society. The non-STEM idiots are usually quite unable to see that, so they keep pushing. In the end, such things kill a society.

  5. Re:without apps, app store profits wither on K12CS.org: Microsoft, Google, Apple Identifying What 1st Graders Should Know · · Score: 2

    I learned C about 30 years ago, when I needed more than the 64kB arrays Turbo Pascal gave me. These skills are still highly useful to me and I just recently finished a large project where C was the only sane option. Of course, C has this tendency to not help bad programmers write shoddy code, it makes them write non-working code. And that is actually an advantage.

  6. Problem solving is not a collaborative task above a not very high level of difficulty. Because above that, it requires insight and the only thing teamwork does is that it makes sure at most one on the team has that insight. Now, describing things accurately, asking precise questions, writing documentation, effective communication, those are useful. But pair-programming does not even work well when you have people with high levels of respective skills. It is a complete bust below that.

  7. Re:Stupid idea on K12CS.org: Microsoft, Google, Apple Identifying What 1st Graders Should Know · · Score: 2

    Computers are exceptionally shoddy to completely unusable "programmers" once you leave behind no-insight-required compiling and localized optimization. I guess you have never seen synthesized code. A good programmer is architect and designer and coder. None of these roles can be filled by software above a very, very low level of difficulty.

  8. Re:We need a different term for this on K12CS.org: Microsoft, Google, Apple Identifying What 1st Graders Should Know · · Score: 1

    Indeed. Most of the people that jump on this will find that it is not a good career-choice at all, unless you do it at the high end (caveat: I do). A the high end, you are the brain-surgeon. At the low end, you are the person that delivers the x-rays for minimal wage and that has a constant risk of having your job taken by technology. Now, do we think that everybody has what it takes to become a good brain-surgeon? Of course not. Why then this fantasy that this is possible in CS/IT engineering?

  9. Re:How useful really is password length? on New HTTPS Bicycle Attack Reveals Details About Passwords From Encrypted Traffic (softpedia.com) · · Score: 1

    That is not brute-forcing. Incidentally, how do you arrive at 256 values per character? If it is characters you find on a keyboard, they will be far less. If it is Unicode, they may be far, far more. They will never be 256 in practice, unless it is a binary key, not a password. I will not even comment on you amateur-level analysis of the search space. Well, what can one expect from the typical big-ego-small-skill AC.

  10. Re:How useful really is password length? on New HTTPS Bicycle Attack Reveals Details About Passwords From Encrypted Traffic (softpedia.com) · · Score: 1

    Indeed. Length information can only tell you when to stop, because you have missed the password (e.g. because you did not use the full char-set on some assumption of language used) and how much effort is expected. The effort for shorter passwords is negligible. Takes some actual Math skills for seeing that (not very advanced ones though), and these seem to be in very short supply these days. Civilization is really devolving, with people knowing and understanding less and less.

  11. Re:Not hacking on An FBI Hacking Campaign Targeted Over a Thousand Computers (vice.com) · · Score: 1

    Well, pedophile images are already used in scams and, get this, the police in some countries advises people to not tell them about these criminal acts as the very possession of these images is illegal. How completely broken must a law be to have the effect that innocent people cannot tell the police anymore about crimes committed against them? That is just pure evil.

    The scenarios you describe and others like it are actually something that is pretty sure to happen at some time and this is why making the possession of some specific bits illegal is so stupid. Sure, production of this material must be illegal and commercial distribution must be so too, as both directly do or contribute to child abuse. But possession and non-commercial distribution without law enforcement having to prove intent is extremely easy to abuse in a digital, networked world.

  12. Re:Not hacking on An FBI Hacking Campaign Targeted Over a Thousand Computers (vice.com) · · Score: 1

    I did say you can attack only within the context of an existing connection. But that is it. If you attempt send any other packets to the client they will a) be dropped by the TOR exit relay and b) will be dropped on client side, as a client does not open a server socket and hence does accept absolutely no connection requests. In addition, there is not even a way to address the client in these other packets, so the idea does not make any sense at all.

    The thing is that you cannot "run network tools" against a client with an unknown IP if all you have is an existing connection. You can only run them against the TOR exit node, which gives you absolutely nothing. Seeing that does need some minimal understanding of what "network tools" are and what they do and how TOR and TCP/IP works. Apparently you completely lack that knowledge. There is no tunnel in TOR. TOR does connection routing and that only for client-side initiated connections.

    Incidentally, you do not understand how firewalls work either and what they are good for. If there is no service running on a host (and the a browser certainly will not run any listening-sockets), a firewall is completely immaterial. The target TCP/IP stack drops all packets sent outside a connection unless there is a server-socket listening for them.

    Seriously, how incompetent and arrogant can you get? You do not even understand the very basics.

  13. Re:Not hacking on An FBI Hacking Campaign Targeted Over a Thousand Computers (vice.com) · · Score: 2

    Actually, forget what I said about this being possible on misconfiguration. Your statements are so far removed from how TOR works that I got confused as to what you were saying.

    So: For a client TOR installation, this is impossible without compromising the target browser over an existing (!), client-initiated connection. You cannot initiate a connection, scan, ping or do anything else from the server side to a TOR client. The network will not route your packages. You cannot even address the target as you only see the IP address of the exit-relay, but that one is terminating many connections from clients. Seriously, TOR is not a VPN. What you can do is attacks against hidden services, but anybody can connect to them via TOR. But again, you cannot scan the network there, you can only attack the service itself, i.e. usually the web-server running there.

    Your statements are complete, unmitigated nonsense.

  14. Re:Not hacking on An FBI Hacking Campaign Targeted Over a Thousand Computers (vice.com) · · Score: 2

    Sorry, but that is bullshit. Sure, it may work if somebody incompetent set up a normal browser to work over TOR, or actually is grossly stupid enough to really set up LAN tunneling over TOR (But to what end? It would not do anything useful...), but with a competent set-up or the TOR browser bundle, there is no way to do what the FBI did without compromising the browser process. And, incidentally, with the freedom-hosting attack, they did exactly this: They sent malcode to the browser and took it over. As far as we know they did not do a lot with the compromised browser, but that is besides the point.

  15. Re:So the gov knowingly ran a child porn site? on An FBI Hacking Campaign Targeted Over a Thousand Computers (vice.com) · · Score: 1

    This begs the question why possession of CP is illegal. The usual argument is that it continues to harm the victims.

  16. Re:Don't get it on An FBI Hacking Campaign Targeted Over a Thousand Computers (vice.com) · · Score: 1

    Interesting thing, instruction how people "could avoid detection online" are not illegal, or even immoral. What is the point of including this piece of information?

  17. Re:Slippery Slope on An FBI Hacking Campaign Targeted Over a Thousand Computers (vice.com) · · Score: 1

    Indeed. This can only be justified by "regardless of what it is, if the FBI does it it is legal". That does not work with the rule of law and is only possible in a full-blown police-state. As soon as they had the possibility to switch it off, they had both a moral and a legal imperative to do so immediately. In a very real sense, they committed mass-child-abuse.

  18. Re:Slippery Slope on An FBI Hacking Campaign Targeted Over a Thousand Computers (vice.com) · · Score: 1

    There is also the little problem that by the way TOR works they have no idea where a target computer is before they break in. This makes what they did "state-sponsored organized crime" if they even caught one user not on US soil and may well make it "state-sponsored cyber-terrorism" in some countries. Not good at all. Just think of the same scenario but with the Chinese doing it (where all pornography is illegal) or the Iranians (where all non-Muslim religious writing is illegal). See the problem?

  19. Re:Not hacking on An FBI Hacking Campaign Targeted Over a Thousand Computers (vice.com) · · Score: 1

    Incidentally, what they did is highly criminal for any person the warrant does not cover. (And they have no way of finding out before they attack....) An argument can be made that this is anybody using a computer outside of the US. Just think of a modified example where the Chinese Government hacks users of a TOR web-forum devoted to discussing freedom using a warrant that does also allow hacking the computers of US citizens or Europeans, or with a warrant only covering China, but they ignore that. See the problem?

  20. Re:Not hacking on An FBI Hacking Campaign Targeted Over a Thousand Computers (vice.com) · · Score: 1

    So you think all breaking into computers is legal? Because that is all "capturing information that the client machine is willing to send (even via a flaw)". That flaw might make it willing to send, say, 500'000 user data sets.

    If the FBI campaign against freedom hosting is an indicator (or if this is actually the same thing), then they sent malware to the target browser that compromised it via a JavaScript exploit. It then took over the client browser process to determine from the OS what the IP address of the local computer is. There is no gray area here, this is just what criminal hackers do. Incidentally, this gives them the ability to put any file they like on the target system and it should invalidate any and all evidence found on the target machine. Also, in the campaign against freedom hosting, they caught a lot of people doing entirely legal things, like accessing their tor-mail account.

  21. Re:Not hacking on An FBI Hacking Campaign Targeted Over a Thousand Computers (vice.com) · · Score: 3, Informative

    Except when your software (TOR) does not give out your IP address willingly. Then some kind of hacking/cracking/compromise technique is used and that is highly problematic. In a sane legal system it would also compromise any and all evidence found on the target computers as it typically comes with the ability to change things on the target and do so without trace.

    This cure here may well be much, much worse than the disease. If the targeted group were a different one, this might be called "state-sponsored terrorism." Anybody that believes these techniques are only used against child pornographers is kidding themselves. Just have a look at the history of the FBI.

  22. Re: Those who would give up essential Liberty... on Majority of Americans OK With Warrantless Internet Surveillance (ap.org) · · Score: 1

    Well, yes. But the distinction is meaningless.

  23. Re:Social programmers? LOL on The Empathy Gap and Why Women Are Treated So Badly In Open Source Projects (perens.com) · · Score: 1

    As you assume a "basically useful" pull request, we have left hand-holding with respect to coding already far behind.

  24. Re:Social programmers? LOL on The Empathy Gap and Why Women Are Treated So Badly In Open Source Projects (perens.com) · · Score: 1

    Seriously, if a "fresh grad" still needs hand-holding at this, then they do not have what it takes to ever be good at it. Same for a first-ever contributor to a FOSS project. Investing in these people in this role is a complete waste of time and harmful on top. Growing a community on the incompetent and the semi-competent is a sure way to destroy it. That is why so many people think all great programmers are self-taught (not true, but most are): Unless you come with a high level of aptitude and motivation, you really should go into a different field. While it is en-vogue again to claim that programming can be taught to anybody, that is just unmitigated nonsense. It is mostly nature and a only tiny and optional bit of nurture that makes great coders and anybody who denies that has not actually seen how incompetent and harmful most coders are in reality. Those are the ones that got educated and hand-held for most of the process. These are the ones that make software unreliable, insecure and hard to maintain. These are the ones that make projects fail.

    And no, I do not like that it is this way. I am just not blind to the realities.

  25. Re:Not a zero-sum game -- and not that simple on Majority of Americans OK With Warrantless Internet Surveillance (ap.org) · · Score: 1

    No, I rightfully point out that it actually is not a false choice and you are full of it. Your explanations are bogus and come from fantasy-land. They also exhibit an astonishing lack of knowledge of what you are talking about. Details do matter extremely in crypto, yet you have no understanding of the pertinent ones at all.

    If you want to call the larger crypto- and security-research community all incompetent, go right ahead. It will only make you look even more stupid though.