Slashdot Mirror


User: ergo98

ergo98's activity in the archive.

Stories
0
Comments
4,174
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,174

  1. Re:Best password ever on Crappy Passwords Very Common · · Score: 1

    And the saddest thing is that that is entirely typical: It goes against human nature to force someone to remember something (all the while saying that it's a critical piece of information and they'll be flogged if they forget it, but at the same time they should never write it down), and the discard it and remember something new a week later. Hell, my bank doesn't force me to change my PIN number on my bank card (hell, I don't even know the process to change it if I wanted to) every month, so why should I have to do it at a workplace?

    I'm entirely of the belief that those who draw up password best practices are generally morons: Anyone who would recommend that people change their password anymore frequently than once every 6 months (or if suspicious activity is detected) is ignoring some basics of human personality, and by doing so they are making the systems significantly more vulnerable rather than more secure.

  2. Re:Best password ever on Crappy Passwords Very Common · · Score: 5, Interesting

    He took the name of a family pet, just like an idiot would. But then he encrypted it with 4096 RSA PGP and the passphrase was his favorite saying. The 15th through 23rd characters where his password

    That sounds like an interesting way of making a password a failsafe (i.e. you would be able to recover it if you forgot the special sequence of characters, and the password becomes not only the code sequence but also the process. i.e. A prehashing of hashing. An interesting scenario would be to say "my password is always WEAKPASSWORD but for each service I'll hash it through SHA1 with the service name, and I'll use characters 10-15 in hex form as my password"). I use strong passwords (bogus words, numbers and punctuations), yet one way in which my passwords are weak is that I don't prescribe to best practices for changing passwords regularly. Why? Because I've forgotten so many passwords that I'm cynical about the reality of password changing best practices...recently I was thankful that my FreeBSD box has the single user local mode (without physical security there is no security) that lets you supercede the security systems because it'd gone unmanaged for so long that I'd forgotten among the hundreds of passwords out there. I truly believe that if users are forced to regularly change passwords then they a) write it down, b) use weak passwords so they don't forget for the short period that they have to use it, c) they use the same password on many different services. I believe that c is very common, and if you analyzed people's ICQ, Hotmail, Slashdot, computer, domain, etc passwords you would find some pretty common correlations.

    And after he told me this, he changed it. Because he changes his PGP keys every week.

    He changes PGP keys every week? How do people that have to keep importing his public key feel about this? (Personally I'd have long refused to both importing a new key each week).

  3. Re:What's next, a handshake? Pinky-swear? on Email, a Legally Binding Contract? · · Score: 2, Insightful

    In this case I don't think anyone doubts the authenticity of the emails (it appears to have been a long running series of emails discussing the selling and purchasing of a house, in a way that it is doubtful anyone is going to forge), but rather the defendant is claiming basically that because it wasn't a signed document that they are not bound by it. Yet just as the oft-known verbal contract, you don't have to sign a contract in many cases. Seems pretty clear to me.

  4. Re:Just waiting for the press release... on Microsoft, zlib, and Security Flaws · · Score: 1

    Of course, if zlib had been GPL, they couldn't (legally...) have used it without releasing their source, and in this case, they might have avoided the security risks

    Utter bullshit. How would it have "avoided the risk"? The problem EXISTED in zLib (while being a open source product, BTW. Yet another example that the claims of open source bulletproofness is nothing more than a myth), and the reality is that about 99.99% of the public ISN'T (EVER) going to download the new zlib source and recompile their binaries.

    Now what they could do is use zlib as a linked library (which is allowed because it isn't GPLd: Yet another vote against the GPL as being a great license), in which case the public could install the new zlib library and everything would be great again. This is actually what many users of zlib on the Windows platform do: Encapsulate zlib as a nice handy, self contained little dll.

  5. Re:Just waiting for the press release... on Microsoft, zlib, and Security Flaws · · Score: 1

    Just that since anyone else can compete with you, trying to make massive profits will typically put you out of business.

    Uh, trying to make any profit (or trying to even make a remote amount of your costs) will put you out of business. GPL software cannot be commercialized: It doesn't work.

  6. Re:50 lb bike lock on Laptop Anti-Theft Devices · · Score: 1

    If someone wants your bike/lock/laptop/phone then there's not alot you can do.

    This is true for some thefts, but such professional type thefts are the minority. The majority of opportunists who see the laptop sitting in the backseat of the car with the easy to bust through window, or the ladies purse sitting on the floor where she can't see it. I use a "club" on my car not because I think it'll thwart the true pro (though I don't think a true pro would be targetting a car like mine...), but rather to thwart the far more common nighttime joyriding kids.

  7. Re:again airport security are idiots. on Airport Security vs. Cyborg Steve Mann · · Score: 1

    I never heard about any passengers springing into action when show-bomb guy was sitting there trying to blow them all up...

    There's the old addage about warfare and how you must always give your enemy (enemy being contextual) a route to escape, because a trapped foe was the most dangerous of all: They have nothing to lose and will put it all on the line. The Pennsylvania hijackers thankfully got a lesson in that before being sent to an eternity of nothingness: The people on the plane knew that they were going to die, so there are no maximum costs to what you will do to stop it, and truly they were heroic to the true sense of the word.

    In other words, people go along with the show-bomb type because they know the person usually isn't suicidal, and there is a very good likelihood that they will get off after the person gets that ride to the Bahamas that'll quickly get riddled with 20mm shells from an F16. Actually that points out the corollary to that, which is that when hijackers get in a situation where they are cornered, and historically the government has lured them out with false promises and then killed or incarcerated them, then hijackers are more likely to do something stupid because they have been trapped, in essence, without escape. Just meandering.

  8. Re:Well then... on FCC: Cable ISPs Need Not Give Competitors Access · · Score: 2

    Where do you live? In my area the cablecos marketshare is being dramatically eroded by satellite services (including mid-speed 2-way as well), and many of the cable cos have latched onto high speed internet access as one of the selling points to encourage people to keep cable (it worked. I love some of the satellite services and features, but I also like high speed cable internet access). Additionally high speed DSL access has made massive inroads, and 2.5G wireless access is looking to extend the competition. 10 years ago it'd be fair to say that cablecos had a monopoly, but I really don't think that is true for the majority of people.

    On top of all of that, a lot of the time that people are bitching about something they're bitching without reason (and as stated following, I include myself in that category). For the past 2 weeks I've been griping to anyone that will listen about how my cable modem was giving back 600ms ping times and horribly unrealiable throughput. Turns out that it was that the cable I ran got crimped in a door and must be noisy now, as replacing it gave me those 10ms pings I know and love.

  9. Re:No FDIC insurance? on Feds Rule PayPal Is Not A Bank · · Score: 2, Insightful

    When you do your taxes you have to list your assets? This is actually a serious question: Do you not just list income and expenses, and latent assets are irrelevant?

  10. Re:Wow, what a victory! on Google Juice · · Score: 1

    Karma whoring? Give me a break. I'm sorry we didn't wait for you to provide us with your expert final word on this matter. Google has explicitly stayed tight lipped about how their service ranks pages, and they've done this very intentionally : History has shown that once people are aware of the machinations that affect search engines, they then abuse it to get whatever they've done at the top of the rankings. The "dumb motherfucker" humor article of a while back unfortunately revealed some of the foundations behind Google rankings, and immediately those in the know started taking advantage of it, and today you see bloggers playing around to get their pet project to the top of the ranks. We've heard already that a certain "Scientific Church" has built thousands of pages cross linking and reverse linking specifically to pull their links up to the top of the Google hit list. If you fail to carry the extrapolation of this through then I'd say you are myopic and brutally naive. Are you so ridiculously naive that you don't think that there are hundreds of Slashdotters who are at this moment taking this newfound knowledge and considering how they'll get their uber-hardware review site or Ann Landers Fan Club to the top of the hits via exploiting this aspect of the search technology? Having said that, of course it isn't the end of Google, but I guarantee you that Google is continually working on ways of avoiding intentional placement of search results. Again, scientifically your results are invalid if your measurements affect the results.

  11. Re:arg! on Fujitsu Announces XScale PDA · · Score: 1

    http://www.arm.com/news.ns4/iwpList125/B88B5796636 DF17E802569440062D45B?OpenDocument&style=Press_Roo m

    I had no clue about this XScale thing, however that was the first thing I came across on Google, so it appears to be an ARM instruction set processor, using technology Intel obtained when they bought DEC, which was a co-creator of StrongARM.

  12. The fastest ARM PDA? on Fujitsu Announces XScale PDA · · Score: 2, Insightful

    What does that mean in the real world, versus say a 200Mhz Hitachi SH4? It just sounds weird seeing it called the fastest ARM PDA : Sort of like when pickup trucks have the best fuel economy in their category (which could mean that single model of pickup truck...). Will this be a super fast PDA? (And yes, to those who ask it does matter. With GPRS and other high speed connectivity issues real time compression/decompression, etc., matters more, and begs for increased power).

  13. Manipulation doesn't strengthen Google on Google Juice · · Score: 3, Interesting

    Given just the example regarding the redirection of "talentless hack" to the guy's friends site clearly demonstrates that this is an abuse and degrades the value of Google as a search engine, versus being some sort of great democratic benefit. When I use Google to find search results, I'm looking based on content and relevance, not "How many online friends got together and Google bombed". Online, with manipulable systems like that, democracy doesn't work, and that was the whole problem with META tags which this is basically recreating. Even worse is that it doesn't even just have to be democracy: Many Blogger sites themselves have high rankings as a whole, and with some machination someone can individually set up thousands of sites and programmatically set-up Google bombs. Clearly Google will have to filter this out.

    Google is like scientific measurements : If the process is affected by the measurement then it's tainted.

  14. Re:Public's fault on Canada to Raise Tariffs on Recordable Media · · Score: 2

    Very good point about backups (though I'd guess that that is what the minority of CD-Rs sold are used for, though I can't back that up) : Backup technology really hasn't kept pace has it?

  15. Re:One number to rule all numbers - necessary? on Hong Kong Gets Smart ID Cards · · Score: 1

    Here in Southern Ontario we've had a longstanding problem of Northern US scamsters (no I'm not saying the Northern US is scamsters, but rather I'm saying that the scamsters just happen to be from the Northern US) with stolen or forged health cards or other Canadian/Ontario government ID coming up and getting free healthcare on the backs of Canadian taxpayers. Because of this they've introduced a new more advanced health card, and there is talk of cards similar to the Hong Kong card : If you don't fight it, then people abuse the system.

    Personally given the proliferation of networking nationwide, I'd prefer any system that keeps as much of the data centralized and secure versus stored on a card: i.e. If they started storing fingerprints then it most certainly should be in a central database, and your personal card merely correlates you record with yourself whereupon the match is done. Storing it on the card is basically guaranteeing that you'll be replacing the system in a year because someone reverse engineered it and can print their own.

  16. Re:Public's fault on Canada to Raise Tariffs on Recordable Media · · Score: 1

    It'll screw over the economy? I think you're being a bit dramatic. Your example regarding a tax on cigarettes is misplaced as well given that the tax load on a cigarette smoker (as it should be. I believe it was up to $35 a carton for a while, though it dropped to $21 after widespread smuggling) is dramatically higher than even the most prolific warez d00dz would face under this legislation: I use maybe 20 CD-Rs in a year, and I'd wager that I'm way above the average.

    I disagree with any CD-R levy, personally, but I can see their point: As was evidenced in the Bruce Perens article story of a couple of days ago, there are a lot of people who have a neandertholic impression that the value of anything is limited to the value of copying it (i.e. Hrmmmm, I wonder if they're busy making colour photocopies of $100s in their basement). Not only does there need to be education in public awareness, but there has to be education as well in the artistic/IP rights of creators, so that everyone doesn't think they have a righteous moral ability to dupe software and music just because they have a physical ability to do it.

  17. Re:Microsoft has blinders on on Perens Discredits Mundie's Attack On GPL · · Score: 1

    Of course the irony of your statement is that scientists are heavily protected by IP laws, and by company trade secrets: Without such protections there'd be little incentive to create (or little economic ability : What drug company could invest the billions of dollars of R&D in drugs if they had a marketplace with GPL type ideals that a drug is only worth what it cost to make a pill. The answer is none, until of course you implement a communist government...).

    In any case, no one is saying that GPLd or open source software should be banned, abolished, or that it doesn't have its place : Microsoft themselves releases thousands of helpful little scripts, COM objects, etc, and I don't see them being held up as a champion of open source. Rather the quandry is the classic debate of whether we, as a society, are going to value intellectual property, or we are going to perceive it with simplistic notions and consider the value of a piece of software versus the cost of a CD-R. On the one side you have Microsoft spreading FUD about GPLd software, but no one can deny that the GPL community is just as busy on the other side of the fence spreading their own distinct brand of FUD.

  18. Re:Microsoft has blinders on on Perens Discredits Mundie's Attack On GPL · · Score: 1

    I'm a software developer in vertical markets, and I do not, nor have I ever, worked for Microsoft. Having said that, my positioning on Microsoft's actions in the marketplace is a whole different discussion altogether (and don't presume that I look all that favourably on them). What I do have an issue with is the luddite philosophy by so many on here that the value of something is limited to the cost of producing a copy (+ a small margin), which is something that I disagree with.

  19. Re:Microsoft has blinders on on Perens Discredits Mundie's Attack On GPL · · Score: 1

    It's Rambus that was fabless, and I, for one, have no problem with their going under.

    My mistake with the AMD reference: I had intended to say nvidia. There are countless other examples of companies who make the designs and leave it to a "professional fab" to make the chips themselves.

    1. Volunteer labor is not sweatshop labor, and comparing the two is nothing but slander to all the people who have worked on free software. You owe an apology to a hell of a lot of people.

    Sweatshops are volunteer labor, in a sense. The idea is that the contributors are not being compensated for the worth of their input, and that is a non-factor when it's a charitable circle, but now you have organizations like IBM involved, and large corporations that are utilizing GPL software: If IBM used the local church knitting circle to make IBM banners for the trade show would that be charity and volunteerism?

    He is referring to the marginal cost, the cost to produce and distribute one item of product. That cost, for software, is near-zero. That is what is why Bruce believes that software markets cannot be treated the same as hardware markets.

    My point was that marginal cost with software (or ANY IP work) is completely irrelevant, just as it's irrelevant to nvidia, or any other IP creation: What is with the infatuation of so many on here with physical investments? I'd swear that Intel and AMD own fabs purely to satiate the belief by so many that only those who are wealthy deserve to earn wealth.

  20. Re:Microsoft has blinders on on Perens Discredits Mundie's Attack On GPL · · Score: 1

    nvidia doesn't own the fab, and technically you could go there tomorrow with a CD of nvidia designs and get them to produce a GeForce 4 for you. The ONLY reason that people can't copy GF4 chips or Cadillacs is because of IP protection laws, which I greatly support, but it's strange how many people seem to support the concept of the rich getting richer (i.e. only the rich can make money because it's all based upon the physical), rather than a meritocracy of the intellectual capabilities and production.

    I explicitly chose a fabless company (incorrectly choosing AMD at first) because I knew that someone would bring up the (incorrect) "do you have a billion dollar fab?", ignoring the fact that nvidia themselves don't have a billion dollar fab (and to companies like Intel and AMD the fabs are merely to reduce the production costs by bringing it inhouse), so that point is bogus. nvidia makes money based on IP and IP alone, and just like software their designs can be "Copied with a click".

  21. Re:Microsoft has blinders on on Perens Discredits Mundie's Attack On GPL · · Score: 1

    Mea culpa. I guess a better example would be nvidia, a $8 billion dollar company whose sole creation is intelligence: They make designs which theoretically can be copied with "no cost".

  22. Re:Microsoft has blinders on on Perens Discredits Mundie's Attack On GPL · · Score: 1

    So that $9.95 is covering the valuable printing of it in book form? Of course it isn't (or there'd be ripoff companies selling them for $0.49 a copy): It's paying all the people who were involved in bringing that book to fruition, and it's encouraging creation by allowing authors to actually make a living writing. Without that support system (and the copyright system which protects against companies making their ripoffs) the only writers would be those that can spit off a couple of lines late at night after putting the kids to bed, in the hopes that one day they can release it for free....in other words most creative content would disappear.

  23. Re:Microsoft has blinders on on Perens Discredits Mundie's Attack On GPL · · Score: 1

    It takes a pound of flour to "copy" a loaf of bread. In contrast, once you have amortized the cost of creating a piece of software, there is essentially no marginal cost associated with creating another copy.

    Does the same rule apply to any form of IP? (patents, copyrights, etc.). It would be hypocrisy if it didn't. This would basically destroy the chip making (i.e. AMD, which is fabless), or any other advanced engineering, firm immediately.

    It takes a pound of flour to "copy" a loaf of bread. In contrast, once you have amortized the cost of creating a piece of software, there is essentially no marginal cost associated with creating another copy.

    In your own article you commented that Linux, if it was developed with paid labour (instead of sweatshop freebies), would cost $1.9 billion, so stating that there is not a cost (for software developed respecting that development is a job) per copy distributed is greatly simplifying (of course you cleverly wrote off the upfront development cost as if it's a non-factor, yet it is often tremendous dollars to develop software): Of course there is a cost per copy (is there a cost if I sneak into a movie theater in a half-full audience? If you see it in a selfish, individual way then no, but if you see it as a whole then of course there is: What if everyone snuck in?)

    A great percentage of our society is based upon IP now, so simplifying the world to physical entities is a return to the early-industrialized era when all our tiny brains can comprehend is physical-in-your-hand posessions.

    Regarding your argument about software developers providing and everyone else consuming, most people are able to participate in a free exchange of information. In this same topic we've been carrying out a thread about how an illustrator can help.

    But they don't, as a general rule. I hate to bring up the dreaded C word, but are we talking about communism? Is the eventual goal that soon we're all contributing everything for free?

  24. Re:Microsoft has blinders on on Perens Discredits Mundie's Attack On GPL · · Score: 4, Insightful

    Of course Mundie sees the world through Windows coloured glasses, just as most of Slashdot's readership (including Mr. Perens) sees the world through open source coloured glasses: Biases are as human as life itself, especially when you're payed to have it (or you make fame by advocating a cerain bias).

    Having said that, I find Perens' editorial weak in substance or facts, starting from the first paragraph where he uses the public square "commons" as a parallel with GPLd software, which is ironic if you really think about: The commons was merely where you did you trade, trading cucumbers for gold pendants, and horses for a gaggle of geese -> The idea is that everyone has different skills and focuses, and commerce is how we all live full lives. The GPL software philosophy on the other hand, is one where software developers provide, and everyone else consumes (I recall a +5 posting on Slashdot some 2 years ago where someone told the story about how they explained the GPL to their dentist, and their dentist thought it was a great idea: Yeah, I'm sure they do. Now how about giving me some caps for free?). How humorous then to see Perens hold IBM up as a great example of the meshing of GPLd software and capitalism (with Linux being the "crown jewel", no less), when IBM is basically selling computing hardware on the backs of a bunch of basement programmers (I'm sure downsizing of the software development arm isn't far into the future) : IBM gains, the community loses. Yeah, I'm sure IBM does some token contributions to the Linux community, however I'd put a wager on them spending (many) magnitudes more painting penguins on sidewalks and putting cute Linux ads in magazines than they spend paying developers who contribute : Why would they contribute? Reality comes into play, and they won't see much reason to help Dell sell hardware too, now will they? Soon you have a prisoners dilemma with every company leaching but not contributing.

    The essence of all of this is this: Whether Perens and crew acknowledge it or not, what they are in actuality saying is that software development is an exceptional sector of our economy where regular rules needn't apply: Sure, sell your computer hardware, sell those coffee makers, buy yourself a nice new BMW, but don't you dare sell that software (and it is good to finally see someone in the GPL community acknowledge that the commercialization of GPLd software is next to impossible, as Mr. Perens states "And it's (deliberately) hard to commercialize GPL software."). As a software developer this infuriates me because Perens and crew are basically selling out software development as a profession, all to push an ideology and to act as spokespersons. On the receiving end, companies like IBM and HP, whose senior executives gleefully count the dollars gained from their absurdly, ridiculously overpriced hardware that is sold at thousands of times the raw material costs, hop on the Linux bandwagon : How very, very surprizing. And boy am I surprized to find that there are corporations that would happily replace systems that they paid for with GPL sytems: If these companies could pay a third world nation to enslave children to sew their $150 shoes (material and labour: $0.25) together, then they'll happily do that too.

    Mundies argument is that software as a valued good cannot coexist alongside the GPL, and in my opinion he is ENTIRELY RIGHT, as has been proven so many times (and Perens acknowledged in his article, which is quite the transition from prior GPL positioning which is that they were compatible).

  25. Re:Ridiculous on CRT Eavesdropping: Optical Tempest · · Score: 2

    My specific problem with the paper, which may or may not be groundless, is that as mentioned the test monitor appeared to have phosphor that decayed 90% in 0.55usecs, yet as mentioned real world monitors, like the one in front of me, decay to 10% from between 80 usecs (and it would vary by pixel as well as it isn't set in stone) - 1000 usecs, so it sounds like a test case that may have been rigged to basically, as mentioned, be a trace gun illuminating the opposing wall. My doubt is the gap between a possibility (there is no one who doubts that if you're reading the ray trace gun that you can determine what image was on the screen), and the practical reality with much longer decay phosphors.

    The 500Hz comment was merely joking, but it was based upon the difference between the sample phosphor decay and what people are practically use to.

    This whole debate, ironically, is very similar to the LED debate of a few days ago: There are practical limitations of the reponse time of a LED that limit what can be read for anything other than a hypothetical.