Slashdot Mirror


User: rickb928

rickb928's activity in the archive.

Stories
0
Comments
7,014
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,014

  1. Re:Perhaps we need to validate the CAs? on Comodo Hack May Reshape Browser Security · · Score: 1

    It works for DNS.

  2. Personal info disclosure here on Requiring Algebra II In High School Gains Momentum · · Score: 1

    Um, I took Algebra II in high school, and it was required.

    In 1971.

    When did the nimrods decide to ditch that? And in favor of what other requirements?

    Actually, I'm afraid the answer will annoy me to no end.

  3. Re:Perhaps we need to validate the CAs? on Comodo Hack May Reshape Browser Security · · Score: 1

    When did my browser become my CA?

  4. Re:Perhaps we need to validate the CAs? on Comodo Hack May Reshape Browser Security · · Score: 1

    I just closed an account late last year with a bank I had done business with for 35 years, through mergers and acquisitions and all. They has no branch within 500 miles - I had moved away from them. How would you like to run over and pick up my cert for me?

    A QR code would be fine, but how is it delivered? From their website? Which one? The fake one that presents me a cert from a CA in Uzbekistan? Beijing? Singapore? Do I trust the CA from East LA any more? Why?

    For a decent attempt at multi-factor security, I need to be able to choose how I find the bank. So if I go to https://www.chase.com/ can I be certain it is the real, legitimate Chase site? How can I tell if it was falsified in DNS, with a cert from a compromised CA, and is just a passthrough to the 'real' Chase site...? When I get a call from the bank? when I read about it on CNN?

    Can it be bulletproof any more?

  5. Perhaps we need to validate the CAs? on Comodo Hack May Reshape Browser Security · · Score: 2

    SSL is dependent on certificates, and the certificate process is deeply flawed. Microsoft in particular seems to be willing to recognize almost any CA, and yet I have trouble with well-recognized root certificates from Verisign working corrrectly with our software, using OpenSSL. Now we hear that most any CA can mint most any certificate.

    Perhaps there needs to be a true 'root' CA, and at least some domains subscribed to prevent any other CA from delivering certs?

    Gee, this would also be nice in DNS, where 'very well known' domains, such as Google, Microsoft, banks, etc could pay to be put on a 'do not change' list and get a more formalized process for management.

    The reality is that we are well past the 'family business' mode the Internet and ICANN et al relied upon to keep things working.

    Jon Postel must have shed a tear. There is still a need for collaboration, but it's time some of the Internet infrastructure grew up. Please fix this before the governments do. You won't like their solutions.

  6. I had one for a few years... on The 30th Anniversary of Osborne Computer · · Score: 1

    It was a deader, and I finally solved a power supply problem just to find out it was more than that. I never got it running.

    But it was a lot of fun to leave around for people to ask about. Then I snagged a Kaypro that actually worked. That was nice.

    Alas, I've pretty much gotten rid of the collection.

  7. Assuming this is an April fool's Day joke, on SlashTweaks Let YOU Micro-Edit Slashdot · · Score: 2

    then I can wait a day for sanity to return to my reality. If not, I'm more than disappointed.

    You know just how frakking messed up micro-editing is, right? It renders your RSS feed unreadable.

    And then there's the complete devastation of IE7 users. I'm stuck with this at work. Browser snobbery is counterproductive, even if there are security issues, which my corporate security has so far solved so well that IE7 doesn't work here any more. More pus.

    Slashdot code is not getting better. Hopefully this is part of a cycle of break/fix.

  8. Re:Ma Bell Stifled Innovation? on Ma Bell Stifled Innovation, AT&T May Do the Same · · Score: 1

    Solar cells.
    Cellular telephones (they proposed this in 1947)
    Lasers
    Communications sattelites
    Digital signal processing
    CCDs
    Radio astronomy

    You were just being a jerk, I know.

  9. Re:Dream for not Millionaires... on Ask Slashdot: Data-Only Android For Development? · · Score: 1

    I've got two Dreams, both running 2.2.1, and that means no Flash. And the chipset won't do Flash. So if the OP wants Flash, he don't want a Dream.

    I'm not sure I can run 2.3 well at all, so I haven't really tried. Maybe a MT3G would be a cheap play, but again no Flash.

  10. Flash is the problem on Ask Slashdot: Data-Only Android For Development? · · Score: 1

    Needing flash means you need a current phone and / or tablet. $$$

  11. The more things change... on How the iPhone Led To the Sale of T-Mobile · · Score: 1

    My first mobile phone was an OKI bag phone ( I was the second most active user in Maine for a while, thanks to the guys at Maine Wireless for all the free minutes), but some time in the 90s I got my first paid-for phone from AT&T WS. I lived through the change to Cingular, then when they went back I bailed to T-Mobile in 2006.

    So now I'm being driven back? Like I'm gonna hook up with VZW? And Sprint, the red-headed stepchild of the industry? No.

    I got nowhere else to go. 2012 will mark my teturn to the evil empire. Gahhh!

  12. My first Linux on Reminiscing Old School Linux · · Score: 1

    I bought the book 'The Internet CD' on a whim, and because it claimed to have a version of Linux on it. This was the same day I finished a marathon support sesson with SCO because an app vendor decided to remap the entire print subsystem on a SCO 4.2 server, and made it virtually impossible to install a new printer for ANY OTHER PURPOSE without paying them for a call. Not that SCO was cheap, but we had a contract. Only took 6 hours to rebuild that, ugh.

    But the book had a CD that included Slackware 0.9, if I remember correctly. It was a mess, but it did survive, and I had Lynx running in two days... Hehe... Good times...

    I miss a distro that fit on a CD. I miss being able to do EVERYTHING at command-line, by default. I miss Linuxconf too. I miss predictable file locations, 'service' working, and joe. I miss running my mail and web server on an old Athlon 1.3GHz board with 512MB RAM and a 40GB HD. For three years. Without a reboot.

    Of course, to be fair, I miss the open proxy serving the needs of anonymous perv browsers all over the world. I miss being completely pwned by one of them when I shut it off. I miss trying to keep a 6-day Usenet feed via satellite. I miss dialing into the modem to resurrenct the old Cisco 2514 router, damn, that thing lasted forever. I miss the first realization that someone was trying to break into my hosts. I miss the first time I wrote a hosts.deny to stop them, and it lasted for 6 months. I miss calls in the night asking me why my server was sending 3 million emails through someone else's mail server.

    Good times.

  13. Yup, they're gone on Does Syfy Really Love Sci-Fi? · · Score: 1

    I'm so tired of snakes, vampires, ghosts, and bugs that SyFy is pretty much useless to me. I get more out of Lifetime Movie Network.

    So I'm reduced to watching V as if it's not just another snake plot. When SyFy took the Is out of their name, it was the admission that they are chasing popular culture for the bucks. Guys, there's a lot of money in real Sci Fi and fantasy. Dr Who had an audience, I think. Anyways, staking themselves to the SciFi/fantasy genre would have at least given them something to claim as their own. Now they are just another lame movie network, bleagh.

  14. Even CONSPIRACY theories are sometimes true... on Glen Beck Warns Viewers Not To Use Google · · Score: 1

    Imagine a world where you essentially have one outlet for the spew. One service for email. One news aggregator. One forum platform. All your friends are on it, your co-workers, your WORK. You use it to chat with friends all over the world, share pictures of your latest vacation, expose the lies of your last boyfriend, recommend a new band you heard about on the same forum, celebrate family events and mourn those who have departed. You post your more cogent thoughts alongside OMG! PONIES!.

    You consider it a trusted source of information about things important to you. You join into larger and smaller groups to share common goals, or just to voice your opinion about something, often on a whim.

    You carefully limit the disclosure of your 'private' information, and in the next breath answer a poll that tells you it will send the very same poll to all your 'friends' on this service. You answer their polls also, because you want to be included in their circles.

    Does this sound familiar?

    Now, consider how hard it is for our law enforcement, national security, and intelligence agencies to monitor the many forums and services that you use to voice opinions, share your expriences, email, get news and opinion, and of course look for employment opportunities/new friends/etc.

    Would it be easier for them to monitor just ONE? And would it be easier for them to coerce that one service into permitting their intrusions?

    You're thinking smugly now, "oh, but I use at least TWO! HA!". Sure, that'll really throw them for a loop. The service isn't The Twitter, or Facebook, or even Slashdot. It's the Internet. It's not just one service they can jack into, but the number of jacks they need is finite, and is already manageable.

    And there are indeed a very few jacks they could use to listen in on the overwhelming majority of the spew. The rest they can get without a subpoena unless someone says 'no, you can't do that'. And that someone may be co-opted, and we would never know. We may never know if they are just listening either. Maybe they have an interest in keeping some things from becoming too popular, or just wanting a particular idea to flourish, to the detriment of other ideas...

    Sometimes, bigger IS better. Sometimes not. Competition isn't necessarily the answer, but then again the question shouldn't have been 'how do we keep our government out of our personal lives? How do we avoid being watched so easily?" And just as importantly, how do we keep government from limiting our expression? That is a question being asked over much of the world. And it will need to be asked here, in the U.S., also. We're not immune to government interference, far from it. It's not the Internet kill siwtch that worries me, it's the filters. And the listeners.

  15. Re:I'm pretty much pwned already.. big woop on How Your Username May Betray You · · Score: 1

    Actually, I determined after very little research that shipping containers didn't meet my needs. Their incessant ads were wasted, and my original need, a storage shed, never showed up in an ad.

    I bet buying scifi books gets you LOTS of offers for fantasy books, maybe not so many for political biographies. My concern is that one day 'they' will decide to market to you what 'they' think you want, and little else. I might never know about deals on used metal sheds because they think I want something more expensive.

  16. I'm pretty much pwned already.. big woop on How Your Username May Betray You · · Score: 4, Insightful

    Trying to hide from the marketers is almost a Hobson's choice. If I want to obscure my identity, I must:

    - Use multiple identities. Complexity and failure due to other means of tracking me make this fairly pointless.

    - Stop using cloud-based services. There goes Gmail and a bunch of other stuff. So I should be running my own webmail gizmo?

    - Opt-out of all marketing opportunities. Sure, and opting out is actually respected by how many? ESPN keeps turning video autoplay back on when I go there, as if they are going to respect my opting out of newsletters, sharing with other entities that have 'items of interest' to me.

    - Unsubscribe from services when I'm done with the business at hand. And re-enroll two weeks later. Nice, I get to play whack-a-userID as much as I do the thing I actually wanted to do.

    So I don't bother. I'm fairly immune to the sidebar ads I get, I never respond to spam ads, and I am now tending to avoid retailers that obviously use deceptive means to target me. Screw 'em.

    As an example of hilarity; I looked into getting a used shipping container a few months ago to use for storage. Turns out even old beatup ones are pretty expensive. For weeks after that, I would see sidebar ads for shipping containers 'everywhere'. Even today I coudl get one if I go to the 'wrong' site. I was never seriously in the market for containers, but it's a competitive market, and they are persistent.

    Another example; I made the rare mistake of going to a buy.com (or was it nextag.com?) link for an item. Aw, crap. Now I get those ads all the time. But I recognize them schlepping me ads for 'djebme strap' and ignore them.

    A final example; How often have I actually clicked a link to nextag.com to look for something specific, as a last resort, and find that they actually don't have ANY sources, but 'check back real soon'! Argh. And you can be sure I'll be peppered with ads for that item for a while. Grrr.

    It's a lot like old fashioned junk mail, except I don't even need to carry it to the dumpster. It could be worse.

    And it probably is. My only fear is that I will eventually get categorized, and red-lined so that I never see ads for what I actually want, but I see ads that are shoveling me something I don't want, but 'they' are trying to steer me to. This is entirely illegal in financing, but not quite yet in retailing. We'll see if it should be or not.

  17. Re:PCI in California on Court Says California Stores Can't Ask Customers For ZIP Codes · · Score: 1

    Despite the specs, you won't get certified if you don't encrypt the data at every step, and many outfits mistakenly require ALL of it to be so.

    If you send auth messages with Zip for verification, it will have to be encrypted to traverse any public network. That includes all but dialup now.

    And our software uses SSL, as do all Internet links. Some I work with use otherwise-encrypted messages over SSL. Nothing like double encryption to make your day.

    Include on your list of items all three tracks. EMV and Chip&PIN have different requirements.

    While PCI spec didn't say ZIP etc, good luck not doing so. Just the auth mesages make it necessary, and included by inference.

  18. Re:Wrong problem, wrong solution on Court Says California Stores Can't Ask Customers For ZIP Codes · · Score: 1

    Just so we're clear here, most gas stations have to get you name from your credit card records. Zip code *IS* in fact used by the overwhelming majority of gas retailers to verify addres on a Zip match only. Yes, it is.

    What else they do with it is between them, their bank/acquirer, and the card issuer(s). Generally, if they retain the Zip code for other purposes, they fall into trouble with privacy regs, and rightly so.

    But the court case was for a retailer, and they often gather zip code at the beginning of a transaction, before they know your form of payment. This is an excellent tip-off that they don't need it for address verification *yet*. If they ask for it later, well, maybe.

    If you're using your card at the pump, Zip code is a good way to reduce fraud. From what I can see, marketing card customers by gas retailers is not very widespread. I;m sure I can get a lot of people claiming they were marketed in this way, but remember, SO many people buy gas with cards, we should be hearing a flood of complaints. And I would be seeing it a lot more than I do. Retailers are a real problem, not gas & oil.

  19. Wrong problem, wrong solution on Court Says California Stores Can't Ask Customers For ZIP Codes · · Score: 1

    Zip code is very commonly used for address verification. Making it unusable will only increase risk and costs, and that can't be what the California court intended. If so, an appeals court will smack them around soon enough.

    But if the problem is the other uses for Zip code, like address extraction and marketing, then that's a problem. I often refuse, unless I like the business. If I get the prompt at a gas station, it is for credit authorization. Gas & oil are fairly common targets for fraud, and they have their rules. Zip is useful to catch the run-of-the-mill thieves.

    If you give a bogus ZIp and your transaction is declined, you can bet it was the Zip match. Try again with a real one.

    How, if California decides to legislate the use of customer data, and prevent sharing or mining with partners without the customer's permission, I'm all for that, baby. We can't really limit the information we give busineses we patronize, but we can expect them to tell us what they are doing with it. If you've purchase a home in the past 10 years, you know how quickly the insurance, door/window, garage storage, and carpet people start calling. They mis-spelled my wife's name on our loan app 6 years ago, and we still get calls for that name - and that was the loan APPLICATION, not the actual loan... Weasels.

  20. Re:PCI in California on Court Says California Stores Can't Ask Customers For ZIP Codes · · Score: 1

    It's already required to be encrypted. ALL cardholder data is required to be encrypted, even something that you might argue is 'public' or 'not sensitive' data.

    And encrypted both in transmission and storage.

  21. Re:Here is the crux of the situation on Insider-Trading Suspects Smash Hard Drive Evidence · · Score: 1

    "For example, I can burn my grocery receipts in my fireplace at home, but destroying evidence that I purchased them... but purchasing them was not against the law, so destroying the evidence of that is not illegal."

    Absolutely. But if you were being investigated for securites fraud, and the SEC notified you of that, destroying any of your business records would probably fall under the heading of destroying evidence, and I suspect you're in hot water.

    And in today's environment, your personal email is not off limits. Not evern your phone records, expecially your emails to and from your phone.

    In fact, I suspect that SEC regs states that you're supposed to preserve these records, so that's probably enough for administrative action. These guys went way past that. There are situations in securities law where the records are important, whether they confirm or disprove your guilt or innocence.

  22. Re:Here is the crux of the situation on Insider-Trading Suspects Smash Hard Drive Evidence · · Score: 2

    It didn't have to be incrimninating. It was still evidence.

    In fact, did they receive a discovery notice, or have reason to believe they would?

  23. Re:Has the Voice of America gone dark? on US Has Secret Tools To Force Internet On Dictatorships · · Score: 1

    I ws thinking more of USB-powered access points, but the 5W charge rate does leave you with less than 24hrs a day of useful charge. Probbly.

  24. Re:Has the Voice of America gone dark? on US Has Secret Tools To Force Internet On Dictatorships · · Score: 1

    So you got my point. Thanks...!

  25. Has the Voice of America gone dark? on US Has Secret Tools To Force Internet On Dictatorships · · Score: 4, Informative

    I ask that rhetorically, but has VOA become so neutered and politically correct that it could not at least broadcast current events to the Egyptian people? It wasn't that long ago that VOA was jammed regularly in the former Soviet Union.

    Carpet-bombing the country with 'cheap' sat phones or wireless routers for use with a foreign-sponsored offshore Internet service sounds like fun, though. All we need to do is figure out how to set up the link so aircraft don't need to overfly the target nation, and set these up as mesh nodes to extend the network into the interior. And keep the airborne links far enough outside the target's borders to pretend they are in 'international' airspace. Battery power is not a good idea, but it may be the simplest thing. Imagine a national ban on batteries... USB-powered devices would be ideal, but that's a tall order technilogically...

    These flying access points better be remotely piloted, though. Hosni in particular knows his way around air defense, and has good equipment.