Slashdot Mirror


User: WaffleMonster

WaffleMonster's activity in the archive.

Stories
0
Comments
4,185
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,185

  1. Re:Croudsourced stuffing of obvious idea database on EFF Announces New Patent Reform Project · · Score: 1

    It's called the patent office. They have a huge searchable database of this stuff. They're called patents and patent applications.

    The idea is minimizing barrier to entry. Patent applications are not free and require work and a skillsets inaccessable to everyone.

    Also, pretty much any publication can serve this purpose.

    If scouring the world for prior art is not done properly say by an overworked or lazy patent clerk the patent is issued and damage is done. Barrier and cost to fighting might as well be infinite if your not a large corporation with a dedicated legal team.

    Almost any publication system would survive a legal challenge. Few people fight over publication date if it's apparent from it's face. The only real issue is determining whether the publication was to be public and readily accessible.

    Except any legal challenge against any patent costs too much time and treasure. If you ever need to go there you've already lost regardless of the outcome of your challenge.

    With the database certain interfacing rules to ensure opportunity for review and resolution of conflicts would be awesome.

    Also, there used to be something called the Statutory Invention Registration that the patent office provided that allowed inventions to publish just for the record of it:

    Paying filing fees and doing all the necessary paperwork consitutes an unacceptable barrier to entry. The point is to make it easy for anyone to jot down an idea and make it public domain and provide some assurance it will not be missed instantly without mailing in government forms or paying dues.

  2. Re:Moron on Chuck Schumer Tells Apple and Google To "Curb Your Spy Planes" · · Score: 1

    "[I]f highly detailed images become available, criminals could create more complete schematic maps of the power and water grids in the United States. With the vast amount of infrastructure across the country, it would be impossible to secure every location."

    Right...because today, every square inch of the undocumented US infrastructure is completely secure. /sarcasm

    Most of it is heavily documented and much of that information is avaliable to the public.

    I can go to my counties web site and download prerendered maps and shapefiles detailing our aquifer and locations of every well in the system.

    Detailed maps of the national energy grid including capacities of each line is also freely avaliable.

    I hate fear mongers, spies and stalkers. Using fear mongering as the basis for attacking spies and stalkers makes me sad.

  3. Croudsourced stuffing of obvious idea database on EFF Announces New Patent Reform Project · · Score: 4, Interesting

    I think what might be interesting is to develop a database of prior art/ideas. With thousands of people submitting everything they can think of every conceviable obvious aggregation of technologies any patent application would be required to be checked against the database and rejected if someone else already dreamed of it before the application was filed.

    The database would be run by the patent office or it would incorporate cryptographic and distributed features allowing timestamps and content to stand up to any challenge.

    Companies not wishing to pay the patent tax might seek to use it in a bid to prevent others from filing first and locking up the same blatently obvious ideas for the next 20 years.

  4. Unicorn bosons on Missing Matter, Parallel Universes? · · Score: 1

    Sure neutrons have an aggregate charge of zilch yet quarks that make up the thing don't. We've been able to see fractional effects caused by constituents of neutrons for a while now.

    It would be really interesting to understand why being able to effect a neutrons properties with a magnetic field warrants such exotic explanations.

  5. Keyboard!! on Microsoft Announces 'Surface' Tablet · · Score: 1

    I'm not into the tablet craze... have no use for useless toys but as such things go it looks interesting and least this one has got a keyboard!!

    Nice to see MS innovating rather than clone ipad. Now all they need to do is update the OS such that metro disappears whenever the keyboard is engaged.

  6. War on terror/drugs/petty theft on National "Do Not Kill Registry" Launched In Response To Drone Kill List · · Score: 1

    What makes executing a suspect in country x any more objectional than executing a suspect in the US? Is there something inherently different in a person residing in another nation making them less deserving of the same right to due process as a person residing in your own country?

    The world is full of bad actors, far more people are damaged, killed and terrorized by the drug trade than have ever been killed by al qaeda yet there are no drones invading Mexico airspace gunning down kingpins or carpet bombing Afghan poppy fields.

  7. Re:How many atom bombs does the UN have? on The U.N.'s Push for Power Over the Internet · · Score: 2

    The ITU does have the force of law - even here in the US because it's established by treaties we've signed. By our own Constitution, treaties bind our governments behavior with a force equal to Constitutional amendment!

    Lawmakers (governments) make treaties not the ITU. The ITU itself creates standards which serve as the basis of treaty activity, technical standards, best practices..etc.

    For example say the ITU produces a document which demands anyone who sends x data must pay y amount and majority of ITU members vote on to the document. This act may inform global practices however without the force of law by UN treaty process (including ratification by each member) it means nothing to that member. The US is not subject to the effect of adhoc changes to law unless those changes themselves are ratified by CONGRESS which will never happen.

    The constitution has supremacy over treaties.

    So it is better to be proactive and get what we need from the International body.

    Agree

    There are some who say - screw the ITU. Maybe that WOULD be a way to go.
    However, any such action involves abrogation of existing treaties.

    Unless ratified by each member country the treaty has no force of law for that country -- there is nothing to abrogate.

  8. Re:How many atom bombs does the UN have? on The U.N.'s Push for Power Over the Internet · · Score: 2

    What are they going to do if we ignore their invoices? Hold their breath?

    The ITU has zero force of law. They simply publish technical guidelines which others are free to disregard at will the same way vendors routinely disregard the advice of RFCs.

    There is still slight danger of binding legal frameworks around ITU products yet zero chance any of this crap will ever be ratified in the US or any other marginally sane country.

    Besides Russia and friends already have every right in the world to do whatever the heck they want with pipes going into their countries they don't need no stinking UN resolution to enforce whatever controls they want.

    The way I see it if Russia and friends want to charge others for access to their eyeballs or enforce ridiculous constraints on external peers let them try and see how well it works out for them and their economy when nobody is willing to peer with them.

  9. Who specifically is retaliating? on Hacked Companies Fight Back With Controversial Steps · · Score: 3, Insightful

    While summary and TFA seem to imply some sort of vigilantie response it never enumerates even a single example of what that would be or cites any incidents where retaliation had actually been carried out.

    TFA only seems to provide any detail or information about misdirection, honey pots..etc to thwart attacks and obscure important information...All obvious and non contraversial actions.

    What I find most distrubing is this little jem:

    "In April, Department of Homeland Security Secretary Janet Napolitano told the San Jose Mercury News that officials had been contemplating authorizing even "proactive" private-entity attacks, although there has been little follow-up comment."

    How are idiots like Janet even allowed to be secretary of anything? I don't know whats worse having such thoughts or publically admitting to having had them.

  10. More baseless nonsense please on US Security Services May 'Have Moles Within Microsoft,' Says Researcher · · Score: 2, Interesting

    Author of TFA dreams up some impossible to falsify idea - offers no supporting evidence of any kind except to say it is plausable.

    I love myself a good MS conspiracy and I'm sure there are plenty which actually do exist but lets not reward intellectual laziness.

    Just two questions:

    1. What do editors of PC Pro get paid to do?
    2. What is it doing on slashdot?

    Now if you'll excuse me my magic unicorn 'Flame' is hungry and wants a bowl of lucky charms before flying back to the land of lua to meet the angry birds.

  11. Less is more and I suck for calling BS on Windows 8 Pre RTM Metro UI Leaked · · Score: 2

    I still prefer NT4 era window decorations (NONE) cause I just want to get shit done and pretty graphics means less space on screen for apps.

    However on friends and realitives computers who don't all have eagle eyes the aero thing with the transparencies really look quite nice and cool.

    It is to me a little bit hilarious Microsoft is focusing on function over pretty interfaces while at the same time pushing a totally zombie consumption based interface concept like metro which makes no sense at all on the desktop.

    My conspiracy theory they want the desktop interface to look as ugly as they can get away with so people will be less confused by Microsofts 8-bit blockworld interface.

    It was cool to be able to run and see the output of two DOS programs on one 640x480 vga computer display at once in desqview like 20 years ago... The reserrection of that same prospect for metro apps in 2012 on our modern high rez monitors is beyond anything I am capable of processing or understanding.

    I wish MS the best of luck in its future endeavours chasing the apple zombie class of users.. As for me I don't want to be on your nonsensical sinking ship anyway MS...I'm jumping ship while there are still penguins in the water willing to rescue me.

  12. Re:oh please on Adopt the Cloud, Kill Your IT Career · · Score: 1

    But am not really surprised by the comments or the very negative reaction as this "movement" as it is a major threat to many IT people. One of the main, explicit goals of the "cloud" is to fire many of the readers on slashdot!

    What Joe biden always says about questioning judgement rather than motive makes a lot of sense.

    Any line of argument which can not be falsified is useless anyway. Stick to the facts/evidence and leave BS for the trolls.

    And yes it IS a "just form of outsourcing" and yes it rarely uses ground breaking technologies of the type we have never seen the likes of before. (possibly why a lot of people on this site don't seem to get it)

    There are many ways to cut management and systems costs. I fail to see any reason to believe in abstraction economies of scale in the operational space is necessary to realize this. If proper intelligence and design is baked into the SYSTEM operational considerations are minimized.

    I believe the core idea economies of scale needs to be in the systems themselves and NOT in who runs them is the single reason outsourced cloud for the sake of reduced management cost is ultimatly doomed to failure.

    I think what myself and others really want and what would be awesome is actually making the ancient idea of the compute grid work instead of the series of bullshit and bandaids we live with today and roughly call "the cloud".

    Before we can do that we need logical containers to wrap our compute and storage. Today these containers are mostly called virtual machines and represent insanely wasteful pathetic hacks. These containers need native execution and they need to be migratable seemlessly between processors and storage resources. Virtual machines only exist because the operating system vendors failed to provide the necessary features in their base product to sufficiently isolate and manage resources.

    special security audits or hardware requests or IT project management

    Remember kids you never have to worry about schema design cause you gots the sharepoint.

  13. Re:What difference does it make? on LinkedIn Password Leak: Salt Their Hide · · Score: 1

    The "factor of a million slowdown" is referring to the third item I listed. If you have a list of N possible passwords and K password hashes, the total cost of testing the passwords is O(N) for unsalted passwords and O(K * N) for salted passwords. This is because when you compute the hash for one of the passwords, you must use one of the salts. So, you have to compute K different hashes, one for each salt, whenever you test a single password. This is not the same as protecting you against rainbow tables, which are effective regardless of the number K.

    I don't see any difference between a "rainbow table" and taking the fruit of a hash operation and searching the space of K hashes for duplicates. It is logically the same operation although technically there are likely to be differences in implementation. The only distinction is in the weeds of who computed what when.

    It is not really O(N) because searching K space may be cheap but it is not free the same way searching a precomputed table is not free.

    When I say rainbow tables don't work on salts it implies they also don't work when you carry out the same logical operation and call it something else.

  14. Re:What difference does it make? on LinkedIn Password Leak: Salt Their Hide · · Score: 1

    To a single victim no. But you've taken the complexity of the problem from hacking a password to hacking 6 million passwords each taking as long

    I agree.. In fact it is much much better than this as a rainbow table need only be computed once and used eternally for all subsequent cracking campaigns against passwords using the same algorithm. Storage is not free however.

    . So to the 'average' victim your expectation time before being hacked is 3 million times longer, on a 6 million element set, than one that wasn't salted

    I would caution against simple extrapolation. Password guessing is an activity with a long tail.

    You will quickly recover many low hanging fruits initially. Only later will you see fewer and fewer returns as the amount of computation required to recover more difficult to guess passwords approaches unprofitable.

    I only expect to live exactly 50 more years. So if it takes 525.95 seconds to crack my password I have a 50/50 chance of being dead before they manage to brute force it under salting

    A static assumption of attacker resources seems unlikely to occur in the real world. For any of us know chunks could have been sold off to friends or unfreindly governments each with their own separate compute resources. It could have been distributed to a botnet with hundreds of thousands of nodes or attacked by custom asics.

    It also depends on the market value of a successfully compromised account. It may be out of the 6 million only a few thousand accounts are actually worth anything or worth much more than others.

    I'm not so sure safety in numbers is a safe bet for everyone... I don't see how it is possible for a potential victim to know what their odds are in the first place as this would require them to know who has the passwords, what recovery resources they have and what they plan on doing with them.

  15. Re:What difference does it make? on LinkedIn Password Leak: Salt Their Hide · · Score: 1

    Go ahead, try bruteforcing high-cost bcrypt.

    Password amplification schemes are an interesting idea they seem to afford practical protection against offline attack for all but the most easily guessed of passwords.

  16. Re:What difference does it make? on LinkedIn Password Leak: Salt Their Hide · · Score: 1

    it's a factor of a million slower because you can't just compute the SHA-1 for a single test password
    That's a substantial slowdown,

    I had already point this out myself. See my origional comment "Salting only protects you from precomuted "rainbow" brute force methods".

    Whether salted passwords are worth compromising is a value proposition for the ATTACKER to decide. Maybe they have a botnet at their disposal sitting idle which can be tasked with the cracking initiative? I simply claim if one password is worth trying to brute force then a million passwords will yield a much larger ROI.

    If your password cracker follows an algorithm where it exhausts the entire keyspace on each password sequentially rather than scanning for high probability passwords across the entire space first then it might be time to upgrade.

    You can still yield countless thousands of passwords easily with minimal effort with salted passwords. To be successfull you might not need to crack them all or even a majority.

  17. Re:What difference does it make? on LinkedIn Password Leak: Salt Their Hide · · Score: 1

    Who's going to spend the time brute-forcing each individual password? You're better off finding an easier target.

    So yeah, there's a freaking HUGE difference between a database of millions of salted passwords being compromised and a database of millions of unsalted ones.

    Your making some assumptions:

    1. Cracking a single password has no value.
    2. The value of every user is equal.
    3. Out of a space of millions just running well known/shit passwords at a cost of 1min/core would not easily yield many thousands of passwords.

    Compromising a site like Linkedin may pose little reward to an attacker however there may be huge payouts if the same password can be used to gain access to corporate or financial resources.

    If the only threat was spam/phishing I would tend to agree with your assessment. In my view it is dangerous and unwarranted to make this leap.

  18. What the ..... on Apple Granted Broad Patent On Wedge-Shaped Laptops · · Score: 1

    How is it even possible to patent "look" of a system? Is this not what copyrights and trademarks are for?

  19. What difference does it make? on LinkedIn Password Leak: Salt Their Hide · · Score: 0

    For the sake of argument assume a database of millions of salted SHA-1 passwords was compromised. What is the effective difference?

    These passwords can still be brute force at todays mega ridiculous n core, GPU accelerated rates at extremely low cost. This is only getting worse with each die shrink while human ability to remember complex passwords remain fixed.

    Salting only protects you from precomuted "rainbow" brute force methods which means if you have a big enough table your password is cracked in seconds to minutes rather than oh I don't know what is the average for your typical password? Hour, day..two days? week tops...? Does this difference really mean anything substaintial to the vicitim?

    Bottom line yer still at substantial risk whether your passwords are salted or not therefore the assumptions and actions taken to mitigate a compromise are the same whether salted or not.

    Too many see hashed passwords as secure so they don't take the necessary steps to sufficiently protect their data at rest.

    The only acceptable solution to this problem in my view is better security. Use strong reversable encryption on passwords were they are stored. Isolate and control sensitive data, sane key management, operational security...etc. When I hear people say salt the passwords yea great idea ..do it but this really does not fix or solve a damn thing.

    It should not just stop with password storage. There is also todays universal yet insane practice of sending plaintexts over SSL.

    I would rather see plaintexts or hashes stored in a secure database using mutual knowledge of passwords to establish trust between parties... this would enable zero knowledge systems like SRP to provide mutual authentication including session keys to bootstrap encryption of the session enhancing or replacing SSL with a much better and personal source of trust.

  20. Re:Privacy Concerns on After Launch Day: Taking Stock of IPv6 Adoption · · Score: 4, Interesting

    I've never understood this concern.

    Me either.

    IPv6 gives you loads of room to hide. This is my concern - address based blocklists will quickly become infeasible

    It it won't be that much different with v6 and a slight change in mindset. Instead ofblocking an IP you go after the prefix instead.

    For example an ISP customer is abusing my service and I want to block him. I don't go after his IPv6 IP I go after his entire /64, /48 prefix or whatever it is his ISP allocated to him. He can change his local bits all he wants he is still blocked.

    There are other examples where it is difficult such as blocking some computers on the same /64 segment as others you want to allow however when we look at this problem today all we see most of the time is a NAT for the whole network with a single IP.

    The address space is bigger and there is more room to hide yet allocation is still hierarchical and we still know what blocks are allocated to who via SWIP or working an ISPs abuse channels.

  21. Re:Cloud? on Oracle's Ellison Vows "Most Comprehensive Cloud On Earth" · · Score: 1

    Ok. I'll bite. Enlighten us oh knowledgeable one. By who's definitions a desktop PC is a cloud?
    And how is the term meaningless?

    "Cloud" is a meme propogated virally. I doubt anyone has any clue who is responsible for the term or what it really means. In the process of propogation it has been abused, misused and redefined by everyone wishing to describe any service offered over a WAN as they all believe or assert it to be a critically important keyword that will bring interest and sales to their offerings.

    I used to see it in network diagrams to show telco ATM/Frame cloud, Internet..etc as simply a resources outside of your administrative control.

    Then many years later something weird happened. Everyone who was offering any online service or network service started using the word cloud simply because it became a viral meme. A "local cloud" is what? Like an online service run by someone else except it is over a local network run by you?...Any local computer offering any network service such as a file server, backup system, database server, virtual machine host could all legitimatly qualify as far as I can tell as a local cloud. Who coined the term? Who is responsible for any of this terminology? If you were to tell me no my defintion is false where is the authoratitive basis for you to make this claim?

    Before the cloud meme went viral we had things like grid computing which had a specific meaning with regards to distribution and abstraction of compute, storage, network, federation of control. Now all of these things have been lost when the term compute grid is replaced with "cloud".

    Virtualization had a specific meaning until it was replaced with "cloud".

    The concept of SAAS was also understood separatly before it too fell vicitim to "cloud".

    Now all of these separate concepts are described by a noun, verb and "cloud"...not helpful if your goal is to communicate unambiguous useful information.

    When you purchased an online service the services computers and network infustructure may or may not be run by the company you purchased it from...now this is "clouded" leaving users with a mental image where before it was clear your data was on just a bunch of servers run by company x. These companies always now often use language like "the cloud" like it is "the Internet" or something leading the user to imagine something that may or may not be true.

    I know from personal experience when someone says "cloud" without qualification I tend to have little clue on what it is they are talking about without asking for clarification. This has been a source of confusion. Even if there was an authoratitive definition of "cloud" to be had language is not defined by authority it is defined by convention. What everyone alives understands it to mean is what it means. I have run into more divergent understandings than I am comfortable with.

  22. Most expensive cloud on earth on Oracle's Ellison Vows "Most Comprehensive Cloud On Earth" · · Score: 1

    If you thought Oracle was not already cool enough just wait for the hosted grid version of rman and an even more incredibly "unbreakable" platform with the security record that makes Adobe look good.

    Mr Ellison and crew always put a grin on my face ...how they are still in business with their outrageous pricing and dated technology I fear has a lot to do with massive government waste of our taxpayer dollars.

  23. Re:It will be a pain in the ass to remember... on World IPv6 Launch Day Underway · · Score: 1

    Some lucky stiffs have IPv6 addresses shorter than anything possible with IPv4.

    Sprint for instance...
    http://2600/

    Ok you know what if slashdot insists on living in the past and sitting on its thumb when it comes to IPv6 deployment so be it...but for godsake munging valid IPv6 URLs into invalid IPv4 addresses is crossing the line.

    I entered 2600:: and slashdot posted 0.0.10.40...

  24. Re:It will be a pain in the ass to remember... on World IPv6 Launch Day Underway · · Score: 2

    Those long IPv6 addresses are a pain in the ass to remember. So, I'm not looking forward to this.

    Use the for..err dns... or manually select your 64-bits of id and things aint soo bad.

    It's auto-configured SLAAC addresses which are impossible to remember but it need not be that way if you don't want it to.

    Use manual configuration or DHCPv6 to assign reasonable addresses.

    Some lucky stiffs have IPv6 addresses shorter than anything possible with IPv4.

    Sprint for instance...
    http://2600/

  25. Re:IPv6 multi-homing status on World IPv6 Launch Day Underway · · Score: 0

    Did folks ever get IPv6 multi-homed routing straightened out?

    No change of any kind except more bits of TCAM wasted per route on fools who do not need to be multi-homed in the first place.

    So any current best practices for IPv6 multihoming for small ISPs/businesses?

    Small businesses, mapa ISPs and rich dudes with more money than sense don't need to be multi-homed PERIOD. All your doing is bloating the routing table at the expense of the network in exchange for zero benefit to yourself and others.

    If there is no multi-homing and the upstream provider is blocking/filtering/limiting traffic, there is no network route around it

    When they say the network routes around censorship this is a myth. The network itself is capable of no such thing. It takes human intervention and brain power to make it happen.