Slashdot Mirror


User: WaffleMonster

WaffleMonster's activity in the archive.

Stories
0
Comments
4,185
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,185

  1. Re:IPv6 hall of shame (Please add more) on World IPv6 Day: Most-watched Tech Event Since Y2K · · Score: 1

    I did at first think the same way, but then I realised - that doesn't appear to be an automatically-pushed patch. It looks like a support article to which an admin can refer a user who is screaming "I don't care, make my internet work NOW." It's something that can be applied in a hurry to temporarily resolve the problem, but doesn't sweep it under the carpet because the underlying problem will still need to be dealt with in time. In that context, I think that this is a more responsible approach than telling users to disable IPv6 permanently

    I strongly disagree. There was never any indication this would have been pushed out automatically and every reason to assume it would not as such a change would stand a good chance of being disruptive to existing deployments.

    The main problem holding up widespread deployment on the content side are broken clients. This is a P1 issue which far outweighs a small subset of end users ability to use IPv6.

    Either fixing the problem or turning off IPv6 are the only correct responses in my narrow short-sighted view.

  2. Traveling wave reactor for the win on Could the US Phase Out Nuclear Power? · · Score: 1

    If TWR works as advertised all existing nuclear, coal and natural gas reactors in the US should be phased out.

    Personally the "junk shot" approach to energy policy is unwise if there is a single technology that addresses all issues. Pick a fricking technology that works and go big.

  3. IPv6 hall of shame (Please add more) on World IPv6 Day: Most-watched Tech Event Since Y2K · · Score: 1

    Some participants need to grow a clue by not activly working to turn IPv6 day into disaster day... Please add more...

    1. Microsoft has a patch that demotes IPv6 access for one day only. Not only does this throw a wrench in the worlds ability to gauge problems but it does nothing to solve the end users issue. Paradoxically simply disabling IPv6 is much better at this point as not breaking IPv4 is much more important to the forward progress of IPv6 deployment than a few end-users who can enable IPv6 later when they can get their issues fixed.

    2. NIST advertises an AAAA record for www.nist.gov but only the home page is accessable. All other content on the site presents a page not found error. It turns out this was not a mistake... Quoting via cut and paste... "Note: This top level web page has been setup to test IPv6 capabilities and to participate in World IPv6 Day on June 8, 2011. This IPv6 web page will be disabled after the end of World IPv6 Day. Links on this page do not work. This is a copy of the NIST website, www.nist.gov, and is only reachable using the IPv6 network protocol. To access the entire NIST website, you must use the IPv4 network protocol"

    So you want to participate in IPv6 day in order to insure its failure. If you want the first page to be IPv6 reachable fine d00d...but don't break your site.. a global search and replace for hyperlinks to the IPv4 URL or simply including a fricking hyperlink to the IPv4 version... A lot of people will not even know they are using IPv6 or how to disable it or what you are even fricking talking about. How a webmaster can be so fricking clueless is beyond anything I'm capable of comprehending. It is the government so there is that.

    3. For about half of IPv6 day level 3 was also advertising an AAAA record. Going to www.level3.com resulted in 404 not found. The entire site was down for anyone with IPv6. I can't believe a huge telecom could be so clueless.

  4. Re:Dear Customers... on RSA Admits SecurID Tokens Have Been Compromised · · Score: 1

    But remember that RSA presumably manufactures these tokens every single day. So the seed values have to be handled correctly all the time, and that makes the air gap restrictions tremendously onerous to comply with. The seed values need to be known to the authentication servers, and customers will likely demand that RSA could provide them the necessary data to reload authentication servers in the event of a major crash (yes, I know, backups, etc. - but the real world is not always like that).

    This is a pathetic excuse. All they need to do is tell the user up-front securing the data provided by RSA is their responsibility. Include a schedule of fees to be charged to the customer to replace the tokens in the event the fob data is lost.

    When the fob data arrives a challenge key should be included to be entered on the securid web site. When successful a response key necessary to decrypt the response database is provided AND the keys are removed from RSA servers in a single atomic action.

    SecurID would make more money that way and lessen their liability. The "real world" defense is just a (very poor) excuse.

    I'm sure many customers get ticked off when they see "card off" or "expired" on their FOBs yet securid still manages to keep a huge share of the market coming back for more.

  5. Still using tokens? on RSA Admits SecurID Tokens Have Been Compromised · · Score: 1

    Just thinking about this pisses me off. SecurID in its current form does not deserve to exist. Simply rerolling the database and issuing new cards is NOT a valid response.

    There is no excuse for token vendors not giving their users the tools to program their own fricking tokens they paid for without absurd greed motivated dependancies on RSA.

    Given the expense of SecurID and its intended use in high security environments who the hell wants a threat model that includes a third party company? Why are they even storing this data after giving the customer the required license data for the tokens?

    Not a single customer should have had any risk of compromise as a result of RSA being hacked. It is inexecusable. Those effected should demand more from RSA than business as ususal.

  6. Re:Right... on IPv6-only Hosting Won't Make Sense For Years · · Score: 1

    ISPs won't upgrade because there isn't any IPv6 content. No content is being migrated to IPv6 because there's no ISPs supporting it.

    Those who think there is no market incentive for IPv6 should be asking themselves why so many major content providers and ISPs are taking it seriously.

    ISPs will upgrade because they have no other viable cost-effective choice. Running huge NATs at ISPs is expensive, pisses off customers needing a real address for their gear to work right and adds insane CALEA requirements.

    Content providers will upgrade because they want the fast-path to the customer bypassing ISP NAT. They also benefit by having access to the individual customers network address.

  7. I'm not sure I understand but here goes on Ask Slashdot: Is SHA-512 the Way To Go? · · Score: 1

    Reading between the lines I'm assuming SHA-512 is the signature algorithm to sign the key and the author is just confused in thinking it effects encryption when it just applies to the effectiveness of chain validation and therefore the systems resistance to Active-MITM.

    If this assumption is correct the right answer is to use whatever algorithm the signer above you used as you are limited by them as the weakest link. You gain nothing by rolling the dice with a dependancy on multiple signature algorithms.

  8. Please stop... on Hacker Group LulzSec Challenges FBI · · Score: 1

    Has anyone else noticed the army geospatial and a bunch of other army core sites have been down for days with the very same error message from a previous hacking episode in Janurary?

    I guess it is all fun and games until some resource you want to access is offline due to some stupid cracker.

  9. The power of corruption on Tennessee Makes it Illegal To Share Your Netflix Password · · Score: 1

    Campaign finance reform should be the number one issue on the political agenda everyone with a vote insists gets done.

    NOTHING else matters.

  10. Not "optional" ... means what exactly? on Windows 8 Previewed At D9 · · Score: 1

    If Microsoft forces me to use their crappy UI concept I will gladly switch to linux and never look back. I'm sick and tired of vendors who think they can tell me what I ought to like. There is no excuse at any level for such behavior. I will vote with my money and whatever insignificant influence I have.

    What they need to do is fire all of their "creative" UI goons and hire people who know how to write kernel code.

    After all these years if MS would just fix those rediculous net dde UI delays that make everyday use of windows painful or stop IE from spawning a zillion processes of itself each using multiple hundreds of megabytes of memory which will not go away even after you close the browser or IE9 blurry text making viewing websites extremely unpleasent I would be impressed.

    People just want shit that works. There is plenty broke worth fixing. If you want new gimmicks, alternate shells, UI concepts... go for it. Just don't force people who do not think like your UI designers to care.

  11. Crying wolf... on Pentagon Says Cyberattacks Can Count As Act of War · · Score: 1

    Sure any transgression can count as an act of war but doing so carries a risk of not being taken seriously as a deterrent when you really need to make that claim and have it be taken deadly serious.

    Currently every time NK or Iran asserts some sanction against them as an act of war they are ignored.

    USG should work to mitigate any possibility of misunderstanding caused by unecessary dillution of the term.

    At the end of the day there is little reason to classify methods of attack. It should be the damage caused by any attack of any kind which guides the response.

  12. GMO companies are giving GMO a bad name on Activists Destroy Scientific GMO Experiment · · Score: 1

    Everyone seems to have an opinion on this yet we don't have the capability to understand the long term evolutionary implications of human endeavours be it GMO or highly aggregate seed selection.. both place negative pressures on genetic diversity and can trigger large scale disruptions at any time.

      A GMO disaster could occur. A natural food disaster could also occur. Our current capability to predict the future is extremely poor. GMO companies with their rediculous IP schemes, lobbying/corruption, offloading of risk to farmers and "terminator gene" copy protection schemes all suck ass and deserve to be globally outlawed, disbanded and referred to the hauge for crimes against humanity.

    There are plenty of natural things that grow on trees, shrubs and in the ground that can make you sick or kill you. There are plenty of ways to engineer unsafe food that can produce the same effect.

    My personal view is rather than trying to legislate methods I would rather see time and energy spent into legislation and efforts that insured food is safe to eat without regard for "how" it was made. Natural does not mean good for you. Natural does not mean good for you....Natural does not mean... Capiche?

    Nature conducts genetic experiments automatically itself continually in the form of genetic mutation and evolution. This can and has lead to blights, invasive species and sometimes better versions of their parents. Globalization even before the age of direct genetic manipulation has wreck havoc on many ecosystems.

    Unfortunatly sustaining world population requires modern farming techniques. I think there is a way forward with some genetic tinkering if we are extremely careful and respectful of nature.

    Unfortunatly this is not happening due to regulatory environment that does not properly internalize externalities and government corruption/lobby activities.

  13. When WWF chair throwing became common.. on Linus Renames 2.6.40 Kernel To Linux 3.0, Announces Release Candidate · · Score: 0

    What is the point of maintaining a versioning schemes if you seek to undermine it for political reasons unassociated with actual scope or effect of changes?

    It will be interesting to see how many people stick with a 2.x series kernel normally than they would otherwise simply because they *think* an abnormal amount of change is present in 3.x.

  14. Autoscrewing the constitution. on Patriot Act Extension By Autopen Raises Questions for Congressman · · Score: 1

    Why do members of congress have to be present to be sworn in? Why Isn't telepresense (Ala C-SPAN) good enough? What is the difference?

    " Every Bill which shall have passed the House of Representatives and the Senate, shall, before it becomes a Law, be presented to the President of the United States; If he approve he shall sign it, but if not he shall return it"

    It says he shall sign... not a fricking robot.

    It would be the ultimate validation of the existance of karma if USG lost a supreme court challenge to the patroit act over this.

  15. Re:Hold the freaking phone on Lockheed Martin Purchases First Commercial Quantum Computer · · Score: 1

    Honestly though, the term "quantum leap" when used metaphorically should not be concerned with the size of the jump, but rather the discontinuity in the transition. Going from 4 or so qubits directly to 128 without having 32 or 64 bit machines would qualify

    Unlike normal computers it matters signficantly how "bits" are arranged in a quantum system... The exponential speedup unique to quantum computation in their configuration applies only to 8 qbits. They could scale to 10 billion qbits and their machine would be a billion times faster..terrific until you consider some quantity times a billion is inconsequential compared to some number to the power of a billion. If the former kind of scaling is all you need then normal computers are cheaper and do not require an ethernal 1ms "cool down" time between computations.

  16. Who actually uses ECDSA? on OpenSSL Timing Attack Can Intercept Private Keys · · Score: 1

    While I'm sure people are using it.. I never have and I don't know of anything that does.

  17. Re:Hold the freaking phone on Lockheed Martin Purchases First Commercial Quantum Computer · · Score: 1

    Sorry, but a jump from 4 or so qubits to 128 is a very large leap, not an incredibly tiny one like you just said

    Sorry but it is actually an incredibly tiny leap. If you read their processor architecture document you would see there are only 8 entangled qbits.

    It is a parallel architecture with 16 cells each with 8 qbits = 128qbits. You don't get anywhere near exponential n^qbit scaling out of a crapological quantum computer. The performance I assume is something like 2^8*16... where * any practical number is totally insignificant compared to the expontential term. If they had 128 entangled qbits this would be many orders of magnitude better than what anyone has ever been able to produce in the lab let alone a useful commercial product.

  18. Incredible space saving bins on RadioShack Trying To Return To Its DIY Roots · · Score: 1

    The last time I went to radio shack was just looking for a thermal fuse. Having not been there in years and not immediately seeing the huge area in the back where all the components are stashed I was beginning to get worried.

    But alas everything was there just tucked away in a series of space saving sliding 3-d shelves and bins. I found a close enough fuse right away and ended up leaving without anyone asking me if I wanted to buy a cell phone.

    My suggestion would be to sell more hobby controller boards the kind with usb interfaces.. Adrino kits, phidgets, stamps..etc.

    Also they should do a lego parts thing in their catalog/online/whatever where they have plans to build some interesting monstrosity with a list of parts you'll need to buy. Roombas, flying skynet drones, mecha-godzilla, whatever...

  19. It takes a computational linguist... on Chapel Hill Computational Linguists Crack Skype Calls · · Score: 1

    To demonstrate the obvious. What do you expect when using high complexity VBR codecs with no blinding of any kind. I sincerely hope this was not news to anyone.

  20. What a shock... on Apple's iOS 4 Hardware Encryption Cracked · · Score: 1

    What thou doest encrypt thou can decrypt. Unless the encryption keys are not also stored on the device...sigh....

  21. Please noo!! on The Petition to Classify Wikipedia a "World Wonder" · · Score: 1

    If Wikipedia becomes a wonder its location will be revealed to all who seek to destroy it. I would hate to see a contingent of war elephantâ(TM)s step on Jimmy Wales while evil priests turn Wikimedia into an advertising agency.

  22. Re:Apple and its fanboys helped make this happen on Apple Acknowledges MacDefender · · Score: 1

    This simply does not happen on Mac. I am sorry, but it is true. Yes, someone can make a trojan horse and generate a lot of media hype but that boils to someone tricking people into giving the malicious software a chance to run. There is only one way to handle that and that is by teaching people not to believe everything and be wary of what they download. Then you could have two equally informed users on a Mac and a PC who both avoid trojans but guess what.

    If apple were inherently more secure by design it does not seem unreasonable to assume it would not loose pwn2own so badly and consistantly year over year.

    In the age of NAT CPEs, user access control and host firewalls enabled by default the more realistic attack vector today in the here and now on ANY platform is the browser, browser plugins and tricking users. (End users are easy and gullable)

    The last time I checked the same codes for browser infustructure be it webkit based or firefox is the same code with more or less the same security properties across all platforms. This extends to popular yet extremely buggy and insecure plugins such as adobe reader, flash player and quicktime.

    As we all know gullable users (sheeple) is universal.

    Without exception everyone I know who had been infected in the past 5 years was tricked into installing something they should not have. You can't protect the user from themselves without putting them in a padded room and tieing their hands behind their backs.

  23. Cubans +5 comment on Google Founders' Jets Caught On WSJ's Radar · · Score: 2

    'I have a plane,' Cuban quipped. 'I bought it so I could use it. Shocking, isn't it?'

    That was just awesome. As far as google goes they have a right to do whatever they want but don't at the same time expect anyone to think Google is somehow different or less 'evil' than any other large corporation. How rediculous the following 60 minutes piece seems today.

    http://www.cbsnews.com/stories/2004/12/30/60minutes/main664063.shtml

  24. Drive by epileptic seizures? on An IP Address For Every Light Bulb · · Score: 1

    These would certainly be a hit at defcon but pretty lame and wasteful otherwise.

  25. Re:Small problem... on The Cost of US Security · · Score: 1

    People who dismiss Iraqi - AlQaida connections pre-Iraq invasion are ignorant of the facts. While it is true that US forces in Iraq brought thousands of jihadi's there to fight them, Zirqawi and his wing of Unity and Jihad (later renamed to AlQaida in Iraq) were already there

    Ignorant of what facts? Sources?

    There are terrorists in every country of the world including the US. The key issue is not were terrorists present but what if any state support do they enjoy.

    According to the CIA Zarqawi activly refused to join with Osama on a number of occassions until quite a number of years later. He had his own terror group and did not have the same views on the Northern alliance.

    Sources speak louder than words so here they are:
      http://intelligence.senate.gov/press/record.cfm?id=298775

    See pg 90
    http://intelligence.senate.gov/phaseiiaccuracy.pdf