Slashdot Mirror


User: WaffleMonster

WaffleMonster's activity in the archive.

Stories
0
Comments
4,185
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,185

  1. With the glaring of exception of everywhere... on Bashing MS 'Like Kicking a Puppy,' Says Jim Zemlin · · Score: 1

    What is the point of fanboyism and attention whoring? Does it make your favorite product any better?

    So linux wins except for the several hundred million people using windows, office, sharepoint, exchange...

    Comparing financials of Microsoft vs Redhat is like comparing the US economy with the island nation of Fiji.

  2. Goodbye on Google Loses Autocomplete Defamation Case · · Score: 1

    Pull the fricking plug. No google for Italy.

  3. Manual hacking of random configuration files on The Case Against GUIs, Revisited · · Score: 1

    This article is really about why you should use a provisioning system for backend process management. Using a CLI or GUI to complete the configuration are both lame choices.

    Why pay engineers to continually make redundant configuration changes to backend systems at all?

  4. One more thing I won't be getting... on New Quantum Record: 14 Entangled Bits · · Score: 1

    Sigh...no hoverboards, flying cars, mr fusion or quantum computers :(

    It figures..that there would be no free lunch...all of the initial rants about instantly factoring huge numbers, solving impossibly complex problems have unsurprisingly turned out to be false.

    If you can't scale the number of qbits in a single coherent system QCs are doomed.. All of this talk of linking separatly entangled systems to produce more powerful QCs is crap. If you don't get anywhere near expontential scaling as a function of qbits then game over.

  5. The Internet is like a series of magic lamps on Congressman Wants YouTube Video Covered Up · · Score: 1

    Once the genie escapes theres no putting him back in his bottle.

  6. Re:I had one of these when I was a kid! on Man Accused of Selling US Military Drones On EBay · · Score: 1

    Yes. With a camera.

    And a 6 mile range. And a ceiling of 15,000 feet. And speed up to 60 mph.

    And autonomous GPS navigation.

    Probably you didn't have a plane like that when you were a kid

    In other words a model plane with a cell phone and some control logic. Sorry this all would be very impressive if it were like 20 years ago.

  7. Federated auth == failure of epic proportions on Can We Fix Federated Authentication? · · Score: 1

    In the jumble of protocols and methods being deployed we loose sight of what really matters in a secure system. "TRUST". Just follow the sources of trust in the system, how it is obtained and managed.. then you will easily be able to understand the *best case* security of the system.

    The system of CAs we have today is broken beyond repair. The financial incentives just make things worse as time and value of circumventing the system steadily increases to infinity.

    TFA is correct in saying Visa 3DS is a sad and dangerous idea.. I go to an online web site and they ask me not just for my credit card number but to enter my fricking account password... with no way for me to know where my password is going. Did I just give the web site access to my bank account? Do I have to worry about them logging in to my home banking portal and clearing my account? How do I know?

    Federated authentication on the Internet is bad because credentials are really the only reasonable method we have to establish trust.

    If you use federated auth you can't bind session encryption to authentication for web or other transactions without pushing trust out to the authentication provider. At this point you've essentially made the authentication provider the CA and solved zero problems of any kind.

    As TFA mentioned all aggregation of trust does is paint a huge target various TLAs around the world and hackers alike will eventually flock to and have their way with.

    The only solution I know of that stands a chance of working is to push the problem of establishing trust out to each site and let them choose the best way to do it... If I run a bank let me require people to come in to my bank show a photo id..etc to establish a password.

    Once your password is established you don't need no fricking house of cards SSL CA infustructure or pay yearly fees to have your CSRs signed.

      All you need is a secure authentication protocol such as TLS-SRP which will not only provide mutual authentication but also provide necessary keying to encrypt the session. Problem solved.

  8. Re:Lenovo on Ask Slashdot: How Do You Choose a Windows Laptop? · · Score: 1

    Having purchased several over the past decade I would say Lenovo stinkpads (T,X series anyway) are the best notebooks available at any cost.

  9. Re:What can users do about it on Mozilla Says It Erred On SSL Attack Disclosure · · Score: 2

    There's DNSSEC, which more and more ISP's and registries support. Then, if someone managed to hijack a certificate he/she would also have to spoof google's IP.

    Here here! The difference the CAs will tell you is they verify and identify the organization rather than the domain name...

    Poser = "mcdnalds.com"
    Ronald = "mcdonalds.com"

    The reality seems to be more CAs continue to make the process easier and easier to increasingly enrich themselves without having to do much to show for it in return... Now many offer a completely automated process to instantly obtain a cert...WTF?!?!?!

    In my view the system would be better off if we all got SSL certs with our DNS names and then come up with a process where CAs shift exclusivly to verification of identity.. such that access to mcdnalds.com and mcdonalds.com is secure however the user would also know through a browser display that mcdonalds.com has been verified as belonging to Ronald while mcdnalds.com has not.

  10. House of cards... on SSL Cert Weaknesses Exposed By Comodo Breach · · Score: 1

    The Global PKI system is the largest house of cards ever created.

    There are a number of issues:

    First and foremost OCSP is bullshit. It can be used to track site usage on a massive scale and is an unecessary reliability and performance dependancy. It allows CAs to hide dirty laundry by keeping a complete listing of their epic fails hidden.

    Periodically checking CRL lists is better in my view however there is some lag involved and browsers must be configured by default to fail SSL sessions if CRL checks are sufficiently stale.

    Most SSL sites you end up having to login to... What we really need is TLS-SRP support in browsers so you can login to the site using mutual authentication of shared credentials. With TLS-SRP aware browsers even if the SSL cert or servers private key is compromised it does not effect security for existing users.

    Finally SSL CA function should just be put out of its misery and punted to DNS already. When CAs advertise 100% automated CSR approval process paying the $100 or whatever it is a month is frankly absurd.

  11. Beta decay = DRAM single bit errors? on Japanese Chip Shutdown Causing Shortages · · Score: 1
  12. Say what? on University Switches To DC Workstations · · Score: 1

    The problem is voltage not DC vs AC. You can only do short runs effeciently via DC as line losses increase as you lower voltage while the amount of copper required skyrockets.

    High voltage DC is exceedingly dangerous.

    What about power over ethernet?

  13. Looks vaguely familiar on NASA's Orion Moon Craft Unveiled · · Score: 1

    I think I remember seeing this thing before.. but can't quite put my finger on where...

  14. They will eventually... on Why Doesn't Every Website Use HTTPS? · · Score: 1

    Sending your password in the clear even if it is over an encrypted SSL channel is not such a great idea either.

    All we need are for browsers to support TLS-SRP for authentication and then we get secure authentication for free... (**without** paying for SSL certificates)

    A number of new processors today have native AES instructions in hardware and IPv6 deployment or https upgrade via http will make it somewhat easier for hosted sites to switch.

    There is also an opportunity for DNSSec bindings.

  15. Dead labor rising from its grave on Michio Kaku's Dark Prediction For the End of Moore's Law · · Score: 1

    Every time someone has looked to the future daring to assert technology will be disruptive to labor has so far been proven wrong.

    Yet I still foolishly choose to ignore history in thinking this can't last forever... All bets are off as machines get smarter. God help us when they become smarter than us.

  16. Mirah is simple? on Mirah Tries To Make Java Fun With Ruby Syntax · · Score: 2

    def length
    @length
    end

    In C I don't need to explicitly declare sections declaring things... How is this an improvement?

    puts "I got a #{a.getClass.getName} of length #{a.length}"

    Am I supposed to be impressed with this #{} cold fusion nonsense? I'll take perl string syntax over this any day of the week.

    Oh yea and best of all it compiles to crappy java bytecode.. It is not the java language that sucks it is the limitations of the JVM and the army of gross hacks that continually pile up for the sake of backwards compatibility.

  17. I look forward to it... on Texas Bill Outlaws Discrimination Against Creationists In Academia · · Score: 1

    A universal standard for all research is not discrimination. Creationism fails when falsifiability is required. These students will waste their time following a fools errand - their papers will be rejected based on a universal non-discriminatory standard and they will have learned the hard way.

    All this bill does is make it harder for religious minded students to complete their university degrees.

  18. Re:avoiding paradox? on Large Hadron Collider is a Time Machine? · · Score: 1

    There is no paradox if you treat the timeline like a tree. At any moment in time, there are many possible futures, but there is only one past. Therefore, if you send a message to the past, at that point in time in the past, you are branching off into a different timeline, from which it is impossible to get to the point you sent the message from, because the past at that point is different than at any point after the message was received. Essentially, you'd be sending a message into someone else's past and not your own. You'd never be able to observe the results of the changes made by altering the past

    Many worlds is simply one of many interpretations of QM. There is exactly zero evidence of any kind to show it is literally a description of reality.

    There is zero physical evidence the higgs or higgs singlets even exist.

    To date string theory has proved only that it possible to develop equations which fit available data.

    Does anyone even know what the hell "time" is?

    LHC is not a time machine, it is a magic unicorn factory!

  19. Physicists should just stop on Physicists Develop Quantum Public Key Encryption · · Score: 1

    "information-theoretically" secure...yawn... yea like how many supposedly "unbreakable" secure quantum crypto systems have already been hacked?

    Oh .. thats right... key agreement is not worth a hill of beans unless you can *classically* prove who is on the other end of the fibre.

    First and foremost there is no progress of any kind in developing real quantum computers and we still don't even know if it is even possible. "Topological" quantum computers have zero ability to factor huge numbers instantly as promised.

    Second there is nothing "quantum" about this algorithm... It seems unappropriate to apply this label at all to a graph searching problem.

  20. Re:Mac, Linux, Android and Solaris. on New Adobe Flash 0-Day · · Score: 2

    Secure OS's are only as good as the software running on it without administrator privileges.

    There, fixed it for ya.

    So if I understand correctly...

    Protect the operating system at all costs... but pay no attention to what really matters ... YOUR DATA.

  21. When will Adobe get its act together? on New Adobe Flash 0-Day · · Score: 3

    I am totally sick and tired of the constant wave of security bugs in these products. How hard can it really be after all these years to render compressed postscript without all of the underlying nonsense?

  22. RTP blinding on Encrypted VoIP Meets Traffic Analysis · · Score: 2

    A few solutions...

    Add some number of pad bytes to each packet to fill in blanks.

    Tweak existing high complexity codecs (ilbc, speex..etc) to maintain a persistant bitrate by dynamically scaling quality to even out the per packet bits.

    Use a fixed bitrate codec (most of these really suck from bw effeciency vs quality perspective)

    Switch variability to the time domain adding jitter to mask the signal and control latency/security tradeoff.

    SRTP scares me because it was invented for a single narrow purpose. Would much prefer the use of DTLS to secure RTP streams which being very similar to TLS has received much more scrutiny than SRTP likely ever will.

  23. Why emulate brains? on New Hardware Needed For Future Computational Brain · · Score: 1

    It just seems like a massive waste of computational resources... I would rather have a well programmed predictable computer program controlling my spacecraft vs a brian modeled after humans which may decide to go on strike or otherwise act unreliably.

    Why not just use GAs and NNs in specific context where they make sense... rather than trying to copy brains?

    If you want to solve hard math problems who is to say intelligent solvers can't be designed to provide real results for a fraction of the computer time?

    If you want to teach a machine to build a personal spacecraft by itself on an assembly line who is to say state of the art algorithms can't just be programmed into the machine to do the work in a predictable way without having to worry about unrealistic amounts of computation?

    It seems to me that developing a brain in a bid to have it develop a better brain...ad nauseum until all the secrets of the universe are unlocked or the earth is converted into replicator blocks ...is actually not very useful in the real world.

  24. GPL is actually impossible to understand on Android Devices Are Hives of License Violations · · Score: 2

    Experiment: Get two people to read the GPL...

    Ask the two people a series of questions relating to what point do they need to share their code even though it is totally unrelated to the GPL work.

    When I invoke it from a shell?

    When I invoke it from a shared library?

    When I invoke it from a library linked to the application?

    When I invoke it from a separate shim process using shared memory or domain sockets?

    When I interact with something else that invokes it?

    Why?

    The GPL is unique in that it is a vampire license...Commercial licenses don't work that way...They are coherent and easy to understand.

    LGPL is coherent and easy to understand. GPL is hostile to commercial developers as well as other developers who choose to control the terms of their work. I've seen entire open source projects rewritten to work around GPL. It is really a waste of time in my opinion... Commercial developers are the ones with the resources to really contribute to a shared system and make it better... GPL..in many cases... not so much...

  25. Re:Nokia has amazing hardware, but not software on Nokia Has a Billion Reasons To Love WP7 · · Score: 1

    It's actually a great platform, and developers have the best possible tools available for making apps and games (Visual Studio, C/C++, C#, Silverlight..). It's also fast, sleek looking and up to current standards.

    I'll stop laughing when it is possible to write a program in WP7 which opens a TCP socket and sends "Hello World".

    In the world of networked everything don't expect anyone to take a platform with no accessable socket interface seriously.