Slashdot Mirror


User: betterunixthanunix

betterunixthanunix's activity in the archive.

Stories
0
Comments
6,598
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,598

  1. Re:Consumers on Google/Facebook: Do-Not-Track Threatens CA Economy · · Score: 1

    Well, in a strictly economic sense, if your information is valuable then you would prefer to get more for it -- the fact that nobody is interested in charging a fee to access their websites, and would rather surreptitiously get information about you, suggests that your information is more valuable than what you would be willing to pay to visit their website, and so you are in fact taking a loss when they sell your information (since your information ceases to be valuable once it has been sold to someone else i.e. you cannot get the money for the information by selling it on your own).

    Any situation in which two parties have opposing interests is an adversarial game. War is the classic example, as are economic systems and markets, and various scenarios in security engineering can be modelled as adversarial games. In the case of websites tracking you, your interest is in getting as much access to websites for the minimum cost possible, and the website operators' interest is in making as much money from your use of their websites as possible. The game is actually more complex, since there are multiple users and operators who may work together in various ways (e.g. Tor is multiple users cooperating to defeat tracking strategies, Google may pay other websites to display Google's advertisements, etc.).

  2. Re:Rich content on Google/Facebook: Do-Not-Track Threatens CA Economy · · Score: 5, Interesting

    that's one company I'm not investing in any time soon.

    ...on the other hand, if you are an investor, Facebook is a godsend. Imagine asking Facebook this question: How many American users are posting messages that indicate they are out of work? The answer would be a far more accurate depiction of the number of unemployed Americans than any measurement based on official unemployment claims, and the answer would come sooner than official estimates. In a way, Facebook has so much information about so many people that you could probably make some accurate predictions about where the economy is going just by asking Facebook to answer the right questions, and adjust your investments accordingly.

  3. Re:Stupid consumers on Google/Facebook: Do-Not-Track Threatens CA Economy · · Score: 1

    Well, if you opt out of tracking then how are you going to use an site without sending your access credentials across the net every time you load a page?

    Sending access credentials should not be something that compromises your security. You know, like how I can send my SSH public key to dozens of different systems and not have to worry?

  4. Re:Translation on Google/Facebook: Do-Not-Track Threatens CA Economy · · Score: 3, Insightful

    The problem with tracking and targeted advertising, as far as I am concerned, is that it makes our 4th amendment rights just a little less meaningful. The government has already started turning to some of these companies to request information that they would otherwise require a subpoena or warrant to obtain, and they are now able to get that information without any court order. On its own that might not seem to be such a terrible thing; the problem is that it makes it easier for the government to pass more laws and imprison more people, which is the sort of thing the constitution is supposed to protect us from.

    Another, more philosophical issue is that the Internet was originally envisioned as a peer to peer system, with people around the world communicating with each other and working together. The fact that we are now speaking in terms of "consumers" who seek "services," and that those "services" must be paid for by tracking "consumers" is an indication of the failure of that ancient ideal. Instead of empowering people, the Internet has just reinforced the consumer oriented mindset; rather than solving problems on their own or working with others to find a solution, people just wait for a service that provides the solution to them and never bother to use their own minds.

  5. Re:Wait what? on Google/Facebook: Do-Not-Track Threatens CA Economy · · Score: 3, Insightful

    Lets forget about free services, why do you need to store my info if I pay for your rich content service.

    Probably because your information is worth more than what you are willing to pay for the service.

  6. Re:Consumers on Google/Facebook: Do-Not-Track Threatens CA Economy · · Score: 1

    Actually the money comes right after the information step. Business make more money when they advertise to people who are more likely to buy their products. Investors make more money when they spot the next trend before everyone else. Entertainment companies make more money when they know what sort of entertainment people actually want.

    In the end, the goal is to get your money, which starts by knowing as much about you as possible. That is how MTV made so much money: they figured out how to get teenagers to tell them what sort of music they wanted, and then they advertised that music to those teenagers (and then they began advertising everything else too). That is why Google has made so much money: they figured out how to fine tune advertisements, how to find trends, and how to collect lots of information about consumers. That is why everyone thinks Facebook is worth so much money: people are literally handing their entire life stories over to Facebook and agreeing (perhaps without being aware of it) to allow Facebook to use that information in whatever manner they see fit.

  7. Re:Interesting group of signers on Google/Facebook: Do-Not-Track Threatens CA Economy · · Score: 4, Interesting

    Many insurance companies. I know past behavior is important to these companies, but web tracking? I don't know enough to see why this is worth fighting for on their end.

    Well, if you are someone who happens to frequent forums where people discuss depression and suicidal thoughts, you are probably not the person that the insurance company wants to offer a life insurance policy to; they might not advertise as heavily to you as to other people.

    California Assoc. of Licensed Investigators. Probably the only honest ones on the list. "We want to be able to track you, because, um, we track people. That's what we do."

    Congratulations on having written a comment that will be added to my personal "list of favorite /. comments."

  8. Re:Translation on Google/Facebook: Do-Not-Track Threatens CA Economy · · Score: 4, Insightful

    I have said it elsewhere, but...the Internet has now become an adversarial game. "Consumers" do things that corporations like Google do not want either -- "consumers" make use of websites and run up bandwidth, power, and personnel fees, and try to do so without paying anything for it. The corporations thus try to force consumers to provide them with revenue, and have turned to things like tracking your use of the Internet and selling that data to marketers.

    The solution will not be found in the law; it will be found be returning to a peer-to-peer Internet and leaving this "consumers getting services from corporations" model behind us. Sadly, a peer-to-peer Internet would require users who took the time to actually learn about their computers, which I doubt we will actually see any time soon.

  9. Re:Consumers on Google/Facebook: Do-Not-Track Threatens CA Economy · · Score: 4, Insightful

    Welcome to the 21st century; living under that rock must have really been tough. These days, the Internet is not about netizens politely sharing information and having vigorous discussions, it is an adversarial game designed to extract the maximum amount of money from you.

  10. Storing passwords on some other person's computer on LastPass: Users Don't Have To Reset Master PWDs · · Score: 0

    The whole concept of this system screams "bad idea" to me. Of course, I said the same thing about Hushmail, and even after the DEA demonstrated why Hushmail was a bad idea people continued to use and even recommend it.

  11. Re:Maybe it's just me... on LastPass: Users Don't Have To Reset Master PWDs · · Score: 1

    Is this so incredibly difficult to do for most people that they must depend upon others to maintain their personal data?

    Do you even have to ask?

    Not to be elitist or condescending, but most end users can be likened to toddlers, just able to take enough steps to move themselves around but still desperately in need of others to take care of them and give them an environment they can survive in. When they do not get what they want, they throw tantrums and scream and cry until either they get what they want or someone hands them a shiny distraction that makes them completely forget what exactly they were demanding. It is unfortunate, but most people lack the simple curiosity and ability to think for themselves that would be needed to escape that mode of living.

  12. Re:Maybe it's just me... on LastPass: Users Don't Have To Reset Master PWDs · · Score: 1

    ...where's the iPhone/iPad/Blackberry app to access the 'gvim gpg' password store on the go?

    I thought it was for our benefit that Apple does not permit libre software on the iPhone/iPad, and that anyone who does not want to pay the Apple tax should just turn to "the cloud" to deliver their applications.

  13. Re:Why not Railroads? on Tech Experts Look To Help Save the Postal Service · · Score: 1

    The USPS used to send a lot of written communication: bills, personal letters, orders, etc. Over the past 100 years, that business has slowly been eroded, and now with the Internet and social networking websites, personal letters are going to become a long forgotten memory. The only useful purpose the post office serves is package delivery, and private companies are competing very effectively in that business.

    Sometimes industries and government services need to die or shrink a bit because they are no longer necessary in the face of new technology or a change in society. We do not need a post office just to send a letter anymore, and there is no reason to mourn that -- the Internet has improved our lives. I doubt that you would be willing to stop sending email and go back to paper mail. How would you like it if Slashdot was delivered via the postal service, and to comment you had to send a letter to the Slashdot editors?

  14. Re:One question: Why? on Tech Experts Look To Help Save the Postal Service · · Score: 1

    In other news, an alliance of the nation's best and brightest thinkers have come together in an attempt to save the recording industry.

    FTFY.

    (...because we have never seen people try to save an industry that is out of date and failed to adapt to new technology?)

  15. Re:Police state. on DHS Wants Mozilla To Disable Mafiaafire Plugin, Mozilla Resists · · Score: 1

    Didn't you hear? Now that Osama Bin Laden is dead, we must be even more vigilant, because there might be some sort of revenge.

    Convenient, this whole Osama situation -- when he is a live, you have a boogie man constantly plotting to attack, and when he is dead, you have the looming possibility of revenge attacks. Citizens can always be convinced to give up their rights these days, since we are always fighting wars that have no possibility of a meaningful victory.

  16. DHS chose the wrong people on DHS Wants Mozilla To Disable Mafiaafire Plugin, Mozilla Resists · · Score: 4, Interesting

    Of all places, why would the DHS think that Mozilla would cooperate with their domain seizure program?

  17. Re:This is on Red Hat CEO On Patent Trolls: Just Pay Them Off · · Score: 4, Insightful

    His job is to maximize shareholder value. If that means settling for a lower price than the cost of pursuing a court case, that is what he is going to do.

  18. Re:A really interesting quote from Linus on Linus on Linux, 20 Years In · · Score: 1

    The creator of Linux thinks the BSD license is more free

    So what? Linus did not write the GPL, and he did not even plan to release the original Linux kernel under a libre license.

    Who is more correct man to say it?

    Maybe RMS, or someone who actually works for the Free Software Foundation?

  19. Re:Macs will be a closed platform in the end on Apple To Distribute OS X Lion via the Mac App Store · · Score: 1

    If they truly wanted to do what you describe they'd have to replace computers entirely with iOS based devices, I can't see that happening.

    Considering the enormous amount of money they have made on iOS and the App Store, I do not see any reason why they could not pursue such a strategy, or perhaps a slightly modified version: iOS for "consumers" (priced at a level that a typical home user can afford) and high powered workstations that are not locked down for "professionals" (which will be priced at a level that consumers are unlikely to pay).

  20. Re:Macs will be a closed platform in the end on Apple To Distribute OS X Lion via the Mac App Store · · Score: 1

    Everything Apple will then be a walled garden, with Apple as gatekeepers.

    More likely, Apple will sell two increasingly separated lines of computers: the "consumer" line and the "professional" line, and the professional line will cost many times more and not be locked down like the consumer line. Those who pay the "professional premium" will be allowed to run their own programs without approval from Apple, including compilers and scripting environments, and will of course be able to develop programs for consumer computers (but will naturally have to pay Apple for distribution privileges).

    And now, let the flood of "Oh, Apple would never do that" replies begin:

    Ditto.

  21. Re:So where's the FLOSS/open codec Skype alternati on Facebook Wants To Buy Skype · · Score: 2

    How can this be?

    It's simple: Skype is to Ekiga as Windows was to GNU/Linux circa 1998. When end users think of VoIP, they thing of Skype, not Ekiga, and only people who are both technically sophisticated and who "get it" (that is, people who want to avoid proprietary software) are the ones using Ekiga. To make matters worse, Ekiga for Windows is poorly supported, poorly functioning, and difficult to configure -- so GNU/Linux users who want to communicate with Windows users are left in a difficult position.

  22. Re:So? on Forty Years of P=NP? · · Score: 1

    Funny how security professional constantly rail against the very idea. "provably NP-complete", sure, but "secure"? Nonsense.

    You yourself said it:

    No one ever attacks a secure system by attacking the math of the crypto algorithm

    The math is what is provably secure, and that is what cryptography is about. If you implement a cipher badly, it is not the cipher that is insecure, it is your implementation of it (or perhaps we might say that you did not really implement the cipher; Sony was not really using ECDSA for the PS3, since ECDSA requires a random number to be generated for every signature).

    As for security professionals...well, I have spoken to many of them, and the almost universal answer I have received is this: security engineering is not cryptography, cryptography is not security engineering. Cryptography is a piece of the security engineering puzzle, and provably secure cryptography is a piece of that piece, but there is more to security engineering than that. The security of a system often goes beyond the ability of an adversary to guess a message or compute a forged signature; cryptography is not the be-all and end-all of security engineering.

    http://xkcd.com/538/ or if the key size is too small, or if the user clicks on CoolProgram.exe, or one of the many other attacks that ignore the math work.

    None of this has anything to do with cryptography. Small key sizes are irrelevant in security proofs; the point of the proof is that you can always select a key size large enough to protect against an adversary, without incurring an infeasible computational cost for encryption/decryption (or whatever your cryptographic primitive happens to be). Determining a proper key size -- one that is small enough to be practical but large enough to maintain a particular security margin -- is an implementation issue, and falls outside the scope of theoretical cryptography. Beating someone with a wrench falls way outside of the scope of cryptography (even applied cryptography) and is essentially in the same category as a user downloading a trojan horse: users betraying their own security. A security proof has the underlying assumption that the users are knowledgeable and will not undermine their own security (this is a common point of contention when it comes to deploying cryptosystems in "the real world," since most computer users are not knowledgeable and are often unaware that they are undermining their own security; this is beyond what cryptography alone can provide an answer for).

    Ultimately, the point is that cryptography can only offer answers up to a particular point, and "security" in the context of cryptography is bounded by that point. What cryptographic security proofs offer is assurance that a cryptosystem is not the weak link in a large security system; security engineers can spend their time worrying about other problems (composing different components without compromising security, ensuring that users do not leak keys, etc.) and not worrying about attacks on the cryptosystem itself (at least that is the idea; in practice, the difficulty of proving a lower bound on a problem's complexity can result in situations like the one facing RSA, where key sizes wind up becoming larger and larger to the point where the system begins to lose its practical advantage).

  23. Re:So? on Forty Years of P=NP? · · Score: 1

    Everything practical is an engineering problem

    The engineering problem with theoretical cryptography is in implementing it, not in designing it.

    Factoring could be in P and still be infeasible

    That depends on your definition of "infeasible."

    Factoring could be in NP and stil be feasible, for many different reasons

    Only if factoring is also in P, or if you have some other definition of "feasible."

    Also, there's no such thing as a "provably secure" cryptosystem - what rubbish

    "Provably secure" has a specific and well understood meaning in the cryptography research community. It means that if a cryptosystem can be cracked in polynomial time in its security parameter, then a (assumed to be) hard problem could also be solved in polynomial time. If one could show that there is no polynomial time algorithm for the RSA problem, then the RSA cryptosystem would be secure against any polynomial time attack. Since the commonly understood definition of "feasible" is "polynomial time," this would mean there is no feasible attack on RSA.

    (BTW, the NSA has been deprecating product-of-primes based crypto for many years now, and it shouldn't be used for new work).

    Actually, the NSA has been deprecating all cryptography based on the hardness of problems on the multiplicative groups of integers modulo X, which includes RSA and the non-elliptic curve versions of DH and ElGamal. The reason for this is the necessity of large public keys to maintain the same margin of security as a symmetric cipher, due to the state of the art attacks on the factorization problem (GNFS) and the discrete logarithm problem, which run in subexponential (but still superpolynomial) time. The NSA has been pushing for elliptic curve cryptography because of the promise of smaller key sizes, although the attacks on those cryptosystems are also subexponential (but square root instead of cube root).

  24. Re:Wait, what... on Sony Officially Blames Anonymous For PSN Hack · · Score: 5, Informative

    Sony said on Wednesday that Anonymous targeted it several weeks ago using a denial of service attack in protest of Sony defending itself against a hacker in federal court in San Francisco.

    This quote is more disturbing as far as I am concerned. Sony was not defending itself against Geohot, since Geohot never attacked Sony nor did Geohot sue Sony. Geohot was defending himself in a lawsuit filed by Sony.

    Talk about slanting things...

  25. Re:I don't buy it on Sony Officially Blames Anonymous For PSN Hack · · Score: 2

    More likely, Anonymous has become a convenient name to throw around whenever someone cracks a security system. Poorly designed security system? Just blame Anonymous when someone pulls off a successful attack. The media makes Anonymous sound like some sort of invincible, unstoppable hacker/wizard/demigod army (or should I just say, "Hackers on steroids"), so nobody will blame you when you blame Anonymous.

    If people only knew that Anonymous is just a bunch of teenage script kiddies...