Slashdot Mirror


User: betterunixthanunix

betterunixthanunix's activity in the archive.

Stories
0
Comments
6,598
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,598

  1. Re:Passwords on Are You Sure SHA-1+Salt Is Enough For Passwords? · · Score: 2

    Or you could tell your bank to revoke your key, in person (presumably there is a system for identifying yourself in person), and to register a new public key for you; this has the added advantage of helping them track down people who might try to use your old key. If meeting in-person is not possible (e.g. with Amazon or EBay) you could call them and tell them the fingerprint for your new key, or perhaps even just have them deactivate your old account and then create a new one.

    This is basically the process I use with SSH keys: people who lose their private keys (often by formatting their drives) have to come to me and give me a new public key to log in with. It is slightly less convenient than a password, but all I need to do is look through the logs of endless attempts to brute force passwords to remind myself that it is worth it.

  2. Re:Passwords on Are You Sure SHA-1+Salt Is Enough For Passwords? · · Score: 1

    Raising the bar is the point; true, the machine on which the private key resides might be compromised, but this is no worse than the situation with passwords (where the machine on which a password is entered might be compromised). On the other hand, users should not have to worry that a server could be compromised, and they should not have to worry that one compromised server can lead to compromised accounts on other systems. It is much easier for users to look after things they possess -- a card, a thumb drive, a computer -- than to try to generate a secure password that they can remember.

  3. Re:The problem is people on Are You Sure SHA-1+Salt Is Enough For Passwords? · · Score: 1

    Or, you can ditch passwords, and use public key authentication methods. Pick a 3072 bit RSA key, and your search space is suddenly on the order of 2^128 -- I think that should suffice for a while. If you want to be careful, pick an even larger key, perhaps 16384 bits, to protect against possible future improvements in factoring algorithms. The great thing about these methods is that you can rely on a computer to generate the key; computers tend to do a good job at generating random numbers, certainly better than humans.

  4. Passwords on Are You Sure SHA-1+Salt Is Enough For Passwords? · · Score: 2, Insightful

    Easy solution: do not rely on passwords. As TFA says, people are very bad at generating random passwords, so why are we relying on them to do so? Use cryptographic authentication methods, and a lot of problems will be solved.

    Then again, it has been so hard to get people to start using IPv6, I expect that the effort it would take for people to change the time honored method of authentication is simply too large.

  5. Re:Does it matter on Wikipedia Works To Close Gender Gap · · Score: 1

    notoriously woman-unfriendly environments

    Yes, this is so very unfriendly to women:

    • Women in engineering schools have access to grants, scholarships, and fellowships that men are not allowed to apply for.
    • Departments routinely choose women in disproportionate numbers to represent the department, both in person and in photographs.
    • Lecturers, grad students, and professors are encouraged (almost required) to use feminine pronouns and avoid masculine pronouns in presentations (especially for courses) or publications.
    • Engineering honor societies invite women to join in disproportionate numbers (this may be an artifact of women having higher grades, on average; that does not exactly sound hostile to women either, does it?).

    What more do you want? Do you even have evidence of engineering departments being more hostile to women than they are to men? The 50s are over; even suggesting that women may not be suited to engineering can leave you without a job or without funding.

    Imagine some young woman, who survived high school and has a passion for mathematics, though she's kept quiet about it, is interested in studying engineering.

    OK, here's what will happen: she will apply to an engineering school; she will be accepted; she will be offered opportunities to get scholarships; different engineering departments will compete with each other for her; anyone who harasses her or suggests that she is less capable will disappear from the school, or will be scared into keeping their mouth shut; she will probably receive some special mention at graduation.

    More likely, however, she will not even bother applying to an engineering school. At least that is what the actual evidence seems to suggest: young women are not applying. Solve that first, and if you see large numbers of women leaving engineering schools in disproportionate numbers after enrolling, we can start talking about hostile environments. I have never encountered anything that could reasonably be considered hostile to women in any engineering school, and I have to wonder where you are getting the idea that there is a widespread problem.

  6. Re:Wrong on Verizon iPhone Is Now Jailbreakable · · Score: 1

    However, potentially legitimate businesses that might remove the restriction systems from game consoles and cell phones did not open, because of the law. Believe it or not, there are a lot of people who would have difficulty running a jailbreak program, or who would be afraid to do so, and they would pay for the service of having their devices unlocked. Instead of allowing businesses to compete with each other (was that not the point of our capitalist system?), perhaps forcing consumers to decide between a warranty and an unlocked device, the US opted instead to cave in to the demands of large businesses at the expense of the interests of smaller businesses (I believe that unlocking devices would be a service provided by small businesses, although I might be mistaken).

  7. Re:Remember, not illegal! on Verizon iPhone Is Now Jailbreakable · · Score: 1

    I take a view that is a little less sympathetic to the phone companies. I purchased my phone at a discount, because it was sabotaged: certain features had been disabled. I can fix these problems, much in the same way that I could replace broken parts in a car that I might buy at a discount (since it is broken). Nobody would take you seriously if you bought cars, then tuned down the engines so they cannot accelerate beyond 30MPH, and then sold the cars at a loss; why should we feel sympathy for cell phone companies that are trying to do the same thing with their phones?

    If the carriers could not turn a profit by selling discounted phones except when the DMCA is in force, then the carriers have a broken, misguided business model. Likewise with gaming console manufacturers, or printer manufacturers, or any of the other businesses that have capitalized on the DMCA.

  8. Re:Remember, not illegal! on Verizon iPhone Is Now Jailbreakable · · Score: 1

    Interestingly, your first reason seems to be the one they talk about publicly -- they are trying to protect consumers from themselves -- and the second seems to be the only actual reason, at least judging from my experience (as I said elsewhere, I saw my cell phones' modem capabilities disabled a while back, for no apparent technical reason, and was told that I should pay for a mobile broadband plan as a replacement). Frankly, if it was just a case of the carriers pulling these sorts of underhanded tactics, I would not care; but we should have the right to hack our devices and defeat these sorts of restrictions.

  9. Re:Remember, not illegal! on Verizon iPhone Is Now Jailbreakable · · Score: 5, Insightful

    I always wonder who these folks are that want to jailbreak for purposes other than unlocking

    How about to keep features that are arbitrarily taken away? I used to use my phone as a dialup modem, low bandwidth but enough to fetch some email, which is all I really want. My phone broke; my new phone is programmed to always say "CARRIER ERROR" when I try to use the modem feature. I am not paying less, and when I demanded an explanation, I was told that only people deploying telemetry devices or doing government work were allowed to use their phones in that manner, and that I should just sign up for mobile broadband.

    There is no technical reason for this restriction; jailbreaking can remove it. Why would I not jailbreak? The phone still has a built-in modem, the network still supports it, and the carrier is still going to get paid (since I use minutes just like I would for a voice call).

  10. Re:Remember, not illegal! on Verizon iPhone Is Now Jailbreakable · · Score: 2

    The carrier is not leasing the phone, they are selling it. They might be selling it at a discount, which makes sense since it is crippled (would you buy a car that was sabotaged to only travel at 30MPH for the same price as a car that was not sabotaged?), but they are still selling it. My phone is my property, not anyone else'.

  11. Re:Remember, not illegal! on Verizon iPhone Is Now Jailbreakable · · Score: 2

    Nobody said that lock-down should not be permitted; go ahead, let them lock down the phones, and game consoles, and tablets, and desktops, and any other system. The real question is, why should we not be allowed to disable their restriction systems and use the computers we buy in any manner we see fit? If these companies want to subsidize phones, that is their problem; why should consumers have to worry about getting sued when they free their phone from some arbitrary restriction system?

  12. Re:Remember, not illegal! on Verizon iPhone Is Now Jailbreakable · · Score: 2

    Remember, in this country, you are supposed to be grateful that you are allowed to hack your iPhone, and just accept that you cannot do the same to your PS3. You are only supposed to use your computer in the manner dictated to you by its manufacturer, with a handful of excepts granted by the government. The business of the United States is, after all, business.

  13. Re:US patents are stupid on LG Wants PlayStation 3 Banned From US Market · · Score: 1

    you have a legal requirement to deal with patents in a given time frame.

    Then reject patents that you do not have time to examine. Seriously, the default policy of "accept based on the title" is what got us into the mess we are in right now. If the patent office is having trouble meeting its obligation to examine patents in a timely fashion, they need to hire more examiners. We are far too loose when to comes to giving patents, and we are going to get bitten really hard if we do not fix that problem.

  14. Re:Woah... some of these patents are ridiculous. on LG Wants PlayStation 3 Banned From US Market · · Score: 1

    The patent system broke when we started allowing people to hold patents on algebra (well, algebra dressed up to look like something else):

    http://www.patentgenius.com/patent/7778412.html

    There are hundreds of similar stories: patents on elliptic curve methods, patents on lattice methods, and other patents on algebra/number theory. This is not even supposed to be possible, but for some reason patent examiners see the word "computer" and completely forget that they are reading about mathematics.

  15. Re:Does it matter on Wikipedia Works To Close Gender Gap · · Score: 1

    In which case, neither Wikipedia nor an engineering school are in any position to increase female participation. It is one thing for an engineering school to send female representatives to high schools to try and recruit prospective students; but fighting back against the culture that teaches girls to avoid technical fields is far beyond what can reasonably be expected of any university or an organization like Wikileaks. Universities are already stretching the boundaries of what is reasonable when it comes to trying to increase female enrollment in engineering programs, and God help any man who is caught harassing women. When I was working as a TA, the professors stopped just short of mandating that feminine pronouns should be preferred over neutral or masculine pronouns in our lectures and presentations. There was even some encouragement to choose feminine names and pronouns when we publish our research (e.g. "the user does not trust his opponent" should instead be written "the user does not trust her opponent") -- and I have seen these sorts of suggested writing styles in papers published by researchers at other institutions.

    I am not going to say whether or not these sorts of measures are justified or reasonable, but how much more can universities be expected to do? As you said, girls are discouraged from technical work long before they apply to college; address that issue, and leave universities alone. It is more likely that the girls' own mothers are discouraging them from being engineers than that university professors are doing so.

    As for people making assumptions about women not being as capable when it comes to math or science, that is not an attitude that I have encountered among people who are actually in engineering, math, or computer science programs. Nobody is saying that women lack talent or ability, at least not to me or anyone around me. As for women lacking interest, well, it is hard to argue with the numbers: fewer women are applying to engineering programs, and fewer women are contributing to Wikipedia. That is not a statement about the cause of the lack of interest, nor is it some sort of opinion about women, it is simply a statement of a fact that anyone can go out and verify.

  16. Re:social problem, technical solution on New Technique For Making JPEG Images Copy-Evident · · Score: 1

    I wonder how long it will take to overcome the "message appears when a particular specific combination of recompression settings is chosen" anti-fraud-or-something technique.

    This is basically what happened when the RIAA tried to impose audio watermarking on CDs; the idea was that if a watermark was destroyed by MP3 compression, the CD player would refuse to play the track. Clearly, this was a stupid idea, since people just played the MP3 file from their computer (did anyone actually think people would spend their time and money burning MP3 files to CD?), and it did not take long before people had Internet connections that could be used to quickly download less compressed (higher quality) MP3 files -- defeating the system once and for all (in fact, the system had been defeated before it was deployed, but let's just assume that the researchers had not been able to simply remove the watermark). Now we have a dozen different ways to encode audio which will not destroy the watermark, but for some reason CDs are still being shipped with it.

  17. Re:Does it matter on Wikipedia Works To Close Gender Gap · · Score: 1

    What does the lack of female applicants prove, then? It is true that during my sophomore year, there was a woman in my class, who left the department...but there were also something on the order of 40 men who left with her, and no indication that she left because she was being harassed or bullied (at least not by anyone in the department). I know it is common practice to assume that if women are not present somewhere, it must be the fault of men, but there is really no evidence to support that conclusion about the engineering program.

    If there is harassment, that is unfortunate, but nobody is being harassed while they apply to engineering programs, and I seriously doubt that high school students are being told that they will be harassed if they choose to study engineering. I do not claim to know what the cause of the low levels of female applicants to engineering programs actually is, but I am confident that it is not the result of how women are being treated in engineering schools, at least not the one I attended as an undergrad or at my current institution.

  18. Re:Does it matter on Wikipedia Works To Close Gender Gap · · Score: 1

    Wait, what were the obvious reasons that female enrollment in EE needed to be increased? I think I missed something.

    What was obvious was that, given the goal of increasing female enrollment, the policy of doubling female enrollment with each year would have to change if the enrollment was zero. Now, as for the virtue of increasing female enrollment, that is pure politics and had nothing at all to do with maintaining a good engineering program.

  19. Re:Why do we need to care about a gender gap? on Wikipedia Works To Close Gender Gap · · Score: 1

    The salary gap between genders is not the result of misogyny or women being underprivileged. As I understand it, women are less likely to confront their bosses about getting a raise, and they are more likely to be absent from the job and miss opportunities to get bonuses and raises (hint: this last one has something to do with reproduction). There is nothing that any organization can reasonably do to remedy this situation, and so it will persist until either a law is passed that demands unreasonable measures (and I hope that never happens), or women learn to toughen up and compete more vigorously.

  20. Re:Why is this a problem? on Wikipedia Works To Close Gender Gap · · Score: 1

    What makes you think that men cannot be believers and supporters of feminism?

  21. Re:Why is this a problem? on Wikipedia Works To Close Gender Gap · · Score: 1

    Does it make a difference that women have not made any attempt to create something better? The software that runs Wikipedia is available to anyone who wants to start their own project. That is precisely what the people who started Conservopedia did when they felt that Wikipedia did not represent their worldview. If women feel left out, let them go ahead and make their own version of Wikipedia, which less "biased" (or perhaps one that is biased toward their own view of the world?).

  22. Re:Does it matter on Wikipedia Works To Close Gender Gap · · Score: 1

    There is nothing wrong with the process; Wikipedia is open to everyone, exactly as it is intended to be. Nobody is stopping women from contributing.

    There are people who insult women on Wikipedia? So what; there are also people who insult Jews and Muslims, but you don't see those groups failing to contribute or being scared away. If the process is not "wrong" for Jews or Muslims, why should it be considered "wrong" for women?

  23. Re:Why is this a problem? on Wikipedia Works To Close Gender Gap · · Score: 3, Insightful

    If women consider that to be a problem, they should contribute to articles on topics of interest to them. If they are not willing to do that, then they can put up with the situation. There are plenty of articles that I have come across that I would have liked to see more detail on, and I have contributed to some.

    There is nothing -- nothing -- that actually stops women from contributing. If they do not want to do so, then so what?

  24. Re:Does it matter on Wikipedia Works To Close Gender Gap · · Score: 1

    Has anyone even considered that women dont WANT to write wikipedia articles?

    The PC answer is, "Then Wikipedia should find a way to become more appealing to women, so that they will want to write those articles."

    This situation reminds me of the severe gender imbalance in my graduating EE class -- there were 80 men, and no women at all. The department had the goal of doubling female enrollment each year before that; this had to be changed for obvious reasons. Everything that could possibly be done to try and attract female applicants was done, but I do not know of any year that had many, and several were like mine with none at all. Female applicants received preferential treatment -- it was a sort of affirmative action.

    As far as I can tell, this was not the department's fault; they just were not receiving any applications from females. It was a simple case of lack of interest. I suspect something similar is happening with Wikipedia, although it is less extreme -- there just are not that many women who want to contribute, or perhaps women are less inclined to defend themselves in the sort of vitriolic debates that are common on Wikipedia. I really do not see how this is Wikipedia's problem -- Wikipedia is not going out of its way to attract men or to scare away women.

  25. Re:it will never stop on Prison Cell Phone Smuggling Out of Control · · Score: 1

    Wow, you sure have a lot of faith in the idea that people who are incarcerated deserve to be there. Why don't you take a look over the laws that affect you -- local, state, and federal -- and make sure that you are not in violation of any of them before making those sorts of comments?