Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Researcher Finds Tor Exit Node Adding Malware To Downloads

Burz Re:Of course, that recommendation is BS... (113 comments)

The only thing that really works is verifying PGP signatures. SSL is broken and the Tor node may well have legitimate certificates at its disposal.

Actually, its HTTPS and its use of PKI (many unaccountable CAs) that is broken.

yesterday
top

Researcher Finds Tor Exit Node Adding Malware To Downloads

Burz Re:So if TOR nodes can easily do it (113 comments)

Who's to say that your friendly ISP or government agency isn't doing the same? Or even better yet, how about for OS updates.

Your OS should already check binaries before installation; This is done with digital signatures (i.e. GPG and such) so HTTPS isn't required for protection.

The threat TFA is about is when the user/admin uses an installation method that circumvents or ignores the signature check.

In the Linux realm most popular distros are reasonably secure, but I noticed that Fedora's signature regime is incomplete and so is open to a MITM attack where any number of packages can be selectively prevented from receiving security updates.

OSX and Windows give the appearance to doing proper signature checks, including when you double-click an installer from the desktop. But they use a PKI model that leaves me wondering just who is vouching for the signatures.

yesterday
top

Verizon Injects Unique IDs Into HTTP Traffic

Burz Re:HTTPS Everywhere (167 comments)

I intend to use a proxy in addition to HTTPS-E.

yesterday
top

Bill Gates: Bitcoin Is 'Better Than Currency'

Burz Re:If Bill Gates likes it (130 comments)

Then clearly there are problems.

You say that in jest. But Gates did help invent the high-consumption culture we have today, or at least he brought it to computing. For much of his reign at Microsoft, the average lifespan of a PC was 3 years.

Bitcoin appears to have its own 'consumerist innovation' built-in, in that it takes escalating amounts of computing power (and therefore, resources) to 'mine' the currency and validate its transactions (which aren't even anonymous or proof against establishment meddling as many have claimed).

about three weeks ago
top

The Great Lightbulb Conspiracy

Burz Re:This idiocy again (602 comments)

Indeed. Believing this garbage is a real black mark on /., IMO, alongside their predilection for publishing climate denier "controversy" alongside quality news about global warming.

The incandescent bulb is a balancing act between efficiency (from high temperature) and longevity. By standardizing on one temperature, they ensured not only that their bulbs wouldn't produce odd color casts, but also no surprises on the electric bill, or surprise blown fuses, or surprise house/workshop fires while trying to get enough lumens for good illumination.

'Techies' have a very tenuous grasp of physics these days.

about a month ago
top

NSA Agents Leak Tor Bugs To Developers

Burz Re:Why Facebook or Google? (116 comments)

Of course, it won't work.

OTOH, Skype and Bittorrent had successful models for scaling up: People were configured by default to add their bandwidth to the pool. In bittorrent's case, your throughput suffered if you were stingy about contributing.

I2P is probably the closest networking layer there is to combining the goals of Tor with the methods of Skype and bittorrent. It is both highly decentralized and onion-like, and has been steadily improving for well over a decade now. If you happen to have a TAILS disc, its included. However, its not designed to access the regular Internet so much as replace it.

about 2 months ago
top

Linus Torvalds: 'I Still Want the Desktop'

Burz Mod parent UP please (727 comments)

The committment to stable programming interfaces is one of Microsoft's strengths; They don't all get the 14-year treatment, but at least *some* do.

about 2 months ago
top

The Great Taxi Upheaval

Burz For posterity - (218 comments)

Here is a 2006 article about the IGT Taxibus concept. It definitely wasn't conceived in Northern California air, but in the UK (circa 2001 IIRC).

The problem was they approached municipalities with the idea and no large cities climbed on board. So now the cities have to face the likes of Uber and Lyft who, I predict, will not collectively reach the scale needed to apreciably reduce traffic congestion (one of the aims of IGT). Combine that with no regulation and a consumer protection model that amounts to Yelp.com, and I'll guess that Uber and Lyft will in 7 years be less of a joke and more of a way to elict negative reactions from people (assuming you momentarily lack the gas to fart).

about 3 months ago
top

Inside BitFury's 20 Megawatt Bitcoin Mine

Burz Re:Good Thing (195 comments)

That's not even a carbon tax. There has been a debate amoung environmentalists whether to support cap-and-trade or a tax, with those favoring the latter pointing out the same dysfunction you have.

However, another poster pointed out that cap-and-trade can be made to work. Overall, I think it depends on both the magnitude of the proposal, and the level of corruption in the political economy ...and neither of those factors is looking good in the 21st century.

about 3 months ago
top

Inside BitFury's 20 Megawatt Bitcoin Mine

Burz Re:Good Thing (195 comments)

"The government argues the carbon pricing scheme has been ineffective, but national emissions have actually fallen by 0.8% in the first calendar year of its operation, the largest fall in 24 years of records."

http://www.theguardian.com/env...

about 3 months ago
top

Inside BitFury's 20 Megawatt Bitcoin Mine

Burz Re:Good Thing (195 comments)

Good thing you're not solving real problems. What. A. Fucking. Waste.

It just proves that a carbon tax cannot come soon enough.

about 3 months ago
top

"BadUSB" Exploit Makes Devices Turn "Evil"

Burz Re:USB 4.x to offer signed USB device signatures?? (205 comments)

Then the criminals will figure out how to falsify the signature with the bad firmware anyway.

Not if the user/admin gets to sign the devices (e.g. when they are initially purchased). Or... why not design the devices to carry multiple signatures (including but not limited to the manufacturer)??

about 3 months ago
top

"BadUSB" Exploit Makes Devices Turn "Evil"

Burz Re:Do I need to be concerned about this? (205 comments)

Thankfully, it is possible to secure USB in a less extreme way. An OS like Qubes that can configure devices for automatic reassignment to an unpriviliged domain (i.e. virtual machine) can protect the hypervisor, BIOS, etc. from incidental attachment of malicious USB devices.

Currently, a Qubes user/admin can do this from the GUI on a per-USB-controller basis, but in future will be able to employ Xen PVUSB functionality to manage USB on a per-device basis.

about 3 months ago
top

Firefox 33 Integrates Cisco's OpenH264

Burz Re:Great (194 comments)

They don't know what's precisely in those blobs, so its presumptuous of Mozilla to vouch for them. Its more prudent to put Cisco's key in Firefox and let Cisco vouch for their own code.

about 3 months ago
top

Firefox 33 Integrates Cisco's OpenH264

Burz Re:Great (194 comments)

Why should Mozilla use their own key to sign code they did not compile themselves?

about 3 months ago
top

Firefox 33 Integrates Cisco's OpenH264

Burz Great (194 comments)

I always wanted a backdoor in my browser.

about 3 months ago
top

Open Hardware and Digital Communications Conference On Free Video, If You Help

Burz Re:If you pay... (15 comments)

Are they addressing people's problems, or creating gadgets for elite techies? There is a huge ongoing crisis in personal computing because we have an Internet that (understandably) assumes endpoint security, but those points (PCs and mobile) are collections of black-box proprietary chips.

I have recommended running Qubes OS as a way to mitigate the security shortfall created by run-of-the-mill PCs and software, but that leaves us with the problem of trusting hardware designed and produced by a handful of large corporations who are increasingly willing to shaft their customers. Privacy and security are exchanged for maintaining a close relationship with the military-industrial complex (or police surveillance state, depending from which angle you prefer to view it).

In short, open PC hardware should be a priority for the open source community if not the IT industry as a whole. What are open hardware people doing about it?

about 3 months ago
top

Mozilla Doubles Down on JPEG Encoding with mozjpeg 2.0

Burz Formal verification (129 comments)

Why indeed would Mozilla waste their resources on this when stability and security on web clients ought to be their greater concern?

If it were up to me, I would start with self-contained date formats like JPEG that browsers handle frequently, and put that code through a formal verification process. Eventually, maybe even HTML rendering and the browser could be subject to formal verification. This could strengthen computer security dramatically.

about 3 months ago
top

KDE Releases Frameworks 5

Burz Re:What's been removed,dumbed down,made incompatib (87 comments)

1) Color management refers to controlling the color accuracy of the display. Typically this will involve importing an ICC file, or performing a manual calibration sequence. KDE has a not-half-finished module (not included in the core package) for System Settings panel, whereas gnome and unity are fully functional and included by default.

2) You're probably not setting the DPI to match your display and using the default that results in text becoming tiny on higher-res displays.

3) It occurs when the setting is on "group when taskbar is full". It will switch back and forth when there are a few dozen windows on the desktop.

4) You can switch to double-click (as I usually do), but then you have a situation where, for instance, the icons on the main System Settings panel are doulble-click, but going down a level, say into Application Appearance, gives you another set of icons that are presented the same way but are single-click. Sometimes this switch shows up *inside* applications, making the overall UI feel goofy and inconsistent. On the one hand, single-click everywhere can be inconvenient and risky, whereas their implementation of double click is VERY unprofessional. They could simply show an underline on mouseover if the object is single-click and be done with it, but meaningful ques for the user are not this project's strong suit.

5) Yeah... really they should give people a way to get that sh!t out of the way; Better yet, choose a sensible default and leave it disabled so it isn't sticking wacky-useless icons everywhere.

6) The last time I tried, the new Konqueror's kio integrations were broken. The fact is that they trashed their two best-loved apps: Konqueror and Amarok.

[...]
9) Having used KDE since 2000, I'd say the project has a general problem with deterioration. They used to be the most reliable desktop, but lately it seems more like Gnome2.

about 4 months ago
top

KDE Releases Frameworks 5

Burz Re:What's been removed,dumbed down,made incompatib (87 comments)

Hmmm...

1) No (working) color management

2) Taskbar overinflates icons when its vertical (no more ability to control it since 4.x) and doesn't care what the panel's max icon size is set to.

3) Taskbar switches between grouping and non-grouping, from minute to minute

4) Very loose UI design leaves me less able to anticiapate how KDE will react to my input, and I can't tell it, for instance, to underline single-click widgets.

5) Activities - A huge waste that detracted from bug fixes and design consistency, and even scared away a lot of the technical users.

6) The pretense that Dolphin is anywhere near as flexible as (the old) Konqueror.

7) Can't control keyboard layout from login screen

8) Can't control trackpad speed

9) Decreasing stability.

I have to use KDE every day. Quite frankly, it only has the "Special Window Settings" really going for it. I'd trade all the rest of the KDE features for a Unity that had Dash replaced with a launcher menu.

about 4 months ago

Submissions

top

EU FairPhone starts 25k+ production run in one week

Burz Burz writes  |  about a year ago

Burz (138833) writes "Ubuntu Edge may not have made it off the drawing board, but more ambitious FOSS-oriented devices have:

FairPhone has garnered over 32,000 orders for its socially-conscious design of the same name, overshooting the original 25k target in the time they allotted (a second run for the same model will start in January). Unfortunately, this sexy phone starts out as an EU-only product. The FairPhone is priced at 325 euros and will come loaded with Android 4.2, a 4.3" touchscreen, dual SIM slots, replaceable battery, and an admirable array of ports and sensors. What FairPhone aren't interested in selling you, however, is another charging brick-- bring your own! :)"
top

Doctorow tears up ISP contract: lack of neutrality

Burz Burz writes  |  more than 6 years ago

Burz (138833) writes "As a reaction to Virgin Media CEO's promise to violate the concept of net neutrality, Cory Doctorow is declaring his ISP contract void, canceling the service, and asking other Virgin customers to do the same. He isn't alone, and neutrality apparently isn't the only reason to drop Virgin. Myself, I am thinking of stopping my Virgin Mobile service in protest."
Link to Original Source

Journals

top

Modern online privacy for the age of Mass

Burz Burz writes  |  about 10 months ago

Invisible Internet Project...
      I2P is best described as a cross between Tor and Bittorrent. That is to say, the onion routing benefits from the fact that most participants contribute to the available bandwidth. It does also come bundled with a bittorrent client and email service. A number of other I2P apps are available including i2P-Bote, a new server-less email system based on DHT.

Qubes OS...
      Qubes is a desktop OS based on a customized Xen hypervisor. It ships with Fedora 18 to provide Linux desktop functionality, but can also host Windows and other VMs. The philosophy here is that paravirtualization, VT-x and VT-d are all employed in concert to reduce the system's attack-able surface to the base minimum while still providing the functionality of a desktop.

My choices in this area amount to a pretty short list because each one is comprehensive in its approach to privacy and security. I2P keeps everything encrypted and anonymous end-to-end without the worrying about app-specific encryption settings (PGP, OTR, HTTPS, etc) which leads to inconsistent usage. That means using mostly I2P-specific apps, though Firefox for I2P Web is the current exception. Qubes OS secures the system by keeping the high-risk subsystems - IP, firewall and X11 - in their own read-only VMs, and also runs my apps in separate domains according to the trust/risk levels I assign to them. For example: a 'banking' appVM to access bank accounts in Firefox, a 'personal' appVM for email, chat and personal files, an 'untrusted' appVM for general roving around the unsecured Web and multimedia entertainment, an 'i2p' appVM for the growing amount of anon/private communications over I2P, etc. The Qubes project goes so far as to claim "strong security" and I believe them... this is not your run-of-the-mill VM system.

More about some of the interesting features in these puppies later...

top

Submissions: Danish paper makes U-turn on cartoons

Burz Burz writes  |  more than 8 years ago

The Media Guardian is reporting on an infamous Danish newspaper's turnaround regarding the publication of certain cartoons. After initially expressing interest in reprinting cartoons from an Iranian paper, they have decided that some caricatures are beyond the pale: "Jyllands-Posten in no circumstances will publish Holocaust cartoons from an Iranian newspaper". This is the same paper in Denmark which posted a boring-then-shocking caricature of the Prophet Muhammed and is now apologising profusely, "peace be upon him".

Meanwhile the U.S. State Dept. says that the Muhammed cartoon irresponsibly incites ethnic as well as religious hatred; a double-whammy that seems to be ignored when debating the issue.

(Posted here cuz I'm tired of seeing my submissions irretrievably drop down a black hole.)

Slashdot Login

Need an Account?

Forgot your password?