Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

On Forgetting the Facts: Questions From the EU For Google, Other Search Engines

IamTheRealMike Re:Institutional hypocrisy (151 comments)

They could sit on their thumbs doing nothing. While this option pleases the anarchist in us, you cannot expect a lawmaker to ignore lawbreakers

What law breakers? This new "law" that was invented by the courts with zero debate is so vague that whether someone is breaking it or not is entirely debatable and thus eminently ignorable.

6 hours ago
top

On Forgetting the Facts: Questions From the EU For Google, Other Search Engines

IamTheRealMike Re:Correct yet misleading (151 comments)

Then companies that routinely exclude qualified candidates because "shit some HR lady found on google" will start to suffer and die as their stupid hiring process systematically excludes 99% of all people alive?

You know what? Smart companies, like Google, do not determine who they hire by what they find on Google. But if someone has a burning need to work for a company that is not smart, they are welcome to upload lots of cool content about themselves and/or explanations about why their previous acts are no longer relevant.

6 hours ago
top

In France, Most Comments on Gaza Conflict Yanked From Mainstream News Sites

IamTheRealMike Re:Or maybe you're not so good at math (345 comments)

My memory is a bit foggy, when was the IRA importing mass shipments of long range artillery rockets from Iran and firing them at the UK?

They never did. They got the shipments from Libya instead.

Note that these weapons included rockets propelled grenades, surface to air missiles, flamethrowers, explosives and lots of machine guns.

By the way, a big source of IRA funding and support was the USA. But everyone has conveniently forgotten that post 9/11. Given the constant US wailing over the funding of terrorism, it'd be impolite to recall the open IRA fundraising activities that occurred in places like Boston.

7 hours ago
top

In France, Most Comments on Gaza Conflict Yanked From Mainstream News Sites

IamTheRealMike Re: Like China och USSR (345 comments)

Chinese sites remove comments themselves too. They get "guidance" from the government on what to remove. Sounds like the French situation is exactly the same: the government lays out laws saying what is and is not acceptable speech and apparently, virtually all comments on this particular conflict are unacceptable.

I think the censor here is great for revealing what's going on, but his diagnosis seems odd. He thinks there's something different about this conflict in particular that results in more comments being taken down due to their content, but simultaneously admits that it's due to laws about anti-semitism which is specific to Jewish people. Perhaps if there were laws specific to Arab people and an Arab nation started doing what Israel is doing they'd see 90% takedown rates on those stories too.

Anyway to answer your point, I'm actually struggling to see the difference between this and what happens in China. The mechanisms and underlying logic are identical. It's actually quite shocking. I had no idea moderation rates would be that high.

7 hours ago
top

New SSL Server Rules Go Into Effect Nov. 1

IamTheRealMike Re:Why? (88 comments)

To be slightly more accurate and less cynical, because their customers asked for one, and because there were no particular rules or guidelines laying out what to do with such requests thus no reason to refuse. Sure, any given CA could refuse on principle, in which case that customer would go to a competitor. That's why the CA system is regulated by browser/OS makers - to keep standards high in the presence of competitive market forces that would otherwise optimise for convenience.

2 days ago
top

Enraged Verizon FiOS Customer Seemingly Demonstrates Netflix Throttling

IamTheRealMike Alternative explanation (360 comments)

Routing traffic via the VPN changes the path the traffic flows over, possibly avoiding routes that are saturated and (who knows) pending upgrade.

It's tempting to imagine the internet as a giant blob of fungible bandwidth, but in reality it's just a big mess of cables some of which are higher capacity than others. Assuming malice is fun, but there isn't enough data here to say one way or another.

2 days ago
top

Internet Explorer Vulnerabilities Increase 100%

IamTheRealMike Re: Eh? (137 comments)

Did YOU look at the graph? The bars are comparing all of 2013 against the first half of 2014 (obviously, as the second half is in the future). So the fact that IE already matched last year's record is where the 100% figure comes from - it's another way to say "doubled". Unless the second half of 2014 has a lower exploit rate then the conclusion will be correct.

3 days ago
top

Privacy Lawsuit Against Google Rests On Battery Drain Claims

IamTheRealMike Re:Privacy is dead (175 comments)

The same exact reasoning to justify TSA

They're incomparable. TSA is mandated by governments, you have no choice in the matter. Using a particular brand of smartphone is not. You are free to use a smartphone that doesn't use Google services and indeed are free to buy a Nexus 5 and then say "no" to the billion and one "trade data for feature?" prompts that appear when switched on the first time. No government goon is going to step in and insist that you send all your data to Google.

In fact, if you would prefer a smartphone that has a different data/features tradeoff then - conveniently! - Google provides a rather good open source operating system for free that you can use to build one. If others feel the same way you do you can even sell them without paying Google a dime.

4 days ago
top

Black Hat Presentation On Tor Cancelled, Developers Working on Bug Fix

IamTheRealMike Re:popular online privacy tool Tor (51 comments)

Depends how you define "very popular" I guess. The most popular way to bypass state-level censorship in the Arab world and elsewhere is a product called HotSpot Shield. When Turkey blocked Twitter some time ago, HSS experienced 1000% growth and reached 1.1 million installs in the iOS App Store alone within only four days, with 800,000 regular users.

In contrast Tor went from 30,000 to 40,000 "direct connects" from Turkey.

HSS doesn't get much press in the geek world as it's just a plain old VPN run by a company in California that inserts ads into people's web pages to pay for the bandwidth costs. But usage wise it utterly dominates Tor.

4 days ago
top

For Now, UK Online Pirates Will Get 4 Warnings -- And That's It

IamTheRealMike Re:So the idea is that.... (143 comments)

RTFS? It says that in the summary. The goal here is to alert people who don't know their internet connection is being used for piracy and who aren't OK with freeloading, parents being the given example.

5 days ago
top

Snowden Seeks To Develop Anti-Surveillance Technologies

IamTheRealMike Re:"Develop" or "Instigate the development of"? (129 comments)

Nothing I have read about Snowden indicates that he is actually some sort of uber-hacker

Except the stuff about how a 29 year old completely pwnd the NSA, probably the most technically sophisticated part of the US Government there is?

Sheesh. Your standards are high. What would it take, exactly?

Additionally, just because you have read nothing about his programming skills doesn't mean he has none. He once mentioned finding XSS holes in some CIA app so apparently he is good enough to do that.

about a week ago
top

Snowden Seeks To Develop Anti-Surveillance Technologies

IamTheRealMike Re:New SSL root certificate authority (129 comments)

There are already plenty of CA's in countries that are not under US jurisdiction. However, so far the CA's that issued bad certs were all outside the USA, and appear to have only done so because they got hacked and not because they were e.g. forced to by court order.

Unless you have a magical solution to hacking I don't think your new root CA would solve much.

Additionally, citation needed for "routine man in the middle". SSL MITM has been studied by academics at scale. They did not find evidence of much. Governments don't need to MITM SSL for as long as users browse non-SSLd sites like Slashdot and browser exploits exist.

about a week ago
top

Russian Government Edits Wikipedia On Flight MH17

IamTheRealMike Re:lol (667 comments)

try googletranslating http://lb.ua/news/2014/07/20/2... [lb.ua] - ukrainian army detains 23 terrorists. somehow all 23 turn out to be citizens of the russian federation.

That page is merely reporting a press release from the Ukrainian government in Kiev. Are you suggesting we should treat everything they say as factually true?

let's bisect the other thing you said - "at most Russia is supplying weapons to them".
"at most". as if they were given bows and arrows. they get armoured vehicles. they get... tanks. they get bloody sam systems that can reach targets up to 25km.

Yes. That's what I said. Perhaps this is a language issue.

Whatever is happening in Ukraine it is not a full-blown invasion by Russia in the "classical" style that Iraq or Afghanistan were. That would be far more obvious. It seems to be much more similar to what's been happening in Syria where the west has been supplying weapons, training and expertise to anti-Assad groups there. If you were to say the west has "at most been supplying weapons and training to the Syrian rebels" you would be correct, given that (fortunately) Syria was not invaded by a foreign army.

about a week ago
top

Russian Government Edits Wikipedia On Flight MH17

IamTheRealMike Re:lol (667 comments)

Not exactly. There is a distinct difference between a soldier and a combatant. A soldier is trained and is a member of a standing military. The separatists can at best be described as "irregulars", or insurgents or rebels if you want to go with slightly more charged terminology.

Yes, really? With that definition it'd be impossible for a new military to ever be created, because anyone who joins and fights with one is not joining a standing army therefore cannot be soldiers. That is obviously nonsense, it must be possible for someone to be a soldier in a newly formed army, which is what it looks like is happening here.

Additionally, you claim that the fighters in Donetsk cannot be soldiers because soldiers are trained, and then immediately claim they're receiving training from Russia. So which is it?

And given the fact that the missiles were launched from inside territory controlled by the rebelsis a very important detail. Why would the Ukrainians have anti-air equipment deployed in an area they do not control, against an enemy with no air power?

You're quite right - it probably was the separatists. This does not change the accuracy of the Wikipedia edit that's being discussed, because unless/until the separatists win, they are still Ukrainians.

Although I'd note that given the amount of bullshit emanating from all sides in this conflict it's hard to really know anything about what's going on. The area of Ukraine that's in revolt is next to the Russian border, which is exactly where you'd expect the Ukrainian military to have had lots of soldiers and equipment stationed. Missiles might have been trucked over the Russian border, or they might simply have been there already. The separatists might be being trained by Russians (this would be unsurprising and not exactly unprecedented - see how the USA supported rebels in Syria), or alternatively they might be operating the equipment without really knowing what they're doing - indeed, having no clue what you're targeting would be rather indicative of not being properly trained, no? Or perhaps they're being trained by people who are ethnically Russian but lived in Ukraine at the time of the rebellion, or one of many other more complex cases that won't neatly fit into the "Putin fired the missiles himself" story the west is busy pushing.

All we can say for sure is that whatever you read about this incident is going to be full-blown propaganda, and should be treated as such.

about a week ago
top

Russian Government Edits Wikipedia On Flight MH17

IamTheRealMike lol (667 comments)

I don't think Russian state media should be editing Wikipedia entries especially not on matters of current affairs.

But still, interpreted literally the new statement is far more factually correct and unbiased than what it replaced. Whoever shot down the plane, they were "soldiers" or fighters of some variety and almost certainly can be described as Ukrainian, given that everyone seems to agree that the fighters are actually eastern Ukrainians and at most Russia is supplying weapons to them.

The original text, on the other hand, more or less exactly sums up western/west Ukrainian line despite the obvious abuse of the word terrorist to mean "rebel fighter" and the [citation needed] assertion about who did it and the source of the weapons.

about a week ago
top

Critroni Crypto Ransomware Seen Using Tor for Command and Control

IamTheRealMike Re:Time to get rid of Tor (122 comments)

There is no need to get rid of Tor: in theory, Tor could have a "hidden service policy" mechanism not much different to the exit policy mechanism. HS Policies would allow a node operator to state that they aren't willing to act as an introduction point for a list of hidden services (or point to lists maintained elsewhere to stop fast-flux type behaviour).

Tor already accepts that not all relay operators will want to support all kinds of behaviour and that some kinds of traffic can be abusive, that's why they implement exit policies which allow exits to ban port and IP ranges. Taking this philosophy to hidden services seems like the next natural step. After all, Tor volunteers are ultimately acting as human shields for other people's anonymous behaviour. Requiring them to shield everything just restricts the number of people who would be willing to donate bandwidth to general privacy but are not interested in enabling botnets.

about a week ago
top

Linux Needs Resource Management For Complex Workloads

IamTheRealMike Re:This obsession with everything in RAM needs to (161 comments)

Not sure what you're getting at, but the Azul collector is well known for pulling off apparently magical GC performance. They do it with a lot of very clever computer science that involves, amongst other things, modifications to the kernel. I believe they also used to use custom chips with extended instruction sets designed to interop well with their custom JVM. Not sure if they still do that. The result is that they can do things like GC a 20 gigabyte heap in a handful of milliseconds. GC doesn't have to suck.

about a week ago
top

New Digital Currency Bases Value On Reputation

IamTheRealMike That's Ripple (100 comments)

Ripple, before the name was bought by a Silicon Valley company and changed into something a bit different, was more or less exactly this.

There's a video on the original web page that explains this concept quite nicely. You could set up debt relationships between people and denominated in any currency, including ones you invent on the fly like hours of The Real Mike's time. However it never really took off in a big way, perhaps because it was rather complicated, and bootstrapping such a system from the internet (full of strangers who don't know each other, don't trust each other and may not even exist) is presumably very difficult.

However if the concept sounds interesting you could do worse than check out the original thinking by Ryan Fugger behind Ripple. Satoshi once told me that Ripple was interesting because it was the only system that does something with trust other than centralise it.

about a week ago
top

Ask Slashdot: How Many Employees Does Microsoft Really Need?

IamTheRealMike Re:Shitpost is shit (272 comments)

Yes the question posed is ridiculous, akin to asking how long is a piece of string.

Regardless, the submitter has created a space in which we can choose either to flame him/her (achieving nothing) or we can choose to have an interesting and useful debate on things like how companies slow down as they scale, whether there should be mandatory size limits on companies a la KSR's Red Mars trilogy, to what extent this move is an indictment of the Ballmer era, to what extent Microsoft's competitors i.e. Google might be suffering over-staffing and so on. Many interesting topics.

So. Who's first?

about two weeks ago
top

Russia Prepares For Internet War Over Malaysian Jet

IamTheRealMike Re: 04.10.2010 (503 comments)

Both Russia and the USA have a history of supporting rebellions and shooting down passenger jets. America's was an Iranian Airbus.

about two weeks ago

Submissions

top

Fake PGP keys for crypto developers found

IamTheRealMike IamTheRealMike writes  |  about 4 months ago

IamTheRealMike (537420) writes "In recent months fake PGP keys have been found for at least two developers on well known crypto projects: Erinn Clark, a Tor developer and Gavin Andresen, the maintainer of Bitcoin. In both cases these PGP keys are used to sign the downloads for popular pieces of crypto software. PGP keys are supposed to be verified through the web of trust, but in practice it's very hard to find a trust path between two strangers on the internet: one reply to Erinn's mail stated that despite there being 30 signatures her key, he couldn't find any trust paths to her. It's also very unclear whether anyone would notice a key substitution attack like this. This leaves three questions: who is doing this, why, and what can be done about it? An obvious candidate would be intelligence agencies, who may be trying to serve certain people with backdoored binaries via their QUANTUMTHEORY man-in-the-middle system. As to what can be done about it, switching from PGP to X.509 code signing would be an obvious candidate. Both Mac and Windows support it, obtaining a forged certificate is much harder than simply uploading a fake PGP key, and whilst X.509 certs can be issued in secret until Google's Certificate Transparency system is fully deployed, finding one would be strong evidence that an issuing CA had been compromised: something that seems plausible but for which we currently lack any evidence. Additionally, bad certificates can be revoked when found whereas beyond making blog posts, not much can be done about the fake PGP keys."
top

No back door in TrueCrypt

IamTheRealMike IamTheRealMike writes  |  about 9 months ago

IamTheRealMike (537420) writes "Previously on Slashdot, we learned that the popular TrueCrypt disk encryption tool had mysterious origins and security researchers were raising money to audit it, in particular, to verify that the Windows binaries matched the source. But a part of the job just became a lot easier, because Xavier de Carné de Carnavalet, a masters student at Concordia University in Canada has successfully reproduced the binaries produced by the TrueCrypt team from their public sources. He had to install exactly the same compiler toolchain used by the original developers, to the extent of matching the right set of security updates issued by Microsoft. Once he did that, compiling the binary and examining the handful of differences in a binary diffing tool revealed that the executables matched precisely beyond a handful of build timestamps. If there's a backdoor in TrueCrypt, it must therefore be in the source code itself — where hiding it would be a significantly harder proposition. It thus seems likely that TrueCrypt is sound."
top

Are the NIST standard elliptic curves back-doored?

IamTheRealMike IamTheRealMike writes  |  about a year ago

IamTheRealMike (537420) writes "In the wake of Bruce Schneier's statements that he no longer trusts the constants selected for elliptic curve cryptography, people have started trying to reproduce the process that led to those constants being selected ... and found it cannot be done. As background, the most basic standard elliptic curves used for digital signatures and other cryptography are called the SEC random curves (SEC is "Standards for Efficient Cryptography"), a good example being secp256r1. The random numbers in these curve parameters were supposed to be selected via a "verifiably random" process (output of SHA1 on some seed), which is a reasonable way to obtain a nothing up my sleeve number if the input to the hash function is trustworthy, like a small counter or the digits of PI. Unfortunately it turns out the actual inputs used were opaque 256 bit numbers, chosen ad-hoc with no justifications provided. Worse, the curve parameters for SEC were generated by head of elliptic curve research at the NSA — opening the possibility that they were found via a brute force search for a publicly unknown class of weak curves. Although no attack against the selected values are currently known, it's common practice to never use unexplainable magic numbers in cryptography standards, especially when those numbers are being chosen by intelligence agencies. Now that the world received strong confirmation that the much more obscure and less widely used standard Dual_EC_DRBG was in fact an NSA undercover operation, NIST re-opened the confirmed-bad standards for public comment. Unless NIST/the NSA can explain why the random curve seed values are trustworthy, it might be time to re-evaluate all NIST based elliptic curve crypto in general."
top

BitCoin reaches dollar parity

IamTheRealMike IamTheRealMike writes  |  more than 3 years ago

IamTheRealMike (537420) writes "The BitCoin peer to peer currency briefly reached exchange parity with the US dollar today after a spike in demand for the coins pushed prices slightly above 1 USD:1 BTC. BitCoin was launched in early 2009, so in only two years this open source currency has gone from having no value at all to one with not only an open market of competing exchanges, but the ability to buy real goods and services like web hosting, gadgets, organic beauty products and even alpaca socks."
Link to Original Source
top

Graduate students being warned away from leak

IamTheRealMike IamTheRealMike writes  |  more than 3 years ago

IamTheRealMike (537420) writes "The US State Dept has started to warn potential recruits from universities not to read leaked cables, lest it jeopardise their chances of getting a job. They're also showing warnings to troops who access news websites and the Library of Congress and Department of Education have blocked WikiLeaks on their own networks. Quite what happens when these employees go home is an open question."
Link to Original Source
top

Julian Assange rape arrest dropped

IamTheRealMike IamTheRealMike writes  |  more than 3 years ago

IamTheRealMike (537420) writes "The BBC reports that "Swedish authorities have cancelled an arrest warrant for Wikileaks founder Julian Assange on accusations of rape and molestation. The Swedish Prosecution Authority website said the chief prosecutor had come to the decision that Mr Assange was not suspected of rape." — that was fast!"
Link to Original Source
top

BD+ resealed once again

IamTheRealMike IamTheRealMike writes  |  about 5 years ago

IamTheRealMike (537420) writes "It's been a few months since we last checked in on how the BluRay group were doing in their fight against piracy, so it's time to see how it's going. At the time, a new generation of BD+ programs had stopped both SlySoft AnyDVD HD and the open source effort at Doom9. That was December 13th 2008. At the start of January, SlySoft released an update that could handle the new BD+ programs, meaning that BluRay discs were undecryptable for a period of about three months in total — the same length as SlySofts worst case scenario. The BD+ retaliation was swift but largely ineffective, consisting of a unique program for every BluRay master. Users had to upload log files for every new movie/region to SlySoft, who would then support that unique variant in their next update, usually released a few days later. Despite that, the open source effort never did manage to progress beyond the Winter 2008 programs and is currently stalled completely, thus SlySoft are the only group remaining. This situation remained for several months, but starting around the same time as Paramount joined Fox in licensing BD+ a new set of programs came out which have once again made BluRay discs unrippable. There are currently 19 movies that cannot be decrypted. It appears neither side is unable to decisively gain the upper hand, but one thing seems clear — only full time, for profit professionals are able to consistently beat BD+. Unless SlySoft or a licensed vendor release a BluRay player for Linux it appears the only way to watch BluRay movies on this platform will be to wait for them to become pirateable."
top

BD+ successfully resealed

IamTheRealMike IamTheRealMike writes  |  more than 5 years ago

IamTheRealMike (537420) writes "A month on from the story that BD+ had been completely broken, it appears a new generation of BD+ programs has re-secured the system. A SlySoft developer now estimates February 2009 until support is available. There's a list of unrippable movies on the SlySoft forums, currently there are 16. Meanwhile, one of the open source VM developers seems to have given up on direct emulation attacks, and is now attempting to break the RSA algorithm itself. Back in March SlySoft confidently proclaimed BD+ was finished and said the worst case scenario was 3 months work: apparently they underestimated the BD+ developers."
top

IamTheRealMike IamTheRealMike writes  |  more than 7 years ago

IamTheRealMike (537420) writes "Rose George has written a fascinating tour of the sewers of London — rarely seen yet essential to life. But the sewers are in decline, with the last of the flushermen who know their inner workings about to retire. Although some of the work is now done by robots and contractors, can anything replace the experience of the men who roam the tunnels by night destroying fat blockages, searching for leaks and repairing the underground labryrinths below our cities?"
top

IamTheRealMike IamTheRealMike writes  |  more than 7 years ago

IamTheRealMike (537420) writes "As one of the worlds most prolific producers of oil, Saudi Arabian production is of vital importance to maintaining our standard of living in the west. A new analysis from Stuart Staniford appears to show large, fast declines in production throughout 2006 that are uncorrelated with price, world events or OPECs own announced production cuts (in fact, no evidence for those cuts occurring is found at all). Given that the apparent steep decline (8%/year) matches the rates seen in other areas where horizontal drilling and water injection were used, and high prices give the Kingdom every incentive to produce, is this the beginning of the end for Saudi oil?"

Journals

IamTheRealMike has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...