×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Tor Network May Be Attacked, Says Project Leader

Kjella Re:TOR is a fucking honey pot ! (83 comments)

You do realize that most "darknets" are built on a "bust one, bust all" model? Pretty much the only security is that the bad guys aren't in your darknet, they've never reached a popularity where there's any plausible deniability. The only other people likely to be in your darknet are the other members of your terrorist cell or whatever you're part of, it has never offered anything for "normal people" for you to hide in. And darknets have actually been used as honeypots, to make clueless people give away their IP to join a private group which turns out to be a sting. It is pretty much the exact opposite of anonymity, it's joining a conspiracy and you're at the mercy of the stupidity of everyone in it.

TOR is trying for something entirely different, which is to keep everyone at arm's length from each other. I talk to you over TOR, you get busted well tough shit they still can't find me. The users don't know the server, the server doesn't know the users. Of course by adding that glue in between you run the risk of the man in the middle working out who both ends of the connection are, but that's the trade-off. TOR is trying to do something extremely hard, it tries to offer low latency - easy to make timing attacks, arbitrary data sizes - easy to make traffic correlation attacks and interactive access - easy to manipulate services into giving responses, accessible to everyone and presumably with poison nodes in the mix. It's trying to do something so hard that you should probably assume it's not possible, not because they have any special inside access.

I actually did look at trying to do better, it was not entirely unlike Freenet done smarter only with onion routing instead of relying on statistical noise. It wouldn't try to be interactive so you could use mixmaster-style systems to avoid timing attacks and (semi-)fixed data block sizes to avoid many correlation attempts but I never felt I got the bad node issue solved well. TOR picks guard nodes, but it only makes you bet on a few horses instead of many. It was still too easy to isolate one node from the rest of the network and have it only talk to bad nodes, at which point any tricks you can play is moot because they see all your traffic. Even a small fraction of the nodes could do that on a catch-and-release basis and I never found any good countermeasures.

yesterday
top

Ask Slashdot: Resources For Kids Who Want To Make Games?

Kjella South Park: "Freemium isn't free" (112 comments)

Just show him the South Park episode "Freemium isn't free" and he'll learn all about modern game mechanics, along with a few lessons in economics and marketing. Before you know it he will be pushing his game in the school yard like a pro.

yesterday
top

Tesla About To Start Battery-Swap Pilot Program

Kjella Re:The logical answer is... (127 comments)

False dichotomy, the test may be inconclusive. /pedantry

yesterday
top

Tesla About To Start Battery-Swap Pilot Program

Kjella Re:Interesting... (127 comments)

From what they've said before they expect you to eventually return to pick up your original batteries on your way home, though they haven't said how long you can keep driving on your loaners. If you don't they'll create some kind of fee to offset the condition between the battery pack you had and the one you got. If you're permanently relocating and make arrangements I'm sure they'll offer some kind of system to choose a battery in roughly the condition you had if you want it to be free or to swap for a brand new one if you want to restore max range at your final destination. Otherwise you could swap a 7 years old/100k miles battery for an almost new one for free, that wouldn't be right.

yesterday
top

Tesla About To Start Battery-Swap Pilot Program

Kjella Re:3 minutes is slow? (127 comments)

It's not about getting it done in 3 minutes, it's about being 3rd in line at 7:20am with 35 minutes left on your drive to work.

If your commute involves a battery swap for a Tesla you should really consider changing jobs. I'm guessing it's more about the weekend rush, Friday afternoon lots of cars will be going on long range trips and return Sunday evening, I'm guessing a battery swap pad is a lot more involved than a gas station pump so they won't have very many of them. They did run a test here recently driving a Tesla ~1000 miles and they said it all worked well but there was a lot of waiting, for every 2-3 hours of driving there's was one hour of charging. I know that when we drive to the capital it takes ~7 hours and we have one 30-45 minute stop, if they could swap batteries on at least one stop they'd be down to one hour charging per 4-6 hours of driving which would roughly be the break time we'd want with an ICE car too. But Friday afternoon I'm one of a thousand lemmings trying to get out of the city, it better go fast.

yesterday
top

Hackers' Shutdown of 'The Interview' Confirms Coding Is a Superpower

Kjella Re:Is a lame Seth Rogen flick worth dying for? (214 comments)

The first amendment only says "Congress shall make no law..." but everybody understands you don't have much freedom of speech if you end up hanging from the nearest tree afterwards. Because the law isn't supposed to shield me from lawful retaliation like a boycott only retaliation that's already illegal you don't need a specific law for that. But everybody realizes that targeted action against those who exercise a particular freedom is trying to encroach on that freedom. Of course the government can just wash their hands and say we weren't the angry mob holding the rope, but it wouldn't be a very good government.

Any time you refrain from a lawful action because of the risk or threat of illegal action is a failure of the system of law IMHO. If I can't walk through a part of the city at night they're failing to keep the street safe. If they can't show this movie at the cinema without the risk of terrorism they're failing to keep the country safe. At least if it's a genuine risk and not chicken little screaming that the sky is falling, I mean you can't expect them to be everywhere and prevent every crime everyone's trying to commit. And I don't want to sell out all my rights in an attempt to make it so either. There could be a price for not caving but there's a price for caving too, the terrorists don't need to take away your freedoms if your too afraid to use them anyway.

2 days ago
top

Critical Git Security Vulnerability Announced

Kjella Re:I blame Microsoft (145 comments)

Yes. There is only one possible name for addressing a file. For a case-aware, but case insensitive, you get up to 2^n variants for a name n letters long. And you _can_ have the same name with different capitalization in a directory as result of errors.

Funny, since Linux does everything it can to break a canonical name model with symlinks. In fact, you could mimic a case-insensitive system with 2^n symlinks like /foo/bar/COnFiG -> /foo/bar/config. And the captialization is the cause of errors in mixed environments:

1) Create file on Windows called "Foobar.txt".
2) Copy it to your Linux machine.
3) Rename it to "FooBar.txt"
4) Do lots of work on the text
5) Copy it to your Linux machine
6) Copy the Linux directory back to Windows.

There's now a 50-50 chance that your work just got overwritten by old crap from step 2). Of course you might argue that Windows is the problem here since it wouldn't happen on two Linux systems, but then it wouldn't happen on two Windows systems either. They just don't play nice with each other.

2 days ago
top

Critical Git Security Vulnerability Announced

Kjella Re:Unrelated to Github (145 comments)

Tag: NOTABUG and WONTFIX. Case aware filesystems so you can have normal names and not like AUTOEXEC.BAT and CONFIG.SYS from the DOS days is great, case sensitive file systems are a really bad idea. Is there any kind of sane situation where you'd like to have two files "Config" and "config" actually coexist that isn't just begging to be confused/abused/exploited? For a marginal performance optimization all POSIX systems have shitty usability. Why am I not surprised? I guess for a server it just doesn't matter, but for the desktop you should file this as a bug against Linux, not Windows and OS X.

2 days ago
top

Research Highlights How AI Sees and How It Knows What It's Looking At

Kjella Re:seems a lot like human vision to me (129 comments)

I think it was fairly clear what was going on, the neural networks latch on to conditions that are necessary but not sufficient because they found common characteristics of real images but never got any negative feedback. Like in the peacock photo the colors and pattern are similar, but clearly not in the shape of a bird but if it's never seen any non-bird peacock colored items how's the algorithm supposed to know? At any rate, it seems like the neural network is excessively focusing on one thing, maybe it would perform better if you divided up the work so one factor didn't become dominant. For example you send outlines to one network, textures to a second network and colors to a third network then using a fourth network to try learning which of the other three to listen to. After all, the brain has very clear centers too, it's not just one big chunk of goo.

3 days ago
top

What Will Microsoft's "Embrace" of Open Source Actually Achieve?

Kjella Re:Oblig ... (216 comments)

"First they ignore you, then they ridicule you, then they fight you. Then you lose and kill yourself."
- Hitler (well, not really)

I never understood what that Gandhi quote is so popular, sure that's what a victory looks like out the rear view mirror but most defeats start just the same.

3 days ago
top

Verizon "End-to-End" Encrypted Calling Includes Law Enforcement Backdoor

Kjella Re:It's required (166 comments)

It was the 1960s. You were lucky to have a 300 baud modem, they wanted to save two bits by chopping the "19" off 1960 and encryption was regulated as munitions. Heck, even in the 1990s they wanted to restrict my browser to 40 bits so I didn't have "export grade" cryptography. I still hear cost for servers and battery life on clients as an argument for why sites don't move to HTTPS, The very idea to build the Internet with strong encryption by default was ridiculous on technical merits and I don't recall anyone even suggesting it so feel free to quote some sources.

Yes, MITM attacks are possible. But unlike wiretapping they're also detectable and I don't just mean in the theoretical sense. You could still use CAs to "boost" the credibility of an IP encryption key fingerprint (The CA signs my cert, I sign a message saying my IP uses fingerprint aa:bb:cc:dd:ee:ff), you can verify by proxy (connect to your server from friends/family/open wifi/proxy or ask a third party to what certificate fingerprint they see) or you can use in-band ad hoc verification. For example you're in a chat and it says at the top "finger print for this session is aa:bb:cc:dd:ee:ff" you might say "reverse it and you get ff:ee:dd:cc:bb:aa" or "third pair is a double c" or "last two are 255 in hex" as part of the conversation. Even better if it's voice communication, think they can MITM a buddy saying the fingerprint?

MITM only works if there's a protocol you can use to automatically block/filter any information about the key. For example imagine you take a photo, overlay the fingerprint semi-transparently and display it on your website. Now they have to create a very custom solution for your site to create an identical photo to replace it with. Transparent MITM in an interactive process - not just your cell phone checking your mail - is going to be really tough to do on a mass scale. It won't have the perfect theoretical characteristics, but it sure will work for most people most of the time.

4 days ago
top

Microsoft Gets Industry Support Against US Search Of Data In Ireland

Kjella Re:A different kind of justice for multinationals (137 comments)

If so, this boils down to can a court compel a property owner to direct his property to do something (such as forward a document in that properties possession), even if the property happens to be in another country?

That depends. For example many countries have laws regarding historical artifacts, you can own them but you can't take them out of the country. Or you can legally buy cryptography chips in the US that needs an export license. Just because Microsoft Ireland can legally possess the customer data in Ireland, doesn't mean they're free to ship it around the world or provide access to it in violation of Irish law.

4 days ago
top

Microsoft Gets Industry Support Against US Search Of Data In Ireland

Kjella Re:Doesn't seem simple (137 comments)

The fact here is that the individual(s) are refusing to provide access to the data voluntarily which requires the authorities to obtain it by force. This tells me there's something incriminating in the data which is why they didn't just hand it over.

So either you comply "voluntarily" or your lack of compliance is used as a reason do to if forcefully, either way the cops get to do whatever they want. Maybe they should start at home and repeal the 4th amendment first?

4 days ago
top

Want To Influence the World? Map Reveals the Best Languages To Speak

Kjella Re:Interesting, but ... (148 comments)

Any concepts "lost in translation" could be easily appended as a new word to a common tounge, there's an absurd amount of redundancy in that there are hundreds (thousands?) of ways to express simple concepts like "yes". The English say yes, the French oui, the Germans ja, the Spanish si, the Russians da, the Japanese hai, the Portugese sim, the Polish tak... is there a value to this? Language barriers are sand in the machinery for any kind of human endeavour in science, technology, commerce, travel, communities and so on. The Internet has enabled me to reach billions of people but I don't know how to talk to most of them. What they have to contribute to the global village isn't easily available to the rest and they can't access the global resources we're building. I think I read once that more than half the world's science papers are now written in English.

Sure I'd probably keep my own language for all those other reasons but I'd welcome a world where everybody could talk to everybody. Sometimes a particular concept just takes a little longer in English, that's all. For example the word "dumsnill" in Norwegian, it means something like naive but that usually implies that you're simple or gullible while this word in particular means your generosity is being exploited to taken advantage of you. I might need half a sentence to explain it in English, I don't need a whole language for that. I think the idea that some concepts are only expressible in one language is rather silly, I speak three and there's always a way of getting what I want across. Even with a simple vocabulary you can usually explain more advanced concepts without looking it up in a thesaurus.

5 days ago
top

Telepresence Store Staffed Remotely Using Robots

Kjella Re:So ... (52 comments)

Remote activated tazer/stun-gun sounds interesting. Tear gas canister would also be possible I suppose... Wonder when the hostage crisis teams of the world will start to send in telepresence robots with active weapons systems...

Why? SWAT teams are already armed and armored to the teeth and will assault with massive force, it's extremely rare that any of them are killed relative to the hostages. Sending in a robot to stir the hornet's nest would only lead to a massacre, either you go in full force or you don't. It could end non-hostage situations sooner but just waiting it out until the nutcase with the gun surrenders (or suicides) seems to be pretty efficient too. I guess you could have a telepresence hostage negotiator, but a smart hostage taker wouldn't give the police a live video stream to plan and time their raid with.

5 days ago
top

The GPLv2 Goes To Court

Kjella Re:Hope they keep Stallman off the stand... (173 comments)

Are you certain of that? Bear in mind, when interpreting the Constitution of the United States, judges do look at other influencing documents from the time, like The Federalist Papers, which are not themselves legal documents.

True, but ignorance of the law is no defense. Which basically means that not only must you know the text of the law, but the entire applicable body of law, relevant precedents and current interpretation of the law. Heck, you can still end up losing a trial because the Supreme Court will disagree with your reading of an ambiguous and previously unsettled area of law so being a psychic or clairvoyant could be quite useful. They'll try interpreting the law as intended and you bear the burden if they decide your gray area is on the illegal side.

In contract law you're not assumed to know anything about the background or history of the license except as written. Sure, if you've been negotiating a contract then that communication is relevant for the interpretation as you're one of the parties but developers and users of GPL software aren't generally in contact. You download a piece of software, accept the agreement and any ambiguity in a take it or leave it license will be almost certainly be interpreted in disfavor of the one who wrote it. Unlike the lawmaking it won't be assumed that their way to read the contract is the authoritative one.

5 days ago
top

The GPLv2 Goes To Court

Kjella Re:Why not ask the authors of the GPL Ver.2? (173 comments)

Well, that part is actually not up to the GPL to define it's a key part of copyright law, if it's not derivative it's not covered by copyright so the GPL wouldn't apply.

5 days ago
top

Small Bank In Kansas Creates the Bank Account of the Future

Kjella Re:Congratulations you've invented the credit card (156 comments)

I've always kind of wanted a bank account with built-in credit-card functionality. No overdraft fees possible, rather you pay credit-card style interest when your balance is negative, and earn bank-style interest when your balance is positive. Of course, this is unlikely to be offered for just that reason... to the banks, overdraft fees are a profit center :(

That's fairly common here in Norway if you apply for it, they call it "account credit" though you typically don't get the 30 day free delay, you pay credit interest from day one but at least your payments don't bounce. With most terminals being online it's actually pretty hard to overdraft a debit account these days, if there's no money in the account the transaction will usually be refused.

5 days ago
top

Small Bank In Kansas Creates the Bank Account of the Future

Kjella Re:Congratulations you've invented the credit card (156 comments)

More like the inverse debit card. When I pay with a debit card, money is withdrawn online there and then. Why can't we do the same for deposits and transfers? I just checked here in Norway and money only transfers between banks four times a day, 05.35, 11.05, 13.35 and 15.35. I guess that's fast enough for my uses, but if I pay a buddy at 4 PM why can't he buy a beer with it at 7 PM? It's not like it takes three hours to make a transaction. I understand that settling balances is hell when things change 24x7 but surely there must be some way to deal with that.

5 days ago
top

Sony Pictures Leak Reveals Quashed Plan To Upload Phony Torrents

Kjella Re:um yea no (130 comments)

As for your getting a DVD or better is difficult. No it's not. For example, I had a conversation earlier today that went like this. "I download the 1080p of The Equalizer last night, 9gb" "how? That isn't out yet." "Ya, almost all movies get released to the scene about a month before you can get them in the store." "Oh really, how was the movie Lucy?" In other words, almost all movies make it to the various torrents/usenet/whatever about a month before they get released, unless you get a DVD screener of it out first.

But it's usually far more than a month between theaters and DVD release. For example The Equalizer was released September 26th, DVD release is December 30th. So you get to watch it a few weeks before the others waiting for the disc, but you're still long after those who saw in in theaters stopped discussing it. Not to mention the chance of accidentally reading or hearing major spoilers, a month after release people don't put up the big spoiler warnings anymore. It sucks more for some kind of movies than others, for some that's really a downer.

5 days ago

Submissions

top

Microsoft bans Firefox on Windows ARM

Kjella Kjella writes  |  more than 2 years ago

Kjella (173770) writes "In another case of "if you can't beat them, exclude them" Microsoft has decided to not allow third party browsers on Windows ARM. The reasons cited by Microsoft's Deputy General Counsel David Heiner are: "
  • ARM processors, which power virtually all iOS, Android, and Windows Phone smartphones and tablets today, are different from the x86 chips that power PCs. The chips have new requirements for security and power management, and Microsoft is the only one who can meet those needs.
  • Windows RT — the version of Windows 8 geared for ARM devices — "isn't Windows anymore."
"

Link to Original Source
top

Chrome beats IE for first time ever

Kjella Kjella writes  |  more than 2 years ago

Kjella (173770) writes "Sunday 18th of March should go down in browser history. For the first in many years IE is no longer then #1 web browser, with Chrome narrowly beating IE with 32.71% to 32.50% while Firefox on third with 24.81%. As the figures are substantially higher for Chrome and lower for IE on weekends it's only for a day but it's another big milestone. While IE still is in a clear lead in North America and Oceania, it is tied with Firefox in Europe while Chrome now leads in Asia and South America and Firefox leads in Africa."
Link to Original Source
top

French "three strikes" back thanks to Sark

Kjella Kjella writes  |  about 6 years ago

Kjella (173770) writes "A little over a week ago, slashdot reported that the EU would forbid disconnecting users from the Internet. But even after having passed with an 88% approval in the European Parliament and passing through the European Commission, it was all undone as the European Council, led by French President Sarkozy removed the amendment before passing the Telecom package. This means that there's now nothing stopping France's controversial "three strikes" law from going into effect. What hope is there for a "parliament" where there is near unison agreement, yet can be completely disregarded so easily?"
top

Oil fall nets lame duck with free crossover wine

Kjella Kjella writes  |  more than 6 years ago

Kjella (173770) writes "The good people over at CodeWeavers set up a challenge for King George to really make the most of his last days in office. The Lame Duck Presidential Challenges are to reduce the price of gas, reduce the price of food, create more jobs, rejuvenate the housing market and bring Osama bin Laden to justice. Noone realized just how he was going to do that as most of the goals were rather ambitious, but along with the doom and gloom of recession fears one of the criteria has been met. The price of gas is now back to $2.79 per gallon in the Twin Cities so break out your SUVs and party like it's 2006. For those of you instead looking to save every buck, today Crossover is giving away all their products for free, or at least gratis for the FSF fans out there. Already they're down to a light web page due to Digg, surely we can do better than that."

Journals

Kjella has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?