Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Why Screen Lockers On X11 Cannot Be Secure

Xylantiel Re:If it's accessing your X server, it's elevated (367 comments)

The lock screen and the login screen are different things in X. Typically on X ctrl-alt-backspace will kill the X server and give you a fresh login screen. I always thought that the assumption is that propagating this behavior from login to unlock has too many gotchas to be worthwhile. In an environment where security is essential, you should always log out instead of locking and hit ctrl-alt-backspace before you log back in.

2 days ago

Jim Blasko Explains BitCoin Spinoff 'Unbreakable Coin' (Video 1 of 2)

Xylantiel Useful changes (55 comments)

How about a cryptocurrency that targets an inflation rate that is known to be economically stable, say 2%, by standardizing on a openly evaluated standard basket of goods. You know, how actual currencies work but without the middlemen of the reserve banks. Most of the discussion of cryptocurrencies don't even distinguish growth of money supply from inflation, even though they are two entirely different (though related) things. The cryptocurrencies currently termed "inflationary" just grow their money supply. That's not even what is meant by "inflation" when discussing real currencies like the dollar or the euro.

about two weeks ago

Google Releases More Windows Bugs

Xylantiel Re:Particularly given their Android response (263 comments)

The other option is that Microsoft could acknowledge reality - they are not fixing things fast enough to resist targeted attacks. MS's statement about it "not being seen in the wild" demonstrates that they don't understand the current state of exploits. Google's hypothetical attacker is one who will go to lengths to keep an exploit from being used specifically so that MS won't fix it. Also a monthly schedule for updates is a huge liability against such an attacker, as they know their window of opportunity. MS is stuck in the old model that an exploit is not important unless it has been seen in the wild. While that is all well and good for preventing worms from spreading (and therefore protecting MS's image) it is not good enough to protect your company's data from a targeted attack that can buy or discover a zero-day vulnerability. That is reality.

Another way to look at it is that people using MS stuff have chosen interoperability over security. Thus the longer patch testing cycle, and the once-a-month updates. Therefore they shouldn't be surprised when it is demonstrated that... they chose interoperability over security.

about two weeks ago

Google Glass Is Dead, Long Live Google Glass

Xylantiel Re:Screw them (141 comments)

You seem to have missed the fact that even with the early google search, they used javascript tricks to send every click on a link back to google. That is pretty darn close to spying, since it was not obvious that they were doing this. You don't seem to have noticed that you were being spied on.

So the model for search as well as for gmail was the user trading their privacy for a service. Thus "built on the concept of invading privacy". I think this is a much more even trade on the search side - I'm not averse to reporting to google which of their search results I looked at for a given query before I left the page. That provides better search. But I think one can make an argument that even offering a service in which you are scanning the user's email to market things to them is inherently evil. If you found out your IT staff at a company was just trolling through email for anything you would fire them in a second. Then it just went downhill from there. Though Big Brother Facebook beat Big Brother Google in the race to the bottom.

about two weeks ago

Google Throws Microsoft Under Bus, Then Won't Patch Android Flaw

Xylantiel Re:No, it doesn't!!! (629 comments)

The fact is that the vendor you purchased your device from (Verizon) actively discourages third-party updates is between you and them. In most cases you cat jailbreak your device and install cyanogenmod, which is pretty similar to what you describe. The status of vendor-supplied updates has been discussed since the inception of Android. Google has mostly made the situation better compared to before Android, since updates for many devices are now controlled by the hardware vendor instead of the network provider. When you purchased your device, you chose to get something from a vendor (Verizon) who is well-known to be hostile to its customers. Don't complain that google didn't save your bacon. You could have bought a Google nexus 7, which is still getting updates, though the latest makes the old ones too slow to use. (In fact they did save your bacon, because you could just root your device to install cyanogenmod. Except that it appears that verizon patched the hole that was being used to root it! Wow that's hostile.)

In the case of Windows, you probably purchased your machine from someone like Dell (not comcast, which would be the closest analog of Verizon in the PC world) and it at least purported to have software from a separate vendor, Microsoft. Verizon, by locking the bootloader, actively prevents you from using system software from another vendor.

about two weeks ago

Fewer Grants For Young Researchers Causing Brain Drain In Academia

Xylantiel Re:From experience (153 comments)

And, to add to the perverse outcomes, when you move on to another place, the one you just left gets the renewal/continuation grant instead of you and the funding agency wonders why it doesn't produce anything.

about three weeks ago

Netflix Cracks Down On VPN and Proxy "Pirates"

Xylantiel Re:Funny how "free trade" is not on this level (437 comments)

Buy? What is this buy thing that you speak of? We only rent our culture at this point, it's all actually owned by corporations. Or put a more serious way: does havig something available on netfix even count as being distributed for copyright purposes? I didn't think that movie theater shows did, since they are technically private exhibitions. I think HBO does, but what about netflix?

about a month ago

Congress Passes Bill Allowing Warrantless Forfeiture of Private Communications

Xylantiel Re:PRIVATE encryption of everything just became... (379 comments)

I think typically each file would be encrypted with a separate symmetric key. Then you can choose who is able to decrypt it by sticking a header with this key encrypted for various public/private key pairs. Then all you have to do is remove one of the encrypted keys, not re-upload the whole file.

As far as I know asymmetric encryption is never used the way you say in practice. It is too slow. It is used to encrypt a key for a symmetric cipher that is then used to encrypt the actual data. And that "combining your private key and their public key" statement is nonsense. Your private key is useless for securing information originating from you, since your public key is, well, public. It is useful for authenticating that information came from you, which is independent of recipient.

This is all setting aside the fact that once a party has access to some data, "revoking" that access has a sortof squishy meaning because they can just keep a copy of what they retrieved before.

about a month and a half ago

MIT Removes Online Physics Lectures and Courses By Walter Lewin

Xylantiel Re:Just wondering... (416 comments)

I would expect removing them would be to prevent anyone else being a victim. Rather than marking every page with him on it with a "warning this former faculty was found to have sexually harassed students," the prudent course of action is to shut it all down and sort things out later. While Lewin is no longer active in the courses, they are still active courses and a student might approach him if they didn't know about the issue. There are plenty of other physics faculty at MIT that can fill in the content.

about a month and a half ago

James Watson's Nobel Prize Medal Will Be Returned To Him

Xylantiel Re:One good turn... (235 comments)

But until recently people usually had equity in their home, so it wasn't a net negative, since the home itself has value and can be sold for more than the cost of paying off the mortgage. But since the financial crisis, there is a decent segment of the population that have negative equity

about a month and a half ago

Comcast Forgets To Delete Revealing Note From Blog Post

Xylantiel Re:only an idiot would buy services from comcast / (114 comments)

Well just so you know, I tried DSL via POTS and gave up (with full refund) because I couldn't get more that a few hundred kbps. I have no other cable internet vendor option other than comcast. So I'm in that category of "competition will not decrease" because there currently is no competition. (Actually the FCC probably counts my neighborhood as having DSL access, but it is a fiction.)

about 2 months ago

MasterCard Rails Against Bitcoin's (Semi-)Anonymity

Xylantiel Re:I agree (111 comments)

Right... transaction reporting. The bitcoin register is public. Everything is reported to everyone. That's how the system works.

about 2 months ago

Chromebooks Overtake iPads In US Education Market

Xylantiel Re:Google Docs (193 comments)

Another question you should ask yourself is -- is this legal under educational data privacy laws? The answer is probably not, but as usual with internet things people just ignore the laws.

about 2 months ago

Revisiting Open Source Social Networking Alternatives

Xylantiel Friendica and redmatrix (88 comments)

I have been happily using Friendica for a family network for a while. While quirky, it works, and has a bunch of stuff for interoperating with other sites including facebook and even using RSS feeds. In terms of privacy, development has moved on to redmatrix. The problem being that going to a truly privacy-oriented framework means interoperability is out.

But really it seems like the protocol and the software need to be separated so that different social networking software can interoperate. There is already some of this in friendica for protocols like identi.ca and others. Nominally redmatrix is still largely just a protocol: Zot, but the user interface is progressing.

Sad that neither of these are on this guy's list. I think the wikipedia page on open social networking services is more informative than this article.

about 2 months ago

WhatsApp To Offer End-to-End Encryption

Xylantiel Re:Wikr (93 comments)

If you think this is secure against the FBI you are kidding yourself. Since it is a closed-source app, wickr has control of your private key and they only CHOOSE not to copy it off the device. They can simply be served with a NSL to pull that info from your device. Now if you're only trying to keep things private from criminals and corporations, you're probably good.

about 2 months ago

How Facebook Is Influencing Who Will Win the Next Election

Xylantiel Re:Elections are Popularity Contests (72 comments)

Yes the advantage of a multi-party system is that not every policy decision is a nuclear war for control. Parties will ally in different ways on different issues and therefore it is less likely that partisan bickering will hold up general function of government.

But it is perhaps a bigger problem currently the the loudest and most abrasive elements have almost complete control of the public dialog. This is not really a symptom of the two-party system, but of the prevalence and power of advertising-driven media. And, back on topic, data-mining-backed advertising with extensive personal information like facebook can do is frightening.

about 2 months ago

Magnetic Field In Meteorite Provides Clues About Formation of Solar System

Xylantiel Really a question of: Where did chondrules form? (26 comments)

The linked article is not really even an article, but I think the interesting science topic is that we don't understand where chondrules form. They are somehow formed in the early solar system by melting refrectory elements together. But how and where that melting occurs in not known (http://en.wikipedia.org/wiki/Chondrule#Formation.

It is thought that the formation might be related to dissipation of magnetic fields in the protoplanetary disk or the young sun (so-called magnetic reconnection) but it is not clear. I expect this study is trying to test this type of hypothesis by attempting to ascertain the magnetic field in which the chondrules were formed.

Note that this is NOT the magnetic field causing the formation of the solar system, as stated in the summary. I have no idea where the submitter or editor got that, as it is not in the (non-)article linked. Chondrule formation is a critical process for creating building blocks of planets, but it is pretty tricky to interpret that as the "cause of the formation of the solar system."

about 2 months ago

Comcast Kisses-Up To Obama, Publicly Agrees On Net Neutrality

Xylantiel Re:Window Dressing. (258 comments)

So, yes, some of us are a bit irked that the Great Hope passed a conservative health care reform bill.....

Then you are out of touch with reality, since trying to get single-payer through would have provoked a the same sort of overwhelming ad campaign from the insurance companies that it did in the 90s. And the american public is so easily manuplated by this sort of thing that nothing would have happened.

about 2 months ago

81% of Tor Users Can Be De-anonymized By Analysing Router Information

Xylantiel Re:After Reading The Paper (136 comments)

But it probably is a problem if your opponent is a state-level actor. For example, China (and the US probably too) probably monitors connections to known tor entry/exit nodes. Given the attack mentioned, someone using tor in china is safe as long as the server being contacted is known to not be acting in concert with the adversary. However, if the server (or its connection to the tor entry/exit nodes) is also under control of the same adversary, then the connection can be de-anonymized. So this is a problem for chinese bloggers blogging on chinese blogs, but not so much on foreign blogs hosted outside china. Though it appears blog traffic would probably be too small to facilitate a successful attack.

about 2 months ago


Xylantiel hasn't submitted any stories.


Xylantiel has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?