×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

In Iowa, a Phone App Could Serve As Driver's License

akpoff QR Code or Similar (207 comments)

I'd prefer a card and electronic version with name, photo and QR Code (with human-readable number below) that an officer could scan or type in could link to the appropriate government database that has all the rest of the info. The user could choose which to present.

There's no reason to have a document with your address and phone number to permit driving or function as ID. Every cop car I see has a laptop and wireless access. Easy to look-up and verify.

We'd have to figure out how to let legitimate 3rd parties (e.g., banks, employers) access the db securely without the ability to access too much information. Still, even if we gave them full access to address and phone details it's no worse than the current situation and better in many.

about a week ago
top

Launching 2015: a New Certificate Authority To Encrypt the Entire Web

akpoff Re:Replace Cisco, and Akamai and then maybe.. (212 comments)

Cisco's involvement makes sense. They're pushing hard into "Internet of Things". They won't want the bad publicity or financial risk of delivering unsecured configuration UIs. Sure, they could install self-signed certificates but browser warnings about self-signed certs will generate support calls. If they can get the root cert into the other browsers (and as one poster above noted, it seems likely with this line-up), free certificates for the asking solves the problem.

Akamai, not sure what they get out of it. Perhaps just improved end-to-end security.

For the EFF, it's pretty obvious. They're pushing https everywhere. Working with heavyweights like Cisco and Akamai furthers that goal. Having the EFF involved will at least ensure the new CA is looked at by geeks and privacy folks.

I have no complaints. At least not until the details are fully known. Hopefully no complaints then either.

about a month ago
top

First Release of LibreSSL Portable Is Available

akpoff Re:Donate (101 comments)

Development of portable versions of other OpenBSD projects doesn't appear to have suffered.[1] What makes you think LibreSSL will be any different?

[1] The OpenBSD Foundation:
OpenSSH
OpenNTPD
OpenSMTPD

about 5 months ago
top

Elderly Mice Perk Up With Transfused Blood

akpoff Re:Vampirism (178 comments)

My first thought as well: Methuselah's Children. IIRC this is where we first meet Lazarus Long.

In the story Lazarus Long and others are long-lived due to breeding program that financially rewards people whose parents and grandparents are long-lived who marry. For many years they stay under the radar of popular society and government but when they're found out no one will believe it's genetic. Rather they believe the long-lived must have some secret.

The long-lived escape Earth on a stolen spaceship. While they're gone scientists discover that blood transfusions extend life. And as ffactoid noted, it only became popular and viable once artificial blood becomes generally available.

about 7 months ago
top

Theo De Raadt's Small Rant On OpenSSL

akpoff Re:Summary. (301 comments)

Read Ted Unangst's analysis. You don't have to do anything special to trigger the bug when using a normal malloc rather than OpenSSL's broken approach. OpenBSD's approach protects you more but any malloc would have surfaced the error:

This bug would have been utterly trivial to detect when introduced had the OpenSSL developers bothered testing with a normal malloc (not even a security focused malloc, just one that frees memory every now and again).

The problem is the OpenSSL code was freeing a buffer and then immediately re-allocating it to read data from. The OpenSSL team got lucky and it worked when the buffer was the right size.

about 8 months ago
top

Theo De Raadt's Small Rant On OpenSSL

akpoff Re:Summary. (301 comments)

Theo's point isn't that OpenBSD users would have been safe. It's that had OpenSSL crashed on OpenBSD (or any OS with similar mitigation in place) it would have surfaced the bug much sooner...perhaps before a worldwide release. Once found it would have been fixed and merged upstream to benefit all users.

This is really a specific case of the larger point behind avoiding monoculture, whether OS or hardware. OpenBSD continues to support older architectures in part because it forces them to work through issues that benefit other platforms, especially the one most of us use daily: x86.

about 8 months ago
top

In the Unverified Digital World, Are Journalists and Bloggers Equal?

akpoff In Terms of Free Speech, Yes; Quality, Maybe Not (156 comments)

The question should focus specifically on quality, not freedom. That is, bloggers, journalists, pamphleteers and tinfoil-hat-wearing-street-corner-ranting loonies have the same freedom to report what they consider to be news. Governments, and especially the courts, should scrupulously avoid anointing any group as "the Press" or claiming one group or another has a more fundamental free speech right. The press are and always have been made up of the people.

Quality, however, is another matter. We might expect employed journalists to produce higher quality articles in terms of polished prose, researched quotes and balanced perspective due to a professional commitment and having full-time employment to focus on the craft. We'd be very much mistaken, though, if we naively assume all journalists are professionals and all bloggers are hacks and dilettantes. If anything, the "blogger years" have shown the commercial press has often sold out and that so-called amateurs have more of a commitment to accuracy and balance than the "professionals". What they sometimes lack in polish they make up for in commitment to telling the truth.

In this regard I see blogging as a good thing.

about 9 months ago
top

FiOS User Finds Limit of 'Unlimited' Data Plan: 77 TB/Month

akpoff Re:Sounds reasonable to me. (573 comments)

Ah...that makes sense. The water's still delivered to the house at ambient temperatures where it's heated by equipment owned by the utility. So they could (and do) monitor hot-water usage.

about a year and a half ago
top

FiOS User Finds Limit of 'Unlimited' Data Plan: 77 TB/Month

akpoff Re:Sounds reasonable to me. (573 comments)

If we have a leaking hot water tap the water company notices after a full month after it started and calls us as our hotwater usage spikes and our bill is way up.

How does that work? Everywhere I've ever lived (including abroad) or visited the water company provides water at ambient temperatures and the customer heats it on site.

Once upon a time ago (in the US anyhow) apartment buildings used radiant heat based on hot water that was centrally heated and distributed. Perhaps they also delivered hot water to the residents. That's still not the water company.

I'm not saying it doesn't happen. Just curious where it happens and how they transport the hot water to you without losing the heat energy. It just doesn't seem efficient.

about a year and a half ago
top

PlanetIQ's Plan: Swap US Weather Sats For Private Ones

akpoff Who Owns the Data? (128 comments)

There are two issues to address here: 1) cost and maintenance, and 2) data ownership. The first is obvious and is the crux of the CEO's pitch to Congress. The second is the one she's skirting. Sure, she acknowledges the government would "buy" the data. But for what use and with what limits? We already see corporations trying to get laws passed making them the only distributor of government-generated data (weather companies, journal publishers). With a ploy like this they make it that much more likely the public is excluded from having and using the data.

The only way I'd encourage the government to go this route is if the law and contracts specify the data is free in every sense of the word. Otherwise this is just another government hand out to private corporations.

If PlanetIQ think there's a real market for weather data, they should finance the whole thing with private equity. My guess is no one in the right mind will give them the capital unless they can get the government give them a monopoly.

about a year and a half ago
top

OpenOffice: Worth $21 Million Per Day, If It Were Microsoft Office

akpoff Re:Troll... (361 comments)

Agreed. In my office we've standardized on OpenOffice (or LibreOffice). We write reports, produce spreadsheets and give presentations without problem. The only time I ever need access to MS Office is when somebody sends me an Office document that for whatever reason doesn't render correctly. It's not because the information isn't available. It's always a disagreement between the two programs as to how to render. OO and LO interchange nicely. The Apple iWork suite works as well. In my experience Office is the odd-man out.

At this stage of the game Office productivity is mostly a solved problem. The feature set is known. Now we're dickering over file formats and presentation.

about 2 years ago
top

OpenOffice: Worth $21 Million Per Day, If It Were Microsoft Office

akpoff Re:potentially worth... (361 comments)

The summary also notes this is savings to the end user. If I don't need all the features found in MS Office I shouldn't need to buy it. If I get what I need and pay $0 I've saved $150.

That's the whole point of the summary. Some segment of the public are getting what they need to get their "office productivity" tasks done for less cost.

about 2 years ago
top

Unlocking New Mobile Phones Becomes Illegal In the US Tomorrow

akpoff Re:It would be fair... (475 comments)

Lots of people are noting that we sign these contracts willingly and that the phone is discounted because of the two-year contracts we sign. Many are overlooking two key facts:

1) There's a huge cancellation fee that makes up for the discount on the phone. ATT is up to $350 for cancelling a smartphone contract.

2) Wireless markets are constrained by government-granted monopolies. Monopolist have huge amounts of leverage on their side. Yes, you can buy the phone without a contract...and pay a huge margin on it. You're ostensibly free to go elsewhere...and find the same deal. The numbers are little different (T-Mobile charge $200 for cancelling early). But the structure of the deal is largely the same.

We congratulate ourselves on our free and open markets and put huge political pressure on other countries to do the same, but when you look under the hood we create vertically-integrated monopolies. Who in their right mind would give the same company control of: a) the means of delivery (airwaves or wires), b) equipment to access the service, and c) sale of content to use the service? We broke up Ma-Bell specifically for just this reason. We very nearly broke-up IBM and Microsoft for the same. But for some reason communication services (cellular and internet) are handed over on a silver platter to corporations.

And then we write criminal laws to protect their monopoly.

Is it fair in any meaningful sense of the word? I don't think so.

about 2 years ago
top

Former FCC Boss: Data Caps Not About Network Congestion

akpoff Re:Up-front costs? (238 comments)

It's more than that. States and the Federal government have given the telcos and cable companies money multiple times over the past ~15 years to build out infrastructure[1]. In many cases cable companies have received exclusive rights to deliver phone service, cable TV or both.

Despite public largess, these companies come back to the trough over and over poor mouthing how expensive infrastructure build out has been. In Houston we can get up to 100 Mbps downloads but the price is nearly $300/month. To stay under $100/month you have to "settle" for 12 Mbps. That's not bad but when you consider how much money we've spent publicly the ROI isn't great. And let's not forget the gouging the public takes over wireless data.

I'm firmly in favor of for-profit businesses and letting free market work...but when as a society we've decided to hand over full and partial monopolies to for-profit corporations we have every right to participate in setting pricing and profits.

At this point I'm in favor of treating the last mile for internet connectivity the same way we treat the last mile for electricity. Have a poles-and-wires company and separate service providers who deliver content and services. There's too much incentive to drive users to in-house offerings and service when the ISP is also a content company. In other words, if we're going to make the last mile a monopoly then we need net neutrality.

[1] "$7.2 billion for complete broadband and wireless Internet access" See American Recovery and Reinvestment Act of 2009 as one example.

about 2 years ago
top

Judge Rules Twitter Images Cannot Be Used Commercially

akpoff Re:Perpetual license (103 comments)

Note: I think you have to register a work to seek $150k penalty.

about 2 years ago
top

Judge Rules Twitter Images Cannot Be Used Commercially

akpoff Re:Perpetual license (103 comments)

The plaintiff will almost certainly seek (and receive) an injunction against further infringement of the work by the defendant. I imagine it would also raise the plaintiff's next complaint against the same defendant to willful infringement with its painful $150,000 per-infringing-work penalty.

Being found guilty and paying a fine is not a blessing to do it again.

about 2 years ago
top

Judge Rules Twitter Images Cannot Be Used Commercially

akpoff Re:You're about 60 years too late (103 comments)

The Berne Convention was written and first formally accepted in 1886...but not by the United States. The US steadfastly refused to adopt the convention because it would have required large changes to our copyright laws and acceptance of doctrines like author's moral rights for which we don't have analogous protections.

The US did eventually adopt the Berne Convention and did so in the only way permitted by our Constitution: Congress passed the Berne Convention Implementation Act of 1988. The US Senate then formally ratified the Berne Convention making the US a signatory to the treaty.

So yes, (some) US lawmakers did make a decision that resulted in changing our copyright laws.

The OP, however, is not correct in his oblique suggestion that Sonny Bono is in part or whole to blame. (Though I have no doubt Sonny Bono supported it.) Sonny Bono's name is sometimes attached to the Copyright Extension Act of 1998 but he did not vote for it. (Though he had sponsored similar legislation earlier.) He died nine months before it's passage. His wife Mary, who was elected to his Congressional seat after his death, was instrumental in getting it passed in his name.

Berne Convention
Copyright Extension Act

about 2 years ago
top

Dotcom Drags NZ Spook Agency Into Court

akpoff Re:Simple Solution (165 comments)

I live in NZ too, but NZ have treaties with the US to extradite criminals and that is OK. People shouldn't be able to evade justice by simply going to another country.

That's the point, though, isn't it? Dotcom didn't physically perpetrate any crimes in the US. He didn't flee our jurisdiction. Extradition laws are typically about crimes committed in a jurisdiction from which the the defendant fled.

Even more to the point. Dotcom is CEO of a corporation that is accused—not convicted—of copyright infringement. Officers and employees of corporations are usually exempt from prosecution for laws broken by the company. There are ways of piercing the corporate veil but to do so typically requires that the officers and employees in question knew the actions were illegal. MegaUpload and Dotcom are arguing that they adhered to the laws and even helped US authorities gather evidence in other proceedings.

There's a great deal of uncertainty regarding the case...uncertainty that might be clarified during trial proceedings against MegaUpload. To argue that Dotcom should be prosecuted at all would, to me, require that MegaUpload be first found guilt of a crime. Once that had been done the extradition request would have been a mere formality.

But that's not what happened. US authorities have seemingly abandoned the niceties of sending officers to the accused's house or place of business during daylight hours. In many cases they've resorted to a shock-and-awe methodology of pre-dawn raids with smoke, tear gas and loaded weapons drawn. The argue it's necessary to prevent destruction of evidence.

Somehow US authorities convinced NZ authorities this method of arrest was necessary to "capture" a rather portly big mouth who's shot more videos than he has firing-range targets.

I don't believe any of it was necessary. I don't believe there's a viable case of criminal conduct. What I suspect is the whole thing is a botched case that authorities in both countries want to sweep under the rug. And, while we're on the topic...the argument that exposing the case to public scrutiny will "reveal intelligence gathering and sharing methods" is straight from the US playbook.

The real shame is they tried to use criminal-case law and methods in what should have been a civil case, screwed it up and as a result have undermined public confidence in the justice system in general.

about 2 years ago
top

Red Hat Developer Demands Competitor's Source Code

akpoff Re:is it shipping to customers ? (394 comments)

RTS could make Red Hat happy by running a Black Duck analysis on their proprietary code and sharing the result

Bradley Kuhn addressed this already with two objections:

  1. Blackduck can only confirm that the code in question doesn't copy directly from code in it's look-up database. It can't determine whether a given bit of modified code is a derivative work under copyright law and hence a possible GPL violation (where GPL code is involved).
  2. The Blackduck software is proprietary. While their clients may feel assured (and are perhaps indemnified against mistakes), copyright holders have no assurance that the software is exhaustive or accurate in its analysis.

In other words, a Blackduck assurance is a proprietary, "black box" assurance...worthless to third parties.

more than 2 years ago

Submissions

top

I Found an ATM Card Skimmer

akpoff akpoff writes  |  more than 3 years ago

akpoff writes "I went to a bank near my house yesterday and just as the machine dispensed the cash I noticed the card reader looked odd. A slight tug and I had in my hands a real card skimmer. While I waited for the police (who never showed up), I took photos of the device, front and back. I got about as much detail as I could without completely disassembling it. The photos are on flickr.

I also wrote up a short narrative about the experience and added a few more detailed comments on the photos in addition to what's posted on Flickr."

Link to Original Source
top

Pledge to Vote Against Representatives who Vote fo

akpoff akpoff writes  |  more than 6 years ago

akpoff writes "Treasury Secretary Paulson announced his proposed $700 billion bailout of Wall Street earlier this week. Americans were shocked and appalled that even asked, more so to learn that Congress is actually working on deal to do it. (They've since announced they've come to a deal.)

Normally a few of us would protest and the rest just shake their heads in disgust. But it's an election year. In just about 40 days every House Representative and 1/3 of the Senate face us, the people and are answerable for their decisions. We have a rare opportunity to be heard and heeded.

To that end I've created an online pledge for voters who vow to vote against any representative who votes for the bailout. Now's the time to be heard. Now we can say no and mean it.

If you don't want to see the US Treasury used as a business-risk mitigation pool, sign the pledge.

http://www.petitiononline.com/StopTres/petition.html"

Link to Original Source

Journals

akpoff has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?