×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Google Proposes To Warn People About Non-SSL Web Sites

chihowa Re:503 (324 comments)

Absolutely. Verification out-of-band on first connect was implied, but I should have stated that more clearly. Ultimately I just use my own CA and DANE, which is simpler and easier to roll out.

If we're going to stick with the root CA system, we really should start fixing it. Allowing multiple CA signatures, pinning certificates, limiting the scope of CA signatures, etc... Any of those options improve the situation. Even culling the root CA list and setting up region specific CA packs would help tremendously. There's no reason my systems should implicitly trust all of the corporations and governments in that list. If I want to shop on Chinese sites, I can download the Chinese CA list, but there's no reason for everybody in the world to have every root CA. This is a weakest-link system by design. Continually adding more links isn't helping!

1 hour ago
top

Google Proposes To Warn People About Non-SSL Web Sites

chihowa Re: So perhaps /. will finally fix its shit (324 comments)

Reflexive paranoia like yours is one reason why we can't have nice things.

Reflexive paranoia is a trained response to constantly dealing with selfish shitheads. It's the only way to hold onto the nice things we still have.

6 hours ago
top

Google Proposes To Warn People About Non-SSL Web Sites

chihowa Re:503 (324 comments)

If you verify the self-signed certificate the first time you use it, it can't be substituted for another self-signed certificate at any later point in time without triggering an alert. However, even if you personally verify a CA signed certificate, it can be continually be replaced with other CA signed certificates without ever alerting you (DANE and such not withstanding).

Because of the currently implemented browser behavior, which is to implicitly trust any certificate signed by any root CA, personally verified self-signed certificates are more resistant to MITM attacks.

6 hours ago
top

Microsoft Gets Industry Support Against US Search Of Data In Ireland

chihowa Industry support (137 comments)

This case is about personal privacy and national sovereignty somewhat, but it's primarily about the setting precedent for the privilege of multinational corporations.

I know this is going to be an unpopular viewpoint, but the industry is behind Microsoft here because it lessens their accountability to any governments anywhere. The Snow Crash future, where big corporations make their own rules and don't answer to anyone, depends on them not having any accountability to anyone else. Just like shuffling their money around the globe gets them out of having to pay taxes anywhere, shuffling their data around will prevent them from even being investigated for any crimes they may commit. Expect future incriminating emails and documents to be stored safely in subpoena-proof countries.

2 days ago
top

Small Bank In Kansas Creates the Bank Account of the Future

chihowa Re:Misleading article - you must use ACH (153 comments)

You don't AI to implement an automated system. As you said, it all works fine with the debit card system. The problems are not so much with ACH itself as they are with the implementation (manual processing and infrequent polling).

The advantage of sticking with ACH is that it's already widely implemented. Rolling out truly automated backend handling and increased polling rate can be done gradually, bank by bank, while not interrupting the operation of banks that haven't upgraded yet.

This whole thing reads like, "We need a new system of transportation! The automobile sucks because we've all agreed to only use it once a day."

3 days ago
top

Small Bank In Kansas Creates the Bank Account of the Future

chihowa Re:Misleading article - you must use ACH (153 comments)

Perhaps I'm missing something, but why isn't ACH ("Automated", by the way, even though I like "Atomated" better!) up for this task? Even if the upgraded ACH isn't instantaneous, it could at least be faster. Increase the polling rate and the transaction handling and the whole system is faster.

We already have a system in place to handle money transfers. It could use some tweaking, sure, but kludging a replacement based on debit cards isn't the right way to get to a better system.

3 days ago
top

Study Explains Why Women Miscarry More Males During Tough Times

chihowa Re:You are not in control (113 comments)

The fact that we're not perfect is not a reason to avoid striving for perfection. Understanding the mechanism of human nature, with all of its irrational twists, is part of the path to bettering ourselves.

The fact that most people don't even accept that an emotional attachment to a position that lacks evidence is an issue indicates that we don't even understand our own motivations and thought processes very well. It's alright that we're not perfectly logical and our irrational behavior probably benefits us in significant ways, but it's important that we be able to recognize where the motivation for our (lack of) reasoning originates.

about a week ago
top

CIA Lied Over Brutal Interrogations

chihowa Re:I prefer this memo. (768 comments)

Traffic deaths aren't random, even if they aren't intentional. Nearly every traffic death can be traced to a specific and often avoidable cause. Addressing a minute fraction of those causes will have a dramatic effect on the number of people who die in the US every year.

On the other hand, if your opponent's most successful attack ever can't be distinguished from year to year variations in the death rate of Americans, spending any significant energy fighting him is a waste. We could have a 9/11 attack every single day for hundreds of years and still not deplete the American population. This is an ant-bite of a threat and deserves an ant-bite appropriate response.

about a week ago
top

Facebook Founder Presents Vision For The New Republic, Many Resign In Protest

chihowa Re:Slashdot incompetence (345 comments)

Perhaps more salient, why are we, as ostensible tech geeks, not raising more of a fuss about a site that many think represents computer geek-ness, and yet that cannot implement sane (and relatively simple) CSS?

Fatigue has set in. You've been here long enough to know that we have made a fuss throughout the years. Nothing at all has ever come of it, so we gave up complaining. Relatively simple it is, too. Many of the gripes about SlashCode of old have been fixed over at SoylentNews.

Anyway, asking for improvements now is dangerous... we might end up with Beta!

about two weeks ago
top

Facebook Founder Presents Vision For The New Republic, Many Resign In Protest

chihowa Re:Who cares... (345 comments)

That's true, but that's a special case of the more general:

The only difference between almost any person involved in governing and a totalitarian is that the former says, "You are free to do whatever you want, as long as what you want is what I think you should want."

Despite the lofty goals claimed by almost any person of any party, whether running for office or just voting, the main reason that people get involved in government is to assert control over others. There are positive and negative outcomes of their actions, but every single one of these people think that things would be better if only they were king. The only tool that government has is coercion; political differences come down to how that tool is to be applied.

Most of the rest of those who actually want to reduce the power of government either still want the government involved where "what I think you should want" is concerned, or have other non-governmental means to effect coercion.

If you see any political party in the US as not fitting into that statement, it's just because "what [you] think [they] should want" and "what [they] think you should want" are aligned. Your liberal adversaries see themselves as just as rational and correct as you see yourself.

about two weeks ago
top

Orion Capsule Safely Recovered, Complete With 12-Year-Old Computer Guts

chihowa Re:Yeah and it does things your i5 cannot (197 comments)

I'd really like to see what happens when you take an x-ray pic of a CPU while it's running.

You can! Every passenger's running phone, and some computers that are awake, are sent through the baggage scanners at every airport. Even more impressive, the computers that run them are next to the poorly built and maintained scanners all day every day.

about two weeks ago
top

NASA's Orion Capsule Reaches Orbit

chihowa Re:Woohoo, let's explore (140 comments)

Someone dying, even voluntarily, on a mission would cost NASA way more than $375 million. Between administrative, investigative, and PR costs, that is not a risk worth taking. Astronaut deaths cost significant money for a long time afterward in budget considerations alone.

about two weeks ago
top

Ask Slashdot: Why Is the Power Grid So Crummy In So Many Places?

chihowa Re: Market forces don't work on essential utilitie (516 comments)

I installed solar panels on my house for exactly this reason. It's really just a whole house UPS, but once the batteries, chargers, and inverters are installed, adding panels is a minor extra cost. No more power outages. Saving money (and not giving as much to the power company) is a bonus.

about three weeks ago
top

Top NSA Official Raised Alarm About Metadata Program In 2009

chihowa Re:The United States is turning into Untied States (110 comments)

I'm not sure that intelligence, beyond a certain baseline, really enters into the formula for creating long lived social structures. For the individual, there is no tangible benefit to creating structures that will last more than a few generations. After a few generations, as you point out, they will require the efforts of other people to keep alive, so there is little that the originator can do to ensure that the structure survives.

The most rational course of action for all individuals involved in a society is to maximize their personal benefit and plan to pass that benefit on to their offspring. Tangling with those who are successful at maximizing their benefit has real negative consequences, so the most rational action for the downtrodden is to take as much of the scraps as possible or jealously guard what you have while staying out of the eye of others.

The ambition to create structures that will outlast you and your offspring comes from irrational motivations. Historical drivers for this are abstract concepts like duty, fairness, or religion. There is no tangible benefit to creating these structures and there is often great personal cost. As there is no assurance that the structures will even survive, no matter how well you craft them, it's hard to say that building them is an intelligent choice.

I think that improving the lot of humanity as a whole is a noble goal, but I don't think that it has anything to do with intelligence or rationality. History is littered with people who have tried, and sometimes succeeded, to do so at great personal cost. Often their success only lasted a few generations, if that, before being undone by others. What real benefit to we get from creating these structures and how does that benefit weigh against the costs required to build them?

about a month ago
top

Top NSA Official Raised Alarm About Metadata Program In 2009

chihowa Re:The United States is turning into Untied States (110 comments)

The reality is human beings just aren't intelligent enough to form long lasting social orders because too many people have negative evolutionary characteristics they've inherited from the past. Our primate psychology is at the root of everything regardless of what collection of words and labels one flies under. The biology is still there.

Those negative characteristics are only negative in the context of forming long lasting social orders (really only in the context of forming long lasting egalitarian social orders -- dynastic empires last longer than most of our social structures). They are extremely positive in the context of the affected individuals and in the case of avarice, they are beneficial to the affected's offspring (and their offspring, and so on). There is extreme benefit to be had from sabotaging the social order and norms.

We humans are intelligent enough to form effective and equitable social structures, we just don't have the collective stomach for removing the saboteurs from our society. So we/they continue to undermine every system we devise.

about a month ago
top

WhatsApp To Offer End-to-End Encryption

chihowa Re:The problem is always the client (93 comments)

Of course it sends the keys to WhatsApp! If you install the client on a second phone, it just works, right?

So they're either:
1) generating a new key on each device and encrypting all incoming messages to every client's public key (or just encrypting the session key, a la PGP. -- While this isn't sending the key back to the mothership, new keys can be added at will, so copying traffic is easy.)

2) generating one key per account and shuffling it to newly installed clients through their server (possibly encrypted with the user's password... which they already know)

3) generating a key from the user's password directly with PBKDF2 or the like (a la SpiderOak, but (like SpiderOak) the client is closed source and they already know your password or could get it easily).

4) randomly assigning a symmetric key to each session and communicating it in-band to the clients involved in the chat.

Personally, I think 3 or 4 are the most likely because the infrastructure is the easiest and it still carries "end-to-end encryption" buzzword compliance.

The single hardest part of properly using encryption is key management. It's also the most vulnerable aspect of even weak crypto. Anything that simplifies this for end users, without requiring anything of them, is likely making serious security/convenience compromises.

[I'm still a big fan of hardware tokens for key storage and decryption. It greatly simplifies user key management while giving the user something familiar to associate their "key" with. It's not perfectly secure, but having to compromise a smartcard secure element requires more of the adversary.]

about a month ago
top

US Gov't Seeks To Keep Megaupload Assets Because Kim Dotcom Is a Fugitive

chihowa Re:Wait what? (173 comments)

In the end, I wouldn't be surprised if any case the US had at all for extradition is ruined by all of the misdeeds they've done in their attempt to 'get' him. They're really overplaying their hand here (as the DoJ has a tendency to do) and it's going to end up biting them (as has happened several times in the past).

about a month ago
top

Ask Slashdot: How To Unblock Email From My Comcast-Hosted Server?

chihowa Smarthost setup (405 comments)

I'm in the same boat and I've found that just sending all of my domain's email through Comcast's servers works well enough. I hate doing this on principle, but it has saved me so much hassle that it's not worth fighting.

Depending on your MTA, the configuration will be different, but the arrangement is generally referred to a using a Smart Host. Basically, your MTA directly connects to the ISP's SMTP server and sends the mail from there. Comcast requires authentication to use their servers, but they don't do anything funky to the mail they pass on. All of the headers remain intact except for the DKIM-Signature, which is replaced(?) when Comcast signs the message. I've never had a bounced message that I rerouted through their servers and they support TLS and IPv6, so it's not the worst setup.

I'm sure that if you share your MTA details, someone can help you with the configuration.

about a month ago
top

Black IT Pros On (Lack Of) Racial Diversity In Tech

chihowa Re:I'm black and in tech (459 comments)

As an aside, I see a lot of Caucasian dudes in IT, sure, but "white" isn't a race any more than "black" or "brown" is. There's a lot of variety of cultural heritage when it comes to "white" folks. Italians. Scandinavians. Greeks. Icelanders. Canadians. French.

White is a more valid descriptor than Caucasian since most "white people" aren't from the Caucasus region. It's fascinating (in a disgusting sort of way) that people have latched onto that term to describe white people. The term "Caucasian" itself is pretty heinous, being coined by Christoph Meiners as part of his theory of polygenism, where he described black people as basically being subhuman animals.

I think "white", "black", "red" or whatever is the least racist form of descriptor since it makes no assumptions of identity, culture, or heritage. The color of our skin is certainly useful as a means of physically describing someone: the tall black man or the brown-haired white woman. Anything more than that presumes to make important inferences about a person based on the color of their skin (read: prejudice).

about a month ago
top

German Spy Agency Seeks Millions To Monitor Social Networks

chihowa Re:So much for Angela Merkel's commitment to priva (59 comments)

...spy in real time on social networks outside of Germany, and decrypt and monitor encrypted Internet traffic.

There's more to the world "outside of Germany" than just the US. Your response falls squarely into the "...but the US is doing it, too!" line of reasoning. If citizens of other countries are pissed at being spied on by the NSA, why wouldn't they also be pissed at being spied on by the BND?

about a month ago

Submissions

top

Catblock finally becomes a reality

chihowa chihowa writes  |  more than 2 years ago

chihowa (366380) writes "First seen as an April Fool's gag from the author of ChromeAdblock, Catblock can now be a permanent part of your Chrome or Safari browsing experience. Replacing ads with pictures of adorable cats, Catblock allows you to avoid ads (while seeing how full of ads most websites are!) while getting your needed daily dose of cat."
Link to Original Source
top

Is Siri competitor, Vlingo, a DHS spy app?

chihowa chihowa writes  |  more than 3 years ago

chihowa (366380) writes "This morning I finally decided to give Vlingo, a competitor of Apple's Siri, a try on my iPhone 3GS. When I hit the "Listen" button, though, the app attempted to connect to system32.dhs.gov. I blocked this connection (using Firewall iP) and the app no longer works, complaining "Oops... Can't connect to server."

Is Vlingo some sort of spy app collecting voices of citizens or something? Can anyone else confirm this?"

Journals

chihowa has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?