×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Commenters To Dropbox CEO: Houston, We Have a Problem

gnoshi Re:And the attempt to duplicate their efforts resu (447 comments)

Well ganjadude. May I call you ganjadude? I imagine that is what your friends on 'your side' call you, right? 'ganjadude' sounds like that kind of a name.

You're assuming that the people who are angry about the appointment of Rice to this role are the same people who were angry about the Eich being given the CEO position at Mozilla.
You're also roughly stating that because there are other reasons to dislike Dropbox, it is inappropriate to complain about their choice of someone who has historically be pro-surveillance and supportive of state-sanctioned torture (in certain contexts, like the state doing the torturing for the US). I isn't really 'inappropriate' to complain about both the color and performance of a car, and likewise I don't think that disliking some other attribute of Dropbox reasonably precludes me complaining about their choice of board members.

I didn't much like the way that Eich was attacked for his support of Prop 8, even though I didn't agree with Prop 8. Eich's views on same-sex marriage really don't relate Mozilla (I don't think), and they don't really make him a bad or nasty person either - at least, not themselves without knowing the reasoning behind them.
That Rice previously demonstrated support of intensive surveillance by government does directly relate to Dropbox. I think that's a perfectly reasonable thing to criticise. I think that her support of torture and extraordinary rendition makes her an unpleasant person, but I'm not sure that so much relates to her role at Dropbox.

Your obsession with what 'they' do, those dirty liberals, is slightly bizarre and makes you sound like a crazy person. Also, you're presenting a weak caricature of liberals and then pretending it is reality. That doesn't make you sound clever, or steadfast in your role as an opponent of liberals. It makes you sound like someone who is to polarized to be able to think straight.

about a week ago
top

GM Names Names, Suspends Two Engineers Over Ignition-Switch Safety

gnoshi Re:Hero ? (236 comments)

Changing part without changing part number is something which the engineer shouldn't have done. Sure, management wouldn't let him make the change and that is bad. However, by making a change without following the basic accepted procedures meant that sleuth work needed to be done to even identify that a change had been made. The engineer clearly did something wrong. That in no way reduces the responsibility of management for their decisions and the consequences of those decisions.

That said, naming names of an engineer is a really bad precedent. What is the goal GM is trying to achieve here. Do they want people to go break the guy's windows? Burn down his house? Call him in the middle of the night or deliver pizza? Apart from potentially removing the guy's livelihood for the remainder of his life because no-one wants to hire 'that guy' ever again, and a lot of abuse being targeted his way, what will this achieve?

If he did something criminal, then he should be charged. If he did something extremely incompetent then maybe membership of the engineering body should be revoked, but it isn't the place of GM to throw their engineers to the wolves.

about a week ago
top

Scientists/Actress Say They Were 'Tricked' Into Geocentric Universe Movie

gnoshi Re:I believe Kate (641 comments)

If you sequence the material correctly, and add in filler that you are willing to cut, you can get people to say all kinds of crazy stuff in voiceover recording.
If you can get someone to say "If someone were to say 'No-one has ever proven than 6 million jews were killed in the holocaust' you would have doubts about their other works. No-one has ever proven than 6 million jews were killed in the holocaust. I mean, who says that?" and coach them a little, you can probably use it for a convincing voiceover of them saying "No-one has ever proven than 6 million jews were killed in the holocaust".
That's a pretty extreme example, but for something like this it would be relatively easy to make things seem innocuous.

Note: Robert Sungenis, who funded the film, has this view about the holocaust.

about two weeks ago
top

How Cochlear Implants Are Being Blamed For Killing Deaf Culture

gnoshi Re:In a cochlear implant users own words: (509 comments)

Well, since there are a bunch of 'nucleus' models and even a single model can have multiple speech processing/stimulation strategies I'd question the accuracy of your statement. However, I could be wrong and you're welcome to point me to a source verifying your statement.

Look at their package insert for physicians.

about two weeks ago
top

How Cochlear Implants Are Being Blamed For Killing Deaf Culture

gnoshi Re:Loss of culture for those left behind (509 comments)

This certainly is a valid issue (but the solution is not to leave people deaf, although that isn't what you're saying).

There are people who are unable to receive cochlear implants (CIs): people who have damaged auditory nerves (nerve aplasia or hypoplasia, Neurofibromatosis Type-II (NF2) or other auditory nerve tumors, severed auditory nerve due to accident etc) or abnormal cochlea (calcification due to meningitis sometimes prevents implantation, etc). There is one type of alternative implant for these individuals - the Auditory Brainstem Implant (ABI) on the Cochear Nucleus - but performance of the ABI implant tends to be quite a bit poorer than the CI. This may be because of the problems which lead to needing a ABI rather than a CI but the evidence isn't yet clear on the matter. One group (NF2) almost always do more poorly than other with an ABI but no-one is quite sure why.

There are also two experimental implants (that I know of) which have been or are being tested in humans: the penetrating ABI implant (stabs electrodes into the cochlear nucleus whereas the current commercial device puts electrodes on the surface) and the penetrating Auditory Midbrain Implant (AMI). The penetrating ABI testing looked pretty good, but actually getting it in place was damn near impossible because the cochlear nucleus is basically wrapped around the brainstem in the middle of everything. The AMI seems like a cool idea, but the Inferior Colliculus (where the implant is places) is a pretty complex structure and a lot of processing has already happened by the time input would get there in a functioning auditory system. As a result, people with the experimental implants get things like having hearing at the beginning of the day that tails of across the day but returns the next day and so on.

The result is that the number of people who can't get cochlear implants or brainstem implants and are deaf from birth (which are the people for whom the deaf community is most important) is pretty small and quite geographically distributed which makes it quite isolating. As you're saying, there is a real issue with an inability for normal-hearing people to communicate with these individuals. Speech-to-text and text-to-speech engines will be helpful as they improve because it will mean that someone can use their phone as a 'translator' of a sort. As people get faster and faster at typing on phones, using a phone for textual communication can actually be pretty good too. Ideally, you would want two devices with real-time duplex transmission between them and people able to glace at the phones when typing and reading so facial expressions can still be used.
Hell, maybe that is a use for Google Glass. I type to you (where you are deaf), and you can look at me and my facial expressions while what I'm typing appears in your field of view. You then respond the same way. Or something.

Wow. That turned into a massive blag.

about two weeks ago
top

Ask Slashdot: Which NoSQL Database For New Project?

gnoshi Re:NoSQL? (272 comments)

Shards! It has shards!

about two weeks ago
top

Anti-Game-Violence Legislator Arrested, Faces Gun Trafficking Charges

gnoshi He wouldn't want competition (234 comments)

It makes complete sense. If those kids can play GTA, some of them might be inspired to go into competition with him.

about three weeks ago
top

Google Android Studio Vs. Eclipse: Which Fits Your Needs?

gnoshi Re:Yes (140 comments)

You can't use plugins without a paid version of IntelliJ, which Android Studio is not.

about 1 month ago
top

Silicon Valley Billionaire Takes Out $201 Million Life Insurance Policy

gnoshi Re:We need to stop big tax dodgers useing loop hol (300 comments)

You're still building for your family's future, even if you feel that a 45% estate tax is too much. Not saying it is or isn't, just that passing on 55% is not nothing and is not necessarily removing one of your primary motivators.

If we really want more of a meritocracy, maybe a 100% estate tax would be the way to go. (Note: I know this wouldn't work due to issues of unequal education and nepotism).

about a month ago
top

Gates Warns of Software Replacing People; Greenspan Says H-1Bs Fix Inequity

gnoshi Re:Greenspan's right (516 comments)

Actually, I mostly agree with you. The point I was trying to make was that simply aiming to decrease inequity is a silly goal if you don't have broader constraints such as 'so everyone can afford to eat'. The reason behind wanting to make that point was that if it is considered an improvement for inequity to decrease as a result of pushing middle wages down by allowing more H1Bs, then maybe it could be extended to minimising inequity by making almost everyone dirt poor.

I think that reducing inequality by pulling in the top and bottom ends does have a whole range of benefits.

about a month ago
top

Gates Warns of Software Replacing People; Greenspan Says H-1Bs Fix Inequity

gnoshi Re:Greenspan's right (516 comments)

Extending on Greenspan's idea, you can reduce inequity by having the top 0.01% take all the money from the remaining 99.99%. All that demonstrates is that having low inequity as your sole target is stupid.

about a month ago
top

Neil Young's "Righteous" Pono Music Startup Raises $1 Million With Kickstarter

gnoshi Re:Reality check (413 comments)

Thanks. That's the best read I've ever seen on the subject.

about a month ago
top

Neil Young's "Righteous" Pono Music Startup Raises $1 Million With Kickstarter

gnoshi Re:It IS FLAC (413 comments)

Sure, but they don't play 24/96 audio without downsampling.
(Note: I'm not saying someone could necessarily tell the difference, but there is a difference)

about a month ago
top

University of Cambridge Develops Potentially More Secure Password Storage System

gnoshi Re:Usefulness is reduces if a single account is kn (70 comments)

That certainly changes things. The summary for this article and the Ars article both suggested that the key was 10 chars long, and I couldn't find a specific number in TFA to replace it with.

about a month ago
top

University of Cambridge Develops Potentially More Secure Password Storage System

gnoshi Re:Usefulness is reduces if a single account is kn (70 comments)

Absolutely, but if the summary and the Ars article are to be believed then the on-device key is 10 characters long. From TFA, the output characterset appears to include 76 characters, so it seems plausible that they are using this same set for the on-device key as well. They are using HMAC-SHA1, and it seems (from Ars) that they are not using iterated SHA1 (i.e. they are using a single pass).

Not saying anyone would deploy it like that.

about a month ago
top

University of Cambridge Develops Potentially More Secure Password Storage System

gnoshi Re:Usefulness is reduces if a single account is kn (70 comments)

I think basically using client certificates is too hard for average joes to use, especially across devices.
Different browsers on one machine don't share certs. You need to be able to share certs across devices, which means copying them somehow while keeping them secure - and not just keeping them all in DropBox. If you're using certificates, you can't just log on from your friend's phone when you left yours at home.

Also, if you're trying to replace insecure passwords with certificates, then you have the problem that the people who would normally use the crappy passwords will either not password protect their certificates or use crappy passwords on them too. Even if they do this, it does mean that the server password DB being stolen wouldn't reveal their keys but it does mean you need some way to revoke certificates and get new ones if yours are compromised.

In reality, using the same password across multiple sites is a much bigger problem (for those users) than using rubbish passwords if the site is managing passwords correctly. If the server is salting the passwords and using good hashes, as well as limiting the rate of password attempts and implementing some form of lockout then everything beyond the most abysmally bad password is reasonably safe.
However, if a user has the same password for their e-mail account, and the dodgy torrent forum they just signed up for using that e-mail address then they are screwed any which way.

about a month ago
top

University of Cambridge Develops Potentially More Secure Password Storage System

gnoshi Re:2 factor? (70 comments)

Sort of, but the server (rather than the client) has the device, and 'having' the device is needed (ideally) in order to check user passwords at the server end. So rather than being used to identify a user to the server, it is used by the server to generate the password hash which is stored and compared.

about a month ago
top

University of Cambridge Develops Potentially More Secure Password Storage System

gnoshi Usefulness is reduces if a single account is known (70 comments)

As was pointed out by someone on Ars, even if the secret key used by this device isn't stolen it can be bruteforced by having a single known account on the system. This is not a trivial problem, because it seems that they are using SHA1 (on the basis that the key can never be stolen, so the hashes don't need to be so strong). As such, there is a mountain of good gear out there for running lots and lots of hashes fast.

Basically:
1. Create account/password with online retailer
2. Steal user database for online retailer
3. Find you own account, for which you know the username and password (and salt, because it is in the database) and associated hash
4. Bruteforce the HMAC key required to get the stored hash using your username, password and salt
5. Use that same universal HMAC key for attacking all the other accounts
6. profit?

This assumes that there is a single key used for the HMAC and stored on the dongle, but it seems that is actually the case.
It does make getting all the passwords a bit harder, but it isn't a miracle cure.

about a month ago
top

Bug In the GnuTLS Library Leaves Many OSs and Apps At Risk

gnoshi Re:Ars Technica comments about open-source (231 comments)

Well, if your starting point is that "open source doesn't lead to bugs being identified and disclosed" then those very posters you are complaining against are partially right, in part. Consider:
Open source: anyone can read the code, but (based on our premise) this doesn't lead to identification and disclosure of problems. It can allow a prospective attacker to identify problems and not disclose.
Closed source: only internal staff can read the code, but (based on our premise) having many eyes looking doesn't lead to identification and disclosure of problems. Prospective attackers can only do binary analysis, not source analysis, to find problems.

If binary analysis is more difficult than source analysis for finding potential bugs (i.e. potential targets for attack) then closed source is more secure in this context (assuming one or more attackers looking for potential vulnerabilities in the library/source/whatever).

Note: I'm not agreeing with the 'ubiquity' argument because it ignores read distributions of OSs. Also I'm not agreeing with the 'financial interest' arguments, because in a closed source there is the possibility that a company will gamble on an internally-detected vulnerability not being exploitable (or exploited) rather than fix it.

There are valid arguments for using open-source software, but I don't think the "many eyes" argument is necessarily a good one.

about a month and a half ago

Submissions

gnoshi hasn't submitted any stories.

Journals

gnoshi has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...