Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



Eric Schmidt, Jared Cohen Say Google Data Now Protected From Gov't Spying

louarnkoz Re:Safe just from prying eyes? (155 comments)

Governments can indeed ask for some data, using subpoena or in the case of the US "National Security Network." But for that, they have to actually ask, and the request has to be targeted, naming for example a specific individual. The NSA and the GCHQ were not content with that, they wanted to grab "everything," so instead of the legal channels they used a hack. The hack was to spy on the internal network of Google, and of other services as well, because these internal exchanges were not encrypted.

According to Eric Schmidt, now they are. This is absolutely good news. It is also exactly what the Electronic Frontier Foundation is asking web services to do. You can check the relative state of Google and other services according to the EFF at:

about 6 months ago

Electric Cars: Drivers Love 'Em, So Why Are Sales Still Low?

louarnkoz Tesla! (810 comments)

I really love the Model S. Beats the BMW every day, and actually not more expensive than a series 7...

about 10 months ago

GCHQ, European Spy Agencies Cooperate On Surveillance

louarnkoz Re:Encrypt everything. (145 comments)

End to end encryption is the only answer here. Maybe instead of relying on server certificates, which could be compromised, do the reverse -- the client certificate is used to secure the connection. That way everyone can use a CA (or even issue their own) that they trust. ...

Have you looked at the work going on in the IETF and other places to deploy "perfect forward secrecy?" The idea is to use a Diffie-Hellman exchange to negotiate a random key, and then only use the server certificate to prove the server's identity and knowledge of the key. Pretty much the same result as client certificates, easier to deploy, and with the added advantage that even if the server's key is compromised, the sessions' keys remain secret.

about a year ago

Are the NIST Standard Elliptic Curves Back-doored?

louarnkoz Re:We owe our thanks to Mr. Snowden (366 comments)

Actually, no. There is proof that Dual_EC_DRBG is much weaker than advertised. But the story is about the other elliptic curves that NIST standardized based on "contributions" from the NSA.

1 year,10 days

IAB Urges People To Stop "Mozilla From Hijacking the Internet"

louarnkoz Nostalgia, when IAB meant something else (499 comments)

Not so long ago, when we heard a reference to "the IAB," what came to mind was the "Internet Architecture Board" ( That was the place were Postel or Cerf contributed... Times have changed.

about a year ago

Schneier: The Internet Is a Surveillance State

louarnkoz Re:We need counter intelligence tools (333 comments)

Great idea. I can see that, a "cookie exchange bank." You donate a cookie to it, and in return it provides you with a cookie donated by some random user. There are a few precautions to take, e.g., do not donate your bank's password, but it could definitely be fun.

about a year and a half ago

Do Patent Laws Really Protect Small Inventors?

louarnkoz Re:Sob story, but ultimately lacking. (267 comments)

He could not in fact patent something as broad as 'a mechanism for generating electrical energy from human input' because such mechanisms have been around for maybe 100 years. The old bicycles, for example, had a little dynamo that powered the head light and back light. It got its power from friction on the wheel, which was powered by the human cyclist...

What this story really exposes is the hubris of the inventor. Say you work a couple of months on an invention, and file a patent. Do you really expect years and years of revenue? Really?

about a year and a half ago

Turkish Registrar Enabled Phishing Attacks Against Google

louarnkoz root trust: the hole in PKI, SSL, TLS! (75 comments)

Everybody thinks that if an "https" connection is securely established, if the browser displays a green light, then they are good. But it only proves that the other end of the connection showed a "valid" certificate, where "valid" is defined a "signed by one of the hundreds of authorities allowed to do so, or by any entity who somehow obtained a certificate with signing rights from one of these authorities."

We have seen attacks like that before, e.g. the "Comodo" hacker ( My bet is that we will continue to see more of these, because the attack surface is just too large.

about a year and a half ago

Secret Stingray Warrantless Cellphone Tracking

louarnkoz Re:VoIP -- problem NOT solved (62 comments)

VOIP will protect the data if the content is properly encrypted, but headers and locations are still exposed. The phone can still be identified and located, which is already great information for the police. The IP addresses can be tracked in the header and voila, pen-register services without a warrant. And if VOIP is not encrypted, or if the encryption is weak, even the content can be accessed.

about 2 years ago

Ask Slashdot: What Would Your 'I've Got To Disappear' Plan Look Like?

louarnkoz Re:Join the army (789 comments)

Another requirement is to pass physical and medical tests. The Legion won't take you if you have poor eyesight, weight too much, or are otherwise unfit. The mythical slashdot readers who spend their days snacking in front of the computer might have a hard time getting accepted.

On the other hand, if you are accepted in the Legion, you will have a fun time in places like Afghanistan, Djibouti or the Ivory Coast, to name a few. If you goal was to escape being shot at, you may want to reconsider.

about 2 years ago

ICANN Backflips Again

louarnkoz Re:This is getting stupid. (94 comments)

ICANN was supposed to managed the legacy of Jon Postel. Instead, it is managing the interests of a coterie of Internet parasites. As the parent said, "the new top-level domains (and some of the existing top-level domains) are basically a money grab," effectively allowing the new registrars to levy taxes on trademark owners. Good old fashion blackmail, as in "nice trademark you have here, you would not want something bad to happen, like having it managed by a porn site or a competitor, what about getting some protection?"

more than 2 years ago

A Few Million Virtual Monkeys Randomly Recreate Shakespeare

louarnkoz Re:Huh? Not random! (312 comments)

Randomness will produce everything indeed. But this experiment is not random. The monkeys are not *producing* the work of Shakespeare. They are *reproducing* it. The master program already know the work, and has it programmed in its tests. There is a big filter here: take this random bit, and decide whether it is "part of Shakespeare's work." Not quite the same as letting the monkeys type a full page, and then have readers decided whether this is "as good as Shakespeare." Prior knowledge killed Schrödinger's Cat!

more than 2 years ago

UK: Open Standards Must Be Restriction Free

louarnkoz Third parties make that untenable (90 comments)

This is a vexing problem because not all patent holders participate in the standard making. If a company participates in the standard making, the standard organization has leverage: guarantee that others can use your patents under reasonable conditions, preferably free, or we will not consider your contributions. But if a company does not participate, the standard making organization has no leverage at all.

Consider for example what happen to Wi-Fi. The IEEE has a fairly detailed patent policy, and the Wi-Fi standards have been very successful. But after millions of cards were sold, CSIRO came out of the blue and asserted a patent on indoor OFDM that they said covered Wi-Fi. The resulting lawsuits have costed millions.

about 3 years ago

Cheap GPUs Rendering Strong Passwords Useless

louarnkoz Challenge respose is dead, almost. (615 comments)

The problem with NTLM has been known for some time, but it is not just NTLM. It is in fact any challenge response protocol. Check this slide deck presented at the IETF in 2005: The punch line is simple: don't rely on challenge response protocols! If the attacker can see both the challenge and the hash, and if the password can be remembered by the user, it will probably be cracked.

more than 3 years ago

Could You Pass Harvard's Entrance Exam From 1869?

louarnkoz I was learning that in the 60's (741 comments)

The latin and greek questions are actually pretty simple. Latin and Greek were still fairly common options in French high school in the 60's, and I studied all that. The Latin reference text here being Caesar's "De Bello Gallico," which we were studying in the 7th or 8th grade. The Greek reference text is Xenopho's Anabasis, which we were studying in the 9th or 10th grade. Both Caesar and Xenopho are considered "easy" - they use fairly direct language and constructions. Similarly, the grammar questions correspond more or less to your first or second year of language study. The references to roman and greek history, e.g. Actium, Pharsalis, Jugurtha may feel fairly obscure now, but are in fact part of the basic curriculum of "Ancient History." Bottom line, the test was not very hard for a high school who paid attention in class. I was surprised to see that they would provide the translations of the words as part of the question. We did not have that available when passing exams.

more than 3 years ago

Beware of Using Google Or OpenDNS For iTunes

louarnkoz Re:Where are the torrents? (348 comments)

I was not so much think of getting the bits from fellow users as getting the bits from several Akamai servers -- or similar. Instead of blindly following some dumb "closest IP" rule, the download could test a couple of candidate servers and get the bits from those with the best bandwidth -- much like torrents do.

more than 3 years ago

Beware of Using Google Or OpenDNS For iTunes

louarnkoz Where are the torrents? (348 comments)

Load balancing based on the DNS resolver is so 1999! Even when it works, it works by chance, and does not test the actual speed between your PC and the potential servers. Compare that to Bit Torrent, which actually tests the speed of the downloads. You really wonder why Apple, and Akamai, would not use some kind of torrent technology!

more than 3 years ago

After IPv4, How Will the Internet Function?

louarnkoz Re:Dual stack failed? (320 comments)

Quoting an AC to start the conversation, penning a lead with bold statements that are not much supported in fact... Slow news day, probably.

Pretty much every PC, server or even smart phone OS ships with dual stack. Enable IPv6 on your home gateway and poof, IPv6 in your PC lights up. AT the same time, your PC can keep using IPv4 for non IPv6 web sites, or for that old Ethernet enabled printer in the basement. It works pretty much as expected. Not having unique IPv4 addresses does not change anything to the question -- IPv4 goes through NAT, IPv6 goes direct.

more than 3 years ago

Once-Darling Ethanol Losing Friends In High Places

louarnkoz Re:Why engines are falling apart - fiberglass tank (586 comments)

Ethanol is a big [problem for boats that often have fuel tanks made of plastic or fiberglass. Some of the plastic gets dissolved by the ethanol, and then ends up clogging various engine parts. The Boat US association has done extensive tests of that: The real worse case comes if ethanol is mixed with diesel, transforming a basically safe fuel into one that can explode. Really not a good idea.

more than 3 years ago


louarnkoz hasn't submitted any stories.


louarnkoz has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>