×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Time To Remove 'Philosophical' Exemption From Vaccine Requirements?

sjames Re:In Massachusetts... (1048 comments)

I agree that vaccines are a good idea but that doesn't justify removing the right to control what goes into their and their children's bodies based on their inability to homeschool.

2 hours ago
top

Hackers' Shutdown of 'The Interview' Confirms Coding Is a Superpower

sjames Again, where is the NSA (209 comments)

Just what is the NSA up to here? Shouldn't they be busy heading off exactly this sort of thing? So what's their part of this action? That's right, they're busy facilitating the terrorists by weakening the security that could prevent this crap from happening so they can do the things they are never ever supposed to do. Screw protecting the country, they have law abiding citizens to spy on!

11 hours ago
top

Colorado Sued By Neighboring States Over Legal Pot

sjames Re:the REAL solution: (441 comments)

His complaint is valid because the foolish lawmakers handed the DEA their authority to schedule a drug. They should at least take that back.

12 hours ago
top

Researchers Discover SS7 Flaw, Allowing Total Access To Any Cell Phone, Anywhere

sjames Re:Hardware Security (80 comments)

THIS!

It's the same way that the initial solution to people MFing was to put a 2600 Hz notch filter on POTS lines. Then they moved signaling out of band except for the last mile. They assumed that was problem solved since trunks were protected with physical security.

They simply didn't anticipate a day when most of the population had a cellphone and a computer more powerful than their switch and where software defined radio was an actual thing that an individual could make or buy.

yesterday
top

Critical Git Security Vulnerability Announced

sjames Re:Case insensitive file systems were a bug (141 comments)

So you need to have some way to enter those characters when specifying a file name. Escap chars can handle some of that, but it really is best to not take chances where it can cause problems. For example, imagine a file named 'bobby; rm -rf /'

yesterday
top

Critical Git Security Vulnerability Announced

sjames Re:I blame Microsoft (141 comments)

SureItDoes.

Of course, if not for the convention of all smalls in domain names we wouldn't get to snicker at expertsexchange.com

yesterday
top

Critical Git Security Vulnerability Announced

sjames Re:Case insensitive file systems were a bug (141 comments)

Because some characters have special significance to the shell. That includes * and ?. In the bad old days of dos, you could enter an arbitrary character code by holding Alt while entering the 3 digits on the keypad. Character 255 looked exactly like a space but was not equivalent. Imagine the confusion one could cause that way.

yesterday
top

Grinch Vulnerability Could Put a Hole In Your Linux Stocking

sjames Re:Grinch is not a flaw - has no CVE!!! (116 comments)

Sure, but the potential to mis-configure a subsystem that has big red asterisks around it anyway such that a trusted user might exceed authority is a far cry from a security vulnerability that might put a hole in my Christmas stocking. Other things to avoid include making /bin/bash suid root, chmod -R o+rwx /, etc etc.

yesterday
top

Hackers Compromise ICANN, Access Zone File Data System

sjames Re:fire them (110 comments)

Put the cheetoes down so you can talk with your mouth instead of your butt.

By that criterion, sales and marketing are also cost centers. It would be ever so much cheaper to do business if you could just ship product at random and actually get paid. Buty you can't, so you need sales and marketing. It would be nice if the building would clean itself so you could skip janitorial without swimming in trash and filth but you can't.

Everything is a cost and in a well run business, everything in some way contributes to income. Get over it. Trying to divide entire functions into income or expense just demonstrates an incomplete and fragmented understanding of the system.

yesterday
top

Hackers Compromise ICANN, Access Zone File Data System

sjames Re:fire them (110 comments)

If anyone doesn't think IT is on the INCOME side, they should give the sales guys a pad and a pencil and shut down IT services for a week. Let's see how much INCOME they have then. Make that week during payroll and lets see what their INCOME looks like when nobody gets paid.

yesterday
top

Over 9,000 PCs In Australia Infected By TorrentLocker Ransomware

sjames Re:How? (81 comments)

And still, MS won't make opening something and running something distinctly different actions.

2 days ago
top

11 Trillion Gallons of Water Needed To End California Drought

sjames Re:But but but (321 comments)

A nuclear powered de-salination plant and pumping station. But good luck getting that built in Ca.

2 days ago
top

Army To Launch Spy Blimp Over Maryland

sjames Re:bah (175 comments)

But not by volume.

2 days ago
top

Brain Stimulation For Entertainment?

sjames Re:Umm, why? (88 comments)

But we have to ignore all of that because of what it implies our society and the living conditions of the junkies. We must resolutely hold the line. No 'facts' may deter us from the message that addiction is a moral failing and so the addict deserves his fate. Now, all rise and put your fingers in your ears and sing the new national anthem: "LA LA LA LA LA".

2 days ago
top

Verizon "End-to-End" Encrypted Calling Includes Law Enforcement Backdoor

sjames Re:Depends... (166 comments)

Agreed, to actually be sure, the software needs to be at least verified by someone you trust. It would not be wise for that someone to be a telco. However, end-to-end has a specific meaning and Verizon's service isn't it.

As for the keys, you can identify the party through conversation. If you've never met, you would need a trusted introducer in a 3 way call to verify each of you to the other. Then transmit public keys around and read back the key fingerprints. In other words, use the PGP/GPG web of trust rather than a central authority.

From then on, you have the keys stored and so you can skip that part.

I do know very well that the company is not at all immune to government pressure. I never anywhere suggested otherwise. I suggested that claiming a thing that is untrue and legally cannot be true is immoral. A moral company simply wouldn't claim to offer end to end encryption.

2 days ago
top

Verizon "End-to-End" Encrypted Calling Includes Law Enforcement Backdoor

sjames Re:what if the backdoor is always the master (166 comments)

The legit parties to the conversation would notice that none of them are the master. Or choose an election system that makes one of them the master every time.

2 days ago
top

Vinyl Record Pressing Plants Struggle To Keep Up With Demand

sjames Re:I never understood the warmth argument (433 comments)

I fully agree that a talented professional can get amazingly good results out of the hardware out there today. It is also within reach of an avid amateur.

The modern digital gear is not quite as forgiving as the old tube gear but in exchange the result when you do it right is orders of magnitude better.

Ideally, all music should be released at full dynamic range and if it needs to be compressed for FM or crappy earbuds, the radio station or player can easily handle it.

I'm going to laugh when new standards for measurement come out that punish the current 'loud' recordings.

3 days ago
top

Verizon "End-to-End" Encrypted Calling Includes Law Enforcement Backdoor

sjames Re:It's required (166 comments)

But that can easily be prevented in a public key system. Just a simple example that I am formulating as I type. The peers elect a master based on any arbitrary criterion (pick a number, who has the lowest mac address, who called in first, whatever). Everybody else hands it a public key. The master generates a session key and encrypts it with each authorized public key to distribute it. If LEO taps in, he gets nothing unless he can convince the master to accept his public key. If there are supposed to be 3 parties on the call, the master's owner will notice that there is an extra request for the session key.

An added benefit is that it is actual end-to-end encryption. The provider has no ability to tap the line as long as the keys are reasonable and the software doesn't have a back door in it..

If the public keys have been exchanged in advance, all the better for knowing the identity of everyone involved in the call.

3 days ago

Submissions

sjames hasn't submitted any stories.

Journals

sjames has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?