We’re exercising our freedom and taking off the 3rd to celebrate the 4th. See you Monday!Hide

Kal Zekdor’s Techdirt Profile

kalzekdor

About Kal Zekdor




Kal Zekdor’s Comments comment rss

  • May 31st, 2015 @ 4:37am

    Re: Re:

    Ehhh, I guess I half agree with you. While that specific piece was certainly a low-point for Ars (though it was an Op-Ed by a single author, if that makes a difference), it was also fairly thoroughly and uniformly blasted by the readers. None of which were banned for doing so.

    [Side note: Do I want to know what a bronie (brony?) is?]

  • May 31st, 2015 @ 4:15am

    Chocolate

    I can't say that I hate chocolate, but I certainly dislike it, as well as anything sweet. Chocolate isn't sweet enough to make me hate it, and dark chocolate's not bad in small quantities (the more bitter, the better). Though, I saw a friend eat a Cadbury Creme Egg a few months ago, and nearly vomited as a result... How can people stand that? Yet, somehow, I'm the odd one...

  • May 29th, 2015 @ 5:40pm

    Re: Re: Re:

    A couple of things... Minor errors? Really? A complete misunderstanding of the material at hand, and publishing an article that is effectively disinformation is a minor error?

    Techdirt has made mistakes of this magnitude in the past. (They usually post corrections, but you're correct, that's neither here nor there.) This does not invalidate the claim that faulty reporting will lead to a loss in readership. There were a few instances in which techdirt nearly lost me as a reader due to blatant errors that invalidated the entire article.

    This article isn't about bashing the other news sites for getting it wrong (at least, not primarily, it does feel like Techdirt is gloating a bit, which is not cool given that they have made similar mistakes), but informing the readers, whp may also be readers of one of the other sites, that the information reported therein was not accurate, and to stop the spread of disinformation.

  • May 28th, 2015 @ 2:55am

    Re: Re: Re: Re: Real vs Virtual

    Virtual objects are not objects, they are virtual.

    Sigh... Nine years later and people are still spouting this nonsense.

    If I flipped a couple of virtual ones and zeroes around and emptied your bank account, would you still claim that nothing was stolen from you? Or do you really believe that your money is just sitting in big vault somewhere? Ownership is a far more complicated concept than whatever physical items you can lay your hands on. Many aspects of ownership are "virtual", beyond just the obvious. Ownership of copyright, of land, of debt. These are all virtual concepts, yet they govern most aspects of our lives. This is not something new, the frameworks of virtual ownership have been around, in one form or another, for centuries.

    Shrugging all of this off as "virtual, and hence meaningless", is... short-sighted.

  • May 22nd, 2015 @ 10:15am

    Re: Re: Re: Re:

    I don't think you know what a CA does...

    The CA does not create or provide Certificates, they merely sign them so they are "trusted".

    This has little to do with the actual encryption between a TLS enabled client and server. There are at least three legs here (more if you have a web of trust instead of a single trust authority): the client, the server, and the CA. Each of these points have their own private/public key pairs. Data to the client is encrypted using the server's private key, which the CA most certainly does not have.

    If the CA were compromised by an attacker, they still couldn't decrypt communication between client and server. However, if the attacker was able to intercept traffic as a MitM, what they could do would be impersonate the server using the compromised CA. That way they wouldn't need to break the encryption, since the client is encrypting the traffic so that the MitM can decrypt it, thinking that they're talking to the server.

    Blaming third-parties for not disobeying government orders is a red herring, anyway. The government should not be allowed to issue such orders. Period.

  • May 20th, 2015 @ 4:22pm

    Theft of IP

    Just wanted to point out that it is possible to steal IP, and in context it's what Kerry was talking about. When you break or hack in to obtain confidential information that you aren't allowed access to (and possibly destroying or corrupting the original), that is most certainly theft.

    When you distribute information that you obtained legally without permission and against Copyright laws, such as sharing a movie online, that is infringement, not theft. Corporate espionage falls under a different label than infringing.

    The concepts, of course, are not mutually exclusive. The use of the stolen IP, such as by putting out a competing product based on the IP, is, once again, infringement.

    That bit of pedantism aside, this was a great article.

    TL;DR: Illegally obtaining confidential IP is theft; illegally using IP (secret or not) is infringement.

  • May 19th, 2015 @ 7:48pm

    Ion Thrusters

    Ion Thrusters are interesting, but they're not a purely electric propulsion medium. They still rely on a propellant, xenon usually, which is expelled at high speeds. They're much more fuel efficient than chemical propellants, but they still need to carry fuel, which limits the usefulness for deep space exploration. They also tend to generate very low thrust, but by the time that we really need better thrusters that might no longer be true.

    That EM drive, though.... I really hope that it's not just a mistake, and it does operate the way people think.

  • May 17th, 2015 @ 11:47am

    Re: Re: Running a CA

    Interesting, I had no idea that someone had considered the idea enough to put together an RFC on it. Thanks for the information.

    I'm not surprised that there hasn't been much interest in it, though.

  • May 16th, 2015 @ 8:45pm

    Re: Re: Re: Re: Troublesome certificates...

    They could do that; as an ISP they could intercept any https requests, and act as a MitM proxy, decrypting and re-encrypting traffic in both directions. That would be troublesome if https was only about encryption. What they would not be able to do would be perfectly disguise the traffic as coming from the original source. They would need to automatically create certs for each site that a user requests. They could make these certs appear to be from the site in question, maybe even well enough to fool the browser, but they would not be identical to the certs provided by the site, and they would all be able to traced back to a single CA. When every https site in the world is suddenly using the same CA... Well, let's just say people will notice, and there will be an uproar. See the Lenovo/Superfish fiasco.

    This type of MitM attack is untenable on a wide scale, particularly if you need to keep it quiet. Targeted attacks on less savvy individuals, however...

  • May 16th, 2015 @ 4:42am

    Running a CA

    For anyone who is worried that using https will require trusting a third-party, there is a way around that. It's not all that difficult to run a CA yourself, many Enterprises do so for encrypting internal web applications. Certs usually cost money not because of some technical cost of encryption, but because of the man-hours that are required for the CA to verify that you are who you claim to be. You can cut out the middle man by running your own CA (you implicitly trust you, right?). The downside is that the certs you create won't be trusted by default (and the hoops you would have to jump through to do so are... untenable). Clients would need to install your root cert onto their machine, which is easy to do, and then any certs you create are trusted.

    If that's too much to worry about, you can always forgo a CA entirely and use self-signed certs. No one will be able to trust them, but it's the easiest way to get encryption running. The problem with https/ssl is it's playing double duty as data encryption and identity verification. Providing encryption is cheap and easy, and solves most (though not all) of the concerns about modern web browsing. Unfortunately, encryption is caught up in identity verification/trust authority, which is difficult and expensive (though progress is being made on that front by EFF/Cloudflare/others). I'd love to see a protocol somewhere between http and https, that negotiates and encrypts traffic, but doesn't rely on a trust framework. It obviously wouldn't be as secure as https (MitM attacks would be much easier), so https would still need to be used for things like ecommerce, but it would be much better than http, and without the costs/difficulties of https.

  • Apr 30th, 2015 @ 1:18pm

    Re:

    Not the only one, no. Plenty of folks are mildly disinterested in the game even though they completely understand it. Myself, beyond interest in the world building algorithms and the possibilities of the in-game logic circuits (though the former is less about playing the game than it is interest in the mechanics, and there are better examples than Minecraft of the latter, e.g., Little Big Planet, Space Engineers), I find it rather dull.

    That said, I completely understand why so many people enjoy it. The best analogy really is an endless set of legos; Minecraft allows for an enormous amount of creative expression. But, then, I never did enjoy legos as a kid. They always felt... pointless. Instead, I spent weekends and holidays building complex engineering feats (for a kid, anyway) out of K'nex. Less about making pretty structures than seeing what you could build, struggling against gravity, structural stability, load distribution (I think I figured out the awesomeness of the lowly triangle at about 6 or 7), etc. Throw some motors in the mix, and things start to get really fun. I remember spending a lot of time messing with a remote control motor, building various vehicles.

    I guess I'm trying to explain that I'm creative, but not artistic, and that I that I think Minecraft appeals to those with an artistic tendency. Since allowing kids to explore their artistic side is laudable, I have a hard time understanding why anyone with a touch of sense would think Minecraft is bad for kids.

  • Apr 21st, 2015 @ 1:12pm

    Re: Re: Technology leads to Frankenstein tragedies.

    Isn't Bill O'Reilly registered as an Independent? Conservative, certainly, but not a Republican. Seems to me like you took two random examples on the failings of rigid, dogmatic ideologies, and interpreted it as a personal attack.

    Do you have a persecution complex, or are you posting flamebait for the hell of it? I am inclined to believe the former, though your last statement gives me doubts, so correct me if I'm mistaken.

  • Mar 23rd, 2015 @ 1:35pm

    Re: Cloudflare Certificates

    Techdirt should really know better. This is tabloid (or cable news) level bullshit. The only revelation here is that the campaign website uses Cloudflare. Good for them, Cloudflare knows what they're doing. The SSL certs used by CF often serve multiple websites. That's all that's going on here. It has nothing to do with Ted Cruz, and little to do with Cloudflare.

    I'm disappointed.

  • Mar 20th, 2015 @ 9:11pm

    Mitigation, not Prevention

    Cisco's plan makes a lot of assumptions about the NSA's capabilities, most of which aren't particularly sound...

    I don't agree. Cisco is well aware of NSA capabilities, and they know that this plan isn't enough to prevent tampering en route. With enough tracking/surveillance/infiltration of Cisco operations/personnel, the NSA can and likely will still find, intercept, and tamper with intended targets.

    In that case, why did Cisco bother? Two reasons. First, which was touched on in the article, is to simply make a statement. They are proclaiming to the world and to the NSA that they're not willing to sit idly by while the surveillance state drives their reputation (and their bottom line) into the ground. This is a symbolic protest as much as an actual mitigation.

    Second, yes, this is a mitigation. These precautions won't make it impossible for resourceful (in both meanings) third parties to intercept equipment, but they will make it more difficult, and thus costlier. Even the NSA only has so many man-hours it can direct. If it now takes twice as many man-hours (an over-estimation, I'm sure, but no matter) in order to backdoor a router en route, then they are only able to do so half as often.

    Cisco, or any US based company, can only do so much to thwart the surveillance state. Any pushback, however minor or symbolic, is to be applauded. On the same note, any willful collusion should be considered a betrayal of their customers, and the public at large.

  • Mar 4th, 2015 @ 3:50pm

    Re: Re: grammar bugaboo

    Though, I'd like to point out that the first parenthetical in his post follows a full stop, and encapsulates a discrete sentence. In informal grammar, this indicates an aside, a thought tangentially related to the current topic, but not fitting in the paragraph flow. (Yes, in case you were wondering, I am enjoying myself.) It is perfectly valid, though, again, less than formal.

  • Mar 4th, 2015 @ 3:34pm

    Re: Re: grammar bugaboo

    Over a century, in fact.

  • Mar 4th, 2015 @ 3:32pm

    Re: grammar bugaboo

    It's acceptable semi-formal grammar, though "So" should most correctly be followed by a comma, as it is being used as an opening interjection.

    "So" as a magnifier is what annoys me: "This is so annoying."

    So, it appears that the logomachists are out in force today.

  • Mar 4th, 2015 @ 12:38am

    Re: Nothing "disappointing" here

    I don't know where you've been living, but cars that lock themselves automatically are most certainly a thing.

  • Mar 3rd, 2015 @ 4:13pm

    Disappointing is the word.

    The main performance bottleneck on encrypting these devices is caused be the lack of a dedicated hardware encryption chip. That costs money, and necessitates a major hardware redesign. So they tried software FDE, which has performance costs. The performance drag was too great, so they complained to Google.

    Google quietly backpedaled their encryption requirement. Not permanently (at least according to them), but just an extension to give the manufacturers more time to meet the requirement.

    So... disappointing is the word. Especially how Google loudly boasted about always on encryption, but was nearly silent about pushing back the requirement.

  • Feb 23rd, 2015 @ 6:40am

    Re: hmmm

    Don't forget ftp://*.*/*

    Hell,just go with ip://*.*.*.*:* and shut down the entire internet! That'll surely cause sales to pick up!

More comments from Kal Zekdor >>