Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Slashback The Media Government The Courts News Science

Slashback: Quinn, InfoCards, McKinnon 103

Slashback tonight brings some corrections, clarifications, and updates to previous Slashdot stories, including The Boston Globe's Ombudsman speaks on Peter Quinn story, Microsoft continues to push their password-less approach to web browsing, Gary McKinnon extradition reopened, and more news on the organic car fuel front -- Read on for details.

Globe's Ombudsman silent no longer. Andy Updegrove writes "For two months, the ombudsman of the Boston Globe has been silent on the reporting that helped bring about Massachusetts CIO Peter Quinn's resignation. Last night, in response to an entry pointing out that silence at the Standards Blog, ombudsman Richard Chacon at last responded, admitting to "lingering questions over why the [Quinn travel investigation] story was allowed to run without comment from Eric Kriss," but standing by "the initial reasons for looking into the story." Chacon also promises to report back with further observations after contacting Peter Quinn."

Microsoft continues push for 'InfoCards'. FrankieBoy writes "Bill Gate kicked off the RSA computer conference in San Jose, CA by unveiling a few more details about their new 'InfoCard' system in the upcoming IE7. With InfoCards people could save personal information on virtual cards on their computers which websites would recognize removing the need for many different internet passwords."

Gary McKinnon extradition hearing reopened. earthlingpink writes "BBC News is reporting that the extradition hearing has reopened for Briton Gary McKinnon who is accused by the US of hacking into military computers. The damages he has caused is estimated at £370,000 (about $640,000 today) and he is said to face more than 45 years in prison. The original story and audio interview were both covered by Slashdot in June of last year."

Bugs to help kick oil addiction. Mr. Ghost writes "Bugs such as certain species of termites and fungi such as Trichoderma reesei may be the key to effectively and cheaply generate ethanol from cellulose. Small companies like Iogen and large international energy companies like Royal Dutch Shell are putting more and more money into this research. This type of technology may even be a way for the American automobile industry to gain back market share from its competitors."

This discussion has been archived. No new comments can be posted.

Slashback: Quinn, InfoCards, McKinnon

Comments Filter:
  • Nice. (Score:5, Insightful)

    by NoMoreNicksLeft ( 516230 ) <`john.oyler' `at' `'> on Wednesday February 15, 2006 @08:09PM (#14728716) Journal
    So stealing my laptop will allow anyone to go to websites and impersonate me?
    • Re:Nice. (Score:2, Insightful)

      So stealing my laptop will allow anyone to go to websites and impersonate me?

      Why, yes, yes it will.

      Aren't you sleeping soundly, Citizen?

      Trust the Computer: The Computer is Your Friend.
    • So stealing my laptop will allow anyone to go to websites and impersonate me?

      They can do that now, depending on what tools you use to store your information. All of the better browsers have some kind of password memory. If you took Bill's bait, you are using passport, the one password to rule them all. Of course, any of the keyloggers that propagate by M$ born worm will remember your passwords without telling you and Microsoft's "fast find" has kept a log of everything you type since 98. The real thin

      • "Someone who knows what they are doing does not have to steal your laptop to get what they want out of it."

        well, besides the laptop that is.

        It is extremely limely that the thief would be stealing the laptop, any information found on the laptop would be icing.

        This same technology could cause a problem with any OS, not just MS. Including B$D, O$X, and the variety of Linuk$ distros.

        The problem is, it identifies the computer only, not the person using it.
      • They can do that now, depending on what tools you use to store your information. All of the better browsers have some kind of password memory.

        I don't know how other browsers/platforms implement this, but Safari on Mac OS X stores all password info in the Keychain. So the info is only available if you can get into that.

        The default Keychain is unlocked when you log in, but you can create any number of other Keychains and keep them locked. Move the password data stored by Safari into a different keychain that

      • by Anonymous Coward
        All of the better browsers have some kind of password memory

        The way it works is information such as passwords are stored in an encrypted storage system that can only be unlocked by the encryption key associated with a Windows account. If someone steals your laptop, as long as they don't know your Windows password they can't access that information. I don't know why you mention Passport as it has nothing to do with this, except that the storage system can be configured to remember Passport account informat

      • IE has password memory. So does Mozilla / Firefox, Opera, Safari, and a host of other browsers. It's a feature to make it easier to access sites, but users with high authentication should know that that ease comes at a cost of security. Admittedly many non-IE browsers have a "master password" structure whereby you type one password for it to remember all of your passwords on demand (as mentioned by a sibling post about Safari), but said poster also recognized that most of these systems ship with the feat
        • These people [] have the lowdown on what M$ keeps track of without telling the user. Fast find remembers your passwords and everything else you type. It's one small part of the tools that defeat any serious attempt at security on Microsoft platforms.

          • I haven't finished reading it, but this line:
            The first thing you should know is that the index.dat files is that they don't exist in less you know they do.
            really jumped out at me.

            What in Avalokistevara's name is that supposed to mean?
            • I can get you partly there:
              The first thing you should know about index.dat files is that they don't exist unless you know they do.
              Beyond that, you'll need to consult a quantum mechanic, who will tell you things about superposition and half-dead cats.
          • First off, of course I'm going to believe that a site called FuckMicrosoft will be unbiased.

            Secondly, take a look at Microsoft's own overview of FindFast [] (It's FindFast, not Fast Find, BTW):

            You can open the Find Fast Control Panel icon to create additional indexes (for example, on a network drive), delete indexes, and set other options. Although you can use Find Fast in the Control Panel, Find Fast indexes Office documents automatically and requires no user interaction.

            It can index other filetypes, but it

        • Just as a point of clarification: Yes, "InfoCard" is a Microsoft proprietary implementation of the core user-agent of the Identity Metasystem []. However, the Identity Metasystem is not Microsoft proprietary and is (definitely) not Passport In the Identity Metasystem, all communications are carried out using standard HTTP & WS-* protocols, "InfoCard" will communicate with Identity Providers running on any other platform that supports the same protocols. Further, we openly welcome other platform v
      • Things are better on non M$ platforms.

        Precisely. And you didn't even get into information like credit card details.
    • Re:Nice. (Score:4, Funny)

      by Xeo 024 ( 755161 ) on Wednesday February 15, 2006 @08:41PM (#14728919)
      Nah, you're just being paranoid. I'm sure no one has the time to "go to websites and impersonate" other people. Have some faith in your fellow man..

    • So stealing my laptop will allow anyone to go to websites and impersonate me?

      Sorry to deflate your ego, but they are just interested in emptying your bank account and stealing your identity.

      If it involves impersonating you, that's where they would draw the line. Because that would involve too much work and not be worth it.

    • Re:Nice. (Score:1, Interesting)

      by Anonymous Coward
      If you don't protect the InfoCard, yes, but that case is no different than if you saved your passwords in your brower of choice. You can protect your Info cards, however, via password protection or, given the hardware, a biometric scanner or a smartcard. There are a number of OS-level laptop data protection schemes being introduced in Vista that can also be applied to protect your Infocards.

      When fingerprint scanners become more common in laptops and smartcard readers more common in keyboards, I believe In

  • by Anonymous Coward
    That's a real logical leap. Anyone can build cars that run on any available fuel. How will the use of bio-fuel give an advantage to the American auto industry?
    • It's a question of people shifting aways from larger, US built vehicles (SUVs, especially) to smaller imported ones. Of course, the US could start making small cars, but the cannot compete. It's a similar issue here in Australia, too. Locally-built cars are all the larger, 6 or 8 cylinder "family cars", and people are shifting to smaller, 4-cylinder, imported cars. Moving to a renewable, possibly cheaper fuel, that is not at the mercy of international markets and reducing supplies, makes larger cars more
    • by Anonymous Coward
      The idea here is mostly that the US auto industry is SERIOUSLY hurting as a result of high oil prices in the U.S.. People are not as interested in cars and not interested in the same kinds of cars as they would be in an economy, like that of the 90s, with low oil prices. The U.S. auto industry has been harder hit by the oil situation than foreign carmakers, both because the U.S auto industry so heavily targets U.S. customers, and because the U.S. auto industry has so heavily invested in low-economy cars suc
      • Absolutely correct, especially the non-zero-sum bit.

        Here's another point to ponder, on the "rising tide lifts all boats" theory:

        If fuel were agriculturally produced rather than mined/drilled, the US could remove some of the incredibly market-distorting Farm Parity payouts - essentially, we could stop using taxpayer money to bribe farmers not to grow crops.

        We pay off the farming [] mafias [] to keep food prices artifically high [], so that there is an economic incentive to continue to produce food. If our ever-incre
    • > That's a real logical leap. Anyone can build cars that run on any available fuel. How will the use of bio-fuel give an advantage to the American auto industry?

      Anyone CAN build cars to run on Ethanol. The Big Three already DO. [] (Minnesota E85 Vehicle Directory).

  • by webmistressrachel ( 903577 ) on Wednesday February 15, 2006 @08:13PM (#14728743) Journal
    I see how Microsoft would like to position their system (passes, OS, Mail Client, etc.) as the "standard". Even previous versions of Windows allowed users to talk to everybody and anybody. Now it seems they have found another way to cut out 3rd-party companies, or get license fees (thus still dominating the market).
  • by Anonymous Coward on Wednesday February 15, 2006 @08:23PM (#14728806)
    At a Harvard workshop last week on user-centric identity, a bunch of us agreed to collect InfoCard issues as we hear about them. While work in progress, and your mileage my vary, I put an initial list of those on my blog. oft-infocard-issues.html []

    Kim Cameron, the chief identity architect at Microsoft, agreed to take them back into Microsoft to hopefully get them resolved.
    • by Anonymous Coward
      It's interesting to see how far we've come from Passport, yet how little we've moved. At least we no longer are asked to ship our credit card data to Microsoft for "safekeeping", the InfoCard data resides on our own computers (for better or worse).

      I noticed that there seems to be confusion about a meta-identity system (one system spanning identities) vs an identity meta-system (one identity spanning systems). Will InfoCard really be a meta-system? Googling, I'm not seeing much for implementing MS Passpor
    • Chief Identity Architect? (yes, it's unfair in this case)
  • From my understanding of this whole thing, the InfoCard system's nothing new. We already have the same thing going on with existing technologies such as Firefox's Password Manager, Opera's Magic Wand, and not to mention my favorite – SSH keys! The latter I've been using obsessively now, I just keep the master key on my laptop and all my other boxes are set to recognize it so that I can get into any of them without a password.

    (Completely off-topic, but the laptop's heavily password-protected as well;

    • Once I have your laptop I will just connect the drive to my computer and mount it myself, thus bypassing your random bazillion charater password if you like.

      Personally I store my passwords using secstore and authorize using factoum, so my keys never need to be stored locally. I boot my laptop from a CDrom and mount my drives over the network, wherever I am. It doesn't even have local storage unless attach some via USB.

      Relying on SSH is soooo 1999

    • No. You are talking about PIN/Password caching, in an encrypted store. Think Mac keychain.

      This is an identity system, that supports federation, incorporates policy negotiation and can establish reputation with third-parties.

      It is Passport, without the central identity repository - similar to Liberty Alliances' SAML work, but in the WS-Security framework, and with extended user functionality.
    • Huh? I'm pretty sure IE has a password-storing thing like most alternative browsers do. It has some sort of form-remembering option, anyways. That said, it's not too difficult to remember passwords. What's difficult is the websites that force you to use some retarded thing because they think you having 9skmdl10d1337os for your password is going to make it harder to steal after you input it into some phishing site because you're a freakin' idiot, and as a result remembering what password goes with what s
  • I think biofuels are FINALLY a realistic opening in the search for a oil-less way of transportation. After years of BS and dead ends with electric vehicles, hydrogen cars and whatnot, we finally have something that will use existing infrastructure and technology.

    The only problem is, this will put the oil companies out of business. Seeing as oil companies have way more money than say, farmers (who look to benefit) and seeing as alot of money has been put into securing middle east oilfields, I don't see much
    • there's a bill in the Washington State Legislature (no direct bill link, as it has multiple versions, to mandate 2 percent biofuel usage here.

      At least according to today's local papers.
    • by KlomDark ( 6370 )
      Unfortunately the majority of farms these days are corporate farms. Sure, there's still a lot of family-owned farms, but they are slowly getting Borged by the CorpFarms. Also lots of sneaky bullshit where CorpFarms set up deals with companies so they get better deals when they sell their products than the family farms can get.

    • At 60 dollars a barrel it begins to become more profitable to use foods for bio-fuels. So farms will sell their products to bio-fuel companies and not to the store.

      And why would the energy companies invest in this? They could dominate this market, as well as other alternative markets, which will be less costly to protect and set up.
      Of course, at it's current rate of growth, in 2030 Cina alone will need 94million barrels of oil per day. Currently 84 million barrels per day is pulled out of the ground for the
    • by LoRdTAW ( 99712 )
      "The only problem is, this will put the oil companies out of business."

      If you think about it why would they let themselves go out of business? Who is to say they wont buy out bio firms and farms working on alt fuels? Trust me, one day driving by exxon and shell farms producing the raw material for ethanol and bio diesel.

    • The only problem is, this will put the oil companies out of business

      Actually, no they won't. They will stay in business, providing petroleum based products for military, commercial, and business uses. This would include jet fuel, diesel, solvents, plastics, etc. I can even see them continuing to make gasoline for a long time for old car buffs.

      It won't put them out of business, but may keep them in business for a much longer time.
  • by Error27 ( 100234 ) <error27@gmai l . c om> on Wednesday February 15, 2006 @08:29PM (#14728848) Homepage Journal
    I hate how lazy and irresponsible the mainstream media is these days.

    The original article basically implied that Quinn was taking gifts from vendors to travel to conferences all over the world. This turned out to be false. So basically falsehoods. My feeling is that Quinn deserves an appology at minimum.

    Then the "investigation" is just the Ombudsman phoning the reporter up, the reporter says there isn't any issue so it's fine. Plus some excuses about how busy the Ombudsman is and how his assistant is only part time. Mix in a few ad hominem attacks.

    Nice. Way to go. It's goot that we have moronic lazy turd to keep everyone honest.

  • by truthsearch ( 249536 ) on Wednesday February 15, 2006 @08:42PM (#14728925) Homepage Journal
    Microsoft already had a universal password system fail: Passport []. The majority of web site owners simply didn't trust Microsoft enough to integrate their security in any way.
  • Infocards (Score:2, Funny)

    by SeaFox ( 739806 )
    Microsoft continues push for 'InfoCards'. FrankieBoy writes "Bill Gate kicked off the RSA computer conference in San Jose, CA by unveiling a few more details about their new 'InfoCard' system in the upcoming IE7. With InfoCards people could save personal information on virtual cards on their computers which websites would recognize removing the need for many different internet passwords."

    Wow! What a novel idea! It's like I'll have my own personal Passport for the internet letting all companies know who I
  • How much land? (Score:3, Interesting)

    by TheEvilOverlord ( 684773 ) on Wednesday February 15, 2006 @09:14PM (#14729097) Journal
    effectively and cheaply generate ethanol from cellulose

    I wonder does anyone know how much land this would take up?

    A. What's the richest source of cellulose
    B. Based on the energy value of the ethanol produced from say 1 tonne of the crop, how much land is going to be needed to replace the oil consumtion in private cars in the USA?

    I bet it's not a small amount...
    • "A. What's the richest source of cellulose"

      A Midwesterns thighs!

      At about 60 dollars a barrel it starts to become more profitable to sell crops for bio-fuel then it does to sell it to the food market.
      What do you think farmers are going to do?

    • Re:How much land? (Score:4, Informative)

      by ( 213219 ) on Wednesday February 15, 2006 @10:10PM (#14729387) Journal
      You have some good questions and I don't have the answers however, I can share some insight that I do have.

      Any woody or grassy plant is an excellent source of cellulose. This means that much land that is currently thought of as unprofitable would be well suited to grow the crop. For instance swamps could be harvested (without harming the wetlands in the winter) and could provide a huge amount of the raw matterials. "Slash and trash" from forests being harvested for lumber and pulp could also supply a lot of cellulose from the branches, leaves, and roots that are currently unused.

      From what I have read the conversion of cellulose to ethanol is pretty efficient; the bugs eat the woody stuff and crap out suggary stuff that is made into ethanol using pretty normal, efficient processes. Think of these bugs like yeast, they eat and reproduce quite well given the proper circumstances so their added cost is minimal.

      While the amount of land required to produce the feedstock for an ethanol production facility is something to consider, along with the costs of producing ethanol, this is only one part of the formula. The other side is the fact that oil that the United States imports puts us at the mercy of some people who we don't want controlling us. If we can put ourselves on a diet and reduce the amount of energy we import, we have a safer country and a more stable economy while we put Americans to work making something that we currently pay someone else for. When we reduce the demand for oil it is even likely that the oil that we do import will be less expensive (we are a major consumer of oil and the law of supply and demand will slide in our favor).

      Ethanol is not a new, unique, or unusual fuel. Brazil is already up and running on an alcohol based economy, the lion's share of their fuel is produced in Brazil from sugar cane. In the MidWest of the United States, many states require all of the fuel sold in their state contain ten percent ethanol. In Minnesota (where I live) we recently increased the minimum amount of ethanol to twenty percent. We have a number of ethanol plants here that are distilling ethanol from corn. E85 us also making inroads. I have not noticed any difference in the way my cars run (2000 Dodge pickup, 2000 Chevy Venture, and a 1993 Ford Explorer) since the switch. Regular gas here today was $2.04/gal. Some people say their gas mileage is about the same but I'd say that I have seen a slight decrease in the MPG from "real" gas, I would guess the number to be about 5% reduction in MPG. Still even assuming a slight reduction in MPG, how does $2.04 stack up against the price you are paying for gas?

      • "Slash and trash" from forests

        That just gave me a horrible vision of poor people slashing any vegetation they can find just to have it processed as fuel to make a quick buck. Going to have to be careful who can supply the fuel chain or this could just cause more environmental harm.


        LOL I wish I could get petrol [] so cheap. I'm assuming that $2.04 is per US gallon. That's 31.0 pence per litre. Here petrol is 94.9, which is $6.25 per US gallon.

        • "Slash and trash" is the stuff loggers leave behind after they have harvested the timber - it is mostly small branches, leaves, and root stock. In a way, commercial timber harvesting is horrible, clear cutting leaves the land pretty baren. Still, timber is like any other crop, it is able to be replanted and grow back. It just takes a bit longer.

      • Any woody or grassy plant is an excellent source of cellulose.

        Kudzu and water hyacinths, two scourges of the south, come immediately to mind. If you can make ethanol AND clean up these weeds, you win twice.

      • Older gasoline engines were designed without taking ethanol content into account. Some cheap plastic parts (cheap as in, less expensive) work just fine in gasoline engines, but deteriorate quickly when exposed to ethanol.

        The engines in the vehicles in Brazil were designed to take ethanol content into account, so they do not experience this problem. Both Ford and GM are bringing these engines to the United States in the near future (some are already here), so they will be just fine. It's those older cars
        • We have had ten percent ethanol in our fuel here in Minnesota for many years. I personally have never had to replace any part that has been damaged by ethanol and I don't expect the old Explorer to suffer any worse with twenty percent. Frankly, I think ethanol helps keep the fuel system cleaner.

          Alcohol is less volatile than gasoline in cold weather but the lion's share of every-day cars on the road are now fuel injected and that more than makes up for some alcohol in the gas (injectors vaporize fuel much
    • Would it be possible to do something similar to what they talk about in all the sci-fi novels where they grow various plants including alges in hydroponic tanks (or something similar) and then use the energy stored in the results as a fuel?
    • Once again Hemp has been shown to be the answer to all that ails ya.
  • For instance, if a user clicks on an e-mail that takes the Internet browser to a suspicious site, the address location of the Web site will show up highlighted in the color yellow. On top of that, a certificate badge on the browser will turn yellow. If the user clicks on the badge icon, they can immediately report the suspicious site to Microsoft.

    So how exactly do they determine that a site is suspicious? Further escalation in the eternal arms race ...

    Similarly, if a user clicks on a suspicious file tha

    • Obviously you sir are not a WindowsXP user.
      Suspicious sites are as easily identified as "Dangerous" system drivers. Any driver not signed by M$ is dangerous. Like wise any site not registerd with MSN is suspicious. Hope that cleared things up for you.
      BTW: Micro$oft would love to be able to allow anyone to register their website with MSN, but the economic reality is that the manpower required to verify your site is not free or even cheap. M$ has a responsibility to it's shareholders to make a modest p
    • Linux has this Cool Thing(tm) called fakeroot that does just that - basically intercepts file calls and allows the program to "change" any file on the system as root, without actually changing the filesystem.

      This is yet another cool tool that Microsoft has ripped off from Linux/UNIX. Other examples include the Monad shell (reminds me of Tcl/Tk and other GUIable scripting languages), and a feature explained to me by an insider as mapping the registry to a drive (/etc anyone?). Now, I haven't seen any oth

  • by Chiminea ( 696521 ) on Wednesday February 15, 2006 @09:53PM (#14729311)
    McKinnon did not accidently wander into those systems, he did it intentionally knowing he was breaking the laws in both the UK and the USA. I took over as SA on a machine he had previously compromised. When it was determined that it had been "hacked" (yeah it takes mad skillz to exploit the old default MS SQL password) I had to report it and deal with the ensuing fun. After the forensic analysis (which was very fruitful) the box had to be reinstalled from scratch:NT,SQL and a particularly ugly document management application. Now those of you reading this who are actual professional system administrators know that we probably had other things to do. So if Gary is worried about spending time in a Virginia prison, tough. Thats where we keep criminals. (Sorry, didn't mean to rant).
    • >McKinnon did not accidently wander into those systems, he did it intentionally knowing he was breaking the laws in both the UK and the USA

      Yes mate. Except as a British citizen who carried out these actions while in Britain, he should be tried under British law.

      How would you like it if the Iranian government decided you had broken their law by your actions online while sat at home in the States, and your government acquiesced and shipped you over there to face the music?
      • I have no problem with him being tried in Britain (I'm originally from Suffolk myself) but your argument that because he was in Britain while he was breaking these laws is somewhat specious. Although his physical body was in the UK his "presence" if you will, was in the machines he was accessing Stateside. That is the nature of networks; you can directly impinge things miles away from you. If I hacked an Iranian bank and stole money then I would expect to be prosecuted under their laws and rightly so (like
        • >Although his physical body was in the UK his "presence" if you will, was in the machines he was accessing Stateside.


          I would prefer to put it like this:
          Machines in the US accepted connections from remote computers over a public network, and executed code sent to them by a computer in the UK which was being operated by McKinnon.

          A machine is a machine - it does what you tell it, especially if you control the power button. A public network is a public network.
          • LOL, The victim (machine) stopped the bullet (code) that flew through the air (public network) sent by the gun (machine) that was discharged because someone pulled the trigger (BOFH!). Is it the fault of the victim that they were hit? Isn't this like blaming the guy the American Vice President shot for getting in the way. (Guns don't kill people! People with guns kill people!) Anyway, sorry for the silliness. The point is this bozo caused criminal injury (lost time and money) because of his actions; he is a
    • I'm not sure I would even characterise someone who entered a system that still had the default password as a criminal. It's like leaving a door open and then complaining someone came in. At best you could call it trespass (which isn't criminal).

      Personally I'd get mad with the fuckwit who didn't change the password first.

      • Well if I could find the F*cktard in question a quick foot to the groin might be forthcoming, but they have long since departed the site. As far as "trepass" goes, a child might open the closed door of a neighbor's house and go in, an adult would not (let alone go down the lane trying every door they could). The presence of even a default password indicates that you are not supposed to go in. The door was not "open" (but it surely could have used a better lock...). Imagine how your beloved would feel if she
        • I can see both sides, really, but I don't think a default password even implies you aren't meant to go in. It means the owner has made exactly zero effort to secure it. Zero. Now consider the real world equivalent of no security effort whatsoever: a closed, unlocked door at best.

          One thing I hate is the current perception that, in law, the digital world should have more protection than the physical one. The presumption of freedom should triumph in both realms.

  • From the Seattle Post Intelligencer o card14.html/ []

    At the same time, the company [Microsoft] says it doesn't want InfoCard to be the only program of its kind. The program uses non-proprietary communications standards, and Microsoft says it would like to see the people and companies behind other operating systems, such as Linux and Apple's Mac OS X, create their own programs similar to InfoCard, to make the approach more common.

    The approach "essentially adds an

  • When everyone knows that triffids are the answer, and have absolutely no adverse consequences at all...?

Q: How many IBM CPU's does it take to execute a job? A: Four; three to hold it down, and one to rip its head off.