Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×

Submission + - The NSA Is Being Sued for Keeping Keith Alexander's Financial History Secret (vice.com)

Submitted by Daniel_Stuckey
Daniel_Stuckey writes: Now the NSA has yet another dilemma on its hands: Investigative journalist Jason Leopold is suing the agency for denying him the release of financial disclosure statements attributable to its former director. According to a report by Bloomberg , prospective clients of Alexander's, namely large banks, will be billed $1 million a month for his cyber-consulting services. Recode.net quipped that for an extra million, Alexander would show them the back door (state-installed spyware mechanisms) that the NSA put in consumer routers.

Submission + - Programmers: Why Haven't You Joined The ACM? (itworld.com) 1

Submitted by jfruh
jfruh writes: The Association for Computing Machinery is a storied professional group for computer programmers, but its membership hasn't grown in recent years to keep pace with the industry. Vint Cerf, who recently concluded his term as ACM president, asked developers what was keeping them from signing up. Their answers: paywalled content, lack of information relevant to non-academics, and code that wasn't freely available.

Submission + - How to prevent the next Ebola outbreak (thebulletin.org)

Submitted by Lasrick
Lasrick writes: The most recent Ebola outbreak has occurred is in 3 countries that have not previously reported the disease. Laura Kahn believes humans are becoming more and more vulnerable to Ebola and other deadly diseases because of increased exposure, a result of massive deforestation: 'Environmental destruction and widespread deforestation seem to constitute a common thread in causing the emergence of many of the deadliest viruses known to humanity...Deadly viruses such as Ebola and Nipah emerge in human populations after widespread deforestation destroys the habitats of fruit bats to make way for agriculture.' In countries desperate to feed themselves, bushmeat consumption is a dangerous practice that exposes humans to Ebola. The answer, Kahn believes, is a sustainable approach to large-scale livestock production: 'The Ebola virus can be contained, but doing so requires that people be convinced to change behavior that earns them money and provides them food.'

Submission + - Bird flocks resemble liquid helium (sciencemag.org)

Submitted by sciencehabit
sciencehabit writes: A flock of starlings flies as one, a spectacular display in which each bird flits about as if in a well-choreographed dance. Everyone seems to know exactly when and where to turn. Now, for the first time, researchers have measured how that knowledge moves through the flock—a behavior that mirrors certain quantum phenomena of liquid helium. Some of the more interesting findings: Tracking data showed that the message for a flock to turn started from a handful of birds and swept through the flock at a constant speed between 20 and 40 meters per second. That means that for a group of 400 birds, it takes just a little more than a half-second for the whole flock to turn.

Submission + - Ask Slashdot: After TrueCrypt (slashdot.org)

Submitted by TechForensics
TechForensics writes: (Resubmitted because was not identified as "Ask Slashdot"

We all know the TrueCrypt story-- a fine, effective encryption program beginning to achieve wide use. When you see how the national security agency modified this tool so they could easily overcome it, you'll probably understand why they don't complain about PGP anymore. The slip that showed what was happening was the information that NSA "were really ticked about TrueCrypt" either because they couldn't circumvent it or found it too difficult. From the standpoint of privacy advocates, NSA's dislike for TrueCrypt was evidence it was effective.

Next, NSA directly wrapped up the makers of TrueCrypt in legal webs that made them insert an NSA backdoor and forbade them from revealing it was there. It's only because of the cleverness of the TrueCrypt makers the world was able to determine for itself that TrueCrypt was now compromised. (Among other things, though formerly staunch privacy advocates, the makers discontinued development of TrueCrypt and recommended something like Microsoft Bitlocker, which no one with any sense believes could be NSA – hostile. It then became logically defensible, since NSA was not complaining about PGP or other encryption programs, to posit they had already been compromised.

This is the situation we have: all of the main are important encryption programs are compromised at least in use against the federal government. Whether NSA tools are made available to local law enforcement is not known. This all begs the question:

Does the public now have *any* encryption that works? Even if we can see the source code of the encryption algorithm the source code of the program employing that algorithm must be considered false. (TrueCrypt was the only program NSA complained about.) In the case of other software, it becomes believable the NSA has allowed to be published only source code that hides their changes, and the only way around that may be to check and compile the published code yourself. Half the public probably doesn't bother.

Okay, Slashdot, what do you think? Where do we stand? And what ought we to do about it?We all know the TrueCrypt story-- a fine, effective encryption program beginning to achieve wide use. When you see how the national security agency modified this tool so they could easily overcome it, you'll probably understand why they don't complain about PGP anymore. The slip that showed what was happening was the information that NSA "were really ticked about TrueCrypt" either because they couldn't circumvent it or found it too difficult. From the standpoint of privacy advocates, NSA's dislike for TrueCrypt was evidence it was effective.

Next, NSA directly wrapped up the makers of TrueCrypt in legal webs that made them insert an NSA backdoor and forbade them from revealing it was there. It's only because of the cleverness of the TrueCrypt makers the world was able to determine for itself that TrueCrypt was now compromised. (Among other things, though formerly staunch privacy advocates, the makers discontinued development of TrueCrypt and recommended something like Microsoft Bitlocker, which no one with any sense believes could be NSA–hostile. It then became logically defensible, since NSA was not complaining about PGP or other encryption programs, to posit they had already been vitiated.

This is the situation we have: all of the main or important encryption programs are compromised at least in use against the federal government. Whether NSA tools are made available to local law enforcement is not known. This all begs the question:

Does the public now have *any* encryption that works? Even if we can see the source code of the encryption algorithm the source code of the program employing that algorithm must be considered tainted. (TrueCrypt was the only program NSA complained about.) In the case of other software, it becomes believable the NSA has allowed to be published only source code that hides their changes, and the only way around that may be to check and compile the published code yourself. Half the public probably doesn't bother. (Would it not be possible for the NSA to create a second TrueCrypt that has the same hash value as the original?)

Okay, Slashdot, what do you think? Where do we stand? And what ought we to do about it?

Comment Avast and Abaft, maties, heave! (Score 1) 231

by bindlestiff (#47416441) Attached to: Avast Buys 20 Used Phones, Recovers 40,000 Deleted Photos

I'm sure there's a Kernel of Truth in this article and if I found it I'd run it on my old Laptop Of Doom. But if Avast told me the sun was shining I'd have to take a walk to the nearest window before believing it. Seriously. This just reads like exaggerated marketing FUD for their Android app.

Submission + - Peak Copper: The end begins in 30 years (sciencemag.org)

Submitted by goombah99
goombah99 writes: If electrons are the lifeblood of a modern economy, copper makes up its blood vessels. In cables, wires, and contacts, copper is at the core of the electrical distribution system, from power stations to delicate electronics. As consumption has risen exponentially—reaching 17 million metric tons in 2012—miners have met the world's demand for 10,000 years. But that might soon change. A group of resource specialists has taken the first shot at projecting how much more copper miners will wring from the planet. Results of their model, described this month, show that production peaks by about midcentury even if copper is more abundant than most geologists believe. That would drive prices sky-high, trigger increased recycling, and force inferior substitutes for copper on the marketplace.

Submission + - Linksys Routers Exploited by "TheMoon" (sans.edu)

Submitted by UnderAttack
UnderAttack writes: A vulnerability in many Linksys routers, allowing for unauthenticated code execution, is used to mass-exploit various Linksys routers right now. Infected routers will start scanning for vulnerable systems themselves, leading to a very fast spread of this "worm".

Submission + - Slashdot Beta: Because They Hate You 3

Submitted by boolithium
boolithium writes: People on here are missing the point of the Beta roll out. The elimination of the existing user base is not a side effect, it is a feature. Slashdot as a brand has value, but as a site has limited commercial appeal. The users are the kids at the lunch table, where not even the foreign exchange students want to sit. Nobody ever got laid from installing NetBSD.

Once they are finished with their nerd cleansing, they can build a new Slashdot. A sexier Slashdot. A Slashdot the kids can dance to.

They aren't ignoring you. They are exterminating you.

Submission + - Applied Crypto Hardening with BetterCrypto.org (bettercrypto.org)

Submitted by Anonymous Coward
An anonymous reader writes: Good open source cryptography is essential to security. Correctly implementing this is often a complex riddle. This project aims to provide an open source guide to applied crypto hardening.

Comment Re:Unity was Canonical's suicide note (Score 1) 685

by bindlestiff (#38031060) Attached to: Linux Mint: the New Ubuntu?

What Arrogant Bastard said. This was more like vandalism than an "upgrade". My best-working systems are the ones that have been left alone, and the ones that were "upgraded" have given me nothing but frustration and a poor user experience since. As many have said, offering a new UI is fine; throwing it in everyones faces was childish and extremely ill-considered. Major Fail, Ubuntu.

Comment Re:Maybe a punishment? (Score 1) 14

by bindlestiff (#35762926) Attached to: Archaeologists Find First "Gay" Grave

I agree; the treatment given this person could easily have been insulting treatment of a pariah rather than acceptance of a gay person. Assuming we understand the message and motive just because we see the action is an insupportable connection in this case. It is indeed very interesting but does not lend itself to a definite conclusion about the attitudes of the people who conducted the burial. Let's say for example... maybe he killed a woman, and her body was unrecoverable for some reason, but they knew who had done it. The family told him they were going to have a burial for her whether she could be recovered or not, and he was invited to stand in for her. ;) No doubt there are hundreds of other possible scenarios.

Comment Satisfying the Victim/Customer, Chinese Style (Score 1) 347

by bindlestiff (#35762284) Attached to: Magical Chinese Hard Drive

I got my education on this issue early on, in the 80's. I was running a popular BBS and had a boner for one of those new-fangled ripping-fast 1200 baud modems. I just knew my life would be better if I could get one, but couldn't afford the prices. Then I went to a computer show and saw it in its plain white box: a Genuine "Hi-Fidelity" brand 1200 baud internal modem for no more than 80 or 90 bucks. Well Now! I went home that night and slipped it into an ISA slot on my Wells-American 12MHz '286 and It Worked! I was thrilled, until I started trying to tie it into the BBS software. Everything ran without a complaint, until it was time for the modem to actually behave as it was being told to do; setting for auto-answer, how many rings to wait before answering, setting a particular baud rate, anything of that sort that went beyond ATDT or ATA (dial a number or answer a call) just didn't seem to be working out.

I stayed up for hours into the night trying to figure out what I could possibly be doing wrong, issuing Hayes commands from a terminal, seeing them accepted and tearing my hair out while the system acted as if I had done none of the "right" things to make everything work. Around 2 or 3am with the beer and my patience running out, I sat down in front of the terminal and typed "ATFUCKYOU" and hit . The damnable thing answered back "OK" and I realized I had been had.

It would answer "OK" to -any- string as long as it had an AT in front of it. Us round-eye devils wanted Hayes command set compatibility and they'd give it to us... on their terms, and run away with the money. It was an expensive (in 1984 or so dollars) lesson in the psychology of Chinese technology vendors that I have never forgotten. Don't trust them, don't trust even what you see unless you can confirm it all the way to the end of the test chain, and then don't assume the next one out of the box is going to act anything like the one you just tested.

Slashdot Top Deals

BASIC is the Computer Science equivalent of `Scientific Creationism'.

Close