WhiteDragon - Slashdot User

Submission + - XKEYSCORE: NSA'S Google for the World's Private Communications (firstlook.org)

Submitted by Advocatus Diaboli on Wednesday July 01, 2015 @06:36PM

Advocatus Diaboli writes: "The NSA’s ability to piggyback off of private companies’ tracking of their own users is a vital instrument that allows the agency to trace the data it collects to individual users. It makes no difference if visitors switch to public Wi-Fi networks or connect to VPNs to change their IP addresses: the tracking cookie will follow them around as long as they are using the same web browser and fail to clear their cookies. Apps that run on tablets and smartphones also use analytics services that uniquely track users. Almost every time a user sees an advertisement (in an app or in a web browser), the ad network is tracking users in the same way. A secret GCHQ and CSE program called BADASS, which is similar to XKEYSCORE but with a much narrower scope, mines as much valuable information from leaky smartphone apps as possible, including unique tracking identifiers that app developers use to track their own users."

also

"Other information gained via XKEYSCORE facilitates the remote exploitation of target computers. By extracting browser fingerprint and operating system versions from Internet traffic, the system allows analysts to quickly assess the exploitability of a target. Brossard, the security researcher, said that “NSA has built an impressively complete set of automated hacking tools for their analysts to use.” Given the breadth of information collected by XKEYSCORE, accessing and exploiting a target’s online activity is a matter of a few mouse clicks. Brossard explains: “The amount of work an analyst has to perform to actually break into remote computers over the Internet seems ridiculously reduced — we are talking minutes, if not seconds. Simple. As easy as typing a few words in Google.”

Comment iOS users feel it (Score 1, Insightful) 311

by Bruce Perens on Tuesday June 30, 2015 @10:26PM (#50023157) Attached to: Is Safari the New Internet Explorer?

I currently have a web radio transceiver front panel application that works on Linux, Windows, MacOS, Android, Amazon Kindle Fire, under Chrome, Firefox, or Opera. No porting, no software installation. See blog.algoram.com for details of what I'm writing.

The one unsupported popular platform? iOS, because Safari doesn't have the function used to acquire the microphone in the web audio API (and perhaps doesn't have other parts of that API), and Apple insists on handicapping other browsers by forcing them to use Apple's rendering engine.

I don't have any answer other than "don't buy iOS until they fix it".

Comment Re:We will be finding an alternative (Score 2) 147

by davidu on Tuesday June 30, 2015 @05:43PM (#50021909) Attached to: Cisco To Acquire OpenDNS

I'd like you to at least give us a chance. I am still running the ship here.

Comment Re:Why two videos? For the love of dog, why?! (Score 1) 48

by aardvarkjoe on Tuesday June 30, 2015 @05:11PM (#50021711) Attached to: Cory Doctorow Talks About Fighting the DMCA (2 Videos)

That said, I still can't see any good reason for doing this. "Management-imposed restraints" could mean anything.

Well, "management-imposed restraints" doesn't actually answer the question of why, so your question wasn't unreasonable.

Based on the trajectory of Slashdot after the Dice takeover, though, presumably the real answer for "why" is "because our managers are total morons."

Submission + - Advice to a Yong Person Looking for a Field (algoram.com)

Submitted by Bruce Perens on Tuesday June 30, 2015 @01:36PM

Bruce Perens writes: A young person wrote to me "Hello Mr. Guru, I'd like to get into Software, take Windows off of my computer, install Debian or something, learn HTML, PHP, and become a good hacker. Is it too late? Where can I find the really smart people?" Here's my answer.

Comment Re:RFCs are not laws (Score 2) 53

by Just Some Guy on Tuesday June 30, 2015 @12:13PM (#50019405) Attached to: RFC 7568 Deprecates SSLv3 As Insecure

The market not IETF process decides which protocols will continue to be used going forward.

The market loves when we have formal documents laid down by the Formal Documents People confirming what we've been telling our bosses for years. I would bet large sums of money that some tech, somewhere, just walked out of a meeting happy because he finally has permission to deprecate a long-broken system.

Comment Re:Actual real pilots discussion on another foru (Score 1) 268

by RPI Geek on Tuesday June 30, 2015 @09:03AM (#50018065) Attached to: Drone Diverts Firefighting Planes, Incurring $10,000 Cost

Sure, and how much does it cost to store the thing, to have it launched, and do whatever else has to be done with a glider? I know powered aircraft are often white elephants in that respect.

Much less than a powered aircraft. Gliders generally disassemble and are stored in trailers; maintenance is limited to the annual inspection, washing/waxing, repairs, replacement of wear components, periodic repacking of your parachute if you wear one, um... I'm sure I'm missing something. One of the big expenses is just non-existent: there's no powerplant to maintain! Launching fees vary widely, but they start at ~$5 for a winch launch. Flights can be as short as 5 minutes or upwards of 5 hours, depending on conditions, endurance, and skill. Insurance isn't free, but it's certainly not prohibitively expensive.

I don't have a day a week to train so I could legally (under the sort of regime being proposed) fly my model aircraft. And they'd cost that same $10k-$20k once all the proposed equipment to do things like respect NOTAMs and restricted areas is put in. Because no one would make such equipment for hobbyists, they'd make it for the commercial market.

Most of the FAA's regulations actually make sense, and the licensing requirements for different categories of aircraft / licenses call for different levels of training - flying an ultralight doesn't even require a license (but the pilots are still responsible for following the rules). I would suspect that a drone rating would be a simple knowledge test, and there would be no practical exam since so much of a drone's flight is automated - it might even be something you could self-study for. Obtaining the required number of flight hours, and otherwise preparing for the practical is what constitutes the lion's share of the time/money needed to get a private/light sport/recreational license - you need to know, for example, what causes stalls and how to recover from them. I suspect the exam would cover things like airspace definitions and rules, right-of-way rules, etc.

Comment Re:Actual real pilots discussion on another foru (Score 1) 268

by RPI Geek on Monday June 29, 2015 @09:26AM (#50010837) Attached to: Drone Diverts Firefighting Planes, Incurring $10,000 Cost

On the contrary, a lot of people want draconian restrictions like mandatory licensing and restrictions on sale of such vehicles.

Perhaps I misspoke. I should have said that I've not heard from anyone who wants this, and I have talked about it with other pilots.

except relatively wealthy ones with a ton of time, like yourself

Your assumptions are showing.

While there are wealthy pilots, most of us are of modest means. My (small) car is paid off so I spend the equivalent of its payment on my hobby during the on season, and that amount will go down once I finish my license. I won't need to buy my own glider outright, but if I do decide to do so, there are perfectly adequate specimens for sale in the $10k-$20k range.

As for time, I fly one day per week - sometimes two, sometimes zero. On the days I do fly, I still have time to mow the lawn, cook dinner, work on household projects, and even watch a movie with family.

Comment Re:Dear Slashdot Management (Score 1) 40

by DeadBeef on Monday June 29, 2015 @04:39AM (#50009933) Attached to: Solar Impulse, Continuing World-Spanning Trip, Attempts To Cross The Pacific

I'm loving the irony of you letting people know where the link is to the comments inside the comments section.

The AC braintrust has done well.

Comment Dear Slashdot Management (Score 4, Insightful) 40

by DeadBeef on Monday June 29, 2015 @03:38AM (#50009823) Attached to: Solar Impulse, Continuing World-Spanning Trip, Attempts To Cross The Pacific

Please return the user interface to how it was. You are just pissing the long term userbase off.

Pulling out the read more link is like pulling the start button / menu from windows 8. It is a user interface disaster because it's not obvious w\
here you should click for the comments.

Slashdot has always been about the comments, if you minimise them by obfuscating the link to them you are left with the news stories from reddit \
a couple of days late and some obvious paid advertising plants.

Implementing aspects of the failed beta interface piecemeal with no discussion seems a bit underhanded.

If you aren't lucky you might succeed at killing slashdot which would be a shame.

Comment Re:Too bad they couldn't test the escape system (Score 3, Informative) 316

by Bruce Perens on Sunday June 28, 2015 @11:03PM (#50009229) Attached to: A Failure For SpaceX: Falcon 9 Explodes During Ascension

Super Dracos are for escape in flight too, including in and past MaxQ. But they are on Crew Dragon, not Cargo Dragon. Cargo Dragon did not carry a crew and wasn't programmed to save itself.

Comment It's called Rocket Science for a reason ... (Score 4, Insightful) 316

by xmas2003 on Sunday June 28, 2015 @10:59AM (#50006337) Attached to: A Failure For SpaceX: Falcon 9 Explodes During Ascension

Bummer to see this happen - was really hoping they could "stick the landing" on the 3rd try ... but obviously never got the chance.

SpaceX has been very forthcoming with their telemetry data and analysis, so hopefully we'll hear what happened soon.

Comment Re:Another great Scalia line (Score 1) 1083

by Alsee on Saturday June 27, 2015 @09:02PM (#50004353) Attached to: Supreme Court Ruling Supports Same-Sex Marriage

Brilliant! You're arguing to reinstate the bans against interracial marriage.

-

Comment Re:Randomness can't come from a computer program (Score 1) 64

by Bruce Perens on Saturday June 27, 2015 @08:18PM (#50004185) Attached to: NIST Updates Random Number Generation Guidelines

Most of us do have a need to transmit messages privately. Do you not make any online purchases?

Yes, but those have to use public-key encryption. I am sure of my one-time-pad encryption because it's just exclusive-OR with the data, and I am sure that my diode noise is really random and there is no way for anyone else to predict or duplicate it. I can not extend the same degree of surety to public-key encryption. The software is complex, the math is hard to understand, and it all depends on the assumption that some algorithms are difficult to reverse - which might not be true.

Comment Re:Actual real pilots discussion on another foru (Score 1) 268

by RPI Geek on Saturday June 27, 2015 @07:57PM (#50004101) Attached to: Drone Diverts Firefighting Planes, Incurring $10,000 Cost

Student pilot here, you're wrong. I fly for a hobby and will never earn a living doing it so I have no fear of lost income, but drones are scary because they could kill me. The thought of a quadcopter popping up in front of my flight path on short final is scary indeed - there's already plenty to think about without worrying about that.

Like anything, flying is a calculated risk and I accept the odds, the recent proliferation of cheap drones just makes it a bit riskier. It's not so scary that I'm going to stop, but I would like some kind of formalized rule to mitigate it. Nobody wants draconian restrictions like mandatory licensing, but Joe Sixpack oughtn't try to take a close-up video of my landing without discussing it with me beforehand (link).

OP is correct, there is no good solution apparent.

Slashdot Top Deals