Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×

Comment baaaannned.... (Score 1) 22

by lkcl (#49944117) Attached to: Google Launches YouTube Newswire To Verify Eyewitness Videos

well dang, this is gonna get google banned in a few more countries that have human rights abuse issues and corrupt governments... with the possible exception of america, where google would fight tooth and nail to stop that happening. instead i suspect they'll work quite hard to twist what the definition of "verified editorial" is - most likely by deploying operatives within the team. this is gonna be fuun!
Privacy

Privacy Advocates Leave In Protest Over U.S. Facial Recognition Code of Conduct 161

Posted by samzenpus from the all-the-better-to-identify-you-with dept.
Taco Cowboy writes: Nine privacy advocates involved in the Commerce Department process for developing a voluntary code of conduct for the use of facial recognition technology withdrew in protest over technology industry lobbyists' overwhelming influence on the process. "At a base minimum, people should be able to walk down a public street without fear that companies they've never heard of are tracking their every movement — and identifying them by name — using facial recognition technology," the privacy advocates wrote in a joint statement. "Unfortunately, we have been unable to obtain agreement even with that basic, specific premise." The Commerce Department, through its National Telecommunications and Information Administration, brought together "representatives from technology companies, trade groups, consumer groups, academic institutions and other organizations" early last year "to kick off an effort to craft privacy safeguards for the commercial use of facial recognition technology."

The goal was "to develop a voluntary, enforceable code of conduct that specifies how the Consumer Privacy Bill of Rights applies to facial recognition technology in the commercial context." But after a dozen meetings, the most recent of which was last week, all nine privacy advocates who have participated in the entire process concluded that they were thoroughly outgunned. "This should be a wake-up call to Americans: Industry lobbyists are choking off Washington's ability to protect consumer privacy," Alvaro Bedoya, executive director of the Center on Privacy & Technology at Georgetown Law, said in a statement. "People simply do not expect companies they've never heard of to secretly track them using this powerful technology. Despite all of this, industry associations have pushed for a world where companies can use facial recognition on you whenever they want — no matter what you say. This position is well outside the mainstream."

Comment moderator censorship war! (Score 1) 401

by lkcl (#49927215) Attached to: European Court: Websites Are Responsible For Users' Comments

fuck me as if we don't have enough to contend with here on slashdot with moderators (users) getting into a bun-fight over what comments are appropriate and which aren't, under this ruling the slashdot web site owners would have to review all the comments *and* the moderations *and* all the meta-moderations *anyway*! let the moderation wars begin... starting with this comment, yaay!
EU

Microsoft Lets EU Governments Inspect Source Code For Security Issues 143

Posted by samzenpus from the take-a-look dept.
itwbennett writes: Microsoft has agreed to let European governments review the source code of its products to ensure that they don't contain security backdoors, at a transparency center in Brussels. The second of its kind, the new center follows on the heels of the first, built last June in Redmond, Washington. Part of Microsoft's Government Security Program, the company hopes the centers will create trust with governments that want to use Microsoft products. "Today's opening in Brussels will give governments in Europe, the Middle East and Africa a convenient location to experience our commitment to transparency and delivering products and services that are secure by principle and by design," said Matt Thomlinson, Vice President of Microsoft Security.

Comment Re:how can we trust facebook? (Score 1) 138

by lkcl (#49828597) Attached to: Facebook Now Supports PGP To Send You Encrypted Emails

Facebook is not doing encrypted messaging between users. Did you RTFA at all?

i did indeed... but it obviously wasn't clear enough. i believe that would come from the subject line saying "facebook is sending encrypted emails", rather than the subject saying "facebook allowing you to receive GPG-signed administrative notifications by email".

Comment how can we trust facebook? (Score 1) 138

by lkcl (#49821725) Attached to: Facebook Now Supports PGP To Send You Encrypted Emails

errr, so i want to send a communication, ok? it's supposed to be private, right? but it's a web service: facebook could, at any time (even under secret fascist subpoena) change or be forced to change (without informing us) the user interface so that the encrypted message is no longer encrypted, but is in fact entirely in cleartext.

you might think, "ok, well, surely we could then just have a messenger service or app which does the job, and we could trust that, right?" and the answer is "well no, absolutely not you can't... not unless the entire source code is available, and a chain of trust is established that guarantees a verifiable and traceable compile and distribution chain".

which, basically, means you need a software libre distribution (such as debian) because those have full source available, and GPG-signing right the way from the developers (whose identities are verified via key-signing parties that involve showing proof of ID on each signing), all the way through to distribution where a "Release" file containing the MD5 checksums of every package is, once again, GPG-signed by provably verified individuals.

the bottom line is that just because facebook *says* it's secure doesn't actually make it so, and announcing "yeah we provide a secure encrypted email service" is actually a dangerous DISSERVICE. you can't *EVER* guarantee that the servers have been compromised, and web browser *implicitly* trust what the servers give them to run.

the best thing that facebook could do is provide a programming API via which encrypted emails *may* be sent, and then sponsor software libre teams such as mutt, and everyone else, to provide 3rd party (entirely software libre) applications that deliver *and receive* encrypted mail. the only hurdle to get over there would be whether the software libre teams would view working with facebook to be endorsement of SaaSS (service as a software substitute - http://www.gnu.org/philosophy/...) which i can guarantee in advance that any GNU project will *not* do.

Comment Re:Not the same, but I guess the best we can do (Score 1) 73

by lkcl (#49806699) Attached to: Artist Uses 3D Printing To Preserve Artifacts Destroyed By ISIS

I'm afraid that willfull, destructive ignorance and barbarism isn't a problem that technology can solve. A digital copy, however perfect, remains a copy, and by nature, can't be used as proof that there ever *was* an original, which is the entire purpose of ISIS's destruction of these relics.

i disagree, outright. their aim is to destroy availability and access to anything that could cause people to have "thoughts" outside of the proscribed and permitted range as dictated by them. in that regard, it *doesn't matter* that the copies are imperfect replicas of the original.

in fact, now that i think about it: a second objection to what you say is that if anyone else notices a discrepancy, they may take a copy of the files and improve on it. so in that regard, the fact that these insane people have endeavoured to destroy the originals actually results in *more* people with access to - and thus thinking about - the origins of the artefacts that were destroyed.

either way, these insane people have *helped* spread the messages that they attempted to suppress. so i think i will mark this story as "stressandeffect".
Communications

Orange County Public Schools To Monitor Students On Social Media 166

Posted by timothy from the well-that's-air-tight dept.
The Orlando Sentinel reports that Orange County, Florida, is undertaking a sweeping effort to snoop on the social media communications of the county's public school students and staff, for the nebulous task of "[ensuring] safe school operations," and say they will use the software (at a license cost of about $13,000 per year) "to conduct routine monitoring for purposes of prevention or early intervention of potential issues where students or staff could be at risk to themselves or to others." The software they're using is from Snaptrends, which offers "location-based social media discovery." According to one of the comments attached to the linked story, there are monthly fees, in addition to the annual licensing cost.
Censorship

Artist Uses 3D Printing To Preserve Artifacts Destroyed By ISIS 73

Posted by timothy from the not-quite-the-same dept.
tedlistens writes: "From the burning of the Library of Alexandria to the destruction of the Buddhas of Bamiyan in Afghanistan by the Taliban, to the Nazi's battle to burn as much "degenerate art" as they could find, mobs and soldiers have been quick to destroy what took societies centuries to create; what museums and collectors spent decades collecting, preserving, and documenting for the public." However, as noted by Motherboard in an article to which tedlistens links, "The digital era looks different: files can be cheaply hosted in data centers spread across several states or continents to ensure permanence. Morehshin Allahyari, an Iranian born artist, educator, and activist, wants to apply that duplicability to the artifacts that ISIS has destroyed. Now, Allahyari is working on digitally fabricating the sculptures for a series called "Material Speculation" as part of a residency in Autodesk's Pier 9 program. The first in the series is "Material Speculation: ISIS," which, through intense research, is modeling and reproducing statues destroyed by ISIS in 2015. Allahyari isn't just interested in replicating lost objects but making it possible for anyone to do the same: Embedded within each semi-translucent copy is a flash drive with Allahyari's research about the artifacts, and an online version is coming.

Comment trees cut down in the cities (Score 4, Interesting) 155

by lkcl (#49782843) Attached to: Heat Wave Kills More Than 1,100 In India

i visited bangalore in 2006, to see a friend living there. he explained that when the trees were cut down in the cities (so that more housing could be built), temperatures soared by an additional 10 *centigrade*. so, the ambient temperature surrounding the cities would be 45 degrees, but in bangalore it would reach *fifty five* centigrade. the point of mentioning this is that it's a much more direct version of how man has an effect on his immediate environment. change the landscape, you change the weather, it's as simple as that. we can learn from that... or simply die. it's our choice.

Comment tried and failed... and prior art anyway (Score 1) 102

by lkcl (#49758065) Attached to: Cute Or Creepy? Google's Plan For a Sci-Fi Teddy Bear

hang on... didn't bunnie huang do the "chumby", and didn't barbie try doing something like this - putting an interactive wifi and mic aspect into one of their barbie dolls... with a huge back-lash as a result? so (a) why is there an expectation that this will succeed (b) why was the patent granted when there is clear prior art???

Comment debian digital signing and the GPG keyring (Score 2) 94

by lkcl (#49749449) Attached to: NSA Planned To Hijack Google App Store To Hack Smartphones

this is why debian has the GPG key-signing parties, and why all packages are GPG-signed by the package maintainer when they compile it, why the ftp masters sign the package when it's uploaded, and why the release files which include the checksums of all the packages are also GPG-signed. under this scenario there are an extremely limited number of extremely paranoid methods by which debian may be compromised. even the scenario of "cooperation between long-term sleeper agents within debian's ranks" would have a one-shot opportunity to get away with introducing malicious code, following the discovery of which their GPG keys would be revoked, the perpetrators kicked out of debian, their packages pulled immediately pending a review, and the already-effective procedures reviewed to involve multi-person GPG signing that would make it even harder for compromise to occur in the future.

now, if you recall, there was an announcement a couple of years back that the development of Mozilla's B2G was declared to be "open" to all, so i contributed with a thorough security-conscious review of how to do package distribution. it turns out that Mozilla is *NOT* open - at all. several other contributors have learned that the Mozilla Foundation is in direct violation of its charter.

basically, the Mozilla Foundation *completely* ignored the advice that i gave - which was that the use of SSL as a distribution mechanism would be vulnerable to *exactly* the kinds of attacks that we see the NSA attempting to do on google. they went so far as to enact censorship, preventing and prohibiting me from pointing out the severe security flaws inherent in their chosen method of package distribution. i remain deeply unimpressed with many aspects of so-called "open-ness" of well-funded software libre projects.

Slashdot Top Deals

It is easier to write an incorrect program than understand a correct one.

Close