Forgot your password?
typodupeerror

Comment: Re:New SSL root certificate authority (Score 1) 129

by Sloppy (#47508375) Attached to: Snowden Seeks To Develop Anti-Surveillance Technologies

Thanks for the insult. It hardly stung.

Unless you worked at Netscape in the mid-1990s, no insult was intended.

All I meant is that by the very early 1990s, we (and by "we" I mean people smarter than me; I was clueless at the time) had a pretty good idea that CAs wouldn't work well outside of real power hierarchies (e.g. corporate intranets). But then a few years later the web browser people came along and adopted X.509's crap, blowing off the more recent PKI improvements, in spite of the fact that it looked like it wouldn't work well for situations like the WWW.

Unsurprisingly, it didn't work well. Organizing certificate trust differently than how real people handle trust, 1) allows bad CAs to do real damage, and 2) undermines peoples' confidence in the system.

A very nice way of saying this, is that in hindsight, the predicted problems are turning out to be more important than we thought most people would care about. ;-) It's almost as though now (no fair! you changed the requirements!!) people want SSL to be secure.

Keeping the same organization but with new faceless unaccountable trust-em-completely-or-not-at-all root CAs won't fix the problem. Having "root CAs" is the problem, and PRZ solved it, over 20 years ago.

I expect you to start the project shortly.

It's a little late to start, but I do happen to still be running an awful lot of applications (web browser being the most important one) which aren't using it yet.

Comment: Re:Secure pairing is hard (Score 1) 131

by Sloppy (#47507817) Attached to: The "Rickmote Controller" Can Hijack Any Google Chromecast

How does Diffie-Hellman key exchange provide identification of the other party? .. It is not possible to determine who the other party is

It's possible. It requires an extra piece beyond the DH, but that extra piece isn't PKI. The user is the trusted introducer. The user looks around and says "Yep, these are the only two devices physically here that I have ordered to peer, right now." They are identified by being in the right place at the right time, triggered by the user saying "Now." That's a pretty good way to do things unless you're just totally surrounded by spies.

Comment: Re:Technology is only a small part of the problem (Score 1) 129

by Sloppy (#47500695) Attached to: Snowden Seeks To Develop Anti-Surveillance Technologies

It's a small part, but it's a part. I think Snowden has done his fair share of trying to inform laymen and stir up giving-a-fuck. If he wants to switch to working on tech, he could accomplish nothing and still come out far ahead of the rest of us. ;-)

The existence of a decent open-source router can't do much against a U.S. National Security Letter.

While we certain should care enough to force our government to stop being our adversary, there will always nevertheless be adversaries. You have to work on the tech, too. Even if you totally fixed the US government, Americans would still have to worry about other governments (and non-government parties, such as common criminals, nosey snoops, etc), where you have no vote at all. You will never, ever have a total social/civic solution which relies on, say, 4th Amendment enforcement to keep your privacy. I'm not saying your chances are slim; I'm saying they're literally 0%.

Furthermore, getting our tech more acceptable to layment acually would correct some of the problems inherent with NSLs, improving the situation even in a we-still-don't-give-a-fuck society. If you do things right, then the person they send the NSL to, is the surveillance target. The reason NSLs (coercion with silence) works is that people unnecessarily put too much trust into the wrong places.

For example, Bob sends plaintext love letters to Alice, so anyone who delivers or stores the love letters, can be coerced into giving up the contents. OTOH if they did email right, then if someone wanted to read the email Bob sent to Alice, they'd have to visit Bob or Alice. That squashes the most egregious part of NSLs, where the victim doesn't even get to know they're under attack.

That's true whether we're talking about email, or even if Bob and Alice get secure routers and VPN to each other. One of them gets the NSL ordering them to install malware on their router.

Comment: Re:New SSL root certificate authority (Score 2) 129

by Sloppy (#47500451) Attached to: Snowden Seeks To Develop Anti-Surveillance Technologies

A nice step ahead would be the establishment of a new set of root certificates...

The lesson of CA failure is that there shouldn't be root authorities. Users (or the people who set things up for them, in the case of novices) should be deciding whom they trust and how much, and certificates should be signed by many different parties, in the hopes that some of them are trusted by the person who uses it.

If you want to catch up to ~1990 tech, then you need to remove the "A" in "CA."

Comment: Lame article (Score 1) 180

by Sloppy (#47500367) Attached to: The Almost Forgotten Story of the Amiga 2000

Clicked (thought submitter screwed up the link and linked to a page that links to the article, rather than linking to the article), expecting to find a story about a forgotten A2000: maybe someone walked into an office in 2014 and saw that one was in use. Or someone knocked down a wall in 2014 and found one bricked up but still powered up. Instead, found a page telling everyone what A2000s are. Duh. Where's the "forgotten" part? All that I can tell that was forgotten, is that the writer forgot his elementary school spelling and punctuation lessons.

Comment: Re:if you've voted R or D... (Score 1) 202

Nonsense. For example, if you voted for Ross Perot, you're directly responsible for the Republicans losing the White House.

That's silly - exit polls showed more Perot voters would have otherwise voted for Clinton than for Bush.

Either go back to your government as intended; that is to say, without political parties, or accept the fact that there are, in fact, political parties, and change your government setup to work with that.

That right there, though, is some good stuff.

Comment: Re:For those that don't know: (Score 2) 112

by bill_mcgonigle (#47495757) Attached to: Domain Registry of America Suspended By ICANN

ICANN always argued that regulation / enforcement / policing of the registrars was not their job in response to complaints about many registrar's activities

Even if the activities are illegal (statute or Common Law)? If not ICANN, than who else? This is one of the problems with giving ICANN a monopoly.

"60 day hold/no registrar transfer period" after you renew your domain or change the name of any of your WHOIS contacts

Is that not disclosed in their Terms of Service or is it more like, "big boobs on TV so I didn't bother to read the agreement"?

Not saying it's not scummy, but scummy and fraud are different. If it's not in their ToS but they do it anyway, it's probably illegal as unlawful holding of property (some courts in some jurisdictions have recognized domains as property). Regardless, experienced ski instructors usually advise you're gonna have a bad time if you register with GoDaddy.

Comment: Re:Generations before us (Score 4, Insightful) 203

by bill_mcgonigle (#47494329) Attached to: Apollo 11 Moon Landing Turns 45


Great generation defeated Nazis, landed on the moon; Baby Boomer generation built Internet and tackled racial and gender issues. What are we doing other that building surveillance state and wealth inequality?

We're trying to deal with the surveillance state and the wealth inequality that was produced by the system the "Greatest" generation created. Likely several generations will be required to dig out from under it.

Comment: tuned (Score 1) 159

by bill_mcgonigle (#47494095) Attached to: Linux Needs Resource Management For Complex Workloads

I don't have hard data yet, but I'm finding that EL7 is much much faster than EL6 on the same hardware for the workloads I've tried so far.

I don't know that tuned is most responsible, but I can see that it's running and that's what it's supposed to do.

I realize that the kernel is better and perhaps XFS helps, but those alone seem insufficient to realize the difference.

Anyway, it's somewhat along the direction people are talking about, even if only minimally.

Comment: Re:It's finally time to do it (Score 4, Insightful) 471

No, this is the old "Reefer Madness" mentality, meant to make happy both the Puritans and the prison profiteers while keeping the politicians in an elevated state of power.

What actually happens, and Portugal ran this experiment with a sample size of over 8 million people during the past decade, is that when drug use is decriminalized, the usage rate quickly falls to about half.

Most of those are people who are no longer afraid to seek treatment. Some are folks who wind up court-ordered to get treatment, and a few were drug users who were only doing it because drugs seemed cool because they were illegal.

At the end, though, the incontrovertible fact is that the community has half the number of drug users as it did under Prohibition. Prohibitionists are responsible for a doubling of the drug usage rate in the community. Does that seem counter-intuitive? So what? The data is in.

Neutrinos are into physicists.

Working...