Follow Slashdot stories on Twitter


Forgot your password?

Comment Re:.. visiting a web-site running as an onion ser. (Score 1) 37

Actually, when you configure a hidden service on Tor, you have a choice of where the traffic coming out of the tunnel will go. You can send it to any address on the host, or even to another host.

But it's easy to forget that isn't necessarily the best choice. And, worse, the Tor project's example configuration uses it.

It's actually usually better to run the server on a separate machine from the Tor process, anyway, for a lot of reasons.

Comment Fuck 'em (Score 1) 172

I've been running open WiFi for over a decade now, and I don't mean to stop. And the load is very low, by the way; I've only had one problem and was able to resolve that very quickly.

But if my connection is going to be loaded in any way by random people, I'll be damned if my ISP is going to get paid for it. I already pay them for that bandwidth.

Not that I'd ever use those particular ISPs anyway... one reason being that their contracts tend to try to tell me I can't run open WiFi.

Comment Re:No questions linger (Score 0) 78

That's dumb.

There are going to be spooks out there trying to subvert any major company. Probably spooks from more than one place. They will pressure the bosses. They will pressure peons without telling the bosses. They will penetrate. They will infiltrate. They will do it to everybody. That is what spooks do.

And they'll get success more or less at random. And that's on top of all the "organic" bugs they will find and exploit.

And people move between these companies all the time.

The strangest thing about this Juniper back door is how obvious it was. Maybe it was a rookie agent.

The lesson you need to take from this is that you can't really trust anything against certain adversaries unless you built it yourself. And then you can't trust the parts. So if the spooks are your worry, you'd better defend in depth and keep off the radar.

Comment Re:Why we need access to the *complete* set of cod (Score 1) 128

If you control a network interface, you can generally control the entire system, because those chipsets have DMA access to the internal memory of the rest of the computer. You may have to do some work to figure out how to find and corrupt the OS data structures, but you have access to everything.

If the owner of the system is very lucky, there'll be an IOMMU (without a back door) and the OS will have programmed that IOMMU to do something useful. But you can't rely on either, especially in embedded devices.

Also, the driver for that chip is very unlikely to be hardened against the chip sending back exploits. The driver will distrust the network data (and won't process them very much anyhow), but it's going to assume that, say, an offset in a chip register is a valid value.

Comment Re:This is really a regulatory problem (Score 1) 115

"using equipment long past their usable life span"

You realize that phrase is self-contradictory, right?

Windows XP and IE6 support SHA-2.

You realize that PC operating systems aren't the big problem, right?

users know the exact risks and are either working around them or living with them (and unlikely to be browsing Facebook anyway).

Facebook disagrees with your assessment of what people are using to browse Facebook, and is doing a lot of work to support those out of date systems.

Comment Re:This is really a regulatory problem (Score 1) 115

Actually yes. Hiding the costs is not OK and externalizing them is worse.

In this particular case, though, it might actually be cheaper to just upgrade all the affected devices than to screw around with some of the proposed workarounds. It's not free for, say, Facebook to come up with whatever weird fallback hack they're pushing. By the time you add up the costs of everybody having to deploy that kind of crap, it would almost certainly be cheaper just to fund somebody to fix most or all of the affected devices. It might or might not be hard to raise the capital to do that. But as it stands you can't do it anyway, because there are a bunch of other barriers in the way.

Comment This is really a regulatory problem (Score 0) 115

Manufacturers dump stuff on the market and never update it. Therefore poor people who can't afford to completely replace their devices can't use new crypto. Therefore either those people are screwed by being cut off, or the entire world is screwed by broken crypto. Note that this situation damages third parties.

The right answer is for governments to do their job and set some rules in the marketplace. I suggest these:

If you sell something, you are responsible for its software in perpetuity. You will release timely updates at no charge. When you stop releasing updates, even if it's been 50 years and even if the reason is that you're going out of business completely, you will unlock the devices and release full source code, documentation, and any necessary tool chain. You will also waive any IPR you have that might impede somebody else from releasing updates. And no, it is not enough to just let Grandma off in her village compile her own update; you have to let anybody who wants to distribute to her.

That's criminal law. If you don't do those things, those responsible for making that decision will go to prison. AND you will be civilly liable to anybody who's damaged by your failure.

Another possible item: If you own something and connect it to the Internet, you are civilly responsible for due diligence. Those updates the manufacturer provides? If you don't install them, and don't isolate the device properly, and your device gets used to hurt somebody else, you pay all their costs. Your un-updated phone got used to hack Intel? Hope you have liability insurance...

Comment Re:Can I bid on the cash cops seized without warra (Score 1) 63

I don't see where any of the items on the auction site actually link to their history. The only links like that are the couple of links that were in the news story.

You're going to have everything from the actual proceeds of crimes people were actually convicted of, to things closely related to such crimes, to stuff taken with criminal convictions, but under punitive statutes that are designed to confiscate basically all of somebody's property (and effectively impose unconstitutional excessive fines under a different name), to stuff taken under civil standards of evidence and procedure that don't remotely approach "due process".

How are you going to tell the difference?

Comment Re:Frosty (Score 1) 141

OK, I agree that having dealt with the problem is a good reason not to name them. Thank you for explaining.

But if they were systematically giving this information out to parents, how could the parents not have known about it?

If a university offered to give me that information on my kid, I'd suggest that my kid make their lives hell over it, and offer to fund the project.

Comment Re:Mass Murder (Score 1) 249

How would one go about that peacefully?

It wouldn't be easy in practice. Such distinctions are nonetheless extremely useful, because they let you tease out why you think something is wrong. And having that kind of understanding is important, because of real rhetorical tricks used all the time by real people in the real world.

It works like this: you find some word/concept that people equate with something they consider horrible. So you notice that people use "genocide" interchangeably with mass murder, mainly because the most mentally accessible examples of genocide are mass murder. Pretty soon everybody is happy to say genocide is horrible, because mass murder is horrible.

Then you quietly shift to using a different meaning of the word "genocide", one that might apply to some non-mass-murder activity you don't like. And you expect and desire the horrible associations to come along. You're trying to associate this other activity with mass murder.

At that point, it doesn't matter whether the other activity is likely to succeed at causing genocide or whatever. You can still claim that it's a tactic of genocide, or that it goes in the direction of genocide. You can rely on at least some people to mentally treat it like the "canonical" tactic of genocide, i.e. mass murder. It's very hard to avoid falling into that kind of connotational trap, because of the way human brains work.

For extra credit, you create the negative connotation, and then exploit it. You'll find people doing that all the time in political debates, switching back and forth between different meanings of the same word, at one point pumping up the negative associations, and at another point attaching them to something different.

All that matters, because rhetoric influences how people treat others and their behavior, up to and including outlawing things and reacting violently.

And this happens all the time with the word "genocide", specifically.

I remember a case where some rich person was funding voluntary sterilizations for poor people in the US. She wasn't forcing anybody. You had to come to her and ask for the money. I don't remember whether she provided any services for actually arranging the sterilizations. Her program disproportionately affected black people. She was therefore accused of genocide, or attempted genocide... and every attempt was made to trade on the association between that and mass murder.

That's not an isolated case. Do a Google search for "soft genocide", and you'll find a bunch of white supremacist loons claiming there's a conspiracy to wipe out whites. They're not so loony that they're actually accusing anybody of mass murder, but they are trading on the association of the word "genocide" with mass murder.

The tactic gets used by people with a certain amount of influence, too.

All of which means that, regardless of whether peaceful genocide is actually possible, it's important to keep it conceptually separated from the murderous variety.

Comment Re:Mass Murder (Score 1) 249

You know, I should know better than to respond to this sort of thing, but I will anyway.

Let's recap.

The post I was replying to claimed that the word "genocide" was defined in a very specific way, and alluded to certain countries having issues with including other things in that definition. Which makes it completely obvious that that post was referring to a formal definition arrived at in some treaty process, probably a UN one, since the UN has tons of conventions in that area and loves to make up definitions.

I pointed out that the word had an accepted meaning before that treaty negotiation (or whatever it was) ever started, and that the results of that negotiation didn't necessarily bind the rest of us to interpret the word in that way in ordinary discussions. The prior accepted meaning I was talking about was the one you mentioned, established by Lemkin's original use and the ensuing general discourse on the subject.

I did NOT say anything about the original etymology, only about people trying to redefine an existing word. Where the word and its meaning originally came from wasn't relevant, so I didn't talk about that. The point (actually a small side point) is that, wherever it came from, it had a meaning before "the USSR, Belgium, Sweden, and the Dominican Republic" (and whoever else) started trying to formalize it.

As I understand it, your source for the word is more or less correct, although in fact the Armenian genocide was not the only genocide that Lemkin had in mind, nor the only one he mentioned, nor even the first one he mentioned, when he first put the word out there. But, correct as it may be, your source is also irrelevant, because nobody, including me, was talking about the original source of the word.

For that matter, you seem to insinuate that I somehow suggested that the Armenian genocide wasn't genocide. I didn't do that. Read it again. For that matter, the person I was responding to didn't suggest it either. It's just plain not what we were talking about.

As long as we're giving each other advice, let me advise you to look at the whole context, read closely, understand what's being discussed, and think for 5 seconds before you type. It will make you look less stupid.

Comment Re:Turkey (Score 2) 249

“A war of extermination will continue to be waged between the two races until the Indian race becomes extinct.”
– California Governor Peter H. Burnett, January 1851

Source, with a shit-ton more similar quotes from politicians and leading citizens:

By the way, wiping people out has been pretty common in historical conquests in general. People only seem to have really even started feeling guilty about it in the last few hundred years.

Slashdot Top Deals

The herd instinct among economists makes sheep look like independent thinkers.