Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Two options (Score 1) 425

by Erioll (#49143543) Attached to: Ask Slashdot: Old PC File Transfer Problem
I agree, find SOME way to get that onto a local network, and that will be BY FAR the easiest way to do things. Maybe dig up an old ISA 10Mbps card on Ebay or something, as the original poster suggested if you can't find a suitable PCMCIA card.

And combining with something said above, it's not difficult to find a usb->serial port device/cable (it's not just pin-out, so it's a device, not merely a cable). Pretty cheap. Same with a null-modem cable. Both together should run you in the range of $20-$40 or less. Then hook it directly up to whatever computer you want that has a USB cable, and get a terminal emulator (plenty available) and transfer.

It CAN be done, but I'm with the parent that windows file sharing via ethernet is going to be the fastest by far.

Comment: Re:What it really reveals (Score 1) 112

by danheskett (#49134623) Attached to: TrueCrypt Audit Back On Track After Silence and Uncertainty

True, you didn't built everything from source, but you were happy enough that everything traced back to "the" sources to make you feel secure. That's a lot more protection than anything from a commercial vendor, who probably just sold you formulaic encryption without any extra work to make you feel secure. Your data would have been more secure, if not actually secure, but you'd have felt it less, because really you have no way of knowing. So without somebody taking the extra time to make you feel secure, you naturally wouldn't feel it very much, if at all.

The problem is that there is no conceivable way to do what you are saying. It involves compromising or proxying disparate traffic, expertly.

And then, after all that, it would involve rooting an otherwise secure installation that is barely network connected, and using that to inject what, defects into the right sources so that the resulting binaries are weak or exploitable?

I agree that the NSA, CIA, and FBI have extraordinary capabilities, but the attack vectors that have thus far been revealed are the same attack vectors that security researchers have known and published for a long time - firmware, obscure libraries that are often used but seldom examined, zero-day exploits of popular software, mathematical flaws in encryption implementations, and physical security and chain of custody.

All of which is to say, the basic landscape of the threat has not changed much in 20 years. It is sophisticated, but as always, a strong layered defense and strong procedures and policies will minimize the possible impacts, exploits, and severity of breaches (if they occur in the first place). There are few things more secure than a well maintained GNU/Linux or OpenBSD box running in the wild.

Comment: Re:Operating at 20W gives zero improvement. (Score 1) 112

by 0123456 (#49129005) Attached to: AMD Unveils Carrizo APU With Excavator Core Architecture

Except if you bothered to watch the video linked above for actual in-game performance testing (NOT synthetic benchmarks), you'll see that most of the time Intel is neck and neck with AMD - not "smoking" them.

Is this the lame old 'look! If I run a game that's GPU-limited, my AMD machine is just as fast as that Intel machine that costs twice as much!' nonsense?

AMD fanboys have been doing that for years when they can't find any legitimate way to beat Intel.

Comment: Re:Watches (Score 2, Interesting) 140

by Jhon (#49124947) Attached to: Pebble Time Smartwatch Receives Overwhelming Support On Kickstarter

"I freed myself from wearing a watch about 10 years ago. No longer having the familiar restraint around my wrist has made me feel free. I much prefer a phone in the pocket to a phone on my wrist."

And I felt the same way -- until I started wearing a pebble. I like keeping my phone in my pocket rather than taking it out 50+ times per day to see if an email or text is trivial or not.

Comment: Re:Facts not in evidence (Score 1) 400

by daveschroeder (#49122177) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

Your (and my, and any individual citizen's) personal interpretation of the Constitution is not the measure. It is the interpretation and implementation by our three branches of government. I realize that some reading this believe they have all been compromised, or that they think some particular thing is "obviously unconstitutional" (even though the judicial, legislative, and executive branches say otherwise), but the fact is we have the system of government we have. So how about you consider the alternative: one where you don't assume that everyone working at every/any level of government, e.g., NSA, doesn't have the worst motivations and is actually trying to do their best to honorably, legally, and Constitutionally, protect our nation and its people instead of the opposite. How about that?

Comment: Re:Facts not in evidence (Score 1) 400

by daveschroeder (#49121915) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

If you would actually like to have a discussion, I am more than happy to engage. I have articulated these views (not on this specific topic, of course) long before I ever served in uniform, and they have nothing to do with a "paycheck" -- in fact, it's the inverse: the reason I chose to serve is because of my personal desire to do what I can to support things I believe in, and believe are important for our nation and my family and fellow citizens, not the other way around. Yes, our system of government is imperfect...grossly so -- but I choose to support it over any and all alternatives, warts and all. (And that is not to say that there are not things that cannot be improved.)

And again -- and I sincerely mean this -- if you are actually serious about engaging in a dialogue, I am happy to.

Comment: Re: Drop your weapon... (Score 1) 318

Doesn't matter. What matters is why the officers understand they've been dispatched to the scene, and what they believe they're seeing when they arrive.

Obviously you're able to tell a real gun from a replica at a distance while someone waving it around, but most people can't, including cops, until they have it in hand, personally. You might be comfortable risking other people's lives by making them assume that all guns are toys until they've been shot at, but people who actually do have, as a feature of their daily job, other people assaulting and trying to kill them, probably wouldn't want you armchairing on their behalf.

The solution? Actual thinking parents not sending their kid out into public to act stupid with a replica gun. To teach a kid that when they see a cop car rolling up, to perhaps consider not looking crazy and waiving said replica gun around. This is a 100% lapse on the part of parents and a completely crappy position for the cops to have been put in. I know that you would be safe, because you would omnipotent and know, from a distance, that the replica gun wasn't real, and that if it was real, the universe's special karma system would protect you from the laws of physics because you are A Better Person Than Cops Are, and bullets wouldn't be able to hurt you.

Comment: Re:Actually, ADM Rogers doesn't "want" that at all (Score 1, Flamebait) 400

by daveschroeder (#49121645) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

Yes, where to even begin...

Do you realize that over 70% of FOREIGN internet traffic enters, traverses, or otherwise touches the US?

Do you understand that an individualized warrant is required to target, collect, store, analyze, or disseminate the communications content of a US Person anywhere on the globe, and that the current law on the issue is stronger and more restrictive with regard to US Persons than it has ever been?

Do you understand that the FOREIGN communications we are going after are now intermixed with the communications of the rest of the world, including that of Americans?

Do you understand that when terrorists use Gmail, Facebook, Yahoo, WhatsApp, Hotmail, Twitter, Skype, etc. etc. etc., or Windows, or Dell computers, or Android phones, or Cisco routers, and so on, that there is no technical distinction between your communications and theirs, yet -- surprise -- we still would like to access those communications, and have legal, policy, and technical frameworks to do so, even if you have not personally inspected them yourself?

If you are a US citizen, and not covered by any warrant, no one cares about your communications. And almost by definition, no foreign intelligence agency (NSA, CIA, DIA) remotely gives a shit about your communications, and would greatly prefer to avoid it altogether, unless you have some kind of connection with foreign intelligence targets -- in which case any collection or monitoring of your communications would require an individualized warrant from FISC or another court of competent jurisdiction. I realize you think this isn't the case, and that all of your communications are being mined and monitored (illegally, no less), and since proving a negative is impossible, I won't be able to help in that regard.

Comment: Re:Actually, ADM Rogers doesn't "want" that at all (Score 1, Informative) 400

by daveschroeder (#49121505) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

No. The trigger for this isn't that companies are holding's that users have data, and the NSA wants to force the companies to keep/get access their users data even if the company doesn't want to, so that the NSA can access it also. This is a *very* different proposition. If Apple doesn't want to hold its user's data, why should the NSA force them to just so that the NSA can read it? That seems to be the NSA's problem, not Apple's.

And? NSA may "want" a lot of things. That doesn't mean they are going to get it. But if a US-based company is holding encrypted data to which they also have access, you had damned well better believe the government is going to seek access to that data if it is supported by law. If companies want to take the direction of removing themselves from the encryption picture altogether, that is their prerogative. And guess what? There are other technical ways to get that data, such as before it's encrypted in the first place.

Saying "encryption" does not make the data magical, but it also doesn't entitle the NSA to special treatment. If they can break it, fine. If they can't, there is no valid reason for me to make it easy for them.

No, there isn't. And I didn't say there is. I was stating a set of facts, as are you. See? We can talk like adults.

Do we really believe that the US is the only one who has the "right" to access any backdoor/golden-key/whatever? That's absolute nonsense. If the US forces Apple, Google, MS, etc to build key escrow into their devices so that the NSA can read the data on them, then that key will be used by every government on the earth. If you really believe that the NSA will manage to keep exclusive control of a master key for all encryption for a given major vendor, then I'm going to call you delusional. are completely misunderstanding my point. If you reread what I said, you will note that nowhere did I argue that anyone should build a backdoor for anything...but the fact is that some US-based companies DO have the ability to decrypt stored encrypted data, which they sometimes do for any variety of reasons, and, if when those services are storing the foreign communications of adversaries of the United States, which they are, then we should have a legal framework that allows access to said data. That is all.

Arguing for a master key -- which is what you THINK ADM Rogers is arguing for, but actually isn't -- is antithetical to the security interests of the United States, our people, our military, our intelligence community, and anyone else who requires secure communications in any form. But if you have already formed your conclusions, that is fine. What ADM Rogers is arguing for is a legal framework for data access of entities that operate within and under a US legal construct...and if there is encrypted data present that the data holder cannot access, that is just the way it goes. But as you know, there a number of ways to access the contents of what is ultimately encrypted data without breaking the encryption...ways that are as old as this decades-old discussion.

And we are going to seek those ways, and I will say something that is offensive to many slashdotters' sensibilities: if you support the principles that you claim to -- things like freedom, of speech, of choice, of anything else -- then you should support the abilities of one of the strongest powers in the world at actually, materially, and in reality (not in your little internet fantasy) of actually protecting and projecting those ideals. Actually judging the actions of the US Intelligence Community based on facts, to say nothing of having some perspective on history and reality beyond what self-styled internet tech-libertarians tell you, would be helpful also.

Comment: Re:Actually, ADM Rogers doesn't "want" that at all (Score 1) 400

by daveschroeder (#49121335) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

The point is the exact reverse of what you are saying.

This is not about whether the Germans or Japanese should have incorporated "backdoors" that any external entity would have required.

This is about the fact that US adversaries, today, as you and I speak, are using the EXACT SAME systems, networks, devices, services, OSes, and encryption standards and protocols, as you and I and innocent Americans and many others in the world. THAT is the issue...does this fact put those communications off limits?

Please. Your comment proves just how deep the misunderstanding of this situation actually is.

Comment: Re:Actually, ADM Rogers doesn't "want" that at all (Score 0) 400

by daveschroeder (#49121297) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

Good for you. And if you are a non-US person outside the US (which covers about 99.9% of the communications that foreign intelligence agencies -- key word being foreign -- actually care about) engaged in activity that is a national security threat to the US, as defined by the valid mechanisms (even if you personally disagree with those mechanisms) that democratic nations such as the US develop, then we will try to access your communications. I don't see how this is possibly shocking. Shocking, perhaps, if you are a US adversary, or someone who believes that it's all an overarching plot by the US and other free Western nations to illegally access everyone's communications, especially that of their own citizens to solidify power, or serve corporate/elite/shadowy overlords, but otherwise...yeah, no.

Comment: Facts not in evidence (Score -1, Troll) 400

by daveschroeder (#49121239) Attached to: NSA Director Wants Legal Right To Snoop On Encrypted Data

1. "Secret courts". The Foreign Intelligence Surveillance Court is the very court whose sole purpose is protecting the rights of Americans under the law and the Constitution in the context of foreign intelligence collection. Secrecy is required for the conduct of foreign intelligence, even in free societies. That you may disagree with this does not invalidate this fact. That you may see 3-4 pieces of a 1000 piece puzzle and believe you have the full picture does not invalidate this fact.

2. "Spying on everyone". Not sure what you mean, but if you could possibly be referring to metadata collection, that has been affirmed by a Supreme Court ruling that is 35 years old.

And if even the US Supreme Court ultimately renders the phone metadata collection "unconstitutional", it won't mean that it was unconstitutional, or even is unconstitutional at this very moment. The program, to date, is factually lawful and constitutional as the law and existing case law stand -- even including Judge Leon's ruling, which he himself immediately stayed, and was countered by another federal ruling of the same standing.

What an unconstitutional finding would mean is that things aren't the same as they were in 1979: that, with the rise of digital communications and the ability to track not one, or dozens, but hundreds of millions of call records easily, and because large amounts of metadata can often reveal as much private information about a person as communications content, the balance now runs afoul of the reasonableness doctrine of the Fourth Amendment.

And that would be a perfectly valid finding...which does not in the least impugn NSA's purpose or motives. It is not NSA's job to second-guess the law, case law, both houses of Congress, two Presidents from opposite parties, the Attorneys General of said two Presidents, the courts, and the very court established explicitly to protect the rights of Americans under the law and the Constitution in the context of foreign intelligence collection.

It is NSA's job to conduct its missions as aggressively as possible within the law and its resource limitations. My personal prediction is that, because of the nature of modern digital communications, this kind of mass collection of metadata will be found to be unconstitutional. The interesting thing is that people who think it is "clearly" unconstitutional seem to think things are innately or inherently constitutional or unconstitutional, ignoring incredible and fantastic complexities that already exist in interpretations of the Fourth Amendment, to say nothing of the rest of the Constitution and Bill of Rights.

Things aren't magically constitutional or unconstitutional. They are so based on the application and interpretation of the law and the Constitution by the courts, even in the simplest of circumstances. Certainly basic rules applying to things like, say, vehicle or home searches are well-tested and the officials who implement them (e.g., local LEOs) are well-versed in these topics. But when there is a question, it is the courts that decide -- NOT individual peoples' whims, feelings, or opinions.

The current, indisputable fact is that phone call metadata, as a "business record" provided to a third party, does NOT have an expectation of privacy and is NOT covered by the Fourth Amendment. There is no gray area, and that case law, as embodied by Smith v. Maryland, applies just as easily to one phone call, as to 10, as to millions. Certainly in 1979 SCOTUS never imagined that this principle could be applied in a blanket fashion touching any American with a telephone; conversely, SCOTUS probably also never imagined that terrorists would plot devastating domestic attacks using our own communications systems within our own country.

In any event, it seems likely that bulk metadata collection will no longer be allowed, and NSA and the IC will simply figure out ways to do their jobs within the confines that our system of government prescribes. That's fine, and that is the way our system works. But for people to say that NSA is "obviously" breaking the law or that metadata collection is "clearly" unconstitutional -- when both are not only subjective, but provably false, statements -- is highly offensive to people who see the care that goes into these efforts, all of which are designed solely to protect our Nation and its people.

I have said it before, and I will say it again: adversaries of the United States, be they terrorists or nation-states, increasingly use the same systems, networks, services, providers, operating systems, devices, tools, encryption standards, and so on as Americans and much of the rest of the world. To have the "capability" to target the one necessarily implies the capability to target them all. The distinction is no longer the technology or the capability -- it is ONLY the target; the person on the other end. In a democratic society based on the rule of law, it cannot be the capability, but the LAW, that is paramount.

"All my life I wanted to be someone; I guess I should have been more specific." -- Jane Wagner