Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment: Re:Not my findings (Score 1) 262

by IamTheRealMike (#48947635) Attached to: The NSA Is Viewed Favorably By Most Young People

So, now you have strong evidence that the people you talk to are not representative of America as a whole.

I would not put it that way. I'd say we have strong evidence that opinion polling can easily result in confusing or apparently contradictory results. The first sentence of the linked blog post has an air of mild surprise about it, and not surprisingly - when polled, 75% of Americans disagree that their government is trustworthy all or most of the time, yet they view most departments favourably? That makes little sense.

Something else doesn't make much sense. This result can easily be read as "people approve of what the NSA is doing". That must be what favourable means, right? Yet this very same polling agency has found a year ago that a majority of Americans oppose NSA practices. It's possible things have changed in the span of 2014, but other polls frequently return contradictory results too. This one by the Washington Post says, in the same set of questions, most people think monitoring all online activity to prevent terrorism isn't worth it, but monitoring all phone calls is. Why the difference?

At any rate, it's certainly true that the civil liberties wing of western societies has done a really appalling job of explaining to people why this sort of behaviour by governments is so risky, and Americans don't have recent local experience to fall back on. Unlike, say, people in former Soviet bloc countries, or Germans.

Comment: Re:In other news... (Score 1) 262

by IamTheRealMike (#48947567) Attached to: The NSA Is Viewed Favorably By Most Young People

TFA is actually covering opinion polls relating to several government agencies, but in typical Slashdot form, TFS only focuses on the NSA section, because that will be more inflammatory.

.... or maybe, just of more interest to a tech/geek focused site? I guess the NSA is a lot more relevant than the VA, especially to non-American slashdotters like me.

The poll isn't very surprising given its consistency with previous polls, but that doesn't change the fact that the attitudes of Americans don't seem to be very internally consistent or easily explainable. Either American people are just strangely illogical or there's some subtle issue with the polling method (or both?). The big question mark this survey leaves hanging is why trust in government is at an all time low (along with falling trust in most institutions), yet iterating specific parts of the government yields mostly favourable views. This is such an odd result that the very first sentence in the poll writeup says:

The public continues to express positive views of many agencies of the federal government, even though overall trust in government is near historic lows.

Yes, indeed. The public does A even though B. How strange.

The way the poll works means there's little information that can be used to explain this. Perhaps the 8 departments they chose to ask people about aren't the reason people distrust government. Perhaps their distrust falls exclusively on Congress, or on the judicial branch. We can't tell from this result alone.

Another possibility is that the wording of the poll - although superficially neutral - does trigger bias. The question was "do you trust the government in Washington always or most of the time?". People might be distinguishing between "the government in Washington" and "other bits of the government", e.g. the NSA is not actually in the city of Washington whereas Congress is. Ditto for various other departments and especially the military which does a great job of spreading itself around the country.

My final thought is that people might be more naturally inclined to take out their dissatisfaction on Congress than on the executive branch, because getting mad at Congress feels like it might achieve something due to voting, whereas getting mad at the NSA is about as useful as getting mad at a brick wall. They answer to no one and can't be controlled, so it's a lot more comfortable if you can convince yourself they're on your side rather than not.

Comment: Re:Government Intervention (Score 2) 474

We had plenty of choices for dial-up too, what we lacked particularly in the UK was free local calls, that made modem calls expensive compared to the US. Since then everything has been going our way.

However, the issue of free vs metered local calls hasn't been relevant for a long time. I don't think government intervention is a great explanation either, given that the UK telecoms network was privatised.

For large parts of Europe I think there's a simpler explanation - a combination of population density and more regional competition with ISPs. Whereas in the USA you have a handful of nationwide ISPs. There's no equivalent of Verizon or Comcast in Europe that serves the entire continent.

Comment: Re:Security is a process ... (Score 3) 46

There will -always- be flaws. However, part of a company selling security is how they respond to issues, and here, BlackPhone has performed quite well. There was a problem, they fixed it, and that is what matters.

I agree that how a company handles incident response is important and the BlackPhone guys have apparently handled this well.

However, there are several things that are troubling about this story which lead me to not trust BlackPhone and question the security experience of the people designing it.

The first thing we notice about this exploit is that the library in question appears to be written in C, even though it's newly written code that is parsing complex data structures straight off the wire from people who might be attackers. What is this, 1976? These guys aren't programming smartcard chips without an OS, they're writing a text messaging app that runs on phones in which the OS is written in Java. Why the hell is the core of their secure messaging protocol written in C?

The second thing we notice is that the bug occurs due to a type confusion attack whilst parsing JSON. JSON?! Yup, SCIMP messages apparently contain binary signatures which are base 64 encoded, wrapped in JSON, and then base64 encoded again. A more bizarre or error-prone format is difficult to imagine. They manage to combine the efficiency of double-base64 encoding binary data with the tightness and simplicity of a text based format inspired by a scripting language which has, for example, only one kind of number (floating point). They get the joy of handling many different kinds of whitespace, escaping bugs, etc. And to repeat, they are parsing this mess of unneeded complexity .... in C.

Compare this to TextSecure, an app that does the same thing as the BlackPhone SMS app. TextSecure is written by Moxie Marlinspike, a man who Knows What He Is Doing(tm). TextSecure uses protocol buffers, a very simple and efficient binary format with a schema language and compiler. There is minimal scope for type confusion. Moreover, the entire app is written in Java, so there is no possibility of memory management errors whilst trying to read messages crafted by an attacker. By doing things this way they eliminate entire categories of bugs in one fell swoop.

So yes, whilst the BlackPhone team should be commended for getting a patch out to their users, this whole incident just raises deep questions about their design decisions and development processes. The fact that such a bug could occur should have been mind-blowingly obvious from the moment they wrote their first line of code.

Comment: The game mechanics depend on the worst players (Score 1) 79

by UpnAtom (#48921779) Attached to: Inside the Largest Virtual Psychology Lab In the World

The more one of your players dies, the stronger the other team gets. It often literally is that player's fault you lose.

I'm trying to get S2 to reduce that effect because it heavily limits the effect of your own play -- making it approach a game of chance, rather than skill.

Transportation

Engineers Develop 'Ultrarope' For World's Highest Elevator 247

Posted by Soulskill
from the for-when-super-rope-just-doesn't-cut-it dept.
HughPickens.com writes: Halfway up the Shard, London's tallest skyscraper, you are asked to step out of the elevator at the transfer floor, or "sky lobby," a necessary inconvenience in order to reach the upper half of the building, and a symptom of the limits of elevators today. To ascend a mile-high (1.6km) tower using the same technology could necessitate changing elevators as many as 10 times. Elevators traveling distances of more than 500m [1,640 ft] have not been feasible because the weight of the steel cables themselves becomes so great. Now, after nine years of rigorous testing, Kone has released Ultrarope — a material composed of carbon-fiber covered in a friction-proof coating that weighs a seventh of the steel cables, making elevators of up to 1km (0.6 miles) in height feasible to build.

Kone's creation was chosen to be installed in what's destined to become the world's tallest building, the Kingdom Tower in Jeddah, Saudi Arabia. When completed in 2020, the tower will stand a full kilometer in height, and will boast the world's tallest elevator at 660m (2,165ft). A 1km-tall tower may seem staggering, but is this the build-able limit? Most probably not, according to Dr. Sang Dae Kim. "With Kingdom Tower we now have a design that reaches around 1 km in height. Later on, someone will push for 1 mile, and then 2 km," says Kim. He adds that, technically speaking, 2 km might be possible at the current time. Anything higher would require new materials and building techniques.

Comment: 16-bit? (Score 1) 158

by UpnAtom (#48919419) Attached to: Opera Founder Is Back, WIth a Feature-Heavy, Chromium-Based Browser

From what I remember of what one of the Devs said, part of Opera's layout engine was 16-bit and this caused a lot of rendering issues which had to be hand-fixed.

Allegedly, it was too difficult to rewrite. Additionally, with Google et al writing new standards for the web, it was just too much work to use a non-Chrome rendering engine.

I like uh... Opera 27. I'm not keen on the Look & Feel of Vivaldi so far but if they can make it flexible enough to do want I want (or support Chromium extensions), I'll switch.

+ - White House Drone Incident Exposes Key Security Gap

Submitted by HughPickens.com
HughPickens.com (3830033) writes "The Washington Post reports that the intrusion by a recreational drone onto the White House lawn has exposed a security gap at the compound that the Secret Service has spent years studying but has so far been unable to fix. Commercial technology is available that can use a combination of sensitive radar and acoustic trackers to detect small drones, though coming up with an effective way to stop them has been more elusive. "To do something about the problem, you have to find it, you have to track it, you have to identify it and you have to decide what to do with it,” says Frederick F. Roggero. “But especially in an urban environment, it would be tough to detect and tough to defeat kinetically without shooting it down and causing collateral damage.” Most recreational drones, like the one that crashed Monday, weigh only a few pounds and lack the power to do much harm. Larger models that can carry payloads of up to 30 pounds are available on the market and are expected to become more common. The FAA imposes strict safety regulations on drones flown by government agencies or anyone who operates them for commercial purposes. In contrast, hardly any rules apply to people who fly drones as a hobby, other than FAA guidelines that advise them to keep the aircraft below 400 feet and five miles from an airport. “With the discovery of an unauthorized drone on the White House lawn, the eagle has crash-landed in Washington," says Senator Charles Schumer. "There is no stronger sign that clear FAA guidelines for drones are needed.""

Comment: Re:Good Luck! You'll Need It! (Score 2) 282

by IamTheRealMike (#48912451) Attached to: EFF Unveils Plan For Ending Mass Surveillance

This is very true. However, WhatsApp appears to be a counter-example. They are deploying full end to end encryption and instead of ads, they just ..... charge people money, $1 per year. WhatsApp is not very big in the USA but it's huge everywhere else in the world.

The big problem is not people sharing with Facebook or Google or whoever (as you note: who cares?) but rather the last part - sharing with a foreign corporation is currently equivalent to sharing with its government, and people tend to care about the latter much more than the former. But that's a political problem. It's very hard to solve with cryptography. All the fancy science in the world won't stop a local government just passing a law that makes it illegal to use, and they all will because they all crave the power that comes with total knowledge of what citizens are doing and thinking.

Ultimately the solution must be two-pronged. Political effort to make it socially unacceptable for politicians to try and ban strong crypto. And the deployment of that crypto to create technical resistance against bending or breaking those rules.

Comment: Re:Everyone back up a step... (Score 4, Insightful) 465

That's not what the second link says is happening though.

My reading of the second article is that there is the following problem. Website G2A.com allows private re-sale of game keys, whether that's to undercut the retail prices or avoid region locking or whatever is irrelevant. Carders are constantly on the lookout for ways to cash out stolen credit card numbers. Because fraudulent card purchases can be rolled back and because you have to go through ID verification to accept cards, spending them at their own shops doesn't work - craftier schemes are needed.

So what they do is go online and buy game activation keys in bulk with stolen cards. They know it will take time for the legit owners of the cards to notice and charge back the purchase. Then they go to G2A.com and sell the keys at cut-down prices to people who know they are obtaining keys from a dodgy backstreet source, either they sell for hard-to-reverse payment methods like Western Union or they just bet that nobody wants to file a complaint with PayPal saying they got ripped off trying to buy a $60 game for $5 on a forum known for piracy and unauthorised distribution.

Then what happens? Well, the game reseller gets delivered a list of card chargebacks by their banks and are told they have a limited amount of time to get the chargeback problem under control. Otherwise they will get cut off and not be able to accept credit card payments any more. The only available route to Ubisoft or whoever at this point is to revoke the stolen keys to try and kill the demand for the carded keys.

If that reading is correct then Ubisoft aren't to blame here. They can't just let this trade continue or it threatens their ability to accept legitimate card payments.

The biggest difference between time and space is that you can't reuse time. -- Merrick Furst

Working...