Forgot your password?
typodupeerror

+ - Ask Slashdot: After TrueCrypt->

Submitted by TechForensics
TechForensics (944258) writes "(Resubmitted because was not identified as "Ask Slashdot"

We all know the TrueCrypt story-- a fine, effective encryption program beginning to achieve wide use. When you see how the national security agency modified this tool so they could easily overcome it, you'll probably understand why they don't complain about PGP anymore. The slip that showed what was happening was the information that NSA "were really ticked about TrueCrypt" either because they couldn't circumvent it or found it too difficult. From the standpoint of privacy advocates, NSA's dislike for TrueCrypt was evidence it was effective.

Next, NSA directly wrapped up the makers of TrueCrypt in legal webs that made them insert an NSA backdoor and forbade them from revealing it was there. It's only because of the cleverness of the TrueCrypt makers the world was able to determine for itself that TrueCrypt was now compromised. (Among other things, though formerly staunch privacy advocates, the makers discontinued development of TrueCrypt and recommended something like Microsoft Bitlocker, which no one with any sense believes could be NSA – hostile. It then became logically defensible, since NSA was not complaining about PGP or other encryption programs, to posit they had already been compromised.

This is the situation we have: all of the main are important encryption programs are compromised at least in use against the federal government. Whether NSA tools are made available to local law enforcement is not known. This all begs the question:

Does the public now have *any* encryption that works? Even if we can see the source code of the encryption algorithm the source code of the program employing that algorithm must be considered false. (TrueCrypt was the only program NSA complained about.) In the case of other software, it becomes believable the NSA has allowed to be published only source code that hides their changes, and the only way around that may be to check and compile the published code yourself. Half the public probably doesn't bother.

Okay, Slashdot, what do you think? Where do we stand? And what ought we to do about it?We all know the TrueCrypt story-- a fine, effective encryption program beginning to achieve wide use. When you see how the national security agency modified this tool so they could easily overcome it, you'll probably understand why they don't complain about PGP anymore. The slip that showed what was happening was the information that NSA "were really ticked about TrueCrypt" either because they couldn't circumvent it or found it too difficult. From the standpoint of privacy advocates, NSA's dislike for TrueCrypt was evidence it was effective.

Next, NSA directly wrapped up the makers of TrueCrypt in legal webs that made them insert an NSA backdoor and forbade them from revealing it was there. It's only because of the cleverness of the TrueCrypt makers the world was able to determine for itself that TrueCrypt was now compromised. (Among other things, though formerly staunch privacy advocates, the makers discontinued development of TrueCrypt and recommended something like Microsoft Bitlocker, which no one with any sense believes could be NSA–hostile. It then became logically defensible, since NSA was not complaining about PGP or other encryption programs, to posit they had already been vitiated.

This is the situation we have: all of the main or important encryption programs are compromised at least in use against the federal government. Whether NSA tools are made available to local law enforcement is not known. This all begs the question:

Does the public now have *any* encryption that works? Even if we can see the source code of the encryption algorithm the source code of the program employing that algorithm must be considered tainted. (TrueCrypt was the only program NSA complained about.) In the case of other software, it becomes believable the NSA has allowed to be published only source code that hides their changes, and the only way around that may be to check and compile the published code yourself. Half the public probably doesn't bother. (Would it not be possible for the NSA to create a second TrueCrypt that has the same hash value as the original?)

Okay, Slashdot, what do you think? Where do we stand? And what ought we to do about it?"

Link to Original Source

Comment: Re:Just threw in random ST reference (Score 5, Informative) 133

by Jake Dodgie (#43857443) Attached to: Space Diving: Iron Man Meets Star Trek Suit In Development

Re just in case nobody want to read this they actually did a bit of research

From the article..
So where have we seen this before? If you are a Trekker, you will remember the scenes from 2009's Star Trek (The Future Begins) where James T. Kirk, Hikaru Sulu and Chief Engineer Olson performed a space dive to the Narada's drill platform. They jumped from a shuttle craft above planet Vulcan wearing high tech suits and used parachutes to land on the rig. “Super” Trekkers will also know about the space dive scene cut from the 1998 Star Trek Generations movie and the holodeck simulated "orbital skydiving" in Star Trek Voyager (Episode 5x03), also in 1998.

So more than just a headline reference to suck in the readers.

+ - Perpetual Motion Test Could Amend Theory of Time

Submitted by tocs
tocs (866673) writes "Nobel Prize-winning physicist Frank Wilczek wants to a build a perpetual motion machine . The concept uses Time Crystals, the idea that crystals can be extended into the fourth dimension, built of calcium ions to demonstrate the concept. If successful it might not lead to boundless energy but we could end up with machines that outlive the universe."

Comment: Vmware Player or Virtual Box (Score 1) 3

by Jake Dodgie (#41928487) Attached to: Ask Slashdot: Which virtual machine software for a beginner

Vmware Player or Virtual Box are both good starting points on a Windows host, they are free and relatively easy to get started with and use.
Reliability wise they are fine but Virtual Box seems a bit slower and doesn't really give you an upgrade path like VMWares product line.
Unless you are looking to eventually upgrading to a MS Server 2008 based Hyper-V system I wouldn't bother starting off with Microsoft's Virtual-PC/XP-Mode product.

I have no experience with Xen, so can't comment on it, but I'm sure someones else will.

Comment: The Celeb may not know whats happening. (Score 1) 6

by Jake Dodgie (#41700699) Attached to: Advice Wanted: Celebrity Stepping on the Little Guy

Keep in mind that depending on how big the celeb is, they may have no idea that this is even happening.

If you really are a fan hand it over for reasonable cost, ie your costs for domain registration, but make it clear that you feel hurt and unappreciated by the celeb and would like to know if they are aware of how they have been represented by their lawyer.

If they have pissed you off and you're no longer feeling fannish then post the letter on the site, outline your grievances, post the celbs name and links to the site here on slashdot and others and let the Streisand Effect loose in all its glory, THEN hand it over for reasonable cost, ie your costs for domain registration.

So... did you ever wonder, do garbagemen take showers before they go to work?

Working...