Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Comment: Re: Sorry, not corporate enough. (Score 3, Informative) 69

You're probably unaware that the GP specifically used 'HSBC' because they were caught laundering trillions of dollars of drug money and nobody was indicted.

He probably isn't unaware of that. He may well have actually read the indictment itself or a detailed summary of it, which made clear that the US case was very weak to the point of hardly working at all. In particular, not only did they fail to clearly establish that drug money was really moving (their case was "there is so much cash, some of it must be from cartels") but in particular they failed to show intent by HSBC execs to help drug cartels. Actually their case boiled down to HSBC didn't try hard enough, they weren't suspicious enough, etc. (I'm ignoring the Iranian transactions here which gets into issues of international jurisdiction, as you only brought up drugs).

The reason you think the are guilty is twofold. Firstly US anti money laundering laws are unbelievably extreme. The PATRIOT Act removed the need to have intent to be found guilty of money laundering. Bankers can now be found guilty of AML violations even if they genuinely tried hard and had no intent to break the law. Hence the accusations from the DoJ that were of the form "HSBC should have designated Mexico as high risk", etc. Secondly as part of the plea agreement HSBC had to act guilty and accept whatever the DoJ said about them. So you only heard one side of the story, the prosecutions side (except there was no court case). No surprises that you think the whole thing is cut and dried.

It's no crime to be ignorant of such things, but just try not to hold any policy positions on the subject.

Given that there was never any court case and HSBC was never able to defend themselves, pretty much everyone is ignorant in this case because we never heard the full story. But I'm pretty sure if DoJ had emails from HSBC execs that looked like the ones from BitInstant there would indeed have been prosecutions.

Comment: Re:Under US Jurisdiction? (Score 1) 281

No but if you got a government request for your keys you'd know about it.

The government "request" would come in form of customised malware and you'd never even know you got hacked.

If google gets such a request you wouldn't know you were compromised.

You aren't gonna know, no matter what.

It isn't like they are sending l33t hackers to break in and get the data.

Schmidt isn't an idiot, despite how the press like to portray him via selective quoting (note that TFA does not provide much context for this quote). When he says Google is the safest place to put your data, he's probably comparing Google to other companies that provide similar services, not some hypothetical fully self hosted system - bearing in mind self hosting of email is rapidly going the way of the dodo even in business situations (it died for home email a long time ago).

Given that Yahoo still have not fully deployed SSL everywhere let alone encrypted their internal datacenter links, and if Microsoft have a similar effort they aren't talking about it, there's some evidence that he might be right. After all, if you get a government warrant for your data you're just as stuck as Google is: not much you can do about it. On the other hand, you are unlikely to secure your infrastructure as well as Google does.

Comment: Re:Under US Jurisdiction? (Score 1) 281

But Google makes money from targeted advertising

Google makes significant sums of dough from paying corporate customers who use Google Apps. These clients can switch off advertising if they like. These are also the places where some of the most sensitive data is stored.

So Google have both the financial means and incentive to solve the end to end crypto problem for such clients. The difficulty is not financial. It's technological. Matching even just the feature set of Gmail with end to end crypto is insanely hard, and that's before you hit the "everything is a web app" problem.

Comment: Re:Under US Jurisdiction? (Score 2) 281

The point of forward secrecy is there are no such keys to seize. The "master keys" are only used for identification, not encryption. So whilst a gov could theoretically seize Google's keys, this does not help them decrypt wire traffic. They'd have to do a large MITM attack, and to get everything? They'd have to decrypt and forward ALL Google's traffic. Not feasible.

Good use of applied cryptography means that realistically the only way for a government to get data out of it means requesting it specifically from the providers. In places where the warrant system has been vapourised (which certainly includes the USA and UK), this might not seem like much, but it does help prevent fishing expeditions.

Comment: Re:Interesting, but ... (Score 1) 150

by JanneM (#48607289) Attached to: Want To Influence the World? Map Reveals the Best Languages To Speak

Great idea! Now we all only need to agree on which language to standardize on. I'm sure that worldwide discussion will be calm, focused and productive. Please post the results here in the thread once it's been decided.

I suggest Swedish. It's just about equally well known by almost everybody in the world, so nobody is starting out with an unfair advantage. I get a lifetime gig teaching Swedish to everybody. And you get umlauts! Win-win.

Oh, and by "suggest" I of course mean "absolutely demand or I will refuse any part of this scheme".

+ - Kawa 2.0 supports Scheme R7RS

Submitted by Per Bothner
Per Bothner (19354) writes "Kawa is a general-purpose Scheme-based programming language that runs on the Java platform. It combines the strengths of dynamic scripting languages (less boiler-plate, fast and easy start-up, a REPL, no required compilation step) with the strengths of traditional compiled languages (fast execution, static error detection, modularity, zero-overhead Java platform integration).

Version 2.0 was just released with many new features. Most notably is (almost) complete support for the latest Scheme specification, R7RS, which was ratified in late 2013. This LWN article contains a brief introduction to Kawa and why it is worth a look."

Comment: Re:Here come the certificate flaw deniers....... (Score 3, Informative) 80

by IamTheRealMike (#48564187) Attached to: New Destover Malware Signed By Stolen Sony Certificate

In practice, a certificate is nothing more than a long password

Fail. A certificate contains a public key. This is nothing like a password. You're thinking of a private key. The whole point of a certificate is that you can prove your identity to someone without sending them your password.

Unlike the password in somebody's head or even on a sticky note behind the monitor, these certificate files can often be stolen remotely!

Double fail. Firstly, nobody actually steals certificates. Certificates are public. When someone says something was signed with a "stolen cert", what they actually mean is "stolen private key the public part of which is contained in a certificate signed by a trusted third party", but that's a mouthful, so we simply and say "stolen cert".

Secondly, private keys can and absolutely should be protected with a password! Or they can be kept in special hardware. However, as you may have noticed, Sony got pwned pretty hard so presumably whatever private key was stolen either had no password, or they were able to just keylog the password when it was used.

These people are a joke.

The joke is on you ..... certificates are not a replacement for passwords and if you think they are, you didn't understand what they're used for.

Comment: Re:I use Unity. It's OK. (Score 1) 125

by JanneM (#48559313) Attached to: Unity 8 Will Bring 'Pure' Linux Experience To Mobile Devices

I pretty much agree. I'm an old-time Unix and Linux user, but Unity works pretty well for me. It mostly manages to get out of the way of my work - the single most important feature of any desktop - and things such as the single menu gives me vertical space for another line or two worth of visible code.

There are some real irritants. The window/app switcher has never gotten the distinction right (and I don't think it's possible), and the quick search misses things it should find. But these are smaller irritants on a desktop that does what it should do - be invisible unless I explicitly need any of it.

Comment: Re:Culpability? (Score 1) 180

by IamTheRealMike (#48547237) Attached to: Uber Banned In Delhi After Taxi Driver Accused of Rape

More news (seems this story is unfolding right now) - apparently the driver did NOT have a prior conviction for rape at all, but in fact had only been arrested due to an accusation. So it seems that the first possibility was the correct one, and there's really nothing that could have been done here (unless you believe anyone should be able to ban anyone else from being a taxi driver for life with nothing more than an accusation).

Comment: Re:Culpability? (Score 3, Informative) 180

by IamTheRealMike (#48546953) Attached to: Uber Banned In Delhi After Taxi Driver Accused of Rape

W.R.T background checks, someone on Twitter has found a photo of a notarised police certificate stating the guy has no criminal record. So either whoever reported he has one is lying, or the police verification process in India is as unreliable as people say it is.

Regardless, I expect it will make little difference in the court of public opinion.

Comment: Re:Culpability? (Score 1) 180

by IamTheRealMike (#48546871) Attached to: Uber Banned In Delhi After Taxi Driver Accused of Rape

If that is the case, and the guy came up clean but yet still went on to do X, how is Uber any more culpable than a taxi company hiring a cabbie with no record, who subsequently goes out and does X, or a tour company hiring a bus driver with a spotless background, who nonetheless does X?

They aren't. But it seems like there's a new trend in town - when a foreign tech company could potentially have guessed that someone using their service might potentially have done something bad, they're automatically at fault. See: Facebook and Lee Rigby in the UK.

In this case, the logic seems fairly simple - the guy apparently had a prior conviction for rape, thus, should not be allowed to be a taxi driver. If Uber had checked then the rape wouldn't have happened (assuming it did). The problem is the guy's prior conviction was also for raping someone in a taxi cab, so obviously this isn't a solution to all such problems because there's always a first time. Another problem is that I've read India doesn't actually have a national conviction database system, indeed they barely have a coherent national identity scheme at all (I remember reading about programmes to try and introduce biometric identity nationwide to fix this but it's a huge job). Apparently the way you do a background check is walking in to the local police district office and asking. If the crime happened elsewhere, tough luck. For anyone who knows the real situation in India, I'd be interested to know if this is true.

Anyway, even with reliable background checks, you can quickly end up in a situation like the USA where former felons cannot get jobs anywhere (see recent /. story about this problem), and then you get rules like in Europe where former convictions get wiped from the record after a few years to stop that happening, so there are no solutions that make everyone happy.

Comment: Re:So why no neural interface? (Score 2) 56

by JanneM (#48510649) Attached to: Stephen Hawking's New Speech System Is Free and Open-source

"we've got monkeys that have rapidly learned to control a robotic arm using only signals from a tiny cluster electrodes in their brain,"

"rapidly" and "control" are very much relative terms in this case. And note the "in their brain" - you need to implant an electrode array to get good, reliable signals. With monkeys you can do it to half a dozen animals and hope than one or two get a fully working implant. And the array has to be working for a few months or so. With a human patient you need to get it right every time, and the array has to be viable for a decade at the very least.

Comment: Re:Who cares (Score 0) 216

by IamTheRealMike (#48500059) Attached to: How the Rollout of 5G Will Change Everything

you think they put in the caps because they dont have enough bandwidth coming from their towers? you, sir, are sadly mistaken. they do it for one reason. PROFIT.

Do you think radio spectrum is an infinite resource?

Mobile networks absolutely have capacity constraints, often very complicated ones that exist in multiple dimensions or vary by region. But that'd be too complicated for people to deal with, so we end up with an approximation of 1 or 2 GB/month. Which by the way is very standard across the developed world. In Switzerland most carriers are also providing this sort of quota and there are several competing, with a new (UPC) just entering the market now. They are all doing roughly the same thing, although I'm sure they could hoover up customers by offering a lot more bandwidth for the same price. For what most users are doing on the move 1G is currently enough and giving everyone lots more quota would simply result in a small number of people doing craploads of torrenting or downloading multi-gigabyte operating system updates over the air instead of over wires.

You can sum up this situation as "PROFIT!!!1!" if you like, but in reality the market is just optimising for resource usage - building more towers and more backhaul and more core routing capacity so a tiny number of users can chew up 10 GB/month instead of 1 GB/month is just not a good use of limited resources.

Still, bandwidth quotas have gone up over time as technology improved. Remember the days when 3G was new? I wrote a J2ME app back then and we counted every last byte.

"Any excuse will serve a tyrant." -- Aesop