Forgot your password?
typodupeerror

+ - Ask Slashdot: After TrueCrypt->

Submitted by TechForensics
TechForensics (944258) writes "(Resubmitted because was not identified as "Ask Slashdot"

We all know the TrueCrypt story-- a fine, effective encryption program beginning to achieve wide use. When you see how the national security agency modified this tool so they could easily overcome it, you'll probably understand why they don't complain about PGP anymore. The slip that showed what was happening was the information that NSA "were really ticked about TrueCrypt" either because they couldn't circumvent it or found it too difficult. From the standpoint of privacy advocates, NSA's dislike for TrueCrypt was evidence it was effective.

Next, NSA directly wrapped up the makers of TrueCrypt in legal webs that made them insert an NSA backdoor and forbade them from revealing it was there. It's only because of the cleverness of the TrueCrypt makers the world was able to determine for itself that TrueCrypt was now compromised. (Among other things, though formerly staunch privacy advocates, the makers discontinued development of TrueCrypt and recommended something like Microsoft Bitlocker, which no one with any sense believes could be NSA – hostile. It then became logically defensible, since NSA was not complaining about PGP or other encryption programs, to posit they had already been compromised.

This is the situation we have: all of the main are important encryption programs are compromised at least in use against the federal government. Whether NSA tools are made available to local law enforcement is not known. This all begs the question:

Does the public now have *any* encryption that works? Even if we can see the source code of the encryption algorithm the source code of the program employing that algorithm must be considered false. (TrueCrypt was the only program NSA complained about.) In the case of other software, it becomes believable the NSA has allowed to be published only source code that hides their changes, and the only way around that may be to check and compile the published code yourself. Half the public probably doesn't bother.

Okay, Slashdot, what do you think? Where do we stand? And what ought we to do about it?We all know the TrueCrypt story-- a fine, effective encryption program beginning to achieve wide use. When you see how the national security agency modified this tool so they could easily overcome it, you'll probably understand why they don't complain about PGP anymore. The slip that showed what was happening was the information that NSA "were really ticked about TrueCrypt" either because they couldn't circumvent it or found it too difficult. From the standpoint of privacy advocates, NSA's dislike for TrueCrypt was evidence it was effective.

Next, NSA directly wrapped up the makers of TrueCrypt in legal webs that made them insert an NSA backdoor and forbade them from revealing it was there. It's only because of the cleverness of the TrueCrypt makers the world was able to determine for itself that TrueCrypt was now compromised. (Among other things, though formerly staunch privacy advocates, the makers discontinued development of TrueCrypt and recommended something like Microsoft Bitlocker, which no one with any sense believes could be NSA–hostile. It then became logically defensible, since NSA was not complaining about PGP or other encryption programs, to posit they had already been vitiated.

This is the situation we have: all of the main or important encryption programs are compromised at least in use against the federal government. Whether NSA tools are made available to local law enforcement is not known. This all begs the question:

Does the public now have *any* encryption that works? Even if we can see the source code of the encryption algorithm the source code of the program employing that algorithm must be considered tainted. (TrueCrypt was the only program NSA complained about.) In the case of other software, it becomes believable the NSA has allowed to be published only source code that hides their changes, and the only way around that may be to check and compile the published code yourself. Half the public probably doesn't bother. (Would it not be possible for the NSA to create a second TrueCrypt that has the same hash value as the original?)

Okay, Slashdot, what do you think? Where do we stand? And what ought we to do about it?"

Link to Original Source

+ - Open-Source Blu-Ray Library Now Supports BD-J Java->

Submitted by Anonymous Coward
An anonymous reader writes "Updates to the open-source libbluray, libaacs, and libbdplus libraries have improved the open-source Blu-ray disc support to now enable the Blu-ray Java interactivity layer (BD-J). The Blu-ray Java code is in turn executed by OpenJDK or the Oracle JDK and is working well enough to play a Blu-ray disc on the Raspberry Pi when paired with the VLC media player."
Link to Original Source

+ - Explicit Photos Were Often Shared at N.S.A->

Submitted by ememisya
ememisya (1548255) writes "“In the course of their daily work they stumble across something that is completely unrelated to their work, for example an intimate nude photo of someone in a sexually compromising situation but they’re extremely attractive,” he said. “So what do they do? They turn around in their chair and they show a co-worker. And their co-worker says: ‘Oh, hey, that’s great. Send that to Bill down the way.’ ”

The article also states Britain is often used as test grounds for privacy violation.

"... because in Britain the respect for individual privacy, he said, 'is not strongly encoded in law or policy.'

Because it has fewer restrictions, British intelligence platforms 'are used as a testing ground'""

Link to Original Source

Comment: LOOOOOONG overdue (Score 1) 113

by WCMI92 (#47496015) Attached to: Domain Registry of America Suspended By ICANN

This bunch of assholes has been sending fake renew notices to my company and to my clients for years. I've of course caught them and prevented people I work for from falling for it.

They never should have been allowed to act as a registrar, and it shows the corruption of ICANN that they weren't kicked in the balls years ago.

+ - NSA Admits Retaining Snowden Emails, no FOIA for US press->

Submitted by AHuxley
AHuxley (892839) writes "The http://thedesk.matthewkeys.net... reports on a FOIA request covering "... all e-mails sent by Edward Snowden"
Remember how Snowden should have raised his concerns with his superiors within the NSA?
Remember how no such communication could be found?
Remember how one such communication was released but did not seem to be raising direct concerns?
Well some record of e-mail communications seems to exist but they are exempt from public disclosure under the federal Freedom of Information Act."

Link to Original Source

+ - In New Zealand The Right To Silence And Presumption Of Innocence Are In Danger->

Submitted by cold fjord
cold fjord (826450) writes "The New Zealand Herald reports, "Fundamental pillars of the criminal justice system may be eroded whichever party wins the election this year, as both National's and Labour's proposals would look into changing the right to silence or the presumption of innocence in rape cases. Both major parties claim the current system is not upholding justice for victims, and are looking at changes that would effectively make it easier for prosecutors to obtain convictions. National wants to explore allowing a judge or jury to see an accused's refusal to give evidence in a negative light, while Labour wants to shift the burden of proof of consent from the alleged victim to the accused.""
Link to Original Source

Comment: My CFL lifetime depends on where they were bought (Score 1) 278

by Change (#47432777) Attached to: My most recent energy-saving bulbs last ...

I've bought a number of Feit Electric CFLs from Costco, and get at least a few years of regular use out of them. However, whenever I've bought the same brand from various local hardware stores (both mom-n-pop and big brand stores) I've had them fail within a few months. I'm not sure what's up with that, but that's my experience. I have yet to try any LED bulbs due to the up-front cost and the long life I'm getting out of my CFLs, and I have no use cases where dimming is necessary.

Comment: External yes, cards no (Score 1) 502

At work I have a HiFiMeDIY Sabre Tiny USB DAC ($30) as my work laptop's internal audio is full of noise (hissing that changes with system activity).
At home, my gaming machine uses its onboard audio interface, but sends digital audio out via SP/DIF to my home theater receiver for its DAC and amplifier.
I even have an external sound interface for ham radio use, a Tigertronics SignaLink USB that's just an external ADC/DAC with some filtering and isolation which interfaces with my radio for digital modes (such as PSK31 or RTTY).

Comment: Re:Key Point Missing (Score 2) 34

by NewYorkCountryLawyer (#47234405) Attached to: Appeals Court Finds Scanning To Be Fair Use

The summary misses a key point. Yes they scan and store the entire book, but they are _NOT_ making the entire book available to everyone. For the most part they are just making it searchable.

Agreed that it's not in the summary, but as you correctly note, it's just a "summary". Anyone who reads the underlying blog post will read this among the facts on which the court based its opinion: "The public was allowed to search by keyword. The search results showed only the page numbers for the search term and the number of times it appeared; none of the text was visible."

So those readers who RTFA will be in the know.

+ - Appeals Court finds scanning to be fair use in Authors Guild v Hathitrust

Submitted by NewYorkCountryLawyer
NewYorkCountryLawyer (912032) writes "In Authors Guild v Hathitrust, the US Court of Appeals for the Second Circuit has found that scanning whole books and making them searchable for research use is a fair use. In reaching its conclusion, the 3-judge panel reasoned, in its 34-page opinion (PDF), that the creation of a searchable, full text database is a "quintessentially transformative use", that it was "reasonably necessary" to make use of the entire works, that maintaining maintain 4 copies of the database was reasonably necessary as well, and that the research library did not impair the market for the originals. Needless to say, this ruling augurs well for Google in Authors Guild v. Google, which likewise involves full text scanning of whole books for research."

Comment: Neat idea (Score 4, Informative) 25

by Change (#47206595) Attached to: Security DVR + iNet + X10 = Easy Home Automation (Video)
I saw this at Maker Faire, he's using an on-screen display generator to produce menus and output that you feed into a video input channel on the DVR, and it intercepts the DVR's RS-485 bus (used for pan-tilt-zoom control of cameras) to receive command input from the user. Pan down is parsed as next menu item down, pan right is "enter", etc. It's quite nifty. The menus are set up for individual X-10 or other commands, and you can even set up multi-event macros.

Programmers do it bit by bit.

Working...