Become a fan of Slashdot on Facebook


Forgot your password?
Last Chance - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Comment Re:pfsense (Score 2) 403

The worry isn't the new processes. It's the systemd process itself. I'll grant that having systemd pre-reducing privileges is better than expecting the daemon process to reduce privileges on its own. At what point will running systemd without networking be essentially non-optional due to widespread community adoption? I feel many of the worries of the parent of your post are still valid.

Comment Re:Again... (Score 1) 278

Let's not forget that the Snowden documents are now a year and a half old. A year and a half ago, everyone thought the ciphers and protocols were good enough. Fast forward to the eve of 2015 and we know better. We have a new sense of what is state of the art. We know not to use ciphers with static keys that could be subject to subpoena requests and so on a so forth. I'm not so naïeve to believe that new ciphers will stop them in their tracks. The still have incredible resources to draw upon. We just have new speed bumps.

Comment Re:If only PJ was still running groklaw! (Score 1) 173

I suspected it was last straw. She was looking for an excuse.

That said, however, lawyers in good standing enjoy a legal privilege of being able to discuss matters with clients in confidence and be able to withhold those discussion from the government. If you can't communicate privately the privilege is eviscerated.

Perhaps she wasn't so much worried about herself than the confidential sources she used?

Comment Re:Embedded Systems (Score 1) 641

And don't forget to ask what language was that high level language written in?
Ruby - written in C
Erlang - written in C
Node.js - written in C with a few x86 and ARM assembler bits
Perl - written in C
Python - written in C

And the truly mind-numbing one: GNU C compiler - written in C.

Comment Re:Locking USB... (Score 4, Informative) 97

Lock Switch? Then you don't understand the problem. The problem is that in many USB Flash are two chips: a computer and memory. The host PC communicates with the USB controller and the controller talks to the memory. Most controllers are just a version of the 8051 CPU with USB logic bolted on. The lock switch would be a high-level function that returns an error on a generic block device write command. Hacking the USB device isn't hacking the flash memory, it's hacking the firmware on the 8051. The Device Firmware Update function of USB that allowed that 8051 computer to be reprogrammed should be disabled.

Comment Re:Folks.... (Score 2) 185

For example: Hong Kong Post Root; DoD Root CA 2; Federal Common Policy CA; Staat der Nederlanden Root CA - Any of these CA can mint a certificate for ANY website.

Keep in mind that any sufficiently powerful nation is better served sending lawyers rather than hackers. Step One: All it takes is to send a court ordered warrant with gag-order to get the private key for "Go Daddy Root Certificate Authority - G2". Step Two: Mint certificates

We should do two things. 1) Browsers should also start displaying the root CA. If I go to Google and I know it's Google because "Autoridad de Certificacion Raiz del Estado Venezolano" says so, I'd be suspicious. 2) Fix the all or nothing problem. Somehow limit the domain scope of a CA. "Google Internet Authority G2" mints certificates for Google.Com. What's to keep them from minting one for

Comment Re:Breach (Score 1) 116

This technique works for data drives not boot drives: 100% full disk encryption. When you decommission the drive, decommission the encryption key. This technique also works with wear leveling SSD drives that might not always properly erase if you attempt to wipe the data.

Our informal mission is to improve the love life of operators worldwide. -- Peter Behrendt, president of Exabyte