Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:Wow. Talk about misreading, and missing the poi (Score 1) 95

Yeah, and guess what?

Smith v Maryland (1979) says that phone call records, as "business records" provided to a third party, do not have an expectation of privacy, and are not covered by the Fourth Amendment. And the only data within that haystack that we care about are the foreign intelligence needles. I know that's difficult to comprehend, but it's the law of the land, unless and until SCOTUS reverses that ruling. And they very well may.

Until that happens, "We're pretty aggressive within the law. As a professional, Iâ(TM)m troubled if I'm not using the full authority allowed by law." -- General Michael Hayden

Comment Re:Survey bias (Score 0) 86

I read TFA.

I especially liked the tear-jerker about the poor kid who started getting nosebleeds.

Mind you, I'm not really sure why the author thinks that the nosebleeds are in any way related to thyroid cancer (the girl in question was not mentioned as one of the 137).

I was also amused by the PhD who said "this isn't screening, it's real!". How the hell does he know? Did he actually go over there and examine patients or anything? And if he did, why wasn't that mentioned in TFA? Seems more likely he had a good sound-bite, so they ran with it in spite of him knowing nothing specific about the subject.

Comment Re:Survey bias (Score 1, Insightful) 86

Just so.

In the rest of the world, children do not routinely get several ultrasounds per year to check for thyroid cancer. Is it really suprising that we'd find much more of something we're looking Really Hard to Find?

So, I guess my real question is: Where's the control population that gets the same checks as the Fukushima population? And what's their rate of thyroid cancer?

Comment Re:Correct. Including the US government. (Score -1, Troll) 95

Here's your mistake, and the mistake of everyone who thinks the way you do:

You cherry-pick examples of abuse -- and that's exactly what it is, illegal abuse -- and extrapolate it, in your mind, to being a systemic problem. You imagine it's happening all the time, and that people just sit around at their desks looking up their friends, girlfriends, neighbors, and ex-spouses for fun.

You then cherry-pick completely unrelated, long-ago-condemned examples of things that happened decades ago under the Hoover FBI, which is about 180 degrees opposite from what NSA does for foreign intelligence, and before there was any semblance of anything that could remotely be called intel oversight, and pretend it's exactly the same.

Your mistake is that you think isolated examples of abuse are not isolated, without proof; then you believe that any such examples indicate what, to you, is obviously a systemic, widespread problem. Abuse will ALWAYS happen, and it will never stop. This is true at all levels of government, and anywhere a human being exists. The answer to that is oversight (something you also think doesn't exist, but is actually so overbearing and restrictive that if you could actually witness it, you wouldn't believe it), not removing any authority that "could" be abused, because then we would necessarily have to remove them all.

Yes, intentional abuse, unintentional abuse, simple mistakes, human or machine error, and all manner of things happen in intelligence work. And those errors are such a vanishingly small proportion of what NSA does that it is nearly zero -- and they are still taken seriously. In fact, this is one of the single most important things drilled into anyone doing foreign SIGINT, military or civilian, every single day. It's not some kind of a joke.

I hate to break it to you, but how things actually work might disappoint you if you think there is rampant abuse everywhere.

Comment Wow. Talk about misreading, and missing the point. (Score 0, Troll) 95

And there you have it ladies and gentlemen ... you have nothing to fear if you have nothing to hide.

No. That's not what I said, at all.

What I said was -- all arguments about crypto aside -- was precisely what I said:

If you're an American (or frankly, any innocent person) anywhere in the world who isn't an active member of a foreign terrorist organization or an agent of a foreign power, the Intelligence Community DOES NOT CARE ABOUT and actually DOES NOT WANT your data.

That is in no way, shape, or form akin to saying, "you have nothing to fear if you have nothing to hide." It is not making an argument that the government "should" have your data. It is saying that the Intelligence Community, in the form of the foreign intelligence agencies, does not want your data -- doesn't want to touch it, doesn't want to see it, doesn't want to read it, whether it's encrypted or not. And no, using crypto does not "make you a suspect". (And the FBI doesn't want the data of innocent people, either. What the FBI wishes for is a state of affairs where criminals for whom exist actual individualized warrants wouldn't be able to employ the digital equivalent of an impenetrable fortress, out of reach of the legitimate authority of enforcement mechanisms in a democratic society. But it may have to come to terms with that reality.)

If you believe you defend these things by undermining what they actually mean, then I'm afraid you don't deserve to have these things defended since you've already given up on them.

Talk about missing the point. You are basing your entire argument on a false premise, and false assumption of what you believe my argument to be; namely, that we should be giving up our rights in order to protect them. Not only am I not making that argument, I am making the precise opposite: that if you believe those rights are important, you need to understand that we can and do take steps to execute military and intelligence actions against our adversaries, whether they be terrorists or nation-states.

You crow about all these rights you think you and Americans, collectively, have "given up", when in reality, nothing substantive has actually changed (oh, I realize you think it's changed, and that you're living in a borderline police state). You believe your rights are being trampled, when you are, from a real and practical standpoint, more free while living in organized, civil society than any other people throughout history -- at least as free as is possible without living in a vacuum with no connection to humanity.

You hold out WWII codebreakers as heroes, practically idolizing them, and vilify the modern day equivalent, while ignoring the reality that US adversaries coexist in the same web of global digital communications as we do, utilizing the same devices, systems, services, networks, operating systems, encryption standards, and so on, and then act surprised when elements of the US government actually dare develop ways to exploit those systems, just because Americans also happen to use them -- totally misunderstanding the landscape.

This is exactly what I am talking about when I say people need to gain some perspective on history, or reality. Either would do.

Comment Correct. Including the US government. (Score 2, Insightful) 95

And two former DIRNSAs agree.

So does ADM Rogers -- except that every interpretation of various US officials' arguments on encryption wildly conflate multiple issues (such as domestic law enforcement, which can and does sometimes have a foreign intelligence connection, and foreign signals intelligence purposes), or utterly misunderstand the purpose, function, and targets of foreign intelligence.

Yes, I know you (not OP, the "royal you") think you know it all, because you have taken things you think of as "proof" utterly out-of-context with zero understanding about things like foreign SIGINT actually works, and have seen 3-4 unrelated pieces of a 1000 piece puzzle, with some of those pieces actually parts of different puzzles, and believe you have the full picture.

People continually and willfully seem to want to forget or ignore that actual, no-shit foreign intelligence targets also -- gasp! -- use things like iPhones, Gmail, Hotmail, WhatsApp, and so on. And, when foreign intelligence targets use these modes of communication, amazingly, we actually want to target them.

If you're an American (or frankly, any innocent person) anywhere in the world who isn't an active member of a foreign terrorist organization or an agent of a foreign power, the Intelligence Community DOES NOT CARE ABOUT and actually DOES NOT WANT your data. Sounds crazy and bizarre for foreign intelligence agencies to care about things like foreign intelligence, I know, but it's true. Weird!

I guess it's easier to believe that functioning democracies* all are constantly looking for ways to illegally spy on their own citizens who have done nothing wrong, rather than to believe that intelligence work in the digital age where the only distinction is no longer the physical location or even the technology used, but simply the target -- the person at the other end, is actually extremely complicated, and not fun.

* If you don't think the Western liberal democracies of the world are worth a shit, or laugh at the term "functioning democracies" when used in reference to the US, warts and all, that simply means you have lost all perspective of reality, and are part of the problem. And it will be to our peril, because there actually are governments in the world who do spy on their own citizens, and wherein the people don't have anywhere NEAR the level of freedoms we have, no matter how terrible you think we are. And guess what? It's our national security and intelligence apparatus that we use to defend ourselves. If you're now so jaded that you don't actually believe the US and its allies, and their principles, are something worth defending and fighting for, then everything I have said here means nothing to you anyway. Just be advised that your perception of history and reality is fatally skewed.

Comment Re:Cycle beating. (Score 1) 349

Ever hear someone say, "the don't make stuff to last anymore"?
Well now you know why (in part at least) stuff doesn't last as long as they used to.

When I was a kid, a brand new car, straight from the manufacturer was expected to last, oh, five years. Then you traded it in on a replacement.

Nowadays, I own three vehicles, none of which are younger than 12 years old. One of them could really use some new upholstery, but otherwise, I don't see a reason to replace any of them this decade. We'll see.

Comment Re:The system isn't very good (Score 1) 70

You realize this sort of attack was entirely expected, and that the system is engineered to withstand it, and did, trivially?

Expected, yes. Engineered to withstand - no. Bitcoin Core nodes accept as many transactions as they can with no memory limit until eventually they bloat up so much the operating system kills them. The official "solution" for this is to babysit your node and if you see it running out of memory, change a command line flag to make it ignore any transactions with lower than the given fee. Unfortunately of course, this also ignores all end user transactions paying lower than that fee as well.

I maintain a fork of Core called Bitcoin XT. It has a flag that lets you set a maximum number of transactions to keep in memory at once (and in a future version it'll change to be a max number of bytes, as that's the actual resource that's limited). The node will randomly remove a transaction from the pool to make room for a new one when out of space. As during an attack the memory pool is mostly full of spam, obviously this logic mostly involves kicking out spam to make room for {more spam, actual legit transaction} as opposed to just falling over and dying.

Comment Re: ZFS is nice... (Score 1) 268

But it's combined by the user at runtime, not by canocal. The GPL allows an end users to do this.

This is a way that people kid themselves about the GPL. If the user were really porting ZFS on their own, combining the work and never distributing it, that would work. But the user isn't combining it. The Ubuntu developer is creating instructions which explicitly load the driver into the kernel. These instructions are either a link script that references the kernel, or a pre-linked dynamic module. Creating those instructions and distributing them to the user is tantamount to performing the act on the user's system, under your control rather than the user's.

To show this with an analogy, suppose you placed a bomb in the user's system which would go off when they loaded the ZFS module. But Judge, you might say, I am innocent because the victim is actually the person who set off the bomb. All I did was distribute a harmless unexploded bomb.

So, it's clear that you can perform actions that have effects later in time and at a different place that are your action rather than the user's. That is what building a dynamic module or linking scripts does.

There is also the problem that the pieces, Linux and ZFS, are probably distributed together. There is specific language in the GPL to catch that.

A lot of people don't realize what they get charged with when they violate the GPL (or any license). They don't get charged with violating the license terms. They are charged with copyright infringement, and their defense is that they have a license. So, the defense has to prove that they were in conformance with every license term.

This is another situation where I would have a pretty easy time making the programmer look bad when they are deposed.

People are always available for work in the past tense.