Forgot your password?
typodupeerror

Comment: Re:Police legal authority (Score 1) 135

by IamTheRealMike (#48443435) Attached to: Judge Unseals 500+ Stingray Records

I know, the stingray is essentially a hacking tool. That makes you think though, why on earth is there a large wireless network carrying sensitive data without TLS (transport layer security), or encryption between the modem on the phone, and the carrier? Either the contents are not sensitive, or the carriers / cell phone manufactures are complicit or worse.. incompetent.

GSM dates to 1987. When it was created, the previous mobile telephony standard was analogue - you could listen in on calls just with a regular radio. There was a very small amount of digital signalling to the network, but the field of commercial crypto hardly existed back then and subscriber cloning/piracy was rampant. GSM introduced call encryption and authentication of the handset using (for the time) strong cryptographic techniques. It was very advanced. But it didn't involve authentication of the cell tower to the handset, partly for cost and complexity reasons and partly because a GSM base station involved enormous piles of very expensive, complex equipment that had to be sited and configured by trained engineers. The idea of a local police department owning a portable, unlicensed tower emulator was unthinkable, as the technology to do it didn't exist, and besides .... trust in institutions has fallen over time. Back then it probably didn't seem very likely police would do this because they could always just get a warrant or court order to turn over data instead.

When 3G was standardised, this flaw in the protocol was fixed. UMTS+ all require the tower to prove to the handset that it's actually owned by the network. Little is publicly known about how exactly Stingray devices work but it seems likely that it involves jamming 3G frequencies in the area to force handsets to fall back to GSM, which allows tower emulation.

The latest rumours are that the company that makes Stingrays has somehow found a way to build a version that works on 3G+ networks too called "Hailstorm", but it's dramatically more expensive and as mobile networks phase out GSM in the coming years police departments are having to pay large sums of money to upgrade. The whole thing is covered in enormous secrecy of course so it's unknown how Hailstorm devices are able to beat the tower authentication protocol. Presumably the device is either exploiting baseband bugs, or is using stolen/hacked/court-order extracted network keys, or it was built in cooperation with the mobile networks, or there are cryptographic weaknesses in the protocols themselves.

Comment: Can cell towers/protocols find & blacklist the (Score 1) 135

by swb (#48443301) Attached to: Judge Unseals 500+ Stingray Records

Is it possible for the existing cell network/protocols to identify "unknown" towers -- ie, those that appear in the spectrum but aren't known to be legitimate cell towers and somehow blacklist them to limit their functionality?

Do cell towers have a way of communicating to handsets which towers should be avoided or not used?

Comment: Gary Taubes spelled much of this out (Score 1) 222

by swb (#48443285) Attached to: Doubling Saturated Fat In Diet Does Not Increase It In Blood

...in "Good Calories, Bad Calories".

Some of it is historical -- prior to the Ancel Keys bad science about diet, it was a commonly held understanding that cutting carbohydrate consumption contributed to weight loss. Taubes cites numerous sources, some dating back hundreds of years. IIRC, even the science was trending this way before WWII but a lot of it was German-led science which the war lost and competitiveness from American scientists chose to bury.

The science behind insulin as the primary hormonal regulator of fat accumulation has been known since the 1960s.

Most troubling from Taubes' book is the weird politics of dietary science and how senior people who control funding for studies get wed to particular theories and hang on to them even when evidence doesn't support them, even suppressing promising science that tends to discredit these ideas.

Comment: Re:I bet Infosys and Tata are dancing in the stree (Score 1) 179

by swb (#48439615) Attached to: Obama's Immigration Order To Give Tech Industry Some, Leave 'Em Wanting More

I'm curious how more competition for entry-level or low skilled jobs helps African Americans. Their unemployment rate is nearly 14%, probably higher in lower age brackets. And given the school "achievement gaps" and lower education attainment for African Americans, these are precisely the jobs they need to work their way out of poverty.

Racism is a common argument for African American unemployment, but how does this stand up when the prime competitors for these jobs are non-white and in many cases marginal English speakers and functionally illiterate in English? Just who are these anti-African American, pro-Latino racists, anyway?

You could make the argument that African Americans don't get hired due to racist criminal justice policies which leave them with criminal records, but again I ask -- who are these people discriminating against African Americans with criminal records yet hiring illegal immigrants with false papers or whose "past" is essentially unavailable because their past is unobtainable in Mexico?

You could make an argument that African Americans don't want to or are incapable of work, but that argument is inherently racist. Their may be qualitative criticisms of entry level jobs (low pay, "jobs nobody wants") but if you buy that argument, then why do Latinos take those jobs? One variant explanation is that African Americans have some moral entitlement to better jobs (eg, due to past discrimination), but I'm not sure how that's supposed to work and the functional equivalent of this argument, affirmative action, hasn't worked and has been mostly discredited.

Comment: Re:Rape Apologetics Go Here (Score 1) 237

by swb (#48433447) Attached to: Swedish Court Refuses To Revoke Julian Assange's Arrest Warrant

IIRC, the rape setup was a squeeze play perpetrated by the maid and her accomplice. DSK was a habitue of sex clubs/prostitutes, making it seem not unlikely that his aristocratic privilege and sexual appetite would have led him to be vulnerable to that situation.

On top that, the idea of replacing the dollar with another currency was hardly some new idea, it's an idea that has floated around for a long time. It doesn't seem plausible that a conspiracy against one man would be enough to suppress this idea if it was actually a viable alternative. Euro market weakness and the risks of default in some Euro countries mostly rules out the Euro, the lack of Chinese transparency and currency manipulation rules out the Renminbi. Beyond those two alternatives, there aren't any global currencies with enough depth and market adoption able to replace the dollar.

Further, if dropping the dollar was a profitable idea, why wouldn't global markets just do it? I'm sure many countries would LOVE to stick it to Uncle Sam and our banks, but it seems like they like profitability even more.

Comment: Re:Here we go again (Score 1) 482

by gmhowell (#48430157) Attached to: As Amazon Grows In Seattle, Pay Equity For Women Declines

Do you know anything about running a business? In a service industry, people costs are often a huge portion of a company's overall costs. Minor changes in that structure can have major impact on the bottom line.

Even in traditional manufacturing jobs, where a large percent of the costs are tied up in capital and materials, a modest change in employee costs filters through. Just ask GM and Chrysler.

Comment: Re:Wrong Question (Score 1) 194

by macs4all (#48428953) Attached to: Is a Moral Compass a Hindrance Or a Help For Startups?

Actually, a lot of companies have a moral compass, even "evil" ones. I mean, do you consider Apple evil because they sue over patents?

Um, if it makes Apple "evil" to protect their IP from being directly ripped off by well-heeled competitors (cough, Samsung, cough), then I think you need to adjust your definition of "evil".

I mean, if you were the CEO of Apple, what would you have done in that instance? I mean, look at the Techcrunch article with the "Before iPhone" and "After iPhone" Samsung pictures. Tell me you wouldn't have been incensed, probably moved to litigation.

Comment: Re:"Getting whiter" (Score 2) 482

by swb (#48428289) Attached to: As Amazon Grows In Seattle, Pay Equity For Women Declines

You want a peaceful civilization? Encourage lots of different people to live next to each other.

Wow, I feel misinformed despite my NY Times subscription. You mean to tell me there's a war going on in 90+% white Scandinavia and I didn't know about it? Given how oppressive their governments are known to be and the complete absence of social welfare there, such barbarism I guess should be expected.

I'm especially glad to know that multiethnic regions like Africa and the Middle East are so peaceful and nonviolent, that must have been another article I missed out on.

Comment: Re:Capitalism does not reward morality (Score 1) 194

by macs4all (#48427957) Attached to: Is a Moral Compass a Hindrance Or a Help For Startups?

Morality is for the working class. If you want to succeed in a capitalist economy, it's better to be amoral.

Reminds me of a Book that has been around since the late 1970s (and still available on Amazon, I believe) :

"Why S.O.B.s Succeed And Nice Guys Fail In a Small Business"

No truer words were ever penned.

In fact, when writing physical checks to pay bills was the norm, and based on some ideas from that book, I would regularly fill-in pieces of the MICR OCR field-delimiters at the bottoms of my personal checks to delay their processing by the Federal Reserve Clearinghouse, I know it worked, because I would receive those checks back "re-striped" with new (no doubt manually-generated) OCR strips stuck on the bottoms of the check. It was usually good for a 3 to 5 business-day delay "float", while (I assume) the check got kicked-out of the automatic scanner, and routed to the "manual processing" pile. And, since my account wasn't debited until the check "cleared" this process, I avoided a non-sufficient-funds "bounce" fee, and the payor thought that I had paid "on time" (which I technically had).

I kept waiting to get a nasty letter from my bank or the Fed saying "quit it, or you're going to jail!", but I never did.

Comment: Re:FBI Director James Comey may not care. (Score 1) 93

by IamTheRealMike (#48427861) Attached to: WhatsApp To Offer End-to-End Encryption

it's all, once again, a lot of buzzwords, and zero security.

That's a bit unfair. Yes, any security system that tries to be entirely transparent cannot really be end to end secure, but nobody has ever built a mainstream, successful deployment of end to end encryption that lets you use a service even if you don't trust it. There are many difficult problems to solve here. Forward secure end to end encryption behind the scenes is clearly an important stepping stone, and OWS has said they will expose things like key verification in future updates. Just because they haven't done everything all at once, and solved every hard problem, does not mean it's just a lot of buzzwords.

No man is an island if he's on at least one mailing list.

Working...