Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment: Re:Sorry media (Score 5, Insightful) 162

by PvtVoid (#48673029) Attached to: North Korean Defector Spills Details On the Country's Elite Hacking Force

Yeah, and global warming is faked by the left wing media, and vaccines are poison, and municipal water flouridation is a communist plot. Oh, and by the way, you don't really believe that you are anonymous here on /., do you?

Doubting the official line on the Sony hack is hardly the stuff of tinfoil-hat denialism. How's this for a scenario: (1) Garden-variety haxx0rz and/or a disgruntled employee steal a bunch of embarrassing files from Sony -- plenty of motive there -- and dump the files on the web. (2) Some moron in the media starts speculating that it has something to do with an idiotic movie about North Korea, and the echo chamber amplifies it as truth. (3) Haxx0rz, sensing an epic opportunity for lulz, play along with the feeding frenzy in the media with some crazy threats against screening the movie, then sit back and watch the fun as paranoia in the FBI and mindless nationalism in the population do the rest of their work for them.

Couldn't be.

Comment: Re: Good news! (Score 1) 225

by PvtVoid (#48670553) Attached to: Sony To Release the Interview Online Today; Apple Won't Play Ball

Comment: Re:who cares about plagiarism (Score 2) 53

by PvtVoid (#48575137) Attached to: Study of Massive Preprint Archive Hints At the Geography of Plagiarism

So you are saying that the only reason that people do anything is for recognition or money?

Are you?

No, I am saying that the people who have an interest in assigning credit for work are the people who provide funding and jobs, because they don't want to provide either funding or jobs to people who are not actually creating new ideas. These are also the people who pay for journal subscriptions, fund conferences and professional societies, and confer degrees.

As far as the people who do the research are concerned, very few of them would be able to continue doing research in the absence of funding. Do you think lab equipment, office space, and staff are free?

Comment: Re:who cares about plagiarism (Score 4, Insightful) 53

by PvtVoid (#48573593) Attached to: Study of Massive Preprint Archive Hints At the Geography of Plagiarism

Why does anyone need 'credit' for ideas?

Because it allows funding agencies, university tenure committees, etc. to determine which people are contributing useful new science to the world, and which people are dead wood sucking at the teat of an academic salary without creating anything useful to anybody.

Comment: Re:TFA Misunderstands the History (Score 4, Interesting) 103

by PvtVoid (#48542075) Attached to: Neglecting the Lessons of Cypherpunk History

It's not that cryptography has failed to bring us security, it's that the people have failed to make use of the available cryptography in the first place.

It's worse than that. As an artist friend of mine told me recently: "Ten years ago I used to wonder how people would respond to the massive loss of privacy represented by social media. Now we know: the only thing people actually worry about is that nobody is watching."

Comment: TFA Misunderstands the History (Score 5, Interesting) 103

by PvtVoid (#48541923) Attached to: Neglecting the Lessons of Cypherpunk History

TFA is correct that simply thinking that, because there is a zillion-bit crypto algorithm thrown into the communication stream, that everything is good and security is guaranteed. There are many, many attack channels that do not involve brute-forcing the crypto. Keyloggers, for example.

But this is silly:

Back in the 1980s and 1990s, a group of encryption mavens known as cypherpunks sought to protect individual privacy by making "strong" encryption available to everyone. To this end they successfully spread their tools far and wide such that there were those in the cypherpunk crowd who declared victory. Thanks to Edward Snowden, we know how this story actually turned out. The NSA embarked on a clandestine, industry-spanning, program of mass subversion that weakened protocols and inserted covert backdoors into a myriad of products.

In actuality, the crypto implementations promoted by cypherpunks were exactly those that made it difficult or impossible for such a program of mass subversion to take place. Remember that the height of the cypherpunk movement was when the Clinton administration was pushing hard, really hard, for the NSA-sponsored Clipper Chip, which was, in a nutshell, crypto subverted by design and mandated by law. We now know that when the spooks found that was politically impossible, they went ahead and did it anyway, in secret. But the cypherpunk tools, most notably PGP (and later GPG, when PGP sold out and went corporate). Hell, even look at /dev/random: when it was revealed that the NSA had actually, and pretty amazingly, undermined hardware random number generators on widely available chips, /dev/random was still just fine, because it treats all sources of entropy as potentially untrustworthy, including the chip.

The first lesson we should learn from the history of the cypherpunks is that trusting your crypto to a closed product is always, always a bad idea. That was the lesson then, and it is still the lesson now.

The second lesson is that crypto, like any security, is all about the threat model. In that light, should we reject the widespread adoption of end-to-end crypto in commercial products? Of course not. If Apple and Google implement crypto by default, it will make efforts to dragnet information exponentially harder, even if the crypto is imperfect. This is why the spooks are beating the drum against it: it closes off that one particular threat model, which they have come to rely on. It doesn't close off other kinds of attack, but so what?

The third lesson is that crypto, by itself, is not a panacea. Nobody ever said it was. The cypherpunk message was not that we can write PGP, declare victory, and walk away. The message was that privacy changes the relationship between the citizen and the state in beneficial ways, and that, in a technological society, we need to embrace technological means of increasing our privacy, in ways that cannot be controlled by the state.

Round Numbers are always false. -- Samuel Johnson